Application-facing proof

Public evidence: RC4 120h + 72h controlled holdover now published

The Time Contract before your application commits state.

GAL-2 Time Contract gives applications a governed decision before unsafe time becomes committed state.

Instead of trusting raw time directly, your software reads a local contract backed by the GAL-2 API. The contract tells the application when time is safe to consume, when to hold over, when to degrade, when to rejoin, and when to fail closed.

Public evidence chain

RC4 72-Hour Extended Holdover: GAL-2 completed an official 120-hour Time Contract characterization with 14,279 contract samples, 0 monotonic_sequence backward steps, 0 gal2_time backward steps, 1 documented FAIL_CLOSED boundary row at the declared 72-hour holdover policy boundary, clean LIVE_RESTORED recovery, and return to LIVE.
DOI: 10.5281/zenodo.20582981

5-Day Adversarial: GAL-2 Time Contract v1.0 completed adversarial characterization with 14,397 contract samples, 0 fetch failures, 0 monotonic_sequence backward steps, and observed FAIL_CLOSED behavior with safe_to_consume=false.
DOI: 10.5281/zenodo.20357131

Solstice 7D: GAL-2 API-backed governed timeline maintained strict monotonicity across 508,548 observed samples over a full-week run on commodity hardware under real-world network conditions.
DOI: 10.5281/zenodo.18018704

Application-facing continuity and governance evidence. Not UTC accuracy evidence, not metrology certification, not production SLA evidence.

View validation

Keep your timing stack. Add GAL-2 where time becomes application state.

Local Time Contract

GET http://127.0.0.1:9095/contract 
{
  "schema": "gal2-daemon-time-contract-v1",
  "version": "time-contract-v1",
  "gal2_time": "2026-06-03T02:55:19.427086Z",
  "utc_time": "2026-06-03T02:55:19.397591Z",
  "safe_to_consume": true,
  "mode": "LIVE",
  "health": "green",
  "reason": "fresh_api_sync",
  "valid_until": "2026-06-03T02:56:04.398902Z",
  "monotonic_sequence": 14282,
  "source_lineage": [
    "gal2_api",
    "gal2_daemon",
    "time_contract"
  ]
}
Backed by the GAL-2 API. Served locally by the daemon. Checked before your application commits time-dependent state.

Start with the Time Contract

Try GAL-2 in your environment.

Get an API key, verify the upstream GAL-2 API, then run the local daemon and inspect 127.0.0.1:9095/contract.

Get an API key Quickstart (5 min)

Free evaluation tier · macOS + Linux · No credit card

API-Backed Governed Time

GAL-2 uses an upstream governed timeline and exposes it locally through the daemon as a consumable Time Contract.

Temporal Circuit Breaker

When time becomes stale, degraded, unavailable, or unsafe, GAL-2 can hold over, degrade, rejoin, or fail closed before bad time becomes application state.

Works With Your Timing Stack

GAL-2 complements GNSS, PTP, NTP, chrony, grandmasters, cloud systems, and existing infrastructure at the application boundary.

Application-facing Time Contract

How GAL-2 works

GAL-2 turns governed time into an application-facing contract your software can check before time becomes state.

01

Connect to the GAL-2 API

The GAL-2 API provides the upstream governed timeline. Your existing timing stack remains in place while GAL-2 adds application-facing governance above it.

02

Run the local daemon

Deploy the GAL-2 daemon beside your application. The daemon exposes a local /contract endpoint backed by the GAL-2 API.

03

Commit only through the contract

Your application checks safe_to_consume, mode, reason, and valid_until before using time in state-changing operations. 

curl -s http://127.0.0.1:9095/contract

The Time Contract answers the question raw clocks do not.

Not only “what time is it?” but whether that governed time is safe for your application to consume right now.

gal2_time safe_to_consume valid_until mode reason monotonic_sequence source_lineage

Your timing stack delivers time. GAL-2 governs whether applications should consume it before it becomes application state.

Why it matters

Raw time can become application state silently.

GAL-2 gives applications a governed boundary before time is trusted, written, ordered, logged, or committed. The Time Contract is visible to applications. The upstream governance layer is API-backed and designed for protected AWS deployment, including Nitro Enclaves and the NO-PA-NO™ anti-tamper governance model.

Without GAL-2

Timing faults can pass straight into production.

