@oxyhq/core 3.8.1 → 3.9.0

package/src/mixins/OxyServices.applications.ts

@@ -347,6 +347,9 @@ export function OxyServicesApplicationsMixin<T extends typeof OxyServicesBase>(B
           data,
           { cache: false },
         );
+        // Bust every cached application list (unscoped + per-workspace) so the
+        // new application appears on the next `getApplications()` read.
+        this._invalidateApplicationLists();
         return res.application;
       } catch (error) {
         throw this.handleError(error);
@@ -387,6 +390,10 @@ export function OxyServicesApplicationsMixin<T extends typeof OxyServicesBase>(B
           data,
           { cache: false },
         );
+        // Bust the cached detail and every list (which embeds application
+        // fields) so neither serves the pre-update snapshot.
+        this.clearCacheEntry(`GET:/applications/${applicationId}`);
+        this._invalidateApplicationLists();
         return res.application;
       } catch (error) {
         throw this.handleError(error);
@@ -399,12 +406,18 @@ export function OxyServicesApplicationsMixin<T extends typeof OxyServicesBase>(B
      */
     async deleteApplication(applicationId: string): Promise<ApplicationSuccessResult> {
       try {
-        return await this.makeRequest<ApplicationSuccessResult>(
+        const result = await this.makeRequest<ApplicationSuccessResult>(
           'DELETE',
           `/applications/${applicationId}`,
           undefined,
           { cache: false },
         );
+        // Bust every cached representation of the deleted application.
+        this.clearCacheEntry(`GET:/applications/${applicationId}`);
+        this.clearCacheEntry(`GET:/applications/${applicationId}/members`);
+        this.clearCacheEntry(`GET:/applications/${applicationId}/credentials`);
+        this._invalidateApplicationLists();
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }
@@ -446,6 +459,7 @@ export function OxyServicesApplicationsMixin<T extends typeof OxyServicesBase>(B
           data,
           { cache: false },
         );
+        this._invalidateApplicationMembership(applicationId);
         return res.member;
       } catch (error) {
         throw this.handleError(error);
@@ -470,6 +484,7 @@ export function OxyServicesApplicationsMixin<T extends typeof OxyServicesBase>(B
           data,
           { cache: false },
         );
+        this._invalidateApplicationMembership(applicationId);
         return res.member;
       } catch (error) {
         throw this.handleError(error);
@@ -486,12 +501,14 @@ export function OxyServicesApplicationsMixin<T extends typeof OxyServicesBase>(B
       memberId: string,
     ): Promise<ApplicationSuccessResult> {
       try {
-        return await this.makeRequest<ApplicationSuccessResult>(
+        const result = await this.makeRequest<ApplicationSuccessResult>(
           'DELETE',
           `/applications/${applicationId}/members/${memberId}`,
           undefined,
           { cache: false },
         );
+        this._invalidateApplicationMembership(applicationId);
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }
@@ -508,12 +525,17 @@ export function OxyServicesApplicationsMixin<T extends typeof OxyServicesBase>(B
       data: TransferApplicationOwnershipInput,
     ): Promise<ApplicationSuccessResult> {
       try {
-        return await this.makeRequest<ApplicationSuccessResult>(
+        const result = await this.makeRequest<ApplicationSuccessResult>(
           'POST',
           `/applications/${applicationId}/transfer-ownership`,
           data,
           { cache: false },
         );
+        // Ownership change alters roles in the member list AND the detail, and
+        // can change which applications the caller "owns" in the list view.
+        this._invalidateApplicationMembership(applicationId);
+        this._invalidateApplicationLists();
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }
@@ -548,12 +570,14 @@ export function OxyServicesApplicationsMixin<T extends typeof OxyServicesBase>(B
       data: CreateApplicationCredentialInput,
     ): Promise<ApplicationCredentialWithSecret> {
       try {
-        return await this.makeRequest<ApplicationCredentialWithSecret>(
+        const result = await this.makeRequest<ApplicationCredentialWithSecret>(
           'POST',
           `/applications/${applicationId}/credentials`,
           data,
           { cache: false },
         );
+        this.clearCacheEntry(`GET:/applications/${applicationId}/credentials`);
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }
@@ -572,12 +596,16 @@ export function OxyServicesApplicationsMixin<T extends typeof OxyServicesBase>(B
       credentialId: string,
     ): Promise<RotateApplicationCredentialResult> {
       try {
-        return await this.makeRequest<RotateApplicationCredentialResult>(
+        const result = await this.makeRequest<RotateApplicationCredentialResult>(
           'POST',
           `/applications/${applicationId}/credentials/${credentialId}/rotate`,
           undefined,
           { cache: false },
         );
+        // Rotation changes credential status/audit fields surfaced by the
+        // credentials list (`rotatedFrom`, grace window, new active credential).
+        this.clearCacheEntry(`GET:/applications/${applicationId}/credentials`);
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }
@@ -594,12 +622,15 @@ export function OxyServicesApplicationsMixin<T extends typeof OxyServicesBase>(B
       credentialId: string,
     ): Promise<ApplicationSuccessResult> {
       try {
-        return await this.makeRequest<ApplicationSuccessResult>(
+        const result = await this.makeRequest<ApplicationSuccessResult>(
           'DELETE',
           `/applications/${applicationId}/credentials/${credentialId}`,
           undefined,
           { cache: false },
         );
+        // Revocation flips the credential's status in the cached list.
+        this.clearCacheEntry(`GET:/applications/${applicationId}/credentials`);
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }
@@ -625,5 +656,39 @@ export function OxyServicesApplicationsMixin<T extends typeof OxyServicesBase>(B
         throw this.handleError(error);
       }
     }
+
+    /**
+     * Bust every cached application list. `getApplications(workspaceId?)` keys
+     * the unscoped list as `GET:/applications` and each workspace-scoped list as
+     * `GET:/applications?workspaceId=<id>` (the query string is part of the URL
+     * path). A change to list membership (create/delete/ownership transfer)
+     * invalidates all of them, so we clear the unscoped entry plus every
+     * `?workspaceId=` variant via a prefix sweep. The prefix `GET:/applications?`
+     * matches only the query-string list variants, never the `GET:/applications/<id>…`
+     * detail/sub-resource keys.
+     *
+     * Internal helper (leading underscore); not part of the supported public
+     * surface. Public rather than `private` because mixins compose into an
+     * exported anonymous class, where TypeScript cannot represent a private
+     * member in the emitted declaration file (TS4094).
+     */
+    _invalidateApplicationLists(): void {
+      this.clearCacheEntry('GET:/applications');
+      this.clearCacheByPrefix('GET:/applications?');
+    }
+
+    /**
+     * Bust the cached member list and detail for an application after a
+     * membership mutation. The member list (`getApplicationMembers`) and the
+     * detail (`getApplication`, which can embed member counts) both go stale
+     * when the member set or a member's role changes.
+     *
+     * Internal helper (leading underscore); see `_invalidateApplicationLists`
+     * for why this is public rather than `private`.
+     */
+    _invalidateApplicationMembership(applicationId: string): void {
+      this.clearCacheEntry(`GET:/applications/${applicationId}/members`);
+      this.clearCacheEntry(`GET:/applications/${applicationId}`);
+    }
   };
 }

