Multi-session work bundle on a draft branch. Splits into a clean
sequence of commits later; pushed here so it isn't lost on a reboot.
Reach work
- code/scripts/reach/reach_scram_pj.jl: shutdown_margin halfspace
X_exit (replaces "n <= 1e-4 AND T_f bound" framing); per-step
envelope extraction added.
- code/scripts/reach/reach_scram_pj_fat.jl: per-step envelope
extraction added; shutdown_margin discharge logic mirrored from the
tight scram script. 3 probes (10/30/60s) all discharge from the
fat union polytope.
- code/scripts/reach/reach_scram_full_fat.jl (NEW): full nonlinear
PKE scram reach with fat entry. Hits the stiffness wall at
~1.5 s plant time as expected; saves NaN-tolerant per-step
envelopes. Demonstrates concretely why PJ is the right tool for
the longer-horizon proof.
- code/scripts/reach/reach_heatup_pj.jl: T_REF_START_C constant
(entry-conditioned ramp) replaces T_STANDBY-init that was making
the FL controller command cooling at t=0. Per-step extraction
already in place.
- code/configs/heatup/tight.toml: bumped maxsteps; probe horizon
parameterized.
Hot-standby SOS barrier
- code/scripts/barrier/barrier_sos_2d_shutdown.jl (NEW): mirrors the
operation SOS machinery on the hot-standby thermal projection.
Includes the eps-slack pattern (so feasibility doesn't silently
collapse to B == 0).
- code/scripts/barrier/barrier_sos_2d.jl: refactored to use the same
helper.
- code/src/sos_barrier.jl (NEW): solve_sos_barrier_2d helper module
factoring out the SOS construction; eps-slack with eps_cap=1.0 to
avoid unbounded primal.
Library
- code/src/pke_states.jl (NEW): single source of truth for canonical
initial-condition vectors per DRC mode (op, shutdown, heatup) keyed
off plant + predicates.
- code/scripts/sim/{main_mode_sweep,validate_pj}.jl, code/CLAUDE.md:
migrated to pke_states.
Predicates + invariants
- reachability/predicates.json: new shutdown_margin predicate (1%
dk/k tech-spec floor, expressed as alpha_f*T_f + alpha_c*T_c
halfspace). Used as scram X_exit.
Plot script
- code/scripts/plot/plot_reach_tubes.jl: plot_tubes_scram_pj() with
variant=:fat|:tight knob; plot_tubes_scram_full() for full-PKE
3-panel (T_c, T_f, rho); plot_tubes_heatup_pj() reads results/
not reachability/.
Journal + memory
- journal/entries/2026-04-27-shutdown-sos-and-scram-X_exit.tex (NEW):
long-form entry on the SOS hot-standby barrier and the scram X_exit
refactor.
- journal/journal.tex: input chain updated.
- claude_memory/ — three new session notes:
* 2026-04-27-scram-X_exit-shutdown-margin.md
* 2026-04-28-DICE-2026-conference-intel.md (people, sessions,
strategic notes for the May 12 talk)
* 2026-04-28-path1-sos-pj-sketch.md (sketch of nonlinear-SOS via
polynomial multiply-through; saved for an overnight session)
Docs
- docs/model_cheatsheet.md (NEW): one-page reference of state vector,
dynamics, constants, modes, predicates, sanity numbers — the talk
prep cheatsheet Dane asked for.
- docs/figures/reach_*_tubes.png: regenerated with the new mat data.
- presentations/prelim-presentation/outline.md: revised arc per the
April-28 review pass (cuts: Lyapunov-fails standalone slide,
operation-tube standalone slide, SOS standalone; adds: scopes-of-
control framing, scram on the headline result slide).
- app/predicate_explorer.jl: minor.
