ASF-Nabd/ASF_01_sys_sw_arch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

update

Browse Source
This commit is contained in:
mahmamdouh
2026-01-26 12:43:14 +01:00
parent c631110349
commit bedcd373f5
133 changed files with 37347 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
System Design/draft/Features_old/Cross-Feature Constraints.md Normal file
View File

@@ -0,0 +1,120 @@
## 1\. Purpose
This document defines **cross-feature constraints** that apply across multiple system features and components. These constraints ensure consistent behavior, prevent architectural violations, and reduce integration risk.
Cross-feature constraints are **mandatory rules** that all future software design and implementation must comply with.
## 2\. Architectural Constraints
### CFC-ARCH-01: Layered Architecture Enforcement
* Application logic shall not access hardware directly.
* All hardware access shall be performed via Drivers and OSAL layers.
* Persistence access shall only be performed through the DP component.
**Impacted Features:**
DAQ, DQC, DATA, DIAG, SYS, OTA, SEC
### CFC-ARCH-02: State-Aware Feature Execution
* All features shall be aware of the current system state.
* Features shall not execute actions that are invalid for the current state.
**Examples:**
* DAQ shall not start sampling during OTA\_UPDATE.
* Communication shall be limited during TEARDOWN.
**Impacted Features:**
SYS, DAQ, COM, OTA, DATA
## 3\. Concurrency & Timing Constraints
### CFC-TIME-01: Non-Blocking Operation
* Sensor acquisition, communication, and UI updates shall be non-blocking.
* Blocking operations shall be isolated in controlled system services (e.g., persistence task).
**Impacted Features:**
DAQ, COM, SYS
### CFC-TIME-02: Deterministic Task Behavior
* Time-critical tasks (sensor acquisition, watchdog servicing) shall have deterministic execution time.
* Dynamic memory allocation during runtime shall be minimized or prohibited in critical paths.
**Impacted Features:**
DAQ, SYS, DIAG
## 4\. Data & Persistence Constraints
### CFC-DATA-01: Single Source of Truth
* Runtime and persistent data shall be owned and managed by the DP component.
* No feature shall maintain private persistent copies of shared system data.
**Impacted Features:**
DATA, DAQ, DIAG, SYS, OTA
### CFC-DATA-02: Data Consistency During Transitions
* No data write operations shall occur during teardown unless explicitly authorized by the System Manager.
* Persistence completion shall be confirmed before state transitions.
**Impacted Features:**
SYS, DATA, OTA
## 5\. Security Constraints
### CFC-SEC-01: Security First Initialization
* Secure boot and flash protection shall be enabled before any application-level logic executes.
**Impacted Features:**
SEC, SYS
### CFC-SEC-02: Encrypted Channels Only
* OTA, diagnostics, and data transmission shall only occur over encrypted and authenticated channels.
**Impacted Features:**
COM, OTA, DIAG, SEC
## 6\. HMI & Debug Constraints
### CFC-HMI-01: Read-Only Local UI
* The OLED HMI shall not allow configuration changes that affect system safety or security.
* Configuration updates shall only be accepted via authenticated communication channels.
**Impacted Features:**
SYS, SEC
### CFC-DBG-01: Debug Isolation
* Debug and engineering sessions shall not interfere with normal system operation.
* Debug commands shall respect system state restrictions.
**Impacted Features:**
SYS, DIAG, SEC

359
System Design/draft/Features_old/Features.md Normal file
View File

@@ -0,0 +1,359 @@
# **ASF Sensor Hub Feature Definition Document**
*(Global, Feature-Based, Architecture-Neutral)*
This document defines the **system features** of the ASF Sensor Hub subsystem, organized by functional categories.
It is intended to be used as:
* A **feature baseline** in ALM
* Input to **system requirements derivation**
* Reference for **architecture and software design**
* Traceability anchor to IEC 61508 / IEC 61499 style decomposition later
> ⚠️ **Important Scope Note**
> This document covers **ONLY the Sensor Hub (Sub-Hub)** based on **ESP32-S3**.
> Main Hub, Cloud, Farm Control Logic are **explicitly out of scope**.
---
## **1. System Context Overview**
The ASF Sensor Hub is a **distributed sensing node** deployed inside a poultry house.
Its primary responsibilities are:
* Acquisition of multiple environmental sensors
* Local preprocessing and validation of sensor data
* Persistent storage of data and configuration
* Secure communication with a Main Hub
* Support for diagnostics, maintenance, and OTA updates
* Safe operation under fault conditions
The Sensor Hub operates as an **autonomous embedded system** with defined lifecycle states.
---
## **2. Feature Categorization Overview**
The system features are grouped into the following categories:
1. **Sensor Data Acquisition Features**
2. **Data Quality & Calibration Features**
3. **Communication Features**
4. **Diagnostics & Health Monitoring Features**
5. **Persistence & Data Management Features**
6. **Firmware Update (OTA) Features**
7. **Security & Safety Features**
8. **System Management Features**
Each feature is described at a **functional level** (WHAT the system does, not HOW).
---
## **3. Sensor Data Acquisition Features**
### **F-DAQ-01: Multi-Sensor Data Acquisition**
The system provides the capability to acquire data from multiple environmental sensors connected to the Sensor Hub hardware.
Supported sensor types include:
* Temperature
* Humidity
* Carbon Dioxide (CO₂)
* Ammonia (NH₃)
* Volatile Organic Compounds (VOC)
* Particulate Matter (PM)
* Light Intensity
---
### **F-DAQ-02: High-Frequency Sampling and Local Filtering**
The system provides local preprocessing of sensor data by:
* Sampling each sensor multiple times per acquisition cycle
* Applying a fast local filtering mechanism
* Producing a single validated value per sensor per cycle
Filtering algorithms are **pluggable and configurable**.
---
### **F-DAQ-03: Timestamped Sensor Data Generation**
The system provides timestamped sensor data using a synchronized local time source.
Each sensor record includes:
* Sensor identifier
* Measured value
* Timestamp
* Data validity status
---
## **4. Data Quality & Calibration Features**
### **F-DQC-01: Automatic Sensor Detection**
The system provides automatic detection of sensor presence based on dedicated hardware detection signals.
Key characteristics:
* Each sensor slot is type-specific
* Sensor presence is detected during initialization and runtime
* Only detected sensors are initialized and sampled
---
### **F-DQC-02: Sensor Type Enforcement**
The system enforces sensor-slot compatibility to prevent incorrect sensor usage.
Each physical slot:
* Accepts only one sensor type
* Is mapped to a predefined sensor class in software
---
### **F-DQC-03: Sensor Failure Detection**
The system provides detection of sensor failures, including:
* Communication errors
* Out-of-range values
* Non-responsive sensors
Detected failures are classified and reported.
---
### **F-DQC-04: Machine Constants & Calibration Management**
The system provides a Machine Constants (MC) mechanism responsible for:
* Defining installed sensor types
* Holding sensor calibration parameters
* Defining communication parameters
* Defining system identity parameters
MC data is persistent and reloadable.
---
## **5. Communication Features**
### **F-COM-01: Main Hub Communication**
The system provides bidirectional communication with a Main Hub to:
* Send sensor data
* Send diagnostics information
* Receive configuration updates
* Receive firmware updates
---
### **F-COM-02: On-Demand Data Broadcasting**
The system provides on-demand transmission of the most recent sensor dataset upon request from the Main Hub.
---
### **F-COM-03: Peer Sensor Hub Communication**
The system provides limited peer-to-peer communication between Sensor Hubs for:
* Connectivity checks
* Time synchronization support
* Basic status exchange
This feature is **on-demand and optional**.
---
## **6. Diagnostics & Health Monitoring Features**
### **F-DIAG-01: Diagnostic Code Management**
The system provides structured diagnostics with:
* Diagnostic codes
* Severity levels
* Root cause hierarchy
* Timestamping
---
### **F-DIAG-02: Diagnostic Data Storage**
The system provides persistent storage of diagnostic events for post-analysis.
---
### **F-DIAG-03: Diagnostic Session**
The system provides a diagnostic session allowing engineers to:
* Retrieve diagnostic data
* Inspect system health
* Clear diagnostic records
---
## **7. Persistence & Data Management Features**
### **F-DATA-01: Persistent Sensor Data Storage**
The system provides persistent storage of sensor data in non-volatile memory (SD Card).
---
### **F-DATA-02: Data Persistence Abstraction (DP Component)**
The system provides a Data Persistence (DP) component responsible for:
* Abstracting storage media (SD / NVM)
* Managing write/read operations
* Ensuring data integrity
---
### **F-DATA-03: Safe Data Handling During State Transitions**
The system ensures that all critical data is safely stored before:
* Firmware update
* Configuration update
* System teardown
* Reset or restart
---
## **8. Firmware Update (OTA) Features**
### **F-OTA-01: OTA Update Negotiation**
The system provides an OTA handshake mechanism with the Main Hub to:
* Acknowledge update availability
* Signal readiness for update
---
### **F-OTA-02: Firmware Reception and Storage**
The system provides secure reception of firmware images and temporary storage on SD Card.
---
### **F-OTA-03: Firmware Integrity Validation**
The system validates firmware integrity using checksum or CRC before activation.
---
### **F-OTA-04: Safe Firmware Activation**
The system provides controlled firmware flashing and rollback-safe activation.
---
## **9. Security & Safety Features**
### **F-SEC-01: Secure Boot**
The system provides secure boot functionality to ensure only authenticated firmware is executed.
---
### **F-SEC-02: Secure Flash Storage**
The system provides encrypted flash storage for sensitive assets.
---
### **F-SEC-03: Encrypted Communication**
The system provides encrypted communication channels for all external data exchange.
---
## **10. System Management Features**
### **F-SYS-01: System State Management**
The system provides explicit lifecycle states including:
* Initialization
* Normal Operation
* Degraded Operation
* Update Mode
* Fault Mode
* Teardown Mode
---
### **F-SYS-02: Controlled Teardown Mechanism**
The system provides a controlled teardown mechanism that:
* Stops sensor acquisition
* Flushes all critical data
* Ensures persistent storage consistency
* Prepares the system for update or shutdown
---
### **F-SYS-03: Status Indication**
The system provides visual status indicators:
* Green: Normal operation
* Yellow: Warning state
* Red: Fatal error state
---
### **F-SYS-04: Debug & Engineering Sessions**
The system provides engineering access sessions allowing:
* Log inspection
* MC file inspection and update
* Command execution
* Controlled debugging
---
## **11. Feature Relationship Overview (High-Level)**
```
Sensor Acquisition
Data Quality & Calibration
Data Persistence
Communication
Diagnostics & System Management
OTA / Security / Safety
```
* **Machine Constants** affect:
* Sensor initialization
* Calibration
* Communication
* **Diagnostics** span all features
* **Teardown** is a cross-cutting mechanism triggered by:
* OTA
* MC update
* Fatal faults
---

