chore(backend): Add machines Backend API resource and methods

[wobsoriano]

Description

As part of the M2M project, we need to be able to create machines using the JS Backend SDK:

// POST https://api.clerk.com/v1/machines
await clerkClient.machines.create({...})

// https://api.clerk.com/v1/machines/mch_xxxxx
await clerkClient.machines.get('mch_xxxxx')

// and more

This PR adds machines BAPI resource and methods.

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• New Features

  • Introduced a new "Machine" resource in the backend API, allowing users to create, update, retrieve, list, and delete machines.
  • Added support for managing machines through the API client, including typed parameters and response handling.
  • Enhanced deserialization and resource handling to support the new "Machine" type.

• Documentation

  • Added a changeset documenting the minor version update and the new "Machine" resource functionality.

[changeset-bot]

🦋 Changeset detected

Latest commit: e6450b8

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 11 packages

Name	Type
@clerk/backend	Minor
@clerk/agent-toolkit	Patch
@clerk/astro	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/nextjs	Patch
@clerk/nuxt	Patch
@clerk/react-router	Patch
@clerk/remix	Patch
@clerk/tanstack-react-start	Patch
@clerk/testing	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
clerk-js-sandbox	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 16, 2025 4:52pm

[coderabbitai]

📝 Walkthrough

Walkthrough

A new "machine" resource has been introduced across the backend API. This includes the addition of the MachineApi client class, which provides CRUD operations for the machine resource, and the definition of supporting types and interfaces for machine data and its JSON representation. The Machine class and its deserialization logic have been implemented, and the resource is now recognized in the system's object type enumeration. Central export files and the backend API client factory have been updated to expose the new machine-related functionality. A changeset documents this as a minor version update. No changes were made to existing public entities.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@6335

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@6335

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@6335

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@6335

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@6335

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@6335

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@6335

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@6335

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@6335

@clerk/express

npm i https://pkg.pr.new/@clerk/express@6335

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@6335

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@6335

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@6335

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@6335

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@6335

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@6335

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@6335

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@6335

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@6335

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@6335

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@6335

@clerk/types

npm i https://pkg.pr.new/@clerk/types@6335

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@6335

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@6335

commit: e6450b8

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 74dd3b8 and e6450b8.

📒 Files selected for processing (8)

• .changeset/eleven-cats-greet.md (1 hunks)
• packages/backend/src/api/endpoints/MachineApi.ts (1 hunks)
• packages/backend/src/api/endpoints/index.ts (1 hunks)
• packages/backend/src/api/factory.ts (2 hunks)
• packages/backend/src/api/resources/Deserializer.ts (2 hunks)
• packages/backend/src/api/resources/JSON.ts (2 hunks)
• packages/backend/src/api/resources/Machine.ts (1 hunks)
• packages/backend/src/api/resources/index.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (7)

**/*.{js,jsx,ts,tsx}

Instructions used from:

Sources:
📄 CodeRabbit Inference Engine

• .cursor/rules/development.mdc

packages/**/*.ts

Instructions used from:

Sources:
📄 CodeRabbit Inference Engine

• .cursor/rules/development.mdc

packages/**/*.{ts,tsx,d.ts}

Instructions used from:

Sources:
📄 CodeRabbit Inference Engine

• .cursor/rules/development.mdc

packages/**/index.{js,ts}

Instructions used from:

Sources:
📄 CodeRabbit Inference Engine

• .cursor/rules/development.mdc

**/*.{ts,tsx}

Instructions used from:

Sources:
📄 CodeRabbit Inference Engine

• .cursor/rules/development.mdc
• .cursor/rules/typescript.mdc

**/index.ts

Instructions used from:

Sources:
📄 CodeRabbit Inference Engine

• .cursor/rules/react.mdc
• .cursor/rules/typescript.mdc

**/*

Instructions used from:

Sources:
⚙️ CodeRabbit Configuration File

🧠 Learnings (9)

📓 Common learnings

Learnt from: wobsoriano
PR: clerk/javascript#6229
File: packages/backend/src/api/endpoints/MachineTokensApi.ts:47-89
Timestamp: 2025-07-01T15:20:41.834Z
Learning: In the Clerk JavaScript repository, for the MachineTokensApi class (packages/backend/src/api/endpoints/MachineTokensApi.ts), the maintainers prefer to rely on TypeScript types and readable property names for API documentation rather than JSDoc comments.