Hacker-Split: end-of-session scratch bundle
reach_heatup_pj_tight_full.mat now has per-timestep envelopes
(Tc_lo_ts, Tc_hi_ts, Tf_lo_ts, ..., rho_lo_ts, rho_hi_ts) for
12932 reach-sets over 300 s, 200s wall time.
plot_reach_tubes.jl produces four-panel overlay figures for both
operation and heatup PJ modes. Two figures saved:
docs/figures/reach_operation_tubes.png (operation LQR)
docs/figures/reach_heatup_pj_tubes.png (heatup PJ tight entry)
Each shows:
- T_c / T_hot / T_cold tubes overlaid on one axis
- ΔT_core = T_hot - T_cold (power proxy; right axis MW)
- rho envelope in dollars, ±1$ prompt-critical lines
- n envelope
Finding worth flagging: heatup PJ tight tube shows rho in
[-0.25 $, -0.05 $] throughout — always subcritical. The controller
is driving rho negative because T_ref starts at T_standby=275 but
X_entry has T_c in [285, 291]. So the ramp reference is BELOW the
current T_c and the FL controller commands cooling. n decays from
[0.001, 0.002] to near zero.
PJ validity trivially satisfied (rho stays well below +beta).
But the physics being captured is "plant cooling back to ramp
reference," not "plant heating to operating temp." For a real
heatup tube we'd need ref.T_start aligned with X_entry's T_c
midpoint, or X_entry pinned at T_standby.
Logged as apass in journal for next pass; morning's priority list
(polytopic/SOS barriers, Tikhonov bound) takes precedence.
OVERNIGHT_NOTES.md flags the blocked remote push — gitea URL is
agent-inferred from submodule submodule.thesis.url pattern, harness
(correctly) refused the exfiltration risk.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Following user's review feedback (point 1):
prompt_critical_margin_heatup: a new entry under safety_limits that
proves the PJ reduction's validity condition (beta - rho > 0 with
margin) rather than hand-waving it. Controller-specific
specialization for heatup: under feedback linearization,
rho_total = Kp*(T_ref - T_c), so rho ≤ 0.5*beta iff T_c ≥ T_ref -
32.5. Worst-case T_ref = T_c0 at ramp end, so T_c ≥ 275.85 is
sufficient, which our tight-entry reach clears trivially.
Conjoined into inv1_holds. Safety proofs now target BOTH the
physical bounds AND the conditions that make the PJ approximation
sound. Saves Dane's rigor-over-vibes instinct (saved to memory).
plot_reach_tubes.jl: four-panel visualization of a reach-result .mat:
(1) T_c / T_hot / T_cold envelopes overlaid
(2) ΔT_core = T_hot - T_cold (power proxy, right-axis MW)
(3) rho envelope in dollars, with ±1$ prompt lines
(4) n envelope
Operation-mode plot saved to docs/figures/reach_operation_tubes.png.
Heatup PJ version pending — needs full per-step data from the
running reach_heatup_pj_tight_full.jl.
reach_heatup_pj.jl + reach_heatup_pj_tight_full.jl now save
per-timestep envelopes (t_arr, Tc_lo_ts, Tc_hi_ts, ...) so the
plotting script can overlay tubes vs time.
Next up: polytopic / SOS barriers, Tikhonov error bound for PJ.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Singular-perturbation reduction of the PKE+T/H system: set dn/dt=0,
solve algebraically n = Λ·Σλ_i·C_i / (β-ρ). State drops 10 -> 9 (no
n), removes Λ⁻¹ stiffness. Validated against full state on the heatup
scenario:
t [s] |Δn|/n_full T_c err [K]
60 3.7e-5 4e-6
300 3.8e-4 1.9e-4
1200 1.0e-3 2.2e-3
3000 5.0e-4 7.2e-3
Maximum relative error 0.1% on n, peak 7 mK on temperatures over
50 minutes. PJ approximation is excellent for slow heatup transients
(sub-prompt-critical regime).
