Requirements Traceability Matrix (RTM)
Status: Submission-candidate trace matrix (formal evidence promotion and freeze metadata pending) Version: 0.91 Owner: BionicLoop engineering Prepared by: BionicLoop engineering Reviewer: ____ Approver: ____ Decision date: ____ Effective date: ____ Baseline freeze SHA: ____ Last updated: 2026-04-07 14:17 EDT
Revision History
| Version | Date | Author | Summary of Changes |
|---|---|---|---|
| 0.1 | 2026-04-05 | Engineering | Initial controlled RTM draft |
| 0.9 | 2026-04-06 | BionicLoop engineering | Added handoff-ready metadata and refined RA-009 cybersecurity trace mapping for the software-only handoff package |
| 0.91 | 2026-04-07 | BionicLoop engineering | Narrowed RA-009 to the current local-security claim set, aligned RA-013 and RA-015 evidence notes with the implemented baseline, and changed high-risk freeze blockers to Rerun needed status |
This matrix links risk hazards, requirements, design elements, and verification artifacts.
Matrix
| RA-ID | SRS ID | SDD ID | Verification (TV-ID) | Evidence (STR/Logs) | Status |
|---|---|---|---|---|---|
| RA-001 | SRS-RUN-001, SRS-RUN-002, SRS-RUN-003 | SDD-POL-001, SDD-APP-003 | TV-RUN-001, TV-RUN-002, TV-RUN-003, TV-SIM-001 | Partial (Docs/Quality/Evidence/Working/STR-SIM-001/2026-02-19-h5-smoke/) |
In progress |
| RA-002 | SRS-CGM-001, SRS-CGM-002, SRS-CGM-003, SRS-CGM-004 | SDD-POL-002, SDD-CGM-001 | TV-CGM-001, TV-CGM-002, TV-CGM-003, TV-CGM-004, TV-SIM-002 | Partial (Docs/Quality/Evidence/Working/STR-SIM-001/2026-02-19-h5-smoke/) |
In progress |
| RA-003 | SRS-PUMP-001, SRS-PUMP-002, SRS-PUMP-005 | SDD-POL-003, SDD-PUMP-001 | TV-PUMP-001, TV-PUMP-002, TV-PUMP-005, TV-PUMP-006, TV-SIM-003 | Partial (Docs/Quality/Evidence/Working/STR-SIM-001/2026-02-19-h5-smoke/) |
In progress |
| RA-004 | SRS-MEAL-001, SRS-MEAL-002, SRS-MEAL-003, SRS-MEAL-004, SRS-MEAL-005, SRS-MEAL-006 | SDD-POL-004, SDD-APP-001 | TV-MEAL-001, TV-MEAL-002, TV-MEAL-003, TV-MEAL-004, TV-MEAL-005, TV-MEAL-006, TV-MEAL-007, TV-SIM-004 | Partial (BUG-001 real-device closure evidence 2026-02-11: Docs/Quality/Evidence/STR-BUG-001/2026-02-11-relaunch-meal/; simulation: Docs/Quality/Evidence/Working/STR-SIM-001/2026-02-19-h5-smoke/) |
In progress |
| RA-005 | SRS-PUMP-003, SRS-LOG-001 | SDD-PUMP-001, SDD-LOG-001 | TV-PUMP-003, TV-LOG-001 | Partial (LoopRuntimeCoordinatorPumpExecutionTests.testDoWorkFeedsBackRequestedAndDeliveredWhenBelowDashMinimumQuantum) |
In progress |
| RA-006 | SRS-STATE-001, SRS-STATE-002, SRS-STATE-003 | SDD-DATA-001, SDD-DATA-002, SDD-DATA-003, SDD-DATA-004, SDD-POL-005 | TV-STATE-001, TV-STATE-002, TV-STATE-003 | Partial | In progress |
| RA-007 | SRS-PUMP-004, SRS-PUMP-005 | SDD-PUMP-001 | TV-PUMP-004, TV-PUMP-005 | Pending | In progress |
| RA-008 | SRS-LOG-001, SRS-LOG-002, SRS-LOG-003, SRS-LOG-004, SRS-LOG-005, SRS-LOG-006, SRS-LOG-007, SRS-LOG-008 | SDD-LOG-001, SDD-POL-017, SDD-POL-018, SDD-POL-024, SDD-POL-025, SDD-APP-007 | TV-LOG-001, TV-LOG-002, TV-LOG-003, TV-LOG-004, TV-LOG-005, TV-LOG-006, TV-LOG-007, TV-LOG-008 | Partial (implemented baseline: authenticated cloud telemetry envelope + persistent outbox with retry/permanent-failure handling + queue-cap drop policy + non-blocking upload + expanded runtime/CGM/pump/alert emitters + structured app.log.batch; envelope now carries auth_user_sub from ID-token sub with UNSET fallback. Lifecycle telemetry now includes timezone + UTC-check context (device_timezone_id, device_utc_offset_seconds, clock_check_result, optional