.changeset/eleven-cats-greet.md (5)

Learnt from: dstaley
PR: clerk/javascript#6116
File: .changeset/tangy-garlics-say.md:1-2
Timestamp: 2025-06-13T16:09:53.061Z
Learning: In the Clerk JavaScript repository, contributors create intentionally empty changeset files (containing only the YAML delimiters) when a PR touches only non-published parts of the codebase (e.g., sandbox assets). This signals that no package release is required, so such changesets should not be flagged as missing content.

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/monorepo.mdc:0-0
Timestamp: 2025-06-30T10:30:56.197Z
Learning: Applies to .changeset/config.json : Automated releases must be managed with Changesets.

Learnt from: jacekradko
PR: clerk/javascript#5905
File: .changeset/six-ears-wash.md:1-3
Timestamp: 2025-06-26T03:27:05.535Z
Learning: In the Clerk JavaScript repository, changeset headers support single quotes syntax (e.g., '@clerk/backend': minor) and work fine with their current changesets integration, so there's no need to change them to double quotes.

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/development.mdc:0-0
Timestamp: 2025-06-30T10:29:42.997Z
Learning: Use Changesets for version management and changelogs

Learnt from: wobsoriano
PR: clerk/javascript#6229
File: packages/backend/src/api/endpoints/MachineTokensApi.ts:47-89
Timestamp: 2025-07-01T15:20:41.834Z
Learning: In the Clerk JavaScript repository, for the MachineTokensApi class (packages/backend/src/api/endpoints/MachineTokensApi.ts), the maintainers prefer to rely on TypeScript types and readable property names for API documentation rather than JSDoc comments.

packages/backend/src/api/resources/index.ts (10)

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/react.mdc:0-0
Timestamp: 2025-06-30T10:32:37.848Z
Learning: Applies to **/index.ts : Use index.ts files for clean imports but avoid deep barrel exports

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/development.mdc:0-0
Timestamp: 2025-06-30T10:29:42.997Z
Learning: Applies to packages/**/index.{js,ts} : Use tree-shaking friendly exports

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-06-30T10:33:45.961Z
Learning: Applies to **/index.ts : Avoid barrel files (index.ts re-exports) as they can cause circular dependencies

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-06-30T10:33:45.961Z
Learning: Applies to **/*.{ts,tsx} : Proper tree-shaking friendly exports

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/development.mdc:0-0
Timestamp: 2025-06-30T10:29:42.997Z
Learning: Applies to packages/**/*.{ts,tsx,d.ts} : Packages should export TypeScript types alongside runtime code

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-06-30T10:33:45.961Z
Learning: Applies to **/*.{ts,tsx} : Use ES6 imports/exports consistently

Learnt from: wobsoriano
PR: clerk/javascript#6229
File: packages/backend/src/api/endpoints/MachineTokensApi.ts:47-89
Timestamp: 2025-07-01T15:20:41.834Z
Learning: In the Clerk JavaScript repository, for the MachineTokensApi class (packages/backend/src/api/endpoints/MachineTokensApi.ts), the maintainers prefer to rely on TypeScript types and readable property names for API documentation rather than JSDoc comments.

