ThermIQ/thermIQ
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
thermIQ/docs/SAFETY.md
Adrian Bretsch ba6622bed7 Initial commit: ThermIQ ASP1 documentation 
All Markdown documentation files for the ThermIQ smart hybrid heating system.
PDFs excluded via .gitignore — generated on demand.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-08 12:30:03 +02:00

3.6 KiB
Raw Permalink Blame History

ThermIQ — Safety Architecture

Non-Negotiable Constraints

These constraints are architectural. They must NEVER be relaxed:

  1. Miners must always be hard-disconnectable via contactors — K10 (Miner 1) and K11 (Miner 2) are power contactors. Software can only energize/de-energize them if the safety relay allows it. The safety relay acts first.

  2. Safety logic must never rely on software or network — The dual-channel safety relay operates entirely in hardware. If all of: RevPi, Node-RED, Home Assistant, MQTT go offline — the safety relay still functions.

  3. EVU input of Buderus is dry contact only — Relay K7 is potential-free. It MUST NOT inject any voltage into the Buderus WLW186i EVU input I1. Only open/close the contact.

  4. No WiFi for critical energy components — All control runs over wired Ethernet.

  5. Cloud never required for operation — Cloud APIs are optional and read-only. The system must operate indefinitely without internet.

  6. If RevPi crashes → miners must shut down — The safety relay is wired so that loss of RevPi heartbeat de-energizes contactor coils.

Safety Circuit (Hardware)

[E-Stop 1 — NC] ──┐
[E-Stop 2 — NC] ──┤
[FLOW OK   — NC] ──┤──→ Dual-channel Safety Relay (with feedback loop)
[TEMP MAX  — NC] ──┤         │
[Reset     — NO] ──┘    ┌────┴────────────────┐
                         ↓                     ↓
                   [K10 coil]            [K11 coil]
                   (Miner 1)             (Miner 2)
                         ↓
                   [RevPi DI — Safety OK feedback]

Dual-channel safety relay with Rückführkreis (feedback loop):

  • Both channels must be healthy
  • Feedback contacts of K10/K11 are wired back into the relay
  • Manual reset required after trip
  • Safety OK signal fed back to RevPi DI for software awareness

Safety Input Signals

Signal Type Condition Action on Fault
E-Stop 1 NC Opened = pressed Miners off
E-Stop 2 NC Opened = pressed Miners off
FLOW OK NC Opened = no flow Miners off
TEMP MAX NC Opened = over-temp Miners off
Reset NO Momentary close = reset Re-enables safety

Contactor Logic

Power path: AC bus → LS breaker → K10/K11 contactor → Miner plugs

K10/K11 coil: ONLY energized when safety relay output is OK
K10/K11 Hilfskontakt: feedback → RevPi DI (software monitoring only)

Both Schuko plugs of each miner must be routed through the respective contactor.

Heat Pump EVU Logic

RevPi DO_EVU_SPERRE → K7 relay (potential-free) → Buderus I1

K7 closed = EVU Sperre active = heat pump blocked
K7 open   = EVU Sperre inactive = heat pump free to run

Logic: When Pufferspeicher is hot enough, block the heat pump to save energy. Default state (RevPi off): K7 open → heat pump autonomous.

Fault States and Recovery

Fault Detection Recovery
Safety trip Safety relay drops + RevPi DI goes low Fix cause, manual reset button
Flow loss FLOW OK contact opens Restore flow, reset
Over-temperature TEMP MAX contact opens Cool system, reset
E-Stop NC contact opens Release E-Stop, reset
RevPi crash Safety relay heartbeat lost (if wired) RevPi reboot, system re-initializes

Wiring Notes

  • Safety circuit wiring: use screened cable where possible
  • NC contacts preferred for fail-safe behavior (open = fault)
  • Contactor feedback contacts must be wired for complete Rückführkreis
  • 24 V DC safety circuit — do not mix with 230 V circuits