Bridge excitation: ratiometric vs regulated

Ratiometric ties bridge excitation (Vexc) and ADC reference (Vref) so common supply variation cancels in the weight ratio, but only if the “same-domain” assumption is preserved end-to-end. Regulated excitation can reduce absolute drift when analog isolation is strong; otherwise, injected ripple and ground movement can dominate.

• Choose ratiometric when motor/radio activity causes unavoidable rail movement and the system can keep Vexc and Vref truly common.
• Choose regulated when analog rails and return paths are well-isolated and thermal stability is prioritized.
• Edge condition: if Vexc and Vref are derived through different regulators/paths, cancellation is weakened or lost.

INA / PGIA: where errors enter

Weight jump during motion is frequently a common-mode problem rather than a differential sensor change. AFE robustness is defined by input-referred noise (resolution floor), input bias (offset drift with impedance and temperature), and CMRR/common-mode range (how ground bounce and return-path movement converts into apparent weight).

• Noise: sets minimum detectable ΔW; verify via static code histogram and standard deviation.
• Input bias & leakage: interacts with bridge impedance and protection resistors; worsens with temperature.
• CMRR: determines whether motor current return movement injects into the measurement as a step jump.
• Input protection / ESD: must not introduce large leakage or capacitance that distorts settling and drift.

ADC and sampling strategy (reject what is predictable)

Effective performance is defined by how sampling handles predictable interference: 50/60 Hz mains, PWM bands, and radio burst periods. Select ADC resolution and rate to support synchronous sampling and an appropriate filter window, then prove that “motor on” does not expand noise beyond the allowed budget.

• 50/60 Hz rejection: use a filter/window aligned to mains suppression, not only averaging.
• Synchronous sampling: align sampling to motor PWM phase or avoid known burst windows to prevent coherent artifacts.
• Aliasing check: if weight noise shows narrow peaks near PWM bands, the sampling plan must change first.

Key error sources and how to separate them

Deep diagnosis separates slow drift from step jumps and assigns each to a likely domain: mechanical creep/preload, thermal drift, or electrical injection through reference/return paths.

• Creep: slow monotonic change under static load (10–30 s) → mechanical/material behavior or thermal settling.
• Temperature drift: two-point test identifies zero drift vs sensitivity drift (repeat after return to ambient).
• Ground bounce injection: step jump aligned to motor start/PWM or radio TX → common-mode/return-path coupling.

Tare (zeroing) with a stability gate

Tare is only valid inside a stable window. The stability gate is defined by bounded standard deviation and a short “flatness” check so that noise is not locked as the zero reference.

• When: motor off, no burst window, weight(t) σ below threshold for N samples.
• Evidence: confirm the tare window has no coherent PWM-related peak and no step jumps.

Segment integration for dispense events

Dispense estimation is most robust when computed over segments: pre-motion baseline, motion window, post-motion settling. Segment integration avoids mixing interference with the decision variable.

• Pre: capture baseline mean and σ.
• During: avoid coherent sampling artifacts; record motor signature alignment.
• Post: measure ΔW after settling; reject if instability persists.

Filter window design (mains + PWM-aware)

The filter window is chosen to reject 50/60 Hz components and reduce PWM-correlated artifacts. Window length is not an arbitrary “smoother”; it is a controlled tradeoff between response time and spectral suppression.

• Goal: reduce narrow-band peaks without delaying post-dispense stabilization excessively.
• Evidence: compare motor on/off σ and spectral peaks at PWM harmonics.

Outlier gate (hardware-triggered, not guess-based)

Outlier removal should be triggered by known hardware states: motor start edges, PWM phase transitions, and radio TX bursts. This prevents removing legitimate mass change while still suppressing predictable spikes.

• Inputs: motor_state, pwm_phase (or time since start), radio_tx_flag.
• Rule: only gate samples inside declared interference windows.

Drift compensation (only when physically justified)

Drift compensation must be conditional; continuous drift correction can erase real inventory changes. Enable it only when the system is idle and the signal matches creep/thermal behavior.

