docs(web/blog): add Wheels 4.0.2 release post

[bpamiri]

Summary

• Publishes the Wheels 4.0.2 release announcement (web/content/blog/posts/wheels-4-0-2-released.md) to blog.wheels.dev.
• 4.0.2 (tagged v4.0.2) centers on shared-database migration reconciliation — orphan-version detection, a migrate doctor health report, and forget/pretend reconciliation commands — plus MSSQL silent-rollback fixes and native signed apt.wheels.dev / yum.wheels.dev package repos.
• Content-only: a single markdown file under web/content/blog/posts/. No code or build changes.

Why a PR instead of the auto-deploy path

The post was published via the publishing-admin UI button, which exports the markdown to disk but intentionally does not push — only the scheduled-publish path auto-commits to develop. A PR keeps the review checkpoint and audit trail for release content.

Deploy

• Merge to develop → Cloudflare Pages rebuilds and the post goes live at https://blog.wheels.dev/posts/wheels-4-0-2-released

🤖 Generated with Claude Code

[wheels-bot]

Wheels Bot — Reviewer A

TL;DR: This adds the 4.0.2 release announcement to web/content/blog/posts/. The content is accurate and well-written against the CHANGELOG. One notable editorial omission stands out — the compatibility matrix restoration for BoxLang and Adobe CF 2023/2025 (#2817) goes unmentioned despite being called out in the CHANGELOG summary as a headline deliverable. Two small nits below. Overall: comment (no correctness blockers).

---

Correctness

Content accuracy — I cross-checked every PR reference in the post against the CHANGELOG.md [4.0.2] section. All cited numbers (#2798, #2799, #2800, #2802, #2804, #2805, #2807, #2809, #2810, #2812, #2813, #2814, #2774, #2776, #2782, #2783, #2786, #2787, #2793, #2794, #2795, #2796) are present and the descriptions faithfully match what was shipped.

RPM package size (web/content/blog/posts/wheels-4-0-2-released.md, line 109):

the `.deb`/`.rpm` are ~80 MB

CHANGELOG (#2814) distinguishes: .deb 80 MB, .rpm 81 MB. The ~80 MB approximation is close enough, but noting it in case exact sizing matters downstream.

---

Docs

Missing: BoxLang + Adobe CF 2023/2025 compatibility restoration — the CHANGELOG summary explicitly calls out "greens the compatibility matrix across BoxLang and Adobe ColdFusion 2023/2025" as part of the 4.0.2 headline. PR #2817 fixed a 17-fail / 72-error BoxLang regression and a full Adobe CF 2023/2025 suite crash (HTTP 404 + corrupted JSON from the test runner). Users on those engines would benefit from knowing 4.0.2 restores full compatibility for them; it is the category of fix most likely to prompt a "should I upgrade now?" decision. The current post is accurate but silent on this.

Suggested addition somewhere near the "Smaller fixes" section:

## Compatibility matrix restored: BoxLang and Adobe CF 2023/2025

4.0.2 also closes the remaining compatibility-matrix regressions for BoxLang (17 fail / 72 error on every database since 4.0.0) and Adobe CF 2023/2025 (full suite crash since the `cfheader` attributeCollection fix in 4.0.1 uncovered a response-already-committed cascade). Both engines now report zero failures across all database drivers ([#2817](https://github.com/wheels-dev/wheels/pull/2817)).

---

Commits

Commit 50b265c — docs(web/blog): add Wheels 4.0.2 release post — passes commitlint (docs type, web/blog scope, subject ≤ 100 chars, sentence case). The Validate Commit Messages CI check confirms it.

DCO sign-off — the commit body carries a Co-Authored-By: trailer but no Signed-off-by: trailer. The DCO App is listed as a required status check in CONTRIBUTING.md; I don't see it in the visible PR check list, so it may be handled separately at merge time. Worth confirming the DCO App is satisfied before merge.

---

[wheels-bot]

Wheels Bot — Reviewer B (round 1)

A's review is accurate and well-grounded. The #2817 omission finding is confirmed against the CHANGELOG — the 4.0.2 summary header explicitly calls out "greens the compatibility matrix across BoxLang and Adobe ColdFusion 2023/2025" as a headline deliverable, and the fix description is substantial (BoxLang root-cause trace to variables.local shadowing, six separate Adobe CF bugs). The blog post is silent on all of it. A's suggested addition is concrete and correct. No sycophancy, no false positives detected. Converging on changes-needed.

Sycophancy

None detected. A used the "comment" review state rather than an eager approve, backed every positive observation with evidence (PR-by-PR CHANGELOG cross-check), and flagged a real editorial gap. The "no correctness blockers" framing is accurate for a content-only diff.

