rename arguments to condition

Signed-off-by: Huabing Zhao <[email protected]>

Author: zhaohuabing

api/v1alpha1/mcp_route.go

@@ -321,14 +321,14 @@ type ToolCall struct {
 	// +kubebuilder:validation:Required
 	ToolName string `json:"toolName"`
 
-	// Arguments is a CEL expression that must evaluate to true for the rule to match.
+	// Condition is a CEL expression that must evaluate to true for the rule to match.
 	// The expression is evaluated with a single variable "args" bound to the tool call arguments as a dynamic object.
 	// Guard against missing fields with null checks (e.g., args["foo"] != null && args["foo"]["bar"] == "val").
 	//
 	// +kubebuilder:validation:Optional
 	// +kubebuilder:validation:MaxLength=4096
 	// +optional
-	Arguments *string `json:"arguments,omitempty"`
+	Condition *string `json:"condition,omitempty"`
 }
 
 // JWKS defines how to obtain JSON Web Key Sets (JWKS) either from a remote HTTP/HTTPS endpoint or from a local source.

api/v1alpha1/zz_generated.deepcopy.go

@@ -495,7 +495,7 @@ func mcpConfig(mcpRoutes []aigv1a1.MCPRoute) *filterapi.MCPConfig {
 					tools[i] = filterapi.ToolCall{
 						Backend:   tool.Backend,
 						ToolName:  tool.ToolName,
-						Arguments: tool.Arguments,
+						Condition: tool.Condition,
 					}
 				}
 

internal/controller/gateway.go

@@ -125,7 +125,7 @@ type ToolCall struct {
 	// ToolName is the name of the tool.
 	ToolName string `json:"toolName"`
 
-	// Arguments is a CEL expression evaluated against the tool call arguments map.
+	// Condition is a CEL expression evaluated against the tool call arguments map.
 	// The expression must evaluate to true for the rule to apply.
-	Arguments *string `json:"arguments,omitempty"`
+	Condition *string `json:"condition,omitempty"`
 }

internal/filterapi/mcpconfig.go

@@ -69,15 +69,15 @@ func compileAuthorization(auth *filterapi.MCPRouteAuthorization) (*compiledAutho
 					Backend:  tool.Backend,
 					ToolName: tool.ToolName,
 				}
-				if tool.Arguments != nil && strings.TrimSpace(*tool.Arguments) != "" {
-					expr := strings.TrimSpace(*tool.Arguments)
+				if tool.Condition != nil && strings.TrimSpace(*tool.Condition) != "" {
+					expr := strings.TrimSpace(*tool.Condition)
 					ast, issues := env.Compile(expr)
 					if issues != nil && issues.Err() != nil {
-						return nil, fmt.Errorf("failed to compile arguments CEL for tool %s/%s: %w", tool.Backend, tool.ToolName, issues.Err())
+						return nil, fmt.Errorf("failed to compile condition CEL for tool %s/%s: %w", tool.Backend, tool.ToolName, issues.Err())
 					}
 					program, err := env.Program(ast, cel.CostLimit(10000), cel.EvalOptions(cel.OptOptimize))
 					if err != nil {
-						return nil, fmt.Errorf("failed to build arguments CEL program for tool %s/%s: %w", tool.Backend, tool.ToolName, err)
+						return nil, fmt.Errorf("failed to build condition CEL program for tool %s/%s: %w", tool.Backend, tool.ToolName, err)
 					}
 					ct.Expression = expr
 					ct.program = program
@@ -207,7 +207,7 @@ func (m *MCPProxy) toolMatches(backendName, toolName string, tools []compiledToo
 
 		result, _, err := t.program.Eval(map[string]any{"args": args})
 		if err != nil {
-			m.l.Error("failed to evaluate arguments CEL", slog.String("backend", t.Backend), slog.String("tool", t.ToolName), slog.String("error", err.Error()))
+			m.l.Error("failed to evaluate condition CEL", slog.String("backend", t.Backend), slog.String("tool", t.ToolName), slog.String("error", err.Error()))
 			continue
 		}
 
@@ -221,7 +221,7 @@ func (m *MCPProxy) toolMatches(backendName, toolName string, tools []compiledToo
 				return true
 			}
 		default:
-			m.l.Error("arguments CEL did not return a boolean", slog.String("backend", t.Backend), slog.String("tool", t.ToolName), slog.String("expression", t.Expression))
+			m.l.Error("condition CEL did not return a boolean", slog.String("backend", t.Backend), slog.String("tool", t.ToolName), slog.String("expression", t.Expression))
 		}
 	}
 	// If no matching tool entry or no arguments matched, fail.

