docs(release): add Wheels 4.0 feature audit#2123
Merged
Conversation
Collaborator
Author
bpamiri
added a commit
that referenced
this pull request
Apr 16, 2026
Expands the Unreleased section from 10 Added bullets to a complete Keep-a-Changelog layout with Added/Changed/Deprecated/Removed/Fixed/ Security subsections covering 185 merged PRs since v3.0.0+33. Sourced from the 4.0 feature audit at docs/releases/wheels-4.0-audit.md (see #2123). Covers: - Added: 46 bullets across ORM, Migrations, Routing, Middleware, Views, Jobs, SSE, DI, Testing, Packages, Engine Adapters, Legacy Compat, CLI/LuCLI, Config/DX - Changed: 18 bullets (7 marked Breaking for upgrade guide reference) - Deprecated: plugins/ folder, RocketUnit, wheels.Test - Removed: RocketUnit scaffolding, Railo workaround, server.cfc, stale monorepo artifacts - Fixed: 11 behavior-affecting bug fixes with user-visible impact - Security: 40+ hardening PRs grouped by theme (SQL injection, path traversal, session/cookie/CSRF, console/reload, CORS, rate limiter, SSE, MCP, XSS, JWT, CLI shell args) Minor CLI/docker/installer fixes folded into a single catchall bullet under Fixed to avoid 25+ individual entries. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
5 tasks
bpamiri
added a commit
that referenced
this pull request
Apr 16, 2026
Expands the Unreleased section from 10 Added bullets to a complete Keep-a-Changelog layout with Added/Changed/Deprecated/Removed/Fixed/ Security subsections covering 185 merged PRs since v3.0.0+33. Sourced from the 4.0 feature audit at docs/releases/wheels-4.0-audit.md (see #2123). Covers: - Added: 46 bullets across ORM, Migrations, Routing, Middleware, Views, Jobs, SSE, DI, Testing, Packages, Engine Adapters, Legacy Compat, CLI/LuCLI, Config/DX - Changed: 18 bullets (7 marked Breaking for upgrade guide reference) - Deprecated: plugins/ folder, RocketUnit, wheels.Test - Removed: RocketUnit scaffolding, Railo workaround, server.cfc, stale monorepo artifacts - Fixed: 11 behavior-affecting bug fixes with user-visible impact - Security: 40+ hardening PRs grouped by theme (SQL injection, path traversal, session/cookie/CSRF, console/reload, CORS, rate limiter, SSE, MCP, XSS, JWT, CLI shell args) Minor CLI/docker/installer fixes folded into a single catchall bullet under Fixed to avoid 25+ individual entries. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Canonical inventory of every user-visible change merged into develop between the 3.0.0 stable release (2026-01-10) and today (2026-04-16). 185 PRs reviewed; ~70 distinct features grouped; 7 breaking changes identified; 40+ security-hardening PRs documented. Methodology: gh pr list + git log merges + cross-reference against CHANGELOG.md [Unreleased]. The [Unreleased] section had 10 bullets; the audit surfaces ~60 additional user-visible items the CHANGELOG didn't capture. Serves three downstream artifacts: - CHANGELOG catch-up PR (high priority before 4.0 GA) - Blog post series (8 themes proposed) - 3.0-vs-4.0 framework-comparison doc (to be written on top) Also unblocks the Vite pipeline maturity decision by making the full 4.0 scope visible (Turbo/Hotwire is in, so vitePreloadTag now has a clear consumer). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
bpamiri
force-pushed
the
peter/wheels-4.0-audit
branch
from
e3aa01d to
2442786
Compare
bpamiri
added a commit
that referenced
this pull request
Apr 16, 2026
