Skip to content

fix: debounce grid sensor dropouts and make the failsafe direction configurable#4

Open
bvweerd wants to merge 1 commit into
devfrom
fix/grid-failsafe-handling
Open

fix: debounce grid sensor dropouts and make the failsafe direction configurable#4
bvweerd wants to merge 1 commit into
devfrom
fix/grid-failsafe-handling

Conversation

@bvweerd

@bvweerd bvweerd commented Jun 11, 2026

Copy link
Copy Markdown
Owner

Problem

  1. A single 5 s grid-sensor dropout (an MQTT broker restart, a P1 reader hiccup) immediately reset the PID and slammed all PV limits to maximum. One bad poll caused a full export spike and lost controller state.
  2. The failsafe direction was hardcoded to "PV to max". For installations with a zero-export requirement from the grid operator, failing open is exactly the wrong direction — the failsafe itself violates the export limit.
  3. After an outage the EWM filter resumed from its stale pre-outage value, biasing the first cycles after recovery.

Fix

  • Dropout debounce: up to 3 consecutive unavailable grid reads (GRID_UNAVAILABLE_TOLERANCE_CYCLES) hold the current actuator state with the integrator frozen. The failsafe and the repair issue only engage when the outage persists; a successful read resets the counter.
  • Configurable failsafe behaviour (new option in setup + options flow, EN/NL translations included):
    • maximize (default, unchanged behaviour) — PV to full output, for self-consumption setups.
    • curtail — PV to minimum, for zero-export installations.
      The mode applies both to grid-sensor outages and to the controller being disabled via the enable switch.
  • EWM reset on outage: the filter re-seeds from the first fresh reading after recovery.

Tests

tests/test_grid_failsafe.py: hold-then-failsafe sequencing, counter reset on recovery, curtail mode on outage, curtail mode on disable, and filter re-seeding. Full suite: 131 passed.

https://claude.ai/code/session_01RUWpwxbGsgR3PoLHLq4Djz

Generated by Claude Code

@bvweerd
fix: debounce grid sensor dropouts and make the failsafe direction co…
2a89548 
…nfigurable

A single 5 s sensor dropout (e.g. an MQTT reconnect) immediately reset
the PID and slammed all PV limits to maximum. For zero-export
installations, failing to maximum is exactly the wrong direction.

- Hold the current actuator state (integrator frozen) for up to 3
  consecutive unavailable grid reads before entering failsafe; the
  repair issue is only raised when failsafe actually engages.
- New "Failsafe behaviour" option: maximize (default, unchanged
  behaviour, for self-consumption setups) or curtail (PV to minimum,
  for zero-export requirements). Applies both to grid-sensor outages
  and to the controller being disabled.
- Reset the EWM filter on a full outage so the first cycles after
  recovery are not biased by stale pre-outage state.

https://claude.ai/code/session_01RUWpwxbGsgR3PoLHLq4Djz
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bvweerd