skew/rtt/check timestamp) with launch/foreground/time-change trigger semantics. Meal announce telemetry now records deterministic submitted, accepted, success, blocked, uncertain, and resolved lifecycle transitions without optimistic-success duplication, with flow_id + target-step correlation preserved across relaunch/session-reset closure. Clinical target telemetry now captures target-range profile changes and participant approval-capture details with stable ui.critical event contracts. Evidence: BionicLoopInfrastructureTests.testCloudTelemetryReporterSendsRequiredEnvelopeFields, BionicLoopInfrastructureTests.testCloudTelemetryReporterFallsBackToUnsetSubjectID, BionicLoopInfrastructureTests.testCloudTelemetryReporterDerivesAuthUserSubFromTokenStoreIDToken, BionicLoopInfrastructureTests.testCloudTelemetryReporterReturnsNilForMalformedIDTokenSub, BionicLoopInfrastructureTests.testCloudTelemetryReporterNormalizesEnvironmentNames, BionicLoopInfrastructureTests.testCloudTelemetryOutboxRestoresInflightEntriesAsPending, BionicLoopInfrastructureTests.testCloudTelemetryOutboxDropsOldestNonHighPriorityBeforeHighPriority, BionicLoopInfrastructureTests.testCloudTelemetryReporterRetriesOnTransientFailure, BionicLoopInfrastructureTests.testCloudTelemetryReporterMarksPermanentFailureForClientErrors, BionicLoopInfrastructureTests.testCloudLogUploadPolicyUsesRemoteOverrideUntilExpiryThenFallsBackToLocal, BionicLoopInfrastructureTests.testCloudLogUploadLoggerUploadsOnlyAtOrAboveThreshold, BionicLoopInfrastructureTests.testCloudLogUploadPolicyLocalThresholdDefaultsToErrorWhenUnsetOrInvalid, BionicLoopInfrastructureTests.testCloudLogUploadPolicyPersistsAndEvaluatesSelectedLocalThreshold, BionicLoopInfrastructureTests.testCloudTelemetryReporterQueuesFollowUpFlushWhenFlushRequestOccursDuringActiveFlush, BionicLoopInfrastructureTests.testG7ConnectionTelemetryPayloadUsesLifecycleMappedStatusText, BionicLoopInfrastructureTests.testDeviceClockSyncMonitorForegroundCheckUses24HourSuccessfulCheckGate, BionicLoopInfrastructureTests.testDeviceClockSyncMonitorTimezoneChangeForcesFreshCheckInsideForegroundGate, BionicLoopRuntimeTests.testClinicalSettingsSavePolicyUICriticalEvents, BionicLoopRuntimeTests.testRegularTargetChangeApprovalTelemetryEvents, BionicLoopRuntimeTests.testMealAnnouncementResolutionEventUsesPersistedFlowIDForResolvedPendingState, BionicLoopRuntimeTests.testMealAnnouncementResolvedEventUsesPersistedResolvedTelemetryReplayState, BionicLoopRuntimeTests.testMealAnnouncementResolutionEventUsesReconciledAfterUncertainForUncertainClear, BionicLoopRuntimeTests.testMealAnnouncementAvailabilityConsumesPersistedResolvedTelemetryReplayStateOnLaunch, BionicLoopHomeStateTests.testHomeMealAnnouncementSubmitPolicyEventsAndBlockedContent.) |
In progress |
| RA-009 | SRS-SEC-001, SRS-SEC-002 | SDD-LOG-001, SDD-POL-015, CybersecurityPlan.md, Cybersecurity_Handoff_Register.md | TV-SEC-001 | Support: Cybersecurity_Local_File_and_Permission_Review.md, Cybersecurity_Baseline_Acceptability_Recommendation.md, Cybersecurity_Handoff_Register.md. Formal: TV-SEC-001 / STR-SEC-001 required for freeze. Current package does not claim closure of SRS-SEC-003..009. |
Deferred (partial scope) |