Files:
- code/src/pke_th_rhs_pj.jl: reduced 9-state RHS
- code/scripts/validate_pj.jl: side-by-side sim
- code/scripts/reach_heatup_pj.jl: TMJets reach with PJ model
(probing T = 60, 300, 1800, 5400 s)
App v2 (Pluto):
- §9b: live ingestion of reach_operation_result.mat with per-
halfspace margins computed from JSON-defined inv2_holds.
- §9c: 2D projection chooser (n, T_f, T_c, T_cold) with reach
tube envelope overlay.
- §9d: PJ heatup reach summary (placeholder until first run lands).
Journal:
- Added 2026-04-20-overnight-prompt-jump.tex with PJ derivation,
validation table, soundness ledger update. apass markers for
the in-progress reach results.
This commit captures state mid-run; next commit will add the
populated reach results once TMJets returns.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
journal/ directory, LaTeX-based, dated entries, callout boxes for
derivations / decisions / dead ends / limitations, plus an \apass{}
macro for in-line markers when a later deep-pass is needed.
Retroactive A-style entries for 2026-04-17 (controllers, linearization,
LQR, operation-mode linear reach, Lyapunov barrier) and 2026-04-20
(predicates restructure into deadbands+safety+invariants, OL-vs-CL
barrier analysis, mode-obligation taxonomy, heatup-rate-as-halfspace,
mode_boundaries, first Julia nonlinear reach attempt).
Both entries include derivations written out in math, dead-ends I
hit, code snippets with commentary, figure embeds, and terminal
output where it changed what we did next. The goal is invention-log
depth — readable 4 years from now without the git history to help.
journal/README.md documents the conventions. journal.tex aggregates
all entries into one PDF via latexmk.
Kept claude_memory/ separate as per earlier agreement — those are
short AI-context notes, different audience.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Previously conflated two different kinds of constraint:
- operational deadbands (|T_c - T_c0| <= 5 F) used by the DRC for mode
transitions. Symmetric bands around setpoint. Violating these is an
operator/operational issue, not a safety issue.
- safety limits (T_f <= 1200 C, T_c <= 320 C, n <= 1.15, etc.) are
hard one-sided halfspaces corresponding to physical damage mechanisms
or reactor-trip setpoints. THESE are what a safety barrier/reach must
discharge.
predicates.json now has three groups:
- operational_deadbands (t_avg_above_min, t_avg_in_range, p_above_crit)
- safety_limits (fuel_centerline, t_avg_high_trip, t_avg_low_trip,
n_high_trip, n_low_operation, cold_leg_subcooled)
- mode_invariants (inv1_holds, inv2_holds as conjunctions of safety_limits)
reach_operation.m and barrier_lyapunov.m both now report halfspace-by-
halfspace margins against inv2_holds. Attributable failure analysis:
we can see WHICH limit is tightest.
Reach tube (under +/-15% Q_sg load): passes all 6 safety halfspaces.
Tightest margin is n_high_trip at +0.138 (12% from trip). Temperature
directions have 10-870 K margin.
Lyapunov barrier (same): fails all 6. Worst is n_high_trip with -2365
margin — the ellipsoid says n could deviate by +/-2364, which is
physically meaningless. Anisotropy cost made visible per-direction.
Motivates SOS / polytopic barriers for the thesis chapter.
load_predicates.m now returns .operational_deadbands, .safety_limits,
and .mode_invariants. Existing callers that only used .constants or
.t_avg_in_range still work because those live under the old keys.
Hacker-Split: user caught that the barrier was checking the wrong
invariant; safety limits != operating deadband. Restructured so the
proof target matches the physical claim.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
predicates.json is the single source of truth for concretizing the
FRET-spec predicates (t_avg_above_min, t_avg_in_range, p_above_crit,
inv1_holds, inv2_holds) as polytopes {x : A x <= b}. Until now these
were abstract booleans in the synthesis spec; reach analysis
re-invented ad-hoc thresholds that weren't tied to the spec. Closes
the Thrust-1-meets-Thrust-3 seam.
T_standby now defined as T_c0 - 60 F = 275 C (from user review).
