fix(server): session update check (#12877)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **Bug Fixes**
- Improved validation to prevent updates to sessions with action prompts
and restrict certain updates on forked sessions.
- **Tests**
- Expanded and clarified test coverage for session updates, pinning
behavior, and session type conversions, with more explicit error
handling and validation scenarios.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

packages/backend/server/src/models/copilot-session.ts

@@ -293,18 +293,32 @@ export class CopilotSessionModel extends BaseModel {
   ): Promise<string> {
     const session = await this.getExists(
       sessionId,
-      { id: true, workspaceId: true, docId: true, pinned: true, prompt: true },
+      {
+        id: true,
+        workspaceId: true,
+        docId: true,
+        parentSessionId: true,
+        pinned: true,
+        prompt: true,
+      },
       { userId }
     );
     if (!session) {
       throw new CopilotSessionNotFound();
     }
+
+    // not allow to update action session
+    if (session.prompt.action) {
+      throw new CopilotSessionInvalidInput(
+        `Cannot update action: ${session.id}`
+      );
+    } else if (data.docId && session.parentSessionId) {
+      throw new CopilotSessionInvalidInput(
+        `Cannot update docId for forked session: ${session.id}`
+      );
+    }
+
     if (data.promptName) {
-      if (session.prompt.action) {
-        throw new CopilotSessionInvalidInput(
-          `Cannot update prompt for action: ${session.id}`
-        );
-      }
       const prompt = await this.db.aiPrompt.findFirst({
         where: { name: data.promptName },
       });