| RA-010 | SRS-UI-001, SRS-UI-002, SRS-UI-003, SRS-UI-004, SRS-UI-005, SRS-UI-006, SRS-UI-007, SRS-UI-008, SRS-VAL-001, SRS-BG-001 | SDD-POL-006, SDD-POL-007, SDD-POL-009, SDD-POL-014, SDD-POL-018, SDD-POL-019 | TV-UI-001, TV-UI-002, TV-UI-003, TV-UI-004, TV-UI-005, TV-UI-006, TV-UI-007, TV-UI-008, TV-UI-009, TV-UI-010 | Partial (Docs/Quality/Evidence/STR-UI-AUTO-001/2026-02-12-f5-ui-smoke/, plus BUG-001 real-device closure evidence in Docs/Quality/Evidence/STR-BUG-001/2026-02-11-relaunch-meal/; clock-sync coverage in BionicLoopInfrastructureTests.testDeviceClockSyncMonitorFlagsSkewAndPublishesWarningAtThresholdBreach, BionicLoopInfrastructureTests.testDeviceClockSyncMonitorWithinThresholdReportsOKWithoutWarning, BionicLoopInfrastructureTests.testDeviceClockSyncMonitorRetriesAndReturnsUnavailableWithoutWarningOnNetworkFailures, BionicLoopInfrastructureTests.testDeviceClockSyncMonitorLimitsSkewWarningsToOncePer24Hours, boundary/axis coverage in BionicLoopInfrastructureTests.testG7ViewModelDisplayFormattingMapsExtremeValuesToHighLow and BionicLoopHomeStateTests.testInlineCGMChartDerivationDynamicYAxisMaximumAndValues) |
In progress |
| RA-011 | SRS-ALERT-001, SRS-ALERT-002, SRS-ALERT-003, SRS-ALERT-004, SRS-ALERT-005, SRS-ALERT-006, SRS-ALERT-007, SRS-ALERT-008, SRS-ALERT-009, SRS-ALERT-010, SRS-ALERT-011, SRS-ALERT-012, SRS-ALERT-015, SRS-ALERT-016 | SDD-ALERT-001, SDD-POL-008, SDD-POL-026, SDD-DATA-005 | TV-ALERT-001, TV-ALERT-002, TV-ALERT-003, TV-ALERT-004, TV-ALERT-005, TV-ALERT-006, TV-ALERT-007, TV-ALERT-008, TV-ALERT-009, TV-ALERT-010, TV-ALERT-011, TV-ALERT-014, TV-ALERT-015, TV-SIM-005 | Partial (implemented: AppAlertCenter + Home alert carousel + Home bell + Settings Alert Center + signal-loss debounce/clear + pump/cgm normalized mapping + delegate persisted-alert lifecycle hooks + app-level active/recent persistence + background local notification channel for non-CGM alerts with dedupe/cooldown + minute-refresh time-sensitive countdown updates; CGM availability/failure alerts remain informational in-app only and do not schedule OS notifications; app-derived ALERT-CGM-URGENT-LOW now issues only from trustworthy live G7 <55 mg/dL, preserves reviewed state while active, persists acknowledged active state across reset / reattach, and auto-clears on trustworthy recovery >=55 mg/dL; evidence: testTopAlertPrefersHigherSeverityThenMostRecent, testSortedAlertsOrdersBySeverityRecencyAndStableDedupeKey, testHomeAlertCarouselNavigatorClampsAndWrapsIndexes, testNoActivePodDebounceAddsAndClearsAlert, testHomeAlertSyncEvaluatorReflectsCombinedPumpConditions, testSignalLossDebounceAddsAndClearsAlert, testSignalLossDebounceSuppressesTransientCondition, testShowPreviewAlertsSupportsMultipleTypesAndPrecedence, testCGMAlertsNeverScheduleBackgroundNotifications, testUrgentLowAcknowledgeMarksAlertReviewedWithoutClearingActiveState, testCGMUrgentLowAcknowledgePersistsAcrossAlertCenterResetUntilRecovery, testCGMUrgentLowAlertMapperIssuesForReliableReadingBelow55, testCGMUrgentLowAlertMapperClearsAt55OrAbove, testAlertCenterTracksRecentlyClearedAlerts, testAlertCenterRestoresPersistedActiveAndClearedAlerts, testPumpPersistedAlertStoreReturnsIssuedAndRetractedAlerts, testCGMPersistedAlertStoreReturnsIssuedAndRetractedAlerts, testPumpExpirationAlertSyncPlannerReturnsRetractsWhenNoExpirationAlertsApply, testPumpAlertMapperExpiringIncludesCountdownDeadline, testTimeSensitivePumpExpiringAlertRefreshesMessageWithoutReschedulingNotification, testIssueAndRetractPumpAlertUpdatesAppAlertCenter, testIssueAndRetractIncompatiblePumpAlertUpdatesAppAlertCenter, testIssueAndRetractCGMAlertUpdatesAppAlertCenter, testUI007_HomeAlertCenterButtonOpensAlertCenter, testUI008_AlertCenterAcknowledgeMovesAlertToRecentlyCleared, testUI009_AlertCenterPersistsAcrossRelaunch, testAlertCenterClearsNotificationsWhenRetractingAbsentAlert, testRetractingAbsentAlertStillClearsNotificationRequests; simulation evidence: Docs/Quality/Evidence/Working/STR-SIM-001/2026-02-19-h5-smoke/; source mapping baseline: Docs/Quality/AlertInventoryAndMapping.md) |
