Fix remote agent host reconnect hang for SSH and tunnel paths

[roblourens]

Problem

When a remote Agent Host SSH or dev-tunnel connection silently dies (TCP half-open before ssh2 / dev-tunnels keepalives detect it), the SDK calls used to (re)create the relay can hang forever:

• SSH: client.forwardOut(...) inside _createWebSocketRelay has no timeout and the callback never fires when the SSH client is unresponsive.
• Tunnel: relayClient.connect(), waitForForwardedPort(), connectToForwardedPort(), and the WebSocket 'open' event have no timeouts.

Because connect(replaceRelay=true) reuses the existing dead sshClient and the renderer's _reconnectSSHEntries was single-shot, the per-host pending flag stayed set and auto-reconnect was effectively disabled for the lifetime of the shared process. Reloading the window didn't help — the dead client lives in the shared-process _connections map. Only quitting and restarting the app recovered.

Fix

Layer	Change
sshRemoteAgentHostService	Wrap _createWebSocketRelay in connect(replaceRelay=true) with raceTimeout (60s, slightly above ssh2's keepalive failure window). On timeout the existing catch ends the dead sshClient and purges it from _connections, so the next attempt starts fresh.
tunnelAgentHostService	Wrap the four hangable dev-tunnels SDK calls with per-step timeouts (30s each); dispose relayClient on any timeout/failure so we don't leak it.
remoteAgentHost.contribution	Rewrite _reconnectSSHEntries with exponential-backoff retry mirroring the proven tunnel pattern (1s → 30s, max 10 attempts then pause). Resumes on config / connection-change events. Per-host state lives in a single SSHReconnectState with a MutableDisposable timer (disposableTimeout), owned by a DisposableMap so disposing the contribution (or removing a host) cancels pending timers automatically.

Validation

• ✅ TypeScript: npm run compile-check-ts-native clean.
• ✅ All 46 SSH main service tests pass, including a new test (reconnect rejects with timeout when relay creation hangs) that simulates a stuck relay via a hangRelayCreationOnCall hook and verifies the timeout fires + sshClient.end() is called.
• ✅ All 167 RemoteAgentHost (renderer) tests pass.
• ⚠️ No live repro included — the synthetic-network setup needed to deterministically reproduce the silent-death scenario is non-trivial. The unit test exercises the exact main-process code path that hangs in production.

How to verify by hand

The most deterministic synthetic repro for SSH:

# 1. Connect an SSH agent host (e.g. to a localhost SSH alias).
# 2. Find the per-connection sshd child:
lsof -i tcp:22 -sTCP:ESTABLISHED -P -n
# 3. Freeze it (simulates a dead network without closing the socket):
sudo kill -STOP <sshd-child-pid>
# 4. Trigger any host activity. Watch the agents output channel for:
#      "SSH relay creation timed out after 60000ms"
#      "Scheduling SSH reconnect ... in 1000ms (attempt 2/10)"
# 5. Restore:
sudo kill -CONT <sshd-child-pid>
# Within the next backoff window the host should reconnect.

Realistic real-world repro: close laptop lid for >10 min, wake, and confirm the host recovers without restarting the app.

[Copilot]

Pull request overview

Fixes cases where remote Agent Host reconnect could hang indefinitely (SSH relay creation and dev-tunnels connect steps) after a silent network drop, which in turn could permanently disable auto-reconnect until the app was restarted.

Changes:

• Add a bounded timeout to SSH relay creation on the replaceRelay reconnect path so a dead SSH client can be torn down and retried.
• Add per-step timeouts (connect, waitForForwardedPort, connectToForwardedPort, WebSocket open) to tunnel connect flow, with relay client cleanup on failure/timeout.
• Rework renderer-side SSH auto-reconnect to use retry w/ exponential backoff and per-host reconnect state; add a unit test covering the SSH hang/timeout scenario.

Show a summary per file

File	Description
src/vs/sessions/contrib/remoteAgentHost/browser/remoteAgentHost.contribution.ts	Adds per-host SSH reconnect state and exponential-backoff retry scheduling in the Agents window contribution.
src/vs/platform/agentHost/test/node/sshRemoteAgentHostService.test.ts	Adds a regression test that simulates a stuck relay creation and asserts reconnect times out and ends the SSH client.
src/vs/platform/agentHost/node/tunnelAgentHostService.ts	Wraps dev-tunnels SDK connection steps with timeouts and ensures relay client disposal on failure.
src/vs/platform/agentHost/node/sshRemoteAgentHostService.ts	Wraps _createWebSocketRelay with raceTimeout on reconnect to avoid indefinite hangs and force cleanup/retry.

Copilot's findings

• Files reviewed: 4/4 changed files
• Comments generated: 2

[Copilot]

Copilot's findings

• Files reviewed: 6/6 changed files
• Comments generated: 1

[Copilot]

Copilot's findings

Comments suppressed due to low confidence (1)

src/vs/platform/agentHost/browser/remoteAgentHostServiceImpl.ts:250

• When replacing an existing managed entry in addManagedConnection, the previous entry’s transportDisposable is intentionally not disposed. If that disposable owns resources (e.g. renderer-side handles/event listeners), this becomes a leak on repeated reconnects/replacements because it is neither disposed nor retained by the new entry. Consider making the transport teardown transferable (e.g. generation-guarded disposable that can be disposed safely on replacement, or a per-address MutableDisposable that updates ownership) so the previous disposable can be cleaned up without disconnecting the freshly-established tunnel.

		const existingEntry = this._entries.get(address);
		if (existingEntry) {
			this._entries.delete(address);
			existingEntry.store.dispose();
		}

• Files reviewed: 8/8 changed files
• Comments generated: 0 new

[github-actions]

Base: 37ad80f8 Current: 1eaaa5ab

No screenshot changes.