False positives

None detected.

• RPM size (~80 MB): A correctly notes the CHANGELOG distinguishes .deb (80 MB) vs .rpm (81 MB) and the post rounds both to ~80 MB. Accurate observation, appropriately low-severity.
• DCO sign-off: The commit body has Co-Authored-By: but no Signed-off-by:. A is correct that the trailer is absent. The CI check list does not include a DCO App check for this PR, which may mean the app is not configured as a required check here — A's hedge ("it may be handled separately at merge time") is fair. Not a false positive; the sign-off is genuinely missing even if automated enforcement is unclear.

Missed issues

None detected. The diff is a single new markdown file. Cross-engine invariants do not apply. The base branch is develop (correct per rails). Commit docs(web/blog) passes commitlint as A confirmed.

One minor observation A didn't mention: updatedAt: '2026-05-28T03:20:32.000Z' is tomorrow in UTC relative to publishedAt. This is almost certainly a CMS timezone artifact and not a real issue — not flagging as a finding.

Verdict alignment

A's "comment" verdict is consistent with findings: real editorial gap, no correctness blockers, the decision whether to expand the post rests with the human author. Consistent.

Convergence

Aligned with A. The #2817 omission is the one finding that warrants action — a headline CHANGELOG deliverable (full BoxLang + Adobe CF 2023/2025 compatibility restoration) absent from the release announcement is a meaningful gap for users on those engines deciding whether to upgrade. A's suggested section is accurate and ready to apply. Emitting converged-changes to trigger address-review.

[wheels-bot]

Wheels Bot — Address Review (round 1)

Applied consensus findings from Reviewer A and Reviewer B's convergence (round 1):

• Added a "Compatibility matrix restored: BoxLang and Adobe CF 2023/2025" section to web/content/blog/posts/wheels-4-0-2-released.md between "Native apt and yum repositories" and "Smaller fixes". Covers the fix: green the compat matrix for BoxLang and Adobe CF 2023/2025 #2817 deliverable that the CHANGELOG summary calls out as a 4.0.2 headline but the post was silent on: the BoxLang variables.local shadow root cause (17 fail / 72 error → green), the Adobe CF 2023/2025 response-already-committed cascade (full-suite crash → green), and the five companion Adobe-specific traps fixed alongside. Wording adapted from A's suggested addition; B explicitly named this as the one finding warranting action.

Intentionally skipped (out of consensus):

• RPM ~80 MB rounding: A and B both rated as appropriately low-severity (.deb 80 MB, .rpm 81 MB → ~80 MB is a fair approximation). No action.
• Missing Signed-off-by trailer on the original commit 50b265c: B's converged summary listed only fix: green the compat matrix for BoxLang and Adobe CF 2023/2025 #2817 as warranting action and treated the DCO observation as "fair to hedge"; amending another author's commit on a shared branch is also out of scope for this stage. Will need a human author rebase if DCO enforcement actually blocks merge.

The new commit will trigger a fresh Reviewer A run on the updated SHA. Convergence loop continues until reviewers align on approve or the outer-loop cap (5 rounds) is reached.

[wheels-bot]

Wheels Bot — Reviewer A

TL;DR: This PR adds the Wheels 4.0.2 release announcement. The new commit (d7642e22d) addresses the main finding from the previous review round — the "Compatibility matrix restored" section for BoxLang and Adobe CF 2023/2025 is now present and accurate. One minor counting discrepancy surfaces in the new text ("five further" traps listed, but six are enumerated); it is carried from the CHANGELOG rather than introduced here. Overall: comment (no correctness blockers, ready to merge pending the nit below).

---

Correctness

Previous finding resolved — The ## Compatibility matrix restored: BoxLang and Adobe CF 2023/2025 section is now present (web/content/blog/posts/wheels-4-0-2-released.md, lines 122–125 in the merged file). Technical content cross-checks against CHANGELOG.md [4.0.2] entry for #2817: root cause (BoxLang variables.local shadow), fix ($promoteIncludedGlobalsToThis()), Adobe CF 2023/2025 cascade origin (4.0.1 cfheader fix), and cfsavecontent capture are all accurately represented.

Minor: "five further" vs. six enumerated items (web/content/blog/posts/wheels-4-0-2-released.md, line 123):

five further Adobe-specific traps were fixed alongside (`request`-scope parameter shadowing in middleware, empty-body `cfhttp` POSTs in `TestClient`, array-by-value mutation in `ParallelRunner.$collectFailures`, double-`include` in `$reincludeGlobals`, a `fileWrite`/`fileRead` newline roundtrip on Adobe 2025, and `cf_sql_integer` overflow on CockroachDB's `unique_rowid()` PKs)

The parenthetical lists six distinct items; the lead-in says "five further." The same off-by-one appears in CHANGELOG.md [4.0.2] — the blog faithfully mirrors the source, so this is inherited rather than introduced. Suggested fix either way:

six further Adobe-specific traps were fixed alongside (…)

Harmless to readers skimming the list, but worth correcting before the post goes live.

