research-master 0.1.40

MCP server for searching and downloading academic papers from multiple research sources
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615

//! Update utilities for self-updating the CLI.

use anyhow::{bail, Context, Result};
use std::fs;
use std::path::{Path, PathBuf};
use std::process::Command;

#[cfg(unix)]
use std::os::unix::fs::PermissionsExt;

/// Check if an external binary is available in PATH
fn is_command_available(name: &str) -> bool {
    Command::new(name)
        .arg("--version")
        .output()
        .map(|o| o.status.success())
        .unwrap_or(false)
}

/// Information about the current installation method
#[derive(Debug, Clone)]
pub enum InstallationMethod {
    /// Installed via Homebrew
    Homebrew {
        /// Path to the Homebrew binary
        path: PathBuf,
    },
    /// Installed via cargo install
    Cargo {
        /// Installation directory
        path: PathBuf,
    },
    /// Directly installed binary
    Direct {
        /// Path to the binary
        path: PathBuf,
    },
    /// Unknown installation method
    Unknown,
}

/// Detect how the tool was installed
pub fn detect_installation() -> InstallationMethod {
    let exe_path = match std::env::current_exe() {
        Ok(path) => path,
        Err(_) => return InstallationMethod::Unknown,
    };

    // Check if running from Homebrew prefix
    if let Ok(homebrew_prefix) = std::env::var("HOMEBREW_PREFIX") {
        let homebrew_bin = PathBuf::from(homebrew_prefix)
            .join("bin")
            .join("research-master");
        if exe_path == homebrew_bin
            || exe_path.starts_with(homebrew_bin.parent().unwrap_or(&homebrew_bin))
        {
            return InstallationMethod::Homebrew { path: exe_path };
        }
    }

    // Check if installed via cargo (check if ~/.cargo/bin is in the path)
    if let Ok(cargo_home) = std::env::var("CARGO_HOME") {
        let cargo_bin = PathBuf::from(cargo_home)
            .join("bin")
            .join("research-master");
        if exe_path == cargo_bin {
            return InstallationMethod::Cargo { path: exe_path };
        }
    }

    // Check common Homebrew locations
    let homebrew_paths = [
        PathBuf::from("/opt/homebrew/bin/research-master"),
        PathBuf::from("/usr/local/bin/research-master"),
        PathBuf::from("/home/linuxbrew/.linuxbrew/bin/research-master"),
    ];

    for hb_path in &homebrew_paths {
        if exe_path == *hb_path {
            return InstallationMethod::Homebrew { path: exe_path };
        }
    }

    InstallationMethod::Direct { path: exe_path }
}

/// Get installation-specific update instructions
pub fn get_update_instructions(method: &InstallationMethod) -> String {
    match method {
        InstallationMethod::Homebrew { .. } => {
            "You seem to have installed via Homebrew. Run:\n  brew upgrade research-master".to_string()
        }
        InstallationMethod::Cargo { .. } => {
            "You seem to have installed via cargo. Run:\n  cargo install research-master".to_string()
        }
        InstallationMethod::Direct { .. } => {
            "I'll download and install the latest version for you.".to_string()
        }
        InstallationMethod::Unknown => {
            "Unable to detect installation method.\n\nIf you installed via:\n  - Homebrew: run 'brew upgrade research-master'\n  - cargo: run 'cargo install research-master'\n  - Direct download: I'll download the latest binary".to_string()
        }
    }
}

/// GitHub release information
#[derive(Debug, Clone)]
pub struct ReleaseInfo {
    /// Tag name (e.g., "v0.1.5")
    pub tag_name: String,
    /// Version number without 'v' prefix
    pub version: String,
    /// Release notes/body
    pub body: String,
    /// Published date
    pub published_at: String,
    /// Array of assets with download URLs
    pub assets: Vec<ReleaseAsset>,
}

/// A single release asset
#[derive(Debug, Clone)]
pub struct ReleaseAsset {
    /// Asset name (e.g., "research-master-x86_64-apple-darwin.tar.gz")
    pub name: String,
    /// Download URL
    pub download_url: String,
}

