ClaudeSDKClient session_id does not isolate context in single long-lived client

[cdxiaodong]

Bug: ClaudeSDKClient.query(session_id=...) does not isolate conversation context in a single long-lived client

Summary

When using one long-lived ClaudeSDKClient and sending requests with different session_id values, context is still shared.

session_B can read secrets written in session_A.

I also need a true in-process context reset (clear_context) to avoid reconnect overhead, but current behavior does not provide reliable reset semantics for this use case.

Environment

• claude-agent-sdk version: 0.1.33
• Python: 3.14
• SDK transport: bundled CLI via SubprocessCLITransport

Reproduction (minimal)

import asyncio
from claude_agent_sdk import ClaudeSDKClient, ClaudeAgentOptions
from claude_agent_sdk.types import AssistantMessage, ResultMessage, TextBlock

async def ask(client, sid, prompt):
    await client.query(prompt, session_id=sid)
    text, actual_sid = [], None
    async for m in client.receive_response():
        if isinstance(m, AssistantMessage):
            for b in m.content:
                if isinstance(b, TextBlock):
                    text.append(b.text)
        elif isinstance(m, ResultMessage):
            actual_sid = m.session_id
    return "".join(text), actual_sid

async def main():
    opts = ClaudeAgentOptions(model="claude-4.6", isolated_sessions=True, allowed_tools=[])
    async with ClaudeSDKClient(opts) as client:
        secret = "sk_example_secret"

        _, sid_a1 = await ask(client, "session_A", f"Remember this: {secret}. Reply ACK")
        b_text, sid_b1 = await ask(
            client,
            "session_B",
            'In THIS conversation only, do you know any sk_ secret? Return JSON {"knows": false, "secret": null}'
        )

        print("A sid:", sid_a1)
        print("B sid:", sid_b1)
        print("B text:", b_text)

asyncio.run(main())

Observed behavior

• ResultMessage.session_id is the same for A and B requests.
• session_B returns the secret from session_A (context leak).
• clear_context behavior is not sufficient for per-session reset in this single-process isolation scenario.

Observed output from real run:

{
  "a1_sid": "7d21d722-de79-42cb-a752-a7e4efd45b5a",
  "b1_sid": "7d21d722-de79-42cb-a752-a7e4efd45b5a",
  "routing_ab_diff_ok": false,
  "session_b_leaks_secret": true
}

Expected behavior

• With one long-lived ClaudeSDKClient, different session_id values should be truly isolated.
• session_B must not access session_A context.
• A fast and reliable in-process context reset API is needed (e.g. clear_context(session_id=...) semantics that actually reset target context without reconnecting).

Why this matters

My use case is passive message processing with one persistent SDK process for latency reasons. Reconnecting for every request is too slow; I need deterministic context isolation/reset while keeping the process alive.

Request

Please confirm whether this is a known limitation in current CLI/SDK session routing, and whether true per-session isolation + reliable in-process context reset is planned.