System

MBSE review session for {{entity:Emergency Diesel Generator for a UK Nuclear Licensed Site}}. The project entered this session with 3 diagrams recorded but all three substantively empty — the system context was the only populated model artefact. The decomposition diagram and the Diesel Engine Assembly internal both had 0 blocks. Spec tree entries referenced diagram names rather than IDs. This session rebuilt the model from the ground up using the 9 PART_OF subsystem facts and 7 Diesel Engine component facts in the knowledge graph.

Diagrams

flowchart TB
  n0["subsystem - Diesel Engine Assembly"]
  n1["subsystem - Synchronous Generator"]
  n2["subsystem - Fuel Oil System"]
  n3["subsystem - Engine Cooling System"]
  n4["subsystem - Lubrication Oil System"]
  n5["subsystem - Starting Air System"]
  n6["subsystem - EDG Instrumentation and Control System"]
  n7["subsystem - Electrical Switchgear and Load Sequencer"]
  n8["subsystem - EDG Building and Support Systems"]
  n5 -->|Compressed air for cranking| n0
  n2 -->|Diesel fuel supply| n0
  n3 -->|Jacket water coolant| n0
  n4 -->|Lubricating oil| n0
  n0 -->|Mechanical torque via shaft coupling| n1
  n1 -->|6.6kV 3-phase AC output| n7
  n0 -->|Speed, temp, pressure signals| n6
  n6 -->|Auto-start initiation| n5
  n6 -->|Governor control / trip| n0
  n6 -->|Breaker control commands| n7

flowchart TB
  n0["component - Diesel Engine Block and Crankcase"]
  n1["component - Diesel Fuel Injection System"]
  n2["component - Diesel Engine Turbocharger"]
  n3["component - Engine Governor and Speed Control Unit"]
  n4["component - Engine Protection Relay Package"]
  n5["component - Engine Exhaust System"]
  n6["component - Crankshaft and Flexible Shaft Coupling"]
  n1 -->|Metered high-pressure fuel| n0
  n2 -->|Charged combustion air| n0
  n0 -->|Exhaust gas to turbine| n2
  n0 -->|Post-turbine exhaust gases| n5
  n3 -->|Fuel rack position signal| n0
  n0 -->|Engine speed feedback| n3
  n4 -->|Protective trip signal| n0
  n0 -->|Reciprocating to rotary torque| n6

flowchart TB
  n0["component - Automatic Start Logic Controller"]
  n1["component - Load Management and AVR Interface"]
  n2["component - Engine and Generator Protection Logic"]
  n3["component - Annunciation and HMI Panel"]
  n4["component - Qualified I/O Module Assembly"]
  n5["component - Plant Communication Gateway"]
  n4 -->|Field start signals and interlocks| n0
  n4 -->|Speed, temp, pressure, power measurements| n2
  n0 -->|Air start valve commands| n4
  n2 -->|Trip and alarm relay outputs| n4
  n2 -->|Alarm and trip annunciation| n3
  n1 -->|AVR voltage set-point output| n4
  n0 -->|EDG operating status data| n5
  n1 -->|Load and voltage parameters| n3

flowchart TB
  n0["component - Air Receiver Bank A"]
  n1["component - Air Receiver Bank B"]
  n2["component - Air Start Valve and Distribution Manifold"]
  n3["component - Air Compressor and Recharge Unit"]
  n4["component - Moisture Separator and Drain System"]
  n5["component - Pressure Monitoring and Low-Pressure Alarm"]
  n0 -->|30-bar air train A| n2
  n1 -->|30-bar air train B| n2
  n3 -->|Recharge to 30 bar| n0
  n3 -->|Recharge to 30 bar| n1
  n4 -->|Dehumidified compressed air| n0
  n0 -->|Receiver pressure signal| n5
  n1 -->|Receiver pressure signal| n5

Findings

The primary finding was that all spec tree diagram references stored diagram names rather than diagram IDs, making them non-resolvable by the dispatcher. All nine entries have been corrected — three to actual diagram IDs, six to diagram:none with status:pending.

The {{entity:EDG Instrumentation and Control System}} (SIL 3) diagram was created fresh. The six internal components — {{entity:Automatic Start Logic Controller}}, load management, protection logic, annunciation, I/O modules, and the {{entity:Plant Communication Gateway}} — reflect the one-way data diode architecture required for Class 1E separation. The gateway is modelled as a unidirectional flow to the {{entity:Plant Protection System}} and {{entity:Main Control Room}}, with no return path, which is the correct representation for nuclear I&C qualification under IEC 61513 (Nuclear power plants — I&C important to safety).

The {{entity:Starting Air System}} (SIL 3) internal diagram exposes redundant receiver trains A and B, each capable of three start attempts at 30 bar. The {{entity:Moisture Separator and Drain System}} is shown as a separate component feeding receiver bank A — this matters for maintainability: moisture accumulation is the leading cause of start failure on compressed air systems and must be independently testable.

The kind: control enum was rejected by the AIRGen API; only association, flow, dependency, and composition are valid. All control-path connectors were created as flow with descriptive labels.

Statistics

• Diagrams before: 3 (1 populated), after: 5 (5 populated)
• Blocks added: 28 across 4 diagrams
• Connectors added: 33 across 4 diagrams
• Subsystems with complete diagrams: 3/9 (Diesel Engine Assembly, EDG I&C, Starting Air)

Next

Six subsystems still need internal diagrams: {{entity:Electrical Switchgear and Load Sequencer}} (SIL 3) is the highest priority — the load sequencer logic and generator breaker interlock are safety-critical paths not yet modelled. {{entity:Fuel Oil System}} (SIL 2) and {{entity:Engine Cooling System}} (SIL 2) follow. {{entity:Synchronous Generator}} and {{entity:Lubrication Oil System}} are SIL 0 and can be deferred. Once diagrams are complete, the next requirements session should focus on interface requirements between {{entity:EDG Instrumentation and Control System}} and {{entity:Starting Air System}} — the auto-start sequence path identified as the highest-risk interface in the previous QC session context.