From linear-pack
Provides production readiness checklist for Linear integrations, covering authentication, error handling, rate limits, monitoring, observability, and data handling for deployments.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin linear-packThis skill is limited to using the following tools:
Comprehensive checklist and implementation patterns for deploying Linear integrations to production. Covers authentication, error handling, rate limiting, monitoring, data handling, and deployment verification.
Provides runbooks for Linear integration incidents: severity classification, curl checks for status/auth/rate limits, TypeScript SDK diagnostics for outages and errors.
Provides production deployment checklist for MaintainX integrations verifying security, resilience, data integrity, observability, and performance.
Manages Linear issues, projects, and teams using Linear CLI via Bash, MCP tools (mcp__linear), helper scripts, and varlock for secure API key handling. Supports creation, updates, comments, listing, and setup checks.
Share bugs, ideas, or general feedback.
Comprehensive checklist and implementation patterns for deploying Linear integrations to production. Covers authentication, error handling, rate limiting, monitoring, data handling, and deployment verification.
.env files in production)[ ] Production API key generated (separate from dev)
[ ] API key stored in secret manager (Vault, AWS SM, GCP SM)
[ ] OAuth redirect URIs updated for production domain
[ ] Webhook secrets are unique per environment
[ ] All dev secrets rotated before launch
[ ] HTTPS enforced on all endpoints
[ ] Webhook HMAC-SHA256 verification implemented
[ ] Webhook timestamp validation (< 60s age)
[ ] Token refresh flow implemented (mandatory since Oct 2025)
[ ] All Linear API calls wrapped in try/catch
[ ] Rate limit retry with exponential backoff (max 5 retries)
[ ] 30s timeout on all API calls
[ ] Graceful degradation when Linear API is down
[ ] Error logging includes context (no secrets in logs)
[ ] InvalidInputLinearError caught separately from network errors
[ ] Alerts configured for auth failures and error rate spikes
[ ] Pagination with first:50 for all list queries
[ ] Caching for static data (teams, states, labels) — 10-30 min TTL
[ ] Request batching for bulk operations (20 mutations per batch)
[ ] Query complexity stays under 5,000 pts per request
[ ] No polling — webhooks for real-time updates
[ ] N+1 query patterns eliminated (use rawRequest for joins)
[ ] Response times monitored with p95 alerting
[ ] Health check endpoint hitting Linear API
[ ] API latency metrics collected per operation
[ ] Error rate monitoring with alerting (>1% = alert)
[ ] Rate limit remaining tracked (alert if < 100 requests)
[ ] Structured JSON logging for API calls and webhooks
[ ] Webhook delivery tracking via Linear-Delivery header
[ ] No PII logged or stored unnecessarily
[ ] Webhook event idempotency (deduplicate by Linear-Delivery)
[ ] Data retention policy defined for synced data
[ ] Stale data detection with periodic consistency checks
import { LinearClient } from "@linear/sdk";
interface ProdConfig {
linear: { apiKey: string; webhookSecret: string };
rateLimit: { maxRetries: number; baseDelayMs: number; maxDelayMs: number };
cache: { teamsTtl: number; statesTtl: number; labelsTtl: number };
timeouts: { requestMs: number; webhookProcessMs: number };
}
const config: ProdConfig = {
linear: {
apiKey: await getSecret("linear-api-key-prod"),
webhookSecret: await getSecret("linear-webhook-secret-prod"),
},
rateLimit: { maxRetries: 5, baseDelayMs: 1000, maxDelayMs: 30000 },
cache: { teamsTtl: 600, statesTtl: 1800, labelsTtl: 600 },
timeouts: { requestMs: 30000, webhookProcessMs: 5000 },
};
function createProductionClient(): LinearClient {
return new LinearClient({ apiKey: config.linear.apiKey });
}
interface HealthStatus {
status: "healthy" | "degraded" | "unhealthy";
latencyMs: number;
details: {
authentication: boolean;
apiReachable: boolean;
rateLimitOk: boolean;
};
timestamp: string;
}
async function checkHealth(client: LinearClient): Promise<HealthStatus> {
const start = Date.now();
const details = { authentication: false, apiReachable: false, rateLimitOk: true };
try {
const viewer = await client.viewer;
details.authentication = true;
details.apiReachable = true;
const latencyMs = Date.now() - start;
return {
status: latencyMs > 3000 ? "degraded" : "healthy",
latencyMs,
details,
timestamp: new Date().toISOString(),
};
} catch (error: any) {
details.apiReachable = !error.message?.includes("ENOTFOUND");
return {
status: "unhealthy",
latencyMs: Date.now() - start,
details,
timestamp: new Date().toISOString(),
};
}
}
// Express endpoint
app.get("/health/linear", async (req, res) => {
const health = await checkHealth(client);
res.status(health.status === "unhealthy" ? 503 : 200).json(health);
});
// scripts/verify-deployment.ts
import { LinearClient } from "@linear/sdk";
async function verify(): Promise<void> {
console.log("Verifying Linear integration...\n");
const checks = [
{
name: "Environment variables",
check: async () => !!(process.env.LINEAR_API_KEY && process.env.LINEAR_WEBHOOK_SECRET),
},
{
name: "API authentication",
check: async () => { await new LinearClient({ apiKey: process.env.LINEAR_API_KEY! }).viewer; return true; },
},
{
name: "Team access",
check: async () => {
const client = new LinearClient({ apiKey: process.env.LINEAR_API_KEY! });
const teams = await client.teams();
return teams.nodes.length > 0;
},
},
{
name: "Write capability",
check: async () => {
const client = new LinearClient({ apiKey: process.env.LINEAR_API_KEY! });
const teams = await client.teams();
const r = await client.createIssue({
teamId: teams.nodes[0].id,
title: "[DEPLOY-CHECK] Safe to delete",
});
if (r.success) {
const issue = await r.issue;
await issue?.delete();
}
return r.success;
},
},
];
let passed = 0;
let failed = 0;
for (const { name, check } of checks) {
try {
const ok = await check();
console.log(ok ? ` PASS: ${name}` : ` FAIL: ${name}`);
ok ? passed++ : failed++;
} catch (error: any) {
console.log(` FAIL: ${name} — ${error.message}`);
failed++;
}
}
console.log(`\nResults: ${passed} passed, ${failed} failed`);
if (failed > 0) process.exit(1);
}
verify();
// Key metrics to track after deploy
const ALERT_THRESHOLDS = {
errorRate: 0.01, // Alert if >1% of requests fail
p99LatencyMs: 3000, // Alert if p99 > 3 seconds
rateLimitRemaining: 100, // Alert if remaining requests < 100
};
// First 30 minutes after deploy: watch for
// - Auth failures (key mismatch between environments)
// - Rate limit spikes (init burst fetching too much data)
// - Webhook signature failures (secret not updated in new env)
| Issue | Cause | Solution |
|---|---|---|
Health check unhealthy | API key invalid/expired | Regenerate key, update secret manager |
| Webhook sig fails in prod | Secret mismatch | Verify LINEAR_WEBHOOK_SECRET matches Linear webhook config |
| Rate limit burst on deploy | Startup fetches too much | Add request queue, cache static data |
| Deploy verification fails | Missing env vars | Run verification locally first |