Your timing stack delivers time. GAL-2 governs whether software should consume it before committing application state through a local Time Contract policy surface.
RC5.8 is an enterprise pilot candidate and public technical preview for application-facing Time Contracts. It exposes the local daemon, the Time Contract endpoint, the RC4-derived 72-hour holdover policy boundary, and IXOYE as an advisory out-of-band witness surface.
RC5.8 moves the Time Contract closer to a customer-facing evaluation package. It gives evaluators a concrete local policy surface at 127.0.0.1:9095/contract, where applications can inspect safe_to_consume, mode, valid_until, lineage, continuity, and uncertainty basis before committing state.
This matters because GAL-2 is not asking teams to replace UTC, GNSS, PTP, NTP, chrony, grandmasters, hardware clocks, or operating-system time. GAL-2 adds a governed application-facing decision layer where raw time becomes software state.
RC5.8 also exposes IXOYE as an advisory witness surface at 127.0.0.1:9095/witness. IXOYE observes contract evidence out-of-band, but it does not source time, act as fallback, govern policy, or decide safe_to_consume.
Public Evidence Chain
Pre-registered adversarial run with public results package
GAL-2 Time Contract v1.0 completed a 5-day adversarial characterization under controlled upstream interruption conditions.
The run evaluated application-facing temporal governance behavior, including LIVE, HOLDOVER, DEGRADED, REJOIN, and FAIL_CLOSED states.
The official collector completed cleanly with 14,397 contract samples and 14,397 consumer rows. During the hard interruption phase, GAL-2 entered FAIL_CLOSED with health=red and safe_to_consume=false after hard policy expiration.
Claim boundary: This evidence evaluates application-facing Time Contract behavior under controlled upstream interruptions. It is not a UTC replacement claim, GNSS/PTP/NTP replacement claim, metrological accuracy claim, or long-duration autonomous holdover claim.
A layered public evidence trail showing how GAL-2 moves from legacy mediated-time continuity into application-boundary commit protection, local multi-substrate durability, local Postgres gating, local latency characterization, and controlled GAL-2 Time authority beyond the signed 32-bit Unix time boundary. The model is not “GAL-2 patches every legacy machine.” The model is: keep the minimum substrate alive, move operational time authority to GAL-2, and protect the workflow before broken time becomes committed state.
GAL-2 does not claim to keep a failed 32-bit kernel, firmware, filesystem, database engine, or host operating system alive by itself.
GAL-2 operates where a protected workflow can still execute, or where a bridge, wrapper, gateway, daemon, or external integration layer can consume the Time Contract.
Under that model, GAL-2 moves operational time authority away from signed-32 Unix time and into governed GAL-2 Time.
Minimum substrate stays alive. GAL-2 governs time authority. Protected workflows keep operating.
Legacy 32-bit execution paths were evaluated beyond the raw Y2038 boundary using GAL-2 API-seeded temporal continuity.
This package documents mediated-time behavior in legacy post-2038 scenarios where tested legacy-style execution paths continued operating in cases where raw execution paths failed.
Interpretation: evidence of legacy survivability and continuity for tested binary execution paths. Not a universal claim for every legacy binary, operating system, or execution environment.
This package extends the prior Y2038 corpus from legacy mediated-time behavior into application-boundary protected commit behavior.
In the tested single-host SQLite scenario, the raw path committed unsafe Y2038-style time-derived state. The GAL-2 protected path checked the Time Contract gate and the declared Y2038 safety policy gate before durable commit, blocking unsafe inputs before they became durable application state.
Claim boundary: application-boundary protected commit evidence. Not universal Y2038 remediation, not operating system, kernel, filesystem, database engine, or distributed-system remediation, not production throughput or latency evidence, not metrology, and not UTC, GNSS, PTP, NTP, or chrony replacement.
This package extends protected commit evidence from a single SQLite substrate to a local multi-substrate scenario using SQLite and an append-only JSONL ledger.
