Cache-Control for assets, faster related_records, asset URL cache invalidation, authorization policies by name, Instance Clone improvements

May 19, 2026

NEW

• cache_control argument for admin_assets_create and admin_asset_update mutations: When provided, the value (for example max-age=31536000, public) is stored in the asset's metadata and applied as the Cache-Control header on the underlying object in the file storage provider (S3, R2, etc.), allowing CDNs and browsers to cache assets according to your policy.

• authorization_policies argument for admin_page_create and admin_page_update mutations: Authorization policies can now be associated with a page by name (the same identifier used in Liquid frontmatter, e.g. page_policy or modules/my_module/page_policy), in addition to the existing authorization_policy_ids. Names and ids can be combined; all provided names must resolve to existing AuthorizationPolicy records.

IMPROVED

• Faster related_records: Reduced object allocations in related_records, improving performance up to 4x.

• Asset cache invalidation now per-instance: Changed the internal implementation of cache invalidation for assets. The updated=... query parameter appended by the asset_url (and asset_path) filter is now derived from a per-instance assets_updated_at timestamp that is bumped whenever assets change, instead of being derived per asset. This means all asset URLs are invalidated together when any asset is updated, ensuring CDN caches stay consistent.

• Deprecated url argument in admin_assets_create: Asset URLs are now derived from the asset name and the per-instance CDN, so the argument is ignored. Upload bytes via admin_assets_presign_urls first, then call admin_assets_create without the url argument. The argument will be removed in a future release.

• Batched page loading on deploy: Pages are now loaded in batches during deploy, providing better support for very large deploys - particularly those containing pages generated by Static Site Generators (SSG).

• Faster Instance Clone asset dump: The asset manifest step of pos-cli clone is significantly faster, reducing the time spent in the export phase of cloning instances with large numbers of assets.

• InstanceClone could leave the target instance's clone record in pending indefinitely when export failed (for example due to an oversized file): Failures are now surfaced cleanly as a terminal failed status with a sanitized error message, so pos-cli polling resolves instead of hanging.