temporalcodec 0.0.1__tar.gz

temporalcodec-0.0.1/.gitignore

@@ -0,0 +1,26 @@
+dist
+tmp
+
+node_modules
+
+.idea
+.DS_Store
+Thumbs.db
+.commit
+.devbox
+.envrc
+go.work.sum
+
+######################
+## gRPC conventions ##
+######################
+
+# Go-generated files
+**/*.pb.go
+# TypeScript-generated gRPC files
+**/*/src/interfaces
+# Avoid duplication from Docker Compose volumes
+**/*/proto
+
+__pycache__
+.venv

temporalcodec-0.0.1/PKG-INFO

@@ -0,0 +1,36 @@
+Metadata-Version: 2.4
+Name: temporalcodec
+Version: 0.0.1
+Summary: Encode and decode your Temporal data
+Project-URL: Homepage, https://github.com/mrsimonemms/temporal-codec-server
+Project-URL: Repository, https://github.com/mrsimonemms/temporal-codec-server
+Project-URL: Documentation, https://github.com/mrsimonemms/temporal-codec-server
+Project-URL: Bug Tracker, https://github.com/mrsimonemms/temporal-codec-server/issues
+Author-email: Simon Emms <simon@simonemms.com>
+License: Apache-2.0
+Keywords: codec,decoding,decryption,encoding,encryption,temporal,workflow
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+
+# temporal-codec
+
+Encode and decode your Temporal data with Python
+
+<!-- toc -->
+
+* [Temporal SDK example](#temporal-sdk-example)
+  * [Installation](#installation)
+
+<!-- Regenerate with "pre-commit run -a markdown-toc" -->
+
+<!-- tocstop -->
+
+## Temporal SDK example
+
+> See [keys.example.yaml](https://github.com/mrsimonemms/temporal-codec-server/blob/e11e08a51b0cc0673363e6df3d4d4280319bce2b/keys.example.yaml)
+> for an example key file.
+>
+> For best results, use an environment variable rather than hardcoding the file
+> path.
+
+### Installation

temporalcodec-0.0.1/README.md

@@ -0,0 +1,22 @@
+# temporal-codec
+
+Encode and decode your Temporal data with Python
+
+<!-- toc -->
+
+* [Temporal SDK example](#temporal-sdk-example)
+  * [Installation](#installation)
+
+<!-- Regenerate with "pre-commit run -a markdown-toc" -->
+
+<!-- tocstop -->
+
+## Temporal SDK example
+
+> See [keys.example.yaml](https://github.com/mrsimonemms/temporal-codec-server/blob/e11e08a51b0cc0673363e6df3d4d4280319bce2b/keys.example.yaml)
+> for an example key file.
+>
+> For best results, use an environment variable rather than hardcoding the file
+> path.
+
+### Installation

temporalcodec-0.0.1/pyproject.toml

@@ -0,0 +1,45 @@
+# Copyright 2025 Simon Emms <simon@simonemms.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+[project]
+name = "temporalcodec"
+version = "0.0.1"
+description = "Encode and decode your Temporal data"
+readme = "README.md"
+authors = [{ name = "Simon Emms", email = "simon@simonemms.com" }]
+requires-python = ">=3.9"
+dependencies = []
+license = { text = "Apache-2.0" }
+keywords = [
+  "temporal",
+  "workflow",
+  "encryption",
+  "decryption",
+  "codec",
+  "encoding",
+  "decoding",
+]
+
+[project.urls]
+Homepage = "https://github.com/mrsimonemms/temporal-codec-server"
+Repository = "https://github.com/mrsimonemms/temporal-codec-server"
+Documentation = "https://github.com/mrsimonemms/temporal-codec-server"
+"Bug Tracker" = "https://github.com/mrsimonemms/temporal-codec-server/issues"
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatch.build.targets.wheel]
+packages = ["."]

temporalcodec-0.0.1/temporalcodec/encryption.py

@@ -0,0 +1,97 @@
+# Copyright 2025 Simon Emms <simon@simonemms.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from typing import Iterable, List, TypedDict
+from dataclasses import dataclass
+import yaml
+import os
+from temporalio.api.common.v1 import Payload
+from temporalio.converter import PayloadCodec
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+
+metadata_keyid = "encryption-key-id"
+metadata_encoding = "encoding"
+encoding_type = "binary/encrypted"
+
+
+@dataclass
+class Key(TypedDict):
+    id: str
+    key: str
+
+
+class EncryptionCodec(PayloadCodec):
+    def __init__(self, keys: List[Key]) -> None:
+        super().__init__()
+
+        if len(keys) == 0:
+            # @todo(sje): this is probably not a TypeError
+            raise TypeError(f'Keys are required for AES encryption')
+
+        self.keys = keys
+
+    async def decode(self, payloads: Iterable[Payload]) -> List[Payload]:
+        ret: List[Payload] = []
+        for p in payloads:
+            if p.metadata.get(metadata_encoding, b"").decode() != encoding_type:
+                ret.append(p)
+                continue
+
+            key_id = p.metadata.get("encryption-key-id", b"").decode()
+
+            key = None
+            for k in self.keys:
+                if k.get("id") == key_id:
+                    key = k.get("key")
+
+            if key == None:
+                raise ValueError(f"Unrecognized key ID {key_id}.")
+
+            encryptor = AESGCM(key.encode())
+            ret.append(Payload.FromString(self.__decode(encryptor, p.data)))
+        return ret
+
+    async def encode(self, payloads: Iterable[Payload]) -> List[Payload]:
+        active_key = self.keys[0]
+        encryptor = AESGCM(active_key.get("key").encode())
+
+        return [
+            Payload(
+                metadata={
+                    metadata_encoding: encoding_type.encode(),
+                    metadata_keyid: active_key.get("id").encode(),
+                },
+                data=self.__encode(encryptor, p.SerializeToString()),
+            )
+            for p in payloads
+        ]
+
+    @staticmethod
+    def __decode(encryptor: AESGCM, data: bytes) -> bytes:
+        return encryptor.decrypt(data[:12], data[12:], None)
+
+    @staticmethod
+    def __encode(encryptor: AESGCM, data: bytes) -> bytes:
+        nonce = os.urandom(12)
+        return nonce + encryptor.encrypt(nonce, data, None)
+
+    @staticmethod
+    async def create(keypath: str) -> 'EncryptionCodec':
+        keys = List[Key]
+        with open(keypath) as f:
+            data = yaml.safe_load(f)
+
+        keys: List[Key] = [Key(**item) for item in data]
+
+        return EncryptionCodec(keys)

temporalcodec-0.0.1/uv.lock

@@ -0,0 +1,8 @@
+version = 1
+revision = 2
+requires-python = ">=3.9"
+
+[[package]]
+name = "temporalcodec"
+version = "0.0.1"
+source = { editable = "." }