package/src/mixins/OxyServices.assets.ts

@@ -345,7 +345,10 @@ export function OxyServicesAssetsMixin<T extends typeof OxyServicesBase>(Base: T
      */
     async assetRestore(fileId: string): Promise<any> {
       try {
-        return await this.makeRequest('POST', `/assets/${fileId}/restore`, undefined, { cache: false });
+        const result = await this.makeRequest('POST', `/assets/${fileId}/restore`, undefined, { cache: false });
+        // The asset metadata (trash state) changed — bust its cached read.
+        this.clearCacheEntry(`GET:/assets/${fileId}`);
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }
@@ -357,7 +360,11 @@ export function OxyServicesAssetsMixin<T extends typeof OxyServicesBase>(Base: T
     async assetDelete(fileId: string, force: boolean = false): Promise<any> {
       try {
         const params: any = force ? { force: 'true' } : undefined;
-        return await this.makeRequest('DELETE', `/assets/${fileId}`, params, { cache: false });
+        const result = await this.makeRequest('DELETE', `/assets/${fileId}`, params, { cache: false });
+        // Bust the cached metadata and every cached URL variant for the asset.
+        this.clearCacheEntry(`GET:/assets/${fileId}`);
+        this.clearCacheByPrefix(`GET:/assets/${fileId}/url`);
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }
@@ -380,9 +387,15 @@ export function OxyServicesAssetsMixin<T extends typeof OxyServicesBase>(Base: T
      */
     async assetUpdateVisibility(fileId: string, visibility: 'private' | 'public' | 'unlisted'): Promise<any> {
       try {
-        return await this.makeRequest('PATCH', `/assets/${fileId}/visibility`, {
+        const result = await this.makeRequest('PATCH', `/assets/${fileId}/visibility`, {
           visibility
         }, { cache: false });
+        // Visibility changes both the asset metadata and the resolved URL
+        // (public CDN vs signed). Bust the metadata read and every cached URL
+        // variant (keyed on variant/expiresIn params).
+        this.clearCacheEntry(`GET:/assets/${fileId}`);
+        this.clearCacheByPrefix(`GET:/assets/${fileId}/url`);
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }

