fix: retry auth token delivery to chat iframe with backoff

When the chat iframe sends coder:vscode-ready, the session token
may not be available yet if deployment setup is still in progress
after a reload. Previously, handleMessage silently returned, leaving
the iframe stuck on 'Authenticating...' forever with no recovery.

Now sendAuthToken retries up to 5 times with exponential backoff
(500ms, 1s, 2s, 4s, 8s). If the token is still unavailable after
all retries, a coder:auth-error message is sent to the webview,
which shows the error and a Retry button so the user can try again
after signing in.

Author: ThomasK33

.vscode-test.mjs

@@ -1,7 +1,7 @@
 import { defineConfig } from "@vscode/test-cli";
 
 // VS Code to Electron/Node version mapping:
-//   VS Code 1.106 (Jun 2025) -> Node 22 - Minimum supported
+//   VS Code 1.106 (Oct 2025) -> Node 22 - Minimum supported
 //   VS Code stable           -> Latest
 const versions = ["1.106.0", "stable"];
 

src/webviews/chat/chatPanelProvider.ts

@@ -94,19 +94,46 @@ export class ChatPanelProvider
 		}
 		const msg = message as { type?: string };
 		if (msg.type === "coder:vscode-ready") {
-			const token = this.client.getSessionToken();
-			if (!token) {
-				this.logger.warn(
-					"Chat iframe requested auth but no session token available",
+			this.sendAuthToken();
+		}
+	}
+
+	/**
+	 * Attempt to forward the session token to the chat iframe.
+	 * The token may not be available immediately after a reload
+	 * (e.g. deployment setup is still in progress), so we retry
+	 * with exponential backoff before giving up.
+	 */
+	private static readonly MAX_AUTH_RETRIES = 5;
+	private static readonly AUTH_RETRY_BASE_MS = 500;
+
+	private sendAuthToken(attempt = 0): void {
+		const token = this.client.getSessionToken();
+		if (!token) {
+			if (attempt < ChatPanelProvider.MAX_AUTH_RETRIES) {
+				const delay = ChatPanelProvider.AUTH_RETRY_BASE_MS * 2 ** attempt;
+				this.logger.info(
+					`Chat: no session token yet, retrying in ${delay}ms ` +
+						`(attempt ${attempt + 1}/${ChatPanelProvider.MAX_AUTH_RETRIES})`,
 				);
+				setTimeout(() => this.sendAuthToken(attempt + 1), delay);
 				return;
 			}
-			this.logger.info("Chat: forwarding token to iframe");
+			this.logger.warn(
+				"Chat iframe requested auth but no session token available " +
+					"after all retries",
+			);
 			this.view?.webview.postMessage({
-				type: "coder:auth-bootstrap-token",
-				token,
+				type: "coder:auth-error",
+				error: "No session token available. Please sign in and retry.",
 			});
+			return;
 		}
+		this.logger.info("Chat: forwarding token to iframe");
+		this.view?.webview.postMessage({
+			type: "coder:auth-bootstrap-token",
+			token,
+		});
 	}
 
 	private getIframeHtml(embedUrl: string, allowedOrigin: string): string {
@@ -136,6 +163,17 @@ export class ChatPanelProvider
       font-family: var(--vscode-font-family, sans-serif);
       font-size: 13px; padding: 16px; text-align: center;
     }
+    #retry-btn {
+      margin-top: 12px; padding: 6px 16px;
+      background: var(--vscode-button-background, #0e639c);
+      color: var(--vscode-button-foreground, #fff);
+      border: none; border-radius: 2px; cursor: pointer;
+      font-family: var(--vscode-font-family, sans-serif);
+      font-size: 13px;
+    }
+    #retry-btn:hover {
+      background: var(--vscode-button-hoverBackground, #1177bb);
+    }
   </style>
 </head>
 <body>
@@ -172,6 +210,22 @@ export class ChatPanelProvider
             payload: { token: data.token },
 	          }, '${allowedOrigin}');
         }
+
+        if (data.type === 'coder:auth-error') {
+          status.innerHTML = '';
+          status.appendChild(document.createTextNode(data.error || 'Authentication failed.'));
+          const btn = document.createElement('button');
+          btn.id = 'retry-btn';
+          btn.textContent = 'Retry';
+          btn.addEventListener('click', () => {
+            status.textContent = 'Authenticating…';
+            vscode.postMessage({ type: 'coder:vscode-ready' });
+          });
+          status.appendChild(document.createElement('br'));
+          status.appendChild(btn);
+          status.style.display = 'block';
+          iframe.style.display = 'none';
+        }
       });
     })();
   </script>