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-06-30T10:33:45.961Z
Learning: Applies to **/*.{ts,tsx} : Use default exports sparingly, prefer named exports

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/react.mdc:0-0
Timestamp: 2025-06-30T10:32:37.848Z
Learning: Applies to **/*.{jsx,tsx} : Export components as named exports for better tree-shaking

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-06-30T10:33:45.961Z
Learning: Applies to **/*.{ts,tsx} : Use `public` explicitly for clarity in public APIs

packages/backend/src/api/endpoints/index.ts (11)

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/development.mdc:0-0
Timestamp: 2025-06-30T10:29:42.997Z
Learning: Applies to packages/**/index.{js,ts} : Use tree-shaking friendly exports

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-06-30T10:33:45.961Z
Learning: Applies to **/index.ts : Avoid barrel files (index.ts re-exports) as they can cause circular dependencies

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/react.mdc:0-0
Timestamp: 2025-06-30T10:32:37.848Z
Learning: Applies to **/index.ts : Use index.ts files for clean imports but avoid deep barrel exports

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-06-30T10:33:45.961Z
Learning: Applies to **/*.{ts,tsx} : Proper tree-shaking friendly exports

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/development.mdc:0-0
Timestamp: 2025-06-30T10:29:42.997Z
Learning: Applies to packages/**/*.{ts,tsx,d.ts} : Packages should export TypeScript types alongside runtime code

Learnt from: wobsoriano
PR: clerk/javascript#6099
File: packages/backend/src/api/endpoints/IdPOAuthAccessTokenApi.ts:7-14
Timestamp: 2025-06-10T20:38:08.982Z
Learning: Methods in `packages/backend/src/api/endpoints` (e.g., `IdPOAuthAccessTokenApi.verifySecret`) are currently not exposed publicly, so renaming them does not constitute a breaking change.

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-06-30T10:33:45.961Z
Learning: Applies to **/*.{ts,tsx} : Use `public` explicitly for clarity in public APIs

Learnt from: wobsoriano
PR: clerk/javascript#6229
File: packages/backend/src/api/endpoints/MachineTokensApi.ts:47-89
Timestamp: 2025-07-01T15:20:41.834Z
Learning: In the Clerk JavaScript repository, for the MachineTokensApi class (packages/backend/src/api/endpoints/MachineTokensApi.ts), the maintainers prefer to rely on TypeScript types and readable property names for API documentation rather than JSDoc comments.

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/nextjs.mdc:0-0
Timestamp: 2025-06-30T10:31:43.578Z
Learning: Applies to app/api/**/*.ts : Document API endpoints with TypeScript interfaces

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-06-30T10:33:45.961Z
Learning: Applies to **/*.{ts,tsx} : Use ES6 imports/exports consistently

Learnt from: wobsoriano
PR: clerk/javascript#6229
File: packages/backend/src/api/endpoints/MachineTokensApi.ts:32-45
Timestamp: 2025-07-01T15:20:59.456Z
Learning: In the MachineTokensApi class (packages/backend/src/api/endpoints/MachineTokensApi.ts), the #withMachineTokenSecretHeader method intentionally overwrites the entire headerParams object with only the Authorization header when machineTokenSecret is provided, rather than merging with existing headers. This is by design to ensure only the Authorization header is present in requests.

packages/backend/src/api/factory.ts (3)

Learnt from: wobsoriano
PR: clerk/javascript#6229
File: packages/backend/src/api/endpoints/MachineTokensApi.ts:32-45
Timestamp: 2025-07-01T15:20:59.456Z
Learning: In the MachineTokensApi class (packages/backend/src/api/endpoints/MachineTokensApi.ts), the #withMachineTokenSecretHeader method intentionally overwrites the entire headerParams object with only the Authorization header when machineTokenSecret is provided, rather than merging with existing headers. This is by design to ensure only the Authorization header is present in requests.

Learnt from: wobsoriano
PR: clerk/javascript#6229
File: packages/backend/src/api/endpoints/MachineTokensApi.ts:47-89
Timestamp: 2025-07-01T15:20:41.834Z
Learning: In the Clerk JavaScript repository, for the MachineTokensApi class (packages/backend/src/api/endpoints/MachineTokensApi.ts), the maintainers prefer to rely on TypeScript types and readable property names for API documentation rather than JSDoc comments.