package/src/mixins/OxyServices.features.ts

@@ -159,10 +159,14 @@ export function OxyServicesFeaturesMixin<T extends typeof OxyServicesBase>(Base:
          */
         async subscribe(planId: string, paymentMethodId?: string): Promise<SubscriptionResult> {
             return this.withAuthRetry(async () => {
-                return await this.makeRequest<SubscriptionResult>('POST', '/subscriptions/subscribe', {
+                const result = await this.makeRequest<SubscriptionResult>('POST', '/subscriptions/subscribe', {
                     planId,
                     paymentMethodId,
                 }, { cache: false });
+                // The current subscription changed — bust its cached read so
+                // `getCurrentSubscription()` reflects the new plan immediately.
+                this.clearCacheEntry('GET:/subscriptions/current');
+                return result;
             }, 'subscribe');
         }
 
@@ -171,10 +175,12 @@ export function OxyServicesFeaturesMixin<T extends typeof OxyServicesBase>(Base:
          */
         async subscribeToFeature(featureId: string, paymentMethodId?: string): Promise<SubscriptionResult> {
             return this.withAuthRetry(async () => {
-                return await this.makeRequest<SubscriptionResult>('POST', '/subscriptions/features/subscribe', {
+                const result = await this.makeRequest<SubscriptionResult>('POST', '/subscriptions/features/subscribe', {
                     featureId,
                     paymentMethodId,
                 }, { cache: false });
+                this.clearCacheEntry('GET:/subscriptions/current');
+                return result;
             }, 'subscribeToFeature');
         }
 
@@ -186,6 +192,7 @@ export function OxyServicesFeaturesMixin<T extends typeof OxyServicesBase>(Base:
                 await this.makeRequest('POST', `/subscriptions/${subscriptionId}/cancel`, undefined, {
                     cache: false,
                 });
+                this.clearCacheEntry('GET:/subscriptions/current');
             }, 'cancelSubscription');
         }
 
@@ -197,6 +204,7 @@ export function OxyServicesFeaturesMixin<T extends typeof OxyServicesBase>(Base:
                 await this.makeRequest('POST', `/subscriptions/${subscriptionId}/reactivate`, undefined, {
                     cache: false,
                 });
+                this.clearCacheEntry('GET:/subscriptions/current');
             }, 'reactivateSubscription');
         }
 
@@ -248,45 +256,65 @@ export function OxyServicesFeaturesMixin<T extends typeof OxyServicesBase>(Base:
         }
 
         /**
-         * Save an item
+         * Save an item.
+         *
+         * Busts the cached own saved-items list (`GET /saves`, ~short TTL) so a
+         * follow-up `getSavedItems()` observes the new item. The `userId`-scoped
+         * variant (`/users/<id>/saves`) is another user's list and is not
+         * affected by the caller's own save.
          */
         async saveItem(itemId: string, itemType: string, collectionId?: string): Promise<SavedItem> {
             return this.withAuthRetry(async () => {
-                return await this.makeRequest<SavedItem>('POST', '/saves', {
+                const result = await this.makeRequest<SavedItem>('POST', '/saves', {
                     itemId,
                     itemType,
                     collectionId,
                 }, { cache: false });
+                this.clearCacheEntry('GET:/saves');
+                return result;
             }, 'saveItem');
         }
 
         /**
-         * Remove an item from saves
+         * Remove an item from saves.
+         *
+         * Busts the cached own saved-items list so the removed item is gone on
+         * the next read (see `saveItem`).
          */
         async removeSavedItem(saveId: string): Promise<void> {
             return this.withAuthRetry(async () => {
                 await this.makeRequest('DELETE', `/saves/${saveId}`, undefined, { cache: false });
+                this.clearCacheEntry('GET:/saves');
             }, 'removeSavedItem');
         }
 