The raw path committed unsafe Y2038-style state into both tested substrates. The GAL-2 protected path produced zero unsafe commits across SQLite and JSONL.
Cross-substrate consistency means data parity: the same logical safe commits appear in both tested substrates, and unsafe inputs are absent from both GAL-2 protected substrates. It does not claim transactional atomicity, two-phase commit, rollback coordination, distributed transactions, or atomic cross-substrate recovery.
Claim boundary: local multi-substrate application-boundary protected commit evidence using SQLite and append-only JSONL. Not universal Y2038 remediation, not distributed-system remediation, not production throughput or latency evidence, not transactional atomicity evidence, not metrology, and not UTC, GNSS, PTP, NTP, or chrony replacement.
This package extends the protected commit evidence into a local Postgres database substrate. It evaluates whether unsafe Y2038-style time-derived state can be blocked before becoming durable Postgres application state.
In the tested single-host local Postgres scenario, the raw path committed unsafe Y2038-style records into Postgres. The GAL-2 protected path blocked all unsafe inputs and committed all safe inputs.
Claim boundary: local Postgres application-boundary protected commit evidence. Not universal Y2038 remediation, not operating system, kernel, filesystem, database engine, or distributed-system remediation, not replication evidence, not multi-node behavior, not multi-writer behavior, not transactional atomicity across multiple systems, not production performance evidence, not metrology, and not UTC, GNSS, PTP, NTP, or chrony replacement.
This package characterizes local raw path latency, GAL-2 protected path latency, local Time Contract fetch latency, safe commit latency, unsafe block latency, and p50 / p95 / p99 behavior across SQLite, append-only JSONL, and local Docker Postgres.
127.0.0.1:9095/contract. It measures local daemon latency, not
a direct public API round-trip to api-v2.gal-2.com.
docker exec psql overhead and should not be interpreted as
production libpq, connection-pooled, or networked database latency.
Claim boundary: local latency and throughput characterization only. Not production throughput evidence, not production latency evidence, not distributed-system performance evidence, not a capacity benchmark, not metrology, and not UTC, GNSS, PTP, NTP, or chrony replacement evidence.
This package documents a controlled GAL-2 RC4 Time Contract engine characterization across the signed 32-bit Unix time boundary.
A copied GAL-2 RC4 Time Contract engine was run as a local sandbox with a
controlled Y2038 test clock. The engine produced governed GAL-2 Time Contract
output beyond 2038-01-19T03:14:07Z for a 30-minute
post-boundary characterization window.
Final result:
PASS_Y2038_RC4_SANDBOX_30MIN_POST_BOUNDARY_CONTINUITY.
The run also verified safe_to_consume, contract_hash,
required Time Contract fields, and source lineage declaring
gal2_fractal_time_authority, rc4_contract_engine,
and y2038_controlled_clock.
Together with prior Docker linux/386 raw signed-32 failure evidence and real-daemon consumer-gate evidence, this layer supports the bounded claim that GAL-2 provides an operational continuity path for protected legacy workflows by moving operational time authority away from signed-32 Unix time and into governed GAL-2 Time.
Claim boundary: controlled application-facing Time Contract continuity evidence. This package does not claim that GAL-2 patches arbitrary unmodified legacy binaries from the inside. It does not claim that the production AWS/API authority crossed 2038. It is not platform-level Y2038 remediation, production SLA evidence, UTC accuracy certification, or metrology certification.
The Y2038 corpus documents a progression from mediated-time continuity to protected application-state behavior, local multi-substrate durability, Postgres commit gating, local latency characterization, and controlled GAL-2 Time authority beyond the signed 32-bit Unix time boundary. Each layer is published with a strict claim boundary, independent verification artifacts, public-safe packaging, and reproducible evidence records.

Compared to standard NTP, GAL-2™ compresses offsets and increases stability across servers worldwide.

