How Does Product OTA Firmware Rollout Ensure Safe Flash?

Howdy!

We’re in the process of deciding whether or not to use Particle’s firmware management or building our own. The main question we have is, when flashing OTA firmware via the product rollout tool, how does the tool make sure the device is in a safe state (for example, not mid-memory write) before flashing firmware? What process does the cloud software go through to perform an OTA rollout?

Also, I noticed this section on OTA flashing which partially documents system updates software events. Is the updatesPending() call now functional?