fix: prevent phantom (previous) sessions from lazy-resume fallback (#584)

## What

When lazy-resume fails (CLI returns "Session not found" / corrupt /
shutdown) and creates a fresh session, the old persisted entry was not
being marked as superseded. On the next `SaveActiveSessionsToDisk`,
`MergeSessionEntries` found both old and new entries with the same
display name and renamed the old one to `"(previous)"`.

## Root cause

The lazy-resume fallback in `EnsureSessionConnectedAsync` creates a
fresh session but didn't:
1. Set `RecoveredFromSessionId` — so
`CanSafelyDropSupersededGroupMoveEntry` returned false
2. Add the old session ID to `_closedSessionIds` — so the merge didn't
filter it out

## Fix

Two lines after the fresh session is created:
- `state.Info.RecoveredFromSessionId ??= sessionId` — marks the new
session as the successor
- `_closedSessionIds.TryAdd(sessionId, 0)` — ensures the merge drops the
old entry

## Real-world trigger

Observed on session "34678": the CLI shut down the original session
(`session.shutdown` at 02:57 UTC). After app restart, lazy-resume got
"Session not found", created a fresh session, but left the old entry on
disk → "34678 (previous)" appeared.

## Testing

3335/3335 tests pass.

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: PureWeen

PolyPilot.Tests/SessionPersistenceTests.cs

@@ -1790,4 +1790,102 @@ public void Merge_NameCollision_NullGroupIds_StillCreatesPrevious()
         Assert.Equal(2, result.Count);
         Assert.Equal("MyWorker (previous)", result[1].DisplayName);
     }
+
+    [Fact]
+    public void Merge_LazyResumeFallback_RecoveredFromSessionId_DropsOldEntry()
+    {
+        // Simulates: lazy-resume fails ("Session not found") → fresh session created →
+        // RecoveredFromSessionId set to old ID → _closedSessionIds contains old ID →
+        // merge must drop the old entry, not rename it "(previous)".
+        var active = new List<ActiveSessionEntry>
+        {
+            new() { SessionId = "fresh-id", DisplayName = "34678", Model = "claude-opus-4.6",
+                     WorkingDirectory = "/w", GroupId = "group-1", RecoveredFromSessionId = "dead-id" }
+        };
+        var persisted = new List<ActiveSessionEntry>
+        {
+            new() { SessionId = "dead-id", DisplayName = "34678", Model = "claude-opus-4.6",
+                     WorkingDirectory = "/w", GroupId = "group-1" }
+        };
+        var closedIds = new HashSet<string> { "dead-id" };
+
+        var result = CopilotService.MergeSessionEntries(active, persisted, closedIds, new HashSet<string>(), _ => true);
+
+        Assert.Single(result);
+        Assert.Equal("fresh-id", result[0].SessionId);
+        Assert.Equal("34678", result[0].DisplayName);
+    }
+
+    [Fact]
+    public void Merge_DoubleRecovery_UsesImmediatePredecessor()
+    {
+        // Simulates double recovery: A → B (first recovery) → C (second recovery).
+        // C.RecoveredFromSessionId must be B (the immediate predecessor), not A.
+        // After restart, _closedSessionIds is empty, so only RecoveredFromSessionId
+        // can prevent B from appearing as "(previous)".
+        var active = new List<ActiveSessionEntry>
+        {
+            new() { SessionId = "session-C", DisplayName = "MySession", Model = "m",
+                     WorkingDirectory = "/w", GroupId = "g1", RecoveredFromSessionId = "session-B" }
+        };
+        var persisted = new List<ActiveSessionEntry>
+        {
+            new() { SessionId = "session-B", DisplayName = "MySession", Model = "m",
+                     WorkingDirectory = "/w", GroupId = "g1" }
+        };
+        // _closedSessionIds is empty (simulates post-restart)
+        var closedIds = new HashSet<string>();
+
+        var result = CopilotService.MergeSessionEntries(active, persisted, closedIds, new HashSet<string>(), _ => true);
+
+        // B must be dropped because C.RecoveredFromSessionId == B
+        Assert.Single(result);
+        Assert.Equal("session-C", result[0].SessionId);
+        Assert.Equal("MySession", result[0].DisplayName);
+    }
+
+    [Fact]
+    public void Merge_DoubleRecovery_StaleAncestor_CreatesPhantom()
+    {
+        // Proves why ??= was wrong: if C.RecoveredFromSessionId == A (stale ancestor
+        // from first recovery, not B), the merge can't link C→B and creates "(previous)".
+        var active = new List<ActiveSessionEntry>
+        {
+            new() { SessionId = "session-C", DisplayName = "MySession", Model = "m",
+                     WorkingDirectory = "/w", GroupId = "g1", RecoveredFromSessionId = "session-A" }
+        };
+        var persisted = new List<ActiveSessionEntry>
+        {
+            new() { SessionId = "session-B", DisplayName = "MySession", Model = "m",
+                     WorkingDirectory = "/w", GroupId = "g1" }
+        };
+        var closedIds = new HashSet<string>();
+
+        var result = CopilotService.MergeSessionEntries(active, persisted, closedIds, new HashSet<string>(), _ => true);
+
+        // B survives as "(previous)" because RecoveredFromSessionId=A doesn't match B
+        Assert.Equal(2, result.Count);
+        Assert.Equal("MySession (previous)", result[1].DisplayName);
+    }
+
+    [Fact]
+    public void LazyResumeFallback_SetsRecoveredFromSessionIdAndClosedIds()
+    {
+        // Structural guard: the lazy-resume fallback in EnsureSessionConnectedAsync
+        // must set RecoveredFromSessionId (=, not ??=) and add old ID to _closedSessionIds
+        // so MergeSessionEntries drops the old entry.
+        var source = File.ReadAllText(
+            Path.Combine(GetRepoRoot(), "PolyPilot", "Services", "CopilotService.Persistence.cs"));
+
+        // Find the fallback block — search for the full method containing the fallback
+        var methodIdx = source.IndexOf("EnsureSessionConnectedAsync", StringComparison.Ordinal);
+        Assert.True(methodIdx > 0, "Could not find EnsureSessionConnectedAsync");
+        var methodBlock = source.Substring(methodIdx, Math.Min(5000, source.Length - methodIdx));
+
+        // Must use = (not ??=) for double-recovery correctness
+        Assert.Contains("RecoveredFromSessionId = sessionId;", methodBlock);
+        Assert.DoesNotContain("RecoveredFromSessionId ??= sessionId", methodBlock);
+        // Must add to _closedSessionIds for same-process protection
+        Assert.Contains("_closedSessionIds[sessionId] = 0;", methodBlock);
+    }
 }

