I find driving much less fatiguing when using my Eon (the previous iteration of this product). Taking yourself out of the feedback loop of constantly adjusting steering (and gas if in traffic) makes the experience much more relaxing even though you still have to pay full attention. In my experience, OpenPilot is really rock solid in normal highway driving scenarios and there isn't anything stressful about using it.
The driver must always be capable to immediately retake manual control of the vehicle, by stepping on either pedal or by pressing the cancel button.
The vehicle must not alter its trajectory too quickly for the driver to safely react. This means that while the system is engaged, the actuators are constrained to operate within reasonable limits.
"""
Those checks are separately coded into both OpenPilot, the self-driving software, and Panda, the microcontroller responsible for communicating between OpenPilot and the vehicle.
OpenPilot generates all of the control messages to send to the vehicle based off of feedback from the cars sensors and it's own camera. it has rate limits for all control messages it generates so that it can't jerk the steering wheel or slam on the brakes (as of now it leaves Collision Avoidance up to the stock system)
These control messages are then passed to the Panda over USB. Panda is a microcontroller that converts the control messages into CAN messages that the vehicle can understand. The Panda has the same rate limits checks hardcoded into the firmware and it will reject any control messages that are outside the limits
Finally, because Panda is sending the same CAN messages as the stock ADAS system, whatever safety mechanisms the OEM implemented apply to OpenPilot as well. Most cars have some form of torque caps and some form of rate limiting baked into the EPS firmware.
There’s the self driving code and native layers that runs on a bog standard Android phone, then an Arduino like microcontroller handles interfacing which is more or less realtime. Malformed, illegal or out of range commands would be trimmed out if occurs.
They also has a narrower than commonly used limits and that is reportedly insufficient for tighter curves on some highways but are done so in good faith I guess.
As far as safety goes, their safety policy is outlined here: https://github.com/commaai/openpilot/blob/devel/SAFETY.md
the short of it is:
"""
The driver must always be capable to immediately retake manual control of the vehicle, by stepping on either pedal or by pressing the cancel button.
The vehicle must not alter its trajectory too quickly for the driver to safely react. This means that while the system is engaged, the actuators are constrained to operate within reasonable limits.
"""
Those checks are separately coded into both OpenPilot, the self-driving software, and Panda, the microcontroller responsible for communicating between OpenPilot and the vehicle.