         /**
-         * Create a collection
+         * Create a collection.
+         *
+         * Busts the cached own collections list (`GET /collections`) so the new
+         * collection appears on the next read.
          */
         async createCollection(name: string, description?: string): Promise<Collection> {
             return this.withAuthRetry(async () => {
-                return await this.makeRequest<Collection>('POST', '/collections', {
+                const result = await this.makeRequest<Collection>('POST', '/collections', {
                     name,
                     description,
                 }, { cache: false });
+                this.clearCacheEntry('GET:/collections');
+                return result;
             }, 'createCollection');
         }
 
         /**
-         * Delete a collection
+         * Delete a collection.
+         *
+         * Busts the cached own collections list so the deleted collection is
+         * gone on the next read (see `createCollection`).
          */
         async deleteCollection(collectionId: string): Promise<void> {
             return this.withAuthRetry(async () => {
                 await this.makeRequest('DELETE', `/collections/${collectionId}`, undefined, { cache: false });
+                this.clearCacheEntry('GET:/collections');
             }, 'deleteCollection');
         }
 
@@ -330,20 +358,29 @@ export function OxyServicesFeaturesMixin<T extends typeof OxyServicesBase>(Base:
         }
 
         /**
-         * Clear user history
+         * Clear user history.
+         *
+         * `getUserHistory` caches per (limit, offset) page, so its cache key
+         * carries serialized params (`GET:/history` and `GET:/history:<params>`).
+         * A prefix sweep busts every cached page of the own history at once.
          */
         async clearUserHistory(): Promise<void> {
             return this.withAuthRetry(async () => {
                 await this.makeRequest('DELETE', '/history', undefined, { cache: false });
+                this.clearCacheByPrefix('GET:/history');
             }, 'clearUserHistory');
         }
 
         /**
-         * Delete a history item
+         * Delete a history item.
+         *
+         * Busts every cached page of the own history (see `clearUserHistory`)
+         * so the removed item no longer appears on the next read.
          */
         async deleteHistoryItem(itemId: string): Promise<void> {
             return this.withAuthRetry(async () => {
                 await this.makeRequest('DELETE', `/history/${itemId}`, undefined, { cache: false });
+                this.clearCacheByPrefix('GET:/history');
             }, 'deleteHistoryItem');
         }
 

