Fix Linear implementer comment mention handling

[khaliqgant]

User description

Summary

• Keeps Linear comment.create mention-gating because cloud dispatch uses broad Linear watch paths and does not pre-filter comments by @-mention.
• Replaces the broken literal @agentrelay substring gate with Linear mention markdown/structured mention detection, inferred agent aliases, and optional MENTION alias overrides.
• Logs every early-return reason and adds a top-of-handler payload-shape diagnostic so future 0ms handler ACKs are explainable.
• Hardens issue id extraction for comment payload shapes before calling the existing harness -> PR path.

Notes

• The existing implementation branch (ctx.harness.run -> PR URL -> Linear comment) is unchanged; this PR fixes the guard that prevented it from being reached.
• MENTION is optional for the default Agent Relay/linear-implementer identity. Deployments with a custom Linear bot display name or user id should set MENTION to comma-separated aliases if the inferred aliases do not match.
• The relayfile GitHub/Linear mount materialization and comments/<id>.json path issue observed during probing is separate infra work and intentionally not changed here.

Validation

• npm run typecheck
• npm test
• npm run compile

---

Summary by cubic

Fixes Linear comment mention handling so the implementer only runs when explicitly addressed, and unwraps relayfile payloads for reliable issue/comment parsing. The PR-opening flow is unchanged; custom bot names can use optional MENTION aliases.

• Bug Fixes

  • Replace literal handle check with structured mention detection; infer aliases from agent/persona and support optional MENTION.
  • Unwrap relayfile resource.payload and accept camelCase/snake_case fields; harden issue ID/body extraction for comment.create and issue.create.
  • Keep self-reply guard and author identity check; log clear skip reasons with event diagnostics; export handleLinearEvent with unit tests (incl. relayfile shapes) and add npm test.

• Dependencies

  • Add dev dependency agentworkforce and override @opentelemetry/otlp-transformer to pin protobufjs.

^{Written for commit 971d6bc. Summary will update on new commits.}

---

CodeAnt-AI Description

Fix Linear comment mentions so the agent runs only when explicitly addressed

What Changed

• Linear comments now trigger the agent only when the comment clearly mentions it, instead of relying on a literal handle match.
• The agent recognizes common mention formats and can use optional alias names for custom Linear bot handles or display names.
• Comments from the agent itself still stop the loop, and skipped events are now logged with a clear reason.
• Added coverage for mentioned comments, non-mentioned comments, and self-replies; updated the Linear setup notes to explain the optional mention aliases.

Impact

✅ Fewer missed Linear requests
✅ Fewer accidental PR runs
✅ Clearer Linear setup for custom bot names

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

[coderabbitai]

Warning

Review limit reached

@khaliqgant, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 30 minutes and 47 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 108bc6d1-b72d-418e-a531-f55363d1292b

📥 Commits

Reviewing files that changed from the base of the PR and between ff52f70 and 971d6bc.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (11)

• granola/persona.json
• hn-monitor/persona.json
• linear/README.md
• linear/agent.ts
• linear/persona.json
• linear/persona.ts
• package.json
• review/persona.json
• spotify-releases/persona.json
• tests/linear-agent.test.mjs
• vendor-monitor/persona.json

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/linear-implementer-comment-trigger

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[codeant-ai]

🟠 Architect Review — HIGH

The plain-text mention matcher uses the pattern @([A-Za-z0-9][\w .-]{1,80}), so a comment like @agentrelay please implement is captured as agentrelay please implement; after normalization this never matches any alias, causing valid @alias … mentions (when no structured mention objects are present) to be ignored.

Suggestion: Tighten the plain-text @alias parsing to stop at the alias boundary (e.g. first whitespace/punctuation) before normalization, and add a test that a simple @alias please implement body triggers the handler when no structured mention objects are present.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.

**Path:** linear/agent.ts
**Line:** 226:234
**Comment:**
	*HIGH: The plain-text mention matcher uses the pattern `@([A-Za-z0-9][\w .-]{1,80})`, so a comment like `@agentrelay please implement` is captured as `agentrelay please implement`; after normalization this never matches any alias, causing valid `@alias …` mentions (when no structured mention objects are present) to be ignored.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

[codeant-ai]

Suggestion: This early-return loop guard is based only on comment text, not commenter identity, so any user can include the PR-phrase and force the handler to skip processing even when the agent is genuinely mentioned. Use author/user identity from the payload (or a trusted bot ID) for self-comment detection instead of content-only matching. [security]

Severity Level: Major ⚠️

- ❌ Legitimate @mentions skipped when body mimics bot reply.
- ⚠️ Any user can spoof self-comment phrases to bypass handler.
- ⚠️ Linear implementer automation becomes unreliable for some comments.

Steps of Reproduction ✅

1. Deploy the Linear implementer agent defined in `linear/agent.ts:28-39` so that Linear
`comment.create` events are handled by `handleLinearEvent` at `linear/agent.ts:46-76`.

2. Note that the self-reply loop guard is implemented purely via `isOwnComment(payload)`
at `linear/agent.ts:150-153`, which uses `commentBody` (`linear/agent.ts:141-147`) to read
only the comment text and checks for the phrases `'Opened a PR'` or `"couldn't open a
PR"`; no author or user identity fields from the payload are consulted anywhere in
`isOwnComment` or in the `comment.create` branch at `linear/agent.ts:63-74`.

3. From Linear, as a regular user (not the bot account), post a comment on an issue with a
body such as `"@agentrelay Opened a PR: https://github.com/owner/repo/pull/1"` so that a
webhook event with `source: 'linear'`, `type: 'comment.create'`, and that body text is
sent into `handleLinearEvent`.

