feat: gate chat panel on agents experiment and improve auth resilience (#851)

- Fetch experiments on login to set coder.agentsEnabled context, controlling chat panel visibility in the sidebar
- Retry auth token delivery to chat iframe with exponential backoff (up to 5 attempts) when the token isn't available immediately after reload
- Show retry button in chat webview when auth fails after all attempts
- Return boolean from commands.open() so the URI handler can clear pendingChatId when the user cancels or the open fails
- Guard experiment context update against logout race

Author: ThomasK33

package.json

@@ -193,7 +193,7 @@
 					"icon": "media/tasks-logo.svg"
 				}
 			],
-			"panel": [
+			"secondarySidebar": [
 				{
 					"id": "coderChat",
 					"title": "Coder Chat (Experimental)",
@@ -237,7 +237,8 @@
 					"type": "webview",
 					"id": "coder.chatPanel",
 					"name": "Coder Chat (Experimental)",
-					"icon": "media/shorthand-logo.svg"
+					"icon": "media/shorthand-logo.svg",
+					"when": "coder.agentsEnabled"
 				}
 			]
 		},

src/commands.ts

@@ -430,7 +430,7 @@ export class Commands {
 
 	 * Throw if not logged into a deployment.
 	 */
-	public async openFromSidebar(item: OpenableTreeItem) {
+	public async openFromSidebar(item: OpenableTreeItem): Promise<void> {
 		if (item) {
 			const baseUrl = this.extensionClient.getAxiosInstance().defaults.baseURL;
 			if (!baseUrl) {
@@ -464,7 +464,7 @@ export class Commands {
 		} else {
 			// If there is no tree item, then the user manually ran this command.
 			// Default to the regular open instead.
-			return this.open();
+			await this.open();
 		}
 	}
 
@@ -529,7 +529,7 @@ export class Commands {
 		agentName?: string,
 		folderPath?: string,
 		openRecent?: boolean,
-	): Promise<void> {
+	): Promise<boolean> {
 		const baseUrl = this.extensionClient.getAxiosInstance().defaults.baseURL;
 		if (!baseUrl) {
 			throw new Error("You are not logged in");
@@ -545,18 +545,24 @@ export class Commands {
 			workspace = await this.pickWorkspace();
 			if (!workspace) {
 				// User declined to pick a workspace.
-				return;
+				return false;
 			}
 		}
 
 		const agents = await this.extractAgentsWithFallback(workspace);
 		const agent = await maybeAskAgent(agents, agentName);
 		if (!agent) {
 			// User declined to pick an agent.
-			return;
+			return false;
 		}
 
-		await this.openWorkspace(baseUrl, workspace, agent, folderPath, openRecent);
+		return this.openWorkspace(
+			baseUrl,
+			workspace,
+			agent,
+			folderPath,
+			openRecent,
+		);
 	}
 
 	/**
@@ -745,7 +751,7 @@ export class Commands {
 		agent: WorkspaceAgent,
 		folderPath: string | undefined,
 		openRecent = false,
-	) {
+	): Promise<boolean> {
 		const remoteAuthority = toRemoteAuthority(
 			baseUrl,
 			workspace.owner_name,
@@ -788,7 +794,7 @@ export class Commands {
 				});
 				if (!folderPath) {
 					// User aborted.
-					return;
+					return false;
 				}
 			}
 		}
@@ -806,14 +812,15 @@ export class Commands {
 				// Open this in a new window!
 				newWindow,
 			);
-			return;
+			return true;
 		}
 
 		// This opens the workspace without an active folder opened.
 		await vscode.commands.executeCommand("vscode.newWindow", {
 			remoteAuthority: remoteAuthority,
 			reuseWindow: !newWindow,
 		});
+		return true;
 	}
 }
 

src/core/contextManager.ts

@@ -4,6 +4,7 @@ const CONTEXT_DEFAULTS = {
 	"coder.authenticated": false,
 	"coder.isOwner": false,
 	"coder.loaded": false,
+	"coder.agentsEnabled": false,
 	"coder.workspace.connected": false,
 	"coder.workspace.updatable": false,
 } as const;

src/core/mementoManager.ts

@@ -58,27 +58,22 @@ export class MementoManager {
 		return isFirst === true;
 	}
 
-	/**
-	 * Store a chat ID to open after a window reload.
-	 * Used by the /open deep link handler: it must call
-	 * commands.open() which triggers a remote-authority
-	 * reload, wiping in-memory state.  The chat ID is
-	 * persisted here so the extension can pick it up on
-	 * the other side of the reload.
-	 */
+	/** Store a chat ID to open after a remote-authority reload. */
 	public async setPendingChatId(chatId: string): Promise<void> {
 		await this.memento.update("pendingChatId", chatId);
 	}
 