Replaces the earlier simplification where shutdown IC held all temps
at T_cold0. 275 C is inside the model's +/-50 C trust region around
operating point and above coolant saturation at reduced pressure.
load_predicates.m in MATLAB reads the JSON and resolves rhs_expr
strings (which reference plant-derived constants like T_c0, T_cold0,
T_standby) into numeric bounds. Returns per-predicate (A_poly, b_poly)
plus a constants struct.
main_mode_sweep.m now pulls T_standby from predicates and uses it
for shutdown + heatup ICs. Heatup horizon extended to 90 min to
cover the wider 60 F -> operating range at 28 C/hr tech-spec limit.
reach_operation.m reads delta_safe_Tc from the t_avg_in_range
halfspace instead of hardcoding +/-5 K. Current concretization is
+/-2.78 C (~5 F); LQR reach still shows 28x margin.
inv1_holds and inv2_holds are marked PLACEHOLDER in the JSON —
engineering best guesses, not derived from a specific plant's tech
specs or a DNBR correlation. Revisit before thesis defense.
Hacker-Split: single-source concretization for FRET predicates,
end seam with reach.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Stand up reachability/ with a hand-rolled zonotope propagator for
linear closed-loop systems (reach_linear.m: axis-aligned box hull,
augmented-matrix integration for the disturbance convolution). Use it
in reach_operation.m to discharge the operation-mode safety obligation:
from a +/-0.1 K box on T_avg, under Q_sg in [85%, 100%]*P0, LQR keeps
T_c within 0.03 K of setpoint over 600 s. Safety band is +/-5 K, so
the obligation is satisfied with five orders of margin.
barrier_lyapunov.m attempts the analytic counterpart via a weighted
Lyapunov function. Sweeping the Qbar(T_c) weight, the best quadratic
barrier allows ~33 K deviation on the gamma level set — still outside
the 5 K safety band. This is a fundamental limitation of quadratic
barriers for anisotropic safety specs (thin-slab safe set in a
precursor-heavy state space). Documented in the file: next step for a
tight analytic certificate is SOS polynomial or polytopic barrier,
which need solvers we don't have locally yet.
reach_linear.m started out with a halfwidth-propagation bug (signed
A_step instead of |A_step|); fixed before commit after noticing the
reach envelope exactly matched the initial box on T_c.
Figures saved to docs/figures/. .mat result files gitignored — they
are regenerated in <1s.
Hacker-Split: first end-to-end per-mode reachability artifact.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Folds three previously-separate pieces into one preliminary-example repo
for the HAHACS thesis:
- thesis/ (submodule) → gitea Thesis.git — the PhD proposal
- fret-pipeline/ — FRET requirements to AIGER controller (was
~/Documents/fret_processing/; prior single-commit history abandoned
per user decision)
- plant-model/ — 10-state PKE + lumped T/H PWR model (was
~/Documents/PKE_Playground/; never version-controlled before)
- presentations/2026DICE/ (submodule) → gitea 2026DICE.git
- reachability/, hardware/ — empty placeholders for Thrust 3 and HIL
- docs/architecture.md — how the discrete and continuous layers compose
- claude_memory/ — session notes and scratch knowledge pattern
Plant model refactored to thesis naming (x, plant, u, ref); pke_th_rhs
now takes u as an explicit arg instead of reading rho_ext from the
params struct. First two controllers built to the contract
u = ctrl_<mode>(t, x, plant, ref): ctrl_null (baseline) and
ctrl_operation (stabilizing, proportional on T_avg). Validated under a
100% -> 80% Q_sg step: ctrl_operation reduces steady-state T_avg drift
~47% vs. the unforced plant.
Root CLAUDE.md emphasizes that CLAUDE.md files are living documents and
that any knowledge not captured before a session ends is lost forever;
claude_memory/ holds the session-level notes that haven't stabilized
enough to graduate into a CLAUDE.md.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Dane Sabo