fix: restore staging linear handler and utils with teamId support

Restores the staging version of linear provider handler and trigger
utils that were accidentally regressed. Key restorations:
- teamId sub-block and allPublicTeams fallback in createSubscription
- Timestamp skew validation in verifyAuth
- actorType renaming in formatInput (avoids TriggerOutput collision)
- url field in formatInput and all output builders
- edited field in comment outputs
- externalId validation after webhook creation
- isLinearEventMatch returns false (not true) for unknown triggers

Adds extractIdempotencyId to the linear provider handler for webhook
deduplication support.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/lib/webhooks/providers/linear.ts

@@ -1,9 +1,11 @@
 import crypto from 'crypto'
 import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
 import { safeCompare } from '@/lib/core/security/encryption'
 import { generateId } from '@/lib/core/utils/uuid'
 import { getNotificationUrl, getProviderConfig } from '@/lib/webhooks/provider-subscription-utils'
 import type {
+  AuthContext,
   DeleteSubscriptionContext,
   EventMatchContext,
   FormatInputContext,
@@ -12,7 +14,6 @@ import type {
   SubscriptionResult,
   WebhookProviderHandler,
 } from '@/lib/webhooks/providers/types'
-import { createHmacVerifier } from '@/lib/webhooks/providers/utils'
 
 const logger = createLogger('WebhookProvider:Linear')
 
@@ -41,16 +42,73 @@ function validateLinearSignature(secret: string, signature: string, body: string
   }
 }
 
+const LINEAR_WEBHOOK_TIMESTAMP_SKEW_MS = 5 * 60 * 1000
+
 export const linearHandler: WebhookProviderHandler = {
-  verifyAuth: createHmacVerifier({
-    configKey: 'webhookSecret',
-    headerName: 'Linear-Signature',
-    validateFn: validateLinearSignature,
-    providerLabel: 'Linear',
-  }),
+  async verifyAuth({
+    request,
+    rawBody,
+    requestId,
+    providerConfig,
+  }: AuthContext): Promise<NextResponse | null> {
+    const secret = providerConfig.webhookSecret as string | undefined
+    if (!secret) {
+      return null
+    }
+
+    const signature = request.headers.get('Linear-Signature')
+    if (!signature) {
+      logger.warn(`[${requestId}] Linear webhook missing signature header`)
+      return new NextResponse('Unauthorized - Missing Linear signature', { status: 401 })
+    }
+
+    if (!validateLinearSignature(secret, signature, rawBody)) {
+      logger.warn(`[${requestId}] Linear signature verification failed`)
+      return new NextResponse('Unauthorized - Invalid Linear signature', { status: 401 })
+    }
+
+    try {
+      const parsed = JSON.parse(rawBody) as Record<string, unknown>
+      const ts = parsed.webhookTimestamp
+      if (typeof ts !== 'number' || !Number.isFinite(ts)) {
+        logger.warn(`[${requestId}] Linear webhookTimestamp missing or invalid`)
+        return new NextResponse('Unauthorized - Invalid webhook timestamp', {
+          status: 401,
+        })
+      }
+
+      if (Math.abs(Date.now() - ts) > LINEAR_WEBHOOK_TIMESTAMP_SKEW_MS) {
+        logger.warn(
+          `[${requestId}] Linear webhookTimestamp outside allowed skew (${LINEAR_WEBHOOK_TIMESTAMP_SKEW_MS}ms)`
+        )
+        return new NextResponse('Unauthorized - Webhook timestamp skew too large', {
+          status: 401,
+        })
+      }
+    } catch (error) {
+      logger.warn(
+        `[${requestId}] Linear webhook body parse failed after signature verification`,
+        error
+      )
+      return new NextResponse('Unauthorized - Invalid webhook body', { status: 401 })
+    }
+
+    return null
+  },
 