• Enable: motor off, stable window, no external disturbance, long time constant behavior.
• Disable: active dispense, vibration, repeated step jumps, or uncertain baseline.

Low-stock alert: weight trend + motor signature consistency

Avoid false low-stock by requiring agreement between weight evidence and the actuation signature. When the motor signature indicates normal dispense but ΔW is unexpectedly small, classify as jam/empty-run risk rather than low stock.

• Factor 1: weight trend below threshold + sustained slope.
• Factor 2: motor current signature class (normal vs jam/empty-run).
• Outcome: alert type depends on consistency, not only on a single threshold.

Load types and what they imprint on current

• Auger / screw: steady-state ripple often reflects pellet engagement; jam raises baseline current and slows acceleration.
• Rotary wheel: empty-run is common—normal current with near-zero ΔW (dispense mismatch).
• Belt / chain: slip can mimic “normal current” while transport fails; look for ΔW lag and repeatable transient patterns.
• Brushed pump: commutation ripple is a health indicator; dry-run changes ripple and average current.
• BLDC pump: startup and rotor-detection retries are diagnostic; repeated fails can appear as restart loops.
• Diaphragm pump: strong pulsation; waveform periodicity reveals load state and backflow behavior.

Driver selection: protection behavior must be observable

Driver choice is not only about torque. It defines whether fault modes are distinguishable in the field. Prefer drivers with clear protection reporting and controllable switching edges so that OCP/OTP/UVLO events do not masquerade as mechanical jams.

• Topologies: H-bridge for brushed/stepper; 3-phase for BLDC motors and pumps.
• Protection: log and expose OCP/OTP/UVLO flags and retry counters as “first-class” evidence.
• Slew-rate / EMI: edge control reduces injected noise into weight and radio rails, but must not compromise torque margin.

Sensing options (build a closed diagnostic loop)

• Current sense: shunt-based (high/low side) or lossless (Hall). Bandwidth must capture startup peak and acceleration slope.
• Position/limit: limit switch, Hall index, or encoder validates “motor moved” vs “transport happened.”
• Restart count: repeated attempts indicate protection loops, rotor-detect failures, or persistent load blockage.

Signature table (separate jam vs empty-run vs power-limited)

• Jam / stall: high I_pk, slow acceleration, elevated steady current, frequent OCP or thermal progression, ΔW small or intermittent.
• Empty-run / slip: I_motor looks normal and stable, V_bus stable, but ΔW ≈ 0 or far below expectation.
• Power-limited loop: I rise coincides with V_bus dip; UVLO/reset reasons align with the event; restarts dominate.
• Intermittent clog: ripple amplitude and mean current shift with periodicity; ΔW becomes bursty rather than continuous.

Food low-stock: three-factor consistency (anti false alarm)

Low-stock should not be asserted from a single weight threshold. Combine absolute weight, trend behavior, and actuation signature to prevent mechanical bias or structural contact from creating false low-stock alerts.

• Factor 1 — Threshold: weight below a calibrated minimum (candidate only).
• Factor 2 — Rate: sustained low region or consistent downward slope across multiple windows.
• Factor 3 — Motor signature: if “normal dispense signature” is present but ΔW is too small, classify jam/empty-run risk first.

Water level sensing options and typical noise sources

• Conductive electrodes: susceptible to contamination paths and bubbles; mitigate with AC excitation/pulsed measurement and polarity alternation.
• Capacitive: sensitive to humidity and RF coupling; mitigate with guard/shielding and burst-aware sampling windows.
• Pressure/flow: sensitive to pulsation and backflow; mitigate with windowed filtering aligned to pump cycles.
• Float: susceptible to sticking and installation angle; validate with tilt/vibration and long-soak tests.

Leak and backflow: separate “wet tray” from “water path dynamics”

Leakage and backflow are often misinterpreted as low-water. Use dedicated sensing for tray/wet-base conditions and validate pump-stop transients to avoid false alarms after actuation ends.

