BUILDING A BANK-GRADE, AGENT-DRIVEN PRODUCTION RUNTIME FOR STAQ

Temporal

Development

AI Agent

Isolation

Durable

Execution

Solutions

AI Agent Automation, Product Discovery, Temporal Orchestration

Industries

Artificial Intelligence, Business Automation, Financial Services

Technologies

ArgoCD, Claude (Anthropic), Golang, Helm, Java / Spring Boot, Kafka, Keycloak, Kubernetes, MySQL, OPA/Rego, Prometheus/Loki, Temporal, Wippy AI

About THE Project

Staq is a B2B embedded finance platform that powers banking infrastructure for institutions across Saudi Arabia, Iraq, and the UAE. They set out to build a B2C autonomous banking application – a product where multi-agent AI proactively manages users’ finances (subscription cancellation, overdraft protection, cash sweeps, fee alerts) with human-in-the-loop approval that graduates to full automation.

The hard part was not the AI tooling. It was integrating AI agents into durable, fault-tolerant workflows that handle real money movement in highly regulated markets, with full traceability, auditability, and per-country compliance.

Spiral Scout’s engagement began as a 4-week architecture sprint to describe and help build the foundation for their Temporal.io orchestration model, agent lifecycle design, isolation patterns, and audit strategy. The goal was to make sure that Staq’s team could build with confidence instead of trial-and-error, and without depending on our team long-term.

CORE OBJECTIVES

Temporal-Centric Orchestration: Design a model for agent-generated financial workflows that are dynamic but deterministic on replay.
Agent Lifecycle Modeling: Define versioning, typed I/O, rollback, and error/compensation flows with human-in-the-loop approval.
Zero-Trust Runtime Isolation: Establish actor-level sandboxing, proxy models, and token-scoped access so untrusted agent code cannot touch unauthorized resources.
Regulatory Data Architecture: Architect a reference layer that keeps Personally Identifiable Information (PII) outside Temporal and LLM contexts, using opaque IDs and encrypted-at-rest storage.
Reusable Agentic Patterns: Ship a pattern (supervisor + specialist agents with dynamic routing) that compounds across every future workflow Staq builds.
Independent Handoff: Transfer architectural knowledge so Staq’s engineering team can compose new agents independently.

Challenges

Solutions

Challenges

Temporal Integration Complexity Under a Compressed Timeline

Staq wanted a production-ready agentic system within two months. Our CTO, Anton Titov, was direct: achieving full Temporal workflow integration with custom agentic orchestration, multi-agent session management, and compliance controls in that timeframe was too optimistic. Interactive chat agents require session subsystems, ad-hoc redirects, streaming protocols, and cancellation handling that are significantly more complex than linear predefined workflows.

Solutions

Phase-Gated Architecture with Isolated Complexity Boundaries

Spiral Scout restructured the engagement into discrete phases. Phase 1 was a 4-week architecture sprint to lock the orchestration model and implementation roadmap. We recommended separating the problem: predefined agents (deterministic workflow chains) would be built immediately on Temporal, while interactive chat agents (the harder problem) were isolated behind an abstraction boundary and built on Wippy’s agent orchestration subsystem to avoid rushing technical debt.

Challenges

Agent Isolation and Zero-Trust in a Regulated Environment

Staq operates in regulated banking markets where agents execute real money movement. Any agent hallucination, unauthorized data access, or spillover between tenants is a compliance failure. The architecture required policy-gated actions and a data model that prevents PII from ever touching LLM contexts or Temporal workflow states.

Solutions

Reference Layer Design with Runtime-Level Actor Isolation

We designed an artifact layer where agents operate exclusively on opaque IDs rather than raw PII. Artifacts are tagged by parent workflow, placed under permission control, and encrypted at rest. Runtime-level actor isolation in Wippy ensures untrusted code is blocked from direct database access. OPA/Rego policy injection points enforce per-country AML rules, AI-safety constraints, and budget caps at execution time, while issuer-scoped tokens (Keycloak) constrain each agent’s access.