demonstrating application-facing temporal safety behavior under declared policy, while complementing existing timing infrastructure.

Historical integrity records
These public hashes are preserved as integrity records for specific historical GAL-2 validation artifacts. They are not standalone performance claims. Each hash should be read as evidence that the referenced artifact existed in a sealed form at the time of publication.
File
verify_20250929T203008Z.txtSHA512
8b262ed2970a5afc7d041181be581c4c304eb2c1aa7bd6fbe6e47b6f6e4cd79829c0848e0861da679402756fe5a3ad16c6c4b6647791f246b769e8d7c0cd50a4
S3 VersionId
DeSp8N0Gal8gvXJrafguMiBbgl7J9nyR
File
gal2_nopano_manifest_20250929.jsonSHA512
43c99d07810f76ff4fff79b3035fd710639067fda5362c9fa1e2a2cc48abdbb4d3aef5ee60fa4a894c2eaff6419309ea
S3 VersionId
aSmv9u3z_QciikmHVZ68fQuBvd9mguiu
File
verify_20250930T151405Z.txtSHA512
a48467f3bbd8968953614080eb0330333962a987704de1c2fbe75779d60b4e79b0f3ca6df732aad5610a9c6bf88bc005
S3 VersionId
y0A0_spIptQtdTgGyrS.3JKOy.5Wccpx
File
gal2_manifest_2025-09-30_151423Z.jsonSHA512
f6ad0ccfb8c8cffb8166e4d59a8d878f
S3 VersionId
CFShof.AOaRnU_fdtiFoQJ1GShOTfy3Z
Verification
Anyone can verify a referenced file by downloading the manifest or evidence artifact, calculating its SHA512 hash, and comparing the result to the value published here.
sha512sum <file>

The full 7-day GNSS-denied dataset is publicly archived on Zenodo for independent review and replication.
https://doi.org/10.5281/zenodo.18018704
Dataset content is immutable and independently hosted.
Local Daemon Continuity Pack-Monotonic application-facing continuity observed across restart, holdover, and rejoin conditions
On 2026-04-21, GAL-2 local daemon tests on macOS showed 0 backward steps across sequential reads, concurrent reads, forced daemon restarts, and induced upstream-loss holdover testing. The daemon remained continuously available through holdover and returned to live mode without temporal rollback.Highlights5,000 sequential reads, 0 backward steps
10,000 parallel reads, 0 backward steps
5 forced daemon restarts, 0 backward steps
300/300 successful holdover test responses
600/600 successful 10-minute daemon probe responsesDOIDOI: 10.5281/zenodo.19684054IntegritySHA-256: 0eb2fcb347e3025443aaa224340c45d0e179a666fe41ae70cc98ac0b58a3c142Honest noteThis package supports continuity and resilience claims.
10.5281/zenodo.1968405472h steady-state observation: node-specific GAL-2-to-UTC relation held within 1 μsIn the 72-hour steady-state dataset, the observed GAL-2-to-UTC relation remained stable within 1 μs per node while preserving a node-specific constant offset.This is evidence of node-specific steady-state relation stability under the tested conditions. It is not a public claim of universal one-microsecond absolute accuracy, certified UTC traceability, or replacement of metrology-grade timing references.Honest note:
The result supports steady-state stability of the observable GAL-2-to-UTC relation, not a universal precision guarantee.
Strict ordering preserved under leap-second-like discontinuities
GAL-2 preserved a strictly increasing consumer path across 27 historical events under controlled authority-side raw_stepand backward_jump injection, with 54/54 passing runs, 0 backward steps, 0 duplicate steps, and 0 errors. Independent observation confirmed the same result. In separate production testing, the real GAL-2 API remained strictly increasing across 2000 direct polls with 0 backward steps, 0 duplicate steps, and 0 request errors.
Evidence: https://doi.org/10.5281/zenodo.19687840
Scope: Controlled architectural evidence plus real production API strict-ordering probe.