[💡 FEATURE REQUEST]: Support RPC-Based Delegation to PHP Codec for Temporal Payload Encoding/Decoding in RoadRunner #2269
Description
Plugin
Temporal
TL;DR: The Temporal RoadRunner plugin currently cannot use encrypted payloads produced by the Temporal PHP SDK, because it does not support custom codecs and is unaware of codec configured on the PHP side. PHP workers therefore cannot encrypt workflow payloads. This becomes a strict requirement for Temporal Cloud or any environment where workflow data leaves internal infrastructure and must be encrypted for privacy/compliance reasons.
Solutions like allowing custom codecs in the RR plugin would not be an optimal solution, since the PHP codec code used to send outgoing messages would have to be duplicated in Go code. I therefore propose the following solution:
Add support for RoadRunner to offload payload encoding/decoding to the PHP-side codec via RPC.
Background
The Temporal PHP SDK allows users to configure a custom codec (e.g., encryption + compression). However, RoadRunner’s Temporal plugin uses its own internal DataConverter and does not invoke the PHP codec. As a result, when a PHP worker encodes an encrypted payload:
- RoadRunner cannot decode it
- The workflow protocol breaks immediately
This prevents encrypted payloads from being used in PHP-based Temporal workers.
For organizations with compliance or legal requirements, this is a complete blocker — especially when using Temporal Cloud, where payloads leave internal infrastructure and must be encrypted.
Proposed Solution
Add support for RoadRunner’s Temporal plugin to offload payload encoding and decoding to the PHP codec via RPC.
Concretely:
- When RoadRunner receives a payload from Temporal, it calls the PHP codec via RPC to decode it.
- When RoadRunner needs to send payloads to Temporal, it calls the PHP codec via RPC to encode it.
- RoadRunner does not need to re-implement encryption, compression, or key management.
- All user-defined security logic remains in PHP.
This avoids several problems:
- No duplicated encryption logic across Go and PHP
- No need for Go expertise or custom RR builds
- No divergence between PHP and Go implementations
- Enables encrypted payloads for any Temporal server deployment (including Temporal Cloud)
- If configuration option is not provided, current/default behavior would be kept
Why RPC Delegation Is Ideal
✔ Keeps cryptography in userland PHP
Teams maintain a single codec implementation, without touching Go.
✔ Eliminates maintenance burden
No codec duplication, no version drift, no extra tooling.
✔ Excellent developer experience
Fits naturally into PHP workers without requiring Go knowledge.
✔ Enables secure Temporal adoption
Unlocks encrypted payloads across all Temporal deployments.
Additional Context
I have developed a codec and codec server. The implementation includes support for:
- Multiple key versions with active key selection
- AES-based envelope encryption
- Optional compression
- Prometheus metrics for the codec server
Once a proper integration point exists, I plan to open-source the codec + server to help the wider PHP community.
Request
Please implement support in RoadRunner to:
Delegate Temporal payload encoding and decoding to the PHP-side codec via RPC.
I’m happy to assist with testing, API discussions, or example implementations.
Metadata
Metadata
Assignees
Type
Projects
Status