Learnt from: wobsoriano
PR: clerk/javascript#6099
File: packages/backend/src/tokens/authObjects.ts:261-263
Timestamp: 2025-06-10T20:37:47.321Z
Learning: For API-key machine tokens, the `subject` value is guaranteed (by upstream invariants) to start with either `user_` or `org_`, so exactly one of `userId` or `orgId` will always be non-null.

packages/backend/src/api/resources/Deserializer.ts (1)

Learnt from: wobsoriano
PR: clerk/javascript#6229
File: packages/backend/src/api/endpoints/MachineTokensApi.ts:47-89
Timestamp: 2025-07-01T15:20:41.834Z
Learning: In the Clerk JavaScript repository, for the MachineTokensApi class (packages/backend/src/api/endpoints/MachineTokensApi.ts), the maintainers prefer to rely on TypeScript types and readable property names for API documentation rather than JSDoc comments.

packages/backend/src/api/resources/Machine.ts (1)

Learnt from: wobsoriano
PR: clerk/javascript#6229
File: packages/backend/src/api/endpoints/MachineTokensApi.ts:47-89
Timestamp: 2025-07-01T15:20:41.834Z
Learning: In the Clerk JavaScript repository, for the MachineTokensApi class (packages/backend/src/api/endpoints/MachineTokensApi.ts), the maintainers prefer to rely on TypeScript types and readable property names for API documentation rather than JSDoc comments.

packages/backend/src/api/endpoints/MachineApi.ts (4)

Learnt from: wobsoriano
PR: clerk/javascript#6229
File: packages/backend/src/api/endpoints/MachineTokensApi.ts:47-89
Timestamp: 2025-07-01T15:20:41.834Z
Learning: In the Clerk JavaScript repository, for the MachineTokensApi class (packages/backend/src/api/endpoints/MachineTokensApi.ts), the maintainers prefer to rely on TypeScript types and readable property names for API documentation rather than JSDoc comments.

Learnt from: wobsoriano
PR: clerk/javascript#6229
File: packages/backend/src/api/endpoints/MachineTokensApi.ts:32-45
Timestamp: 2025-07-01T15:20:59.456Z
Learning: In the MachineTokensApi class (packages/backend/src/api/endpoints/MachineTokensApi.ts), the #withMachineTokenSecretHeader method intentionally overwrites the entire headerParams object with only the Authorization header when machineTokenSecret is provided, rather than merging with existing headers. This is by design to ensure only the Authorization header is present in requests.

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/nextjs.mdc:0-0
Timestamp: 2025-06-30T10:31:43.578Z
Learning: Applies to app/api/**/*.ts : Document API endpoints with TypeScript interfaces

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/nextjs.mdc:0-0
Timestamp: 2025-06-30T10:31:43.578Z
Learning: Applies to app/api/**/*.ts : Use TypeScript interfaces for API response types

packages/backend/src/api/resources/JSON.ts (3)

Learnt from: wobsoriano
PR: clerk/javascript#6229
File: packages/backend/src/api/endpoints/MachineTokensApi.ts:47-89
Timestamp: 2025-07-01T15:20:41.834Z
Learning: In the Clerk JavaScript repository, for the MachineTokensApi class (packages/backend/src/api/endpoints/MachineTokensApi.ts), the maintainers prefer to rely on TypeScript types and readable property names for API documentation rather than JSDoc comments.

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-06-30T10:33:45.961Z
Learning: Applies to **/*.{ts,tsx} : Use `interface` for object shapes that might be extended

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/nextjs.mdc:0-0
Timestamp: 2025-06-30T10:31:43.578Z
Learning: Applies to app/api/**/*.ts : Document API endpoints with TypeScript interfaces

🧬 Code Graph Analysis (5)

packages/backend/src/api/factory.ts (1)

packages/backend/src/api/endpoints/MachineApi.ts (1)

• MachineApi (23-65)

packages/backend/src/api/resources/Deserializer.ts (2)

packages/backend/src/api/resources/JSON.ts (2)

• ObjectType (19-66)
• ObjectType (68-68)

packages/backend/src/api/resources/Machine.ts (1)

