fix(galaxy): invalidate writer handle caches on session reconnect

Add IGalaxyDataWriter.InvalidateHandleCaches() and call it in
GalaxyDriver.ReopenAsync after RecreateAsync succeeds. Prior to this
fix, GatewayGalaxyDataWriter's _itemHandles and _supervisedHandles
dictionaries survived across reconnects, causing the next write to
skip AddItem and AdviseSupervisory against already-dead handles.

tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Tests/Runtime/GalaxyDriverWriteTests.cs

@@ -94,6 +94,9 @@ public sealed class GalaxyDriverWriteTests
             }
             return Task.FromResult<IReadOnlyList<WriteResult>>(results);
         }
+
+        /// <inheritdoc />
+        public void InvalidateHandleCaches() { /* no-op — this fake has no handle caches */ }
     }
 
     private static GalaxyAttribute Attr(string name, int sec)

tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Tests/Runtime/GalaxyTelemetryTests.cs

@@ -178,6 +178,9 @@ public sealed class GalaxyTelemetryTests
             CancellationToken cancellationToken)
             => Task.FromResult<IReadOnlyList<WriteResult>>(
                 writes.Select(_ => new WriteResult(0u)).ToList());
+
+        /// <inheritdoc />
+        public void InvalidateHandleCaches() { /* no-op — this fake has no handle caches */ }
     }
 
     private sealed class FakeHierarchy : IGalaxyHierarchySource

tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Tests/Runtime/GatewayGalaxyDataWriterTests.cs

@@ -0,0 +1,91 @@
+using Shouldly;
+using Xunit;
+using ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Config;
+using ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Runtime;
+
+namespace ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Tests.Runtime;
+
+/// <summary>
+///     Tests for <see cref="GatewayGalaxyDataWriter.InvalidateHandleCaches"/>.
+///     The SDK session types are sealed with internal ctors and cannot be faked, so we
+///     drive the cache-seeding path through
+///     <see cref="GatewayGalaxyDataWriter.SeedHandleCachesForTest"/> and verify the
+///     handle-count seams — the contract under test is purely that
+///     <see cref="GatewayGalaxyDataWriter.InvalidateHandleCaches"/> zeroes both dictionaries
+///     so the next write is forced to re-AddItem + re-AdviseSupervisory.
+/// </summary>
+public sealed class GatewayGalaxyDataWriterTests
+{
+    private static GalaxyMxSession MinimalSession()
+        => new(new GalaxyMxAccessOptions(ClientName: "OtOpcUa-Test"));
+
+    /// <summary>
+    ///     Approach (b): seed the item-handle cache directly via the internal test seam,
+    ///     confirm the count is positive, call <see cref="GatewayGalaxyDataWriter.InvalidateHandleCaches"/>,
+    ///     and confirm both caches are cleared.
+    ///     The next write (not simulated here — needs a live gw) would therefore be forced
+    ///     to re-AddItem because the cache is empty.
+    /// </summary>
+    [Fact]
+    public void InvalidateHandleCaches_clears_item_and_supervised_handle_caches()
+    {
+        var session = MinimalSession();
+        var writer = new GatewayGalaxyDataWriter(session, writeUserId: 0);
+
+        // Pre-seed both caches via the internal test seam so we can assert the
+        // "after a write" state without spinning up a real gRPC gateway session.
+        writer.SeedHandleCachesForTest("TestMachine_001.TestAttr", itemHandle: 42, supervised: true);
+
+        writer.CachedItemHandleCount.ShouldBe(1);
+        writer.CachedSupervisedHandleCount.ShouldBe(1);
+
+        writer.InvalidateHandleCaches();
+
+        writer.CachedItemHandleCount.ShouldBe(0);
+        writer.CachedSupervisedHandleCount.ShouldBe(0);
+    }
+
+    /// <summary>
+    ///     A second seed + invalidate cycle proves the method isn't one-shot — a reconnect
+    ///     followed by writes followed by another reconnect must also start fresh.
+    /// </summary>
+    [Fact]
+    public void InvalidateHandleCaches_is_repeatable_across_multiple_reconnects()
+    {
+        var session = MinimalSession();
+        var writer = new GatewayGalaxyDataWriter(session, writeUserId: 0);
+
+        // First session cycle
+        writer.SeedHandleCachesForTest("Tag.A", itemHandle: 1, supervised: false);
+        writer.SeedHandleCachesForTest("Tag.B", itemHandle: 2, supervised: true);
+        writer.CachedItemHandleCount.ShouldBe(2);
+        writer.InvalidateHandleCaches();
+        writer.CachedItemHandleCount.ShouldBe(0);
+        writer.CachedSupervisedHandleCount.ShouldBe(0);
+
+        // Second session cycle — handles re-populated after the reconnect's replay
+        writer.SeedHandleCachesForTest("Tag.A", itemHandle: 99, supervised: true);
+        writer.CachedItemHandleCount.ShouldBe(1);
+        writer.InvalidateHandleCaches();
+        writer.CachedItemHandleCount.ShouldBe(0);
+    }
+
+    /// <summary>
+    ///     <see cref="GatewayGalaxyDataWriter.InvalidateHandleCaches"/> on a fresh (never-used)
+    ///     writer must be a no-op rather than throwing — the reconnect supervisor may call it
+    ///     before any write has occurred.
+    /// </summary>
+    [Fact]
+    public void InvalidateHandleCaches_on_empty_caches_is_a_noop()
+    {
+        var session = MinimalSession();
+        var writer = new GatewayGalaxyDataWriter(session, writeUserId: 0);
+
+        // Caches are empty — must not throw.
+        writer.CachedItemHandleCount.ShouldBe(0);
+        writer.CachedSupervisedHandleCount.ShouldBe(0);
+        writer.InvalidateHandleCaches();
+        writer.CachedItemHandleCount.ShouldBe(0);
+        writer.CachedSupervisedHandleCount.ShouldBe(0);
+    }
+}