Expands the Unreleased section from 10 Added bullets to a complete Keep-a-Changelog layout with Added/Changed/Deprecated/Removed/Fixed/ Security subsections covering 185 merged PRs since v3.0.0+33. Sourced from the 4.0 feature audit at docs/releases/wheels-4.0-audit.md (see #2123). Covers: - Added: 46 bullets across ORM, Migrations, Routing, Middleware, Views, Jobs, SSE, DI, Testing, Packages, Engine Adapters, Legacy Compat, CLI/LuCLI, Config/DX - Changed: 18 bullets (7 marked Breaking for upgrade guide reference) - Deprecated: plugins/ folder, RocketUnit, wheels.Test - Removed: RocketUnit scaffolding, Railo workaround, server.cfc, stale monorepo artifacts - Fixed: 11 behavior-affecting bug fixes with user-visible impact - Security: 40+ hardening PRs grouped by theme (SQL injection, path traversal, session/cookie/CSRF, console/reload, CORS, rate limiter, SSE, MCP, XSS, JWT, CLI shell args) Minor CLI/docker/installer fixes folded into a single catchall bullet under Fixed to avoid 25+ individual entries. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
bpamiri
added a commit
that referenced
this pull request
Apr 16, 2026
Companion to the 4.0 feature audit (#2123) and the CHANGELOG catch-up (#2124). Shows, category by category, every capability that changed between the 3.0.0 stable release and 4.0. Rows that didn't change are omitted so the "ground made up" story is readable. Structure: - At-a-glance stats - 12 category tables (ORM, Migrations, Routing, Controllers, Middleware, Views, DI, Jobs/Real-time, Testing, CLI, Packages, Infra/DevOps) — each with 3.0 state, 4.0 state, and delta label - Security posture section — 40+ hardening PRs grouped by area - Peer-framework context — rows where 3.0 trailed Rails/Laravel/Django and 4.0 closed the gap - Reading key Uses strikethrough formatting in the 3.0 column to visually encode "this was missing and is no longer" so readers' eyes land on the 4.0 state. Sourced from CHANGELOG [3.0.0] section + the feature audit. Deltas labeled: New / Formalized / Hardened / Fixed / Breaking / Deprecated / Removed / Renamed / Refactored / Refreshed / Streamlined / Changed. Lives in docs/releases/ alongside the audit for discoverability. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
5 tasks
bpamiri
added a commit
that referenced
this pull request
Apr 16, 2026
Companion to the 4.0 feature audit (#2123) and the CHANGELOG catch-up (#2124). Shows, category by category, every capability that changed between the 3.0.0 stable release and 4.0. Rows that didn't change are omitted so the "ground made up" story is readable. Structure: - At-a-glance stats - 12 category tables (ORM, Migrations, Routing, Controllers, Middleware, Views, DI, Jobs/Real-time, Testing, CLI, Packages, Infra/DevOps) — each with 3.0 state, 4.0 state, and delta label - Security posture section — 40+ hardening PRs grouped by area - Peer-framework context — rows where 3.0 trailed Rails/Laravel/Django and 4.0 closed the gap - Reading key Uses strikethrough formatting in the 3.0 column to visually encode "this was missing and is no longer" so readers' eyes land on the 4.0 state. Sourced from CHANGELOG [3.0.0] section + the feature audit. Deltas labeled: New / Formalized / Hardened / Fixed / Breaking / Deprecated / Removed / Renamed / Refactored / Refreshed / Streamlined / Changed. Lives in docs/releases/ alongside the audit for discoverability. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
bpamiri
added a commit
that referenced
this pull request
Apr 16, 2026
Follow-up to #2123 (audit) and #2124 (CHANGELOG catch-up), which merged before inline rename edits could land. Applies the same three-bucket rename rubric to the just-merged content: 1. Current framework identity → rename to WheelsTest 2. BDD style name → drop TestBox qualifier (just "BDD syntax") 3. Historical / rename-event references → preserved as-is (factual) 6 targeted edits: - CHANGELOG.md line 88: TestBox test suite → WheelsTest test suite - CHANGELOG.md line 109: Breaking prefix drops "TestBox" (redundant) - CHANGELOG.md line 123: TestBox BDD → BDD syntax (via WheelsTest) - audit line 118: TestBox BDD is → WheelsTest (BDD syntax) is - audit line 