Governed Time Path
Applications consume gal2_time through a Time Contract instead of trusting raw time directly.
Temporal Circuit Breaker
When time becomes stale, degraded, unavailable, or unsafe, GAL-2 holds, rejoins, or fails closed before bad time becomes state.
Works With Your Timing Stack
Complements GNSS, PTP, NTP, chrony, grandmasters, cloud systems, and existing infrastructure at the application boundary.
Application-facing Time Contract
How GAL-2 works
GAL-2 becomes the governed time path your application calls before time becomes committed state.
Run the local daemon
Deploy the GAL-2 Time Contract daemon beside your application, using your existing timing stack as the upstream reference path.
Request governed time
Your application calls the local /contract endpoint and receives gal2_time plus runtime contract metadata.
Commit only through the contract
Use gal2_time for protected state-changing operations. If safe_to_consume is false, block or defer those operations instead of silently falling back to raw time.
curl -s http://127.0.0.1:9095/contract
The Time Contract answers the question that raw clocks do not.
Not only “what time is it?” but whether that governed time can safely become application state right now.
gal2_time
safe_to_consume
valid_until
mode
reason
monotonic_sequence
source_lineage
Your timing stack delivers time. GAL-2 governs how applications consume it before it becomes state.
Why it matters
Raw time can become application state silently.
GAL-2 gives applications a governed boundary before time is trusted, written, ordered, logged, or committed.
Timing faults can pass straight into production.
- Backward clock steps can break ordering.
- Stale references can be consumed as normal.
- Recovery events can shock the application.
- Dashboards may detect the issue after bad time was already committed.
Time is governed before the application trusts it.
- Applications consume
gal2_timeinstead of raw time. - Monotonic behavior is preserved for contract consumers.
- GAL-2 can enter bounded holdover when policy allows.
- Controlled rejoin and fail-closed behavior protect committed state.
Time-boundary failures
Built for the moments where time breaks software.
GAL-2 Time Contract is designed for application paths that cannot blindly trust raw time during discontinuities, legacy timestamp boundaries, reference loss, stale time, recovery events, or timing behavior that can corrupt ordering and committed state.
Do not let time jumps become state.
Leap seconds and similar discontinuities can create brittle application behavior when software
assumes raw time is always safe. GAL-2 gives protected applications a governed path through
gal2_time, validity, mode, reason, sequence, and fail-closed semantics.
Govern the edge before legacy time fails.
Y2038-style failures happen when legacy consumers cannot safely handle raw timestamp boundaries. GAL-2 can be evaluated as a governed consumption layer for selected legacy workflows, mediating how time reaches the application instead of exposing brittle consumers directly to raw time.
Hold, rejoin, or fail closed.
When upstream timing becomes stale, unavailable, degraded, or returns out of phase, GAL-2 can preserve bounded monotonic continuity where policy allows, perform controlled rejoin, or stop protected operations before unsafe time becomes committed state.
GAL-2™ Time Contract
Download the application-facing Time Contract.
GAL-2 Time Contract RC3.1 is a local daemon that exposes gal2_time
and runtime contract semantics for applications that need governed time consumption,
bounded holdover, controlled rejoin, and fail-closed behavior.
Precision protects the reference. GAL-2 protects the consumer.
RC3.1 is intended for developer pilots, architecture review, controlled technical validation, and non-production evaluation. Activation requires a valid GAL-2 API key.
This release is provided AS IS and AS AVAILABLE. It is not certified for production critical infrastructure, safety-critical systems, regulated trading, medical systems, aviation, emergency services, life-support systems, nuclear facilities, weapons systems, or other high-risk environments without a separate written agreement with GAL-2 Technologies LLC.
What applications consume
Applications call the local Time Contract and consume gal2_time with
safe_to_consume, valid_until, mode,
reason, monotonic_sequence, and source_lineage.
