[05]

So, dual action master cylinders are OK by you, but actuators are apparently so much more reliable you only need one of them? And the same goes for the control hardware and power supplies because you are ready to handle power loss in software? I hope you have common sense to stay away from engineering safety critical systems for the rest of your career..

[toast0]

Dual (or triple? I don't know how many you want) actuators don't help very much if the software doesn't know how to activate them properly (as it seems is the case here).

You absolutely need a system to ensure a controlled stop in any type of critical failure in ability to control the system. Assuming you have that, it seems reasonable to regularly verify the controls are functional (jiggle the steering, modulate the throttle, gently tap the brakes) every so often, and rely on your controlled stop procedure in the event of failure.

I do have the common sense to avoid safety critical systems, thanks; however armchair engineering is a national sport.