Pre-check for session.shutdown before sending prompts to avoid dead session sends #397
Description
Problem
When a user sends a prompt, PolyPilot may send it to a session the server has already killed. The server wrote session.shutdown to events.jsonl but the client event stream was dead, so PolyPilot never received it. The prompt appears to start (SDK may silently create a new session), but then the new session also gets a dead event stream and eventually times out.
Observed in: ci-agentic session - server shutdown at 20:13:25, user sent prompt at 20:14:46 (81s later). The prompt triggered a reconnect cycle that also failed.
Root Cause
SendPromptAsync does not check if the session has been shut down by the server before sending. It relies on the SDK to handle the dead session, but the SDK silently creates a new session that also inherits the dead event stream problem.
Proposed Fix
Before sending a prompt, check if events.jsonl ends with session.shutdown (using GetLastEventType). If so, force a reconnect BEFORE sending instead of sending to a dead session and discovering the failure 10+ minutes later via the watchdog.
Implementation location: SendPromptAsync in CopilotService.cs, before the SendAsync call.
Considerations
- The GetLastEventType helper already exists (added in commit ccee665)
- Must handle the case where reconnect itself fails (server may need restart)
- Should log a diagnostic entry for observability
- Need to verify this doesn't add latency to the normal send path (file read overhead)
Related
- PR Fix multi-agent worker failures, session persistence, server health, and history recovery #391 added watchdog session.shutdown detection (commit ccee665)
- Issue Send keep-alive pings to prevent server idle timeout killing sessions #396 (keep-alive pings)
- Issue Upstream: Copilot CLI headless server breaks when global CLI cleans shared native module directory #392 (posix_spawn upstream bug)