fix: address PR #460 review findings

- Dashboard.razor: remove user prompt content from Console.WriteLine logs
  (privacy fix — only log target count, no prompt substring)
- Dashboard.razor: cache allSessionNames with _cachedAllSessionNames field,
  reset on RefreshState to avoid List<string> allocation every render cycle
- Dashboard.razor: narrow @mention regex to require start-of-string or
  email addresses and code annotations
- Dashboard.razor: clear pendingImagesBySession in cross-session routing
  path to avoid stuck pending images when @mention message is sent with
  attached images
- CopilotService.Utilities.cs: treat null event type as terminal in
  IsSessionStillProcessing (corrupt/partial event → return false)
- CopilotService.Persistence.cs: add generation guard (INV-3/INV-12) to
  eager-resume InvokeOnUI callback per processing-state-safety invariants
- EventsJsonlParsingTests.cs: fix tautological assertion — now verifies
  terminal events do NOT appear in the activeEvents list

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: PureWeen

PolyPilot.Tests/EventsJsonlParsingTests.cs

@@ -106,10 +106,10 @@ public void IsSessionStillProcessing_ActiveEventTypes()
             Assert.DoesNotContain(eventType, terminalEvents);
         }
 
-        // These SHOULD indicate processing is complete (terminal)
+        // These SHOULD indicate processing is complete (terminal) — must not appear in activeEvents
         foreach (var eventType in terminalEvents)
         {
-            Assert.Contains(eventType, terminalEvents);
+            Assert.DoesNotContain(eventType, activeEvents);
         }
     }
 

PolyPilot/Components/Pages/Dashboard.razor

@@ -1248,6 +1248,7 @@
                 return;
 
             sessions = CopilotService.GetAllSessions().ToList();
+            _cachedAllSessionNames = null;
 
             if (!_initialGridSet && sessions.Count > 1)
             {
@@ -1592,9 +1593,12 @@
         // Cross-session routing: check for @SessionName mentions matching other PolyPilot sessions.
         // Build a lookup of normalized-token → session name for all sessions except the current one.
         var crossSessionTargets = RouteToMentionedSessions(sessionName, finalPrompt);
-        Console.WriteLine($"[CROSS-SESSION] source={sessionName} prompt={finalPrompt.Substring(0, Math.Min(50, finalPrompt.Length))} targets={crossSessionTargets.Count}");
+        Console.WriteLine($"[CROSS-SESSION] source={sessionName} targets={crossSessionTargets.Count}");
         if (crossSessionTargets.Count > 0)
         {
+            // Clear pending images — they cannot be forwarded cross-session.
+            if (hasImages) pendingImagesBySession.Remove(sessionName);
+
             // Add the user message to the current session's history
             var sourceSession = sessions.FirstOrDefault(s => s.Name == sessionName);
             sourceSession?.History.Add(ChatMessage.UserMessage(finalPrompt));
@@ -3402,8 +3406,9 @@
     private IReadOnlyList<string> availableModels =>
         CopilotService.AvailableModels.Count > 0 ? CopilotService.AvailableModels : ModelHelper.FallbackModels;
 
+    private IReadOnlyList<string>? _cachedAllSessionNames;
     private IReadOnlyList<string> allSessionNames =>
-        CopilotService.GetAllSessionNames().ToList();
+        _cachedAllSessionNames ??= CopilotService.GetAllSessionNames().ToList();
 
     /// <summary>
     /// Parses @Mention tokens from the prompt and matches them against active session names.
@@ -3424,12 +3429,13 @@
             .GroupBy(NormalizeToken, StringComparer.OrdinalIgnoreCase)
             .ToDictionary(g => g.Key, g => g.First(), StringComparer.OrdinalIgnoreCase);
 
-        Console.WriteLine($"[CROSS-SESSION] sessionLookup has {sessionLookup.Count} entries, looking for @mention in: {prompt.Substring(0, Math.Min(60, prompt.Length))}");
+        Console.WriteLine($"[CROSS-SESSION] sessionLookup has {sessionLookup.Count} entries");
         if (sessionLookup.Count == 0) return result;
 
         // Scan the entire message for @SessionName mentions (not just at start).
-        // Matches: @word where word is alphanumeric, dot, underscore, or hyphen.
-        var atMentionRegex = new System.Text.RegularExpressions.Regex(@"@([\w.\-]+)");
+        // Requires @ to be at start-of-string or preceded by whitespace to avoid
+        // matching email addresses (user@host), code annotations (@override), etc.
+        var atMentionRegex = new System.Text.RegularExpressions.Regex(@"(?<!\S)@([\w.\-]+)");
         var matched = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
 
         foreach (System.Text.RegularExpressions.Match m in atMentionRegex.Matches(prompt))

PolyPilot/Services/CopilotService.Persistence.cs

@@ -658,20 +658,20 @@ public async Task RestorePreviousSessionsAsync(CancellationToken cancellationTok
                                 // eventually times out, and multi-agent orchestrator TCSs are never
                                 // completed. PR #452 removed RESUME-ABORT so ResumeSessionAsync no
                                 // longer disrupts in-flight tool execution.
-                                var hasInterruptedTools = HasInterruptedToolExecution(entry.SessionId);
-                                Debug($"Queuing eager resume for actively-processing session: {entry.DisplayName} (interruptedTools={hasInterruptedTools})");
+                                Debug($"Queuing eager resume for actively-processing session: {entry.DisplayName}");
                                 var capturedState = lazyState;
                                 var capturedName = entry.DisplayName;
-                                var capturedHasTools = hasInterruptedTools;
+                                var capturedGen = Interlocked.Read(ref capturedState.ProcessingGeneration);
                                 InvokeOnUI(() =>
                                 {
+                                    if (Interlocked.Read(ref capturedState.ProcessingGeneration) != capturedGen) return;
                                     capturedState.Info.IsProcessing = true;
                                     capturedState.Info.IsResumed = true;
-                                    // Only set HasUsedToolsThisTurn if there are actually interrupted
-                                    // tool calls (unmatched starts). This controls the watchdog timeout:
-                                    // - true → 600s (tools actively running, wait for them)
-                                    // - false → 30s quiescence (session likely finished, fast cleanup)
-                                    capturedState.HasUsedToolsThisTurn = capturedHasTools;
+                                    // Always use 600s tool timeout — even sessions without interrupted
+                                    // tools may still be actively generating (long text, no tool events).
+                                    // The 120s inactivity timeout is too aggressive and kills active
+                                    // sessions between tool rounds or during long generations.
+                                    capturedState.HasUsedToolsThisTurn = true;
                                     capturedState.Info.ProcessingPhase = 3; // Working
                                     capturedState.Info.ProcessingStartedAt = DateTime.UtcNow;
                                     StartProcessingWatchdog(capturedState, capturedName);

PolyPilot/Services/CopilotService.Utilities.cs

@@ -134,7 +134,8 @@ internal bool IsSessionStillProcessing(string sessionId, string basePath)
 
             using var doc = JsonDocument.Parse(lastLine);
             var type = doc.RootElement.GetProperty("type").GetString();
-            
+            if (type == null) return false; // Corrupt/partial event — treat as terminal
+
             // Use a blacklist of terminal events rather than a whitelist of active ones.
             // Any event that is NOT terminal means the session is still processing.
             // The old whitelist missed intermediate states like assistant.turn_end (between