137: TestBox test suite → WheelsTest test suite - audit line 236: TestBox BDD is mandatory → WheelsTest (BDD syntax) Preserved as historical / rename-event references (unchanged): - CHANGELOG.md line 114: "WireBox/TestBox replaced" - CHANGELOG.md line 237: 3.0 dep "TestBox (^6.0.0) requirements" - audit line 116: "testbox → wheelstest namespace rename" (the event) - audit line 205: "WireBox replaced + TestBox replaced" (the event) - audit line 292: "WireBox/TestBox replacement" (blog theme context) Follow-up: a broader repo-wide sweep covering ~30 other files (docs/src/, CLAUDE.md, tests/README, examples, .ai/wheels/testing/) will apply the same rubric in a separate PR. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
3 tasks
bpamiri
added a commit
that referenced
this pull request
Apr 16, 2026
Companion to the 4.0 feature audit (#2123) and the CHANGELOG catch-up (#2124). Shows, category by category, every capability that changed between the 3.0.0 stable release and 4.0. Rows that didn't change are omitted so the "ground made up" story is readable. Structure: - At-a-glance stats - 12 category tables (ORM, Migrations, Routing, Controllers, Middleware, Views, DI, Jobs/Real-time, Testing, CLI, Packages, Infra/DevOps) — each with 3.0 state, 4.0 state, and delta label - Security posture section — 40+ hardening PRs grouped by area - Peer-framework context — rows where 3.0 trailed Rails/Laravel/Django and 4.0 closed the gap - Reading key Uses strikethrough formatting in the 3.0 column to visually encode "this was missing and is no longer" so readers' eyes land on the 4.0 state. Sourced from CHANGELOG [3.0.0] section + the feature audit. Deltas labeled: New / Formalized / Hardened / Fixed / Breaking / Deprecated / Removed / Renamed / Refactored / Refreshed / Streamlined / Changed. Lives in docs/releases/ alongside the audit for discoverability. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
bpamiri
added a commit
that referenced
this pull request
Apr 16, 2026
Follow-up to #2123 (audit) and #2124 (CHANGELOG catch-up), which merged before inline rename edits could land. Applies the same three-bucket rename rubric to the just-merged content: 1. Current framework identity → rename to WheelsTest 2. BDD style name → drop TestBox qualifier (just "BDD syntax") 3. Historical / rename-event references → preserved as-is (factual) 6 targeted edits: - CHANGELOG.md line 88: TestBox test suite → WheelsTest test suite - CHANGELOG.md line 109: Breaking prefix drops "TestBox" (redundant) - CHANGELOG.md line 123: TestBox BDD → BDD syntax (via WheelsTest) - audit line 118: TestBox BDD is → WheelsTest (BDD syntax) is - audit line 137: TestBox test suite → WheelsTest test suite - audit line 236: TestBox BDD is mandatory → WheelsTest (BDD syntax) Preserved as historical / rename-event references (unchanged): - CHANGELOG.md line 114: "WireBox/TestBox replaced" - CHANGELOG.md line 237: 3.0 dep "TestBox (^6.0.0) requirements" - audit line 116: "testbox → wheelstest namespace rename" (the event) - audit line 205: "WireBox replaced + TestBox replaced" (the event) - audit line 292: "WireBox/TestBox replacement" (blog theme context) Follow-up: a broader repo-wide sweep covering ~30 other files (docs/src/, CLAUDE.md, tests/README, examples, .ai/wheels/testing/) will apply the same rubric in a separate PR. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
bpamiri
added a commit
that referenced
this pull request
Apr 16, 2026
Design doc for a new standalone upgrade guide at docs/src/introduction/upgrading-to-4.0.md. Scope: - Breaking + migration path (~350 lines) - 10 Breaking items covered with consistent 4-part format: what changed / how to detect / how to fix / opt-out - Legacy Compatibility Adapter documented as soft-landing option - Recommended (not required) migrations section - Single callout link added to existing upgrading.md Spec companion to the feature audit (#2123), 3.0 → 4.0 comparison (#2125), and CHANGELOG catch-up (#2124), which together form the 4.0 release-documentation stack. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
