Gated Software Distribution

Download V2 Engine

Licensed releases available exclusively to authorized licensees after Stripe payment and GitHub access activation.

Release Access Model

The V2 Engine is distributed exclusively to authorized licensees. Release artifacts, including executables and cryptographic signatures, are available only after:

  • 1. Stripe payment processing and license key issuance
  • 2. License activation via v2-engine activate command
  • 3. Access to the private GitHub Release repository
  • 4. Local verification of cryptographic signatures and checksums

If you hold a valid license, follow the authorization flow below. If you do not yet have a license, visit the Contact page to request information.

How to Obtain the V2 Engine

Step 1: License Purchase and Stripe Payment

Visit the Licensing page and select your deployment tier.

Complete payment via Stripe. Payment processing takes 2-5 minutes.

You will receive a license key via email upon successful payment. Save this key in a secure location.

Step 2: License Activation

Use your license key to activate access to the private GitHub Release repository:

./v2-engine activate --license-key <YOUR_LICENSE_KEY>

This command registers your deployment environment with Manna Corp's license validation service and grants GitHub access to the private Release repository.

Step 3: Access Authorized Release Artifacts

After activation, download authenticated releases from the private GitHub Release repository:

https://github.com/mannacorp/v2-engine/releases (requires valid license and GitHub authentication)

Available release artifacts include:

  • Executable binaries (Linux, macOS, Windows)
  • SHA256SUMS checksum manifest
  • RSA-4096 signature file (SHA256SUMS.sig)
  • Manna Corp public key (ASCII-armored)
  • Software Bill of Materials (SBOM) in CycloneDX format
  • Release notes and changelog

Step 4: Verify Cryptographic Integrity

Extract and verify the release using the steps in the Verification Process section below. Verification is mandatory before deployment.

Current Release Information

Release: v2.1.0 | Date: January 15, 2026

Available Tiers

The following release variants are available in the private GitHub Release repository (after license activation):

  • v2.1.0-tier-enterprise: Full feature set for enterprise deployments
  • v2.1.0-tier-healthcare: Healthcare-configured variant with regulatory optimizations
  • v2.1.0-tier-compliance: Compliance and audit optimized build

Supported Platforms

  • Linux (x86_64)
  • macOS (ARM64, Intel)
  • Windows (x86_64)

Integrity Guarantees

  • All executables are cryptographically signed using RSA-4096 with SHA-256.
  • The signature is attached to the SHA256SUMS manifest, enabling efficient batch verification.
  • All releases are tagged and immutable. Release versions are never overwritten.
  • All SBOM and dependency information is included with each release.

Public Signing Key Fingerprint

The fingerprint below is safe to publish and compare against. The full public key is included in each release bundle and is distributed via GitHub Release assets, email confirmation, and the Welcome Kit upon license activation.

RSA 4096-bit Key

Key ID: F3A2 E5C8 9D4B 1F7E

Fingerprint:

0123 4567 89AB CDEF 0123 4567 89AB CDEF F3A2 E5C8 9D4B 1F7E

User ID: Manna Corp Release Signing Key <releases@mannacorp.com>

How to Verify the Fingerprint

After importing the public key from the release bundle:

gpg --list-keys --fingerprint releases@mannacorp.com

Verify that the fingerprint displayed matches the value above. If it does not match, do not proceed and contact security@mannacorp.com.

Verification Process

Prerequisites

  • ✓ Active Manna Corp license (acquired via Stripe payment)
  • ✓ Completed activation command (v2-engine activate --license-key)
  • ✓ Access to private GitHub Release repository granted
  • ✓ GPG or equivalent signature verification tool installed
  • ✓ SHA256 checksum utility (sha256sum or equivalent)

Verification Steps

Follow these steps to verify the integrity and authenticity of your release artifacts:

1. Download Release Artifacts from Private Repository

Clone or download the release from the private GitHub Release repository (available after license activation):

git clone --depth 1 --branch v2.1.0 \
  https://github.com/mannacorp/v2-engine.git

2. Import Manna Corp Public Key

Import the public key provided in the release assets:

gpg --import manna-corp-public-key.asc

Verify the key fingerprint matches the published fingerprint (see section above).

3. Verify the SHA256SUMS Signature

Verify that the SHA256SUMS manifest file is signed by Manna Corp:

gpg --verify SHA256SUMS.sig SHA256SUMS

Expected output: "Good signature from 'Manna Corp Release Signing Key'"

4. Verify Executable Checksums

Verify all binaries match their SHA256 checksums:

sha256sum --check SHA256SUMS

All files should show "OK" status. Any mismatch indicates corruption or tampering.

5. Review SBOM (Recommended)

Examine the Software Bill of Materials to review all dependencies:

cat SBOM.cyclonedx.json | less

See SBOM Policy for details on our dependency management practices.

Release Notes

v2.1.0 (January 15, 2026)

New Features

  • Cryptographic signing of audit artifacts
  • Enhanced rule set versioning

Performance Improvements

  • 20% faster execution for large rule sets (>1000 rules)
  • Reduced memory footprint

Bug Fixes

  • Fixed date handling for leap years
  • Corrected edge case in multi-condition rule evaluation

Security Updates

  • Updated dependencies (see SBOM)
  • Strengthened input validation

Previous Versions

Previous versions are available for rollback purposes only. Always use the latest version unless you have a specific compatibility requirement.

Troubleshooting

Cannot Access Private GitHub Repository

Cause: License activation may not have completed successfully.

Solution:

  • Verify your license is active (check activation email receipt)
  • Re-run the activation command: v2-engine activate --license-key YOUR_KEY
  • Ensure GitHub authentication is configured (run git config user.name/email)
  • Contact support@mannacorp.com if activation fails

License Activation Fails

Cause: Invalid or expired license key, or network connectivity issues.

Solution:

  • Verify the license key is correct (check email receipt)
  • Ensure network connectivity (v2-engine requires outbound HTTPS to license validation service)
  • Verify license has not expired (check your account at Stripe)
  • Contact support@mannacorp.com for license verification

Signature Verification Fails

Cause: The downloaded file may be corrupted, the fingerprint may not match, or the public key may be incorrect.

Solution:

  • Verify the public key fingerprint matches the published value above
  • Re-download all files (archive, SHA256SUMS, and .sig) from the GitHub Release
  • Ensure GPG is up to date (run gpg --version)
  • Contact security@mannacorp.com if the issue persists

Checksum Mismatch

Cause: File was corrupted during download or transfer.

Solution:

  • Re-download the archive from the GitHub Release
  • Ensure the file size matches the expected value
  • Do not use the corrupted file for deployment
  • If checksums continue to mismatch, contact support@mannacorp.com

Support

For installation or verification assistance, contact support@mannacorp.com.

For security concerns, contact security@mannacorp.com.