MCP Server · Threat-Modeled · Open Source

Linear MCP
Server

Production-grade MCP server for Linear. Six tools, a 30-case evaluation harness, a documented threat model, per-tool cost analysis. Read-only by design — the gate that makes it enterprise-adoptable.

6 MCP tools 93% eval pass rate Threat model documented TypeScript · Open source
At a glance 30-second read

What it is

An open-source MCP server that lets Claude (or any MCP client) operate on a Linear workspace safely. Six tools for inbox triage, scoping, velocity audit, and status reporting. Read-only — no destructive operations exist in the codebase.

Maps to

AI / Agent Engineer · AI Platform Engineer · Applied AI Engineer · AI Security Engineer

Skills demonstrated

  • Production MCP server design (TypeScript SDK)
  • Evaluation harness (30 cases, 93% pass rate)
  • Documented threat model, prompt-injection defense
  • Per-tool cost analysis ($2.60/month at run-rate)
  • Read-only architecture — destructive ops never written
MCP SDK TypeScript Anthropic SDK Linear GraphQL Zod Vitest
What it is
Person You ask in plain words
AI Claude picks the right tool
This project linear-mcp six tools
Data Linear your team's work

An AI assistant can't reach into Linear on its own. linear-mcp is the connection, and it only reads.

6
focused tools
93%
live eval pass rate
$2.60
run cost / month
0
tools that can delete
01 — The Tools six jobs, six tools

One tool per job.

Six tools that match what a team lead does each week, rather than mirroring every Linear button.

Sort the inbox
triage_inbox
Ranks unread notifications by urgency and says what to do with each.
Fast model
Plan a task
scope_issue
Turns a rough task into steps, acceptance criteria, risks, and a size estimate.
Strong model
Find what's stuck
find_orphans
Surfaces stale, blocked, or unassigned work that has slipped through.
Fast model
Diagnose the team
audit_velocity
Reads recent sprints and explains whether the team is speeding up or slowing down.
Strong model
Write the update
compose_update
Drafts a Slack or email status update in the team's own voice.
Strong model
Recap the week
weekly_summary
A short, readable summary of what the team got done.
Strong model
02 — Proven test results

It works.

93%
Run live against a Linear workspace, an automated test of all six tools passed 28 of 30 checks. Most projects like this ship with no test at all.
weekly_summary · live run [ ACTUAL OUTPUT ]

“It was a productive week for the team, with five issues completed — all by Bruce Davis. …

… One thing worth flagging: every assigned issue this period belongs to Bruce Davis. Whether this reflects team size or a coverage gap, it’s worth keeping an eye on as the active work queue grows.”

weekly_summary produced that paragraph from sixteen tasks. The last line is something it noticed on its own.

03 — Security full threat model in the repo

Hard to misuse.

It acts on a company's data, so it was built to be hard to misuse. Three decisions do most of the work.

It can only read
No tool can delete or change anything. The code to delete a task was never written, so nobody can trick the AI into it.
The AI never owns the facts
Links and IDs come straight from Linear, added by my code. A made-up link is structurally impossible.
A bad actor finds nothing
Even if someone hides a sneaky instruction in a task, there is nothing harmful for the AI to reach.