Skip to main content
Connect your AI agent to Linear so it acts on issue mentions and assignments — replying with comments, updating issues, and emitting agent activities. The user mentions or assigns a Linear issue; the bot webhook runs your agent and posts the reply back to the thread.

Quick Start

1

Set Environment Variables

2

Start Linear Bot

3

Configure Linear Webhook

Configure your Linear webhook to point to http://your-host:8080/webhook with AgentSession, Comment, and Issue events enabled.

Linear Setup

1

Create OAuth App or API Key

In Linear, go to Settings → API → Create OAuth App or Personal API Key. OAuth tokens require Bearer prefix; API keys are sent raw.
2

Configure Webhook

Set up a webhook pointing to https://your-host:8080/webhook with these events:
  • AgentSession (for mentions/assignments)
  • Comment (for comment threads)
  • Issue (for issue updates)
3

Copy Signing Secret

Save the webhook signing secret for HMAC-SHA256 verification and 60-second replay protection.

How It Works


User Interaction Flow

Alice assigns issue ENG-42 “Add user authentication to API” to the bot. The bot:
  1. Receives webhook → AgentSession event triggers the bot
  2. Analyzes issue → Reads title, description, and acceptance criteria
  3. Plans implementation → Breaks down into authentication middleware, tests, docs
  4. Posts status comment → “Working on authentication implementation…”
  5. Executes solution → Creates GitHub branch, writes code, adds tests
  6. Updates Linear → Comments with PR link and implementation summary
  7. Creates activity → Records bot response in Linear’s agent activity log

OAuth vs API Key Authentication

OAuth tokens take precedence. If LINEAR_OAUTH_TOKEN is set, LINEAR_API_KEY is ignored.

Configuration Options

For complete bot configuration options, see the messaging bots documentation.

Built-in Commands

The Linear bot includes these slash commands:

Webhook Security

Always set LINEAR_WEBHOOK_SECRET for production deployments. Missing secrets cause inbound webhooks to be rejected with HTTP 401 (fail-closed). Set PRAISONAI_INSECURE_WEBHOOKS=true only for local development.
The bot implements Linear’s recommended security measures via the shared Webhook Verification stack:
  • HMAC-SHA256 signature verification using webhook secret
  • 60-second replay protection via timestamp validation
  • HTTPS enforcement recommended for production webhooks

Linear Tools

The following Linear tools work with the bot for comprehensive issue management:
See the complete Linear tools documentation for detailed usage examples.

Common Patterns

Perfect for issue categorization and initial analysis without modifications:
Complete development workflow from Linear issues to GitHub pull requests:
YAML configuration for gateway deployment:

Best Practices

Set LINEAR_WEBHOOK_SECRET for HMAC verification. Without it, webhooks are rejected with HTTP 401. Use PRAISONAI_INSECURE_WEBHOOKS=true only for local development. See Webhook Verification.
Grant minimum required permissions. For read-only bots, use tokens with limited scopes. For coding bots, ensure write access to issues and comments.
Deploy webhook endpoints behind HTTPS reverse proxies. Never expose HTTP webhook endpoints to the internet.
Implement secret rotation for both OAuth tokens and webhook secrets. Update Linear webhook configurations when rotating.

Messaging Bots

Platform support and bot protocols

Bot Gateway

Multi-platform bot orchestration

Linear Tools

Complete Linear API tool reference

CLI Bot Command

Command-line bot management