@lobehub/lobehub 2.0.0-next.310 → 2.0.0-next.311

package/src/app/(backend)/market/social/[[...segments]]/route.ts

@@ -1,7 +1,6 @@
-import { MarketSDK } from '@lobehub/market-sdk';
 import { type NextRequest, NextResponse } from 'next/server';
 
-import { getTrustedClientTokenForSession } from '@/libs/trusted-client';
+import { MarketService } from '@/server/services/market';
 
 type RouteContext = {
   params: Promise<{
@@ -9,19 +8,6 @@ type RouteContext = {
   }>;
 };
 
-const MARKET_BASE_URL = process.env.NEXT_PUBLIC_MARKET_BASE_URL || 'https://market.lobehub.com';
-
-/**
- * Helper to get authorization header
- */
-const getAccessToken = (req: NextRequest): string | undefined => {
-  const authHeader = req.headers.get('authorization');
-  if (authHeader?.startsWith('Bearer ')) {
-    return authHeader.slice(7);
-  }
-  return undefined;
-};
-
 /**
  * POST /market/social/follow
  * POST /market/social/unfollow
@@ -34,22 +20,9 @@ const getAccessToken = (req: NextRequest): string | undefined => {
 export const POST = async (req: NextRequest, context: RouteContext) => {
   const { segments = [] } = await context.params;
   const action = segments[0];
-  const accessToken = getAccessToken(req);
-  const trustedClientToken = await getTrustedClientTokenForSession();
-
-  const market = new MarketSDK({
-    accessToken,
-    baseURL: MARKET_BASE_URL,
-    trustedClientToken,
-  });
 
-  // Only require accessToken if trusted client token is not available
-  if (!accessToken && !trustedClientToken) {
-    return NextResponse.json(
-      { error: 'unauthorized', message: 'Access token required' },
-      { status: 401 },
-    );
-  }
+  const marketService = await MarketService.createFromRequest(req);
+  const market = marketService.market;
 
   try {
     const body = await req.json();
@@ -135,14 +108,9 @@ export const POST = async (req: NextRequest, context: RouteContext) => {
 export const GET = async (req: NextRequest, context: RouteContext) => {
   const { segments = [] } = await context.params;
   const action = segments[0];
-  const accessToken = getAccessToken(req);
-  const trustedClientToken = await getTrustedClientTokenForSession();
 
-  const market = new MarketSDK({
-    accessToken,
-    baseURL: MARKET_BASE_URL,
-    trustedClientToken,
-  });
+  const marketService = await MarketService.createFromRequest(req);
+  const market = marketService.market;
 
   const url = new URL(req.url);
   const limit = url.searchParams.get('pageSize') || url.searchParams.get('limit');
@@ -158,9 +126,6 @@ export const GET = async (req: NextRequest, context: RouteContext) => {
       // Follow queries
       case 'follow-status': {
         const targetUserId = Number(segments[1]);
-        if (!accessToken && !trustedClientToken) {
-          return NextResponse.json({ isFollowing: false, isMutual: false });
-        }
         const result = await market.follows.checkFollowStatus(targetUserId);
         return NextResponse.json(result);
       }
@@ -193,9 +158,6 @@ export const GET = async (req: NextRequest, context: RouteContext) => {
       case 'favorite-status': {
         const targetType = segments[1] as 'agent' | 'plugin';
         const targetIdOrIdentifier = segments[2];
-        if (!accessToken && !trustedClientToken) {
-          return NextResponse.json({ isFavorited: false });
-        }
         // SDK accepts both number (targetId) and string (identifier)
         const isNumeric = /^\d+$/.test(targetIdOrIdentifier);
         const targetValue = isNumeric ? Number(targetIdOrIdentifier) : targetIdOrIdentifier;
@@ -204,12 +166,6 @@ export const GET = async (req: NextRequest, context: RouteContext) => {
       }
 