4. When `handleLinearEvent` processes this event, it enters the `comment.create` branch at
`linear/agent.ts:63-74`, calls `isOwnComment(event.payload)` at line 65, and `commentBody`
returns the user's comment body. Because the body contains the substring `'Opened a PR'`,
`isOwnComment` returns `true` at `linear/agent.ts:150-152`, causing `handleLinearEvent` to
log a skip with reason `'own comment'` and return early at `linear/agent.ts:65-67` before
`commentMentionsAgent` or the harness run are reached.

5. As a result, a non-agent user can include the PR-phrase in their comment to force the
handler to treat it as a self-reply and skip processing, even if the comment explicitly
@-mentions the agent; this behavior is entirely content-based and independent of commenter
identity, enabling spoofing of self-comments.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** linear/agent.ts
**Line:** 65:67
**Comment:**
	*Security: This early-return loop guard is based only on comment text, not commenter identity, so any user can include the PR-phrase and force the handler to skip processing even when the agent is genuinely mentioned. Use author/user identity from the payload (or a trusted bot ID) for self-comment detection instead of content-only matching.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

👍 | 👎

[codeant-ai]

Suggestion: The plain @name mention regex is too permissive because it allows spaces, so it often captures the alias plus trailing words (for example "@agentrelay please implement" becomes one long token) and then fails alias matching. Restrict the capture to the mention token boundary (or stop at first whitespace/punctuation after the handle) so normal inline mentions are actually detected. [incorrect condition logic]

Severity Level: Critical 🚨

- ❌ Linear `comment.create` mentions fail to trigger implementer.
- ❌ Harness run and PR opening never execute for comments.
- ⚠️ Users must craft unnatural mention text to succeed.
- ⚠️ Mention-gating reliability for Linear comments is reduced.

Steps of Reproduction ✅

1. Deploy the Linear implementer agent defined in `linear/agent.ts:28-39`, which registers
a Linear `comment.create` trigger and routes events into `handleLinearEvent` at
`linear/agent.ts:46-50`.

2. Ensure the agent has a normal alias such as `agentrelay` inferred by `mentionAliases`
at `linear/agent.ts:192-209` (the inferred list includes `'agentrelay'` and `'agent
relay'`).

3. From Linear, post a comment on any issue so that a webhook event with `source:
'linear'`, `type: 'comment.create'`, and a body like `"@agentrelay please implement this
issue"` is sent to the workforce runtime, which delivers it to `handleLinearEvent`
(`linear/agent.ts:46-76`).

4. Inside `handleLinearEvent`, the `comment.create` branch at `linear/agent.ts:63-74`
calls `commentMentionsAgent(ctx, event.payload)` (`linear/agent.ts:160-185`), which in
turn calls `matchingBodyAlias(body, aliases)` at `linear/agent.ts:173-176`.

5. `matchingBodyAlias` builds `explicitMentions` using several regexes including the
plain-text pattern `@[A-Za-z0-9][\w .-]{1,80}` at `linear/agent.ts:225-231`. For the body
`"@agentrelay please implement this issue"`, this regex produces a single capture
`"agentrelay please implement this issue"` (it consumes the mention plus trailing
spaces/words).

6. `matchingAlias` (`linear/agent.ts:221-223`) compares this captured string against
aliases by normalizing with `compactToken` (`linear/agent.ts:272-273`). The mention
`"agentrelay please implement this issue"` normalizes to
`"agentrelaypleaseimplementthisissue"`, while the alias `"agentrelay"` normalizes to
`"agentrelay"`, so no alias matches.

7. Because `matchingBodyAlias` returns `undefined`, `commentMentionsAgent` returns `{
matched: false, reason: 'comment did not mention agent', ... }` at
`linear/agent.ts:178-185`, leading `handleLinearEvent` to call `logSkip` and return early
at `linear/agent.ts:69-73`. The harness run and PR-opening flow (`linear/agent.ts:87-105`)
are never executed even though the comment clearly @-mentioned the agent.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** linear/agent.ts
**Line:** 228:228
**Comment:**
	*Incorrect Condition Logic: The plain `@name` mention regex is too permissive because it allows spaces, so it often captures the alias plus trailing words (for example "`@agentrelay please implement`" becomes one long token) and then fails alias matching. Restrict the capture to the mention token boundary (or stop at first whitespace/punctuation after the handle) so normal inline mentions are actually detected.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

👍 | 👎

[codeant-ai]

CodeAnt AI finished reviewing your PR.

[agent-relay-code]

Reviewed and fixed PR #23 locally.

I fixed a Linear mention parsing regression where plain comments like @agentrelay please implement this were captured as one long mention and failed to match. Added tests for default plain mentions and configured comma-separated aliases.

I also made the repo compile script runnable after npm ci by adding the agentworkforce CLI dev dependency, pinned to the existing 3.0.39 line, and added a targeted protobufjs override so npm audit --audit-level=high stays clean. Recompiled persona JSON artifacts.

Local verification passed:

• npm test
• npm run typecheck
• npm run compile
• npm audit --audit-level=high

[agent-relay-code]

✅ pr-reviewer applied fixes — committed and pushed 2f72496 to this PR. The notes below describe what changed.

Reviewed PR #23 and fixed the remaining actionable bot finding.

Changed linear/agent.ts so the self-reply loop guard no longer trusts comment text alone. It now only treats “Opened a PR” / “couldn’t open a PR” as an own comment when the comment author identity matches the deployed agent aliases. Added regression coverage in tests/linear-agent.test.mjs for spoofed PR-reply text from a regular user.

Local verification passed:

• npm test
• npm run typecheck
• npm run compile
• npm audit --audit-level=high