---

Commits

• 50b265cbd (docs(web/blog): add Wheels 4.0.2 release post) — passes commitlint, authored by bpamiri. The DCO sign-off flag from the previous review stands: this commit carries a Co-Authored-By: trailer but no Signed-off-by:. If the DCO App is a required status check, confirm it passed before merge.
• d7642e22d (docs(web/blog): address Reviewer A/B consensus findings (round 1)) — passes commitlint, carries Signed-off-by: claude[bot]. Commit body explains what was and was not addressed and why — good audit trail.

---

[wheels-bot]

Wheels Bot — Reviewer B (round 1)

A's review on the updated SHA is accurate and well-grounded. The one finding — "five further" naming six items — is verified against the diff and against the CHANGELOG source; the count error is genuinely inherited rather than newly introduced. No sycophancy, no false positives. Converging on changes-needed for the single-word copy fix.

Sycophancy

None detected. A confirmed the previous round's finding is addressed before issuing any positive verdict, and explicitly flagged the remaining nit before commenting "no correctness blockers."

False positives

None detected.

• "five further" / six items (line 123): Verified. The parenthetical lists six distinct items: (1) request-scope shadowing in middleware, (2) empty-body cfhttp POSTs in TestClient, (3) array-by-value mutation in ParallelRunner.$collectFailures, (4) double-include in $reincludeGlobals, (5) fileWrite/fileRead newline roundtrip on Adobe 2025, (6) cf_sql_integer overflow on CockroachDB PKs. Count is 6, not 5. A's claim is accurate. A is also correct that the same error appears in CHANGELOG.md [4.0.2] ("Five further Adobe-specific bugs:" followed by the same six-item list) — the blog faithfully mirrors the source. Inherited, not introduced. Fixing to "six further" is the right call.
• DCO sign-off on 50b265cbd: A correctly identifies the missing Signed-off-by trailer and hedges appropriately ("if the DCO App is a required status check"). Not a false positive; the trailer is genuinely absent.

Missed issues

None detected. The diff is a single new markdown file. No CFML code changes; cross-engine invariants do not apply. The bot-authored commit d7642e22d carries a valid Signed-off-by trailer. Base branch is develop (correct per rails). Both commit messages pass commitlint.

Verdict alignment

A's "comment" (no correctness blockers) is consistent with findings: one minor numerical error that should be corrected before the post goes live, nothing that affects technical accuracy at a structural level.

Convergence

Aligned with A. The only remaining action is a one-word fix: "five further" → "six further" at line 123 of web/content/blog/posts/wheels-4-0-2-released.md. Emitting converged-changes to trigger address-review.

[wheels-bot]

Wheels Bot — Address Review (round 2)

Applied consensus findings from Reviewer A and Reviewer B's convergence (round 2):

• Item count fix: web/content/blog/posts/wheels-4-0-2-released.md line 124 — "five further Adobe-specific traps" → "six further", matching the six items enumerated in the parenthetical (request-scope shadowing in middleware, empty-body cfhttp POSTs in TestClient, array-by-value mutation in ParallelRunner.$collectFailures, double-include in $reincludeGlobals, fileWrite/fileRead newline roundtrip on Adobe 2025, cf_sql_integer overflow on CockroachDB's unique_rowid() PKs). Both A and B verified the count error and named this as the only action for the round.

Intentionally skipped (out of consensus / out of scope):

• Same miscount in CHANGELOG.md: B noted the blog faithfully mirrors the CHANGELOG source. The blog post fix addresses the consensus finding for this PR; the CHANGELOG correction belongs in a separate commit on the framework side and is out of scope for this docs-only PR.
• Missing Signed-off-by trailer on the human-authored commit 50b265c: A hedged this appropriately ("if the DCO App is a required status check"). Amending another author's commit on a shared branch is out of scope for the bot; the human author can rebase to add the trailer if DCO enforcement blocks merge.

The new commit will trigger a fresh Reviewer A run on the updated SHA. Convergence loop continues until reviewers align on approve or the outer-loop cap (5 rounds) is reached.

[wheels-bot]

Wheels Bot — Reviewer A

TL;DR: Round 3 of the Wheels 4.0.2 release post. The round 2 commit (d0f619402) correctly updates "five further" → "six further" in the compatibility-matrix section (line 124), and the six-item parenthetical list now matches the lead-in count — verified against CHANGELOG.md line 41 for #2817. All findings from rounds 1 and 2 are resolved. No correctness, convention, cross-engine, or security issues remain. The post is accurate and ready to publish. Approve.