       case 'favorites': {
-        if (!accessToken) {
-          return NextResponse.json(
-            { error: 'unauthorized', message: 'Access token required' },
-            { status: 401 },
-          );
-        }
         const result = await market.favorites.getMyFavorites(paginationParams);
         return NextResponse.json(result);
       }
@@ -236,9 +192,6 @@ export const GET = async (req: NextRequest, context: RouteContext) => {
       case 'like-status': {
         const targetType = segments[1] as 'agent' | 'plugin';
         const targetIdOrIdentifier = segments[2];
-        if (!accessToken && !trustedClientToken) {
-          return NextResponse.json({ isLiked: false });
-        }
         const isNumeric = /^\d+$/.test(targetIdOrIdentifier);
         const targetValue = isNumeric ? Number(targetIdOrIdentifier) : targetIdOrIdentifier;
         const result = await market.likes.checkLike(targetType, targetValue as number);

package/src/app/(backend)/market/user/[username]/route.ts

@@ -1,7 +1,6 @@
-import { MarketSDK } from '@lobehub/market-sdk';
 import { type NextRequest, NextResponse } from 'next/server';
 
-import { getTrustedClientTokenForSession } from '@/libs/trusted-client';
+import { MarketService } from '@/server/services/market';
 
 type RouteContext = {
   params: Promise<{
@@ -9,8 +8,6 @@ type RouteContext = {
   }>;
 };
 
-const MARKET_BASE_URL = process.env.NEXT_PUBLIC_MARKET_BASE_URL || 'https://market.lobehub.com';
-
 /**
  * GET /market/user/[username]
  *
@@ -20,12 +17,9 @@ const MARKET_BASE_URL = process.env.NEXT_PUBLIC_MARKET_BASE_URL || 'https://mark
 export const GET = async (req: NextRequest, context: RouteContext) => {
   const { username } = await context.params;
   const decodedUsername = decodeURIComponent(username);
-  const trustedClientToken = await getTrustedClientTokenForSession();
 
-  const market = new MarketSDK({
-    baseURL: MARKET_BASE_URL,
-    trustedClientToken,
-  });
+  const marketService = await MarketService.createFromRequest(req);
+  const market = marketService.market;
 
   try {
     const response = await market.user.getUserInfo(decodedUsername);

package/src/app/(backend)/market/user/me/route.ts

@@ -1,19 +1,6 @@
-import { MarketSDK } from '@lobehub/market-sdk';
 import { type NextRequest, NextResponse } from 'next/server';
 
-import { getTrustedClientTokenForSession } from '@/libs/trusted-client';
-
-const MARKET_BASE_URL = process.env.NEXT_PUBLIC_MARKET_BASE_URL || 'https://market.lobehub.com';
-
-const extractAccessToken = (req: NextRequest) => {
-  const authorization = req.headers.get('authorization');
-  if (!authorization) return undefined;
-
-  const [scheme, token] = authorization.split(' ');
-  if (scheme?.toLowerCase() !== 'bearer' || !token) return undefined;
-
-  return token;
-};
+import { MarketService } from '@/server/services/market';
 
 /**
  * PUT /market/user/me
@@ -28,26 +15,8 @@ const extractAccessToken = (req: NextRequest) => {
  * - meta?: { description?: string; socialLinks?: { github?: string; twitter?: string; website?: string } }
  */
 export const PUT = async (req: NextRequest) => {
-  const accessToken = extractAccessToken(req);
-  const trustedClientToken = await getTrustedClientTokenForSession();
-
-  const market = new MarketSDK({
-    accessToken,
-    baseURL: MARKET_BASE_URL,
-    trustedClientToken,
-  });
-
-  // Only require accessToken if trusted client token is not available
-  if (!accessToken && !trustedClientToken) {
-    return NextResponse.json(
-      {
-        error: 'unauthorized',
-        message: 'Authentication required to update user profile',
-        status: 'error',
-      },
-      { status: 401 },
-    );
-  }
+  const marketService = await MarketService.createFromRequest(req);
+  const market = marketService.market;
 