• Leak: tray electrode / impedance / humidity sensing with contamination and condensation tolerance.
• Backflow: characterize 30–60 s post-stop behavior; set hysteresis so transient refills do not flip states.

Noise-injection verification (hard acceptance criteria)

Each sensing method must be proven under three injection modes. Record mean drift, standard deviation, and false-trigger count for each mode and use these results to set thresholds and sampling windows.

• Pump ON: evaluate pulsation and supply/ground movement sensitivity.
• RF TX: evaluate burst coupling (especially capacitive and high-impedance paths).
• Motor ON: evaluate shared-domain coupling if feeder and pump coexist on one platform.

Camera rail: noise spectrum and return-path control

“LDO vs buck” is not a slogan decision. The goal is a camera rail that remains stable during motor PWM and radio TX bursts, and a high-speed link whose return current is not forced through noisy motor-current paths.

• LDO: can suppress switching ripple, but thermal headroom and transient response still matter during burst loads.
• Buck: efficient, but switching ripple/harmonics can couple into MIPI/clock references if return paths are compromised.
• MIPI/CLK return: avoid crossing splits or narrow necks that “cut” the return path and convert current loops into radiators.

Wi-Fi/BLE: three injection channels to watch

• PA peak current: TX bursts can dip V_radio and trigger resets or link flaps if decoupling and impedance are insufficient.
• Ground bounce: motor di/dt shifts the local reference; the link can degrade even if RSSI does not.
• Antenna coupling: fast edges and PWM harmonics can raise PER/retry without changing RSSI (quality collapse vs range loss).

Evidence split: Power-driven vs EMI-driven dropouts

• Power-driven: V_radio/V_camera dip or ripple spike aligns with reset reason (brownout/watchdog) and session drop.
• EMI-driven: RSSI ~ constant, but PER/retries/packet loss rise sharply and track motor PWM speed or duty settings.
• Mixed cases: mild Vrail ripple + strong PER rise often indicates both impedance and coupling paths need attention.

On-device metrics (no cloud dependency)

Use local indicators that can be sampled and correlated with waveforms:

• RTSP/LAN stability: session drop count, reconnect count, and interruption duration.
• Packet quality: PER/retry counters, TCP retransmits (if accessible), or application-level dropped-frame counters.
• Reset evidence: reset reason, brownout flags, watchdog triggers, and reboot counters.

Rail partitioning and failure consequences

Partitioning reduces noise injection and enables graceful degradation. Each rail should have a clear “what breaks first” signature, so field failures are explainable and recoverable.

• Motor rail: high di/dt source; isolate from sensitive domains.
• Analog rail: weight AFE; requires clean reference and stable ground.
• Radio rail: PA bursts; sensitive to dips and impedance peaks.
• Camera rail: ripple and return-path sensitive; link errors are observable.
• Digital rail: MCU + storage; must remain last to preserve logs and counters.

Backup options and power-path management

• Battery: strong energy density; verify droop under burst write + RF TX + motor stop transients.
• Supercap: strong pulse support; ensure predictable voltage window and controlled recharge behavior.
• Power-path / ORing: switching must avoid glitches that look like brownouts on V_digital and V_storage.
• Protection: UV/OV/OC thresholds should align with “last good commit” requirements.

Brownout choreography (who drops first, who stays last)

A deterministic power-down sequence prevents noisy domains from corrupting the last valid measurements and ensures logs commit before the digital rail collapses.

• Step 1: disable motor drive (remove the highest-noise source).
• Step 2: freeze weight decision state and start log flush.
• Step 3: commit marker written, then sequence counter increments.
• Step 4: stop radio/camera as needed; keep digital+storage alive until commit completes.

Waveform + log alignment (auditable continuity)

Each power event should be explainable by matching rail waveforms to event logs. This prevents “random reboot” narratives and eliminates duplicate/omitted low-stock alerts.

• Waveforms: capture V_motor, V_digital, V_analog, V_camera, V_radio during drop and switch.
• Logs: record reset reason, sequence counter, and commit marker status.
• Rule: sequence counter must be monotonic; commit marker separates “written” from “aborted.”

