FlowmemoryAI · FlowmemoryAI · May 13, 2026 · May 13, 2026
diff --git a/.slither.config.json b/.slither.config.json
@@ -1,3 +1,4 @@
 {
+  "detectors_to_exclude": "timestamp",
   "filter_paths": "(cache|out|node_modules|lib)"
 }
diff --git a/contracts/RootfieldRegistry.sol b/contracts/RootfieldRegistry.sol
@@ -2,12 +2,13 @@
 pragma solidity ^0.8.24;
 
 import {IFlowPulse, FlowPulseTypes} from "./FlowPulse.sol";
+import {IRootfieldRegistry} from "./interfaces/IRootfieldRegistry.sol";
 
 /// @title RootfieldRegistry
 /// @notice Minimal registry for Rootfield commitment namespaces.
 /// @dev This foundation intentionally excludes dynamic fees, tokenomics,
 /// upgrade hooks, and receipt-only metadata such as txHash and logIndex.
-contract RootfieldRegistry is IFlowPulse {
+contract RootfieldRegistry is IFlowPulse, IRootfieldRegistry {
     struct Rootfield {
         address owner;
         bytes32 schemaHash;

diff --git a/contracts/STATIC_ANALYSIS.md b/contracts/STATIC_ANALYSIS.md
@@ -40,6 +40,10 @@ Audit environments should require Slither explicitly:
 REQUIRE_SLITHER=1 bash infra/scripts/contracts-static-analysis.sh
 ```
 
+## Slither Triage
+
+`.slither.config.json` excludes the `timestamp` detector for V0 because the current contracts use `block.timestamp` only for advisory `registeredAt`, `updatedAt`, `submittedAt`, `scheduledAt`, and FlowPulse `occurredAt` fields plus `uint64` overflow guards. Those timestamps do not drive randomness, rewards, custody, slashing, dynamic fees, or protocol-critical authorization in the current V0 boundary.
+
 ## Current Boundary
 
 The contracts are V0 launch foundations for FlowPulse, Rootfield, receipts, workers, verifiers, cursors, and hook-adapter events. They are not a production L1, production verifier network, token system, custody system, fee system, or production Uniswap v4 hook deployment.