   try {
     const payload = await req.json();

package/src/features/ChatMiniMap/useMinimapData.ts

@@ -91,7 +91,7 @@ export const useMinimapData = () => {
         }
       } else {
         // No active index, go to first/last
-        targetPosition = direction === 'prev' ? indicators.length - 1 : 0;
+        targetPosition = direction === 'prev' ? 0 : indicators.length - 1;
       }
 
       const targetIndicator = indicators[targetPosition];

package/src/features/Conversation/ChatList/components/VirtualizedList.tsx

@@ -30,7 +30,9 @@ const VirtualizedList = memo<VirtualizedListProps>(({ dataSource, itemContent })
   const setScrollState = useConversationStore((s) => s.setScrollState);
   const resetVisibleItems = useConversationStore((s) => s.resetVisibleItems);
   const scrollToBottom = useConversationStore((s) => s.scrollToBottom);
+  const setActiveIndex = useConversationStore((s) => s.setActiveIndex);
   const atBottom = useConversationStore(virtuaListSelectors.atBottom);
+  const activeIndex = useConversationStore(virtuaListSelectors.activeIndex);
 
   // Check if at bottom based on scroll position
   const checkAtBottom = useCallback(() => {
@@ -46,6 +48,16 @@ const VirtualizedList = memo<VirtualizedListProps>(({ dataSource, itemContent })
 
   // Handle scroll events
   const handleScroll = useCallback(() => {
+    const refForActive = virtuaRef.current;
+    const activeFromFindRaw =
+      refForActive && typeof refForActive.findItemIndex === 'function'
+        ? refForActive.findItemIndex(refForActive.scrollOffset + refForActive.viewportSize * 0.25)
+        : null;
+    const activeFromFind =
+      typeof activeFromFindRaw === 'number' && activeFromFindRaw >= 0 ? activeFromFindRaw : null;
+
+    if (activeFromFind !== activeIndex) setActiveIndex(activeFromFind);
+
     setScrollState({ isScrolling: true });
 
     // Check if at bottom
@@ -61,7 +73,7 @@ const VirtualizedList = memo<VirtualizedListProps>(({ dataSource, itemContent })
     scrollEndTimerRef.current = setTimeout(() => {
       setScrollState({ isScrolling: false });
     }, 150);
-  }, [checkAtBottom, setScrollState]);
+  }, [activeIndex, checkAtBottom, setActiveIndex, setScrollState]);
 
   const handleScrollEnd = useCallback(() => {
     setScrollState({ isScrolling: false });
@@ -77,12 +89,18 @@ const VirtualizedList = memo<VirtualizedListProps>(({ dataSource, itemContent })
         getViewportSize: () => ref.viewportSize,
         scrollToIndex: (index, options) => ref.scrollToIndex(index, options),
       });
+
+      // Seed active index once on mount (avoid requiring user scroll)
+      const initialActiveRaw = ref.findItemIndex(ref.scrollOffset + ref.viewportSize * 0.25);
+      const initialActive =
+        typeof initialActiveRaw === 'number' && initialActiveRaw >= 0 ? initialActiveRaw : null;
+      setActiveIndex(initialActive);
     }
 
     return () => {
       registerVirtuaScrollMethods(null);
     };
-  }, [registerVirtuaScrollMethods]);
+  }, [registerVirtuaScrollMethods, setActiveIndex]);
 
   // Cleanup on unmount
   useEffect(() => {

package/src/features/Conversation/store/slices/virtuaList/action.ts

@@ -32,6 +32,11 @@ export interface VirtuaListAction {
     options?: { align?: 'start' | 'center' | 'end'; smooth?: boolean },
   ) => void;
 