bpamiri
added a commit
that referenced
this pull request
Apr 16, 2026
New standalone upgrade guide at docs/src/introduction/upgrading-to-4.0.md
covering the 10 Breaking changes in 4.0 plus migration paths:
- Before you start (backup, test environment, CHANGELOG)
- 5-minute upgrade checklist (scannable table)
- Breaking changes — detailed:
* 6 security-hardening default flips (CORS, env-switch, HSTS,
CSRF SameSite, RateLimiter trustProxy, RateLimiter proxy
strategy)
* 1 CLI rename (wheels snippets → wheels code)
* 3 namespace / directory renames (wheels.Test → WheelsTest,
tests/specs/functions/ → functional/, application.wirebox →
application.wheelsdi)
- Legacy Compatibility Adapter (#2015) — soft landing
- Recommended (not required) migrations — 10 items
- Still stuck? — links to audit, comparison, adapter, discussions
Each Breaking item uses a consistent 4-part format:
What changed / How to detect / How to fix / Opt-out
Plus a one-line callout added to the top of the existing
docs/src/introduction/upgrading.md linking to the new guide.
Companion to:
#2123 — 4.0 feature audit
#2124 — CHANGELOG Unreleased expansion
#2125 — 3.0 → 4.0 comparison doc
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
7 tasks
bpamiri
added a commit
that referenced
this pull request
Apr 16, 2026
New standalone upgrade guide at docs/src/introduction/upgrading-to-4.0.md
covering the 10 Breaking changes in 4.0 plus migration paths:
- Before you start (backup, test environment, CHANGELOG)
- 5-minute upgrade checklist (scannable table)
- Breaking changes — detailed:
* 6 security-hardening default flips (CORS, env-switch, HSTS,
CSRF SameSite, RateLimiter trustProxy, RateLimiter proxy
strategy)
* 1 CLI rename (wheels snippets → wheels code)
* 3 namespace / directory renames (wheels.Test → WheelsTest,
tests/specs/functions/ → functional/, application.wirebox →
application.wheelsdi)
- Legacy Compatibility Adapter (#2015) — soft landing
- Recommended (not required) migrations — 10 items
- Still stuck? — links to audit, comparison, adapter, discussions
Each Breaking item uses a consistent 4-part format:
What changed / How to detect / How to fix / Opt-out
Plus a one-line callout added to the top of the existing
docs/src/introduction/upgrading.md linking to the new guide.
Companion to:
#2123 — 4.0 feature audit
#2124 — CHANGELOG Unreleased expansion
#2125 — 3.0 → 4.0 comparison doc
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
bpamiri
added a commit
that referenced
this pull request
Apr 16, 2026
New standalone upgrade guide at docs/src/introduction/upgrading-to-4.0.md
covering the 10 Breaking changes in 4.0 plus migration paths:
- Before you start (backup, test environment, CHANGELOG)
- 5-minute upgrade checklist (scannable table)
- Breaking changes — detailed:
* 6 security-hardening default flips (CORS, env-switch, HSTS,
CSRF SameSite, RateLimiter trustProxy, RateLimiter proxy
strategy)
* 1 CLI rename (wheels snippets → wheels code)
* 3 namespace / directory renames (wheels.Test → WheelsTest,
tests/specs/functions/ → functional/, application.wirebox →
application.wheelsdi)
- Legacy Compatibility Adapter (#2015) — soft landing
- Recommended (not required) migrations — 10 items
- Still stuck? — links to audit, comparison, adapter, discussions
Each Breaking item uses a consistent 4-part format:
What changed / How to detect / How to fix / Opt-out
Plus a one-line callout added to the top of the existing
docs/src/introduction/upgrading.md linking to the new guide.