Guarding and anti-pinch: sensors are only useful if failure is safe

Lid/latch/anti-pinch detection should prefer a default-safe polarity where wiring faults and sensor loss do not enable motion. If a single sensor is used, define its dominant failure modes and ensure the system lands in a disabled state.

• Limit switch: choose a wiring polarity where open-circuit maps to “unsafe / disable.”
• Hall: handle magnet loss and misalignment; require “stable present” before enabling motion.
• Photo-eye: handle contamination and occlusion; include debounce plus a hard disable path.

Interlock philosophy: build an “allow chain,” not a “block list”

The system should only move or energize when all allow conditions are true. Any missing condition drops the enable chain. This keeps behavior safe during firmware hangs or during post-reset I/O float windows.

• Lid OK (sensor valid and stable)
• Rails OK (no UVLO/brownout flag for sensitive domains)
• Fault clear (no latched OCP/OTP condition)
• Enable gate (hardware-level gating, not only a GPIO)

Motor ↔ heater/UV (if present): hardware backstop is mandatory

If the platform includes heating or UV, the enable path must guarantee default OFF on reset and during ESD/EFT. Firmware may request activation, but hardware must enforce interlocks.

• Default OFF: after reset/brownout, outputs remain disabled until allow chain re-validates.
• Hard gating: a dedicated gate (EN chain) prevents unintended pulses from energizing drivers.
• Latch behavior: certain faults should latch OFF until a controlled recovery (prevents oscillating re-triggers).

Abuse cases: define triggers, hard response, and verifiable evidence

Abuse cases should be written as auditable entries: trigger → risk → hardware backstop → verification. The goal is to avoid “random behavior” in the field.

• Lid partially latched: sensors disagree → disable motion; verify no actuation during vibration and button spam.
• Child rapid pressing: repeated commands → rate-limit in firmware, but hardware enable must still enforce safety.
• Empty reservoir / dry pump: sensor indicates low-water → inhibit pump; verify no short energize bursts.
• Mechanical shock: transient sensor toggles → debounce + allow chain stability window; verify no false starts.

Protection placement map (by interface, not by theory)

• Power entry: TVS at the entry, plus RC/π filtering as needed to control conducted bursts.
• Motor/pump leads: edge control + ferrite/RC where appropriate; long leads are strong radiators and injection paths.
• Sensor harness: TVS/RC and input conditioning (Schmitt where needed) on lid/optical/Hall/float lines.
• Load-cell AFE inputs: symmetric series-R + small C + ESD clamp; protect both differential lines consistently.
• High-speed camera link: ESD arrays at connectors; avoid return-path discontinuities near MIPI/clock routing.
• Radio domain: keep PA rail impedance low; isolate noisy returns from antenna/reference regions.

Most sensitive loops (victim loops that explain real symptoms)

• Weight integrity: bridge excitation/return, AFE input loop, reference/ground stability.
• Radio stability: PA burst current loop, V_radio decoupling loop, local ground reference integrity.
• Actuation safety: EN/PWM/control pins, gate chain thresholds, reset-time default states.

What to measure (correlation-focused)

During injection, log three outcomes and a minimal rail set. The goal is to correlate cause and effect, not to enumerate standards.

• Motor: unintended motion, fault flags, EN state transitions.
• Weight: jump amplitude, recovery time, and whether it aligns with motor/packet events.
• Wi-Fi: RTSP/LAN drops, PER/retry spikes (note RSSI vs PER behavior).
• Rails: at least V_analog, V_radio, V_digital to separate coupling vs brownout.

How to interpret results (fast split rules)

• Unintended motor actuation + rail dip: prioritize power entry impedance and enable chain hardening.
• RSSI stable but PER/retries spike: prioritize EMI coupling paths (motor leads, return discontinuities, antenna adjacency).
• Weight jumps without link impact: prioritize AFE input/harness protection and symmetry of the differential path.