  • Backward clock steps can break ordering.
  • Stale references can be consumed as normal.
  • Recovery events can shock the application.
  • Bad time may be detected only after state was already committed.
With GAL-2 Time Contract

Time is governed before the application trusts it.

  • Applications check safe_to_consume before committing time-dependent state.
  • gal2_time is served through a local contract backed by the GAL-2 API.
  • Holdover, degraded, rejoin, and fail-closed states are explicit.
  • Monotonic sequence behavior gives software an auditable consumption path.
Protected governance model

Contract-visible. Core-protected. Evidence-backed.

GAL-2 exposes auditable Time Contract outputs to applications while keeping the upstream temporal governance core protected. NO-PA-NO™ is the anti-tamper governance model designed to protect the core against unauthorized observation, cloning, or arbitrary modification. The result is a practical integration surface for developers and a disciplined evidence trail for infrastructure evaluators.

Local endpoint 127.0.0.1:9095/contract Backed by GAL-2 API Protected AWS model with Nitro Enclaves Core protected by NO-PA-NO™ Evidence on Zenodo DOI Artifacts with SHA-256 Evaluator support for macOS + Linux
Close-up of a dark digital audio workstation interface showing audio and MIDI tracks with waveforms and block patterns.

Time-boundary failures

Built for the moments where broken time can become broken state.

GAL-2 Time Contract is designed for application paths that cannot blindly trust raw time during discontinuities, legacy timestamp boundaries, reference loss, stale time, recovery events, or timing behavior that can corrupt ordering, transactions, logs, expirations, and committed state.

Leap-second-like discontinuities

Do not let time jumps become state.

Leap seconds and similar discontinuities can create brittle application behavior when software assumes raw time is always safe. GAL-2 gives protected applications a governed path through gal2_time, validity, mode, reason, sequence, controlled output, and fail-closed semantics.

Y2038 application-boundary protection

Protect the state layer around Y2038-style failures.

GAL-2 does not patch legacy binaries, operating systems, kernels, firmware, database engines, schemas, or 32-bit time_t implementations. That is platform-level remediation. GAL-2 protects a different boundary: the moment software is about to turn time into committed application state. For workflows integrated through the GAL-2 Time Contract, Y2038-style timestamp failures can be governed, blocked, degraded, held over, or failed closed before unsafe time becomes irreversible state.

Reference loss and recovery

Hold, rejoin, or fail closed.

When upstream timing becomes stale, unavailable, degraded, or returns out of phase, GAL-2 can preserve bounded monotonic continuity where policy allows, perform controlled rejoin, or stop protected operations before unsafe time becomes committed state.

Claim boundary: GAL-2 does not replace platform-level Y2038 remediation such as 64-bit time migration, operating system updates, firmware replacement, database schema changes, or legacy binary remediation. GAL-2 operates at a different layer: it governs whether time can safely become application state. For applications and workflows integrated through the GAL-2 Time Contract, GAL-2 helps prevent Y2038-style timestamp failures, leap-second-like discontinuities, stale references, and unsafe recovery behavior from becoming committed state. Platform updates fix the clock layer. GAL-2 protects the state layer.

Evaluator release available

Run the Time Contract locally.

GAL-2 Time Contract RC3.1 runs as a local daemon and exposes gal2_time, safe_to_consume, mode, reason, valid_until, monotonic_sequence, and source_lineage through a local application-facing contract.

Local contract endpoint http://127.0.0.1:9095/contract
Activation GAL-2 API key required
Release status Limited Availability evaluator release

Precision protects the reference. GAL-2 protects the consumer.

Get API key + downloads Quickstart Documentation

Activation requires a GAL-2 API key. macOS + Linux evaluator packages, SHA256, GPG verification, installation steps, and full notices are available on the Pricing and Documentation pages.

Validation Evidence

Raw time keeps going. GAL-2 knows when to stop.

The Red Light Test compares a raw-time application path against a GAL-2-aware path that commits state through the Time Contract. When time is declared unsafe, the GAL-2 path blocks protected operations before unsafe time becomes application state.

Raw application path

Committed through unsafe time

20 total events
20 raw commits
6 unsafe commits
GAL-2 Time Contract path

Governed before commit

14 allowed commits
6 unsafe operations blocked
0 unsafe GAL-2 commits
Result: PASS

Under the declared unsafe window, the raw path kept committing. The GAL-2 path allowed safe operations, blocked unsafe operations, and produced zero unsafe commits.

