Clean up more argument validation (#1328)

* Fix .NET session lifetime rooting

Keep CopilotSession instances rooted by the owning client until explicit cleanup, route generated session RPC APIs through CopilotSession, and add generated argument validation plus lifetime regression tests.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix .NET same-client session resume

Allow a resumed session to replace the client's current session entry so same-client resumes continue to work while stale session disposal cannot remove the replacement.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Address .NET session cleanup review

Restore StopAsync cleanup error propagation, clear any sessions missed by concurrent registration during stop, and remove an unused Session using.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Keep sessions rooted during destroy

Delay removing sessions from the client until session.destroy completes so destroy-time callbacks such as session_fs can still route to the session.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Relax .NET mode handler E2E timeout

Give mode handler callbacks the same 30 second allowance as their corresponding events to avoid Windows timing failures.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Restore active session resume guard

Reject same-client resumes for session ids already tracked by the client, and start session event processing only after successful registration so failed duplicate registration does not leave an untracked event loop.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Fix .NET resume E2E coverage

Update resume-focused E2E tests to use an active session from a second TCP client, while keeping same-client active resume covered as an intentional rejection. Clean up permission resume tests so the resumed handler is the only active handler.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Normalize read_agent timings in replay snapshots

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: stephentoub

dotnet/src/Client.cs

@@ -25,6 +25,20 @@ public static void ThrowIfNull(object? argument, [CallerArgumentExpression(nameo
         }
     }
 
+    internal static class DownlevelObjectDisposedExceptionExtensions
+    {
+        extension(ObjectDisposedException)
+        {
+            public static void ThrowIf(bool condition, object instance)
+            {
+                if (condition)
+                {
+                    throw new ObjectDisposedException(instance?.GetType().FullName);
+                }
+            }
+        }
+    }
+
     internal static class DownlevelArgumentExceptionExtensions
     {
         extension(ArgumentException)
@@ -531,6 +545,20 @@ private sealed record SocketConnectState(Socket Socket, TaskCompletionSource<obj
     }
 }
 
+namespace System.Runtime.ExceptionServices
+{
+    internal static class DownlevelExceptionDispatchInfoExtensions
+    {
+        extension(ExceptionDispatchInfo)
+        {
+            public static void Throw(Exception exception)
+            {
+                ExceptionDispatchInfo.Capture(exception).Throw();
+            }
+        }
+    }
+}
+
 namespace System.Runtime.InteropServices
 {
     internal static class DownlevelRuntimeInformationExtensions

dotnet/src/Generated/Rpc.cs

@@ -189,14 +189,27 @@ public async Task Should_Allow_CreateSession_Called_Without_PermissionHandler(bo
         Assert.NotNull(session.SessionId);
     }
 
-    [Theory]
-    [InlineData(true)]   // stdio transport
-    [InlineData(false)]  // TCP transport
-    public async Task Should_Allow_ResumeSession_Called_Without_PermissionHandler(bool useStdio)
+    [Fact]
+    public async Task Should_Allow_ResumeSession_Called_Without_PermissionHandler()
     {
-        await using var client = new CopilotClient(new CopilotClientOptions { UseStdio = useStdio });
+        const string connectionToken = "client-e2e-resume-token";
+
+        await using var client = new CopilotClient(new CopilotClientOptions
+        {
+            UseStdio = false,
+            TcpConnectionToken = connectionToken,
+        });
         await using var originalSession = await client.CreateSessionAsync(new SessionConfig());
-        await using var resumedSession = await client.ResumeSessionAsync(originalSession.SessionId, new());
+
+        var port = client.ActualPort
+            ?? throw new InvalidOperationException("Client must be using TCP transport to support multi-client resume.");
+
+        await using var resumeClient = new CopilotClient(new CopilotClientOptions
+        {
+            CliUrl = $"localhost:{port}",
+            TcpConnectionToken = connectionToken,
+        });
+        await using var resumedSession = await resumeClient.ResumeSessionAsync(originalSession.SessionId, new());
 