• Machine (3-15)

packages/backend/src/api/resources/Machine.ts (1)

packages/backend/src/api/resources/JSON.ts (1)

• MachineJSON (702-709)

packages/backend/src/api/endpoints/MachineApi.ts (2)

packages/backend/src/api/resources/Machine.ts (1)

• Machine (3-15)

packages/backend/src/api/resources/Deserializer.ts (1)

• PaginatedResourceResponse (60-65)

packages/backend/src/api/resources/JSON.ts (1)

packages/types/src/json.ts (1)

• ClerkResourceJSON (35-39)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (23)

• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 14)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (tanstack-react-router, chrome)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (expo-web, chrome)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Integration Tests (elements, chrome)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Integration Tests (quickstart, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Unit Tests (18, --filter=@clerk/astro --filter=@clerk/backend --filter=@clerk/express --filter=@c...
• GitHub Check: Publish with pkg-pr-new
• GitHub Check: Unit Tests (22, **)
• GitHub Check: Static analysis
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (18)

.changeset/eleven-cats-greet.md (1)

1-6: LGTM! Changeset properly documents the new machines API resource.

The changeset format is correct and the description accurately reflects the addition of machines Backend API resource and methods.

packages/backend/src/api/resources/index.ts (1)

33-33: LGTM! Export follows existing patterns and is correctly positioned.

The Machine export is properly added in alphabetical order and follows the established wildcard export pattern.

packages/backend/src/api/endpoints/index.ts (1)

14-14: LGTM! Export follows existing patterns and is correctly positioned.

The MachineApi export is properly added in alphabetical order and follows the established wildcard export pattern.

packages/backend/src/api/factory.ts (2)

16-16: LGTM! Import follows alphabetical ordering.

The MachineApi import is properly positioned in alphabetical order within the destructured import statement.

---

68-68: LGTM! Property integration follows established patterns.

The machines property is correctly positioned alphabetically and uses the standard pattern of instantiating the API class with the request object.

packages/backend/src/api/resources/Deserializer.ts (2)

18-18: LGTM! Import follows alphabetical ordering.

The Machine import is properly positioned in alphabetical order within the destructured import statement.

---

136-137: LGTM! Deserialization case follows established patterns.

The Machine deserialization case is correctly positioned alphabetically and uses the standard fromJSON pattern consistent with other resources.

packages/backend/src/api/resources/Machine.ts (2)

3-10: Well-structured resource class with proper immutability.

The Machine class follows established patterns with readonly properties and a clean constructor. The implementation correctly enforces immutability and provides a clear data model.

---

12-14: Proper deserialization with field mapping.

The fromJSON method correctly maps snake_case JSON fields to camelCase properties, maintaining consistency with the existing codebase patterns.

packages/backend/src/api/resources/JSON.ts (2)

37-37: Proper ObjectType addition for the Machine resource.

The Machine object type is correctly added to the ObjectType constant, maintaining alphabetical ordering and following the established naming convention.

---

702-709: Well-defined MachineJSON interface with proper typing.

The MachineJSON interface correctly extends ClerkResourceJSON and includes all necessary fields with appropriate types. The use of typeof ObjectType.Machine ensures type safety for the discriminator field.

packages/backend/src/api/endpoints/MachineApi.ts (7)

8-21: Well-defined parameter types for Machine API operations.

The type definitions are clear and follow TypeScript best practices. The parameter types properly capture the required fields for each operation.

---

24-30: Proper implementation of get method with ID validation.

The get method correctly validates the machineId parameter and constructs the appropriate request. The implementation follows established patterns in the codebase.

---

32-38: Correct list method with pagination support.

The list method properly supports pagination parameters and returns the correct paginated response type. The default empty object parameter is a good practice.

---

40-46: Proper create method implementation.

The create method correctly uses POST method and passes the body parameters. The implementation is consistent with other API endpoints.

---

48-56: Correct update method with parameter extraction.

The update method properly extracts machineId from the parameters and validates it before making the request. The use of PATCH method is appropriate for updates.

