⚠️ Disclaimer: This project involves modifying an AC100V household appliance. Anyone attempting a similar modification should fully understand the risks of electric shock and fire, and proceed entirely at their own risk.
Characters
- Master: The person who wants to build a DIY reflow oven
- Tanjiro: A sincere but occasionally misguided assistant
Tanjiro is named after the protagonist of Demon Slayer — earnest, hardworking, and genuinely sorry every time he gets something wrong.
The Parts Are Coming Together
There's an Iris Ohyama toaster oven sitting on the workbench — 15 liters, nothing special. The plan is to turn it into a reflow oven.
Yes, buying a commercial reflow oven would be the sensible choice. But there's something appealing about building your own controller, defining your own temperature profiles, and being able to trace every fault back to a schematic you drew yourself. So here we are.
Here's what's on hand:
| Part | Qty | Status |
|---|---|---|
| Iris Ohyama Toaster Oven 15L | 1 | ✓ Have it |
| MAX31855 Thermocouple Module (K-type) | 1 | ✓ Have it |
| SSR-25DA Solid State Relay | 2 | ✓ Have it |
| SSR Heat Sink | 2 | ✓ Have it |
| 15A Circuit Breaker | 1 | ✓ Have it |
| ESP32 | — | Need to buy |
| Thermocouple | — | Need to buy |
With the parts laid out, Master and Tanjiro sat down to work through the design.
The Fuse Debate
Master: "Do we actually need a fuse after the breaker?"
Tanjiro: "Absolutely! A fuse responds faster than a breaker, so it provides better device-level protection!"
Master: "But if an SSR fails shorted — stuck closed — the current through the heater stays within its rated range, right?"
Tanjiro: "...oh."
Master: "A fuse protects against overcurrent. It won't react in that scenario."
SSR fails (stuck closed)
│
├──→ Current remains within rated range
│ └──→ Fuse: does nothing ✗
│
└──→ Temperature keeps rising
└──→ Thermal runaway 🔥
Tanjiro: "You're absolutely right. We're not trying to stop a current runaway — we're trying to stop a temperature runaway. A fuse is simply the wrong tool for this."
Master: "Exactly. So let's think about what the right tools are."
Building Layers of Safety
Master: "I want a software watchdog that cuts the SSR if we exceed the setpoint by 30°C. And I want to use the oven's built-in thermostat as a hardware backstop. How do we structure this?"
Tanjiro: "Let me try to organize it as layers."
| Layer | Owner | Trigger | Action |
|---|---|---|---|
| 1 | ESP32 PID | Temperature profile | Normal operation |
| 2 | ESP32 Software | Setpoint +30°C exceeded | Force SSR OFF |
| 3 | MAX31855 | Sensor open/short circuit | FAULT flag → SSR OFF |
| 4 | ESP32 Internal WDT | Deadlock | Reset → GPIO LOW → SSR OFF |
| 5 | ??? | Absolute temperature exceeded | Physical AC disconnect |
Tanjiro: "Layer 5 is still empty. We need something that works completely independently of software — even if everything else has failed."
Master: "KSD9700 would work here."
Discovering the KSD9700
Tanjiro: "KSD9700... it's a bimetallic thermostat disc. When it exceeds its rated temperature, the contacts physically open."
Master: "No software, no control signals involved. Just temperature. Wire it in series with the AC line and it becomes the last line of defense."
Tanjiro: "And it operates on a completely different physical principle from our other protection mechanisms."
| Protection | Measurement Principle |
|---|---|
| Thermocouple (main sensor) | Seebeck effect |
| KSD9700 (final backstop) | Bimetallic physical deformation |
Tanjiro: "If you double up on the same method, both can fail for the same reason at the same time. Changing the underlying principle is what makes redundancy real. That's diversity redundancy."
Master: "Exactly."
The AND Gate Trap
Master: "Alongside the ESP32, I want to use a PIC microcontroller for safety monitoring during development. How do we combine their outputs to control the SSR?"
Tanjiro: "An AND gate! Both outputs must be HIGH for the SSR to turn on!"
Master: "Isn't that backwards?"
Tanjiro: "...huh?"
Master: "We want: if either one detects a fault, cut the SSR. That's Wired-OR."
Tanjiro: "...you're right. I had the logic completely inverted. I'm sorry."
ESP32 (open-drain) ──┐
├──[pull-up]──→ SSR-25DA
PIC (open-drain) ──┘
Both HIGH → SSR ON (heating)
Either LOW → SSR OFF (safe)
Tanjiro: "Both outputs are open-drain with a shared pull-up. The moment either one pulls LOW, the line goes LOW and the SSR cuts. If one side fails, the other keeps running independently."
Master: "That's the idea."