         Assert.Equal(originalSession.SessionId, resumedSession.SessionId);
     }

dotnet/src/Polyfills/DownlevelExtensions.cs

@@ -57,7 +57,7 @@ public async Task Should_Invoke_Exit_Plan_Mode_Handler_When_Model_Uses_Tool()
             Prompt = "Create a brief implementation plan for adding a greeting.txt file, then request approval with exit_plan_mode.",
         }, timeout: TimeSpan.FromSeconds(120));
 
-        var (request, invocation) = await handlerTask.Task.WaitAsync(TimeSpan.FromSeconds(10));
+        var (request, invocation) = await handlerTask.Task.WaitAsync(TimeSpan.FromSeconds(30));
         Assert.Equal(session.SessionId, invocation.SessionId);
         Assert.Equal(summary, request.Summary);
         Assert.Equal(["interactive", "autopilot", "exit_only"], request.Actions);
@@ -124,7 +124,7 @@ public async Task Should_Invoke_Auto_Mode_Switch_Handler_When_Rate_Limited()
         });
         Assert.NotEmpty(messageId);
 
-        var (request, invocation) = await handlerTask.Task.WaitAsync(TimeSpan.FromSeconds(10));
+        var (request, invocation) = await handlerTask.Task.WaitAsync(TimeSpan.FromSeconds(30));
         Assert.Equal(session.SessionId, invocation.SessionId);
         Assert.Equal("user_weekly_rate_limited", request.ErrorCode);
         Assert.Equal(1, request.RetryAfterSeconds);

dotnet/src/Session.cs

@@ -204,9 +204,10 @@ public async Task Should_Resume_Session_With_Permission_Handler()
         var session1 = await CreateSessionAsync();
         var sessionId = session1.SessionId;
         await session1.SendAndWaitAsync(new MessageOptions { Prompt = "What is 1+1?" });
+        await session1.DisposeAsync();
 
         // Resume with permission handler
-        var session2 = await ResumeSessionAsync(sessionId, new ResumeSessionConfig
+        var session2 = await Client.ResumeSessionAsync(sessionId, new ResumeSessionConfig
         {
             OnPermissionRequest = (request, invocation) =>
             {
@@ -221,6 +222,7 @@ await session2.SendAndWaitAsync(new MessageOptions
         });
 
         Assert.True(permissionRequestReceived, "Permission request should have been received");
+        await session2.DisposeAsync();
     }
 
     [Fact]
@@ -255,8 +257,9 @@ public async Task Should_Deny_Tool_Operations_When_Handler_Explicitly_Denies_Aft
         });
         var sessionId = session1.SessionId;
         await session1.SendAndWaitAsync(new MessageOptions { Prompt = "What is 1+1?" });
+        await session1.DisposeAsync();
 
-        var session2 = await ResumeSessionAsync(sessionId, new ResumeSessionConfig
+        var session2 = await Client.ResumeSessionAsync(sessionId, new ResumeSessionConfig
         {
             OnPermissionRequest = (_, _) =>
                 Task.FromResult(new PermissionRequestResult { Kind = PermissionRequestResultKind.UserNotAvailable })
@@ -279,6 +282,7 @@ await session2.SendAndWaitAsync(new MessageOptions
         });
 
         Assert.True(permissionDenied, "Expected a tool.execution_complete event with Permission denied result");
+        await session2.DisposeAsync();
     }
 
     [Fact]

dotnet/test/E2E/ClientE2ETests.cs

@@ -28,8 +28,7 @@ public async Task ShouldCreateAndDisconnectSessions()
 
         await session.DisposeAsync();
 
-        var ex = await Assert.ThrowsAsync<IOException>(() => session.GetMessagesAsync());
-        Assert.Contains("not found", ex.Message, StringComparison.OrdinalIgnoreCase);
+        await Assert.ThrowsAsync<ObjectDisposedException>(() => session.GetMessagesAsync());
     }
 
