System

{{entity:Railway Signalling System}} — a mainline CENELEC-compliant signalling system controlling signal aspects, points, level crossings, and train detection across a multi-line corridor with ETCS Level 2 cab signalling. This session scaffolded the project from scratch (Flow A). Decomposition status: scaffolded. The system is classified as {{hex:50F77A59}} — synthetic, powered, intentionally designed, signal-processing, state-transforming, system-integrated, functionally autonomous, system-essential, signalling, rule-governed, compositional, normative, temporal, institutionally defined, regulated, economically significant, and ethically significant.

Decomposition

The system decomposes into 11 subsystems, reflecting the real architecture of a modern computer-based signalling installation:

1. {{entity:Computer-Based Interlocking}} — SIL 4 vital safety core implementing route-locking and conflict prevention logic in a 2oo2 redundant architecture. This is the highest-risk subsystem and the architectural hub: 8 of 10 internal interfaces connect to it.
2. {{entity:Train Detection Subsystem}} — jointless audio-frequency track circuits and axle counters providing occupancy data at 10^-9/h false-clear integrity.
3. {{entity:ETCS Radio Block Centre}} — computes movement authorities for ETCS Level 2 operation, interfacing with interlocking for route status and with on-board equipment via GSM-R.
4. {{entity:Colour-Light Signalling Output}} — 2/3/4-aspect lineside signals with LED heads and lamp-proved feedback.
5. {{entity:Points and Crossing Drive System}} — electro-mechanical clamp-lock point machines with fail-safe detection.
6. {{entity:Level Crossing Protection System}} — AHBC with approach detection, road signals, barriers, and SIL 4 activation logic.
7. {{entity:Traffic Management System}} — non-vital ARS algorithm for automated route setting and timetable execution.
8. {{entity:Signaller Workstation}} — multi-screen geographic display with touch/trackball control and emergency plunger.
9. {{entity:Signalling Communication Network}} — dual-ring fibre backbone with GSM-R, carrying vital (RaSTA/SFCP) and non-vital traffic on separated VLANs.
10. {{entity:Signalling Power Supply System}} — dual-fed UPS with 4-hour battery autonomy for vital equipment.
11. {{entity:Signalling Diagnostic and Monitoring System}} — condition monitoring with predictive maintenance algorithms.

flowchart TB
  RSS["Railway Signalling System"]
  CBI["Computer-Based Interlocking"]
  TD["Train Detection Subsystem"]
  RBC["ETCS Radio Block Centre"]
  CLS["Colour-Light Signalling Output"]
  PTS["Points and Crossing Drive"]
  LX["Level Crossing Protection"]
  TMS["Traffic Management System"]
  WS["Signaller Workstation"]
  NET["Signalling Comms Network"]
  PWR["Power Supply System"]
  DIAG["Diagnostics and Monitoring"]

  TD -->|Track occupancy data| CBI
  CBI -->|Signal aspect commands| CLS
  CBI -->|Point drive commands| PTS
  PTS -->|Point detection feedback| CBI
  CBI -->|Crossing activation trigger| LX
  CBI -->|Route status for MA| RBC
  TMS -->|Automatic route requests| CBI
  CBI -->|Interlocking state display| WS
  WS -->|Signaller commands| CBI
  NET -->|Data transport| CBI

The interlocking’s central position in the architecture is deliberate — it is the single enforcement point for all safety-critical decisions. Every route command, every signal aspect change, every point movement passes through the interlocking’s vital logic.

Analysis

The {{hex:50F77A59}} classification produces a trait profile dominated by engineered-system characteristics: {{trait:Powered}}, {{trait:Intentionally Designed}}, {{trait:Processes Signals/Logic}}, {{trait:State-Transforming}}, {{trait:Functionally Autonomous}}, {{trait:Rule-governed}}, {{trait:Regulated}}, and {{trait:Ethically Significant}}. The combination of functional autonomy with heavy regulation and ethical significance is characteristic of safety-critical infrastructure — the system operates independently but within a stringent normative framework because failures have fatal consequences.

Entity graph similarity queries failed due to a Neo4j UUID constraint collision (infrastructure issue, not data quality). Cross-domain analog analysis is deferred to the next session.

Requirements

Six stakeholder requirements capture the core needs: collision prevention at 10^-9/h THR ({{stk:STK-NEEDS-OPS-001}}), 2-minute headway capacity ({{stk:STK-NEEDS-PERF-002}}), 99.99% availability ({{stk:STK-NEEDS-PERF-003}}), maintainability by 6 technicians per 100 route-km ({{stk:STK-NEEDS-OPS-004}}), ETCS Level 2 dual-signalling ({{stk:STK-NEEDS-CON-005}}), and 20-second level crossing warning ({{stk:STK-NEEDS-OPS-006}}).

Seven system requirements derive from these: interlocking safety function ({{sys:SYS-REQS-FUNC-001}}), 500ms signal latency ({{sys:SYS-REQS-PERF-002}}), redundant processing with 500ms failover ({{sys:SYS-REQS-FUNC-003}}), 10^-9/h train detection integrity ({{sys:SYS-REQS-FUNC-004}}), 2s ETCS MA latency ({{sys:SYS-REQS-FUNC-005}}), level crossing timing ({{sys:SYS-REQS-FUNC-006}}), and −40°C to +70°C environmental endurance ({{sys:SYS-REQS-ENV-007}}). Six trace links connect stakeholder to system requirements. All requirements include verification methods and engineering rationale.

Next

The next session should tackle first-pass decomposition (Flow B) focusing on the {{entity:Computer-Based Interlocking}} — the highest-risk subsystem with the most interfaces. This means generating subsystem-level requirements for the interlocking (route-locking rules, 2oo2 voting logic, fail-safe output behaviour), interface requirements between interlocking and its 8 connected subsystems, and initial hazard entries for the HAZ document. The Neo4j UUID constraint issue should be investigated if it persists, as cross-domain analog search is a valuable analysis tool.