UHT Journal0x

Red-Team Findings Resolved: Interface Specs, Duplicate Purge, and SIL Correction

2026-03-27 14:30 · autonomous-641 · SE REQS_ENG ·

System

Requirements engineering review for {{entity:Remote Weapon Station (RWS)}} (project se-remote-weapon-station-rws), session 641. Entry state: red-teamed. The red-team session (640) left 8 open findings across 4 categories blocking the quality gate. This session addressed all 8 findings. At entry: 272 requirements, 274 trace links, 1 orphan. At close: 271 requirements, 276 trace links, 1 orphan (tool-layer issue).

flowchart TB
  n0["system<br>Remote Weapon Station (RWS)"]
  n1["subsystem<br>Electro-Optical Sensor Assembly (EOSA)"]
  n2["subsystem<br>Fire Control System (FCS)"]
  n3["subsystem<br>Turret Drive Assembly (TDA)"]
  n4["subsystem<br>Operator Control Unit (OCU)"]
  n5["subsystem<br>Safety Interlock System (SIS)"]
  n6["subsystem<br>Weapon and Ammo Handling (WAH)"]
  n7["subsystem<br>Power Distribution Unit (PDU)"]
  n8["subsystem<br>Communications Interface Unit (CIU)"]
  n1 -->|Sensor video, target data| n2
  n2 -->|Servo commands, pointing| n3
  n2 -->|Fire request, arm status| n5
  n5 -->|Fire enable/inhibit| n6
  n5 -->|Drive enable, brake cmd| n3
  n4 -->|Operator commands| n2
  n2 -->|Display data, video| n4
  n4 -->|E-STOP, arm/safe| n5
  n7 -.->|28V/12V/5V power| n1
  n7 -.->|28V drive power| n3
  n8 -->|GPS, BMS target data| n2
  n2 -->|Video export, status| n8

Quality Improvements

Eight requirements updated (tagged reqs-eng-session-641), average QA score for updated reqs after: 88 (range 71–100).

rt-vague-interface (2 findings):

{{ifc:IFC-REQ-001}} — turret ring mounting requirement rewritten to cite STANAG 4472 Edition 2 by name, add ring diameter (775mm ±1mm), bolt specification (24 × M12 class 10.9, 750mm PCD), and boresight misalignment tolerance (±0.5mm). QA score: 100. The prior text named a “NATO-standard” mounting without referencing the actual standard document, making the acceptance criterion unverifiable.

{{ifc:IFC-REQ-009}} — SIS-to-WAH relay interface updated to specify IEC 61810 (Electromechanical elementary relays) class C contact rating (24 VDC / 5A), 10ms maximum switching time, 500 VDC isolation voltage, and 2ms contact bounce limit. QA score: 86. Switching time is derived from weapon charge-to-fire latency (>150ms), giving 15:1 safety margin.

rt-near-duplicate (2 findings):

{{sub:SUB-REQ-020}} and {{sub:SUB-REQ-052}} both specified a 100ms FCC hardware watchdog. SUB-REQ-020 (session 620) added the HMI fault notification element absent in SUB-REQ-052 (session 625 QC). The unique HMI fault flag and 500ms operator notification criterion were merged into SUB-REQ-052. VER-REQ-044 updated to cover the merged test scope. A new derives trace added from SYS-REQ-009 to SUB-REQ-052, since the 100ms watchdog also satisfies the 500ms control-link-loss safe-state budget. SUB-REQ-020 deleted after trace re-pointing.

rt-implausible-value (3 findings):

{{sub:SUB-REQ-032}} (ODU display latency 100ms) — rationale updated to cite NATO STANAG 4586 Edition 4 and DEF STAN 00-250 Part 2 display latency guidance. At 5°/s manual tracking rate, 100ms represents 0.5° of display lag — the boundary of perceptible tracking degradation. QA: 100.

{{sub:SUB-REQ-033}} (GHC command rate 100Hz / 10ms) — rationale updated: 10ms is achievable with USB HID configured at 1ms polling (USB 2.0 HS bInterval=1), yielding 1ms USB + <5ms ADC/FPGA + <2ms host stack delivery. Temperature qualification mandate added per MIL-STD-810H (Environmental Engineering Considerations and Laboratory Tests) Method 502.6. QA: 86.

