[Feature Request] Omit HostedMCPTool headers from serialized activity input?

[nikhil-pandey]

Is your feature request related to a problem? Please describe.

Some information stored in a payload is more sensitive than the rest of the payload, to the point that it would be ideal to separately secure that information.

Describe the solution you'd like

The sensitive information would not be visible in the temporal UI.

Original Request from user for a specific piece of information

While using HostedMCPTool inside a Temporal workflow we noticed that the tool config (including HTTP headers) is serialized into the activity input/history, so secrets end up in worker logs and the Temporal UI. Is there—or could there be—a way for the plugin to avoid persisting these headers (e.g., a hook to resolve headers only when the activity executes, or built-in redaction)?

[tconley1428]

e.g., a hook to resolve headers only when the activity executes

Doing something like that would require that the tool, or at least the associated data be defined statically during construction of the worker since the data would need to be available inside the activity and wouldn't be able to be provided by the workflow.

or built-in redaction

If I take your meaning with redacted correctly, we don't have a mechanism for specifying secrets inside inputs. We do however, have a mechanism for treating all payloads as secrets. You can use a payload codec to encrypt all traffic through the temporal server. See https://docs.temporal.io/develop/python/converters-and-encryption. This is a very common practice that we see often for users with private data moving between worker and server.

[nikhil-pandey]

Yeah, I'm already using a codec, but the issue is that the tokens still show up in plain text when someone browses the Temporal UI — which isn't ideal from a security perspective. What would be really helpful is an option to omit or lazily resolve sensitive headers, so they don’t get serialized into the activity input at all.

[tconley1428]

We'll triage that request, but it would be a pretty large feature across more than the Python SDK and potentially require server and UI components, so it would be unlikely to have a short term resolution.

[tconley1428]

@nikhil-pandey I've moved the issue to the general cross component Features repo and attempted to generalize the issue statement from the specifics of Python and the Agents SDK integration. Let me know if you think I mischaracterized your need.

[tconley1428]

Received some new information from other folks on the team actually. Since you have a codec and see the payloads in the UI, I'm assuming you are also running a codec server. Your response from the codec server for these payloads can omit these portions of the payload so that they will not appear in the UI.