83
System Design/draft/Features_old/System Assumptions & Limitations.md Normal file
View File

@@ -0,0 +1,83 @@
## 1\. System Assumptions
### SA-01: Deployment Environment
* The Sensor Hub operates in an indoor poultry farm environment.
* Environmental conditions may include high humidity, dust, and ammonia presence.
### SA-02: Power Availability
* The Sensor Hub is assumed to have continuous power.
* Short power interruptions may occur; system shall recover gracefully.
### SA-03: Network Connectivity
* Wireless connectivity to the Main Hub may be intermittent.
* The Sensor Hub shall operate autonomously when disconnected.
### SA-04: Trusted Provisioning
* Devices are assumed to be provisioned securely during manufacturing or installation.
* Cryptographic keys are assumed to be injected via a secure process.
### SA-05: Time Synchronization
* System time is assumed to be synchronized periodically by the Main Hub.
* Temporary time drift is acceptable.
## 2\. System Limitations
### SL-01: Local Processing Limits
* The Sensor Hub performs lightweight preprocessing only.
* Complex analytics and AI models are out of scope.
### SL-02: User Interface Constraints
* The OLED display is intended for monitoring and diagnostics only.
* It is not a full configuration or management interface.
### SL-03: Physical Security
* The Sensor Hub does not include physical tamper detection.
* Physical access is assumed to be restricted.
### SL-04: Storage Constraints
* SD card storage capacity is finite.
* Data retention policies may result in data overwrite.
### SL-05: Safety Classification
* The system is not classified as a safety-critical life-support system.
* Failures may impact farm performance but not human safety directly.
## 3\. External Dependencies
* ESP32-S3 hardware platform
* ESP-IDF framework
* Supported sensors and communication modules
* Main Hub availability for OTA and configuration updates

