Changed
- Unified the manual and scheduled update paths onto a single engine (#2, @famewolf). The per-container update loop — group-order sort, inter-member wait, group-abort gate, netns-owner-by-name snapshot,
update_container, restart-dependents cascade, notifier results and per-container cooldown — now lives once in_process_update_batch. Both the manual path (run_updates/ "Update all" //update) and the scheduled-auto path (handle_autoupdates) call it; each keeps only its own scaffolding (candidate selection, mutex, message framing, pending-file bookkeeping). Removes the recurring class of bugs where the two paths drifted.
Two behaviours are now consistent across both:
- Head-rollback dependents kick — when a group head fails and rolls back, its dependents are re-attached (previously auto-only, #27).
- No double-touch on the success cascade — in-batch dependents self-heal via their own update; only out-of-batch sidecars get the explicit restart.
Ask-before-major stays auto-only by design (tapping "Update all" / /update is the explicit go-ahead).
Full 14-script regression sweep green, including the Docker-backed cascade / netns / crash-loop tests.