cloudflare · lukevalenta · May 1, 2026
@@ -16,6 +16,7 @@ members = [
     "crates/signed_note",
     "crates/signed_note_wasm",
     "crates/static_ct_api",
+    "crates/tlog_checkpoint",
     "crates/tlog_core",
     "crates/tlog_cosignature",
     "crates/tlog_tiles",
@@ -43,6 +44,7 @@ default-members = [
     "crates/signed_note",
     "crates/signed_note_wasm",
     "crates/static_ct_api",
+    "crates/tlog_checkpoint",
     "crates/tlog_core",
     "crates/tlog_cosignature",
     "crates/tlog_tiles",
@@ -126,6 +128,7 @@ signature = "3.0.0-rc.10"
 signed_note = { path = "crates/signed_note", version = "0.2.0" }
 static_ct_api = { path = "crates/static_ct_api", version = "0.2.0" }
 thiserror = "2.0"
+tlog_checkpoint = { path = "crates/tlog_checkpoint", version = "0.2.0" }
 tlog_core = { path = "crates/tlog_core", version = "0.2.0" }
 tlog_cosignature = { path = "crates/tlog_cosignature", version = "0.2.0" }
 tlog_tiles = { path = "crates/tlog_tiles", version = "0.2.0" }

@@ -21,6 +21,7 @@ sha2.workspace = true
 signed_note.workspace = true
 thiserror.workspace = true
 tlog_core.workspace = true
+tlog_checkpoint.workspace = true
 tlog_tiles.workspace = true
 x509-cert.workspace = true
 x509_util.workspace = true
@@ -9,8 +9,8 @@ use ed25519_dalek::{
 };
 use length_prefixed::WriteLengthPrefixedBytesExt;
 use signed_note::{KeyName, NoteError, NoteSignature, NoteVerifier};
+use tlog_checkpoint::{CheckpointSigner, CheckpointText, UnixTimestampMillis};
 use tlog_core::{Hash, LeafIndex};
-use tlog_tiles::{CheckpointSigner, CheckpointText, UnixTimestamp};
 
 use crate::{RelativeOid, ID_RDNA_TRUSTANCHOR_ID};
 
@@ -93,8 +93,8 @@ impl CheckpointSigner for MtcCosigner {
     /// Sign a checkpoint with the subtree cosigner. For checkpoints, the start index is always 0.
     fn sign(
         &self,
-        _timestamp_unix_millis: UnixTimestamp,
-        checkpoint: &tlog_tiles::CheckpointText,
+        _timestamp: UnixTimestampMillis,
+        checkpoint: &tlog_checkpoint::CheckpointText,
     ) -> Result<NoteSignature, NoteError> {
         let sig = self.sign_subtree(0, checkpoint.size(), checkpoint.hash())?;
         Ok(NoteSignature::new(self.name().clone(), self.key_id(), sig))
@@ -235,8 +235,8 @@ fn serialize_mtc_subtree_signature_input(
 #[cfg(test)]
 mod tests {
 
+    use tlog_checkpoint::{open_checkpoint, TreeWithTimestamp};
     use tlog_core::record_hash;
-    use tlog_tiles::{open_checkpoint, TreeWithTimestamp};
 
     use super::*;
     use signed_note::VerifierList;

@@ -24,9 +24,10 @@ use std::{
     num::ParseIntError,
 };
 use thiserror::Error;
+use tlog_checkpoint::UnixTimestampMillis;
 use tlog_core::{Hash, LeafIndex, Proof, Subtree, TlogError};
 use tlog_tiles::{
-    LogEntry, PathElem, PendingLogEntry, TlogTilesLogEntry, TlogTilesPendingLogEntry, UnixTimestamp,
+    LogEntry, PathElem, PendingLogEntry, TlogTilesLogEntry, TlogTilesPendingLogEntry,
 };
 use x509_cert::{
     certificate::Version,
@@ -123,11 +124,11 @@ pub struct AddEntryResponse {
     pub leaf_index: LeafIndex,
 
     /// The time at which the entry was added to the log.
-    pub timestamp: UnixTimestamp,
+    pub timestamp: UnixTimestampMillis,
 
     /// The validity period of the certificate.
-    pub not_before: UnixTimestamp,
-    pub not_after: UnixTimestamp,
+    pub not_before: UnixTimestampMillis,
+    pub not_after: UnixTimestampMillis,
 }
 
 /// Get-roots response. This is in the same format as the RFC 6962 get-roots
@@ -184,7 +185,7 @@ impl LogEntry for BootstrapMtcLogEntry {
         })
     }
 