Challenges

Workflow Explosion from Agent Execution Loops

When agents run research-style loops (tool calls, parsing, retries, cross-validation), the step count inside a Temporal workflow explodes. A single workflow with a massive execution log gets slow on replay, and LLMs do not reliably obey hard step caps. Left unchecked, a single session could degrade performance and inflate LLM costs.

Solutions

Execution Guards, Chunking, and Cost Telemetry

Spiral Scout specified execution guards that shut down or checkpoint agent workflows when step/quota budgets are exceeded – rather than relying on the LLM to follow prompt-level caps. Continuation-as-new patterns were implemented to chunk long-running sessions into bounded workflow segments. We also delivered cost and latency telemetry dashboards to monitor saturation, errors, and drift.

Challenges

Build vs. Adopt Decision for Core Infrastructure

Staq’s team considered building the full agentic platform from scratch. While they had a mature DevOps infrastructure, building artifact storage, a message model with versioning, streaming protocols, audit exports, and actor isolation from scratch would duplicate work that already existed in Wippy. However, adopting a rigid third-party platform risked vendor lock-in.

Solutions

Open-Core Model with Founding Partner Roadmap Influence

Spiral Scout proposed the Wippy open-core model. The MPL 2.0 runtime core is free to use, modify, and ship, meaning Staq pays only for the enterprise capabilities they activate in production (workflow builder UI, audit export packs, telemetry). As a Founding Partner, Staq co-shaped the production runtime, prioritizing Temporal workflow buildouts and centralized control plane features, giving them the ownership of a platform company without the cost of building from scratch.

OUR agentic system APPROACH

Our approach was built around past experience, production judgment, de-risking the hardest integration problems first and building for client independence.

Validate the Agent Before Investing in Infrastructure

The biggest risk was spending months building Temporal infrastructure only to discover the agents didn’t deliver end-user value. Our CTO highlighted this early: “What I don’t want to happen is that you build Temporal, couple services, and chat integrations, and then users open it and the agent is just not good.” The phased structure ensured agent performance was validated via concrete pass/fail tests before the full infrastructure buildout began.

Separate Predictable Workflows from Unpredictable Agents

Conflating predefined deterministic agents with interactive LLM-guided chat agents creates unnecessary risk. We designed the architecture to handle predefined agents as standard Temporal workflow chains (simple, testable, portable), while isolating the interactive chat system behind a controlled abstraction boundary.

Build for Client Independence

Staq needs to own their platform. We designed a Founding Partner model where Staq’s engineers participated in every sprint, receiving agent pattern cookbooks, prompt kits, and debug guides. We led live workshops to transfer practical knowledge. The goal: Spiral Scout builds the runtime, but Staq runs the product independently.

Project results

What exists now is the architectural north star for Staq’s autonomous banking product – a validated design for how agentic workflows, Temporal orchestration, and bank-grade compliance controls come together in a system that scales across regulated markets.

Tangible outputs shipped:

– A Temporal-centric orchestration model mapping Staq’s key workflows to Temporal primitives (activities, typed I/O, retries, idempotency).
– An architecture decision framework covering Temporal Cloud vs. self-hosted tradeoffs and tenant isolation.
– Isolation pattern designs (gRPC proxy vs. API facade, identity/issuance, secrets handling).
– Reference/artifact layer design for PII handling, state offloading, and audit materialization.
– Agent flow decomposition with end-to-end examples, HITL patterns, and error handling strategies.

Key Takeaways

Integration is the real risk. The biggest risk in an agentic banking product isn’t the AI – it’s connecting agents to durable workflows, compliance controls, and confidential financial data. Our phased architecture sprint caught design decisions that would have cost months of rework.
Separate the predictable from the unpredictable. Predefined agents and interactive chat agents have fundamentally different complexity profiles. Treating them as one problem creates technical debt.
Validate before building. You must validate agent performance before committing to infrastructure. Pass/fail acceptance tests force an answer on value before a team spends months on Temporal hardening.
Open-core beats build-from-scratch. Companies gain ownership without the 6–12 month infrastructure buildout.

If you’re building an agentic platform for regulated financial services where multi-tenancy, auditability, isolation, and durable execution are non-negotiable, let’s talk.