   async formatInput({ body }: FormatInputContext): Promise<FormatInputResult> {
     const b = body as Record<string, unknown>
+    const rawActor = b.actor
+    let actor: unknown = null
+    if (rawActor && typeof rawActor === 'object' && !Array.isArray(rawActor)) {
+      const a = rawActor as Record<string, unknown>
+      const { type: linearActorType, ...rest } = a
+      actor = {
+        ...rest,
+        actorType: typeof linearActorType === 'string' ? linearActorType : null,
+      }
+    }
+
     return {
       input: {
         action: b.action || '',
@@ -59,7 +117,8 @@ export const linearHandler: WebhookProviderHandler = {
         webhookTimestamp: b.webhookTimestamp || 0,
         organizationId: b.organizationId || '',
         createdAt: b.createdAt || '',
-        actor: b.actor || null,
+        url: typeof b.url === 'string' ? b.url : '',
+        actor,
         data: b.data || null,
         updatedFrom: b.updatedFrom || null,
       },
@@ -108,6 +167,20 @@ export const linearHandler: WebhookProviderHandler = {
 
     const notificationUrl = getNotificationUrl(ctx.webhook)
     const webhookSecret = generateId()
+    const teamId = config.teamId as string | undefined
+
+    const input: Record<string, unknown> = {
+      url: notificationUrl,
+      resourceTypes,
+      secret: webhookSecret,
+      enabled: true,
+    }
+
+    if (teamId) {
+      input.teamId = teamId
+    } else {
+      input.allPublicTeams = true
+    }
 
     try {
       const response = await fetch('https://api.linear.app/graphql', {
@@ -123,14 +196,7 @@ export const linearHandler: WebhookProviderHandler = {
               webhook { id enabled }
             }
           }`,
-          variables: {
-            input: {
-              url: notificationUrl,
-              resourceTypes,
-              secret: webhookSecret,
-              enabled: true,
-            },
-          },
+          variables: { input },
         }),
       })
 
@@ -153,6 +219,12 @@ export const linearHandler: WebhookProviderHandler = {
       }
 
       const externalId = result.webhook?.id
+      if (typeof externalId !== 'string' || !externalId.trim()) {
+        throw new Error(
+          'Linear webhook was created but the API response did not include a webhook id.'
+        )
+      }
+
       logger.info(
         `[${ctx.requestId}] Created Linear webhook ${externalId} for webhook ${ctx.webhook.id}`
       )

apps/sim/triggers/linear/utils.ts

@@ -84,6 +84,7 @@ export function linearSetupInstructions(eventType: string, additionalNotes?: str
 export function linearV2SetupInstructions(eventType: string, additionalNotes?: string): string {
   const instructions = [
     'Enter your Linear API Key above. You can create one in Linear at <a href="https://linear.app/settings/api" target="_blank" rel="noopener noreferrer">Settings &gt; API &gt; Personal API keys</a>.',
+    'Optionally enter a <strong>Team ID</strong> to scope the webhook to a single team. Leave it empty to receive events from all public teams. You can find Team IDs in Linear under <a href="https://linear.app/settings" target="_blank" rel="noopener noreferrer">Settings &gt; Teams</a> or via the API.',
     `Click <strong>"Save Configuration"</strong> to automatically create the webhook in Linear for <strong>${eventType}</strong> events.`,
     'The webhook will be automatically deleted when you remove this trigger.',
   ]
@@ -160,6 +161,15 @@ export function buildLinearV2SubBlocks(options: {
     condition: { field: 'selectedTriggerId', value: triggerId },
   })
 
+  blocks.push({
+    id: 'teamId',
+    title: 'Team ID',
+    type: 'short-input',
+    placeholder: 'All teams (optional)',
+    mode: 'trigger',
+    condition: { field: 'selectedTriggerId', value: triggerId },
+  })
+
   blocks.push({
     id: 'triggerSave',
     title: '',
@@ -184,8 +194,8 @@ export function buildLinearV2SubBlocks(options: {
 }
 