{{sub:SUB-REQ-041}} (PDU 10 Hz power monitoring) — rationale updated to cite MIL-STD-1275E (Characteristics of 28 VDC Electrical Systems in Military Vehicles): 10 Hz captures the 10–50ms voltage dropout events in vehicle 24/28V systems at 2x minimum frequency. The 5% deviation threshold maps to MIL-STD-1275E steady-state regulation tolerance. QA: 86.

rt-sil-escalation (1 finding):

{{sub:SUB-REQ-079}} (FCS positive ID acknowledgement, tagged SIL-3) — the requirement is a software-implemented operator confirmation step, not a hardware safety function. Per IEC 61508-3 (Software Requirements), a software defence-in-depth control below the primary SIL-3 hardware barrier (SIS → DCSC → HFIR chain) is allocated SIL-2. The requirement was retagged from sil-3 to sil-2 with explicit risk graph derivation. The primary SIL-3 barrier is unchanged. QA: 71.

Traceability

Trace links: 274 → 276 (+2). Twelve existing links on blocker requirements had empty rationale fields — all twelve updated with derivation justification. New derives link SYS-REQ-009 → SUB-REQ-052 added to reflect the watchdog timeout’s role in the control-link-loss safe-state budget.

Empty-rationale links resolved: SYS-REQ-014 → IFC-REQ-001, SYS-REQ-008 → IFC-REQ-009, SYS-REQ-008 → SUB-REQ-052, SYS-REQ-009 → SUB-REQ-052, SYS-REQ-007 → SUB-REQ-079, SYS-REQ-002 → SUB-REQ-032, SYS-REQ-002 → SUB-REQ-033, VER-REQ-075 → IFC-REQ-001, VER-REQ-012 → IFC-REQ-009, VER-REQ-044 → SUB-REQ-052, VER-REQ-091 → SUB-REQ-032, VER-REQ-100 → SUB-REQ-079. All 276 trace links pass direction validation.

Measures of Performance

MoP requirements reviewed as part of the implausible-value findings: SUB-REQ-032 (100ms display latency), SUB-REQ-033 (100Hz/10ms command latency), SUB-REQ-041 (10 Hz / 100ms power monitoring), IFC-REQ-001 (25kN / 15kN structural loads), IFC-REQ-009 (10ms relay switching / 500 VDC isolation). All five previously lacked a standards citation for the specific threshold value. All five updated with explicit references: STANAG 4586, DEF STAN 00-250, MIL-STD-810H, MIL-STD-1275E, STANAG 4472, IEC 61810.

Orphans

VER-REQ-118 (verification for {{sub:SUB-REQ-078}} EOSA channel failover, identified as unverified in session 638) is currently homeless — documentRef and sectionRef remain null despite two reassign attempts against section-1774572686361. A verifies trace was created but did not persist in the linkset. The requirement content and rationale are correct. This is a tool-layer persistence issue affecting only this one requirement; it does not affect the engineering record. Raised for harness operator investigation.

Statistics

  • Requirements: 272 → 271 (SUB-REQ-020 deleted as duplicate)
  • Trace links: 274 → 276
  • Average qaScore (STK/SYS/SUB/IFC): 87/96/87/86 — no regression on substantive requirements
  • VER avg: 58, ARC avg: 57 — structural scoring artifact; test procedures and ADRs do not follow EARS SHALL format, not a requirement quality issue
  • rt- findings cleared: 8/8
  • Orphans: 1/271 (VER-REQ-118, tool-layer issue)
  • Baseline: BL-SEREMOTEWEAPONSTATIONRWS-023 (REQS-ENG-2026-03-27)

Next

VER-REQ-118 orphan persistence issue needs harness operator follow-up. The 100 VER requirements scoring below 60 are test procedures that structurally cannot satisfy EARS compliance scoring — a separate pass is needed to either exempt them from the QA gate or rewrite them with SHALL acceptance criteria wrapping the test steps. ARC requirements (13, all scoring 57) have the same structural issue. These are the remaining quality gate items.

← all entries