proyectoauraorg · proyectoauraorg · Jun 3, 2026 · Jun 3, 2026
diff --git a/.changeset/terminate-process-on-cancel.md b/.changeset/terminate-process-on-cancel.md
@@ -0,0 +1,5 @@
+---
+"zoo-code": patch
+---
+
+Terminate the running command when a task is cancelled or torn down (#245). Pressing cancel (✕) now aborts the underlying terminal process instead of leaving it running while the terminal stays stuck "busy" until a manual kill.
diff --git a/.changeset/vertex-credentials-field-validation.md b/.changeset/vertex-credentials-field-validation.md
@@ -0,0 +1,5 @@
+---
+"zoo-code": patch
+---
+
+Detect when the "Google Cloud Credentials" Vertex field has been given a filesystem path instead of the raw JSON contents of a service-account key file. The runtime now skips JSON.parse for path-shaped input, logs a single specific console warning naming the sibling "Google Cloud Key File Path" field and `GOOGLE_APPLICATION_CREDENTIALS` env var, and the settings UI shows an inline warning under the field while the input still looks like a path. Auth behavior is unchanged for correctly-configured users.
diff --git a/.github/actions/setup-node-pnpm/action.yml b/.github/actions/setup-node-pnpm/action.yml
@@ -24,22 +24,22 @@ runs:
     using: "composite"
     steps:
         - name: Install pnpm
-          uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4
+          uses: pnpm/action-setup@v4
           with:
               version: ${{ inputs.pnpm-version }}
         - name: Get pnpm store directory
           shell: bash
           run: |
               echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
         - name: Setup pnpm cache
-          uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
+          uses: actions/cache@v4
           with:
               path: ${{ env.STORE_PATH }}
               key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
               restore-keys: |
                   ${{ runner.os }}-pnpm-store-
         - name: Setup Node.js
-          uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+          uses: actions/setup-node@v4
           with:
               node-version: ${{ inputs.node-version }}
         - name: Install dependencies

diff --git a/.github/workflows/cli-release.yml b/.github/workflows/cli-release.yml
@@ -34,7 +34,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -195,7 +195,7 @@ jobs:
           rm -rf "$VERIFY_DIR"
 
       - name: Upload artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+        uses: actions/upload-artifact@v4
         with:
           name: cli-${{ matrix.platform }}
           path: |
@@ -213,7 +213,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+        uses: actions/checkout@v4
 
       - name: Get version
         id: version
@@ -227,7 +227,7 @@ jobs:
           echo "tag=cli-v$VERSION" >> $GITHUB_OUTPUT
 
       - name: Download all artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
+        uses: actions/download-artifact@v4
         with:
           path: artifacts
 
@@ -373,7 +373,7 @@ jobs:
 
     steps:
       - name: Download all artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
+        uses: actions/download-artifact@v4
         with:
           path: artifacts
 