 /**
- * Shared user/actor output schema
- * Note: Linear webhooks only include id, name, and type in actor objects
+ * Shared user/actor output schema (Linear data-change webhook `actor` object).
+ * @see https://linear.app/developers/webhooks — actor may be a User, OauthClient, or Integration; `type` is mapped to `actorType` (TriggerOutput reserves nested `type` for field kinds).
  */
 export const userOutputs = {
   id: {
@@ -196,9 +206,18 @@ export const userOutputs = {
     type: 'string',
     description: 'User display name',
   },
-  user_type: {
+  /** Linear sends this as `actor.type`; exposed as `actorType` here (TriggerOutput reserves `type`). */
+  actorType: {
+    type: 'string',
+    description: 'Actor type from Linear (e.g. user, OauthClient, Integration)',
+  },
+  email: {
+    type: 'string',
+    description: 'Actor email (present for user actors in Linear webhook payloads)',
+  },
+  url: {
     type: 'string',
-    description: 'Actor type (user, bot, etc.)',
+    description: 'Actor profile URL in Linear (distinct from the top-level subject entity `url`)',
   },
 } as const
 
@@ -287,6 +306,10 @@ export function buildIssueOutputs(): Record<string, TriggerOutput> {
       type: 'string',
       description: 'Event creation timestamp',
     },
+    url: {
+      type: 'string',
+      description: 'URL of the subject entity in Linear (top-level webhook payload)',
+    },
     actor: userOutputs,
     data: {
       id: {
@@ -466,6 +489,10 @@ export function buildCommentOutputs(): Record<string, TriggerOutput> {
       type: 'string',
       description: 'Event creation timestamp',
     },
+    url: {
+      type: 'string',
+      description: 'URL of the subject entity in Linear (top-level webhook payload)',
+    },
     actor: userOutputs,
     data: {
       id: {
@@ -476,6 +503,10 @@ export function buildCommentOutputs(): Record<string, TriggerOutput> {
         type: 'string',
         description: 'Comment body text',
       },
+      edited: {
+        type: 'boolean',
+        description: 'Whether the comment body has been edited (Linear webhook payload field)',
+      },
       url: {
         type: 'string',
         description: 'Comment URL',
@@ -553,6 +584,10 @@ export function buildProjectOutputs(): Record<string, TriggerOutput> {
       type: 'string',
       description: 'Event creation timestamp',
     },
+    url: {
+      type: 'string',
+      description: 'URL of the subject entity in Linear (top-level webhook payload)',
+    },
     actor: userOutputs,
     data: {
       id: {
@@ -696,6 +731,10 @@ export function buildCycleOutputs(): Record<string, TriggerOutput> {
       type: 'string',
       description: 'Event creation timestamp',
     },
+    url: {
+      type: 'string',
+      description: 'URL of the subject entity in Linear (top-level webhook payload)',
+    },
     actor: userOutputs,
     data: {
       id: {
@@ -799,6 +838,10 @@ export function buildLabelOutputs(): Record<string, TriggerOutput> {
       type: 'string',
       description: 'Event creation timestamp',
     },
+    url: {
+      type: 'string',
+      description: 'URL of the subject entity in Linear (top-level webhook payload)',
+    },
     actor: userOutputs,
     data: {
       id: {
@@ -886,6 +929,10 @@ export function buildProjectUpdateOutputs(): Record<string, TriggerOutput> {
       type: 'string',
       description: 'Event creation timestamp',
     },
+    url: {
+      type: 'string',
+      description: 'URL of the subject entity in Linear (top-level webhook payload)',
+    },
     actor: userOutputs,
     data: {
       id: {
@@ -961,6 +1008,10 @@ export function buildCustomerRequestOutputs(): Record<string, TriggerOutput> {
       type: 'string',
       description: 'Event creation timestamp',
     },
+    url: {
+      type: 'string',
+      description: 'URL of the subject entity in Linear (top-level webhook payload)',
+    },
     actor: userOutputs,
     data: {
       id: {
@@ -1039,7 +1090,7 @@ export function isLinearEventMatch(triggerId: string, eventType: string, action?
   const normalizedId = triggerId.replace(/_v2$/, '')
   const config = eventMap[normalizedId]
   if (!config) {
-    return true // Unknown trigger, allow through
+    return false
   }
 
   // Check event type