+  /**
+   * Set active index directly (derived from scroll position)
+   */
+  setActiveIndex: (index: number | null) => void;
+
   /**
    * Update scroll state (atBottom, isScrolling)
    */
@@ -107,6 +112,10 @@ export const virtuaListSlice: StateCreator<State & VirtuaListAction, [], [], Vir
     virtuaScrollMethods?.scrollToIndex(index, options);
   },
 
+  setActiveIndex: (index) => {
+    set({ activeIndex: index });
+  },
+
   setScrollState: (state) => {
     set(state);
   },

package/src/libs/trpc/lambda/middleware/marketSDK.ts

@@ -1,6 +1,5 @@
-import { MarketSDK } from '@lobehub/market-sdk';
-
-import { generateTrustedClientToken, type TrustedClientUserInfo } from '@/libs/trusted-client';
+import { type TrustedClientUserInfo } from '@/libs/trusted-client';
+import { MarketService } from '@/server/services/market';
 
 import { trpc } from '../init';
 
@@ -10,53 +9,45 @@ interface ContextWithMarketUserInfo {
 }
 
 /**
- * Middleware that initializes MarketSDK with proper authentication.
+ * Middleware that initializes MarketService with proper authentication.
  * This requires marketUserInfo middleware to be applied first.
  *
  * Provides:
- * - ctx.marketSDK: Initialized MarketSDK instance with trustedClientToken and optional accessToken
- * - ctx.trustedClientToken: The generated trusted client token (if available)
+ * - ctx.marketSDK: MarketSDK instance for backward compatibility
+ * - ctx.marketService: MarketService instance (recommended)
  */
 export const marketSDK = trpc.middleware(async (opts) => {
   const ctx = opts.ctx as ContextWithMarketUserInfo;
 
-  // Generate trusted client token if user info is available
-  const trustedClientToken = ctx.marketUserInfo
-    ? generateTrustedClientToken(ctx.marketUserInfo)
-    : undefined;
-
-  // Initialize MarketSDK with both authentication methods
-  const market = new MarketSDK({
+  // Initialize MarketService with authentication
+  const marketService = new MarketService({
     accessToken: ctx.marketAccessToken,
-    baseURL: process.env.NEXT_PUBLIC_MARKET_BASE_URL,
-    trustedClientToken,
+    userInfo: ctx.marketUserInfo,
   });
 
   return opts.next({
     ctx: {
-      marketSDK: market,
-      trustedClientToken,
+      marketSDK: marketService.market, // Backward compatibility
+      marketService, // New recommended way
     },
   });
 });
 
 /**
  * Middleware that requires authentication for Market API access.
- * This middleware ensures that either accessToken or trustedClientToken is available.
+ * This middleware ensures that either accessToken or marketUserInfo is available.
  * It should be used after marketUserInfo and marketSDK middlewares.
  *
  * Throws UNAUTHORIZED error if neither authentication method is available.
  */
 export const requireMarketAuth = trpc.middleware(async (opts) => {
-  const ctx = opts.ctx as ContextWithMarketUserInfo & {
-    trustedClientToken?: string;
-  };
+  const ctx = opts.ctx as ContextWithMarketUserInfo;
 
   // Check if any authentication is available
   const hasAccessToken = !!ctx.marketAccessToken;
-  const hasTrustedToken = !!ctx.trustedClientToken;
+  const hasUserInfo = !!ctx.marketUserInfo;
 
-  if (!hasAccessToken && !hasTrustedToken) {
+  if (!hasAccessToken && !hasUserInfo) {
     const { TRPCError } = await import('@trpc/server');
     throw new TRPCError({
       code: 'UNAUTHORIZED',

package/src/libs/trusted-client/index.ts

@@ -3,7 +3,7 @@ import { buildTrustedClientPayload, createTrustedClientToken } from '@lobehub/ma
 import { appEnv } from '@/envs/app';
 
 export interface TrustedClientUserInfo {
-  email: string;
+  email?: string;
   name?: string;
   userId: string;
 }

