PraisonAI LinearBot processes unsigned webhooks when LINEAR_WEBHOOK_SECRET is missing

Summary

PraisonAI's LinearBot starts a public webhook listener on 0.0.0.0 and treats LINEAR_WEBHOOK_SECRET as optional. When the secret is absent, startup only logs a warning and _handle_webhook() skips Linear-Signature verification entirely.

An unauthenticated network caller who can reach the webhook endpoint can submit a forged Linear-Event: AgentSession request. The forged request is parsed, scheduled for background processing, dispatched to _handle_agent_session(), and passed into BotSessionManager.chat(). The bot then attempts to post the agent response back to Linear under the configured bot token.

The local PoV is offline and deterministic. It does not contact Linear. It calls the webhook handler directly, monkey-patches the outbound Linear comment path, and proves both sides of the boundary:

• no secret configured: unsigned forged webhook returns 200, invokes the agent session path once, and attempts one Linear comment;
• secret configured: missing and bad signatures both return 401 and do not invoke the agent;
• secret configured with valid HMAC: request returns 200 and invokes the agent, proving the control path still works.

Affected Product

• Repository: MervinPraison/PraisonAI
• Package: praisonai
• Components:
  • src/praisonai/praisonai/bots/linear.py
  • src/praisonai/praisonai/cli/features/bots_cli.py

Validated affected:

• live main / latest observed release v4.6.58: 1ad58ca02975ff1398efeda694ea2ab78f20cf3e
• previous local current checkout: 2f9677abb2ea68eab864ee8b6a828fd0141612e1
• v4.6.57
• v4.6.56
• v4.5.50

Sampled tags where the LinearBot component was not present:

• v4.5.49
• v4.5.51
• v4.6.9
• v4.6.10

Suggested affected range: LinearBot-bearing releases with the fail-open signature behavior, at least 4.5.50 and `>= 4.6.56,