chore(express,hono): Add machine auth integration tests

[wobsoriano]

Description

Adding complete machine auth (API keys, M2M, OAuth) integration tests to our SDKs:

• Next.js (ref)
• Astro (ref)
• Nuxt (ref)
• TanStack Start (ref)
• React Router (ref)
• Express (this PR)
• Hono (this PR)
• Fastify

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• New Features

  • Added machine-to-machine (M2M) authentication support with automatic token scope verification via environment configuration.
  • Enhanced authentication middleware to accept configurable token types (API key, M2M, OAuth, session).
  • Exposed the client instance on the global window for external test utilities.

• Tests

  • Added comprehensive integration tests for machine authentication on Express and Hono, covering API key, M2M, and OAuth scenarios.

[changeset-bot]

🦋 Changeset detected

Latest commit: fc1ebeb

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@clerk/hono	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Apr 1, 2026 6:49pm

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@8222

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8222

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8222

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8222

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8222

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@8222

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8222

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8222

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8222

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8222

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8222

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8222

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8222

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8222

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8222

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8222

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8222

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8222

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8222

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8222

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8222

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8222

commit: fc1ebeb

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 46b7a549-5766-4c60-bf92-39d26ff2d0c8

📥 Commits

Reviewing files that changed from the base of the PR and between 13eb3ab and fc1ebeb.

📒 Files selected for processing (2)

• .changeset/fix-hono-getauth-accepts-token.md
• packages/hono/src/clerkMiddleware.ts

---

📝 Walkthrough

Walkthrough

Added Playwright integration tests for Express and Hono that provision temporary servers with API key, M2M, and OAuth authenticated routes using Clerk middleware. Updated client entry points to assign the instantiated Clerk client to window.Clerk. Extended Hono clerkMiddleware to read CLERK_MACHINE_SECRET_KEY from the environment, forward machineSecretKey into client and authentication calls, and honor acceptsToken passed to getAuth. Added a changeset documenting the Hono patch.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding machine authentication integration tests for Express and Hono frameworks, which comprise the majority of the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}