GAL-2™ Time Contract

Temporal Circuit Breaker for Production Systems

Application-facing temporal governance for production timing stacks. Your timing stack delivers time. GAL-2 governs whether applications should consume it.

Checking GAL-2 status…
GAL-2 Red Light Test

Raw time keeps going. GAL-2 knows when to stop.

A controlled application‑facing time safety test showing how GAL-2 helps software decide whether time is safe to consume before it becomes committed system state.

View Result Summary Evidence Boundary
The problem

Time delivery and time trust are not the same layer.

Modern systems often assume that if a timestamp is available, it is safe to use. That assumption can fail during degraded timing conditions, stale references, recovery windows, local clock faults, upstream loss, holdover, or rejoin events.

GAL-2 focuses on the missing boundary between delivered time and committed digital state. The question is not only how precise the clock is. The question is whether the application should trust that time right now.

Test model

Raw path versus governed path.

Two application paths are compared.

  • A raw application path commits state using available time.
  • A GAL-2 governed path checks the local Time Contract before committing state.
  • The key contract field is safe_to_consume.
  • If the contract is unsafe, the governed path can block, pause, degrade, alert, or fail closed before unsafe time becomes committed state.
Initial reproducible harness result: PASS

Unsafe raw commits were blocked by the GAL-2 governed path.

In the initial reproducible Red Light Test v3 harness, the raw application path committed during the declared unsafe window. The GAL-2 governed path blocked those unsafe operations according to policy.

20 Raw commits
6 Raw unsafe commits
6 GAL-2 blocked unsafe operations
0 GAL-2 unsafe commits
The result demonstrates policy enforcement at the application boundary. It should be interpreted within the declared test scope.
Time Contract

The application receives more than a timestamp.

GAL-2 exposes a local Time Contract that describes the trust condition around time consumption. This allows applications to act on policy rather than accepting raw time blindly.

safe_to_consume
mode
reason
health
source_lineage
valid_until
monotonic_sequence
holdover_state
rejoin_state
operational_bound_ms
Evidence boundary

This test measures application‑facing temporal safety behavior.

This test measures application‑facing temporal safety behavior, not clock accuracy. Clock accuracy, offset, traceability, drift, and precision should be evaluated in separate timing‑characterization tests.

GAL-2 complements existing timing infrastructure by governing application‑facing consumption of time under declared policy. It does not replace UTC, GNSS, PTP, NTP, chrony, TAP, atomic clocks, timing appliances, or timing receivers.

Reproducibility

Evidence is being packaged for external review.

The Red Light Test evidence path includes a reproducible harness with policy, scenario plan, application event logs, contract snapshots, summary output, findings, mitigations, and SHA-256 hashes.

The next step is external reproduction and stricter adversarial timing characterization, including real daemon impairment scenarios such as upstream loss, holdover expiry, rejoin behavior, and fail-closed transitions.

GAL-2 separates time delivery from time trust.

Timing infrastructure delivers time. GAL-2 helps applications determine whether that time is safe to consume before it becomes committed state.

View Documentation View Validation
Powered by AWS · Verified Apple Developer ID XWFX4JS9C2 · Scientific record: Zenodo 17351150
© 2026 GAL-2™ Technologies LLC. All rights reserved. · Global Alignment Layer | Fractal Time · Terms of Service · Privacy Policy · support@gal-2.com