-	/**
-	 * Read and clear the pending chat ID.  Returns
-	 * undefined if none was stored.
-	 */
+	/** Read and clear the pending chat ID (undefined if none). */
 	public async getAndClearPendingChatId(): Promise<string | undefined> {
 		const chatId = this.memento.get<string>("pendingChatId");
 		if (chatId !== undefined) {
 			await this.memento.update("pendingChatId", undefined);
 		}
 		return chatId;
 	}
+
+	/** Clear the pending chat ID without reading it. */
+	public async clearPendingChatId(): Promise<void> {
+		await this.memento.update("pendingChatId", undefined);
+	}
 }

src/deployment/deploymentManager.ts

@@ -137,6 +137,7 @@ export class DeploymentManager implements vscode.Disposable {
 		this.registerAuthListener();
 		// Contexts must be set before refresh (providers check isAuthenticated)
 		this.updateAuthContexts(deployment.user);
+		this.updateExperimentContexts();
 		this.refreshWorkspaces();
 
 		const deploymentWithoutAuth: Deployment =
@@ -166,6 +167,7 @@ export class DeploymentManager implements vscode.Disposable {
 		this.oauthSessionManager.clearDeployment();
 		this.client.setCredentials(undefined, undefined);
 		this.updateAuthContexts(undefined);
+		this.contextManager.set("coder.agentsEnabled", false);
 		this.clearWorkspaces();
 	}
 
@@ -251,6 +253,28 @@ export class DeploymentManager implements vscode.Disposable {
 		this.contextManager.set("coder.isOwner", isOwner);
 	}
 
+	/**
+	 * Fetch enabled experiments and update context keys.
+	 * Runs in the background so it does not block login.
+	 */
+	private updateExperimentContexts(): void {
+		this.client
+			.getExperiments()
+			.then((experiments) => {
+				if (!this.isAuthenticated()) {
+					return;
+				}
+				this.contextManager.set(
+					"coder.agentsEnabled",
+					experiments.includes("agents"),
+				);
+			})
+			.catch((err) => {
+				this.logger.warn("Failed to fetch experiments", err);
+				this.contextManager.set("coder.agentsEnabled", false);
+			});
+	}
+
 	/**
 	 * Refresh all workspace providers asynchronously.
 	 */

src/uri/uriHandler.ts

@@ -93,20 +93,29 @@ async function handleOpen(ctx: UriRouteContext): Promise<void> {
 	// a remote-authority reload that wipes in-memory state.
 	// The extension picks this up after the reload in activate().
 	const chatId = params.get("chatId");
+	const mementoManager = serviceContainer.getMementoManager();
 	if (chatId) {
-		const mementoManager = serviceContainer.getMementoManager();
 		await mementoManager.setPendingChatId(chatId);
 	}
 
 	await setupDeployment(params, serviceContainer, deploymentManager);
 
-	await commands.open(
-		owner,
-		workspace,
-		agent ?? undefined,
-		folder ?? undefined,
-		openRecent,
-	);
+	let opened = false;
+	try {
+		opened = await commands.open(
+			owner,
+			workspace,
+			agent ?? undefined,
+			folder ?? undefined,
+			openRecent,
+		);
+	} finally {
+		// Clear the pending chat ID if commands.open() did not
+		// actually open a window (user cancelled, or it threw).
+		if (!opened && chatId) {
+			await mementoManager.clearPendingChatId();
+		}
+	}
 }
 
 async function handleOpenDevContainer(ctx: UriRouteContext): Promise<void> {

src/webviews/chat/chatPanelProvider.ts

@@ -27,6 +27,7 @@ export class ChatPanelProvider
 	private view?: vscode.WebviewView;
 	private disposables: vscode.Disposable[] = [];
 	private chatId: string | undefined;
+	private authRetryTimer: ReturnType<typeof setTimeout> | undefined;
 