diff --git a/.github/workflows/code-qa.yml b/.github/workflows/code-qa.yml
@@ -14,7 +14,7 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             - name: Checkout code
-              uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+              uses: actions/checkout@v4
             - name: Setup Node.js and pnpm
               uses: ./.github/actions/setup-node-pnpm
             - name: Verify all translations are complete
@@ -24,7 +24,7 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             - name: Checkout code
-              uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+              uses: actions/checkout@v4
             - name: Setup Node.js and pnpm
               uses: ./.github/actions/setup-node-pnpm
             - name: Run knip checks
@@ -34,7 +34,7 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             - name: Checkout code
-              uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+              uses: actions/checkout@v4
             - name: Setup Node.js and pnpm
               uses: ./.github/actions/setup-node-pnpm
             - name: Lint
@@ -58,12 +58,12 @@ jobs:
                       upload-coverage: false
         steps:
             - name: Checkout code
-              uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+              uses: actions/checkout@v4
             - name: Setup Node.js and pnpm
               uses: ./.github/actions/setup-node-pnpm
             - name: Restore Turbo cache
               id: turbo-cache
-              uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
+              uses: actions/cache/restore@v4
               with:
                   path: .turbo/cache
                   key: ${{ runner.os }}-turbo-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ github.sha }}
@@ -78,7 +78,7 @@ jobs:
               run: pnpm turbo run test:coverage:integration --filter="@roo-code/core" --log-order grouped --output-logs new-only
             - name: Save Turbo cache
               if: steps.turbo-cache.outputs.cache-hit != 'true'
-              uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
+              uses: actions/cache/save@v4
               with:
                   path: .turbo/cache
                   key: ${{ steps.turbo-cache.outputs.cache-primary-key }}
@@ -94,7 +94,7 @@ jobs:
             # See https://docs.codecov.com/docs/flags
             - name: Upload non-core coverage to Codecov
               if: matrix.upload-coverage
-              uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4
+              uses: codecov/codecov-action@v4
               with:
                   files: >-
                       src/coverage/lcov.info,
@@ -107,15 +107,15 @@ jobs:
                   token: ${{ secrets.CODECOV_TOKEN }}
             - name: Upload core unit coverage to Codecov
               if: matrix.upload-coverage
-              uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4
+              uses: codecov/codecov-action@v4
               with:
                   files: packages/core/coverage/unit/lcov.info
                   disable_search: true
                   flags: ${{ matrix.codecov-flag }},core-unit
                   token: ${{ secrets.CODECOV_TOKEN }}
             - name: Upload core integration coverage to Codecov
               if: matrix.upload-coverage
-              uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4
+              uses: codecov/codecov-action@v4
               with:
                   files: packages/core/coverage/integration/lcov.info
                   disable_search: true

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -43,11 +43,11 @@ jobs:
         # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
     - name: Checkout repository
-      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@03e4368ac7daa2bd82b3e85262f3bf87ee112f57 # v3
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
@@ -75,6 +75,6 @@ jobs:
         exit 1
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@03e4368ac7daa2bd82b3e85262f3bf87ee112f57 # v3
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
@@ -4,6 +4,15 @@ on:
     workflow_dispatch:
     pull_request:
         types: [opened, reopened, ready_for_review, synchronize]
+        paths:
+            - "src/**"
+            - "webview-ui/**"
+            - "apps/vscode-e2e/**"
+            - "packages/core/**"
+            - "package.json"
+            - "pnpm-lock.yaml"
+            - "turbo.json"
+            - ".github/actions/setup-node-pnpm/**"
     merge_group:
         types: [checks_requested]
 
@@ -13,41 +22,10 @@ jobs:
         timeout-minutes: 30
         steps:
             - name: Checkout code
-              uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
-
-            - name: Restore mocked E2E pass marker
-              id: e2e-marker
-              uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
-              with:
-                  path: .cache/e2e-pass
-                  # packages/** is intentionally broader than the old packages/core/** to avoid false cache hits when any package changes
-                  # base_ref is included to prevent same-repo branches from stuffing a pass marker for a different base
-                  key: ${{ runner.os }}-mocked-e2e-${{ github.base_ref }}-${{ hashFiles('src/**', 'webview-ui/**', 'apps/vscode-e2e/**', 'packages/**', 'package.json', 'pnpm-lock.yaml', 'pnpm-workspace.yaml', 'turbo.json', '.github/workflows/e2e.yml', '.github/actions/setup-node-pnpm/**') }}
-
-            - name: Use cached mocked E2E result
-              if: github.event_name == 'pull_request' && steps.e2e-marker.outputs.cache-hit == 'true'
-              run: echo "Skipping mocked E2E tests because this source hash already passed."
-
+              uses: actions/checkout@v4
             - name: Setup Node.js and pnpm
-              if: github.event_name != 'pull_request' || steps.e2e-marker.outputs.cache-hit != 'true'
               uses: ./.github/actions/setup-node-pnpm
             - name: Install xvfb
-              if: github.event_name != 'pull_request' || steps.e2e-marker.outputs.cache-hit != 'true'
               run: sudo apt-get install -y xvfb
             - name: Run mocked E2E tests
-              id: run-e2e
-              # merge_group and workflow_dispatch always run; cache skip is pull_request only
-              if: github.event_name != 'pull_request' || steps.e2e-marker.outputs.cache-hit != 'true'
               run: xvfb-run -a pnpm --filter @roo-code/vscode-e2e test:ci:mock
-
-            - name: Write mocked E2E pass marker
-              if: steps.e2e-marker.outputs.cache-hit != 'true' && steps.run-e2e.outcome == 'success'
-              run: mkdir -p .cache/e2e-pass && date -u > .cache/e2e-pass/passed
-
-            - name: Save mocked E2E pass marker
-              if: steps.e2e-marker.outputs.cache-hit != 'true' && steps.run-e2e.outcome == 'success'
-              continue-on-error: true
-              uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
-              with:
-                  path: .cache/e2e-pass
-                  key: ${{ steps.e2e-marker.outputs.cache-primary-key }}
diff --git a/.github/workflows/marketplace-publish.yml b/.github/workflows/marketplace-publish.yml
@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+        uses: actions/checkout@v4
 
