VS Code extension v2.1.119 uses deprecated `/v1/session_ingress/session/{id}` — archived Web sessions show "failed to fetch"

Resolved 💬 1 comment Opened Apr 25, 2026 by gagexhill Closed May 28, 2026

Bug report: Claude Code VS Code extension calls deprecated /v1/session_ingress/session/{id} for archived Web sessions, producing "failed to fetch"

Repo to file under: anthropics/claude-code (or VS Code marketplace publisher's bug tracker if separate)

Extension: Anthropic.claude-code v2.1.119 (current latest as of 2026-04-13 per Marketplace)
Platform: Windows 11 + VS Code (also reproducible on any host since the bug is in the bundled extension.js)
Account type: Claude Max subscription, OAuth scope user:sessions:claude_code

---

Summary

Opening any archived session from the Claude Code panel's Web tab in VS Code produces a failed to fetch error. Root cause: the extension's teleportSession helper attempts to load conversation messages from GET https://api.anthropic.com/v1/session_ingress/session/{sessionId}, which the server has deprecated and now responds to with HTTP 403 + body:

{"error":{"message":"session-ingress no longer serves CCR worker connections; use ccr /v1/code/sessions","type":"..."}}

The list of Web sessions (GET /v1/sessions) still works, so the names render in the side panel, but every per-session content fetch fails. Net effect: users see their old sessions but cannot open or interact with them — and the in-extension "delete" only hides locally, leaving the server-side records orphaned forever.

Reproduction

  1. Have a Claude Max account with one or more older Claude Code background/Web sessions (i.e. session_status: "archived").
  2. Install/update extension to v2.1.119.
  3. Open the Claude Code side panel → click the Web tab.
  4. Click any session in the list.
  5. Observe: notification "Failed to fetch ..." in VS Code; webview never loads the conversation.

Expected

The selected Web session should open and display its message history (or, if archived/disconnected, surface that state cleanly with an option to delete).

Server response (decoded from extension behavior)

The deprecation pointer in the 403 body suggests the new path. Confirmed working endpoints when called with the same OAuth bearer + anthropic-beta: ccr-byoc-2025-07-29 + x-organization-uuid headers:

| Old (extension uses) | New (works) |
|---|---|
| GET /v1/session_ingress/session/{id}403 (deprecated) | GET /v1/code/sessions/{id}/events?cursor={next_cursor} → 200 with paginated event log |
| GET /v1/sessions → 200 (still works) | GET /v1/code/sessions → 200 (parallel, recommended migration) |
| GET /v1/sessions/{id} → 200 (still works) | GET /v1/code/sessions/{id} → 200 (parallel, recommended migration) |

The new event endpoint paginates with ?cursor=<next_cursor> (returned in the response body); ordering is reverse-chronological.

Code reference

In bundled extension.js (v2.1.119), the function teleportSession(K) constructs:

let U = `${F3().BASE_API_URL}/v1/session_ingress/session/${K}`,
    D = await T_(U, {headers: x, timeout: 20000, validateStatus: (O) => O < 500, proxy: !1});

This needs to migrate to /v1/code/sessions/${K}/events and handle the new pagination shape ({data: [...events], next_cursor: "<int-as-string>"}).

Secondary issue: in-extension delete is a local hide

Same extension.js:

async deleteSession(K) {
  return await this.settings.hideSession(K),
         {type: "delete_session_response"}
}

There is no server-side DELETE call. Server-side records persist indefinitely with no user-facing way to remove them. The actual REST surface supports it — DELETE /v1/code/sessions/{id} returns HTTP 200 with empty body and removes the session from GET /v1/code/sessions. The extension should call it (gated by user confirmation) instead of just hiding locally.

Impact

  • Users accumulate orphaned server-side sessions they can neither read nor delete via the supported UI.
  • The "Web" tab becomes increasingly cluttered with broken entries that cannot be cleaned up without API access + manual scripting.
  • Privacy/data-hygiene concern: subscribers cannot purge old conversation history from Anthropic's servers via documented means.

Suggested fix

  1. Migrate teleportSession and any other callers from /v1/session_ingress/session/{id} to /v1/code/sessions/{id}/events + pagination.
  2. Migrate list/get from /v1/sessions to /v1/code/sessions (since the old surface seems to be in deprecation).
  3. Wire deleteSession to call DELETE /v1/code/sessions/{id} after a user confirmation dialog, falling back to the local hide only if the server call errors. Refresh the list on success.

Workaround for affected users

While the fix ships, users can clean up their orphaned sessions by calling the API directly with their OAuth token from ~/.claude/.credentials.json. Sketch (Python):

import json, urllib.request
creds = json.load(open(r'~/.claude/.credentials.json'))  # or %USERPROFILE%/.claude/.credentials.json on Windows
tok = creds['claudeAiOauth']['accessToken']
org = creds['organizationUuid']
H = {
    'Authorization': f'Bearer {tok}',
    'anthropic-beta': 'ccr-byoc-2025-07-29',
    'anthropic-version': '2023-06-01',
    'x-organization-uuid': org,
}
# List
sessions = json.loads(urllib.request.urlopen(
    urllib.request.Request('https://api.anthropic.com/v1/code/sessions', headers=H)).read())
# Delete each
for s in sessions['data']:
    urllib.request.urlopen(urllib.request.Request(
        f'https://api.anthropic.com/v1/code/sessions/{s["id"]}', headers=H, method='DELETE'))

(Beta header ccr-byoc-2025-07-29 is required; without it, the surface 4xxs.)

Environment

  • VS Code: latest (any version that loads ext v2.1.119)
  • Extension: Anthropic.claude-code-2.1.119-win32-x64
  • OS: Windows 11 Pro 26200
  • Account: Claude Max subscription (subscriptionType: "max")
  • Organization: single-user org
  • Reproducible on every archived session in the user's Web tab (18 of 18 in this report)

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