Contract behavior
The contract can operate in LIVE, DEGRADED, HOLDOVER, REJOIN, WARMING, or FAIL_CLOSED. When policy can no longer justify safe consumption, protected operations should not proceed through the GAL-2 contract path.
Architecture boundary
The local daemon is the contract layer. The GAL-2 API and protected core remain upstream. The daemon reconciles with the API when available, preserves local continuity when policy allows, and exposes governed time before applications commit state.
Claim boundary
GAL-2 Time Contract does not replace UTC, GNSS, PTP, NTP, TAI, chrony, atomic clocks, grandmasters, or timing receivers. It complements them at the application boundary.
Quickstart for macOS
Install the notarized macOS package, add your GAL-2 API key, restart the LaunchDaemon, and verify the local Time Contract.
1. Install the macOS package
Open GAL2-TimeContract-RC31-macos-arm64-founder-notarized.pkg and complete the installer.
2. Add your API key
printf "Enter GAL-2 API key: " stty -echo IFS= read -r GAL2_API_KEY stty echo printf "\n" sudo mkdir -p /usr/local/gal2/config printf "GAL2_API_KEY=%s\nGAL2_API_URL=https://api-v2.gal-2.com/time\nGAL2_BIND_HOST=127.0.0.1\nGAL2_BIND_PORT=9095\n" "$GAL2_API_KEY" | sudo tee /usr/local/gal2/config/daemon.env >/dev/null sudo chmod 600 /usr/local/gal2/config/daemon.env sudo chown root:wheel /usr/local/gal2/config/daemon.env unset GAL2_API_KEY
3. Restart the daemon
sudo launchctl kickstart -k system/com.gal2.daemon
4. Check status
curl -s http://127.0.0.1:9095/status | python3 -m json.tool
5. Check the local Time Contract
curl -s http://127.0.0.1:9095/contract | python3 -m json.tool
6. Run GAL-2 Doctor
/usr/local/gal2/bin/gal2-doctor-rc3/gal2-doctor-rc3 --base-url http://127.0.0.1:9095
Expected after activation
"schema": "gal2-daemon-time-contract-v1" "version": "1.0.0-contract-rc3" "mode": "LIVE" "safe_to_consume": true "reason": "fresh_api_sync"
After install or restart, the daemon may briefly return REJOIN with reason controlled_rejoin_slew_active. That is expected. GAL-2 is reconciling without stepping time backward.
Quickstart for Linux
Download the signed Linux release, verify SHA256 and GPG signature, extract, install, activate, and verify the local Time Contract.
1. Download the release and verification files
curl -O https://gal2-marketplace-assets.s3.amazonaws.com/public/time-contract/v1.0.0-rc3.1/downloads/linux/GAL2-TimeContract-RC31-linux-installer-friendly-20260504.tar.gz curl -O https://gal2-marketplace-assets.s3.amazonaws.com/public/time-contract/v1.0.0-rc3.1/downloads/linux/GAL2-TimeContract-RC31-linux-installer-friendly-20260504.tar.gz.sha256.txt curl -O https://gal2-marketplace-assets.s3.amazonaws.com/public/time-contract/v1.0.0-rc3.1/downloads/linux/GAL2-TimeContract-RC31-linux-installer-friendly-20260504.tar.gz.asc curl -O https://gal2-marketplace-assets.s3.amazonaws.com/public/time-contract/v1.0.0-rc3.1/downloads/linux/GAL2_RC31_LINUX_RELEASE_PUBLIC_KEY.asc
2. Verify SHA256
shasum -a 256 GAL2-TimeContract-RC31-linux-installer-friendly-20260504.tar.gz cat GAL2-TimeContract-RC31-linux-installer-friendly-20260504.tar.gz.sha256.txt
Expected SHA256
3c0eb646e0c95ce9c7344c1b742b6bf4039a2d1b82dd1d192fdf2a2735190eb2
3. Verify GPG signature
gpg --import GAL2_RC31_LINUX_RELEASE_PUBLIC_KEY.asc gpg --verify GAL2-TimeContract-RC31-linux-installer-friendly-20260504.tar.gz.asc GAL2-TimeContract-RC31-linux-installer-friendly-20260504.tar.gz
4. Extract and install
tar -xzf GAL2-TimeContract-RC31-linux-installer-friendly-20260504.tar.gz cd GAL2_TimeContract_RC31_LINUX_INSTALLER_FRIENDLY_20260504 sudo ./scripts/install.sh
5. Activate with API key
sudo ./scripts/activate.sh
6. Check status
curl -s http://127.0.0.1:9095/status | python3 -m json.tool
7. Check the local Time Contract
curl -s http://127.0.0.1:9095/contract | python3 -m json.tool
8. Run GAL-2 Doctor
/usr/local/gal2/bin/gal2-doctor --base-url http://127.0.0.1:9095
Expected after activation
mode: LIVE reason: fresh_api_sync safe_to_consume: true
Without an API key and without cache, Linux should report WARMING, reason warming_no_cache, and safe_to_consume=false.
