Most integrations pull the SDK from a language registry (npm, PyPI, crates.io, …) and never touch a raw binary. When you need the engine itself — to embed it, to run the ROS 2 RMW, or to grab the rnp CLI — everything is served from one HTTPS origin.
All artifacts live under a single origin: https://artifacts.clutchcall.dev (the shared artifact host for every brand). It is a public, read-only host, so the URLs below are stable and need no auth.

The QUIC/MoQT engine (libclutchcall_moqt_ffi.so)

The native transport core, for embedding directly (FFI) or bundling with a custom build. Built against a static libc++ with a glibc-2.17 floor, so it loads on any modern Linux without extra runtime deps.
ORIGIN=https://artifacts.clutchcall.dev

# engine shared object + its C header
curl -fsSL $ORIGIN/sdk/libclutchcall_moqt_ffi.so -o libclutchcall_moqt_ffi.so
curl -fsSL $ORIGIN/sdk/clutch_moqt_ffi.h         -o clutch_moqt_ffi.h
Point your SDK at a custom engine with the per-language override — e.g. Python’s TELEQUICK_LIB_PATH, or link against the header above from C/C++.

ROS 2 RMW (ros-jazzy-rmw-clutchcall-cpp)

The Debian package ships from a GPG-signed apt repo on the same origin. Full walk-through — env var, verify, teleop — is on the ROS 2 RMW page.
ORIGIN=https://artifacts.clutchcall.dev

curl -fsSL $ORIGIN/apt/clutchcall-archive-keyring.asc \
  | sudo gpg --dearmor -o /usr/share/keyrings/clutchcall-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/clutchcall-archive-keyring.gpg] \
$ORIGIN/apt noble main" \
  | sudo tee /etc/apt/sources.list.d/clutchcall.list

sudo apt update
sudo apt install ros-jazzy-rmw-clutchcall-cpp

Engine (clutchcall-host / clutchcall-relay)

The engine ships as two Debian packages from the same signed apt repo — install whichever the box is:
  • clutchcall-host — the modular voice/media engine: the launcher, shared core, service sidecars, and the native mod_*.so set, with systemd units, tunables, and a modules.conf.
  • clutchcall-relay — the MoQT edge relay (the same core run with the built-in relay role, no modules).
ORIGIN=https://artifacts.clutchcall.dev

curl -fsSL $ORIGIN/apt/clutchcall-archive-keyring.asc \
  | sudo gpg --dearmor -o /usr/share/keyrings/clutchcall-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/clutchcall-archive-keyring.gpg] \
$ORIGIN/apt noble main" \
  | sudo tee /etc/apt/sources.list.d/clutchcall.list
sudo apt update

sudo apt install clutchcall-host      # engine box
# or, on an edge:
sudo apt install clutchcall-relay
On first install the package seeds /etc/clutchcall/services.env (host) or relay.env (relay) from a redacted example — edit it (endpoints + secrets) and drop your TLS cert/key into /opt/clutchcall/conf/ before systemctl enable --now clutchcall-core (or clutchcall-relay). The two packages conflict (a box is one or the other).

Other distros (Fedora, RHEL 9, Rocky, Alma, openSUSE, Amazon Linux, Arch…)

The engine binary is hermetic — it statically links everything but glibc, so one build runs on any x86-64 Linux with glibc ≥ 2.30 and a kernel ≥ 5.4 (recent enough for AF_XDP / eBPF; it falls back to the kernel path otherwise). For non-Debian systems, a self-contained tarball + install.sh does the same setup (user, config, systemd units, tunables) with no distro package deps:
ORIGIN=https://artifacts.clutchcall.dev
curl -fsSL $ORIGIN/engine/clutchcall-host-latest-amd64.tar.zst | tar --zstd -x
sudo ./install.sh            # or: sudo ./install.sh --start
# edge relay: clutchcall-relay-latest-amd64.tar.zst
Arch/pacman users can install the native package instead: sudo pacman -U $ORIGIN/engine/clutchcall-host-1.0.0_git220eafc-1-x86_64.pkg.tar.zst. RPMs for dnf/zypper are available on request.

rnp tunnel CLI

The QUIC tunnel client, any OS/arch:
curl -fsSL https://artifacts.clutchcall.dev/rnp/install.sh | sh

SDK language registries

Each SDK ecosystem is published as a self-hosted static registry on this same origin — npm, pip, maven, go, cargo, and nuget. They are not on the public registries (npmjs / PyPI / Maven Central / crates.io / nuget.org); install from the origin as below. Your own dependencies still resolve from those public registries. All six SDKs install from the same origin (https://artifacts.clutchcall.dev):
npm install https://artifacts.clutchcall.dev/npm/tarballs/clutchcall_connect-1.0.0.tgz
pip install clutchcall-sdk --extra-index-url https://artifacts.clutchcall.dev/pip/simple/
GOPROXY=https://artifacts.clutchcall.dev/go,https://proxy.golang.org,direct GOSUMDB=off \
  go get github.com/clutchcall/go-sdk@v1.0.0
# ~/.cargo/config.toml — register the sparse index once
[registries.clutchcall]
index = "sparse+https://artifacts.clutchcall.dev/cargo/"

# Cargo.toml
[dependencies]
clutchcall-sdk = { version = "1.0.0", registry = "clutchcall" }
<!-- pom.xml -->
<repositories>
  <repository>
    <id>clutchcall</id>
    <url>https://artifacts.clutchcall.dev/maven</url>
  </repository>
</repositories>

<dependency>
  <groupId>com.clutchcall.api</groupId>
  <artifactId>clutchcall-sdk</artifactId>
  <version>1.0.0</version>
</dependency>
dotnet nuget add source https://artifacts.clutchcall.dev/nuget/index.json -n clutchcall
dotnet add package ClutchCall.SDK --source clutchcall
Integrity is enforced per channel: the apt repo is GPG-signed, the Cargo sparse index carries per-crate SHA-256 checksums, and every artifact URL is version-pinned and immutable — pin the version and the URL is reproducible.