package/src/server/routers/lambda/market/index.ts

@@ -7,6 +7,7 @@ import { z } from 'zod';
 import { publicProcedure, router } from '@/libs/trpc/lambda';
 import { marketUserInfo, serverDatabase } from '@/libs/trpc/lambda/middleware';
 import { DiscoverService } from '@/server/services/discover';
+import { MarketService } from '@/server/services/market';
 import {
   AssistantSorts,
   McpConnectionType,
@@ -37,6 +38,10 @@ const marketProcedure = publicProcedure
           accessToken: ctx.marketAccessToken,
           userInfo: ctx.marketUserInfo,
         }),
+        marketService: new MarketService({
+          accessToken: ctx.marketAccessToken,
+          userInfo: ctx.marketUserInfo,
+        }),
       },
     });
   });

package/src/server/routers/lambda/market/oidc.ts

@@ -1,18 +1,29 @@
-import { MarketSDK } from '@lobehub/market-sdk';
 import { TRPCError } from '@trpc/server';
 import debug from 'debug';
 import { z } from 'zod';
 
 import { publicProcedure, router } from '@/libs/trpc/lambda';
 import { marketUserInfo, serverDatabase } from '@/libs/trpc/lambda/middleware';
-import { generateTrustedClientToken } from '@/libs/trusted-client';
+import { MarketService } from '@/server/services/market';
 
 const log = debug('lambda-router:market:oidc');
 
-const MARKET_BASE_URL = process.env.NEXT_PUBLIC_MARKET_BASE_URL || 'https://market.lobehub.com';
-
 // OIDC procedures are public (used during authentication flow)
-const oidcProcedure = publicProcedure.use(serverDatabase).use(marketUserInfo);
+const oidcProcedure = publicProcedure
+  .use(serverDatabase)
+  .use(marketUserInfo)
+  .use(async ({ ctx, next }) => {
+    // Initialize MarketService (may be without auth for public endpoints)
+    const marketService = new MarketService({
+      userInfo: ctx.marketUserInfo,
+    });
+
+    return next({
+      ctx: {
+        marketService,
+      },
+    });
+  });
 
 export const oidcRouter = router({
   /**
@@ -28,19 +39,11 @@ export const oidcRouter = router({
         redirectUri: z.string(),
       }),
     )
-    .mutation(async ({ input }) => {
+    .mutation(async ({ input, ctx }) => {
       log('exchangeAuthorizationCode input: %O', { ...input, code: '[REDACTED]' });
 
-      const market = new MarketSDK({ baseURL: MARKET_BASE_URL });
-
       try {
-        const response = await market.auth.exchangeOAuthToken({
-          clientId: input.clientId,
-          code: input.code,
-          codeVerifier: input.codeVerifier,
-          grantType: 'authorization_code',
-          redirectUri: input.redirectUri,
-        });
+        const response = await ctx.marketService.exchangeAuthorizationCode(input);
         return response;
       } catch (error) {
         log('Error exchanging authorization code: %O', error);
@@ -56,23 +59,23 @@ export const oidcRouter = router({
    * Get OAuth handoff information
    * GET /market/oidc/handoff?id=xxx
    */
-  getOAuthHandoff: oidcProcedure.input(z.object({ id: z.string() })).query(async ({ input }) => {
-    log('getOAuthHandoff input: %O', input);
-
-    const market = new MarketSDK({ baseURL: MARKET_BASE_URL });
-
-    try {
-      const handoff = await market.auth.getOAuthHandoff(input.id);
-      return handoff;
-    } catch (error) {
-      log('Error getting OAuth handoff: %O', error);
-      throw new TRPCError({
-        cause: error,
-        code: 'INTERNAL_SERVER_ERROR',
-        message: error instanceof Error ? error.message : 'Failed to get OAuth handoff',
-      });
-    }
-  }),
+  getOAuthHandoff: oidcProcedure
+    .input(z.object({ id: z.string() }))
+    .query(async ({ input, ctx }) => {
+      log('getOAuthHandoff input: %O', input);
+
+      try {
+        const handoff = await ctx.marketService.getOAuthHandoff(input.id);
+        return handoff;
+      } catch (error) {
+        log('Error getting OAuth handoff: %O', error);
+        throw new TRPCError({
+          cause: error,
+          code: 'INTERNAL_SERVER_ERROR',
+          message: error instanceof Error ? error.message : 'Failed to get OAuth handoff',
+        });
+      }
+    }),
 
