feat(iace): FMEA P1 — open methodology anchors + bp_iace_fmea_kb

P1 of the auto-FMEA build plan: establish the public-domain methodology foundation (no AIAG-VDA/SAE/IEC tables reproduced). - fmea_data_sources.go: MIL-STD-882E severity (Cat I-IV→1-10) + probability (A-F→1-10 with per-hour λ bands), OccurrenceFromRate(λp·α), SeverityForCategory, MIL-STD-1629A CriticalityCm = λp·α·β·t. Own 1-10 projection, government-anchored. - 4 versioned source docs (MIL-STD-1629A, MIL-STD-882E, NASA RCM, FMD-91/NPRD-91) ingested into the new RAG collection bp_iace_fmea_kb (whitelisted). - Tests for all scales/mappings/criticality (green). Next (P1 step 2): fetch FMD-91/NPRD-91 bulk λ/α tables from DTIC. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-12 22:59:01 +02:00
parent 7c0126f2ef
commit de140e564e
7 changed files with 352 additions and 0 deletions
@@ -0,0 +1,39 @@
+# Failure-mode taxonomy & reliability data — FMD-91 / NPRD-91 (public domain)
+
+Open component→failure-mode taxonomy and failure-rate (λ) / mode-ratio (α)
+anchor for the IACE auto-FMEA. Ingested into `bp_iace_fmea_kb`. The bulk numeric
+tables are fetched from the DTIC PDFs in a follow-up P1 step; this doc fixes the
+sources + the per-component mode lists used to seed the gated library (P2).
+
+## Sources
+- **FMD-91** (RAC/DTIC) — *Failure Mode / Mechanism Distributions* — modes +
+  mechanisms with **% distribution (α)** per part class. **Public domain**
+  ("Approved for Public Release; Distribution Unlimited"). DTIC ADA259655.
+- **NPRD-91 / NPRD-95** (RAC/DTIC) — *Nonelectronic Parts Reliability Data* —
+  field **failure rates λ** for mechanical / electromechanical parts. **Public
+  domain.** DTIC ADA242083.
+- **MIL-HDBK-217F** (US DoD) — electronic-part failure-rate models λ. Public
+  domain (obsolete 1995 but legally free).
+- **Attribution:** `Source: FMD-91 / NPRD-91 (RAC, DTIC), public domain`
+- **AVOID:** Quanterion NPRD-2023 / FMD-2016 / EPRD-2024 (proprietary reissues),
+  OREDA (commercial), FIDES tables (© DGA — read-only), ISO 14224 (copyrighted).
+
+## Failure modes by component class (open — FMD-91 + CC-BY-SA Wikipedia)
+| Component class | Typical failure modes |
+|---|---|
+| Bearings | fatigue spalling/pitting, wear, brinelling, seizure, contamination |
+| Gears | pitting, scuffing/scoring, tooth-fatigue fracture, wear |
+| Shafts / fasteners / springs | fatigue fracture, fretting, loosening, set/relaxation |
+| Seals / hoses / cylinders | leakage (external/internal), extrusion, hardening, rupture |
+| Valves / pumps | stuck-open, stuck-closed, leakage, fail-to-open/close, degraded flow |
+| Motors / contactors | winding short, open circuit, insulation breakdown, contact weld/stick |
+| Sensors / cabling | drift/bias, loss of signal, intermittent, open/short |
+
+FMD-91 additionally gives the **% weighting (α)** of each mode per class — that
+is the mode-ratio in `Cm = λp·α·β·t` and lets the engine RANK modes rather than
+enumerate them flatly.
+
+## How used in IACE
+- Taxonomy → seeds/expands the gated failure-mode library (P2).
+- λ (NPRD/217) × α (FMD-91) → mode rate → `OccurrenceFromRate` → 1–10 occurrence.
+- Each `source`/`license` tagged; allowlist rejects copyrighted/proprietary data.
@@ -0,0 +1,39 @@
+# FMECA methodology — MIL-STD-1629A (US public domain)
+
+Canonical, citable methodology source for the IACE auto-FMEA. Ingested into the
+core RAG collection `bp_iace_fmea_kb`.
+
+## Source
+- **Source:** US DoD — MIL-STD-1629A, *Procedures for Performing a Failure Mode, Effects and Criticality Analysis* (cancelled 1998, still the de-facto FMECA reference)
+- **License:** US Government work — **public domain** (17 U.S.C. §105)
+- **Attribution:** `Source: MIL-STD-1629A (US DoD), public domain`
+- **Retrieved:** 2026-06 · **Ref:** everyspec / Wikipedia FMECA
+
+## Procedure (qualitative + quantitative)
+1. Define the system, indenture levels and ground rules.
+2. For each item/function: list **failure modes** → **causes** → **local / next-higher / end effects**.
+3. Assign a **severity category** (I–IV, below).
+4. **Quantitative path (when failure-rate data exists):** compute the **modal
+   criticality** `Cm = λp · α · β · t` — λp part failure rate, α failure-mode
+   ratio (fraction of part failures in this mode), β conditional probability the
+   mode causes the analysed effect, t operating time. Item criticality `Cr = Σ Cm`.
+5. **Qualitative path (Task 101, no λ data):** assign probability-of-occurrence
+   levels A–E (Frequent → Extremely unlikely) instead of Cm.
+6. Plot items on a **severity × criticality matrix** — the open analogue of an
+   action-priority ranking (no copyrighted S×O×D RPN table needed).
