Mark RunSessionHandler experimental (MCPEXP002)

[Copilot]

• Add MCPEXP002 diagnostic ID constants to src/Common/Experimentals.cs for RunSessionHandler (reusing MCPEXP002 instead of adding MCPEXP003)
• Apply [Experimental] attribute to RunSessionHandler property in HttpServerTransportOptions.cs with updated doc comment
• Include Experimentals.cs as a linked file in ModelContextProtocol.AspNetCore.csproj
• Add #pragma warning disable MCPEXP002 suppressions in internal source usages (SseHandler.cs, StreamableHttpHandler.cs)
• Add #pragma warning disable MCPEXP002 suppressions in test files
• Add #pragma warning disable MCPEXP002 suppression in sample (EverythingServer/Program.cs)
• Update docs/list-of-diagnostics.md: remove MCPEXP003, consolidate MCPEXP002 to cover both subclassing and RunSessionHandler, document the MCPEXP001 vs MCPEXP002 grouping
• Update Experimentals.cs class-level remarks to explain the MCPEXP001/MCPEXP002 distinction
• Fix wording in Experimentals.cs: "and RunSessionHandler" → "or referencing RunSessionHandler"
• Add note to HttpServerTransportOptions.RunSessionHandler doc comment about HttpContext coming from the initiating request and potentially being unusable after McpServer.RunAsync starts
• Build succeeds (0 warnings, 0 errors)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Make RunSessionHandler experimental and revisit design</issue_title>
<issue_description>The line to resolve services from the HttpContext here is unsafe because it comes from the initialize request that normally has already completed. I also think there's an issue where if you write a RunSessionHandler intentionally to complete early, it does not forcibly end the session. At the same time, having access to the HttpContext when a session starts before you call McpServer.RunAsync could be useful, so I don't want to prevent people from doing that in 1.0

For these reasons, and because we want to release 1.0, I think we should make the RunSessionHandler API experimental. We might have to delete it and replace it with something else. In some cases ConfigureSessionOptions might be the better option, so we should suggest that in the experimental warning. We should also mention that the API may be deleted or change signatures.

https://github.com/mikekistler/mcp-whats-new/blob/234486bf76fb917919ebc936424f00269eabb0f9/StreamResumability/server/Program.cs#L28

    .WithHttpTransport(options =>
    {
        // Use RunSessionHandler to clean up streams when a session ends
        options.RunSessionHandler = async (httpContext, mcpServer, cancellationToken) =>
        {
            try
            {
                await mcpServer.RunAsync(cancellationToken);
            }
            finally
            {
                // Delete all streams associated with this session when it ends
                if (!string.IsNullOrEmpty(mcpServer.SessionId))
                {
                    var eventStreamStore = httpContext.RequestServices.GetRequiredService<SessionTrackingEventStreamStore>();
                    await eventStreamStore.DeleteStreamsForSessionAsync(mcpServer.SessionId);
                }
            }
        };
```</issue_description>

<agent_instructions>Try to follow all the conventions in the repo for marking RunSessionHandler experimental.</agent_instructions>

## Comments on the Issue (you are @copilot in this section)

<comments>
</comments>

• Fixes Make RunSessionHandler experimental and revisit design #1382

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[jeffhandley]

@copilot Reuse the MCPEXP002 diagnostic ID. This defines the precedent (that should get new comments in Experimentals.cs) that MCPEXP001 is for experimental MCP spec features while MCPEXP002 is for experimental APIs in the SDK unrelated to the MCP specification itself. That should be explained in the list-of-diagnostics.md too.

[Copilot]

@copilot Reuse the MCPEXP002 diagnostic ID. This defines the precedent (that should get new comments in Experimentals.cs) that MCPEXP001 is for experimental MCP spec features while MCPEXP002...

Done in 8498b79. RunSessionHandler now reuses MCPEXP002 instead of introducing MCPEXP003. The Experimentals.cs class-level remarks now explain the grouping (MCPEXP001 = experimental MCP spec features; MCPEXP002 = experimental SDK APIs unrelated to the spec), and list-of-diagnostics.md has been updated to consolidate the MCPEXP002 row to cover both subclassing and RunSessionHandler with that distinction called out.

[halter73]

@copilot please make the suggested edits to the doc comments.

[Copilot]

@copilot please make the suggested edits to the doc comments.

Done in 304d726.