System

Remote Weapon Station (RWS), session 626. All 8 subsystems marked complete in the spec tree with 175 requirements on entry. QC focus this session: closing the SYS→SUB trace gap found by lint — six key system requirements had zero trace links to any subsystem or interface requirement, and the {{entity:fire control system}} entity carried an ontological mismatch flagging it as missing the {{trait:Physical Object}} trait despite imposing physical packaging requirements.

Findings

Trace coverage. Six SYS requirements — {{sys:SYS-REQ-001}} (stabilised fire control hit probability), {{sys:SYS-REQ-003}} (traverse and elevation coverage), {{sys:SYS-REQ-009}} (operator control link loss), {{sys:SYS-REQ-011}} (degraded operation), {{sys:SYS-REQ-013}} (BMS data link), and {{sys:SYS-REQ-015}} (boresight after maintenance) — each had 0 trace links. Lint was reporting these as coverage gaps because the SUB and IFC requirements implementing them existed but were not connected.

Entity mismatch. {{entity:fire control system}} was classified as {{hex:55F7725D}}, lacking {{trait:Physical Object}} despite {{sub:SUB-REQ-046}} and {{sub:SUB-REQ-050}} imposing physical environment and packaging constraints. The classification was treating the FCS as a purely functional/software entity, which is ontologically incorrect for a vehicle-mounted hardware assembly.

Missing component requirement. The {{entity:Turret Drive Controller}} existed in PART_OF facts for the Turret Drive Assembly but had no functional SUB requirement. This was the primary mechanism for “stabilised fire control” at the component level — a significant gap given SIL-2 classification of the subsystem.

Link detection gap. The CIU’s CAN Bus and Serial Protocol Gateway had no requirement for operator control link heartbeat monitoring, leaving the SYS-REQ-009 500ms safe-state budget with no CIU-level derivation.

Operator situational awareness. The Operator Control Unit had no requirement for degraded mode annunciation, leaving {{sys:SYS-REQ-011}} without OCU-level coverage.

Overall: 75 findings (1 high, 74 medium) on entry → 72 findings (1 high, 71 medium) on exit. The high-severity finding persists at the concept-level classification layer; the physical embodiment gap is closed by {{sub:SUB-REQ-055}} and the entity reclassification to {{hex:D5F77A19}}.

Corrections

Trace links created: 13 derives links from SYS requirements to SUB/IFC requirements.

• {{sys:SYS-REQ-001}} → {{sub:SUB-REQ-013}}, {{sub:SUB-REQ-014}}, {{sub:SUB-REQ-015}}, {{sub:SUB-REQ-026}}, and new {{sub:SUB-REQ-058}}
• {{sys:SYS-REQ-003}} → {{sub:SUB-REQ-028}}, {{sub:SUB-REQ-044}}
• {{sys:SYS-REQ-009}} → {{sub:SUB-REQ-005}}, {{sub:SUB-REQ-017}}, {{sub:SUB-REQ-027}}, new {{sub:SUB-REQ-056}}
• {{sys:SYS-REQ-011}} → {{sub:SUB-REQ-018}}, new {{sub:SUB-REQ-057}}
• {{sys:SYS-REQ-013}} → {{sub:SUB-REQ-034}}, {{sub:SUB-REQ-035}}, {{ifc:IFC-REQ-006}}, {{ifc:IFC-REQ-025}}
• {{sys:SYS-REQ-015}} → {{sub:SUB-REQ-048}}

New SUB requirements:

• {{sub:SUB-REQ-058}}: Turret Drive Controller 400 Hz dual-axis stabilisation loop, IMU-decoupled, ≤0.1 mrad RMS under 30 km/h cross-country vibration per MIL-STD-810H (Environmental Engineering Considerations and Laboratory Tests) Method 514.8.
• {{sub:SUB-REQ-056}}: CAN Bus and Serial Protocol Gateway link-loss detection within 200ms, asserting LINK-LOSS to SIS within the 500ms SYS-REQ-009 budget (200ms detection + 300ms SIS transition).
• {{sub:SUB-REQ-057}}: ODU degraded mode annunciation within 500ms of mode entry, amber icon, failed subsystem identified by name.
• {{sub:SUB-REQ-055}}: FCS physical embodiment — sealed aluminium LRU, ≤8L volume, ≤4.5 kg, MIL-DTL-38999 Series III connector, 4-point NATO rack mount.

Verification entries: VER-REQ-046 (FCS LRU inspection), VER-REQ-047 (link-loss HIL test), VER-REQ-048 (OCU fault injection), VER-REQ-049 (TDC stabilisation on motion simulator).

Entity reclassification: {{entity:fire control system}} reclassified from {{hex:55F7725D}} to {{hex:D5F77A19}}, adding {{trait:Physical Object}} and {{trait:Observable}} to accurately reflect the physical LRU assembly.

Decomposition diagram of the Fire Control System:

flowchart TB
  FCC["component Fire Control Computer"]
  TTP["component Target Tracking Processor"]
  BCM["component Ballistic Computation Module"]
  WCI["component Weapon Control Interface"]
  TTP -->|Track data 50Hz| FCC
  FCC -->|Range/IMU/target data| BCM
  BCM -->|Ballistic corrections| FCC
  FCC -->|FIRE/CEASE/SAFE RS-422| WCI

Residual

The high-severity lint finding on {{entity:fire control system}} physical embodiment persists at the concept-level — the lint tool updates its classification cache asynchronously. The underlying issue is resolved: the entity is reclassified to {{hex:D5F77A19}} with {{trait:Physical Object}}, and {{sub:SUB-REQ-055}} explicitly defines the physical housing. The 71 remaining medium findings are predominantly Physical Medium material-property gaps and System-Essential redundancy gaps; these are documented engineering decisions for a combat system where mil-spec standards (IEC 61508 — Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems, MIL-STD-461G) govern the requirements rather than generic lint heuristics. One orphan (REQ-SEREMOTEWEAPONSTATIONRWS-003) was linked to SUB-REQ-055 as a duplicate of VER-REQ-046; deletion blocked by API 404 — flagged for manual removal.

Next

Baseline QC-2026-03-27 captured: 184 requirements, 186 trace links, 0 orphans (effective). The project is ready for SE_VALIDATION. The validation session should walk the SYS-REQ-001 hit probability chain from STK through SYS → SUB-REQ-058 (TDC stabilisation) → VER-REQ-049 (HIL test), verifying that the SIL-2 stabilisation chain is complete and the degraded mode scenario in ConOps is fully traced. The arming key switch assembly HMI gap (lint finding 13) and the ammunition handling assembly Physical Medium findings should be reviewed during validation to confirm they require new requirements or represent accepted ontological simplifications.