162
System Design/draft/Features_old/[COM] Communication Features.md Normal file
View File

@@ -0,0 +1,162 @@
<macro class="toc op-uc-placeholder op-uc-toc">
</macro>
# Feature Engineering Specification
## Communication Features
**Feature Group ID:** FG-COM
**Scope:** Sensor Hub (Sub-Hub only)
**Target Platform:** ESP32-S3based Sensor Hub
**Applies To:** Indoor poultry farm sensor hubs
**Dependencies:**
* Sensor Data Acquisition (FG-DAQ)
* Data Quality &amp; Calibration (FG-DQC)
* Diagnostics &amp; Health Monitoring (FG-DIAG)
* Security &amp; Safety Features (FG-SEC)
## 1\. Purpose and Objectives
The **Communication Features** define how the Sensor Hub exchanges data and control information with external entities. These features ensure that sensor data, diagnostics, configuration updates, and control requests are transferred in a **reliable, secure, and deterministic manner**.
The communication layer is designed to:
* Support hierarchical farm architecture (Sensor Hub → Main Hub)
* Enable on-demand and event-driven data transfer
* Allow limited peer-to-peer communication between Sensor Hubs
* Maintain robustness under intermittent connectivity
## 2\. Feature Overview and Relationships
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature ID</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature Name</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Primary Objective</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Related Features</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-COM-01</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Main Hub Communication</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Primary uplink/downlink with Main Hub</p></td><td class="op-uc-table--cell"><p class="op-uc-p">OTA, Diagnostics, MC Management</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-COM-02</p></td><td class="op-uc-table--cell"><p class="op-uc-p">On-Demand Data Broadcasting</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Provide latest data upon request</p></td><td class="op-uc-table--cell"><p class="op-uc-p">DAQ, DP Stack</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-COM-03</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Peer Sensor Hub Communication</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Limited hub-to-hub coordination</p></td><td class="op-uc-table--cell"><p class="op-uc-p">System Management</p></td></tr></tbody></table></figure>
## 3\. Functional Feature Descriptions
### 3.1 F-COM-01: Main Hub Communication
**Description**
The Sensor Hub shall establish and maintain a bidirectional communication channel with the Main Hub. This channel is used for transmitting sensor data, diagnostics, alarms, and status information, as well as receiving commands, firmware updates, and Machine Constants updates.
The communication mechanism shall support reliable delivery, message integrity verification, and connection state monitoring.
**Key Capabilities**
* Bidirectional communication
* Command and response handling
* Diagnostics and status reporting
* Integration with OTA and MC updates
### 3.2 F-COM-02: On-Demand Data Broadcasting
**Description**
The Sensor Hub shall support on-demand transmission of the most recent sensor data upon request from the Main Hub. This allows the Main Hub to query real-time conditions without waiting for periodic reporting cycles.
Data broadcasts include timestamped sensor values and associated validity status.
**Key Capabilities**
* Request/response data exchange
* Latest-value data delivery
* Timestamp and validity inclusion
* Low-latency response
### 3.3 F-COM-03: Peer Sensor Hub Communication
**Description**
Sensor Hubs shall be capable of limited peer-to-peer communication for coordination purposes such as connectivity checks, time synchronization assistance, or basic status exchange.
Peer communication is optional, demand-driven, and does not replace the primary communication path through the Main Hub.
**Key Capabilities**
* Hub-to-hub message exchange
* Minimal command set
* No dependency on centralized infrastructure
* Isolation from control logic
## 4\. System Requirements (Formal SHALL Statements)
### 4.1 Main Hub Communication
**SR-COM-001**
The system shall support bidirectional communication between the Sensor Hub and the Main Hub.
**SR-COM-002**
The system shall transmit sensor data, diagnostics, and system status information to the Main Hub.
**SR-COM-003**
The system shall receive commands, configuration updates, and firmware update requests from the Main Hub.
**SR-COM-004**
The system shall monitor and report the communication link status with the Main Hub.
### 4.2 On-Demand Data Broadcasting
**SR-COM-005**
The system shall support on-demand requests from the Main Hub for sensor data.
**SR-COM-006**
The system shall respond to on-demand data requests with the most recent timestamped sensor data.
**SR-COM-007**
The system shall include data validity and sensor status information in on-demand responses.
### 4.3 Peer Sensor Hub Communication
**SR-COM-008**
The system shall support limited peer-to-peer communication between Sensor Hubs.
**SR-COM-009**
The system shall allow peer communication for basic coordination functions such as connectivity checks or time synchronization.
**SR-COM-010**
The system shall ensure that peer Sensor Hub communication does not interfere with Main Hub communication or control operations.
## 5\. Traceability Mapping
### 5.1 Feature → System Requirement Mapping
```mermaid
graph TD
F-COM-01 -->|Main Hub Communication| SR-COM-001
F-COM-01 -->|Transmit Data| SR-COM-002
F-COM-01 -->|Receive Commands| SR-COM-003
F-COM-01 -->|Monitor Link Status| SR-COM-004
F-COM-02 -->|On-Demand Requests| SR-COM-005
F-COM-02 -->|Respond with Data| SR-COM-006
F-COM-02 -->|Include Validity Info| SR-COM-007
F-COM-03 -->|Peer Communication| SR-COM-008
F-COM-03 -->|Peer Coordination| SR-COM-009
F-COM-03 -->|Isolate Peer Traffic| SR-COM-010
```
## 6\. Engineering Notes and Constraints
* Communication protocol selection (Wi-Fi, ESP-NOW, proprietary RF, etc.) is deferred to the Software Requirements phase.
* Security (authentication, encryption) is defined under **Security &amp; Safety Features**.
* Communication failures shall trigger diagnostics events but shall not block sensor acquisition.

320
System Design/draft/Features_old/[DAQ] Sensor Data Acquisition Features.md Normal file
View File

@@ -0,0 +1,320 @@
# **ASF Sensor Hub**
## **Feature Engineering Specification**
## **Sensor Data Acquisition Features**
## **1\. Feature Overview**
### **Feature Name**
Sensor Data Acquisition Features
### **Feature ID**
FEAT-DAQ
### **Subsystem**
ASF Sensor Hub (Sub-Hub)
### **Target Platform**
ESP32-S3based embedded system
### **Scope**
This feature defines the capabilities of the Sensor Hub related to:
* Environmental sensor data acquisition
* Local preprocessing and filtering
* Timestamping and preparation of sensor data for persistence and communication
This feature **does NOT include**:
* Main Hub processing
* Cloud analytics
* Control logic
* OTA, diagnostics, or persistence mechanisms (referenced only as dependencies)
## **2\. Purpose and Engineering Rationale**
Modern poultry farm automation systems require **high-resolution, reliable, and time-correlated environmental data** to enable:
* Accurate environmental control
* Early fault detection
* Advanced analytics and machine learning
The Sensor Data Acquisition feature ensures:
* Deterministic sensor sampling
* Noise-resilient measurements
* Temporal traceability of data
* Decoupling of acquisition from communication and control
This aligns with **distributed intelligence principles** used in leading international poultry automation systems.
## **3\. Feature Decomposition**
The Sensor Data Acquisition feature is decomposed into the following sub-features:
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Sub-Feature ID</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Name</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DAQ-01</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Multi-Sensor Data Acquisition</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DAQ-02</p></td><td class="op-uc-table--cell"><p class="op-uc-p">High-Frequency Sampling and Local Filtering</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DAQ-03</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Timestamped Sensor Data Generation</p></td></tr></tbody></table></figure>
## **4\. Functional Description**
### **4.1 F-DAQ-01: Multi-Sensor Data Acquisition**
#### **Description**
The Sensor Hub acquires environmental data from multiple heterogeneous sensors connected to dedicated hardware interfaces.
#### **Supported Sensor Types**
* Temperature
* Relative Humidity
* Carbon Dioxide (CO₂)
* Ammonia (NH₃)
* Volatile Organic Compounds (VOC)
* Particulate Matter (PM)
* Light Intensity
Each sensor:
* Is mapped to a predefined hardware slot
* Has a dedicated driver abstraction
* Can be independently enabled or disabled
#### **Key Characteristics**
* Concurrent sensor handling
* Modular sensor driver architecture
* Runtime awareness of sensor presence
### **4.2 F-DAQ-02: High-Frequency Sampling and Local Filtering**
#### **Description**
For each enabled sensor, the system performs multiple raw readings per acquisition cycle and applies a local filtering mechanism to produce a single representative value.
#### **Sampling Behavior**
* Each sensor is sampled **N times per cycle** (default: 10)
* Sampling occurs within a bounded time window
* Sampling frequency is configurable via Machine Constants
#### **Filtering Behavior**
* Filtering is executed locally on the Sensor Hub
* Filtering algorithms are abstracted and replaceable
* Examples (non-exhaustive):
* Moving average
* Median filter
* Outlier rejection
#### **Objective**
* Reduce sensor noise
* Improve data stability
* Avoid propagating raw sensor jitter upstream
### **4.3 F-DAQ-03: Timestamped Sensor Data Generation**
#### **Description**
Each processed sensor value is associated with a timestamp generated by the Sensor Hub.
#### **Timestamp Characteristics**
* Generated after filtering completion
* Represents the effective measurement time
* Based on system time (RTC or synchronized clock)
#### **Sensor Data Record**
Each record includes:
* Sensor ID
* Sensor type
* Filtered value
* Unit of measurement
* Timestamp
* Data validity status
## **5\. Operational Flow**
### **Normal Acquisition Cycle**
1. Detect enabled sensors
2. Initialize sensor drivers (if not already active)
3. Perform high-frequency sampling per sensor
4. Apply local filtering
5. Generate timestamp
6. Create sensor data record
7. Forward data to:
* Data Persistence component
* Communication component (on request)
## **6\. Constraints and Assumptions**
### **Constraints**
* Sensor acquisition must not block system-critical tasks
* Sampling and filtering must complete within a bounded cycle time
* Memory usage must be deterministic
### **Assumptions**
* Sensor presence detection is handled by a separate feature
* Time synchronization is provided by another system component
* Storage and communication are decoupled from acquisition
## **7\. Architecture Diagram (PlantUML)**
### **7.1 Sensor Hub Component Diagram**
```mermaid
graph TD
subgraph "Sensor Hub"
SD["Sensor Drivers"] --> SE["Sampling Engine"]
SE --> FE["Filtering Engine"]
FE --> TS["Timestamp Service"]
TS --> DB["Sensor Data Buffer"]
end
SD -->|"raw samples"| SE
SE -->|"sampled data"| FE
FE -->|"filtered value"| TS
TS -->|"timestamped record"| DB
```
### **7.2 Acquisition Cycle Sequence Diagram**
```mermaid
sequenceDiagram
participant S as Sensor Driver
participant SE as Sampling Engine
participant FE as Filtering Engine
participant TS as Timestamp Service
S ->> SE: read()
loop N samples
SE ->> S: sample()
end
SE ->> FE: raw sample set
FE ->> TS: filtered value
TS ->> FE: timestamp
```
## **8\. Formal System SHALL Requirements**
### **8.1 Requirement Style**
* Each requirement uses **“The system shall …”**
* Each requirement has a unique ID
* Requirements are atomic and testable
### **8.2 Requirements List**
#### **Multi-Sensor Acquisition**
* **REQ-DAQ-001**
The system shall support acquisition of data from multiple environmental sensor types simultaneously.
* **REQ-DAQ-002**
The system shall provide a dedicated software driver abstraction for each supported sensor type.
* **REQ-DAQ-003**
The system shall acquire sensor data only from sensors detected as present and enabled.
#### **High-Frequency Sampling &amp; Filtering**
* **REQ-DAQ-004**
The system shall sample each enabled sensor multiple times within a single acquisition cycle.
* **REQ-DAQ-005**
The system shall apply a local filtering mechanism to raw sensor samples to produce a single representative value.
* **REQ-DAQ-006**
The system shall allow configuration of sampling count and filtering parameters via system configuration data.
#### **Timestamped Data Generation**
* **REQ-DAQ-007**
The system shall associate each processed sensor value with a timestamp.
* **REQ-DAQ-008**
The system shall generate timestamps after completion of filtering.
* **REQ-DAQ-009**
The system shall include sensor identifier, sensor type, value, unit, timestamp, and validity status in each sensor data record.
## **9\. Feature-to-Requirement Traceability**
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature ID</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Requirement IDs</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DAQ-01</p></td><td class="op-uc-table--cell"><p class="op-uc-p">REQ-DAQ-001, REQ-DAQ-002, REQ-DAQ-003</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DAQ-02</p></td><td class="op-uc-table--cell"><p class="op-uc-p">REQ-DAQ-004, REQ-DAQ-005, REQ-DAQ-006</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DAQ-03</p></td><td class="op-uc-table--cell"><p class="op-uc-p">REQ-DAQ-007, REQ-DAQ-008, REQ-DAQ-009</p></td></tr></tbody></table></figure>