       - name: Setup Node.js and pnpm
         uses: ./.github/actions/setup-node-pnpm

diff --git a/.github/workflows/nightly-publish.yml b/.github/workflows/nightly-publish.yml
@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+        uses: actions/checkout@v4
 
       - name: Setup Node.js and pnpm
         uses: ./.github/actions/setup-node-pnpm

diff --git a/.github/workflows/release-validation.yml b/.github/workflows/release-validation.yml
@@ -24,7 +24,7 @@ jobs:
 
         steps:
             - name: Checkout code
-              uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+              uses: actions/checkout@v4
 
             - name: Setup Node.js and pnpm
               uses: ./.github/actions/setup-node-pnpm

diff --git a/.husky/pre-push b/.husky/pre-push
@@ -1,26 +1,11 @@
-#!/usr/bin/env sh
-# =============================================================================
-# PRE-PUSH HOOK — Husky-managed
-# =============================================================================
-# The upstream guard is sourced from main branch (branch-independent).
-# A persistent copy also lives in .git/hooks/pre-push via install-hooks.sh.
-
-guard_content="$(git show main:scripts/upstream-guard.sh 2>/dev/null)"
-if [ -n "$guard_content" ]; then
-  printf '%s\n' "$guard_content" | sh -s -- "$@"
-  guard_exit=$?
-  if [ $guard_exit -ne 0 ]; then
-    exit $guard_exit
-  fi
-fi
-
 branch="$(git rev-parse --abbrev-ref HEAD)"
 
 if [ "$branch" = "main" ]; then
   echo "You can't push directly to main - please check out a branch."
   exit 1
 fi
 
+# Detect if running on Windows and use pnpm.cmd, otherwise use pnpm.
 if [ "$OS" = "Windows_NT" ]; then
   pnpm_cmd="pnpm.cmd"
 else
@@ -33,16 +18,20 @@ fi
 
 $pnpm_cmd run check-types
 
+# Use dotenvx to securely load .env.local and run commands that depend on it
 if [ -f ".env.local" ]; then
+  # Check if RUN_TESTS_ON_PUSH is set to true and run tests with dotenvx
   if npx dotenvx get RUN_TESTS_ON_PUSH -f .env.local 2>/dev/null | grep -q "^true$"; then
     npx dotenvx run -f .env.local -- $pnpm_cmd run test
   fi
 else
+  # Fallback: run tests if RUN_TESTS_ON_PUSH is set in regular environment
   if [ "$RUN_TESTS_ON_PUSH" = "true" ]; then
     $pnpm_cmd run test
   fi
 fi
 
+# Check for new changesets.
 NEW_CHANGESETS=$(find .changeset -name "*.md" ! -name "README.md" | wc -l | tr -d ' ')
 echo "Changeset files: $NEW_CHANGESETS"
 

diff --git a/.roo/commands/release.md b/.roo/commands/release.md
@@ -53,20 +53,29 @@ mode: code
     - Order the list from most important to least important.
     - Include every PR in the release window. Count the PRs and cross-reference the list before continuing.
 
