Transform Linear persona into chat lead

[khaliqgant]

User description

Summary

• transform agents/linear in place into the sandbox:false Linear chat lead
• add AgentSessionEvent.created/.prompted and issueCommentMention fallback trigger coverage for /linear/comments/**
• use @agentworkforce/runtime 3.0.41 unwrapResourceRecord and @relayfile/relay-helpers 0.3.31 Linear agent activity helpers
• route implement intent through ctx.workflow.run instead of direct ctx.harness.run, then post the PR URL back to the session/comment
• preserve Fix Linear implementer comment mention handling #23 mention/parser fallback behavior for real relayfile resource payloads

Verification

• npm run typecheck
• npm test
• npm run compile

Deploy note

No persona deploy in this PR. Operator-gated morning deploy should run: agentworkforce persona compile ./linear/persona.ts && agentworkforce deploy ./linear/persona.json --mode cloud

---

Summary by cubic

Transforms the Linear persona into a chat lead that runs agent-session conversations, posts thought/response activities, remembers short context, and delegates implementation to a workflow that opens PRs via the Cloud API. Adds a small PR script used by the workflow.

• New Features

  • Triggers: AgentSessionEvent.created/prompted on /linear/agent-sessions/** and /linear/comments/**, plus AppUserNotification.issueCommentMention on /linear/app-user-notifications/** with comment fallback; keep label-scoped issue.create on /linear/issues/**.
  • Chat handling: post a "thought" then a "response"; skip self activity; fall back to issue comments when no session; store short thread memory per session. Parse Linear payloads with unwrapResourceRecord to read issue id, session id, and prompt body across formats.
  • Implementation: classify intent with LLM; on "implement", write workflows/linear-chat-lead.ts, run the linear-chat-lead workflow, and post the PR URL. Workflow clones the repo and embeds linear/create-pr.script.ts to open PRs via the Cloud API using the workspace token (no gh).
  • Persona: renamed to linear-chat-lead with sandbox: false, memory: true, and model gpt-5.5.

• Dependencies

  • Bump @agentworkforce/persona-kit to ^3.0.41, @agentworkforce/runtime to ^3.0.41, @relayfile/relay-helpers to ^0.3.31, and dev agentworkforce to ^3.0.41.

^{Written for commit 47adf5b. Summary will update on new commits.}

---

CodeAnt-AI Description

Turn Linear issues into chat-led conversations that can answer, remember context, and hand off implementation

What Changed

• Linear now treats agent-session prompts and comment mentions as chat, replying in the thread and keeping short memory per session.
• When the user asks for implementation, it starts a coding workflow, then posts the PR link back into Linear when finished.
• The agent now handles more Linear event formats and keeps working on real comment payloads with mention fallbacks.
• It no longer runs through the old sandbox-based path; self-replies are still ignored to avoid loops.

Impact

✅ Faster Linear responses
✅ Less repeated context in follow-up chats
✅ Fewer missed PR links after implementation requests

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[codeant-ai]

CodeAnt AI is reviewing your PR.

[coderabbitai]

Warning

Review limit reached

@khaliqgant, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 9 minutes and 48 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 46a90b09-138c-474e-baac-ae7d9b7d4647

📥 Commits

Reviewing files that changed from the base of the PR and between edfd729 and 47adf5b.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (6)

• linear/agent.ts
• linear/create-pr.script.ts
• linear/persona.ts
• package.json
• tests/linear-agent.test.mjs
• tsconfig.json

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/1700-linear-chat-lead-scaffold

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[agent-relay-code]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed the PR artifacts and patched the actual gap.

Changed:

• packages/core/src/relayfile/provider-contracts.ts: Linear AgentSessionEvent.* triggers now derive both /linear/agent-sessions/** and /linear/comments/**.
• packages/core/tests/proactive-runtime-match.test.ts: strengthened the PR test so default { on: "AgentSessionEvent.prompted" } matches comment materialization paths without explicit paths.

Validation:

• Passed: node --import tsx --test packages/core/tests/proactive-runtime-match.test.ts
• Passed targeted core tests that do not require missing workspace links.
• Could not run Vitest-related web suite because node_modules/vitest/vitest.mjs is absent.
• Full core command partially ran but two unrelated files failed module resolution for missing workspace package link @cloud/daytona-runner.

[codeant-ai]

Suggestion: Repository selection is derived directly from issue text without any allowlist/authorization check, so a user can steer automation to arbitrary GitHub repos by adding a URL in the Linear issue. This can cause unauthorized clone/push/PR attempts against repos reachable by the bot token; restrict delegated repos to an explicit approved list or workspace-configured repo. [security]

Severity Level: Critical 🚨

- ❌ Automation can push commits to unapproved GitHub repositories.
- ❌ PRs may be opened in attacker-chosen external repos.

Steps of Reproduction ✅

1. Deploy the Linear agent in `linear/agent.ts` so that `issue.create` events with label
`agentrelay` are handled by `handleLinearEvent` (triggers at lines 52-59 and handler at
lines 66-131).

2. In Linear, create an issue labeled `agentrelay` whose title or description contains an
explicit GitHub URL for an unapproved repo, for example
`https://github.com/attacker/unapproved-repo` (this is what `parseRepo` scans at lines
72-78).

