feat(cache): centralize mutation invalidation at the HTTP layer (#792)

[BYK]

Closes #792. Follow-up to #788.

Summary

The per-site invalidate* helpers in api/issues.ts, api/projects.ts, and api/dashboards.ts are replaced by a single post-mutation hook in authenticatedFetch that auto-invalidates the cache for every successful non-GET. Prefix computation lives in a new src/lib/cache-keys.ts module.

Layer 1: HTTP-layer hook (new)

invalidateAfterMutation fires after fetchWithRetry returns a 2xx non-GET response:

• Hierarchy walk — for /api/0/organizations/{org}/releases/1.0.0/deploys/, sweeps the URL path plus every ancestor down to the owner level (releases/1.0.0/, releases/, organizations/{org}/). The bare top-level organizations/ root is deliberately not swept — sweeping it on every mutation would evict unrelated cross-org caches.
• Cross-endpoint rules — tiny table for the 2 cases where a mutation affects a different URL tree:
  • POST /api/0/teams/{org}/{team}/projects/ invalidates /api/0/organizations/{org}/projects/
  • DELETE /api/0/projects/{org}/{project}/ invalidates /api/0/organizations/{org}/projects/

The hook is awaited before returning the response, so a subsequent read in the same command sees fresh data. Identity-gated via the existing sweep primitive (no cross-account eviction). classifyUrl === "no-cache" paths (autofix / root-cause) are never cached to begin with, so sweeping them is a no-op.

Layer 2: Command-level override (deferred)

Issue #792 proposed an optional invalidates callback on buildCommand for cross-endpoint fan-outs the HTTP layer can't know about. Turned out the 2 hardcoded rules above cover every current case — deferred the callback API to when a real use case emerges.

Coverage

Every mutation in src/lib/api/ is now covered for free, including ones that had no invalidation before:

• release create/update/delete, release deploy, set-commits*
• team create, member add
• dashboard create
• trial start

sentry api -X POST/PUT/DELETE ... also gets auto-invalidation — users of the raw escape hatch no longer need --fresh on follow-up reads.

Removed

• api/issues.ts: invalidateIssueCaches, invalidateIssueDetailCaches, invalidateOrgIssueList + their call sites in updateIssueStatus / mergeIssues.
• api/projects.ts: invalidateProjectCaches, invalidateOrgProjectCache + call sites in createProject / deleteProject.
• api/dashboards.ts: inline invalidateCachedResponse in updateDashboard.

Net: -156 lines of source, +130 lines for cache-keys.ts.

Tests

• test/lib/cache-keys.test.ts (14 tests) — hierarchy walk (with the owner-level cap), cross-endpoint rules, query-string stripping, unparseable URLs, self-hosted bases, dedup.
• test/lib/sentry-client.invalidation.test.ts (5 integration tests) — successful mutation clears self + list, failed mutation leaves cache alone, GET doesn't invalidate, cross-endpoint rule fires, identity isolation holds.

Full unit suite: 5546 passing. bun run typecheck, bun run lint clean.

Follow-ups

One minor optimization deferred: when the hook computes multiple prefixes, Promise.all kicks off independent invalidateCachedResponsesMatching calls, each doing its own readdir + per-file parse. For typical cache sizes (few hundred entries) this is negligible, but the natural shape is "read the dir once, match every entry against ALL prefixes, unlink if any match." A future invalidateCachedResponsesMatchingAny(prefixes: string[]) API would eliminate the redundant I/O. Not done here to keep the PR scoped.

[github-actions]

Semver Impact of This PR

🟡 Minor (new features)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

New Features ✨

Cache

• Centralize mutation invalidation at the HTTP layer (Centralize mutation cache invalidation via a command-level helper #792) by BYK in #801

• Scope response cache per active identity (CLI UX: cache invalidation, env var discoverability, and error message improvements #785) by BYK in #788

Other

• (auth) Hint when env token is shadowed by stored OAuth (CLI UX: cache invalidation, env var discoverability, and error message improvements #785) by BYK in #790
• (help) Add Environment Variables section to branded help (CLI UX: cache invalidation, env var discoverability, and error message improvements #785) by BYK in #786
• (issue) Add resolve, unresolve (reopen), and merge commands by BYK in #778
• (scan) Pure-TS ripgrep-compatible scanner + DSN migration + perf overhaul by BYK in #791

Bug Fixes 🐛

Init

• Send dirListing/fileCache/existingSentry via initialState by betegon in #796
• Force process exit after wizard completes by betegon in #782

Other

• (arg-parsing) Throw ValidationError (not raw Error) for format errors by BYK in #793
• (dashboard) Accept dataset aliases (errors, transactions, metrics) (CLI-JG) by BYK in #800
• (error-reporting) Fall back to message prefix for ValidationError without field by BYK in #776
• (errors) Surface real API errors and granular scopes in 403s (CLI UX: cache invalidation, env var discoverability, and error message improvements #785) by BYK in #789
• (hex-id) Auto-recover malformed hex IDs in view commands (CLI-16G) by BYK in #777
• (ux) Rate-limit update banner and silence /api/0/ auto-fix (CLI UX: cache invalidation, env var discoverability, and error message improvements #785) by BYK in #787

Documentation 📚

• Fix auth token precedence, update stale architecture tree, and documentation audit report by cursor in #783

Internal Changes 🔧

• (init) Trim deprecated --features help entries by MathurAditya724 in #781
• (issue) Skip redundant API lookups via project+issue-org caches by BYK in #794
• Regenerate docs by github-actions[bot] in 58a84035

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

PR Preview Action v1.8.1
🚀 View preview at https://cli.sentry.dev/_preview/pr-801/
Built to branch gh-pages at 2026-04-21 13:26 UTC. Preview will be ready when the GitHub Pages deployment is complete.

[github-actions]

Codecov Results 📊

✅ 138 passed | Total: 138 | Pass Rate: 100% | Execution Time: 0ms

📊 Comparison with Base Branch

Metric	Change
Total Tests	—
Passed Tests	—
Failed Tests	—
Skipped Tests	—

✨ No test changes detected

All tests are passing successfully.

✅ Patch coverage is 98.53%. Project has 1721 uncovered lines.
✅ Project coverage is 95.72%. Comparing base (base) to head (head).

Files with missing lines (1)

File	Patch %	Lines
src/lib/cache-keys.ts	97.96%	⚠️ 1 Missing

Coverage diff

@@            Coverage Diff             @@
##          main       #PR       +/-##
==========================================
+ Coverage    95.64%    95.72%    +0.08%
==========================================
  Files          280       281        +1
  Lines        40248     40232       -16
  Branches         0         0         —
==========================================
+ Hits         38494     38511       +17
- Misses        1754      1721       -33
- Partials         0         0         —

---

Generated by Codecov Action

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit d51ba3a. Configure here.}