Releases

Release history, changelogs, and verified downloads

v2.0.1
February 2026 Docs Patch
Latest Docs

Documentation & Verification Updates

  • Standardized tier naming: Runtime Core, Production Stack, Hardened Stack
  • Python version requirement standardized to 3.11+ across all pages
  • GPG verify commands now include both signature and artifact arguments
  • Added signed checksums verification (SHA256SUMS.sig)
  • Normalized db:write API to structured methods (insert/update/delete)
  • Added db:rawsql escape hatch documentation across contracts, user guide, and security pages
  • Error catalog aligned to E-code scheme (E1xxx–E5xxx) in llms.txt and llms.md
  • Added branded footer with documentation and product navigation site-wide
  • Fixed .md MIME type serving (text/plain with UTF-8 charset)

This is a documentation and verification patch. The runtime artifact remains v2.0.0 — no code changes.

v2.0.0
February 2026 Stable
Latest Runtime

Highlights

  • Complete production stack with Nginx, PostgreSQL, Redis
  • Contract-driven controller execution with JSON Schema validation
  • Capability-based security with default-deny model
  • Process-level sandbox isolation with cgroups and seccomp
  • Prometheus metrics and structured JSON logging
  • Hot-reload controller deployment

Security

  • Network namespace isolation for egress control
  • Syscall filtering via seccomp profiles
  • Audit logging for all capability usage
  • X-Request-ID correlation across all operations

Compatibility

ComponentRequirement
Docker20.10+
Docker Compose2.0+
Python3.11+ (runtime)
PostgreSQL14+ (included)

Production Stack

SHA256: b6e7400e0f81715072fb8480682efc5ab7cabaf4313da87210078fad5a4191a6
Download

Hardened Stack

SHA256: 23cb0ccb647fe55a9657e5d10355cd36e9dac312528992cac792d6c4b8be1934 magic-runtime-2.0.0-complete.tar.gz
Download

Verify Any Downloaded Package

# SHA256SUMS covers all v2.0.0 artifacts (Production Stack + Hardened Stack)
wget https://magic.threadsync.io/deploy/SHA256SUMS
sha256sum -c SHA256SUMS --ignore-missing

Verify Signed Checksums (Recommended)

# Step 1: Import key (one-time)
wget https://magic.threadsync.io/deploy/threadsync-releases.asc
gpg --import threadsync-releases.asc

# Step 2: Verify the signed checksums file
wget https://magic.threadsync.io/deploy/SHA256SUMS.sig
gpg --verify SHA256SUMS.sig SHA256SUMS

# Step 3: Verify your artifact against the signed checksums
sha256sum -c SHA256SUMS --ignore-missing

SHA256SUMS.sig covers all artifacts in a single signature. This is the recommended verification path.

Per-Artifact GPG Signatures (Also Available)

# Every artifact ships with a detached .asc signature:
# Production Stack:
gpg --verify magic-runtime-2.0.0-production.tar.gz.asc magic-runtime-2.0.0-production.tar.gz

# Hardened Stack:
gpg --verify magic-runtime-2.0.0-complete.tar.gz.asc magic-runtime-2.0.0-complete.tar.gz

# Key: 9386 38C7 62E1 3E60 324E 8EFF 92A0 0A9E F162 D394
v1.0.0
October 2025 Legacy
Legacy

Original Release

  • Initial controller runtime implementation
  • Basic contract validation
  • Docker Compose deployment

Upgrade Notes

  • Contract schema format changed in v2.0.0
  • Capability declarations now required (default-deny)
  • Migrate using: magic migrate-contracts ./controllers/

Legacy Package

SHA256: cc990dd7b63e91902b6153dd4b12de5b5bf1353796eb5add56811f2e768b25a6
Download