/// Fetch the latest release information from GitHub
pub async fn fetch_latest_release() -> Result<ReleaseInfo> {
    let client = reqwest::Client::new();
    let response = client
        .get("https://api.github.com/repos/hongkongkiwi/research-master/releases/latest")
        .header("User-Agent", "research-master")
        .send()
        .await
        .context("Failed to fetch latest release")?;

    if !response.status().is_success() {
        bail!(
            "GitHub API request failed with status: {}",
            response.status()
        );
    }

    let json: serde_json::Value = response
        .json()
        .await
        .context("Failed to parse release info")?;

    let tag_name = json["tag_name"]
        .as_str()
        .context("Missing tag_name")?
        .to_string();

    let version = tag_name.trim_start_matches('v').to_string();

    let body = json["body"].as_str().unwrap_or("").to_string();
    let published_at = json["published_at"].as_str().unwrap_or("").to_string();

    let mut assets = Vec::new();
    if let Some(assets_array) = json["assets"].as_array() {
        for asset in assets_array {
            if let (Some(name), Some(download_url)) = (
                asset["name"].as_str(),
                asset["browser_download_url"].as_str(),
            ) {
                assets.push(ReleaseAsset {
                    name: name.to_string(),
                    download_url: download_url.to_string(),
                });
            }
        }
    }

    Ok(ReleaseInfo {
        tag_name,
        version,
        body,
        published_at,
        assets,
    })
}

/// Get the target triple for the current platform
pub fn get_current_target() -> &'static str {
    // Get target from std
    let target = std::env::consts::ARCH;

    // Determine OS
    let os = if cfg!(target_os = "linux") {
        if cfg!(target_env = "musl") {
            "unknown-linux-musl"
        } else {
            "unknown-linux-gnu"
        }
    } else if cfg!(target_os = "macos") {
        "apple-darwin"
    } else if cfg!(target_os = "windows") {
        "pc-windows-msvc"
    } else {
        return "";
    };

    match target {
        "x86_64" => {
            if os == "apple-darwin" {
                "x86_64-apple-darwin"
            } else if os == "unknown-linux-musl" {
                "x86_64-unknown-linux-musl"
            } else if os == "unknown-linux-gnu" {
                "x86_64-unknown-linux-gnu"
            } else if os == "pc-windows-msvc" {
                "x86_64-pc-windows-msvc"
            } else {
                ""
            }
        }
        "aarch64" => {
            if os == "apple-darwin" {
                "aarch64-apple-darwin"
            } else {
                ""
            }
        }
        _ => "",
    }
}

/// Find the appropriate release asset for the current platform
pub fn find_asset_for_platform(release: &ReleaseInfo) -> Option<&ReleaseAsset> {
    let target = get_current_target();
    if target.is_empty() {
        return None;
    }

    // Look for tar.gz first (Linux/macOS), then zip (Windows)
    let preferred_ext = if cfg!(target_os = "windows") {
        ".zip"
    } else {
        ".tar.gz"
    };

    // Try to find exact match
    if let Some(asset) = release
        .assets
        .iter()
        .find(|asset| asset.name.contains(target) && asset.name.ends_with(preferred_ext))
    {
        return Some(asset);
    }

    // Fallback: just find any asset with the target
    release
        .assets
        .iter()
        .find(|asset| asset.name.contains(target))
}

/// Download and extract a release asset
pub async fn download_and_extract_asset(asset: &ReleaseAsset, temp_dir: &Path) -> Result<PathBuf> {
    let client = reqwest::Client::new();

    // Download the archive
    eprintln!("Downloading {}...", asset.name);
    let response = client
        .get(&asset.download_url)
        .send()
        .await
        .context("Failed to download asset")?;

    if !response.status().is_success() {
        bail!("Download failed with status: {}", response.status());
    }

    let bytes = response
        .bytes()
        .await
        .context("Failed to read response body")?;

    // Save to temp file
    let archive_path = temp_dir.join(&asset.name);
    fs::write(&archive_path, &bytes).context("Failed to save archive")?;

    // Extract based on file type
    let binary_path = if asset.name.ends_with(".tar.gz") {
        extract_tar_gz(&archive_path, temp_dir)?
    } else if asset.name.ends_with(".zip") {
        extract_zip(&archive_path, temp_dir)?
    } else {
        bail!("Unsupported archive format: {}", asset.name);
    };

    Ok(binary_path)
}

#[cfg(unix)]
fn extract_tar_gz(archive_path: &Path, dest_dir: &Path) -> Result<PathBuf> {
    use std::os::unix::fs::PermissionsExt;

    // Use tar to extract
    let output = Command::new("tar")
        .args([
            "xzf",
            archive_path.to_str().unwrap(),
            "-C",
            dest_dir.to_str().unwrap(),
        ])
        .output()
        .context("Failed to extract tar.gz")?;

    if !output.status.success() {
        bail!(
            "tar extraction failed: {}",
            String::from_utf8_lossy(&output.stderr)
        );
    }