   /**
    * Get user info from token or trusted client
@@ -83,37 +86,17 @@ export const oidcRouter = router({
     .mutation(async ({ input, ctx }) => {
       log('getUserInfo input: token=%s', input.token ? '[REDACTED]' : 'undefined');
 
-      const market = new MarketSDK({ baseURL: MARKET_BASE_URL });
-
       try {
         // If token is provided, use it
         if (input.token) {
-          const response = await market.auth.getUserInfo(input.token);
+          const response = await ctx.marketService.getUserInfo(input.token);
           return response;
         }
 
         // Otherwise, try to use trustedClientToken
         if (ctx.marketUserInfo) {
-          const trustedClientToken = generateTrustedClientToken(ctx.marketUserInfo);
-
-          if (trustedClientToken) {
-            const userInfoUrl = `${MARKET_BASE_URL}/lobehub-oidc/userinfo`;
-            const response = await fetch(userInfoUrl, {
-              headers: {
-                'Content-Type': 'application/json',
-                'x-lobe-trust-token': trustedClientToken,
-              },
-              method: 'GET',
-            });
-
-            if (!response.ok) {
-              throw new Error(
-                `Failed to fetch user info: ${response.status} ${response.statusText}`,
-              );
-            }
-
-            return await response.json();
-          }
+          const response = await ctx.marketService.getUserInfoWithTrustedClient();
+          return response;
         }
 
         throw new TRPCError({
@@ -143,15 +126,12 @@ export const oidcRouter = router({
         refreshToken: z.string(),
       }),
     )
-    .mutation(async ({ input }) => {
+    .mutation(async ({ input, ctx }) => {
       log('refreshToken input: %O', { ...input, refreshToken: '[REDACTED]' });
 
-      const market = new MarketSDK({ baseURL: MARKET_BASE_URL });
-
       try {
-        const response = await market.auth.exchangeOAuthToken({
-          clientId: input.clientId,
-          grantType: 'refresh_token',
+        const response = await ctx.marketService.refreshToken({
+          clientId: input.clientId || '',
           refreshToken: input.refreshToken,
         });
         return response;

package/src/server/routers/tools/market.ts

@@ -1,4 +1,4 @@
-import { type CodeInterpreterToolName, MarketSDK } from '@lobehub/market-sdk';
+import { type CodeInterpreterToolName } from '@lobehub/market-sdk';
 import { TRPCError } from '@trpc/server';
 import debug from 'debug';
 import { sha256 } from 'js-sha256';
@@ -8,10 +8,11 @@ import { type ToolCallContent } from '@/libs/mcp';
 import { authedProcedure, router } from '@/libs/trpc/lambda';
 import { marketUserInfo, serverDatabase, telemetry } from '@/libs/trpc/lambda/middleware';
 import { marketSDK, requireMarketAuth } from '@/libs/trpc/lambda/middleware/marketSDK';
-import { generateTrustedClientToken, isTrustedClientEnabled } from '@/libs/trusted-client';
+import { isTrustedClientEnabled } from '@/libs/trusted-client';
 import { FileS3 } from '@/server/modules/S3';
 import { DiscoverService } from '@/server/services/discover';
 import { FileService } from '@/server/services/file';
+import { MarketService } from '@/server/services/market';
 import {
   contentBlocksToString,
   processContentBlocks,
@@ -37,6 +38,10 @@ const marketToolProcedure = authedProcedure
           userInfo: ctx.marketUserInfo,
         }),
         fileService: new FileService(ctx.serverDB, ctx.userId),
+        marketService: new MarketService({
+          accessToken: ctx.marketAccessToken,
+          userInfo: ctx.marketUserInfo,
+        }),
         userModel,
       },
     });
@@ -79,7 +84,6 @@ const metaSchema = z
 