3. When the `issue.create` event arrives, `inferIntent` (lines 212-217) forces `intent ===
'implement'`, so `handleLinearEvent` calls `delegateImplementation` (lines 225-245), which
sets `const repo = parseRepo(issue) ?? 'AgentWorkforce/cloud';` at line 230; `parseRepo`
returns `attacker/unapproved-repo` from the user-provided URL.

4. Inside `workflowSource` (lines 247-329), that unvetted `repo` value is used to
construct `git clone https://github.com/' + REPO + '.git` and `gh pr create --repo ' +
REPO_OWNER + '/' + REPO_NAME` commands (lines 283-317), causing the automation to clone,
commit, push, and open a PR against the user-selected repository using the agent's GitHub
credentials without any allowlist or authorization check.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** linear/agent.ts
**Line:** 230:230
**Comment:**
	*Security: Repository selection is derived directly from issue text without any allowlist/authorization check, so a user can steer automation to arbitrary GitHub repos by adding a URL in the Linear issue. This can cause unauthorized clone/push/PR attempts against repos reachable by the bot token; restrict delegated repos to an explicit approved list or workspace-configured repo.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

👍 | 👎

[codeant-ai]

Suggestion: readIssueId now falls back to issue identifier values (AR-70 style) in places where downstream code treats the value as an issue id; this mixes two different identifiers and can break API calls that require the canonical id. Keep this function id-only and resolve identifiers separately when needed. [api mismatch]

Severity Level: Major ⚠️

- ❌ Some Linear events fail to resolve issues correctly.
- ⚠️ Implementation workflows may never start for affected events.

Steps of Reproduction ✅

1. Deploy the Linear agent so that events such as `AgentSessionEvent.created` and
`AppUserNotification.issueCommentMention` are handled by `handleLinearEvent` (lines 52-59
and 66-131), which calls `linearEventContext` (lines 133-141) to populate `issueId` using
`readIssueId`.

2. Consider a Linear payload where `unwrapResourceRecord` (used by `linearRecordPayload`
at lines 50-52) returns a record with `agentSession.issue.identifier` like `"ENG-123"` but
no `agentSession.issue.id`, which is plausible given the additional `agentSession` fields
wired into `readIssueId` (lines 356-367).

3. In this case, `readIssueId`'s return chain (lines 381-387) falls through from
`rec?.agentSession?.issue?.id ??` to `rec?.agentSession?.issue?.identifier ??` and then to
other identifier fields, so `issueId` becomes `"ENG-123"` even though downstream code
expects a canonical id.

4. `handleLinearEvent` then passes `eventContext.issueId` directly into
`linear.getIssue<LinearIssue>(eventContext.issueId)` at line 104, where the
`linearClient()` (imported at line 14) is designed to look up issues by id; using a
human-readable identifier instead can cause the API call to fail or target the wrong
resource, preventing the agent from classifying intent or delegating implementation for
such events.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** linear/agent.ts
**Line:** 382:387
**Comment:**
	*Api Mismatch: `readIssueId` now falls back to issue `identifier` values (`AR-70` style) in places where downstream code treats the value as an issue id; this mixes two different identifiers and can break API calls that require the canonical id. Keep this function id-only and resolve identifiers separately when needed.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

👍 | 👎

[codeant-ai]

CodeAnt AI finished reviewing your PR.

[agent-relay-code]

Reviewed and fixed the PR locally.

Changes made:

• Corrected Linear trigger paths to match the installed adapter paths:
  • /linear/agent-sessions/**
  • /linear/app-user-notifications/**
• Restored GitHub integration on the Linear persona because the delegated workflow clones/publishes GitHub changes.
• Hardened the generated workflow:
  • Uses WORKFORCE_CLOUD_BASE_URL with CLOUD_API_URL fallback.
  • Uses available GitHub tokens for clone auth without embedding the token value in generated command text.
• Added regression assertions for trigger paths, workflow cloud URL env, GitHub-token clone config, base branch handling, and implementation memory.

Local validation passed:

• npm test
• npm run typecheck
• npm run compile

[agent-relay-code]

Reviewed and fixed PR #25 locally.

Changed:

• Added configurable DEFAULT_REPO input for Linear implementation delegation, preserving AgentWorkforce/cloud as the default.
• Fixed deploy validation issue by avoiding optional: true with a defaulted persona input.
• Added test coverage for default and configured fallback repo behavior.
• Updated Linear and root README text to match the new chat-lead workflow.

Validated locally:

• npm test
• npm run typecheck
• npm run compile

[agent-relay-code]

Reviewed PR #25 and made one focused hardening change: added a regression test that writes the generated Linear implementation workflow to a temp .mjs file and runs node --check on it, so invalid generated workflow syntax cannot pass via substring assertions alone.

Local checks run:

• npm test
• npm run typecheck
• npm run compile

All passed locally.

[agent-relay-code]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed and fixed PR #25 locally.