Minimum tool kit (field-ready)

• DMM: continuity (lid/interlock), static rails, shunt resistance sanity, leakage checks.
• Scope: rail dip/ripple, motor current signature, AFE output noise, EN/PWM integrity, reset pin behavior.
• Local logs: reset reason, brownout flags, sequence counter + commit marker, network PER/retry/drop counters.

Evidence pack (must be collected before fixes)

• Rails: at least V_analog, V_radio, V_digital (add V_motor/V_camera if present).
• Motor: motor current (shunt sense or current monitor output) + bus voltage during start/stop and retry loops.
• Weight: raw ADC codes or AFE output during static load, temperature change, and motor activity.
• Network: RSSI + PER/retry + session drops (LAN/RTSP if used).
• Atomicity: sequence counter monotonicity + commit marker validity across brownouts.

MPN examples for logging storage (atomic events): Fujitsu MB85RC256V (I²C FRAM), Infineon/Cypress FM24CL64B (I²C FRAM), Winbond W25Q64JV (SPI NOR Flash), reset supervisor: TI TPS3839, Analog Devices MAX809.

S1 — Weight drifts (static load “creeps” for 10–30s)

First 2 measurements

• Raw ADC code (or AFE output) under fixed load for 30s (no motor, no radio TX).
• Bridge excitation / reference stability (Vexc or Vref) and AFE input common-mode.

Discriminator

• Monotonic creep with stable Vref → mechanical/load-path or sensor creep dominates.
• Step-like drift correlating with rail ripple → analog ground/reference coupling dominates.

First fix

• Enforce ratiometric measurement (bridge excitation aligned to ADC reference) and tighten analog return.
• Add symmetric input RC and protect AFE inputs from injection; verify AFE bias/CMRR margin.

MPN examples: INA/PGIA TI INA333, TI INA826, ADI AD8421; precision ADC TI ADS1220, TI ADS1232, ADI AD7124-4/AD7124-8; low-noise reference TI REF3330, ADI ADR3430.

S2 — Weight jumps/noise rises when motor runs

First 2 measurements

• AFE output or raw ADC code during motor PWM at two speed/duty points.
• V_analog ripple and analog ground bounce during the same window.

Discriminator

• Noise increases with motor duty but not with radio TX → motor return/coupling path dominates.
• Noise spikes align with PA bursts → shared impedance on V_radio/V_analog dominates.

First fix

• Partition rails (analog vs motor/radio), shorten AFE input loops, enforce symmetric differential routing.
• Slow motor edges (slew) and add snubbers where needed; keep motor leads away from AFE harness.

MPN examples: motor driver (brushed) TI DRV8871, TI DRV8833; BLDC (3-phase) TI DRV8313, ST L6234; ferrite bead Murata BLM21PG series; current sense amp TI INA180, TI INA181.

S3 — Under/over-dispense (dose inconsistent)

First 2 measurements

• Motor current signature: start peak, acceleration slope, steady ripple (one full dispense cycle).
• Weight delta per cycle (integrated over a fixed window after motor stop).

Discriminator

• Same motor signature but varying weight delta → mechanical delivery path variability (bridging, chute friction).
• Motor signature changes (higher peak, slower ramp) with low weight delta → early jam/bridging onset.

First fix

• Implement dose logic anchored to hardware truth: tare + windowed integration + outlier rejection tied to motor signature.
• Add a jam retry limit + fault latch; avoid infinite “micro-burst” retries that create double-counting.

MPN examples (signature sensing): current monitor TI INA190, ADI AD8418A; MCU GPIO conditioning (Schmitt) TI SN74LVC1G14.

S4 — Jam/empty/run-dry confusion (retries, stalls, or silent failures)

First 2 measurements

• Three-waveform capture: motor current + V_motor bus + weight change (aligned in time).
• Retry counter + fault flags (OCP/OTP/UVLO) from driver/firmware logs.

Discriminator

• Jam: high start peak + stalled slope + repeated OCP/fault.
• Empty / no-load: low steady current + minimal ripple + no weight delta.
• Run-dry pump: current pattern shifts with cavitation; low-water sensor may confirm.