 // Schema for code interpreter tool call request
 const callCodeInterpreterToolSchema = z.object({
-  marketAccessToken: z.string().optional(),
   params: z.record(z.any()),
   toolName: z.string(),
   topicId: z.string(),
@@ -224,27 +228,17 @@ export const marketRouter = router({
   callCodeInterpreterTool: marketToolProcedure
     .input(callCodeInterpreterToolSchema)
     .mutation(async ({ input, ctx }) => {
-      const { toolName, params, userId, topicId, marketAccessToken } = input;
+      const { toolName, params, userId, topicId } = input;
 
       log('Calling cloud code interpreter tool: %s with params: %O', toolName, {
         params,
         topicId,
         userId,
       });
-      log('Market access token available: %s', marketAccessToken ? 'yes' : 'no');
-
-      // Generate trusted client token if user info is available
-      const trustedClientToken = ctx.marketUserInfo
-        ? generateTrustedClientToken(ctx.marketUserInfo)
-        : undefined;
 
       try {
-        // Initialize MarketSDK with market access token and trusted client token
-        const market = new MarketSDK({
-          accessToken: marketAccessToken,
-          baseURL: process.env.NEXT_PUBLIC_MARKET_BASE_URL,
-          trustedClientToken,
-        });
+        // Use marketService from ctx
+        const market = ctx.marketService.market;
 
         // Call market-sdk's runBuildInTool
         const response = await market.plugins.runBuildInTool(
@@ -555,34 +549,8 @@ export const marketRouter = router({
         const uploadUrl = await s3.createPreSignedUrl(key);
         log('Generated upload URL for key: %s', key);
 
-        // Step 2: Generate trusted client token if user info is available
-        const trustedClientToken = ctx.marketUserInfo
-          ? generateTrustedClientToken(ctx.marketUserInfo)
-          : undefined;
-
-        // Only require user accessToken if trusted client is not available
-        let userAccessToken: string | undefined;
-        if (!trustedClientToken) {
-          const userState = await ctx.userModel.getUserState(async () => ({}));
-          userAccessToken = userState.settings?.market?.accessToken;
-
-          if (!userAccessToken) {
-            return {
-              error: { message: 'User access token not found. Please sign in to Market first.' },
-              filename,
-              success: false,
-            } as ExportAndUploadFileResult;
-          }
-        } else {
-          log('Using trusted client authentication for exportAndUploadFile');
-        }
-
-        // Initialize MarketSDK
-        const market = new MarketSDK({
-          accessToken: userAccessToken,
-          baseURL: process.env.NEXT_PUBLIC_MARKET_BASE_URL,
-          trustedClientToken,
-        });
+        // Step 2: Use MarketService from ctx
+        const market = ctx.marketService.market;
 
         // Step 3: Call sandbox's exportFile tool with the upload URL
         const response = await market.plugins.runBuildInTool(

package/src/server/services/agentRuntime/AgentRuntimeService.test.ts

@@ -3,6 +3,13 @@ import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
 import { AgentRuntimeService } from './AgentRuntimeService';
 import type { AgentExecutionParams, OperationCreationParams, StartExecutionParams } from './types';
 
+// Mock trusted client to avoid server-side env access
+vi.mock('@/libs/trusted-client', () => ({
+  generateTrustedClientToken: vi.fn().mockReturnValue(undefined),
+  getTrustedClientTokenForSession: vi.fn().mockResolvedValue(undefined),
+  isTrustedClientEnabled: vi.fn().mockReturnValue(false),
+}));
+
 // Mock database and models
 vi.mock('@/database/models/message', () => ({
   MessageModel: vi.fn().mockImplementation(() => ({