+
+## Severity categories (MIL-STD-1629A / MIL-STD-882 lineage)
+| Cat | Name | Meaning |
+|---|---|---|
+| I | Catastrophic | May cause death or system loss |
+| II | Critical | Severe injury / major damage |
+| III | Marginal | Minor injury / minor damage |
+| IV | Minor (Negligible) | No injury; unscheduled maintenance/repair |
+
+## How used in IACE
+- The **Cm formula** and the **severity × criticality matrix** are the public-domain
+  criticality backbone (`CriticalityCm` in fmea_data_sources.go).
+- λp/α come from NPRD-91 / FMD-91 (public domain); β and t from the project context.
+- Severity resolves through the linked EN ISO 12100 hazard (safety-FMEA bridge).
+
+No AIAG-VDA / SAE J1739 / IEC 60812 content is reproduced.
@@ -0,0 +1,41 @@
+# Severity & probability scales — MIL-STD-882E (US public domain)
+
+Open S/O anchor for the IACE auto-FMEA. The 1–10 projection used in code is
+BreakPilot's own; these public-domain categories provide the defensible anchor
+(no copyrighted AIAG-VDA/SAE 1–10 table is used). Ingested into `bp_iace_fmea_kb`.
+
+## Source
+- **Source:** US DoD — MIL-STD-882E, *System Safety* (Distribution Statement A, approved for public release)
+- **License:** US Government work — **public domain**
+- **Attribution:** `Source: MIL-STD-882E (US DoD), public domain`
+- **Retrieved:** 2026-06 · **Ref:** DLA QuickSearch (ident 36027)
+
+## Table I — Severity (→ our 1–10 S)
+| Cat | Severity | Threshold | our S |
+|---|---|---|---|
+| I | Catastrophic | Death, permanent total disability, irreversible severe environmental damage | 10 |
+| II | Critical | Permanent partial disability; hospitalisation of multiple persons | 7 |
+| III | Marginal | Injury/illness with lost work day(s) | 4 |
+| IV | Negligible | Minor injury, no lost work day | 2 |
+
+## Table II — Probability (individual item) (→ our 1–10 O)
+| Lvl | Name | Qualitative | rate band (/h, our calibration) | our O |
+|---|---|---|---|---|
+| A | Frequent | likely to occur often | ≥ 1e-1 | 10 |
+| B | Probable | will occur several times | 1e-2 … 1e-1 | 8 |
+| C | Occasional | likely to occur sometime | 1e-3 … 1e-2 | 6 |
+| D | Remote | unlikely but possible | 1e-6 … 1e-3 | 4 |
+| E | Improbable | so unlikely ~ may not occur | < 1e-6 | 2 |
+| F | Eliminated | incapable of occurrence | 0 | 1 |
+
+## Detection (no government scale)
+Detection is an AIAG/SAE concept with no public-domain table. IACE defines its
+OWN 1–10 detection scale grounded on the generic **diagnostic-coverage** concept
+(1 = built-in diagnostic always catches it … 10 = latent, no detection). The
+IEC-61508/13849 DC tables are copyrighted and are NOT reproduced — only the
+concept (in our own words) is used.
+
+## How used in IACE
+`MILStd882Severity` / `MILStd882Probability` / `OccurrenceFromRate` /
+`SeverityForCategory` in fmea_data_sources.go implement these bands. Severity is
+preferably resolved through the linked ISO 12100 hazard; occurrence from λp·α.
@@ -0,0 +1,40 @@
+# Failure-consequence & maintenance decision logic — NASA RCM (public domain)
+
+Drives the IACE auto-FMEA "recommended action" layer and the safety-priority
+rule. Ingested into `bp_iace_fmea_kb`.
+
+## Source
+- **Source:** NASA — NPR 8831.2F Ch.7 (Reliability-Centered Maintenance) and NASA GSFC-HDBK-8004 (FMEA & Risk Assessment)
+- **License:** US Government work — **public domain** ("cleared for public accessibility")
+- **Attribution:** `Source: NASA NPR 8831.2F / GSFC-HDBK-8004, public domain`
+- **Retrieved:** 2026-06 · **Ref:** nodis3.gsfc.nasa.gov / standards.nasa.gov
+
+## Safety-consequence priority (key rule)
+A failure with a **safety** consequence is prioritised **regardless of how rare
+it is** — "safety shall be ensured at any cost; thereafter cost-effectiveness
+becomes the criterion." So in a SAFETY FMEA a single Catastrophic mode matters
+even at low occurrence — severity dominates the ranking.
+
+## Failure definition (broad)
+"Any unsatisfactory condition" — loss of FUNCTION **or** loss of QUALITY/
+acceptable performance — not only complete breakdown. (Captures drift,
+degradation, intermittent.)
+
+## Recommended-action decision logic (RCM)
+| Failure character | Recommended task |
+|---|---|
+| Gives advance warning / measurable degradation | **Condition-based / predictive** monitoring |
+| Age/wear-related, predictable | **Preventive / scheduled** replacement |
+| Random, low consequence | **Run-to-failure** (corrective) |
+| Hidden / no effective task | **Redesign** or add **redundancy / detection** |
+
+This maps onto the IACE 3-step measure hierarchy (inherently safe design →
+safeguarding → information) for the FMEA's control/action column.
+
+## How used in IACE
+- Safety-priority rule overrides pure Cm ranking when the linked ISO 12100 hazard
+  is high-severity (the safety-FMEA bridge).
+- The decision table seeds the recommended-action suggestions per failure mode.
+
+Concepts only — IEC 61508/ISO 13849 (SIL/PL, DC, β-factor tables) are copyrighted
+and NOT reproduced; diagnostic-coverage / common-cause are used as generic ideas.