---

58-64: Proper delete method implementation.

The delete method correctly validates the machineId and uses the appropriate HTTP method. The implementation follows established patterns.

---

1-65: Security review required for M2M machine management API.

This PR introduces machine management capabilities for M2M (machine-to-machine) authentication, which has security implications. The implementation itself looks correct, but the feature should be reviewed by the security team.

@clerk/security Please review this new Machine API implementation as it involves M2M authentication capabilities that could impact the security posture of the system.

[coderabbitai]

🛠️ Refactor suggestion

Add test coverage for the new Machine API.

No tests were added for the new MachineApi class. Please add comprehensive test coverage for all CRUD operations to ensure the API works correctly and to prevent regressions.

Consider adding tests for:

• All CRUD operations (get, list, create, update, delete)
• Error handling scenarios
• Parameter validation
• Response deserialization

Would you like me to help generate test cases for the MachineApi class?

🤖 Prompt for AI Agents

In packages/backend/src/api/endpoints/MachineApi.ts lines 1 to 65, the
MachineApi class lacks test coverage. Add comprehensive tests covering all CRUD
methods: get, list, create, update, and delete. Include tests for error
handling, parameter validation (e.g., requireId checks), and verify correct
response deserialization. Use mocks for the request method to simulate API
responses and errors, ensuring all code paths are tested.

[wobsoriano]

this is part of an upcoming project (machine-to-machine tokens). The tests will be added later.

[coderabbitai]

@wobsoriano Thanks for the clarification! That makes sense - I understand this is part of the upcoming machine-to-machine tokens project. I'll note that test coverage can be addressed in a later phase of the project rollout.

---

🧠 Learnings used

Learnt from: wobsoriano
PR: clerk/javascript#6229
File: packages/backend/src/api/endpoints/MachineTokensApi.ts:47-89
Timestamp: 2025-07-01T15:20:41.834Z
Learning: In the Clerk JavaScript repository, for the MachineTokensApi class (packages/backend/src/api/endpoints/MachineTokensApi.ts), the maintainers prefer to rely on TypeScript types and readable property names for API documentation rather than JSDoc comments.

---

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/nextjs.mdc:0-0
Timestamp: 2025-06-30T10:31:43.578Z
Learning: Applies to app/api/**/*.ts : Document API endpoints with TypeScript interfaces

---

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/nextjs.mdc:0-0
Timestamp: 2025-06-30T10:31:43.578Z
Learning: Applies to app/api/**/*.ts : Use TypeScript interfaces for API response types

---

Learnt from: wobsoriano
PR: clerk/javascript#6229
File: packages/backend/src/api/endpoints/MachineTokensApi.ts:32-45
Timestamp: 2025-07-01T15:20:59.456Z
Learning: In the MachineTokensApi class (packages/backend/src/api/endpoints/MachineTokensApi.ts), the #withMachineTokenSecretHeader method intentionally overwrites the entire headerParams object with only the Authorization header when machineTokenSecret is provided, rather than merging with existing headers. This is by design to ensure only the Authorization header is present in requests.

---

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/nextjs.mdc:0-0
Timestamp: 2025-06-30T10:31:43.578Z
Learning: Applies to app/**/route.ts : Use route.ts for API endpoints (GET, POST, etc.) in the App Router

---

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/development.mdc:0-0
Timestamp: 2025-06-30T10:29:42.997Z
Learning: Include tests for all new features

---

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/typescript.mdc:0-0
Timestamp: 2025-06-30T10:33:45.961Z
Learning: Applies to **/__tests__/**/*.{ts,tsx} : Implement proper mock types that match interfaces in tests

---

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/development.mdc:0-0
Timestamp: 2025-06-30T10:29:42.997Z
Learning: Unit tests are required for all new functionality

---

Learnt from: CR
PR: clerk/javascript#0
File: .cursor/rules/development.mdc:0-0
Timestamp: 2025-06-30T10:29:42.997Z
Learning: Update documentation for API changes