 	constructor(
 		private readonly client: CoderApi,
@@ -94,19 +95,50 @@ export class ChatPanelProvider
 		}
 		const msg = message as { type?: string };
 		if (msg.type === "coder:vscode-ready") {
-			const token = this.client.getSessionToken();
-			if (!token) {
-				this.logger.warn(
-					"Chat iframe requested auth but no session token available",
+			this.sendAuthToken();
+		}
+	}
+
+	/**
+	 * Attempt to forward the session token to the chat iframe.
+	 * The token may not be available immediately after a reload
+	 * (e.g. deployment setup is still in progress), so we retry
+	 * with exponential backoff before giving up.
+	 */
+	private static readonly MAX_AUTH_RETRIES = 5;
+	private static readonly AUTH_RETRY_BASE_MS = 500;
+
+	private sendAuthToken(attempt = 0): void {
+		clearTimeout(this.authRetryTimer);
+		const token = this.client.getSessionToken();
+		if (!token) {
+			if (attempt < ChatPanelProvider.MAX_AUTH_RETRIES) {
+				const delay = ChatPanelProvider.AUTH_RETRY_BASE_MS * 2 ** attempt;
+				this.logger.info(
+					`Chat: no session token yet, retrying in ${delay}ms ` +
+						`(attempt ${attempt + 1}/${ChatPanelProvider.MAX_AUTH_RETRIES})`,
+				);
+				this.authRetryTimer = setTimeout(
+					() => this.sendAuthToken(attempt + 1),
+					delay,
 				);
 				return;
 			}
-			this.logger.info("Chat: forwarding token to iframe");
+			this.logger.warn(
+				"Chat iframe requested auth but no session token available " +
+					"after all retries",
+			);
 			this.view?.webview.postMessage({
-				type: "coder:auth-bootstrap-token",
-				token,
+				type: "coder:auth-error",
+				error: "No session token available. Please sign in and retry.",
 			});
+			return;
 		}
+		this.logger.info("Chat: forwarding token to iframe");
+		this.view?.webview.postMessage({
+			type: "coder:auth-bootstrap-token",
+			token,
+		});
 	}
 
 	private getIframeHtml(embedUrl: string, allowedOrigin: string): string {
@@ -136,6 +168,17 @@ export class ChatPanelProvider
       font-family: var(--vscode-font-family, sans-serif);
       font-size: 13px; padding: 16px; text-align: center;
     }
+    #retry-btn {
+      margin-top: 12px; padding: 6px 16px;
+      background: var(--vscode-button-background, #0e639c);
+      color: var(--vscode-button-foreground, #fff);
+      border: none; border-radius: 2px; cursor: pointer;
+      font-family: var(--vscode-font-family, sans-serif);
+      font-size: 13px;
+    }
+    #retry-btn:hover {
+      background: var(--vscode-button-hoverBackground, #1177bb);
+    }
   </style>
 </head>
 <body>
@@ -170,7 +213,23 @@ export class ChatPanelProvider
           iframe.contentWindow.postMessage({
             type: 'coder:vscode-auth-bootstrap',
             payload: { token: data.token },
-	          }, '${allowedOrigin}');
+          }, '${allowedOrigin}');
+        }
+
+        if (data.type === 'coder:auth-error') {
+          status.textContent = '';
+          status.appendChild(document.createTextNode(data.error || 'Authentication failed.'));
+          const btn = document.createElement('button');
+          btn.id = 'retry-btn';
+          btn.textContent = 'Retry';
+          btn.addEventListener('click', () => {
+            status.textContent = 'Authenticating…';
+            vscode.postMessage({ type: 'coder:vscode-ready' });
+          });
+          status.appendChild(document.createElement('br'));
+          status.appendChild(btn);
+          status.style.display = 'block';
+          iframe.style.display = 'none';
         }
       });
     })();
@@ -190,6 +249,7 @@ text-align:center;}</style></head>
 	}
 
 	dispose(): void {
+		clearTimeout(this.authRetryTimer);
 		for (const d of this.disposables) {
 			d.dispose();
 		}

test/mocks/testHelpers.ts

@@ -8,7 +8,7 @@ import axios, {
 import { vi } from "vitest";
 import * as vscode from "vscode";
 
-import type { User } from "coder/site/src/api/typesGenerated";
+import type { Experiment, User } from "coder/site/src/api/typesGenerated";
 import type { IncomingMessage } from "node:http";
 
 import type { CoderApi } from "@/api/coderApi";
@@ -504,6 +504,7 @@ export class MockCoderApi implements Pick<
 	| "getHost"
 	| "getAuthenticatedUser"
 	| "dispose"
+	| "getExperiments"
 > {
 	private _host: string | undefined;
 	private _token: string | undefined;
@@ -541,6 +542,10 @@ export class MockCoderApi implements Pick<
 		this._disposed = true;
 	});
 
+	readonly getExperiments = vi.fn(
+		(): Promise<Experiment[]> => Promise.resolve([]),
+	);
+
 	/**
 	 * Get current host (for assertions)
 	 */