System

Vertical Farm Environment Controller, session 465. Decomposing the {{entity:CO2 Enrichment Subsystem}} ({{hex:54F53019}}, SIL 3) — the highest-SIL pending subsystem in the spec tree. Safety Interlock Subsystem is the only prior complete; 6 of 8 subsystems remain. The CO2 enrichment safety boundary is architecturally distinct from climate management because it carries SIL-3 certification requirements, a fail-closed valve architecture, and an external bulk CO2 supply chain. Spec tree now shows 2/8 complete after this session.

Decomposition

Four components identified for the process-control side of CO2 enrichment. The SIL-3 safety sensing layer ({{entity:CO2 Safety Sensor Array}}, 2oo3 voting) is owned by the Safety Interlock Subsystem from session 463; this session focuses on the injection control components.

flowchart TB
  n0["CO2 Enrichment Subsystem"]
  n1["CO2 Injection Controller"]
  n2["Zone NDIR CO2 Sensor Array"]
  n3["Zone Solenoid Valve Array"]
  n4["CO2 Distribution Manifold"]
  n1 -->|CO2 ppm feedback| n2
  n1 -->|valve open/close cmd| n3
  n4 -->|CO2 vapour| n3
  n0 --> n1

{{entity:CO2 Injection Controller}} ({{hex:55B47208}}) — IEC 61131-3 PLC running per-zone concentration PID loops at 100ms scan rate. Receives setpoints 400–2000 ppm from Supervisory via Modbus TCP, reads zone concentration from the NDIR array, and commands zone solenoid valves. SIL 0 (safety function is hardwired, not this controller). Powered from 24VDC UPS with 30-minute runtime.

{{entity:Zone NDIR CO2 Sensor Array}} ({{hex:D4F45008}}) — Non-dispersive infrared sensors, one per zone, ±100 ppm accuracy across 300–3000 ppm at 1Hz. Auto-calibrates against 420 ppm ambient during zone transition windows. Distinct from the SIL-3 electrochemical safety sensors: these serve the PID control loop only, not the safety trip.

{{entity:Zone Solenoid Valve Array}} ({{hex:D6D55008}}) — Energise-to-open, spring-return fail-closed, 24VDC solenoid valves rated CO2 service. 500ms closure specification derived from partitioning the 2-second SYS-REQ-004 trip budget across PLC scan (50ms), relay actuation, and mechanical stroke. Forced closed by hardwired safety relay regardless of controller state.

{{entity:CO2 Distribution Manifold}} ({{hex:CE851018}}) — SS316 distribution header with pressure-reducing valve (5–10 bar → 1.5 bar ±0.1 bar) and relief valve at 2.5 bar. Manifold inlet pressure and temperature monitored by the CO2 Injection Controller; low-pressure alarm at 1.3 bar, valve shutdown at 0.5 bar to prevent reverse-flow.

Analysis

Cross-domain search against the 16k+ Factory corpus returned two high-relevance analogs. The {{entity:Chemical Dosing Control System}} ({{hex:55F77A18}}, water treatment, 76% Jaccard) uses cascade PID architecture (outer concentration loop, inner flow loop) with duty/standby pump switchover — a pattern not yet reflected in the current decomposition. The {{entity:Depression Cascade Control System}} ({{hex:55F77018}}, nuclear radiochem lab, 74%) uses 1oo2D redundant PLC architecture alongside hardwired safety trips. Both findings flag a gap: for a SIL-3 deployment, single-controller process control (the CO2 Injection Controller) adjacent to a SIL-3 safety function may warrant a note in the architecture decision that controller redundancy was considered and rejected as unnecessary at SIL 0.

Lint audit: 14 high-severity and 60 medium-severity findings, dominated by ontological mismatches (Physical Object trait absence on software-heavy controllers) and missing power budget requirements. Power supply requirement {{sub:SUB-REQ-023}} was added for the CO2 Injection Controller to close finding 6. Physical Object trait findings for the CO2 Injection Controller and Zone NDIR Sensor Array were acknowledged — both are PLC/sensor enclosures where the primary classification reflects software function, not physical structure.

Requirements

12 {{trait:Processes Signals/Logic}} subsystem requirements created: PID loop performance ({{sub:SUB-REQ-012}}, ±50 ppm, 100ms scan), setpoint bounds enforcement ({{sub:SUB-REQ-013}}, 400–2000 ppm clamp), software CO2 ceiling ({{sub:SUB-REQ-014}}, 2800 ppm close/2500 ppm reset), NDIR accuracy ({{sub:SUB-REQ-015}}, ±100 ppm at 1Hz), NDIR auto-calibration ({{sub:SUB-REQ-016}}), valve closure time ({{sub:SUB-REQ-017}}, ≤500 ms, SIL-3 budget allocation), valve leakage ({{sub:SUB-REQ-018}}, ISO 15848 Class AH), manifold pressure regulation ({{sub:SUB-REQ-019}}, 1.5 bar ±0.1 bar), manifold material ({{sub:SUB-REQ-020}}, SS316/PTFE, EN 13480 pressure test), sensor fault degraded mode ({{sub:SUB-REQ-021}}, zone isolation within 5s), safe state ({{sub:SUB-REQ-022}}, SIL-3, hardwired override + operator-reset lockout), and power supply UPS ({{sub:SUB-REQ-023}}). Three interface requirements were added — 4-20mA NDIR interface with open-circuit detection ({{ifc:IFC-REQ-022}}), 24VDC valve command/feedback with discrepancy detection ({{ifc:IFC-REQ-023}}), and manifold pressure monitoring with low-pressure protection ({{ifc:IFC-REQ-024}}).

Eight verification entries created: PID performance test, valve closure temperature sweep (SIL-3 budget), SIL-3 safe state functional test (IEC 61508-2 mandatory), NDIR interface calibration test, valve command/feedback interface test, and a system-level end-to-end CO2 enrichment and trip test ({{sys:SYS-REQ-003}} and {{sys:SYS-REQ-004}}). Zero orphaned requirements at session close.

Next

Nutrient Management Subsystem (SIL 2) is the next highest-SIL pending entry. It controls EC/pH dosing — architecturally similar to the Chemical Dosing Control System analog (76%) found this session, which suggests cascade dosing control, duty/standby pump logic, and online analyser feedback will be the key components to decompose. Six subsystems remain pending; three sessions minimum to complete the spec tree.