chore(remix): Remove M2M related feature #6749

wobsoriano · 2025-09-10T15:40:40Z

Description

This PR is a follow up to #6744, removing the machineSecretKey property that was recently added.

M2M is still in beta and Remix is in maintenance mode so this is good to remove 👍🏼

Checklist

pnpm test runs as expected.
pnpm build runs as expected.
(If applicable) JSDoc comments have been added or updated for any package exports
(If applicable) Documentation has been updated

Type of change

Summary by CodeRabbit

Breaking Changes
- Removed the machineSecretKey option from the Remix integration and related APIs (including authenticateRequest options and returned options from loadOptions).
Documentation
- Added migration guidance to move to @clerk/react-router, with links to the Remix upgrade guide and React Router SDK quickstart.
Chores
- Prepared a minor version release of @clerk/remix.

changeset-bot · 2025-09-10T15:40:44Z

🦋 Changeset detected

Latest commit: 42e5641

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@clerk/remix	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

vercel · 2025-09-10T15:40:45Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
clerk-js-sandbox	Ready	Preview	Comment	Sep 10, 2025 3:42pm

coderabbitai · 2025-09-10T15:40:47Z

Walkthrough

Removes machineSecretKey from the @clerk/remix public API and SSR flow. Updates authenticateRequest to omit the option, stops reading CLERK_MACHINE_SECRET_KEY in loadOptions, and removes the type from RootAuthLoaderOptions. Adds a changeset noting a minor bump and migration guidance to @clerk/react-router.

Changes

Cohort / File(s)	Summary of changes
Remix SSR auth flow `packages/remix/src/ssr/authenticateRequest.ts`	Narrows authenticateRequest options to omit machineSecretKey; no longer destructures or forwards it to Clerk client.
Options loading `packages/remix/src/ssr/loadOptions.ts`	Stops reading overrides/env for CLERK_MACHINE_SECRET_KEY; removes machineSecretKey from returned options. Other option handling unchanged.
Public types `packages/remix/src/ssr/types.ts`	Removes machineSecretKey?: string from RootAuthLoaderOptions.
Release notes / changeset `.changeset/poor-cycles-dress.md`	Records minor version bump; notes removal of machineSecretKey and migration guidance to @clerk/react-router with links.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant U as User
  participant R as Remix Loader/Action
  participant A as authenticateRequest(...)
  participant L as loadOptions(...)
  participant C as Clerk Client

  U->>R: HTTP request
  R->>A: call authenticateRequest(args, opts)
  rect rgba(230,240,255,0.5)
    note right of A: Options no longer include machineSecretKey
    A->>L: loadOptions(args, overrides)
    L-->>A: options (without machineSecretKey)
  end
  A->>C: authenticateRequest({ ...options })
  C-->>A: auth result
  A-->>R: auth state
  R-->>U: response

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Pre-merge checks (1 passed, 1 warning, 1 inconclusive)

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run `@coderabbitai generate docstrings` to improve docstring coverage.
Title Check	❓ Inconclusive	The current title uses a vague acronym “M2M” and refers to “related feature” without specifying what is removed, making it unclear to reviewers exactly which part of the Remix integration is affected.	Update the title to explicitly reference the removal of the machineSecretKey option from the @clerk/remix integration, for example “chore(remix): remove machineSecretKey option from Remix integration.”

