🐛 fix: slove the list connection always use require auth & should have trust client auth

[ONLY-yours]

…trust client check

💻 Change Type

• ✨ feat
• 🐛 fix
• ♻️ refactor
• 💄 style
• 👷 build
• ⚡️ perf
• ✅ test
• 📝 docs
• 🔨 chore

🔗 Related Issue

🔀 Description of Change

🧪 How to Test

• Tested locally
• Added/updated tests
• No tests needed

📸 Screenshots / Videos

Before	After
...	...

📝 Additional Information

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
lobehub	Ready	Preview, Comment	Mar 27, 2026 0:19am

[sourcery-ai]

We've reviewed this pull request using the Sourcery rules engine

[lobehubbot]

@nekomeowww @tjx666 - This PR fixes a marketplace SDK TRPC middleware auth issue (trust client check). It touches server-side middleware and router code. Please take a look.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2415e5ae37

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Keep auth guard active when trusted client is enabled

requireMarketAuth now returns early whenever trusted-client env vars are set, before checking ctx.marketAccessToken/ctx.marketUserInfo. That bypasses the only local auth gate for credsProcedure (src/server/routers/lambda/market/creds.ts, which is built from publicProcedure), so unauthenticated requests can reach credential handlers in trusted-client deployments; previously they were rejected as UNAUTHORIZED at middleware level. At minimum this regresses auth semantics (missing-auth becomes downstream handler failures), and it weakens route protection for credential APIs.

Useful? React with 👍 / 👎.

[codecov]

Codecov Report

❌ Patch coverage is 25.00000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 66.75%. Comparing base (6b4046e) to head (2415e5a).
⚠️ Report is 2 commits behind head on canary.

Additional details and impacted files

@@            Coverage Diff             @@
##           canary   #13344      +/-   ##
==========================================
- Coverage   66.75%   66.75%   -0.01%     
==========================================
  Files        1894     1894              
  Lines      152312   152316       +4     
  Branches    17374    14610    -2764     
==========================================
+ Hits       101672   101673       +1     
- Misses      50520    50523       +3     
  Partials      120      120              

Flag	Coverage Δ
app	58.13% <25.00%> (-0.01%)	⬇️
database	96.66% <ø> (ø)
packages/agent-runtime	89.61% <ø> (ø)
packages/context-engine	86.47% <ø> (ø)
packages/conversation-flow	92.36% <ø> (ø)
packages/file-loaders	87.02% <ø> (ø)
packages/memory-user-memory	66.68% <ø> (ø)
packages/model-bank	99.85% <ø> (ø)
packages/model-runtime	84.44% <ø> (ø)
packages/prompts	67.76% <ø> (ø)
packages/python-interpreter	92.90% <ø> (ø)
packages/ssrf-safe-fetch	0.00% <ø> (ø)
packages/utils	90.41% <ø> (ø)
packages/web-crawler	88.82% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
Store	66.11% <ø> (ø)
Services	49.58% <ø> (ø)
Server	67.20% <ø> (ø)
Libs	51.03% <25.00%> (-0.03%)	⬇️
Utils	91.01% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[lobehubbot]

❤️ Great PR @ONLY-yours ❤️

The growth of project is inseparable from user feedback and contribution, thanks for your contribution! If you are interesting with the lobehub developer community, please join our discord and then dm @arvinxx or @canisminor1990. They will invite you to our private developer channel. We are talking about the lobe-chat development or sharing ai newsletter around the world.