Application-facing temporal governance for production timing stacks. Your timing stack delivers time. GAL-2 governs whether applications should consume it.
Technical documentation
GAL-2™ is an application-facing temporal governance platform born from Fractal Time research.
Its current product surface is the GAL-2 Time Contract: a local daemon and API-backed contract path
that serves governed gal2_time so applications can consume time under explicit policy,
validity, mode, reason, sequence, and lineage.
Applications call /contract and consume gal2_time instead of trusting raw time directly for protected operations.
GAL-2 can operate across LIVE, DEGRADED, HOLDOVER, REJOIN, WARMING, and FAIL_CLOSED states.
GAL-2 complements UTC, GNSS, PTP, NTP, chrony, atomic clocks, grandmasters, and timing receivers at the application boundary.
GAL-2 is organized as a modular temporal governance architecture. Public interfaces expose governed outputs and contract behavior. Internal modules coordinate correction, routing, pacing, coherence, and operational continuity without exposing protected implementation details.
Coordinates correction logic and alignment between internal time representations and external system interfaces.
Provides adaptive routing and access coordination between GAL-2 components and connected systems.
Manages pacing and timing emission concepts used to support consistent system behavior.
Handles coordination and alignment across distributed nodes and internal processes.
Acts as an internal control and orchestration layer responsible for coherence and operational continuity.
Exposes governed gal2_time with safety, validity, mode, reason, sequence, and lineage for consuming applications.
GAL-2 is built on a fractal-based theoretical framework that treats time as a governed system property, not merely as a raw hardware signal. The model informs how GAL-2 reasons about continuity, correction, bounded behavior, and safe consumption under degraded or changing timing conditions.
Public documentation focuses on observable behavior and integration semantics. GAL-2 does not publish the protected formula, internal correction implementation, or backend decision logic. The current external product surface is the Time Contract, not a directly callable mathematical formula.
Conceptual flow, public-safe: input: upstream reference context last known good GAL-2 state local daemon state policy limits internal: protected GAL-2 correction and continuity logic mode transition logic validity and lineage evaluation output: gal2_time safe_to_consume valid_until mode reason monotonic_sequence source_lineage
GAL-2 is designed to integrate alongside existing timing infrastructure, including GNSS, NTP, PTP, chrony, cloud systems, and enterprise timing stacks. It does not require customers to remove their existing reference layer.
The recommended integration pattern is to run the local GAL-2 Time Contract daemon near the application.
Protected application workflows call the local /contract endpoint and use gal2_time
only when the contract allows consumption.
curl -s http://127.0.0.1:9095/contract | python3 -m json.tool
The Time Contract returns governed time and runtime semantics. gal2_time appears first because
it is the output the application consumes. The remaining fields explain whether that output is safe,
why, until when, and through what lineage.
{
"gal2_time": "2026-05-14T16:20:30.123456Z",
"reference_time": "2026-05-14T16:20:30.120000Z",
"safe_to_consume": true,
"valid_until": "2026-05-14T16:21:00.123456Z",
"mode": "LIVE",
"health": "green",
"reason": "fresh_api_sync",
"monotonic_sequence": 1842,
"source_lineage": ["gal2_api", "gal2_daemon", "contract_v1"]
}
gal2_timereference_timesafe_to_consumegal2_time is safe under policy, mode, validity, and lineage.valid_untilmodereasonmonotonic_sequencesource_lineageLIVEsafe_to_consume=true and the contract is valid.DEGRADEDHOLDOVERREJOINFAIL_CLOSEDWARMINGGAL-2 protects consumers of the Time Contract. If an application reads raw system time through another side path and uses it for protected commits, that behavior is outside the GAL-2 protection boundary.
contract = get_time_contract()
if contract.safe_to_consume and current_time() <= contract.valid_until:
commit_with_timestamp(contract.gal2_time)
else:
block_or_defer_protected_operation(contract.mode, contract.reason)
Public endpoints are designed for contract consumption, observability, and integration. They do not expose protected correction logic, tuning parameters, private formulas, or authoritative backend decision mechanisms.
Primary local endpoint: GET http://127.0.0.1:9095/contract Common local checks: GET http://127.0.0.1:9095/status GET http://127.0.0.1:9095/health
On macOS RC3.1, the expected local configuration path is:
/usr/local/gal2/config/daemon.env
GAL-2 validation focuses on application-facing behavior: monotonicity for contract consumers, bounded holdover, controlled rejoin, fail-closed semantics, source lineage, and auditable evidence. Public evidence should not be read as a claim that GAL-2 replaces certified metrology references or improves upstream physical precision.
Real daemon impairment evidence shows GAL-2 transitioning through
LIVE, HOLDOVER, DEGRADED, and
FAIL_CLOSED under controlled upstream impairment, with
safe_to_consume=false when safe consumption could no longer be justified.
See
Public Validation
.
Covers API-seeded authority, VM reboot recovery, sustained repeated GNU Make behavior, and tested discriminator paths including GNU Make i386 and BusyBox find.
Focused on two-node coherence and legacy-style boundary behavior under tested conditions.
Documents multi-node API-backed daemon behavior, monotonic observations, and a short upstream interruption handled through holdover and clean rejoin semantics.
GAL-2 performance should be evaluated per deployment. Public benchmark summaries should avoid unsupported precision claims. Serious pilots should measure local daemon latency, contract-call p50 and p95, false-positive rate, holdover behavior, rejoin timeline, and raw application versus GAL-2-aware application behavior under the same impairment.
gal2_time moves backward for contract consumers.GAL-2 operates in a different layer than traditional synchronization systems. UTC, GNSS, NTP, PTP, chrony, grandmasters, and atomic references help define, discipline, or distribute time. GAL-2 governs how applications consume time before it becomes state.
gal2_time and contract semantics so protected applications can continue within policy, rejoin under control, or fail closed.GAL-2 is designed for systems where time becomes state and unsafe timestamps can cause operational, financial, forensic, or distributed-system damage.
Helps protect ordering-sensitive writes, reconciliation, and audit trails when raw time becomes unsafe.
Provides governed behavior when external timing references are degraded, intermittent, unavailable, or recovering.
Supports explicit contract states for nodes that may operate through isolation, reconnection, and local restart.
Logs mode, reason, validity, sequence, and lineage alongside protected operations for post-event review.
Complements existing timing stacks by governing consumption near the software commit path.
Can be evaluated for selected legacy time-boundary workflows without claiming universal Y2038 remediation.
GAL-2 is designed to work with modern enterprise security practices and controlled deployment models. Production serving requires a valid API key. Public interfaces expose contract behavior while protected core logic remains server-side.
GAL-2 is designed to operate alongside established timing and networking standards. It does not replace NTP, PTP, GNSS, UTC, chrony, atomic clocks, grandmasters, timing receivers, or national metrology references.
For regulated or critical environments, GAL-2 should be evaluated through controlled pilots, documented policies, evidence packages, and separate written agreements before any production-critical use.
GAL-2 releases should evolve through controlled versioning. Frozen releases should not be modified silently. Any change to schema, behavior, installer, package, signing, daemon semantics, or public contract fields should create a new release marker.
gal2_time: The governed timestamp applications consume through GAL-2.safe_to_consume: Whether gal2_time is safe under current policy, mode, validity, and lineage.