     [Fact]
@@ -212,27 +211,17 @@ public async Task Should_Create_Session_With_Custom_Tool()
     }
 
     [Fact]
-    public async Task Should_Resume_A_Session_Using_The_Same_Client()
+    public async Task Should_Reject_Resuming_Active_Session_Using_The_Same_Client()
     {
         var session1 = await CreateSessionAsync();
         var sessionId = session1.SessionId;
 
-        await session1.SendAsync(new MessageOptions { Prompt = "What is 1+1?" });
-        var answer = await TestHelper.GetFinalAssistantMessageAsync(session1);
-        Assert.NotNull(answer);
-        Assert.Contains("2", answer!.Data.Content ?? string.Empty);
-
-        var session2 = await ResumeSessionAsync(sessionId);
-        Assert.Equal(sessionId, session2.SessionId);
-
-        var answer2 = await TestHelper.GetFinalAssistantMessageAsync(session2, alreadyIdle: true);
-        Assert.NotNull(answer2);
-        Assert.Contains("2", answer2!.Data.Content ?? string.Empty);
-
-        // Can continue the conversation statefully
-        var answer3 = await session2.SendAndWaitAsync(new MessageOptions { Prompt = "Now if you double that, what do you get?" });
-        Assert.NotNull(answer3);
-        Assert.Contains("4", answer3!.Data.Content ?? string.Empty);
+        var exception = await Assert.ThrowsAsync<InvalidOperationException>(() =>
+            Client.ResumeSessionAsync(sessionId, new ResumeSessionConfig
+            {
+                OnPermissionRequest = PermissionHandler.ApproveAll,
+            }));
+        Assert.Contains(sessionId, exception.Message);
     }
 
     [Fact]

dotnet/test/E2E/ModeHandlersE2ETests.cs

@@ -48,6 +48,7 @@ public async Task Should_Accept_MCP_Server_Configuration_On_Session_Resume()
         var session1 = await CreateSessionAsync();
         var sessionId = session1.SessionId;
         await session1.SendAndWaitAsync(new MessageOptions { Prompt = "What is 1+1?" });
+        await session1.DisposeAsync();
 
         // Resume with MCP servers
         var mcpServers = new Dictionary<string, McpServerConfig>
@@ -141,6 +142,7 @@ public async Task Should_Accept_Custom_Agent_Configuration_On_Session_Resume()
         var session1 = await CreateSessionAsync();
         var sessionId = session1.SessionId;
         await session1.SendAndWaitAsync(new MessageOptions { Prompt = "What is 1+1?" });
+        await session1.DisposeAsync();
 
         // Resume with custom agents
         var customAgents = new List<CustomAgentConfig>

dotnet/test/E2E/PermissionE2ETests.cs

@@ -82,11 +82,21 @@ protected Task<CopilotSession> CreateSessionAsync(SessionConfig? config = null)
     /// Resumes a session with a default config that approves all permissions.
     /// Convenience wrapper for E2E tests.
     /// </summary>
-    protected Task<CopilotSession> ResumeSessionAsync(string sessionId, ResumeSessionConfig? config = null)
+    protected async Task<CopilotSession> ResumeSessionAsync(string sessionId, ResumeSessionConfig? config = null)
     {
         config ??= new ResumeSessionConfig();
         config.OnPermissionRequest ??= PermissionHandler.ApproveAll;
-        return Client.ResumeSessionAsync(sessionId, config);
+
+        await Client.StartAsync();
+        var port = Client.ActualPort
+            ?? throw new InvalidOperationException("The shared E2E client must use TCP transport to support multi-client resume.");
+
+        var client = Ctx.CreateClient(options: new CopilotClientOptions
+        {
+            CliUrl = $"localhost:{port}",
+            TcpConnectionToken = E2ETestFixture.SharedTcpConnectionToken,
+        });
+        return await client.ResumeSessionAsync(sessionId, config);
     }
 
     protected static string GetSystemMessage(ParsedHttpExchange exchange)