Bounded application-facing continuity
Monotonic application-facing continuity
Works with Existing Timing Stacks
Technical Support
Preserve continuity, ordering, and resilience across modern distributed systems with software-defined temporal governance.
Validation Evidence
Red Light Test v2
Raw time keeps going. GAL-2 knows when to stop.
The Red Light Test demonstrates the difference between an application that consumes raw time and an application that commits state through the GAL-2 Time Contract.
The test is not a clock-accuracy claim. It shows application-facing consumption control: when time becomes unsafe, the GAL-2 contract path can block protected operations before unsafe time becomes committed state.
gal2_time only through governed contract semantics.
The Time Contract does not only ask:
What time is it?It asks the operational question:
Can this governed time safely become application state right now?Committed through unsafe time
Governed before commit
The GAL-2 path preserved the contract boundary: allowed safe operations, blocked unsafe ones, and produced auditable contract behavior.
Precision protects the reference. GAL-2 protects the consumer.
Your timing stack delivers time. GAL-2 governs how applications consume it before it becomes state.
Claim Boundary
What GAL-2 proves, and what it does not claim.
GAL-2 Time Contract is evaluated as an application-facing temporal governance layer. The focus is governed consumption behavior, not replacing the global timing stack.
- Not a metrology certification.
- Not a nanosecond or microsecond accuracy claim.
- Not a replacement for UTC, GNSS, PTP, NTP, chrony, TAP, atomic clocks, grandmasters, or timing receivers.
- Not a claim that upstream time becomes more precise.
- Application-facing Time Contract behavior.
- Governed consumption of
gal2_time. - Monotonic continuity for contract consumers.
- Bounded holdover, controlled rejoin, and fail-closed semantics under policy.
- Auditable runtime fields: mode, reason, validity, sequence, and lineage.
Keep your timing stack. Add GAL-2 where time becomes application state.
Evidence status
Public asset package created, scanned, hashed, and sealed locally.
Package SHA256:
0d74fd26dc0d62b6c812cc940b9a020ef9f142852d7e33f898ec1bc300f81aae
Public name scan: PASS
Public secret scan: PASS
Package hash verification: OK
Governed time consumption.
Time delivered by your stack. Safety governed by GAL-2.
Application-Facing Time Boundary
Applications consume gal2_time through a Time Contract before raw time becomes trusted state.
Works With Existing Timing
Complements GNSS, PTP, NTP, chrony, grandmasters, cloud systems, blockchain, IoT, and distributed applications.
Bounded Continuity
When upstream time degrades, GAL-2 can preserve monotonic behavior through policy-limited holdover and controlled rejoin.
Fail-Closed Protection
When GAL-2 cannot justify safe consumption, protected state-changing operations should block or defer instead of trusting unsafe time.
![[digital project]](https://cdn.prod.website-files.com/685afad17f3992f181741fec/685afbdb03a0066fc64dd8a4_380bdb8f-1635-426d-9ed9-7ce1fbcc6e55.avif)