package/src/mixins/OxyServices.managedAccounts.ts

@@ -41,13 +41,17 @@ export function OxyServicesManagedAccountsMixin<T extends typeof OxyServicesBase
      * Create a new managed account (sub-account).
      *
      * The server creates a User document with `isManagedAccount: true` and links
-     * it to the authenticated user as owner.
+     * it to the authenticated user as owner. Invalidates the cached
+     * `GET /managed-accounts` list (~2-minute TTL, identity-scoped) so the next
+     * read includes the newly created account.
      */
     async createManagedAccount(data: CreateManagedAccountInput): Promise<ManagedAccount> {
       try {
-        return await this.makeRequest<ManagedAccount>('POST', '/managed-accounts', data, {
+        const result = await this.makeRequest<ManagedAccount>('POST', '/managed-accounts', data, {
           cache: false,
         });
+        this.clearCacheEntry('GET:/managed-accounts');
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }
@@ -84,12 +88,19 @@ export function OxyServicesManagedAccountsMixin<T extends typeof OxyServicesBase
     /**
      * Update a managed account's profile data.
      * Requires owner or admin role.
+     *
+     * Invalidates both the cached detail (`GET /managed-accounts/<id>`) and the
+     * cached list (`GET /managed-accounts`, which embeds account profile data)
+     * so neither serves the pre-update snapshot within their ~2-minute TTL.
      */
     async updateManagedAccount(accountId: string, data: Partial<CreateManagedAccountInput>): Promise<ManagedAccount> {
       try {
-        return await this.makeRequest<ManagedAccount>('PUT', `/managed-accounts/${accountId}`, data, {
+        const result = await this.makeRequest<ManagedAccount>('PUT', `/managed-accounts/${accountId}`, data, {
           cache: false,
         });
+        this.clearCacheEntry(`GET:/managed-accounts/${accountId}`);
+        this.clearCacheEntry('GET:/managed-accounts');
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }
@@ -98,12 +109,17 @@ export function OxyServicesManagedAccountsMixin<T extends typeof OxyServicesBase
     /**
      * Delete a managed account permanently.
      * Requires owner role.
+     *
+     * Invalidates the cached detail and list responses so the deleted account
+     * is not served from cache.
      */
     async deleteManagedAccount(accountId: string): Promise<void> {
       try {
         await this.makeRequest<void>('DELETE', `/managed-accounts/${accountId}`, undefined, {
           cache: false,
         });
+        this.clearCacheEntry(`GET:/managed-accounts/${accountId}`);
+        this.clearCacheEntry('GET:/managed-accounts');
       } catch (error) {
         throw this.handleError(error);
       }
@@ -113,6 +129,9 @@ export function OxyServicesManagedAccountsMixin<T extends typeof OxyServicesBase
      * Add a manager to a managed account.
      * Requires owner or admin role on the account.
      *
+     * Mutates the account's `managers[]`, which is returned by the detail and
+     * list reads — invalidate both so they re-fetch the updated manager set.
+     *
      * @param accountId - The managed account to add the manager to
      * @param userId - The user to grant management access
      * @param role - The role to assign: 'admin' or 'editor'
@@ -122,6 +141,8 @@ export function OxyServicesManagedAccountsMixin<T extends typeof OxyServicesBase
         await this.makeRequest<void>('POST', `/managed-accounts/${accountId}/managers`, { userId, role }, {
           cache: false,
         });
+        this.clearCacheEntry(`GET:/managed-accounts/${accountId}`);
+        this.clearCacheEntry('GET:/managed-accounts');
       } catch (error) {
         throw this.handleError(error);
       }
@@ -131,6 +152,9 @@ export function OxyServicesManagedAccountsMixin<T extends typeof OxyServicesBase
      * Remove a manager from a managed account.
      * Requires owner role.
      *
+     * Invalidates the detail and list responses so the updated `managers[]`
+     * is observed on the next read (see `addManager`).
+     *
      * @param accountId - The managed account
      * @param userId - The manager to remove
      */
@@ -139,6 +163,8 @@ export function OxyServicesManagedAccountsMixin<T extends typeof OxyServicesBase
         await this.makeRequest<void>('DELETE', `/managed-accounts/${accountId}/managers/${userId}`, undefined, {
           cache: false,
         });
+        this.clearCacheEntry(`GET:/managed-accounts/${accountId}`);
+        this.clearCacheEntry('GET:/managed-accounts');
       } catch (error) {
         throw this.handleError(error);
       }

package/src/mixins/OxyServices.privacy.ts

@@ -63,7 +63,13 @@ export function OxyServicesPrivacyMixin<T extends typeof OxyServicesBase>(Base:
     }
 
     /**
-     * Block a user
+     * Block a user.
+     *
+     * Invalidates the cached `GET /privacy/blocked` response after the write.
+     * `getBlockedUsers` caches for ~1 minute (identity-scoped); without busting
+     * that entry, a consumer that re-reads the blocked list within the TTL
+     * window would not see the user it just blocked. `clearCacheEntry` deletes
+     * every identity-scoped variant of the key.
      * @param userId - The user ID to block
      * @returns Success message
      */
@@ -72,16 +78,21 @@ export function OxyServicesPrivacyMixin<T extends typeof OxyServicesBase>(Base:
         if (!userId) {
           throw new Error('User ID is required');
         }
-        return await this.makeRequest<{ message: string }>('POST', `/privacy/blocked/${userId}`, undefined, {
+        const result = await this.makeRequest<{ message: string }>('POST', `/privacy/blocked/${userId}`, undefined, {
           cache: false,
         });
+        this.clearCacheEntry('GET:/privacy/blocked');
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }
     }
 
     /**
-     * Unblock a user
+     * Unblock a user.
+     *
+     * Busts the cached `GET /privacy/blocked` response so a remount reads the
+     * fresh list without the just-unblocked user (see `blockUser`).
      * @param userId - The user ID to unblock
      * @returns Success message
      */
@@ -90,9 +101,11 @@ export function OxyServicesPrivacyMixin<T extends typeof OxyServicesBase>(Base:
         if (!userId) {
           throw new Error('User ID is required');
         }
-        return await this.makeRequest<{ message: string }>('DELETE', `/privacy/blocked/${userId}`, undefined, {
+        const result = await this.makeRequest<{ message: string }>('DELETE', `/privacy/blocked/${userId}`, undefined, {
           cache: false,
         });
+        this.clearCacheEntry('GET:/privacy/blocked');
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }
@@ -131,7 +144,13 @@ export function OxyServicesPrivacyMixin<T extends typeof OxyServicesBase>(Base:
     }
 