Changed:

• linear/agent.ts: hardened Linear issue/session id extraction so UUID issue ids are preferred over identifiers and legacy data.* wrapped session payloads resolve correctly.
• tests/linear-agent.test.mjs: added regressions for UUID-vs-identifier precedence and legacy data-wrapped AgentSessionEvent payloads.

Verified locally:

• npm test
• npm run typecheck
• npm run compile

[cubic-dev-ai]

2 issues found across 5 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="linear/agent.ts">

<violation number="1" location="linear/agent.ts:123">
P2: Implement-intent path never stores user message in session memory via `rememberTurn`. The user's prompt is dropped silently, so follow-up events in the same session lose the original request context.</violation>

<violation number="2" location="linear/agent.ts:418">
P2: PR creation is hardcoded to baseBranch 'main', which breaks delegated runs for repositories with a different default branch.</violation>
</file>

<sub>Reply with feedback, questions, or to request a fix.

Re-trigger cubic</sub>

[cubic-dev-ai]

P2: Implement-intent path never stores user message in session memory via rememberTurn. The user's prompt is dropped silently, so follow-up events in the same session lose the original request context.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At linear/agent.ts, line 123:

<comment>Implement-intent path never stores user message in session memory via `rememberTurn`. The user's prompt is dropped silently, so follow-up events in the same session lose the original request context.</comment>

<file context>
@@ -54,58 +83,375 @@ export async function handleLinearEvent(
+    : [];
+  const intent = await classifyIntent(ctx, event, eventContext, issue, history);
+
+  if (intent.intent === 'implement') {
+    const start = intent.reply || 'I will start an implementation workflow and post the PR here when it is ready.';
+    await replyToLinear(linear, eventContext, start);
</file context>

[cubic-dev-ai]

P2: PR creation is hardcoded to baseBranch 'main', which breaks delegated runs for repositories with a different default branch.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At linear/agent.ts, line 418:

<comment>PR creation is hardcoded to baseBranch 'main', which breaks delegated runs for repositories with a different default branch.</comment>

<file context>
@@ -54,58 +83,375 @@ export async function handleLinearEvent(
+const response = await fetch(cloudApiUrl + '/api/v1/github/pull-request', {
+  method: 'POST',
+  headers: { authorization: 'Bearer ' + pullRequestAuthToken, 'content-type': 'application/json' },
+  body: JSON.stringify({ owner, repo, branch, baseSha, baseBranch: 'main', title, body, files }),
+});
+const payload = await response.json().catch(() => ({}));
</file context>

[agent-relay-code]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed the checked-out PR metadata, which points to AgentWorkforce/workforce PR #181 despite the prompt naming a different repo/PR.

I found and fixed a local CI breakage in package.json: workspace package exports resolve TypeScript declarations from dist, but root lint/typecheck could run before declarations existed. Root lint, typecheck, and check now build workspace packages before consuming exported workspace types, with check doing one upfront build.

Local verification passed:

corepack pnpm run check

[agent-relay-code]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed PR #25 locally and made one fix: implementation requests now save the user’s prompt to Linear session memory before delegation, matching the chat path and preserving context for follow-up turns. Added test coverage for the implementation memory writes.

Local validation passed:

• npm test
• npx tsc --noEmit
• npm run compile

No separate bot-review artifacts were present under .workforce.

[agent-relay-code]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed PR #25 and made fixes.

Changed:

• Saved implementation prompts as user session memory before delegation, so follow-up Linear Agent Session context includes the actual request.
• Hardened generated delegation workflow with:
  • deterministic preflight for git, node, and PR proxy credentials
  • blocker file handling before PR creation
  • implementation guidance to run relevant repo checks
• Added regression assertions for implementation memory and generated workflow preflight/blocker behavior.
• Updated stale Linear/root README text to match the new chat-lead workflow model.

Local verification passed:

• npm test
• npm run typecheck
• npm run compile

[agent-relay-code]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed PR #25 and fixed the valid findings, including bot-review comments visible on the PR page.

Changes made:

• Saved implementation-request user prompts into Linear session memory.
• Removed issue-text-derived repo selection; delegation now uses approved DEFAULT_REPO.
• Added DEFAULT_REPO persona input and restored GitHub integration metadata.
• Made issue extraction id-only, avoiding Linear AR-70 identifiers as API ids.
• Added legacy data-wrapped AgentSessionEvent handling.
• Made PR creation use the cloned repo’s default branch instead of hardcoded main.
• Added generated workflow syntax coverage and regressions for the above.

Local validation passed:

• npm test
• npm run typecheck
• npm run compile

Source checked for bot comments: #25

[agent-relay-code]

⚠️ pr-reviewer did not push — the PR branch advanced during the review, so fixes were withheld to avoid overwriting newer commits. Re-trigger the review once the branch settles. The notes below are advisory and were not pushed.

Reviewed and fixed the PR locally.

Changes made:

• Updated linear/agent.ts so implementation requests save the user prompt into session memory before status/result replies.
• Added test assertions covering that implementation-session memory behavior.
• Updated linear/README.md to describe the new chat-lead behavior instead of the old Linear implementer.
• Regenerated persona metadata via the compile script, including linear/persona.json.

Local verification passed:

• npm test
• npm run typecheck
• npm run compile