feat(kiloclaw): add Linear CLI integration#1407
Conversation
Install @schpet/linear-cli in the container image and wire up LINEAR_API_KEY through the secret catalog, bootstrap, and dashboard settings UI — following the same pattern used for GitHub.
…ntegration (Bootstrap)
Reorder Linear entry to order 5 (last in tools), add a proper LinearIcon component with the official logo SVG, and fix the icon map to use the 'linear' key instead of 'list-checks'.
| validationPattern: '^lin_api_[a-zA-Z0-9_-]{40}$', | ||
| validationMessage: | ||
| 'Linear API keys start with lin_api_ followed by 40 alphanumeric, underscore, or hyphen characters.', | ||
| maxLength: 100, |
There was a problem hiding this comment.
this can be shortened to 50 safely (or 48 exactly), however the other entries in this catalog also pad their keys substantially, and it arguably provides a better UX when matched with the regex (for example, if whitespace was copied in addition to the key)
| RUN npm install -g @schpet/linear-cli@1.11.1 | ||
|
|
||
| # Clean up xz-utils now that Node.js and linear-cli are installed | ||
| RUN apt-get purge -y xz-utils \ |
There was a problem hiding this comment.
linear-cli requires node for install
evanjacobson
changed the title
| RUN npm install -g @kilocode/cli@7.0.46 | ||
|
|
||
| # Install Linear CLI (issue tracker) | ||
| RUN npm install -g @schpet/linear-cli@1.11.1 |
There was a problem hiding this comment.
There are security vulnerabilities on a dependency of this package. I have posted a PR to fix them.
I will bump the version to the latest release after it merges.
There was a problem hiding this comment.
There are security vulnerabilities on a dependency of this package. I have posted a PR to fix them.
I will bump the version to the latest release after it merges.
I am still discussing the changes with the repo owner. This may need to be a follow-up. The vulnerabilities are not exposed in linear-cli regardless.
![kilo-code-bot[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
Code Review SummaryStatus: 1 Issues Found | Recommendation: Address before merge Overview
Fix these issues in Kilo Cloud Issue Details (click to expand)WARNING
Other Observations (not in diff)N/A Files Reviewed (11 files)
Reviewed by gpt-5.4-20260305 · 2,340,145 tokens |
The /root volume persists across redeploys, so `linear auth login --plaintext` leaves credentials on disk that survive after LINEAR_API_KEY is removed from env. Now configureLinear() removes ~/.config/linear/ (credentials.toml + linear.toml) when no API key is set, matching the cleanup pattern used by configureGitHub().
These files store API secrets, so credential cleanup failures should not be silently swallowed. Split the two rm calls into independent try/catch blocks so both are always attempted, and surface the error message in warnings since rm -rf/-f already exit 0 for absent targets.
Cover the second rm failure, both rm calls failing simultaneously, and non-Error thrown values exercising the instanceof fallback.
| // Remove any previously stored credentials from the persistent volume. | ||
| // The CLI recreates ~/.config/linear/ via ensureDir on next auth login. | ||
| try { | ||
| deps.execFileSync('rm', ['-rf', '/root/.config/linear'], { stdio: 'pipe' }); |
There was a problem hiding this comment.
| // The CLI recreates ~/.config/linear/ via ensureDir on next auth login. | ||
| try { | ||
| deps.execFileSync('rm', ['-rf', '/root/.config/linear'], { stdio: 'pipe' }); | ||
| deps.execFileSync('rm', ['-f', '/root/.linear.toml'], { stdio: 'pipe' }); |
There was a problem hiding this comment.
| // The CLI recreates ~/.config/linear/ via ensureDir on next auth login. | ||
| // rm -rf/-f exit 0 when the target is absent, so errors here are | ||
| // genuine failures (permissions, I/O) worth surfacing. | ||
| try { |
There was a problem hiding this comment.
separately trying each file delete operation out of an abundance of caution — if one fails, the other one is still tried.
| deps.execFileSync('rm', ['-rf', '/root/.config/linear'], { stdio: 'pipe' }); | ||
| } catch (err) { | ||
| console.warn( | ||
| `WARNING: failed to remove /root/.config/linear: ${err instanceof Error ? err.message : err}` |
There was a problem hiding this comment.
Other warnings logged after a catch in this file do not contain the error, but these are intentionally included, as these files contain credentials and need to be deleted
Cc: line 364
evanjacobson
force-pushed
the
feature/kiloclaw-linear-cli
branch
from
e811161 to
b466318
Compare
2 participants
Summary
Adds Linear CLI (
@schpet/linear-cli) as a tool available in KiloClaw instances, letting agents manage Linear issues directly from the terminal.@schpet/linear-cli@1.11.1in both production and local images; defersxz-utilscleanup until after the installLINEAR_API_KEYfield withlin_api_validation pattern, icon, and help link to Linear security settingsconfigureLinearstep that wires up the env var;updateToolsMdLinearSectionappends/removes a bounded reference section in TOOLS.md so the agent knows how to use the CLI (flags, gotchas, config file)LINEAR_API_KEYis removed,configureLineardeletes~/.config/linear/and~/.linear.tomlfrom the persistent/rootvolume to prevent stale credentials from surviving across redeploys. Each removal is independently try/caught so both are always attempted.SettingsTab, newLinearIconSVG component, andsecret-ui-adapterwiring (icon map + description)configureLinear,updateToolsMdLinearSection, and updated catalog/route assertionsVerification
pnpm vitest— bootstrap, secret-catalog, and route tests passlinearbinary availableVisual Changes
Reviewer Notes
<!-- BEGIN:linear -->/<!-- END:linear -->markers, same pattern as the other tool sectionsxz-utilspurge was moved to a later Dockerfile stage because the Linear CLI npm install needs itFollow-up
@schpet/linear-clionce schpet/linear-cli#194 (dependency security fix) merges