Quick Start
- CLI
- YAML
- Python SDK
1
Set Environment Variables
2
Start Linear Bot
3
Configure Linear Webhook
Configure your Linear webhook to point to
http://your-host:8080/webhook with AgentSession, Comment, and Issue events enabled.Linear Setup
1
Create OAuth App or API Key
In Linear, go to Settings → API → Create OAuth App or Personal API Key. OAuth tokens require
Bearer prefix; API keys are sent raw.2
Configure Webhook
Set up a webhook pointing to
https://your-host:8080/webhook with these events:- AgentSession (for mentions/assignments)
- Comment (for comment threads)
- Issue (for issue updates)
3
Copy Signing Secret
Save the webhook signing secret for HMAC-SHA256 verification and 60-second replay protection.
How It Works
User Interaction Flow
Alice assigns issue ENG-42 “Add user authentication to API” to the bot. The bot:- Receives webhook → AgentSession event triggers the bot
- Analyzes issue → Reads title, description, and acceptance criteria
- Plans implementation → Breaks down into authentication middleware, tests, docs
- Posts status comment → “Working on authentication implementation…”
- Executes solution → Creates GitHub branch, writes code, adds tests
- Updates Linear → Comments with PR link and implementation summary
- Creates activity → Records bot response in Linear’s agent activity log
OAuth vs API Key Authentication
OAuth tokens take precedence. If
LINEAR_OAUTH_TOKEN is set, LINEAR_API_KEY is ignored.Configuration Options
For complete bot configuration options, see the messaging bots documentation.
Built-in Commands
The Linear bot includes these slash commands:Webhook Security
The bot implements Linear’s recommended security measures via the shared Webhook Verification stack:- HMAC-SHA256 signature verification using webhook secret
- 60-second replay protection via timestamp validation
- HTTPS enforcement recommended for production webhooks
Linear Tools
The following Linear tools work with the bot for comprehensive issue management:Common Patterns
Read-Only Triage Bot
Read-Only Triage Bot
Perfect for issue categorization and initial analysis without modifications:
Full Coder Bot with GitHub Integration
Full Coder Bot with GitHub Integration
Complete development workflow from Linear issues to GitHub pull requests:
Gateway Multi-Bot Setup
Gateway Multi-Bot Setup
YAML configuration for gateway deployment:
Best Practices
Always Configure Webhook Secrets
Always Configure Webhook Secrets
Set
LINEAR_WEBHOOK_SECRET for HMAC verification. Without it, webhooks are rejected with HTTP 401. Use PRAISONAI_INSECURE_WEBHOOKS=true only for local development. See Webhook Verification.Scope OAuth Tokens Appropriately
Scope OAuth Tokens Appropriately
Grant minimum required permissions. For read-only bots, use tokens with limited scopes. For coding bots, ensure write access to issues and comments.
Use HTTPS in Production
Use HTTPS in Production
Deploy webhook endpoints behind HTTPS reverse proxies. Never expose HTTP webhook endpoints to the internet.
Rotate Secrets Regularly
Rotate Secrets Regularly
Implement secret rotation for both OAuth tokens and webhook secrets. Update Linear webhook configurations when rotating.
Related
Messaging Bots
Platform support and bot protocols
Bot Gateway
Multi-platform bot orchestration
Linear Tools
Complete Linear API tool reference
CLI Bot Command
Command-line bot management