-    fn new(pending: Self::Pending, leaf_index: LeafIndex, timestamp: UnixTimestamp) -> Self {
+    fn new(pending: Self::Pending, leaf_index: LeafIndex, timestamp: UnixTimestampMillis) -> Self {
         Self(TlogTilesLogEntry::new(pending.entry, leaf_index, timestamp))
     }
 

@@ -59,6 +59,7 @@ serde_json.workspace = true
 serde_with.workspace = true
 signed_note.workspace = true
 tlog_core.workspace = true
+tlog_checkpoint.workspace = true
 tlog_tiles.workspace = true
 worker.workspace = true
 x509-cert.workspace = true

@@ -4,7 +4,8 @@ use crate::{load_checkpoint_cosigner, load_origin, CONFIG};
 use bootstrap_mtc_api::BootstrapMtcPendingLogEntry;
 use generic_log_worker::{get_durable_object_name, CleanerConfig, GenericCleaner, CLEANER_BINDING};
 use signed_note::VerifierList;
-use tlog_tiles::{CheckpointSigner, PendingLogEntry};
+use tlog_checkpoint::CheckpointSigner;
+use tlog_tiles::PendingLogEntry;
 #[allow(clippy::wildcard_imports)]
 use worker::*;
 

@@ -27,10 +27,9 @@ use serde::{Deserialize, Serialize};
 use serde_with::{base64::Base64, serde_as};
 use signed_note::VerifierList;
 use std::time::Duration;
+use tlog_checkpoint::{open_checkpoint, CheckpointSigner, CheckpointText};
 use tlog_core::LeafIndex;
-use tlog_tiles::{
-    open_checkpoint, CheckpointSigner, CheckpointText, PendingLogEntry, PendingLogEntryBlob,
-};
+use tlog_tiles::{PendingLogEntry, PendingLogEntryBlob};
 #[allow(clippy::wildcard_imports)]
 use worker::*;
 use x509_cert::{

@@ -8,8 +8,9 @@ use generic_log_worker::{
     deserialize_sequence_metadata_entries, serialize_sequence_metadata_entries, SequencerMetadata,
 };
 use serde::{Deserialize, Serialize};
+use tlog_checkpoint::UnixTimestampMillis;
 use tlog_core::LeafIndex;
-use tlog_tiles::{LookupKey, UnixTimestamp};
+use tlog_tiles::LookupKey;
 
 /// Sequencer metadata for a bootstrap MTC log entry.
 ///
@@ -20,15 +21,15 @@ use tlog_tiles::{LookupKey, UnixTimestamp};
 /// 1. **Durable Object dedup ring buffer**: 32-byte binary layout
 ///    `[16-byte lookup key | 8-byte leaf_index BE | 8-byte timestamp BE]`.
 ///    This format matches the one previously used when the type was
-///    `(LeafIndex, UnixTimestamp)`; preserving it avoids a one-time deserialize
+///    `(LeafIndex, UnixTimestampMillis)`; preserving it avoids a one-time deserialize
 ///    warning on deploy as the sequencer loads any entries already in DO
 ///    storage.
 /// 2. **DO→Worker RPC**: `bitcode` sequence of the two u64 fields (preserved by
 ///    the tuple-struct layout).
 ///
 /// Bootstrap MTC does not currently use the long-term KV dedup cache.
 #[derive(Serialize, Deserialize, Debug, Clone, Copy, Default, PartialEq, Eq)]
-pub struct BootstrapMtcSequenceMetadata(pub LeafIndex, pub UnixTimestamp);
+pub struct BootstrapMtcSequenceMetadata(pub LeafIndex, pub UnixTimestampMillis);
 
 impl BootstrapMtcSequenceMetadata {
     /// Return the leaf index.
@@ -39,15 +40,15 @@ impl BootstrapMtcSequenceMetadata {
 
     /// Return the sequencing timestamp (milliseconds since the Unix epoch).
     #[must_use]
-    pub fn timestamp(&self) -> UnixTimestamp {
+    pub fn timestamp(&self) -> UnixTimestampMillis {
         self.1
     }
 }
 
 impl SequencerMetadata for BootstrapMtcSequenceMetadata {
     fn new(
         leaf_index: LeafIndex,
-        timestamp: UnixTimestamp,
+        timestamp: UnixTimestampMillis,
         _old_tree_size: u64,
         _new_tree_size: u64,
     ) -> Self {