In progress |
| RA-012 | SRS-BG-001, SRS-BG-002, SRS-BG-003, SRS-BG-004, SRS-BG-005, SRS-BG-006, SRS-BG-007, SRS-BG-008, SRS-BG-009, SRS-BG-010, SRS-BG-011, SRS-BG-012 | SDD-BG-001, SDD-POL-010, SDD-POL-011, SDD-POL-012, SDD-LOG-001 | TV-BG-001, TV-BG-002, TV-BG-003, TV-BG-004, TV-BG-005, TV-BG-006, TV-BG-007, TV-BG-008, TV-BG-009, TV-BG-010, TV-BG-011, TV-BG-012 | Partial | In progress |
| RA-013 | SRS-CLIN-001, SRS-CLIN-002, SRS-CLIN-003, SRS-CLIN-004, SRS-CLIN-005, SRS-CLIN-006, SRS-CLIN-007, SRS-CLIN-008, SRS-CLIN-009, SRS-CLIN-010, SRS-CLIN-011, SRS-CLIN-012, SRS-VAL-001, SRS-LOG-008 | SDD-CLIN-001, SDD-POL-013, SDD-POL-017, SDD-POL-025, SDD-DATA-006 | TV-CLIN-001, TV-CLIN-002, TV-CLIN-003, TV-CLIN-004, TV-CLIN-005, TV-CLIN-006, TV-CLIN-007, TV-CLIN-008, TV-CLIN-009, TV-CLIN-010, TV-CLIN-011, TV-CLIN-012, TV-CLIN-013, TV-LOG-008 | Support evidence demonstrates selector bounds, profile gating, approval capture, and the investigational shared-passcode gate; authenticated role-based access is not claimed in the current baseline. Formal clinical-settings evidence promotion is still required for freeze. | Rerun needed |
| RA-014 | SRS-ALG-001, SRS-ALG-002, SRS-ALG-003, SRS-ALG-004, SRS-ALG-005, SRS-ALG-006, SRS-ALG-007 | SDD-ALG-001, SDD-QA-001 | TV-ALG-001, TV-ALG-002, TV-ALG-003, TV-ALG-004, TV-ALG-005, TV-ALG-006, TV-ALG-007, TV-ALG-008, TV-ALG-009, TV-ALG-010, TV-ALG-011 | Support package exists in Docs/Quality/Evidence/Working/STR-ALG-001/...; formal STR-ALG-001 execution and promotion are required for freeze. |
Rerun needed |
| RA-015 | SRS-CGM-005, SRS-RUN-004, SRS-RUN-005, SRS-ALERT-013, SRS-ALERT-014, SRS-UI-001, SRS-UI-002 | SDD-POL-020, SDD-POL-021, SDD-POL-022, SDD-POL-008, SDD-APP-003, SDD-CGM-001 | TV-CGM-005, TV-RUN-004, TV-RUN-005, TV-RUN-006, TV-RUN-007, TV-ALERT-012, TV-ALERT-013, TV-UI-001 | Support evidence exists for interruption deadline, alerting, and fresh-CGM suppression. Current implementation also permits reconnect fallback when CGM freshness is unavailable. Formal runtime evidence promotion and required live-device reconnect confirmation are still required for freeze. | Rerun needed |
| RA-016 | SRS-MEAL-007, SRS-MEAL-008, SRS-MEAL-009, SRS-MEAL-010, SRS-MEAL-011, SRS-LOG-007, SRS-UI-002 | SDD-POL-023, SDD-POL-024, SDD-POL-027, SDD-APP-001, SDD-LOG-001 | TV-MEAL-008, TV-MEAL-009, TV-MEAL-010, TV-MEAL-011, TV-MEAL-012, TV-LOG-007, TV-PUMP-003 | Support automated evidence exists for pending/uncertain meal state, duplicate blocking, reconciliation, and cancel-delivery handling. Formal meal-lifecycle evidence promotion is still required for freeze. | Rerun needed |
Usage
For each PR or change batch:
- Add/update impacted
SRS-*. - Update
SDD-*references. - Add/update
TV-*and run tests. - Attach evidence references in this table.
Notes
Statusvalues:Planned,In progress,Rerun needed,Complete,Blocked,Deferred (current software handoff package), andDeferred (partial scope)when only a subset of a mapped hazard/row is intentionally claimed in the current package.- Evidence can reference CI run IDs, local test logs, or manual protocol records.