📝 Note on Wired-OR vs Wired-AND
Strictly speaking, this configuration — open-drain outputs with a pull-up — is called Wired-AND in positive logic, because the output is HIGH only when both drivers release the line (the same topology used by I2C). Viewed in negative logic, however, either side asserting LOW stops the SSR, which is OR behavior. This article uses "Wired-OR" to emphasize that intent. Readers familiar with the formal terminology may prefer to call it Wired-AND.
The Two-Thermocouple Trap
Tanjiro: "For sensor redundancy, what about using two thermocouples with two separate MAX31855 modules?"
Master: "Isn't that too simplistic?"
Tanjiro: "How so?"
Master: "Different mounting positions mean different temperatures. If you put two identical sensors side by side using the same method, you can't build a valid monitoring system — you have no reference."
Tanjiro: "...right. If the two readings diverge, there's no way to know which one is correct, or whether it's even an anomaly."
Master: "Besides, KSD9700 is already watching temperature using a completely different physical principle. That is your second sensor — and it's already built on diversity."
Tanjiro: "So one thermocouple is enough. And the MAX31855 handles open-circuit and short-circuit detection in hardware. That covers the sensor failure modes."
The Deadlock Problem
Tanjiro: "For detecting ESP32 deadlocks, what about adding an external watchdog IC? The ESP32 sends a regular kick pulse, and if it stops, the watchdog cuts the SSR."
Master: "The ESP32's internal WDT handles that."
Tanjiro: "Oh."
Master: "When it deadlocks, the internal WDT fires a reset. During reset, GPIO goes LOW, which propagates through the Wired-OR and cuts the SSR. The PIC's job is overtemperature detection during development — while the ESP32 code is still unstable."
Tanjiro: "So the purpose is different entirely. Got it."
The SPI Bus: Who's in Charge?
Master: "The PIC needs temperature data. We only have one MAX31855. How do we share it?"
Tanjiro: "Make the ESP32 the SPI master, and have the PIC snoop on the bus!"
┌── SCK/CS ──→ MAX31855
ESP32 (SPI Master) ─┤ │
└──←── MISO ───┘
│
PIC (Snooping) ─────←── MISO ──┘
──── SCK/CS ref ──→ (from ESP32)
✗ Safety system depends on ESP32 being alive
Master: "That makes the safety system dependent on the ESP32 being alive."
Tanjiro: "...oh no."
Master: "If the ESP32 stops, the PIC loses its temperature data too. Having your safety system depend on your main system is completely backwards."
Tanjiro: "You're right. So we flip it."
┌── SCK/CS ──→ MAX31855
PIC (SPI Master ✓)─┤ │
└──←── MISO ───┘
│
ESP32 (Snooping) ────←── MISO ───┘
──── SCK/CS ref ──→ (from PIC)
✓ Safety system runs independently of ESP32
Tanjiro: "The PIC becomes the SPI master, reading the MAX31855 every 100ms. The ESP32 snoops on those transactions as a passive slave and uses the data for PID control."
Master: "And what happens when the ESP32 deadlocks and stops doing SPI reads?"
Tanjiro: "The PIC stops seeing transactions. It can detect that silence as a timeout. Which means... the ESP32's normal operation is the heartbeat signal to the PIC."
Master: "No dedicated heartbeat line. No external watchdog IC."
Tanjiro: "One passive tap on the SPI bus gives us both temperature monitoring and deadlock detection. That's... actually elegant."
Where Things Stand
After a long series of corrections, the architecture has taken shape.
AC100V
│
├──→ 15A Circuit Breaker
│ │
│ ├──→ KSD9700 (Bimetallic Thermostat) [Layer 5]
│ │
│ └──→ SSR-25DA ──→ Heater Element
│ ↑
│ Wired-OR
│ ┌────────┴────────┐
│ ESP32 (open-drain) PIC (open-drain)
│ [Layer 1 & 4] [Layer 2]
│ ↑ ↑
│ └────────┬──────────┘
│ │ SPI (snoop) │ SPI (master, 100ms)
│ MAX31855 [Layer 3: FAULT Detection]
│ ↑
└──────────────────── K-type Thermocouple
| Layer | Owner | Monitors | Notes |
|---|---|---|---|
| 1 | ESP32 PID | Temperature profile | Normal operation |
| 2 | PIC | Setpoint +30°C | Dev safety net, stays in production too |
| 3 | MAX31855 | Sensor open/short | Hardware FAULT detection |
| 4 | ESP32 Internal WDT | Deadlock | Reset → GPIO LOW → SSR OFF |
| 5 | KSD9700 | Absolute temperature | Bimetallic, fully software-independent |
Tanjiro: "No schematic yet. No firmware yet. But the design philosophy is solid."
Master: "More to come."
Parts list: IRIS OHYAMA PFC-D15A-W / MAX31855 / SSR-25DA / KSD9700 / ESP32 / PIC (3.3V)
Top comments (0)