     /**
-     * Restrict a user (limit their interactions without fully blocking)
+     * Restrict a user (limit their interactions without fully blocking).
+     *
+     * Invalidates the cached `GET /privacy/restricted` response after the write.
+     * `getRestrictedUsers` caches for ~1 minute (identity-scoped); without
+     * busting that entry, a consumer that re-reads the restricted list within
+     * the TTL window would not see the user it just restricted.
+     * `clearCacheEntry` deletes every identity-scoped variant of the key.
      * @param userId - The user ID to restrict
      * @returns Success message
      */
@@ -140,16 +159,21 @@ export function OxyServicesPrivacyMixin<T extends typeof OxyServicesBase>(Base:
         if (!userId) {
           throw new Error('User ID is required');
         }
-        return await this.makeRequest<{ message: string }>('POST', `/privacy/restricted/${userId}`, undefined, {
+        const result = await this.makeRequest<{ message: string }>('POST', `/privacy/restricted/${userId}`, undefined, {
           cache: false,
         });
+        this.clearCacheEntry('GET:/privacy/restricted');
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }
     }
 
     /**
-     * Unrestrict a user
+     * Unrestrict a user.
+     *
+     * Busts the cached `GET /privacy/restricted` response so a remount reads the
+     * fresh list without the just-unrestricted user (see `restrictUser`).
      * @param userId - The user ID to unrestrict
      * @returns Success message
      */
@@ -158,9 +182,11 @@ export function OxyServicesPrivacyMixin<T extends typeof OxyServicesBase>(Base:
         if (!userId) {
           throw new Error('User ID is required');
         }
-        return await this.makeRequest<{ message: string }>('DELETE', `/privacy/restricted/${userId}`, undefined, {
+        const result = await this.makeRequest<{ message: string }>('DELETE', `/privacy/restricted/${userId}`, undefined, {
           cache: false,
         });
+        this.clearCacheEntry('GET:/privacy/restricted');
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }

package/src/mixins/OxyServices.topics.ts

@@ -124,9 +124,13 @@ export function OxyServicesTopicsMixin<T extends typeof OxyServicesBase>(Base: T
       }
     ): Promise<TopicData> {
       try {
-        return await this.makeRequest('PATCH', `/topics/${slug}`, data, {
+        const result = await this.makeRequest<TopicData>('PATCH', `/topics/${slug}`, data, {
           cache: false,
         });
+        // Bust the cached topic detail so `getTopicBySlug(slug)` reflects the
+        // updated metadata immediately (it caches at the LONG TTL).
+        this.clearCacheEntry(`GET:/topics/${slug}`);
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }

package/src/mixins/OxyServices.user.ts

@@ -482,16 +482,25 @@ export function OxyServicesUserMixin<T extends typeof OxyServicesBase>(Base: T)
     }
 
     /**
-     * Update privacy settings
+     * Update privacy settings.
+     *
+     * Invalidates the cached `GET /privacy/<id>/privacy` response (the exact
+     * key `getPrivacySettings` reads, scoped to the same `id`) after the write.
+     * `getPrivacySettings` caches for ~2 minutes (identity-scoped); without
+     * busting that entry, a follow-up read within the TTL window returns the
+     * pre-update settings. `clearCacheEntry` deletes every identity-scoped
+     * variant of the key.
      * @param settings - Partial privacy settings object
      * @param userId - The user ID (defaults to current user)
      */
     async updatePrivacySettings(settings: Partial<PrivacySettings>, userId?: string): Promise<PrivacySettings> {
       try {
         const id = userId || (await this.getCurrentUser()).id;
-        return await this.makeRequest<PrivacySettings>('PATCH', `/privacy/${id}/privacy`, settings, {
+        const result = await this.makeRequest<PrivacySettings>('PATCH', `/privacy/${id}/privacy`, settings, {
           cache: false,
         });
+        this.clearCacheEntry(`GET:/privacy/${id}/privacy`);
+        return result;
       } catch (error) {
         throw this.handleError(error);
       }