@@ -19,8 +19,8 @@ use generic_log_worker::{
 use serde::{Deserialize, Serialize};
 use serde_with::{base64::Base64, serde_as};
 use signed_note::Note;
+use tlog_checkpoint::{CheckpointText, UnixTimestampMillis};
 use tlog_core::Hash;
-use tlog_tiles::{CheckpointText, UnixTimestamp};
 #[allow(clippy::wildcard_imports)]
 use worker::*;
 
@@ -87,8 +87,8 @@ fn checkpoint_callback(env: &Env, name: &str) -> CheckpointCallbacker {
     let params = &CONFIG.logs[name];
     let bucket = load_public_bucket(env, name).unwrap();
     Box::new(
-        move |old_time: UnixTimestamp,
-              new_time: UnixTimestamp,
+        move |old_time: UnixTimestampMillis,
+              new_time: UnixTimestampMillis,
               _old_tree_size: u64,
               _new_tree_size: u64,
               new_checkpoint_bytes: &[u8]| {

@@ -51,6 +51,7 @@ serde_with.workspace = true
 static_ct_api.workspace = true
 signed_note.workspace = true
 tlog_core.workspace = true
+tlog_checkpoint.workspace = true
 tlog_tiles.workspace = true
 worker.workspace = true
 x509-cert.workspace = true

@@ -11,7 +11,7 @@ use signed_note::KeyName;
 use static_ct_api::StaticCTCheckpointSigner;
 use std::collections::HashMap;
 use std::sync::{LazyLock, OnceLock};
-use tlog_tiles::{CheckpointSigner, Ed25519CheckpointSigner};
+use tlog_checkpoint::{CheckpointSigner, Ed25519CheckpointSigner};
 use worker::{Env, Result};
 use x509_util::CertPool;
 

@@ -8,8 +8,9 @@ use generic_log_worker::{
     deserialize_sequence_metadata_entries, serialize_sequence_metadata_entries, SequencerMetadata,
 };
 use serde::{Deserialize, Serialize};
+use tlog_checkpoint::UnixTimestampMillis;
 use tlog_core::LeafIndex;
-use tlog_tiles::{LookupKey, UnixTimestamp};
+use tlog_tiles::LookupKey;
 
 /// Sequencer metadata for a static-ct-api log entry.
 ///
@@ -25,7 +26,7 @@ use tlog_tiles::{LookupKey, UnixTimestamp};
 /// 3. **DO→Worker RPC**: `bitcode` sequence of the two u64 fields. Also
 ///    preserved by the tuple-struct layout.
 #[derive(Serialize, Deserialize, Debug, Clone, Copy, Default, PartialEq, Eq)]
-pub struct StaticCTSequenceMetadata(pub LeafIndex, pub UnixTimestamp);
+pub struct StaticCTSequenceMetadata(pub LeafIndex, pub UnixTimestampMillis);
 
 impl StaticCTSequenceMetadata {
     /// Return the leaf index.
@@ -36,15 +37,15 @@ impl StaticCTSequenceMetadata {
 
     /// Return the sequencing timestamp (milliseconds since the Unix epoch).
     #[must_use]
-    pub fn timestamp(&self) -> UnixTimestamp {
+    pub fn timestamp(&self) -> UnixTimestampMillis {
         self.1
     }
 }
 
 impl SequencerMetadata for StaticCTSequenceMetadata {
     fn new(
         leaf_index: LeafIndex,
-        timestamp: UnixTimestamp,
+        timestamp: UnixTimestampMillis,
         _old_tree_size: u64,
         _new_tree_size: u64,
     ) -> Self {
@@ -71,7 +72,7 @@ mod tests {
     use super::*;
 
     /// Confirm the JSON wire format used by the KV long-term dedup cache
-    /// metadata matches the historical `(LeafIndex, UnixTimestamp)` tuple shape
+    /// metadata matches the historical `(LeafIndex, UnixTimestampMillis)` tuple shape
     /// (i.e. `[leaf_index, timestamp]`). Changing this would orphan pre-existing
     /// KV entries from deployed logs.
     #[test]

@@ -41,6 +41,7 @@ sha2.workspace = true
 signed_note.workspace = true
 thiserror.workspace = true
 tlog_core.workspace = true
+tlog_checkpoint.workspace = true
 tlog_tiles.workspace = true
 tokio.workspace = true
 worker.workspace = true
@@ -281,7 +281,7 @@ impl GenericCleaner {
             .ok_or("missing object body")?
             .bytes()
             .await?;
-        let checkpoint = tlog_tiles::open_checkpoint(
+        let checkpoint = tlog_checkpoint::open_checkpoint(
             self.config.origin.as_str(),
             &self.config.verifiers,
             now_millis(),