173
System Design/draft/Features_old/[DATA] Persistence & Data Management Features.md Normal file
View File

@@ -0,0 +1,173 @@
<macro class="toc op-uc-placeholder op-uc-toc">
</macro>
# Feature Engineering Specification
## Persistence &amp; Data Management Features
**Feature Group ID:** FG-DATA
**Scope:** Sensor Hub (Sub-Hub only)
**Target Platform:** ESP32-S3based Sensor Hub
**Applies To:** Indoor poultry farm sensor hubs
**Dependencies:**
* Sensor Data Acquisition (FG-DAQ)
* Data Quality &amp; Calibration (FG-DQC)
* Diagnostics &amp; Health Monitoring (FG-DIAG)
* System State Management / Teardown Mechanism
## 1\. Purpose and Objectives
The **Persistence &amp; Data Management Features** define how the Sensor Hub stores, protects, and manages critical runtime and historical data. These features ensure that:
* Sensor data and system state are not lost during resets or failures
* Data storage is abstracted from application logic
* Critical data is safely handled during firmware updates, configuration changes, or fatal faults
The persistence layer is a **foundational system service**, supporting diagnostics, calibration, OTA, and recovery operations.
## 2\. Feature Overview and Relationships
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature ID</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature Name</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Primary Objective</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Related Features</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DATA-01</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Persistent Sensor Data Storage</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Store timestamped sensor data</p></td><td class="op-uc-table--cell"><p class="op-uc-p">DAQ, COM</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DATA-02</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Data Persistence Abstraction (DP)</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Abstract storage access</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Application Layer</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DATA-03</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Safe Data Handling During State Transitions</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Protect data during teardown</p></td><td class="op-uc-table--cell"><p class="op-uc-p">OTA, System Mgmt</p></td></tr></tbody></table></figure>
## 3\. Functional Feature Descriptions
### 3.1 F-DATA-01: Persistent Sensor Data Storage
**Description**
The system shall persist timestamped sensor data to non-volatile storage to support historical analysis, diagnostics correlation, and recovery scenarios.
Persistence may include:
* Filtered sensor values
* Timestamps
* Sensor validity and status metadata
The persistence policy (frequency, retention window, overwrite behavior) is configurable and optimized for storage longevity and performance.
**Key Capabilities**
* Non-volatile storage (SD card / NVM)
* Timestamped records
* Configurable retention policy
* Integration with DAQ and COM
### 3.2 F-DATA-02: Data Persistence Abstraction (DP Component)
**Description**
The system shall provide a **Data Persistence (DP) component** that abstracts storage access for all upper layers. Application and feature modules interact with the DP component rather than directly accessing storage hardware.
The DP component manages:
* Data model definitions
* Serialization and deserialization
* Storage backend selection
* Consistency and integrity guarantees
**Key Capabilities**
* Unified persistence API
* Storage backend abstraction
* Centralized data ownership
* Reduced coupling between layers
### 3.3 F-DATA-03: Safe Data Handling During State Transitions
**Description**
The system shall ensure safe and deterministic handling of data during critical state transitions, including:
* Firmware updates (OTA)
* Machine Constants updates
* System resets
* Fatal error handling
Before entering such transitions, the system executes a controlled data finalization process to flush buffers, persist critical state, and verify data integrity.
**Key Capabilities**
* Controlled data flush
* Atomic write operations
* Data integrity checks
* Coordination with teardown mechanism
## 4\. System Requirements (Formal SHALL Statements)
### 4.1 Persistent Sensor Data Storage
**SR-DATA-001**
The system shall persist timestamped sensor data in non-volatile storage.
**SR-DATA-002**
The system shall store sensor data together with sensor identifiers, timestamps, and validity status.
**SR-DATA-003**
The system shall support configurable data retention and overwrite policies.
### 4.2 Data Persistence Abstraction (DP Component)
**SR-DATA-004**
The system shall provide a Data Persistence (DP) component as the sole interface for persistent data access.
**SR-DATA-005**
The system shall prevent application and feature modules from directly accessing storage hardware.
**SR-DATA-006**
The DP component shall support serialization and deserialization of structured system data.
### 4.3 Safe Data Handling During State Transitions
**SR-DATA-007**
The system shall ensure that all critical runtime data is flushed to non-volatile storage before entering a controlled teardown or reset.
**SR-DATA-008**
The system shall protect data integrity during firmware updates and configuration changes.
**SR-DATA-009**
The system shall verify successful data persistence before completing a state transition.
## 5\. Feature ↔ System Requirement Mapping
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature ID</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">System Requirements</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DATA-01</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-DATA-001, SR-DATA-002, SR-DATA-003</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DATA-02</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-DATA-004, SR-DATA-005, SR-DATA-006</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DATA-03</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-DATA-007, SR-DATA-008, SR-DATA-009</p></td></tr></tbody></table></figure>
## 6\. Engineering Notes
* The DP component aligns with your **DP Stack** already defined in the architecture.
* Atomic write strategies (e.g., temp file + rename) are recommended.
* Diagnostic events should be generated on persistence failures.
* Storage wear-leveling considerations apply for SD/NVM.
##