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

Poem

I nudge the keys with careful might,
A secret whisked to softer night—
No machine murmur in the breeze,
The routes hop on with graceful ease.
Minor bumps, major clarity sung,
Reacting, routing—carrots among. 🥕

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

✨ Finishing Touches

📝 Generate Docstrings

🧪 Generate unit tests

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch rob/remove-machine-related-feate-remix

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

pkg-pr-new · 2025-09-10T15:44:59Z

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@6749

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@6749

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@6749

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@6749

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@6749

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@6749

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@6749

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@6749

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@6749

@clerk/express

npm i https://pkg.pr.new/@clerk/express@6749

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@6749

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@6749

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@6749

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@6749

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@6749

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@6749

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@6749

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@6749

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@6749

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@6749

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@6749

@clerk/types

npm i https://pkg.pr.new/@clerk/types@6749

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@6749

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@6749

commit: 42e5641

coderabbitai

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/remix/src/ssr/authenticateRequest.ts (1)

9-35: Remove legacy machineSecretKey usage in Remix docs

In packages/remix/CHANGELOG.md (line 143), update the example to remove machineSecretKey: 'ak_xxxxx' so it matches the new authenticateRequest API.

🧹 Nitpick comments (3)

packages/remix/src/ssr/authenticateRequest.ts (1)
11-12: Public API narrowed correctly; expose a named options type and add JSDoc for DX.

Using Omit<AuthenticateRequestOptions, 'machineSecretKey'> is fine, but it hurts discoverability in IDEs and makes changelogs less explicit. Consider exporting a named alias and documenting the removal in JSDoc.

Apply this minimal change here:
-export async function authenticateRequest(
-  args: LoaderFunctionArgs,
-  opts: Omit<AuthenticateRequestOptions, 'machineSecretKey'>,
-): Promise<SignedInState | SignedOutState> {
+export async function authenticateRequest(
+  args: LoaderFunctionArgs,
+  opts: RemixAuthenticateRequestOptions,
+): Promise<SignedInState | SignedOutState> {
And in packages/remix/src/ssr/types.ts (or a shared local types.ts), add:
import type { AuthenticateRequestOptions } from '@clerk/backend/internal';

/**
 * Remix-specific authenticateRequest options.
 * Note: `machineSecretKey` was removed from the Remix integration.
 */
export type RemixAuthenticateRequestOptions = Omit<AuthenticateRequestOptions, 'machineSecretKey'>;
Optional (dev-only guard to aid migration for JS consumers):
if (process.env.NODE_ENV !== 'production' && (opts as any) && 'machineSecretKey' in (opts as any)) {
  // eslint-disable-next-line no-console
  console.warn('[@clerk/remix] `machineSecretKey` is no longer supported in Remix. Migrate to @clerk/react-router.');
}
Also add a short JSDoc block above this function noting the removal and pointing to the migration path.
.changeset/poor-cycles-dress.md (2)
5-5: Clarify what changed and the impact (mention env var too).

Explicitly note that CLERK_MACHINE_SECRET_KEY is no longer read by the Remix integration to prevent confusion.
-Remove `machineSecretKey` option. Please migrate to `@clerk/react-router` instead.
+Remove the `machineSecretKey` option from the Remix integration. The `CLERK_MACHINE_SECRET_KEY` env var is no longer read by `@clerk/remix`.
+
+If you need machine-to-machine (M2M) flows, please migrate to `@clerk/react-router`.
7-8: Fix markdownlint MD034 (bare URLs) and improve link text.
-Migration guide: https://reactrouter.com/upgrading/remix
-React Router SDK: https://clerk.com/docs/quickstarts/react-router
+Migration guide: [Remix → React Router upgrade](https://reactrouter.com/upgrading/remix)
+React Router SDK: [Clerk + React Router quickstart](https://clerk.com/docs/quickstarts/react-router)

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between acc7699 and 42e5641.

📒 Files selected for processing (4)

.changeset/poor-cycles-dress.md (1 hunks)
packages/remix/src/ssr/authenticateRequest.ts (1 hunks)
packages/remix/src/ssr/loadOptions.ts (0 hunks)
packages/remix/src/ssr/types.ts (0 hunks)

💤 Files with no reviewable changes (2)

packages/remix/src/ssr/types.ts
packages/remix/src/ssr/loadOptions.ts

🧰 Additional context used

📓 Path-based instructions (7)

**/*.{js,jsx,ts,tsx}