Failsafe option when Pixhawk fails



Due to some work circunstances, I am working with Pixhawk+PX4 in an expensive fixed wing UAV. As I have little experience with the Pixhawk, I was wondering what was the community opinion on developing some sort of extra circuit which would multiplex the RC signal directly to the servos when triggered (by the RC itself for example). This is mainly so an experienced pilot can take full manual control in case the Pixhawk stops working, or even shuts down entirely.

Is there any merit to this idea? Or is the rate of failure of the Pixhawk+PX4 is low enought that adding it is pointless (or even prejudicating the system)?

Is there any documentation on number of flight hours or certification for Pixhawk+PX4?

I’ve worked with the hardware side of pixhawk for about 5 years now (softwares handled by another team) and gone through probably 15 controllers on different aircraft both fixed wing and multi rotor. I’ve seen controllers fail on the ground after plugging something in wrong or shorting something out, however I’ve only ever seen one fail during probably well over 300 hours of flight, and the source was due to landing gear that had a terribly designed circuit board and shorted 5v to ground when they deployed. Unfortunately unless you’re running isolated batteries between your receiver and the pixhawk with linked ground lines, it would also shut down the receiver creating a full LOS situation. I think it would be a really cool idea but fortunately it appears that the demand for such a system is quite low