167
System Design/draft/Features_old/[DIAG] Diagnostics & Health Monitoring Features.md Normal file
View File

@@ -0,0 +1,167 @@
<macro class="toc op-uc-placeholder op-uc-toc">
</macro>
# Feature Engineering Specification
## Diagnostics &amp; Health Monitoring Features
**Feature Group ID:** FG-DIAG
**Scope:** Sensor Hub (Sub-Hub only)
**Target Platform:** ESP32-S3based Sensor Hub
**Applies To:** Indoor poultry farm sensor hubs
**Dependencies:**
* Sensor Data Acquisition (FG-DAQ)
* Data Quality &amp; Calibration (FG-DQC)
* Communication Features (FG-COM)
* Persistence / DP Stack
## 1\. Purpose and Objectives
The **Diagnostics &amp; Health Monitoring Features** provide a structured and persistent mechanism to detect, classify, record, and expose system faults, warnings, and health states.
These features ensure that:
* Failures are detectable and explainable
* Root causes are traceable
* Diagnostic data survives resets and power loss
* Engineers can access diagnostic information locally or remotely
The diagnostics subsystem is **non-intrusive**, meaning it shall not block core sensing or communication functions unless the system enters a fatal state.
## 2\. Feature Overview and Relationships
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature ID</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature Name</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Primary Objective</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Related Features</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DIAG-01</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Diagnostic Code Management</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Standardize fault and warning identification</p></td><td class="op-uc-table--cell"><p class="op-uc-p">DQC, COM</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DIAG-02</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Diagnostic Data Storage</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Persist diagnostic events</p></td><td class="op-uc-table--cell"><p class="op-uc-p">DP Stack</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DIAG-03</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Diagnostic Session</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Engineer access to diagnostics</p></td><td class="op-uc-table--cell"><p class="op-uc-p">COM, System Mgmt</p></td></tr></tbody></table></figure>
## 3\. Functional Feature Descriptions
### 3.1 F-DIAG-01: Diagnostic Code Management
**Description**
The system shall implement a structured diagnostic code framework to represent system health conditions, warnings, errors, and fatal faults.
Each diagnostic event is associated with:
* A unique diagnostic code
* Severity level (info, warning, error, fatal)
* A hierarchical root-cause classification
* Timestamp and source component
This framework enables consistent fault handling across all system components.
**Key Capabilities**
* Unique diagnostic code registry
* Severity classification
* Root-cause hierarchy
* Event-based reporting
### 3.2 F-DIAG-02: Diagnostic Data Storage
**Description**
The system shall persist diagnostic events in non-volatile storage to allow post-failure analysis and long-term health monitoring.
Stored diagnostics remain available across system resets and power cycles until explicitly cleared by an authorized diagnostic session or command.
**Key Capabilities**
* Persistent storage of diagnostic events
* Timestamped records
* Bounded storage with overwrite policy
* Integration with DP / Persistence layer
### 3.3 F-DIAG-03: Diagnostic Session
**Description**
The system shall provide a diagnostic session that allows authorized engineers or tools to access diagnostic data, inspect system health, and perform maintenance operations.
The diagnostic session may be accessed locally or remotely via the communication interface and supports read and limited control operations.
**Key Capabilities**
* Session-based access
* Read diagnostics and health data
* Clear diagnostic records
* Controlled command execution
## 4\. System Requirements (Formal SHALL Statements)
### 4.1 Diagnostic Code Management
**SR-DIAG-001**
The system shall implement a diagnostic code framework for reporting system health, warnings, errors, and fatal faults.
**SR-DIAG-002**
The system shall assign a unique diagnostic code to each detected fault or abnormal condition.
**SR-DIAG-003**
The system shall classify diagnostic codes by severity level.
**SR-DIAG-004**
The system shall associate each diagnostic event with a timestamp and source component.
### 4.2 Diagnostic Data Storage
**SR-DIAG-005**
The system shall persist diagnostic events in non-volatile storage.
**SR-DIAG-006**
The system shall retain diagnostic data across system resets and power cycles.
**SR-DIAG-007**
The system shall implement a bounded diagnostic storage mechanism with a defined overwrite or rollover policy.
### 4.3 Diagnostic Session
**SR-DIAG-008**
The system shall provide a diagnostic session interface for accessing diagnostic data.
**SR-DIAG-009**
The system shall allow authorized diagnostic sessions to retrieve stored diagnostic events.
**SR-DIAG-010**
The system shall allow authorized diagnostic sessions to clear diagnostic records.
**SR-DIAG-011**
The system shall ensure that diagnostic sessions do not interfere with normal sensor acquisition or communication operations.
## 5\. Feature ↔ System Requirement Mapping
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature ID</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">System Requirements</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DIAG-01</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-DIAG-001, SR-DIAG-002, SR-DIAG-003, SR-DIAG-004</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DIAG-02</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-DIAG-005, SR-DIAG-006, SR-DIAG-007</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DIAG-03</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-DIAG-008, SR-DIAG-009, SR-DIAG-010, SR-DIAG-011</p></td></tr></tbody></table></figure>
## 6\. Engineering Notes
* Diagnostic codes should be versioned to support firmware evolution.
* Diagnostic severity may be linked to LED indicators (green/yellow/red).
* Fatal diagnostics may trigger the teardown mechanism defined elsewhere.
* Security and access control for diagnostic sessions are handled under **Security &amp; Safety Features**.
##