    // Find the extracted binary
    for entry in fs::read_dir(dest_dir)? {
        let entry = entry?;
        let path = entry.path();
        if path.is_file()
            && path
                .file_name()
                .map(|n| n.to_string_lossy().starts_with("research-master"))
                .unwrap_or(false)
        {
            // Make executable
            let mut perms = fs::metadata(&path)?.permissions();
            perms.set_mode(0o755);
            fs::set_permissions(&path, perms)?;
            return Ok(path);
        }
    }

    bail!("Could not find binary in archive")
}

#[cfg(windows)]
fn extract_tar_gz(_archive_path: &Path, _dest_dir: &Path) -> Result<PathBuf> {
    bail!("tar.gz extraction on Windows requires additional dependencies")
}

#[cfg(windows)]
fn extract_zip(archive_path: &Path, dest_dir: &Path) -> Result<PathBuf> {
    use zip::ZipArchive;

    let file = fs::File::open(archive_path)?;
    let mut archive = ZipArchive::new(file)?;

    for i in 0..archive.len() {
        let mut entry = archive.by_index(i)?;
        let out_path = dest_dir.join(entry.name());

        if entry.is_dir() {
            fs::create_dir_all(&out_path)?;
        } else {
            if let Some(parent) = out_path.parent() {
                fs::create_dir_all(parent)?;
            }
            let mut out_file = fs::File::create(&out_path)?;
            std::io::copy(&mut entry, &mut out_file)?;
        }
    }

    // Find the binary
    for entry in fs::read_dir(dest_dir)? {
        let entry = entry?;
        let path = entry.path();
        if path.is_file()
            && path
                .file_name()
                .map(|n| n.to_string_lossy().starts_with("research-master"))
                .unwrap_or(false)
        {
            return Ok(path);
        }
    }

    bail!("Could not find binary in archive")
}

#[cfg(unix)]
fn extract_zip(_archive_path: &Path, _dest_dir: &Path) -> Result<PathBuf> {
    bail!("zip extraction on Unix requires additional dependencies")
}

/// Replace the current binary with a new one
pub fn replace_binary(current: &Path, new: &Path) -> Result<()> {
    #[cfg(unix)]
    {
        // On Unix, we need to copy to a temp location first, then rename
        // because the current binary is still running
        let temp_path = current.with_file_name(format!(
            "{}.new",
            current.file_name().unwrap().to_string_lossy()
        ));

        // Copy new binary to temp location
        fs::copy(new, &temp_path)?;
        std::fs::set_permissions(&temp_path, std::fs::Permissions::from_mode(0o755))?;

        // Rename temp to current (atomic on POSIX)
        // First, rename current to backup
        let backup_path = current.with_file_name(format!(
            "{}.backup",
            current.file_name().unwrap().to_string_lossy()
        ));
        if current.exists() {
            fs::rename(current, &backup_path)?;
        }

        // Rename temp to current
        fs::rename(&temp_path, current)?;

        // Remove backup
        if backup_path.exists() {
            fs::remove_file(&backup_path)?;
        }

        Ok(())
    }

    #[cfg(windows)]
    {
        // On Windows, we can't replace a running executable
        // So we copy to a .new file and tell the user to restart
        let new_path = current.with_extension(".exe.new");
        fs::copy(new, &new_path)?;
        eprintln!(
            "New binary downloaded to: {}. Please restart your terminal to use the new version.",
            new_path.display()
        );
        Ok(())
    }
}

/// Clean up temporary files
pub fn cleanup_temp_files(files: Vec<PathBuf>) {
    for file in files {
        if file.exists() {
            let _ = fs::remove_file(file);
        }
    }
}

/// Fetch and verify SHA256 checksum for a file
pub async fn fetch_and_verify_sha256(asset_name: &str, _temp_dir: &Path) -> Result<String> {
    let client = reqwest::Client::new();
    let checksums_url =
        "https://github.com/hongkongkiwi/research-master/releases/download/latest/SHA256SUMS.txt";

    eprintln!("Downloading SHA256 checksums...");
    let response = client
        .get(checksums_url)
        .header("User-Agent", "research-master")
        .send()
        .await
        .context("Failed to download checksums file")?;

    if !response.status().is_success() {
        bail!("Failed to download checksums (HTTP {})", response.status());
    }

    let checksums_text = response.text().await.context("Failed to read checksums")?;

    // Parse the checksums file and find the matching entry
    for line in checksums_text.lines() {
        let parts: Vec<&str> = line.split_whitespace().collect();
        if parts.len() >= 2 {
            let hash = parts[0];
            let filename = parts.last().unwrap_or(&"");

