ThermIQ/thermIQ
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
thermIQ/docs/SAFETY.md
Adrian Bretsch ba6622bed7 Initial commit: ThermIQ ASP1 documentation 
All Markdown documentation files for the ThermIQ smart hybrid heating system.
PDFs excluded via .gitignore — generated on demand.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-08 12:30:03 +02:00

88 lines
3.6 KiB
Markdown
Raw Blame History

# ThermIQ — Safety Architecture
## Non-Negotiable Constraints
These constraints are architectural. They must NEVER be relaxed:
1. **Miners must always be hard-disconnectable via contactors** — K10 (Miner 1) and K11 (Miner 2) are power contactors. Software can only energize/de-energize them if the safety relay allows it. The safety relay acts first.
2. **Safety logic must never rely on software or network** — The dual-channel safety relay operates entirely in hardware. If all of: RevPi, Node-RED, Home Assistant, MQTT go offline — the safety relay still functions.
3. **EVU input of Buderus is dry contact only** — Relay K7 is potential-free. It MUST NOT inject any voltage into the Buderus WLW186i EVU input I1. Only open/close the contact.
4. **No WiFi for critical energy components** — All control runs over wired Ethernet.
5. **Cloud never required for operation** — Cloud APIs are optional and read-only. The system must operate indefinitely without internet.
6. **If RevPi crashes → miners must shut down** — The safety relay is wired so that loss of RevPi heartbeat de-energizes contactor coils.
## Safety Circuit (Hardware)
```
[E-Stop 1 — NC] ──┐
[E-Stop 2 — NC] ──┤
[FLOW OK — NC] ──┤──→ Dual-channel Safety Relay (with feedback loop)
[TEMP MAX — NC] ──┤ │
[Reset — NO] ──┘ ┌────┴────────────────┐
↓ ↓
[K10 coil] [K11 coil]
(Miner 1) (Miner 2)
[RevPi DI — Safety OK feedback]
```
**Dual-channel safety relay with Rückführkreis (feedback loop)**:
- Both channels must be healthy
- Feedback contacts of K10/K11 are wired back into the relay
- Manual reset required after trip
- Safety OK signal fed back to RevPi DI for software awareness
## Safety Input Signals
| Signal | Type | Condition | Action on Fault |
|--------|------|-----------|-----------------|
| E-Stop 1 | NC | Opened = pressed | Miners off |
| E-Stop 2 | NC | Opened = pressed | Miners off |
| FLOW OK | NC | Opened = no flow | Miners off |
| TEMP MAX | NC | Opened = over-temp | Miners off |
| Reset | NO | Momentary close = reset | Re-enables safety |
## Contactor Logic
```
Power path: AC bus → LS breaker → K10/K11 contactor → Miner plugs
K10/K11 coil: ONLY energized when safety relay output is OK
K10/K11 Hilfskontakt: feedback → RevPi DI (software monitoring only)
```
Both Schuko plugs of each miner must be routed through the respective contactor.
## Heat Pump EVU Logic
```
RevPi DO_EVU_SPERRE → K7 relay (potential-free) → Buderus I1
K7 closed = EVU Sperre active = heat pump blocked
K7 open = EVU Sperre inactive = heat pump free to run
```
Logic: When Pufferspeicher is hot enough, block the heat pump to save energy.
Default state (RevPi off): K7 open → heat pump autonomous.
## Fault States and Recovery
| Fault | Detection | Recovery |
|-------|-----------|----------|
| Safety trip | Safety relay drops + RevPi DI goes low | Fix cause, manual reset button |
| Flow loss | FLOW OK contact opens | Restore flow, reset |
| Over-temperature | TEMP MAX contact opens | Cool system, reset |
| E-Stop | NC contact opens | Release E-Stop, reset |
| RevPi crash | Safety relay heartbeat lost (if wired) | RevPi reboot, system re-initializes |
## Wiring Notes
- Safety circuit wiring: use screened cable where possible
- NC contacts preferred for fail-safe behavior (open = fault)
- Contactor feedback contacts must be wired for complete Rückführkreis
- 24 V DC safety circuit — do not mix with 230 V circuits
Reference in a new issue View git blame Copy permalink