180
System Design/draft/Features_old/[DQC] Data Quality & Calibration Features.md Normal file
View File

@@ -0,0 +1,180 @@
<macro class="toc op-uc-placeholder op-uc-toc">
</macro>
# Feature Engineering Specification
## Data Quality &amp; Calibration Features
**Feature Group ID:** FG-DQC
**Scope:** Sensor Hub (Sub-Hub only)
**Target Platform:** ESP32-S3based Sensor Hub
**Applies To:** Indoor poultry farm sensor hubs
**Dependencies:** Sensor Data Acquisition Features (FG-DAQ), Diagnostics Features (FG-DIAG), Persistence / DP Stack
## 1\. Purpose and Objectives
The **Data Quality &amp; Calibration Features** ensure that all sensor data generated by the Sensor Hub is **valid, trustworthy, correctly classified, and calibrated** throughout the system lifecycle. These features provide mechanisms for:
* Automatic identification of connected sensors
* Enforcing correct sensorslot compatibility
* Early detection and isolation of faulty sensors
* Centralized management of machine constants and calibration parameters
The goal is to maintain **high data integrity**, reduce commissioning errors, support **remote reconfiguration**, and ensure safe operation during updates or failures.
<br>
<macro class="embedded-table op-uc-placeholder op-uc-embedded-table" data-query-props="{&quot;columns[]&quot;:[&quot;id&quot;,&quot;subject&quot;,&quot;type&quot;,&quot;status&quot;,&quot;assignee&quot;,&quot;priority&quot;],&quot;showSums&quot;:false,&quot;timelineVisible&quot;:false,&quot;highlightingMode&quot;:&quot;none&quot;,&quot;includeSubprojects&quot;:true,&quot;showHierarchies&quot;:true,&quot;groupBy&quot;:&quot;&quot;,&quot;filters&quot;:&quot;[{\&quot;search\&quot;:{\&quot;operator\&quot;:\&quot;**\&quot;,\&quot;values\&quot;:[\&quot;DQC\&quot;]}}]&quot;,&quot;sortBy&quot;:&quot;[[\&quot;id\&quot;,\&quot;asc\&quot;]]&quot;,&quot;timestamps&quot;:&quot;PT0S&quot;}">
</macro>
## 2\. Feature Overview and Relationships
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature ID</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature Name</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Primary Objective</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Related Features</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DQC-01</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Automatic Sensor Detection</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Detect connected sensors dynamically</p></td><td class="op-uc-table--cell"><p class="op-uc-p">F-DAQ-01, F-DIAG-01</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DQC-02</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Sensor Type Enforcement</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Prevent incorrect sensor-slot usage</p></td><td class="op-uc-table--cell"><p class="op-uc-p">F-DQC-01</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DQC-03</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Sensor Failure Detection</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Identify and isolate faulty sensors</p></td><td class="op-uc-table--cell"><p class="op-uc-p">F-DIAG-02</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DQC-04</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Machine Constants &amp; Calibration Management</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Manage static configuration and calibration</p></td><td class="op-uc-table--cell"><p class="op-uc-p">OTA, Persistence, Teardown</p></td></tr></tbody></table></figure>
## 3\. Functional Feature Descriptions
### 3.1 F-DQC-01: Automatic Sensor Detection
**Description**
The Sensor Hub shall automatically detect which sensors are physically connected at runtime. Each sensor slot provides a dedicated detection mechanism (e.g., GPIO presence pin or ID signal) that allows the system to determine whether a sensor is installed.
Detected sensors are dynamically initialized and incorporated into the data acquisition workflow without requiring firmware changes.
**Key Capabilities**
* Hardware-based presence detection
* Runtime sensor enumeration
* Dynamic initialization during boot or reconfiguration
* Integration with diagnostics and data acquisition
### 3.2 F-DQC-02: Sensor Type Enforcement
**Description**
Each physical sensor slot on the Sensor Hub is dedicated to a specific sensor type. The system enforces sensor-slot compatibility to prevent incorrect sensor insertion (e.g., humidity sensor in temperature slot).
This enforcement is achieved via electrical identification, pin mapping, or firmware configuration defined in Machine Constants.
**Key Capabilities**
* Fixed sensor-to-slot mapping
* Sensor identity verification
* Rejection of invalid sensor configurations
* Diagnostic reporting of configuration violations
### 3.3 F-DQC-03: Sensor Failure Detection
**Description**
The Sensor Hub continuously monitors sensor behavior to detect failures such as disconnection, out-of-range values, non-responsive sensors, or abnormal signal patterns.
Detected sensor failures are classified, logged, timestamped, and reported to the Main Hub. Failed sensors are excluded from control and analytics workflows to prevent propagation of invalid data.
**Key Capabilities**
* Runtime health monitoring
* Failure classification
* Fault isolation
* Diagnostic event generation
### 3.4 F-DQC-04: Machine Constants &amp; Calibration Management
**Description**
The system maintains a **Machine Constants (MC)** dataset that defines static and semi-static configuration parameters for the Sensor Hub, including:
* Installed sensor types and slots
* Communication identifiers and addressing
* Calibration coefficients and offsets
* Sensor-specific limits and scaling
Machine Constants are persisted in non-volatile storage (SD card) and loaded during system initialization. Updates may be received from the Main Hub and applied via a controlled teardown and reinitialization process.
**Key Capabilities**
* Persistent configuration storage
* Runtime loading and validation
* Remote update support
* Controlled reinitialization sequence
## 4\. System Requirements (Formal SHALL Statements)
### 4.1 Automatic Sensor Detection
**SR-DQC-001**
The system shall detect the presence of each sensor using a dedicated hardware detection mechanism.
**SR-DQC-002**
The system shall perform sensor presence detection during system startup and after any reinitialization event.
**SR-DQC-003**
The system shall initialize only those sensors that are detected as present.
### 4.2 Sensor Type Enforcement
**SR-DQC-004**
The system shall assign each sensor slot to a predefined sensor type.
**SR-DQC-005**
The system shall verify that the detected sensor matches the expected sensor type for the slot.
**SR-DQC-006**
The system shall reject and report any sensor-slot mismatch as a diagnostic event.
### 4.3 Sensor Failure Detection
**SR-DQC-007**
The system shall continuously monitor sensor responsiveness and signal validity during operation.
**SR-DQC-008**
The system shall detect sensor failures including disconnection, non-responsiveness, and invalid measurement ranges.
**SR-DQC-009**
The system shall mark a failed sensor as defective and exclude it from data reporting.
**SR-DQC-010**
The system shall report detected sensor failures to the Main Hub with timestamps and failure classification.
### 4.4 Machine Constants &amp; Calibration Management
**SR-DQC-011**
The system shall maintain a Machine Constants dataset defining sensor configuration, calibration parameters, and communication identifiers.
**SR-DQC-012**
The system shall persist the Machine Constants dataset in non-volatile storage.
**SR-DQC-013**
The system shall load and apply Machine Constants during system initialization.
**SR-DQC-014**
The system shall support remote updates of the Machine Constants dataset initiated by the Main Hub.
**SR-DQC-015**
The system shall apply updated Machine Constants only after executing a controlled teardown and reinitialization sequence.
## 5\. Traceability Summary
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature ID</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">System Requirements</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DQC-01</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-DQC-001 → SR-DQC-003</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DQC-02</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-DQC-004 → SR-DQC-006</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DQC-03</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-DQC-007 → SR-DQC-010</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-DQC-04</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-DQC-011 → SR-DQC-015</p></td></tr></tbody></table></figure>
##

