That’s exactly what we’ve been doing for years now. The first releases of snapd could not block refreshes at all, period. Nowadays there are several mechanisms that allow postponing them in specific circumstances, from metered connections, to explicit holding, to delayed results at boot, health checks are coming, etc. We take this seriously and have been demonstrating that with actual development time.
On the other hand, I hope you can also meet half way, and realize that some of your assumptions might not be entirely valid. For more than a decade we’ve been responsible for a system that depends on people updating their software manually. We have a reasonable understanding of many of the involved issues, including the fact that once such a switch exists, the dynamic of the whole ecosystem changes, and it’s hard or impossible to go back to automated updates.
As for the topic you raised, these hooks already exist today, in your local snapd. They are called pre-refresh and post-refresh, and that’s documented.
I do apologize for not having read and responded timely to your message in the forum, though. For reasons which are both personal and professional I’ve got a backlog in the forum that I still need to go through, and it was unfortunate that nobody else did reply to your topic timely.
If you want to know more about many of the additional upcoming features, some of them related to automatic refreshes, we’ve just finished a sprint yesterday, and you can read the full notes here in the forum.