First fix

• Set OCP/OTP strategy + retry ceiling; force a user-visible fault state instead of endless retries.
• Add or tighten low-water/low-food validation by cross-checking weight trend + motor signature.

MPN examples: driver with protections TI DRV8876 (integrated current regulation), brushed driver Infineon BTN8982TA; power switch/eFuse for motor rail TI TPS25947, ADI LTC4368 (surge stopper).

S5 — Motor motion causes Wi-Fi drop / camera stream interruption

First 2 measurements

• V_radio (and V_camera if present) during motor start and during radio TX bursts.
• PER/retry/session-drop counters (note: record RSSI in parallel).

Discriminator

• Power-driven: rail dip aligns with reset reason/brownout and stream drop.
• EMI-driven: RSSI ~ stable but PER/retries spike and track PWM speed/duty.

First fix

• Power-driven: reduce shared impedance, isolate radio rail, strengthen decoupling, enforce rail priority.
• EMI-driven: slow edges, isolate motor leads/returns from antenna and high-speed return paths, add targeted filtering.

MPN examples: power mux/ORing TI TPS2121, ideal diode controller ADI LTC4412; low-noise LDO (radio/camera) TI TPS7A02, TI TLV755; ESD array (high-speed) Nexperia PESD5V0S2UT, Semtech RClamp0504B.

S6 — Random reboot (especially at motor start or TX burst)

First 2 measurements

• V_digital minimum voltage and dip duration during the reboot window.
• Reset reason + brownout flag + watchdog flag (local logs).

Discriminator

• Brownout/reset pin toggles align with V_digital dips → power integrity root cause.
• No rail dip but reset reason indicates external reset → control pin injection / supervisor behavior.

First fix

• Define rail priority and shut down noisy rails first (motor) while keeping digital/storage alive for commit.
• Add/reset supervisor with proper threshold and delay; harden reset line against ESD injection.

MPN examples: supervisor TI TPS3808, TI TPS3839, ADI MAX809; buck (ULP digital) TI TPS62840, TI TPS62743; TVS for reset/button lines Nexperia PESD5V0S1UL, Littelfuse SP0503BAHT.

S7 — Power loss leads to duplicate/missing alerts (ledger not atomic)

First 2 measurements

• Rail fall order: V_motor → V_radio/V_camera → V_digital (scope capture on unplug).
• Sequence counter monotonicity + commit marker validity across the event.

Discriminator

• Commit marker missing or counter repeats after brownout → atomic write strategy fails.
• Rail order collapses digital too early → power-down choreography fails.

First fix

• Choreography: motor OFF → freeze decision state → flush → commit marker → seq++ → then allow digital to drop.
• Use FRAM or journaled flash with commit marker; forbid partial records from being treated as valid events.

MPN examples: FRAM Fujitsu MB85RC256V, Infineon/Cypress FM24CL64B; power-path charger TI BQ24074, TI BQ25895; supercap charger/backup controller ADI LTC3225 (supercap charger), ADI LTC4040 (backup supply controller).

S8 — ESD/EFT causes unintended motor blip or false weight jump

First 2 measurements

• EN/PWM/control pin integrity during injection (look for sub-ms pulses).
• V_digital/V_analog and fault/reset markers aligned with the same event.

Discriminator

• Control pin pulse without rail dip → pin injection / insufficient default state control.
• Rail dip + reset/brownout → power entry impedance / return path coupling.

First fix

• Harden enable chain: hardware gate with default OFF, Schmitt conditioning, RC edge control, and pull resistors.
• Add targeted TVS/RC at harness and button entries; enforce symmetric protection on AFE differential inputs.

MPN examples: logic gate (allow chain) TI SN74LVC1G08 (AND), Schmitt TI SN74LVC1G14; ESD arrays Semtech RClamp0504B, Nexperia PESD5V0S4UD; common-mode choke (sensor leads) Murata DLW5BS, TDK ACM2012.