            // Handle both formats:
            // e.g., "abc123...  research-master-x86_64-unknown-linux-musl.tar.gz"
            // or "abc123...  ./research-master-x86_64-unknown-linux-musl.tar.gz"
            let normalized_filename = filename.trim_start_matches("./");

            if normalized_filename == asset_name || filename.contains(asset_name) {
                return Ok(hash.to_string());
            }
        }
    }

    bail!("Checksum not found for {}", asset_name)
}

/// Compute SHA256 hash of a file
pub fn compute_sha256(file_path: &Path) -> Result<String> {
    use sha2::{Digest, Sha256};

    let data = fs::read(file_path).context("Failed to read file for checksum")?;
    let mut hasher = Sha256::new();
    hasher.update(&data);
    let result = hasher.finalize();
    Ok(format!("{:x}", result))
}

/// Verify downloaded file against expected SHA256 hash
pub fn verify_sha256(file_path: &Path, expected_hash: &str) -> Result<bool> {
    let actual_hash = compute_sha256(file_path)?;

    if actual_hash == expected_hash {
        Ok(true)
    } else {
        eprintln!("SHA256 mismatch!");
        eprintln!("Expected: {}", expected_hash);
        eprintln!("Actual:   {}", actual_hash);
        Ok(false)
    }
}

/// Fetch the GPG signature for SHA256SUMS.txt
pub async fn fetch_sha256_signature() -> Result<String> {
    let client = reqwest::Client::new();
    let signature_url = "https://github.com/hongkongkiwi/research-master/releases/download/latest/SHA256SUMS.txt.asc";

    eprintln!("Downloading GPG signature...");
    let response = client
        .get(signature_url)
        .header("User-Agent", "research-master")
        .send()
        .await
        .context("Failed to download GPG signature")?;

    if !response.status().is_success() {
        bail!(
            "Failed to download GPG signature (HTTP {})",
            response.status()
        );
    }

    let signature = response.text().await.context("Failed to read signature")?;
    Ok(signature)
}

/// Verify GPG signature of SHA256SUMS.txt
/// This requires the project maintainer's public key to be in the system keyring.
/// For CI/CD, set GPG_FINGERPRINT to the expected signer's fingerprint.
pub fn verify_gpg_signature(sha256sums_path: &Path, signature: &str) -> Result<bool> {
    use std::io::Write as _;

    // Check if GPG is available first
    if !is_command_available("gpg") {
        #[cfg(windows)]
        {
            eprintln!("WARNING: GPG is not installed or not in PATH.");
            eprintln!("On Windows, install GPG from https://www.gpg4win.org/");
        }
        #[cfg(not(windows))]
        {
            eprintln!("WARNING: GPG is not installed or not in PATH.");
            eprintln!("Install GPG with your package manager (e.g., brew install gnupg)");
        }
        eprintln!("Skipping GPG signature verification.");
        return Ok(false);
    }

    // Write signature to a temp file
    let sig_path = sha256sums_path.with_extension("txt.asc");
    let mut sig_file = std::fs::File::create(&sig_path)?;
    sig_file.write_all(signature.as_bytes())?;
    sig_file.flush()?;

    // Verify using gpg
    let output = Command::new("gpg")
        .args([
            "--verify",
            sig_path.to_str().unwrap(),
            sha256sums_path.to_str().unwrap(),
        ])
        .output()
        .context("Failed to run gpg")?;

    // Clean up signature file
    let _ = std::fs::remove_file(&sig_path);

    let stderr = String::from_utf8_lossy(&output.stderr);

    // Check for "Good signature" in output
    if stderr.contains("Good signature") || stderr.contains("gpg: Good signature") {
        // Optionally verify the signer if fingerprint is set
        if let Ok(fingerprint) = std::env::var("GPG_FINGERPRINT") {
            if stderr.contains(&fingerprint) || output.status.success() {
                eprintln!("GPG signature verified successfully!");
                return Ok(true);
            } else {
                eprintln!("WARNING: Signature is good but from unexpected signer!");
                eprintln!("Expected fingerprint: {}", fingerprint);
                return Ok(false);
            }
        }
        eprintln!("GPG signature verified successfully!");
        return Ok(true);
    }

    if stderr.contains("BAD signature") || stderr.contains("gpg: BAD signature") {
        eprintln!("ERROR: GPG signature verification FAILED!");
        eprintln!("{}", stderr);
        return Ok(false);
    }

    // If gpg is not available or key not found
    if stderr.contains("no public key") || stderr.contains("gpg: Can't check signature") {
        eprintln!("WARNING: GPG is not configured properly.");
        eprintln!("To enable GPG verification, either:");
        eprintln!("  1. Install GPG and import the maintainer's public key");
        eprintln!("  2. Set GPG_FINGERPRINT to skip signer verification");
        return Ok(false);
    }

    eprintln!("GPG verification result: {}", stderr);
    Ok(false)
}