@dc42:
If you are looking for a fail-safe solution, you shouldn't rely on the Duet to implement it at all. You should use a simpler system, such as enclosing the entire printer in a fire-resistant box and using a non-resetting thermal cutout at the top of the box to cut the mains supply. Perhaps also a smoke detector that cuts the mains supply.
Agreed you can't rely on the duet to make the system safe. Safety systems (particually programable ones) are typically seperate from the main control. What I was trying to implement on the back of the wiki page advice is giving the duet the chance to say "help I'm out of control" or to consider the atx-on as a "I'm ok signal" until the signal is no longer to ground.
Your other points are also read from same wiki page. Smoke alarms are after the event and a good last line of defence, particularly if the machine is built into a fire box. I've seached for thermal cutouts but not found much suitable for the hot end. I welcome any supplier advice on that! In addition the thermal fuses and snap switches are can fail badly if they fall from the zone they are monitoring. I considered electrically grounding the whole frame to 0V but aluminium is very quick to oxidise and could easily create a new failure point it the circuit raising more false trips.
The exisiting fault detection for the heater is a great way of detecting failure before it happens, and this is easily tested with something as little as a wrench on the hot end or a block or aluminium on the hotend to push the response of the system out of limits. I've seen it trip a few times, but been able to link it to something daft that I've done. Testing thermal fuses isn't ideal as the snap point isn't exact and would naturally be a safety magin above normal operating temperatures. You either end up adding an external heat source (not necessarily similar to the machine out of control) or trying to push the heaters beyond their intended range just to hit the trip.
I've set up a 24VDC interlock loop to kill mains power to psu for steppers and heaters. At the moment this is just grounded by the 5VDC relay and broken by a big red e-stop button. The intention is to expand it to include other safety measures that are not likely to nusance trip. The interlock loop is based on force guided contact relays whose status will be verified by the user through unused normally closed and open contacts. The relay contacts are quick blow fuse protected to well within there operating range.
SSRs are great to replace electromechanical where high switch rates are required. Other than that the electromechanical are often cheaper with the flyback diode and very robust once the contacts are fuse protected. I originally wanted to move away from relays on my trucks loom, but the additional work needed in transient voltage suppression pushed it well into the relms of too much work.