185
System Design/draft/Features_old/[OTA] Firmware Update (OTA) Features.md Normal file
View File

@@ -0,0 +1,185 @@
<macro class="toc op-uc-placeholder op-uc-toc">
</macro>
# 8\. Firmware Update (OTA) Features
## 8.1 Feature Overview
The **Firmware Update (OTA) Features** enable the Sensor Hub (Sub-Hub) to safely receive, validate, and activate new firmware images provided by the Main Hub.
These features ensure **controlled firmware lifecycle management**, **data integrity**, **system availability**, and **fault containment** during firmware update operations.
The OTA process is designed to:
* Prevent unauthorized or corrupted firmware installation
* Preserve critical system data and calibration information
* Ensure recoverability in case of update failure
* Minimize operational disruption
This feature set applies **only to the Sensor Hub (ESP32-S3 based)** and does not include cloud-side or Main Hub OTA logic.
## 8.2 Scope and Assumptions
### In Scope
* OTA negotiation and readiness handshake with Main Hub
* Firmware image reception over secure communication
* Temporary firmware storage on SD card
* Firmware integrity verification (e.g., CRC, hash)
* Controlled firmware activation and reboot
### Out of Scope
* Firmware generation and signing
* Cloud-side firmware distribution
* Rollback policy definition (may be extended later)
## 8.3 Sub-Features
### 8.3.1 F-OTA-01: OTA Update Negotiation
**Description**
This sub-feature governs the initial negotiation phase between the Sensor Hub and the Main Hub prior to any firmware transfer.
The Sensor Hub validates its current operational state and explicitly signals readiness before accepting an OTA update.
**Responsibilities**
* Receive OTA availability notification
* Validate system readiness (power, storage, state)
* Acknowledge or reject OTA request
* Transition system into OTA-preparation mode
### 8.3.2 F-OTA-02: Firmware Reception and Storage
**Description**
This sub-feature handles the controlled reception of the firmware image from the Main Hub and its storage in non-volatile memory (SD card) without overwriting the currently running firmware.
**Responsibilities**
* Receive firmware in chunks
* Store firmware image on SD card
* Monitor transfer completeness
* Prevent execution during download
### 8.3.3 F-OTA-03: Firmware Integrity Validation
**Description**
This sub-feature validates the integrity and correctness of the received firmware image prior to activation, ensuring that corrupted or incomplete firmware is never flashed.
**Responsibilities**
* Perform integrity checks (CRC, checksum, hash)
* Validate firmware size and metadata
* Reject invalid firmware images
* Report validation status to Main Hub
### 8.3.4 F-OTA-04: Safe Firmware Activation
**Description**
This sub-feature manages the safe transition from the current firmware to the new firmware, ensuring all critical data is preserved and the system is left in a known safe state.
**Responsibilities**
* Trigger teardown procedure
* Persist runtime and calibration data
* Flash validated firmware image
* Reboot system into updated firmware
## 8.4 System Requirements (Formal SHALL Statements)
### OTA Negotiation Requirements
* **SR-OTA-001**: The system shall support OTA update negotiation initiated by the Main Hub.
* **SR-OTA-002**: The system shall verify internal readiness before accepting an OTA update request.
* **SR-OTA-003**: The system shall explicitly acknowledge or reject OTA requests.
### Firmware Reception &amp; Storage Requirements
* **SR-OTA-004**: The system shall receive firmware images over the established communication channel.
* **SR-OTA-005**: The system shall store received firmware images in non-volatile storage prior to validation.
* **SR-OTA-006**: The system shall prevent overwriting the active firmware during firmware reception.
### Firmware Integrity Requirements
* **SR-OTA-007**: The system shall validate the integrity of the received firmware image before activation.
* **SR-OTA-008**: The system shall reject firmware images that fail integrity validation.
* **SR-OTA-009**: The system shall report firmware validation results to the Main Hub.
### Safe Activation Requirements
* **SR-OTA-010**: The system shall execute a controlled teardown before firmware activation.
* **SR-OTA-011**: The system shall persist critical runtime data prior to firmware flashing.
* **SR-OTA-012**: The system shall activate new firmware only after successful validation.
* **SR-OTA-013**: The system shall reboot into the new firmware following successful activation.
## 8.5 Feature-to-Requirement Traceability
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature ID</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Related System Requirements</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-OTA-01</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-OTA-001, SR-OTA-002, SR-OTA-003</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-OTA-02</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-OTA-004, SR-OTA-005, SR-OTA-006</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-OTA-03</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-OTA-007, SR-OTA-008, SR-OTA-009</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-OTA-04</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-OTA-010, SR-OTA-011, SR-OTA-012, SR-OTA-013</p></td></tr></tbody></table></figure>
## 8.6 Architectural Considerations (Informative)
* OTA logic shall be implemented as a **dedicated OTA Manager component**
* Firmware storage shall be accessed via the **DP (Data Persistence) component**
* OTA state transitions shall interact with:
* Diagnostics subsystem
* Machine Constants management
* Teardown mechanism
* OTA execution shall not block critical system diagnostics reporting
## 8.7 Related Features
* **Persistence &amp; Data Management Features (F-DATA-03)**
* **Diagnostics &amp; Health Monitoring Features**
* **Security &amp; Safety Features (Secure Boot, Secure Flash)**
###

228
System Design/draft/Features_old/[SEC] Security & Safety Features.md Normal file
View File

@@ -0,0 +1,228 @@
<macro class="toc op-uc-placeholder op-uc-toc">
</macro>
#
Security &amp; Safety Features
## Sensor Hub (Sub-Hub) Scope Only
## 1 Feature Overview
The **Security &amp; Safety Features** ensure that the Sensor Hub operates only with trusted firmware, protects sensitive data at rest, and guarantees confidentiality and integrity of all communications. These features are foundational and cross-cutting, supporting all other functional features (DAQ, DQC, COM, DIAG, DATA, OTA).
This feature set is designed to:
* Prevent execution of unauthorized or malicious firmware
* Protect firmware, configuration, and machine constants stored in memory
* Secure all communications with cryptographic mechanisms
* Provide deterministic and auditable behavior in case of security violations
## 2 Scope and Assumptions
**In Scope**
* Sensor Hub (ESP32-S3based)
* Boot process security
* Flash and external storage protection
* Communication security with Main Hub and peer Sensor Hubs
**Out of Scope**
* Cloud server security policies
* User identity management
* Physical tamper detection hardware (optional future feature)
## 3 Sub-Feature Breakdown
### 3.1 F-SEC-01: Secure Boot
#### Description
Secure Boot ensures that only authenticated and authorized firmware images are executed on the Sensor Hub. During system startup, the bootloader verifies the cryptographic signature of the firmware image before handing over execution.
If verification fails, the system enters a defined **security fault state** and prevents normal operation.
#### Responsibilities
* Firmware authenticity verification
* Root-of-trust enforcement
* Prevention of downgrade or rollback attacks (if enabled)
#### Constraints
* Must complete before any application code execution
* Must be enforced on every boot (cold or warm)
### 3.2 F-SEC-02: Secure Flash Storage
#### Description
Secure Flash Storage protects sensitive data stored in internal flash and external storage (e.g., SD card) from unauthorized access or modification.
Sensitive data includes:
* Firmware images
* Machine constants
* Calibration data
* Cryptographic material
* Persistent diagnostics and logs
#### Responsibilities
* Encrypted storage of sensitive regions
* Access control enforcement
* Prevention of unauthorized read/write operations
#### Constraints
* Encryption must not compromise system boot reliability
* Storage access must be mediated through controlled software components (e.g., DP component)
### 3.3 F-SEC-03: Encrypted Communication
#### Description
Encrypted Communication ensures that all data exchanged between the Sensor Hub and other entities (Main Hub, peer Sensor Hubs) is protected against eavesdropping, tampering, and impersonation.
This includes:
* Sensor data transmission
* Diagnostics reporting
* OTA negotiation and data transfer
* Configuration and machine constant updates
#### Responsibilities
* Confidentiality of transmitted data
* Integrity and authenticity verification
* Secure session establishment
#### Constraints
* Must be compatible with ESP32-S3 cryptographic capabilities
* Must support reconnection and key renewal mechanisms
## 4 Functional Flow Overview
### Secure Boot Flow (Simplified)
```text
Power On
ROM Bootloader
Verify Firmware Signature
[Valid] → Jump to Application
[Invalid] → Enter Security Fault State
```
### Secure Communication Flow (Simplified)
```text
Session Request
Mutual Authentication
Key Exchange
Encrypted Data Exchange
```
## 5 System SHALL Requirements (Formal)
### Secure Boot Requirements
* **SR-SEC-001**: The system shall verify the authenticity of the firmware image before execution during every boot cycle.
* **SR-SEC-002**: The system shall prevent execution of firmware images that fail cryptographic verification.
* **SR-SEC-003**: The system shall enter a defined security fault state upon secure boot failure.
* **SR-SEC-004**: The system shall protect the root-of-trust against modification.
### Secure Flash Storage Requirements
* **SR-SEC-005**: The system shall protect sensitive data stored in internal flash memory from unauthorized access.
* **SR-SEC-006**: The system shall support encryption of sensitive data stored in external storage.
* **SR-SEC-007**: The system shall restrict access to cryptographic keys to authorized system components only.
* **SR-SEC-008**: The system shall ensure data integrity for stored configuration and machine constant files.
### Encrypted Communication Requirements
* **SR-SEC-009**: The system shall encrypt all communication with the Main Hub.
* **SR-SEC-010**: The system shall ensure integrity and authenticity of all received and transmitted messages.
* **SR-SEC-011**: The system shall use secure communication channels for OTA firmware updates.
* **SR-SEC-012**: The system shall detect and report communication security violations.
## 6 Traceability Matrix (Feature → System Requirements)
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature ID</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Related System Requirements</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-SEC-01</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-SEC-001, SR-SEC-002, SR-SEC-003, SR-SEC-004</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-SEC-02</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-SEC-005, SR-SEC-006, SR-SEC-007, SR-SEC-008</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-SEC-03</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-SEC-009, SR-SEC-010, SR-SEC-011, SR-SEC-012</p></td></tr></tbody></table></figure>
## 7 Design &amp; Implementation Notes (Non-Normative)
* ESP32-S3 secure boot and flash encryption features should be leveraged where possible.
* Key provisioning should occur during manufacturing or secure onboarding.
* Security failures should integrate with the Diagnostics &amp; Health Monitoring feature set.
* Security features must be active before any sensor data acquisition or communication begins.
## 8 Dependencies
* **OTA Features** (for secure firmware updates)
* **Communication Features** (transport layer)
* **Diagnostics Features** (security fault reporting)
* **Persistence &amp; DP Component** (secure storage abstraction)
###

