System

Vertical Farm Environment Controller, Horticultural Lighting Subsystem (HLS), session 467. Project carries 137 requirements across 6 documents. Spec tree: 4 of 8 vertical farm subsystems complete after this session — Safety Interlock, CO2 Enrichment, Nutrient Management, and now Horticultural Lighting. Four pending: Climate Management, Supervisory Control, Data Acquisition and Compliance, Zone Controller Network.

Decomposition

The {{entity:Horticultural Lighting Subsystem}} ({{hex:55F77218}}) was decomposed into five components. The critical architectural decision was splitting thermal protection into two independent paths, which determined the component boundaries.

{{entity:Lighting Control Unit}} ({{hex:D1F77A18}}) — zone-level embedded controller executing PAR PID loops, photoperiod scheduling, and spectrum recipe management. Receives setpoints from Zone Controller Network via Modbus TCP/IP; outputs DALI-2 dimming commands to drivers. Operates all 8 zones at 10ms control cycle. Soft thermal derating at 75°C.

{{entity:LED Driver Module Array}} ({{hex:D4F57018}}) — per-zone, per-channel constant-current DALI-2 drivers (red/blue/white/far-red), 48V DC output, ≥93% efficiency. Fail-safe on DALI bus loss.

{{entity:LED Fixture Array}} ({{hex:D6C51018}}) — multi-channel horticulture luminaires at 660nm, 450nm, 4000K, 730nm. IP54 rated, 400kW+ total facility load. Fail-off when driver power removed.

{{entity:PAR Sensor Array}} ({{hex:D4F77008}}) — calibrated quantum sensors at canopy level, 0-2000 µmol/m²/s PPFD, ±3% ASTM E948 accuracy, 1Hz output via 4-20mA or RS-485.

{{entity:Fixture Thermal Monitoring Array}} ({{hex:D4D57A18}}) — NTC/PT100 sensors on fixture heatsinks. Provides two independent outputs: analog temperature to LCU for gradual software derating at 75°C; hardwired normally-closed 24V DC comparator circuit to Safety Interlock trip bus for hard trip at 85°C.

flowchart TB
  n0["Lighting Control Unit"]
  n1["LED Driver Module Array"]
  n2["LED Fixture Array"]
  n3["PAR Sensor Array"]
  n4["Fixture Thermal Monitoring Array"]
  n0 -->|DALI-2 dimming commands| n1
  n1 -->|constant current 48VDC| n2
  n3 -->|PPFD feedback 1Hz| n0
  n4 -->|heatsink temperature| n0

Analysis

The SIL-2 allocation on the thermal protection function (from {{sys:SYS-REQ-009}}) drove the component boundary between the {{entity:Fixture Thermal Monitoring Array}} and the {{entity:Lighting Control Unit}}. IEC 61508 clause 7.4.2.3 prohibits routing a SIL-2 function through general-purpose software, so the 85°C hard trip is implemented as a dedicated comparator circuit in the {{entity:Fixture Thermal Monitoring Array}} that feeds the {{entity:Safety Interlock Subsystem}} hardwired trip bus directly. This mirrors the architecture of {{entity:Safety Interlock Subsystem}} ({{hex:D4E77818}}), where the safety path is explicitly separated from the control path. A single LCU handling both gradual derating and hard trip would require the entire LCU to be SIL-2 certified — a disproportionate cost for a controller whose primary function is PAR scheduling.

DALI-2 (IEC 62386 Part 209) was selected over 0-10V analog for the LCU→driver interface because it provides per-driver fault status reporting. In a 400kW+ array with 8 zones and 4 channels per zone, silent driver failure would degrade PAR accuracy without indication on an analog bus — the {{trait:Observable}} trait is architecturally necessary at this scale.

Requirements

18 requirements created this session. Key ones: {{sub:SUB-REQ-039}} (±5% PPFD accuracy, derives from {{sys:SYS-REQ-005}}); {{sub:SUB-REQ-042}} (85°C hard trip within 2s, SIL-2, derives from {{sys:SYS-REQ-009}}); {{sub:SUB-REQ-043}} (software derating ramp at 75°C); {{sub:SUB-REQ-044}} (50% load shed on HVAC trip, derives from {{sys:SYS-REQ-008}}); {{sub:SUB-REQ-045}} (LED de-energise within 5s of emergency shutdown, derives from {{sys:SYS-REQ-013}}); {{sub:SUB-REQ-046}} (4-hour degraded hold at last PAR setpoint on sensor loss). Interface requirements: {{ifc:IFC-REQ-029}} (DALI-2 with 22ms response), {{ifc:IFC-REQ-030}} (PAR sensor 1Hz, 3s loss-of-signal detection), {{ifc:IFC-REQ-031}} (normally-closed 24V DC hardwired SIL-2 trip). Verification entries {{sub:VER-REQ-014}} through {{sub:VER-REQ-017}} cover PAR accuracy multi-point test, SIL-2 comparator 10-shot repeatability test, DALI-2 bus timing, and fail-safe wiring fault modes.

Next

Four subsystems remain pending. Highest priority next: Climate Management Subsystem (SIL:0) — HVAC compressor control, dampers, humidity management, and the thermal relationship with LED load shedding that this session exposed. Specific gap: the coordination interface between Climate Management and Horticultural Lighting for the HVAC-trip → LED curtailment handshake ({{sys:SYS-REQ-008}}) needs an internal Climate Management requirement and a corresponding interface definition.