feat(temporal): add payload encryption codec with fail-open semantics

[daryllimyt]

Checklist

• Read CONTRIBUTING.md.
• PR title is short and non-generic (see previously merged PRs for examples).
• PR only implements a single feature or fixes a single bug.
• Tests passing (uv run pytest tests)?
• Lint / pre-commits passing (pre-commit run --all-files)?

Description

Related Issues

Screenshots / Recordings

Steps to QA

---

Summary by cubic

Adds a protected break‑glass Temporal codec server and end‑to‑end AES‑GCM encryption for Temporal payloads with optional compression. Decode always runs both codecs for backward compatibility; compression init-time validation was removed to keep decode fail‑open on stale config.

• New Features

  • /codec/decode route to decode Temporal payloads; secured with Bearer TEMPORAL__CODEC_SERVER_SHARED_SECRET, returns 401/503 when unauthorized or unconfigured; optional X-Namespace for logs; mounted in the main API.
  • Unified payload codec: AES‑GCM with HKDF‑derived per‑workspace keys and optional compression; encode runs compress→encrypt and decode reverses; decode always includes both codecs regardless of flags so historical payloads remain readable; encryption is fail‑open with minimal error logging; failure converter uses encoded attributes when encryption is on; memos, child workflow memos, and history payloads decode via the shared codec.
  • Workspace scoping: derived from ctx_role.workspace_id; platform ops use __global__.
  • Key management: root key from TEMPORAL__PAYLOAD_ENCRYPTION_KEY or ...__ARN; async retrieval via boto3 Secrets Manager with in‑memory cache (TEMPORAL__PAYLOAD_ENCRYPTION_CACHE_TTL_SECONDS, ..._CACHE_MAX_ITEMS); versioning via TEMPORAL__PAYLOAD_ENCRYPTION_KEY_VERSION. Infra adds secret ARNs temporal_payload_encryption_key_arn and temporal_codec_server_shared_secret_arn with IAM updates; docker-compose* exposes the new env vars.

• Migration

  • Off by default. To enable encryption, set TEMPORAL__PAYLOAD_ENCRYPTION_ENABLED=true and provide a root key via TEMPORAL__PAYLOAD_ENCRYPTION_KEY or ..._KEY__ARN.
  • To enable the codec server, set TEMPORAL__CODEC_SERVER_SHARED_SECRET and call /codec/decode with Authorization: Bearer <secret>; X-Namespace is optional.

^{Written for commit c663184. Summary will update on new commits.}

[daryllimyt]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• feat(temporal): add payload encryption codec with fail-open semantics #2297 👈 (View in Graphite)
• feat(temporal): encrypt durable agent histories #2296
• feat(temporal): encrypt core workflow histories #2295
• feat(temporal): add payload codec foundation #2294
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[zeropath-ai]

✅ No security or compliance issues detected. Reviewed everything up to 9806b1f.

Security Overview

• 🔎 Scanned files: 29 changed file(s)
• 🔗 Scan Link: https://zeropath.com/app/repositories/00dffd6c-8834-4dc9-b6d8-b44cd1622986?scanId=c1d016a4-649a-4792-b79f-deb2d5639f38&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Configuration changes	► deployments/fargate/main.tf     Add Temporal payload encryption and codec server variables ► deployments/fargate/modules/ecs/iam.tf     Add Temporal secrets to IAM policy ► deployments/fargate/modules/ecs/locals.tf     Map new Temporal variables to environment variables ► deployments/fargate/modules/ecs/secrets.tf     Add secrets for Temporal payload encryption and codec server ► deployments/fargate/modules/ecs/variables.tf     Add variables for Temporal payload encryption and codec server ► deployments/fargate/variables.tf     Add variables for Temporal payload encryption and codec server ► docker-compose.dev.yml     Add Temporal payload encryption and codec server environment variables ► docker-compose.local.yml     Add Temporal payload encryption and codec server environment variables ► docker-compose.yml     Add Temporal payload encryption and codec server environment variables ► tracecat/config.py     Define configuration for Temporal payload encryption and codec server ► tracecat/contexts.py     Add context variable for Temporal workspace ID     Add context manager for Temporal workspace ID override ► tracecat/dsl/_converter.py     Switch to DefaultFailureConverterWithEncodedAttributes when encryption is enabled     Use get_payload_codec for PayloadCodec ► tracecat/dsl/common.py     Decode memo payloads using decode_payloads ► tracecat/dsl/compression.py     Re-export CompressionPayloadCodec from temporal.codec
Enhancement	► tests/unit/test_dsl_converter.py     Add anyio mark to tests     Call AgentActionMemo.from_temporal asynchronously ► tests/unit/test_temporal_codec.py     Add tests for Temporal payload codec encryption and decryption     Add tests for Temporal payload codec requiring explicit workspace scope     Add test for get_data_converter switching failure converters ► tests/unit/test_temporal_codec_router.py     Add tests for codec router decoding encrypted payloads     Add test for codec router rejecting unauthorized requests     Add test for codec router requiring shared secret configuration ► tracecat/agent/session/service.py     Use with_temporal_workspace_id context manager for workflow start and update ► tracecat/api/app.py     Include Temporal codec router in the FastAPI app ► tracecat/temporal/codec.py     Implement Temporal payload codec for encryption and decryption     Implement get_payload_codec function ► tracecat/temporal/router.py     Implement codec router API endpoints for decoding payloads ► tracecat/temporal/codec_router.py     Implement codec router API endpoints for decoding payloads

[cubic-dev-ai]

No issues found across 25 files

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f26b1148a2

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[cubic-dev-ai]

2 issues found across 29 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="tracecat/agent/session/service.py">

<violation number="1">
P1: Workflow update submission also lost explicit role context propagation, which can cause encrypted update payloads to use global scope instead of workspace scope.</violation>

<violation number="2">
P1: Temporal workflow start no longer enforces role context for payload encryption scope, so calls can silently fall back to global (`__global__`) key scope when `ctx_role` is unset.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

1 issue found across 2 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="tracecat/temporal/codec.py">

<violation number="1" location="tracecat/temporal/codec.py:338">
P1: Fail-open on `encode` silently disables encryption that the operator explicitly enabled. A transient key-retrieval error (AWS outage, network blip, misconfiguration) causes sensitive workflow payloads to be persisted unencrypted in Temporal — exactly the scenario encryption was meant to prevent. Consider fail-closed here (re-raise the exception so the Temporal activity/workflow fails and retries) and reserve fail-open for the read-path (`decode`) where the breakglass use case needs it.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 24db12701e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[cubic-dev-ai]

1 issue found across 6 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="tracecat/temporal/codec.py">

<violation number="1" location="tracecat/temporal/codec.py:479">
P2: `decode_payloads` forces `compression_enabled=True`, which can raise `ValueError` on invalid compression config and prevent all payload decoding. Decode should not depend on encode-time compression validation.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 00234c2cb8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".