Bump @earendil-works/pi-ai from 0.75.3 to 0.75.4

[dependabot]

Bumps @earendil-works/pi-ai from 0.75.3 to 0.75.4.

Release notes

Sourced from @​earendil-works/pi-ai's releases.

v0.75.4

New Features

• Hardened npm install and release path - Pi now ships the CLI with a generated shrinkwrap for transitive dependencies, blocks accidental lockfile changes, verifies dependency pinning and lifecycle-script allowlists in checks, disables lifecycle scripts for self-update and local release installs where supported, and smoke-tests isolated npm and Bun installs before release. See Supply-chain hardening.

Added

• Added interactive update notes after pi update runs, so users can see the installed version's changelog before continuing (#4724 by @​mitsuhiko).
• Exported image resize utilities from the package root for SDK consumers (#4775 by @​xl0).

Changed

• Changed source syntax to avoid TypeScript constructs that require JavaScript emit, keeping core sources compatible with Node.js strip-only TypeScript checks.
• Removed web UI workspace references from the CLI package and dropped the package-level development watch script.
• Published npm installs now include an npm-shrinkwrap.json to lock transitive dependencies for the CLI package.
• Improved terminal theme detection for light/dark and truecolor handling.
• Changed self-update package-manager commands to disable lifecycle scripts during reinstall.

Fixed

• Fixed the system prompt to tell models to resolve pi docs and examples under the absolute package paths before reading topic-specific relative references (#4752).
• Fixed extension ctx.abort() during tool-call preflight to stop later confirmations and restore queued interactive input like Escape (#4276).
• Fixed AgentSession retry, compaction, and event settlement to use the awaited agent lifecycle instead of a separate event queue, and added willRetry to agent_end session events.
• Fixed forked session runtime state to keep the active session id aligned with the fork target (#4799 by @​Perlence).
• Fixed the subagent extension's parallel mode to return useful per-task output and failed-task diagnostics to the parent model instead of 100-character previews (#4710).
• Fixed Windows local bash execution to hide helper console windows when launched from background SDK processes (#4699).
• Fixed managed npm extension folders to set cloud-sync ignore metadata where supported (#4763).
• Fixed HTTP idle timeout configuration so long-running provider streams can avoid premature idle disconnects (#4759 by @​mitsuhiko).
• Fixed default system prompt boundaries to use explicit XML tags for clearer file separation (#4709 by @​herrnel).
• Fixed HTML share/export sidebar clicks for shared tool entries to scroll to the rendered tool call (#4664 by @​yzhg1983).
• Fixed theme palettes to set explicit text colors and avoid terminal-default color drift.
• Fixed truecolor detection to align terminal image rendering and interactive theme decisions.
• Fixed loader indicator startup inherited from @earendil-works/pi-tui so initialization cannot run before frames are available.
• Fixed OpenAI-compatible default output token requests inherited from @earendil-works/pi-ai to avoid reserving impossible context windows on servers such as vLLM (#4675).
• Fixed OpenAI prompt cache keys inherited from @earendil-works/pi-ai to stay within the 64-character provider limit (#4720).
• Fixed Windows npm-family package commands for fnm-managed Node.js installs that expose both extensionless Unix scripts and .cmd shims (#4793).

Changelog

Sourced from @​earendil-works/pi-ai's changelog.

[0.75.4] - 2026-05-20

Changed

• Changed source syntax to avoid TypeScript constructs that require JavaScript emit, keeping the package compatible with Node.js strip-only TypeScript checks.
• Removed the package-level development watch scripts now that the root TypeScript check validates strip-only-compatible sources.

Fixed

• Fixed OpenAI-compatible streamSimple() requests to stop sending model-derived default output token caps, avoiding context-window reservation failures on servers such as vLLM while preserving explicit maxTokens and required Anthropic max_tokens handling (#4675).
• Fixed OpenAI prompt cache keys to clamp session-derived values to the 64-character API limit across OpenAI Responses, Chat Completions, Codex Responses, and Azure OpenAI Responses (#4720).

Commits

• 3533843 Release v0.75.4
• 2e02c74 chore: pin dependencies and use native TypeScript
• f1f7cd5 test: speed up provider payload coverage
• b141e1f chore: remove web-ui workspace
• ae9450d chore(ts): use source import extensions
• 06c6c32 chore: enforce erasable TypeScript syntax
• 2787b60 fix(ai): stop defaulting max token request caps
• 7be75ba fix(ai): clamp OpenAI prompt cache keys
• 4943c1d Add [Unreleased] section for next cycle
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Summary by cubic

Upgrade @earendil-works/pi-ai to 0.75.4 to improve provider compatibility and harden installs. Fixes max token defaults and prompt cache key length to prevent streaming errors on OpenAI/vLLM.

• Dependencies
  • @earendil-works/pi-ai: 0.75.3 → 0.75.4
  • Adds shrinkwrap and lifecycle-script safeguards for deterministic installs; no code changes needed.

^{Written for commit def501f. Summary will update on new commits. Review in cubic}

[cubic-dev-ai]

No issues found across 2 files

_{Re-trigger cubic}