Companion to:
#2123 — 4.0 feature audit
#2124 — CHANGELOG Unreleased expansion
#2125 — 3.0 → 4.0 comparison doc
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
bpamiri
added a commit
that referenced
this pull request
Apr 16, 2026
* docs: spec for Wheels 4.0 upgrade guide Design doc for a new standalone upgrade guide at docs/src/introduction/upgrading-to-4.0.md. Scope: - Breaking + migration path (~350 lines) - 10 Breaking items covered with consistent 4-part format: what changed / how to detect / how to fix / opt-out - Legacy Compatibility Adapter documented as soft-landing option - Recommended (not required) migrations section - Single callout link added to existing upgrading.md Spec companion to the feature audit (#2123), 3.0 → 4.0 comparison (#2125), and CHANGELOG catch-up (#2124), which together form the 4.0 release-documentation stack. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs: implementation plan for Wheels 4.0 upgrade guide 12-task plan covering: - File scaffold (front-matter + H1) - Before-you-start + 5-minute checklist - 10 Breaking items (3 tasks grouped by theme) - Legacy Compatibility Adapter section - Recommended migrations section - Still-stuck section - Callout link added to upgrading.md - Link integrity audit - Commit + push + PR Each task includes the actual prose/code to write, with verification via grep / wc / link-integrity script. No placeholders; plan is executable end-to-end. Companion to: docs/superpowers/specs/2026-04-16-wheels-4.0-upgrade-guide-design.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs: add Wheels 4.0 upgrade guide New standalone upgrade guide at docs/src/introduction/upgrading-to-4.0.md covering the 10 Breaking changes in 4.0 plus migration paths: - Before you start (backup, test environment, CHANGELOG) - 5-minute upgrade checklist (scannable table) - Breaking changes — detailed: * 6 security-hardening default flips (CORS, env-switch, HSTS, CSRF SameSite, RateLimiter trustProxy, RateLimiter proxy strategy) * 1 CLI rename (wheels snippets → wheels code) * 3 namespace / directory renames (wheels.Test → WheelsTest, tests/specs/functions/ → functional/, application.wirebox → application.wheelsdi) - Legacy Compatibility Adapter (#2015) — soft landing - Recommended (not required) migrations — 10 items - Still stuck? — links to audit, comparison, adapter, discussions Each Breaking item uses a consistent 4-part format: What changed / How to detect / How to fix / Opt-out Plus a one-line callout added to the top of the existing docs/src/introduction/upgrading.md linking to the new guide. Companion to: #2123 — 4.0 feature audit #2124 — CHANGELOG Unreleased expansion #2125 — 3.0 → 4.0 comparison doc Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Canonical inventory of every user-visible change merged into
developbetween the 3.0.0 stable release (2026-01-10) and today (2026-04-16). Source of truth for upcoming 4.0 release comms.v3.0.0+33(Wheels 3.0.0 stable, 2026-01-10)[Unreleased]currently captures ~10 items; the audit surfaces ~60 additional user-visible changes that should be added (follow-up PR planned).Contents of the audit doc
22 subsystem categories covering ORM, Migrations, Routing, Controllers, Views, Middleware, Jobs, Real-time, Multi-tenancy, DI, Packages, Testing, CLI/LuCLI, MCP, Engine adapters, Interfaces, Legacy compat, Config/DX, Security hardening, Internal refactors, CI, and Dependencies. Each entry cites its originating PR(s) for traceability.
Plus: breaking changes list, CHANGELOG gap analysis, 8 proposed blog-post themes, and follow-ups discovered during the audit.
Why land as a persistent reference doc
developrather than disappearing with a throwaway branch.Test plan
git log --merges v3.0.0+33..origin/develop.[Unreleased]section of CHANGELOG.md manually diffed against audit — gap list matches the 60+ missing items.🤖 Generated with Claude Code