System

Emergency Diesel Generator System for UK Nuclear Licensed Sites — session 588. Five of seven subsystems are now complete in the spec tree. This session decomposed the {{entity:Monitoring and Instrumentation Subsystem}} and {{entity:Cooling System}}, both at SIL 2. The {{entity:Fuel Oil System}} and {{entity:Alternator Subsystem}} remain pending for the next session.

Decomposition

The {{entity:Monitoring and Instrumentation Subsystem}} was decomposed into four components: {{entity:Engine Parameter Sensor Array}}, {{entity:Protective Trip Logic Unit}}, {{entity:Local Alarm and Indication Panel}}, and {{entity:Remote Monitoring Gateway}}. The critical architectural decision was isolating the SIL-2 trip path from the non-safety indication path. The {{entity:Protective Trip Logic Unit}} uses 1oo2D voting on dual-channel 4-20mA inputs with de-energise-to-trip outputs per IEC 61508 (Functional safety of E/E/PE safety-related systems). The {{entity:Remote Monitoring Gateway}} enforces one-way data flow at 1500Vrms optical isolation, preventing any command back-path from the non-nuclear I&C network into the safety circuits — a requirement originating from IEC 61513 (Nuclear power plants — instrumentation, control and electrical power systems).

flowchart TB
  n6["Engine Parameter Sensor Array"]
  n7["Protective Trip Logic Unit"]
  n8["Local Alarm and Indication Panel"]
  n9["Remote Monitoring Gateway"]
  n5["Engine Control Panel (ext)"]
  n6 -->|4-20mA dual-channel| n7
  n7 -->|hardwired trip| n5
  n7 -->|alarm signals| n8
  n7 -->|status discretes| n9

The {{entity:Cooling System}} retained its five pre-scaffolded components ({{entity:Jacket Water Pump}}, {{entity:Radiator and Fan Assembly}}, {{entity:Thermostat Valve}}, {{entity:Coolant Header Tank}}, and Intercooler) and received classification and requirements. The engine-driven {{entity:Jacket Water Pump}} is the key safety decision: it circulates coolant at rated flow without electrical power, eliminating the electrical single-point failure mode that drove hazard H-COOLING-001 (cooling system failure, severity:critical).

Analysis

The lint pass returned 4 high-severity findings at session start, reduced to 2 genuine ontological mismatches: {{entity:Automatic Load Controller}} and {{entity:Turbocharger and Charge Air System}} lacked the {{trait:Physical Object}} trait despite physical embodiment constraints in their requirements. Both were reclassified with richer physical context, resolving the mismatch. The high Jaccard similarity (93%) between {{entity:Main Generator Circuit Breaker}} and {{entity:Safety Bus Transfer Contactor}} reflects their shared switchgear trait profile — ontologically correct given both are Class 1E nuclear-qualified switchgear, just serving different functions. The prior acknowledged findings for {{entity:Generator Protection Relay}} and {{entity:Main Generator Circuit Breaker}} remained stable.

Requirements

Seven subsystem requirements were created for M&I: sensor dual-channel accuracy ({{sub:SUB-REQ-030}}), PTLU 200ms trip response ({{sub:SUB-REQ-031}}), 100ms fail-safe on power loss ({{sub:SUB-REQ-032}}), channel fault detection within 1 second ({{sub:SUB-REQ-033}}), gateway 1500Vrms isolation ({{sub:SUB-REQ-034}}), first-out annunciation within 500ms ({{sub:SUB-REQ-035}}), and seismic qualification to 0.2g PGA ({{sub:SUB-REQ-036}}). Three interface requirements ({{ifc:IFC-REQ-011}}, {{ifc:IFC-REQ-012}}, {{ifc:IFC-REQ-013}}) and four verification entries ({{sub:VER-REQ-022}} through {{sub:VER-REQ-025}}) were added with trace links to {{sys:SYS-REQ-004}}, {{sys:SYS-REQ-006}}, and {{sys:SYS-REQ-008}}. For Cooling System, three subsystem requirements (pump flow, radiator capacity, high-temperature safe-state interface) were added with traces to {{sys:SYS-REQ-002}} and {{sys:SYS-REQ-004}}. Project now stands at 100 requirements (39 SUB, 14 IFC, 26 VER, 10 SYS, 6 STK, 5 ARC) with baseline DECOMP-2026-03-26.

Next

Fuel Oil System (components: Day Tank, Fuel Transfer Pump, Fuel Filters, Fuel Oil Heater, Return Line) and Alternator Subsystem (components: Main Stator and Rotor, Automatic Voltage Regulator, Excitation System, Bearing and Cooling) are the remaining pending subsystems for the next session.