The Time Contract answers the operational question:

Can this governed time safely become application state right now?

This is application-facing temporal safety evidence, not a UTC accuracy or metrology claim.

View Validation Read Time Contract Docs

Claim Boundary

Where GAL-2 sits in the timing stack.

GAL-2 Time Contract is evaluated as an application-facing temporal governance layer. It does not replace the global timing stack. It governs how software consumes time before that time becomes application state.

Boundary
  • Not a metrology certification.
  • Not a nanosecond or microsecond accuracy claim.
  • Not a replacement for UTC, GNSS, PTP, NTP, chrony, atomic clocks, grandmasters, or timing receivers.
  • Not a claim that physical reference infrastructure is no longer needed.
Demonstrated focus
  • Application-facing Time Contract behavior.
  • Governed consumption of gal2_time.
  • Monotonic continuity for contract consumers.
  • Bounded holdover, controlled rejoin, and fail-closed semantics under policy.
  • Y2038 application-state remediation at the commit boundary.
  • Auditable runtime fields: mode, reason, validity, sequence, and lineage.

Keep your timing stack. Add GAL-2 where time becomes application state.

Evidence integrity

Validation artifacts are sealed, scanned, and reproducible.

GAL-2 public validation packages are prepared with SHA-256 manifests, secret scans, public-safe artifacts, and reproducible evidence trails for technical review.

Public-safe artifacts

Scanned

SHA-256 manifests

Sealed

Validation packages

Published

View Public Validation Solstice 7D DOI 5-Day DOI
image of teacher using a smartboard for edtech

Stop unsafe commits before they happen

When timing conditions degrade, GAL-2 helps protected applications block, defer, or fail closed before unsafe timestamps become committed state.
image of gps device in truck cab

Recover without raw time shock

When the reference returns, GAL-2 supports controlled rejoin so applications are not forced to consume abrupt recovery behavior directly.

Application-facing temporal governance

Continuity when time becomes unsafe.

GAL-2 Time Contract helps protected applications preserve ordering, continuity, and state safety across LIVE, HOLDOVER, REJOIN, DEGRADED, FAIL_CLOSED, and restart conditions.

Your timing stack delivers time. GAL-2 governs whether software should consume it.

What is the core benefit?

GAL-2 helps applications consume governed time instead of raw time, reducing the risk that unsafe timing conditions become committed state.

How does GAL-2 govern time consumption?

GAL-2 uses a protected temporal governance core behind the API and exposes the result through a local Time Contract. Applications receive gal2_time, safe_to_consume, mode, reason, validity, sequence, and lineage before acting.

What happens when timing degrades?

GAL-2 can enter bounded holdover, preserve monotonic behavior for contract consumers, perform controlled rejoin when the reference returns, or fail closed when safe consumption can no longer be justified.

Who should evaluate GAL-2?

Teams operating distributed applications where ordering, ledgers, logs, caches, authorization, workflows, audit trails, Y2038 boundaries, or recovery behavior depend on safe time consumption.

Is integration straightforward?

Yes. GAL-2 Time Contract runs locally as a daemon, is backed by the GAL-2 API, and complements existing GNSS, PTP, NTP, chrony, cloud, blockchain, IoT, and production infrastructure.

Vision

GAL-2 originated from a deeper inquiry into temporal continuity, governed time, fractal structure, solar alignment, and public witness.

Read the Vision →
Validation · Docs · Whitepaper · Pricing · Vision
GAL-2 Time Contract Layer · Powered by AWS · Verified Apple Developer ID XWFX4JS9C2 · Local contract endpoint 127.0.0.1:9095/contract
Public evidence: RC4 72h Holdover · 5-Day Adversarial · Solstice 7D · SHA-256 sealed validation artifacts
© 2026 GAL-2™ Technologies LLC. All rights reserved. · Application-facing Time Contract infrastructure · Terms of Service · Privacy Policy · support@gal-2.com GAL-2 governs whether software should consume time before committing state. It is not a replacement for UTC, GNSS, PTP, NTP, chrony, atomic clocks, grandmasters, hardware clocks, or existing timing infrastructure.