314
System Design/draft/Features_old/[SYS] System Management Features.md Normal file
View File

@@ -0,0 +1,314 @@
<macro class="toc op-uc-placeholder op-uc-toc">
</macro>
#
System Management Features
## Sensor Hub (Sub-Hub) Scope
## 1 Feature Overview
The **System Management Features** provide deterministic control over the Sensor Hubs operational lifecycle, runtime state visibility, controlled shutdown behavior, and engineering interaction capabilities.
This feature group is responsible for:
* Managing system operational states and transitions
* Ensuring safe teardown during updates or failures
* Providing local humanmachine interaction via OLED display and buttons
* Supporting engineering/debug sessions for diagnostics and maintenance
These features act as the **supervisory layer** governing all other functional domains (DAQ, DQC, COM, DIAG, DATA, OTA, SEC).
## 2 Scope and Assumptions
**In Scope**
* ESP32-S3 Sensor Hub
* OLED-based local UI (I2C)
* Physical input buttons
* Controlled state transitions and teardown
* Debug and engineering access
**Out of Scope**
* Main Hub UI
* Cloud dashboards
* User authentication / role management
## 3 Sub-Feature Breakdown
### 3.1 F-SYS-01: System State Management
#### Description
System State Management defines and controls the operational states of the Sensor Hub and governs all valid transitions between them.
The system operates as a **finite state machine (FSM)** with deterministic behavior.
#### Typical System States
* **INIT** Hardware and software initialization
* **RUNNING** Normal sensor acquisition and communication
* **WARNING** Non-fatal fault detected, degraded operation
* **FAULT** Fatal error, core functionality disabled
* **OTA\_UPDATE** Firmware update in progress
* **MC\_UPDATE** Machine constants update in progress
* **TEARDOWN** Controlled shutdown sequence
* **IDLE / SERVICE** Engineering or diagnostic interaction
#### Responsibilities
* Enforce valid state transitions
* Notify dependent components of state changes
* Prevent unsafe operations during restricted states
### 3.2 F-SYS-02: Controlled Teardown Mechanism
#### Description
The Controlled Teardown Mechanism ensures that the Sensor Hub transitions safely from an active state into reset, update, or shutdown without data loss or corruption.
Teardown is triggered by:
* Firmware update
* Machine constant update
* Fatal system fault
* Manual engineering command
#### Teardown Sequence (Mandatory)
1. Stop sensor acquisition tasks
2. Flush pending data via DP component
3. Persist calibration, diagnostics, and runtime state
4. Close communication sessions
5. Release hardware resources
6. Enter target state (reset, OTA, idle)
#### Responsibilities
* Guarantee data consistency
* Ensure deterministic shutdown behavior
* Prevent flash or SD corruption
### 3.3 F-SYS-03: Status Indication (OLED-Based HMI)
#### Description
The Sensor Hub provides local system visibility using an **OLED display connected via I2C**, replacing LED indicators.
The display, together with **three physical buttons (Up / Down / Select)**, forms a minimal local HumanMachine Interface (HMI).
#### Default Information Displayed (Main Screen)
1. **Connectivity status**
* Connected / Disconnected
* Signal strength (RSSI) if available
2. **System status**
* Current system state (RUNNING, WARNING, FAULT, OTA, etc.)
3. **Connected sensors**
* Count and/or summary status
4. **Time and date**
* Synchronized system time
#### Menu Navigation Behavior
* **Select button**
* From main screen → opens menu
* From submenu → returns to main screen
* **Up / Down buttons**
* Navigate menu entries
* Scroll within pages if applicable
#### Menu Structure
**Main Menu**
* **Diagnostics**
* Lists active and stored diagnostic codes
* Displays occurrence count per diagnostic
* **Sensors**
* Lists all detected sensors
* Displays sensor type and configuration status
* **Health**
* Displays SD card usage
* Displays overall system health indicators
#### Responsibilities
* Provide real-time system visibility
* Support local inspection without external tools
* Reflect system state and diagnostics accurately
### 3.4 F-SYS-04: Debug &amp; Engineering Sessions
#### Description
Debug &amp; Engineering Sessions allow authorized engineers to interact with the Sensor Hub for diagnostics, inspection, and controlled operations.
Sessions may be established via:
* Wired interface (e.g., USB/UART)
* Secure communication channel (logical session)
#### Supported Capabilities
* Retrieve diagnostic logs
* Read machine constant files
* Inspect system state and health
* Trigger controlled actions (e.g., reboot, teardown)
* Monitor runtime logs
#### Session Types
* **Diagnostic Session** Read-only access for inspection
* **Debug Session** Command execution and deeper inspection
## 4 Functional Interaction Overview
### System State &amp; Teardown Relationship
```text
RUNNING
↓ (Update / Fault)
TEARDOWN
OTA_UPDATE / MC_UPDATE / RESET
```
### Local HMI Interaction
```text
OLED Display ← System State Manager
Buttons → UI Controller → State/Menu Logic
```
## 5 System SHALL Requirements (Formal)
### System State Management
* **SR-SYS-001**: The system shall implement a defined finite state machine for operational control.
* **SR-SYS-002**: The system shall restrict operations based on the current system state.
* **SR-SYS-003**: The system shall notify system components of state transitions.
### Controlled Teardown
* **SR-SYS-004**: The system shall execute a controlled teardown sequence before firmware or machine constant updates.
* **SR-SYS-005**: The system shall persist all critical runtime data before completing teardown.
* **SR-SYS-006**: The system shall prevent data corruption during teardown and reset operations.
### Status Indication &amp; HMI
* **SR-SYS-007**: The system shall provide a local OLED display using I2C communication.
* **SR-SYS-008**: The system shall display connectivity status, system state, sensor summary, and time/date.
* **SR-SYS-009**: The system shall provide menu navigation using Up, Down, and Select buttons.
* **SR-SYS-010**: The system shall provide diagnostic, sensor, and health information via the local menu.
### Debug &amp; Engineering Sessions
* **SR-SYS-011**: The system shall support diagnostic sessions for retrieving logs and system status.
* **SR-SYS-012**: The system shall support debug sessions for controlled engineering operations.
* **SR-SYS-013**: The system shall restrict debug actions to authorized sessions only.
## 6 Traceability Matrix
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Feature ID</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">System Requirements</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-SYS-01</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-SYS-001, SR-SYS-002, SR-SYS-003</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-SYS-02</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-SYS-004, SR-SYS-005, SR-SYS-006</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-SYS-03</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-SYS-007, SR-SYS-008, SR-SYS-009, SR-SYS-010</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">F-SYS-04</p></td><td class="op-uc-table--cell"><p class="op-uc-p">SR-SYS-011, SR-SYS-012, SR-SYS-013</p></td></tr></tbody></table></figure>
## 7 Dependencies
* Diagnostics &amp; Health Monitoring Features
* Persistence &amp; DP Component
* Communication Features
* Security &amp; Safety Features
* OTA Features
##