---

Correctness

Round 2 fix confirmed (web/content/blog/posts/wheels-4-0-2-released.md, line 124):

six further Adobe-specific traps were fixed alongside (`request`-scope parameter
shadowing in middleware, empty-body `cfhttp` POSTs in `TestClient`, array-by-value
mutation in `ParallelRunner.$collectFailures`, double-`include` in `$reincludeGlobals`,
a `fileWrite`/`fileRead` newline roundtrip on Adobe 2025, and `cf_sql_integer`
overflow on CockroachDB's `unique_rowid()` PKs)

Six items in the parenthetical; "six further" in the lead-in — consistent. The CHANGELOG source (CHANGELOG.md line 41) reads "Five further Adobe-specific bugs" while listing the same six items, so the blog is more accurate than the CHANGELOG on this count. The round 2 commit message explicitly notes the CHANGELOG miscount is out of scope for this docs-only PR, which is the correct call.

All PR references in the post (#2798, #2799, #2800, #2802, #2804, #2805, #2807, #2809, #2810, #2812, #2813, #2814, #2774, #2776, #2782, #2783, #2786, #2787, #2793, #2794, #2795, #2796, #2817) continue to cross-check against the [4.0.2] CHANGELOG section. No new accuracy issues.

---

Commits

All three commits pass commitlint (docs type, web/blog scope, subject ≤ 100 chars, sentence case):

• 50b265cbd — docs(web/blog): add Wheels 4.0.2 release post (bpamiri — Co-Authored-By: present, no Signed-off-by:)
• d7642e22d — docs(web/blog): address Reviewer A/B consensus findings (round 1) (claude[bot] — Signed-off-by: present)
• d0f619402 — docs(web/blog): address Reviewer A/B consensus findings (round 2) (claude[bot] — Signed-off-by: present)

The DCO flag on 50b265cbd (raised in rounds 1 and 2) stands: bpamiri's commit carries Co-Authored-By: but no Signed-off-by: trailer. Whether the DCO App considers this satisfied depends on bpamiri's contributor agreement status — no change from prior rounds, and outside the bot's scope to resolve.

---

[wheels-bot]

Wheels Bot — Reviewer B (round 1)

A's round 3 review checks out. All prior findings are resolved, A's APPROVED verdict is well-supported by specific evidence, and the post is accurate as of the current SHA. Converging on approve.

Sycophancy

None detected. A confirmed the round 2 fix with a direct quote of the corrected text (rather than assuming it was applied), maintained the DCO flag from prior rounds without softening it, and supported the approval with concrete evidence at each step — not a bare "LGTM."

False positives

None detected.

• Six-item parenthetical count (line 124): Verified independently against the diff. The parenthetical lists six distinct items: (1) request-scope parameter shadowing in middleware, (2) empty-body cfhttp POSTs in TestClient, (3) array-by-value mutation in ParallelRunner.$collectFailures, (4) double-include in $reincludeGlobals, (5) fileWrite/fileRead newline roundtrip on Adobe 2025, (6) cf_sql_integer overflow on CockroachDB PKs. Count is 6; "six further" in the lead-in is accurate. A's claim holds.
• Blog more accurate than CHANGELOG: Confirmed. CHANGELOG.md reads "Five further Adobe-specific bugs" while listing the same six items. The blog now says "six further." A is correct.
• DCO on 50b265cbd: Confirmed via git log. Commit by bpamiri carries Co-Authored-By: but no Signed-off-by: trailer. A's observation and hedge are accurate — the bot cannot amend another author's commit, and A's approval doesn't bypass branch protection rules.

Missed issues

None detected. The diff is a single new markdown file. Cross-engine invariants and CFML-specific patterns do not apply. All three commits pass commitlint (docs(web/blog), subject ≤ 100 chars). The two bot-authored commits (d7642e22d, d0f619402) both carry valid Signed-off-by trailers (confirmed via git log).

Verdict alignment

A's APPROVED verdict is consistent with findings: both prior editorial gaps (missing compatibility-matrix section, miscount) are resolved, no new correctness issues exist in the diff, and the one outstanding item (DCO on the original human-authored commit) is outside the bot's scope and does not change the editorial accuracy of the post.

Convergence

Aligned with A. The post is accurate, complete, and ready to publish. The only blocker before merge is the missing Signed-off-by on 50b265cbd (bpamiri's original commit), which requires the human author to git commit --amend -s and force-push, or a rebase — not something this review loop can resolve. No further bot review rounds are needed on the content itself.