You’re looking for “silent push” as are many others. The second flow that you and Sebastiaan investigated worked because the browsers allow a certain number of mistakes(?) before they start to show a generic notification to say that your site sent a push notification without showing a notification. I believe that after ~10 or so notifications, and that’s different between browsers, they run out of patience.
There have been some unsuccessful proposals for allowing silent push while minimising the potential abuse, not just to the cache but the user’s network and battery as well. The, now obsolete, Budget API gave sites an ability to build up trust and then assign that trust as a budget to resources like silent pushes. This take down of the Budget API seems to have killed it off, but I agree with the conclusion. This is something that the permissions API, an increasingly important API for controlling all the things the web can do now, can and should handle.
The pattern of push and cache is a really nice one that I’ve experimented with (including a notification) and I hope the web can come to a solution for it soon too.