PolyPilot/Services/CopilotService.Persistence.cs

@@ -442,7 +442,14 @@ private async Task EnsureSessionConnectedAsync(string sessionName, SessionState
                 // BuildFreshSessionConfig doesn't set OnEvent on the SessionConfig, and
                 // the old post-resume .On() was removed, so we must register explicitly here.
                 copilotSession.On(evt => HandleSessionEvent(state, evt));
+                // Record that this fresh session replaced the old one so MergeSessionEntries
+                // drops the old persisted entry instead of renaming it "(previous)".
+                state.Info.RecoveredFromSessionId = sessionId;
                 state.Info.SessionId = copilotSession.SessionId;
+                // Add the old session ID to the closed set so SaveActiveSessionsToDisk's
+                // merge logic drops it instead of creating a "(previous)" phantom entry.
+                if (!string.IsNullOrEmpty(sessionId))
+                    _closedSessionIds[sessionId] = 0;
                 FlushSaveActiveSessionsToDisk();
             }
             catch (Exception ex) when (IsAuthError(ex))

PolyPilot/Services/CopilotService.cs

@@ -3858,6 +3858,7 @@ public async Task<string> SendPromptAsync(string sessionName, string prompt, Lis
                         reconnectConfig.WorkingDirectory = state.Info.WorkingDirectory;
 
                     CopilotSession newSession;
+                    var oldSessionId = state.Info.SessionId; // Capture before resume may change it
                     try
                     {
                         newSession = await client.ResumeSessionAsync(state.Info.SessionId, reconnectConfig, cancellationToken);
@@ -3887,7 +3888,12 @@ public async Task<string> SendPromptAsync(string sessionName, string prompt, Lis
                         {
                             var freshConfig = BuildFreshSessionConfig(state);
                             newSession = await client.CreateSessionAsync(freshConfig, cancellationToken);
+                            // Mark the old session as superseded so MergeSessionEntries drops it
+                            // instead of renaming it to "(previous)".
+                            state.Info.RecoveredFromSessionId = oldSessionId;
                             state.Info.SessionId = newSession.SessionId;
+                            if (!string.IsNullOrEmpty(oldSessionId))
+                                _closedSessionIds[oldSessionId] = 0;
                             FlushSaveActiveSessionsToDisk();
                         }
                         catch (Exception createEx)
@@ -3914,7 +3920,12 @@ public async Task<string> SendPromptAsync(string sessionName, string prompt, Lis
                         {
                             var freshConfig = BuildFreshSessionConfig(state);
                             newSession = await client.CreateSessionAsync(freshConfig, cancellationToken);
+                            // Mark the old session as superseded so MergeSessionEntries drops it
+                            // instead of renaming it to "(previous)".
+                            state.Info.RecoveredFromSessionId = oldSessionId;
                             state.Info.SessionId = newSession.SessionId;
+                            if (!string.IsNullOrEmpty(oldSessionId))
+                                _closedSessionIds[oldSessionId] = 0;
                             FlushSaveActiveSessionsToDisk();
                         }
                         catch (Exception createEx)