-7. For a major or minor release:
+7. If an image generation tool is available, create a release image at `releases/[version]-release.png`.
+
+    - The image should relate to the main release highlight and fit the existing release-image style.
+    - Add the generated image to `.changeset/v[version].md` before the list of changes:
+
+        ```md
+        ![X.Y.Z Release - Description](/releases/X.Y.Z-release.png)
+        ```
+
+8. For a major or minor release:
 
     - Ask the user what three areas should be highlighted.
     - Update relevant announcement files and documentation, including `webview-ui/src/components/chat/Announcement.tsx`, `README.md`, and the `latestAnnouncementId` in `src/core/webview/ClineProvider.ts`.
     - Ask the user to confirm the English announcement before proceeding.
     - Arrange translation updates for all supported locales affected by README, announcement, or package localization changes.
 
-8. Create the release branch:
+9. Create the release branch:
 
     ```bash
     git checkout -b release/v[version]
     ```
 
-9. Generate the final release state on that branch:
+10. Generate the final release state on that branch:
 
     ```bash
     pnpm changeset:version
@@ -75,23 +84,23 @@ mode: code
     - This should update `src/package.json`, `CHANGELOG.md`, and `src/CHANGELOG.md`, then consume the `.changeset` file.
     - Review the generated version and changelog before opening the PR.
 
-10. Open a single release PR with the fully generated release state.
+11. Open a single release PR with the fully generated release state.
 
     ```bash
     git add CHANGELOG.md src/CHANGELOG.md src/package.json README.md locales/*/README.md src/package.nls*.json
     # If generated or updated:
-    git add webview-ui/src/components/chat/Announcement.tsx src/core/webview/ClineProvider.ts
+    git add releases/[version]-release.png webview-ui/src/components/chat/Announcement.tsx src/core/webview/ClineProvider.ts
     git commit -m "chore: prepare v[version] release"
     git push origin release/v[version]
-    gh pr create --title "Release v[version]" --body "Release preparation for v[version]. This PR includes the final version bump, changelog updates, Marketplace README updates, and any announcement changes." --base main --head release/v[version]
+    gh pr create --title "Release v[version]" --body "Release preparation for v[version]. This PR includes the final version bump, changelog updates, Marketplace README updates, and any release assets or announcement changes." --base main --head release/v[version]
     ```
 
     - There is no separate version-bump PR in this flow.
     - The release PR should already contain the final version number and generated changelog updates.
     - If the release includes translated README or package-localization updates, include those files in the same PR.
     - Let the release validation workflow and normal PR checks run before merge.
 
-11. After the release PR is merged, stop for a release review on the resulting `main` commit.
+12. After the release PR is merged, stop for a release review on the resulting `main` commit.
 
     ```bash
     git switch main
@@ -106,7 +115,7 @@ mode: code
     - Share that review summary, including `REVIEWED_SHA`, with the user and wait for explicit confirmation before creating the tag.
     - Do not create the tag or trigger publishing until the user says to proceed.
 
-12. Only after explicit confirmation, create the release tag on that reviewed `main` commit:
+13. Only after explicit confirmation, create the release tag on that reviewed `main` commit:
 
     ```bash
     git tag v[version] "$REVIEWED_SHA"
@@ -115,7 +124,7 @@ mode: code
 
     - If `main` advances after the review pause, keep using the pinned `REVIEWED_SHA` for the tag instead of silently tagging a newer commit.
 
-13. The stable publish workflow runs from the `v[version]` tag.
+14. The stable publish workflow runs from the `v[version]` tag.
 
     - Do not create the tag before the release PR is merged.
     - The publish workflow validates that the tag version matches `src/package.json`.