internal/mcpproxy/authorization.go

@@ -80,7 +80,7 @@ func TestAuthorizeRequest(t *testing.T) {
 							Tools: []filterapi.ToolCall{{
 								Backend:   "backend1",
 								ToolName:  "tool1",
-								Arguments: strPtr(`args.mode in ["fast", "slow"] && args.user.matches("u-[0-9]+") && args.debug == true`),
+								Condition: strPtr(`args.mode in ["fast", "slow"] && args.user.matches("u-[0-9]+") && args.debug == true`),
 							}},
 						},
 					},
@@ -111,7 +111,7 @@ func TestAuthorizeRequest(t *testing.T) {
 							Tools: []filterapi.ToolCall{{
 								Backend:   "backend1",
 								ToolName:  "tool1",
-								Arguments: strPtr(`int(args.count) >= 40 && int(args.count) < 50`),
+								Condition: strPtr(`int(args.count) >= 40 && int(args.count) < 50`),
 							}},
 						},
 					},
@@ -138,7 +138,7 @@ func TestAuthorizeRequest(t *testing.T) {
 							Tools: []filterapi.ToolCall{{
 								Backend:   "backend1",
 								ToolName:  "tool1",
-								Arguments: strPtr(`args["payload"] != null && args["payload"]["kind"] == "test" && args["payload"]["value"] == 123`),
+								Condition: strPtr(`args["payload"] != null && args["payload"]["kind"] == "test" && args["payload"]["value"] == 123`),
 							}},
 						},
 					},
@@ -192,7 +192,7 @@ func TestAuthorizeRequest(t *testing.T) {
 							Tools: []filterapi.ToolCall{{
 								Backend:   "backend1",
 								ToolName:  "tool1",
-								Arguments: strPtr(`args.mode in ["fast", "slow"]`),
+								Condition: strPtr(`args.mode in ["fast", "slow"]`),
 							}},
 						},
 					},
@@ -221,7 +221,7 @@ func TestAuthorizeRequest(t *testing.T) {
 							Tools: []filterapi.ToolCall{{
 								Backend:   "backend1",
 								ToolName:  "tool1",
-								Arguments: strPtr(`args.nonExistingField in ["fast", "slow"]`),
+								Condition: strPtr(`args.nonExistingField in ["fast", "slow"]`),
 							}},
 						},
 					},
@@ -250,7 +250,7 @@ func TestAuthorizeRequest(t *testing.T) {
 							Tools: []filterapi.ToolCall{{
 								Backend:   "backend1",
 								ToolName:  "tool1",
-								Arguments: strPtr(`args.mode`),
+								Condition: strPtr(`args.mode`),
 							}},
 						},
 					},
@@ -279,7 +279,7 @@ func TestAuthorizeRequest(t *testing.T) {
 							Tools: []filterapi.ToolCall{{
 								Backend:   "backend1",
 								ToolName:  "tool1",
-								Arguments: strPtr(`invalid syntax here`),
+								Condition: strPtr(`invalid syntax here`),
 							}},
 						},
 					},
@@ -309,7 +309,7 @@ func TestAuthorizeRequest(t *testing.T) {
 							Tools: []filterapi.ToolCall{{
 								Backend:   "backend1",
 								ToolName:  "tool1",
-								Arguments: strPtr(`args["mode"] == "fast"`),
+								Condition: strPtr(`args["mode"] == "fast"`),
 							}},
 						},
 					},
@@ -444,7 +444,7 @@ func TestAuthorizeRequest(t *testing.T) {
 							Tools: []filterapi.ToolCall{{
 								Backend:   "backend1",
 								ToolName:  "listFiles",
-								Arguments: strPtr(`args.folder == "restricted"`),
+								Condition: strPtr(`args.folder == "restricted"`),
 							}},
 						},
 					},
@@ -482,7 +482,7 @@ func TestAuthorizeRequest(t *testing.T) {
 							Tools: []filterapi.ToolCall{{
 								Backend:   "backend1",
 								ToolName:  "listFiles",
-								Arguments: strPtr(`args.folder == "restricted"`),
+								Condition: strPtr(`args.folder == "restricted"`),
 							}},
 						},
 					},
@@ -612,7 +612,7 @@ func TestCompileAuthorizationInvalidExpression(t *testing.T) {
 					Tools: []filterapi.ToolCall{{
 						Backend:   "backend1",
 						ToolName:  "tool1",
-						Arguments: strPtr("args."),
+						Condition: strPtr("args."),
 					}},
 				},
 			},

internal/mcpproxy/authorization_test.go

@@ -651,17 +651,17 @@ spec:
                                     description: ToolCall represents a tool call in
                                       the MCP authorization target.
                                     properties:
-                                      arguments:
+                                      backend:
+                                        description: Backend is the name of the backend
+                                          this tool belongs to.
+                                        type: string
+                                      condition:
                                         description: |-
-                                          Arguments is a CEL expression that must evaluate to true for the rule to match.
+                                          Condition is a CEL expression that must evaluate to true for the rule to match.
                                           The expression is evaluated with a single variable "args" bound to the tool call arguments as a dynamic object.
                                           Guard against missing fields with null checks (e.g., args["foo"] != null && args["foo"]["bar"] == "val").
                                         maxLength: 4096
                                         type: string
-                                      backend:
-                                        description: Backend is the name of the backend
-                                          this tool belongs to.
-                                        type: string
                                       toolName:
                                         description: ToolName is the name of the tool.
                                         type: string

manifests/charts/ai-gateway-crds-helm/templates/aigateway.envoyproxy.io_mcproutes.yaml

@@ -1988,10 +1988,10 @@ ToolCall represents a tool call in the MCP authorization target.
   required="true"
   description="ToolName is the name of the tool."
 /><ApiField
-  name="arguments"
+  name="condition"
   type="string"
   required="false"
-  description="Arguments is a CEL expression that must evaluate to true for the rule to match.<br />The expression is evaluated with a single variable `args` bound to the tool call arguments as a dynamic object.<br />Guard against missing fields with null checks (e.g., args[`foo`] != null && args[`foo`][`bar`] == `val`)."
+  description="Condition is a CEL expression that must evaluate to true for the rule to match.<br />The expression is evaluated with a single variable `args` bound to the tool call arguments as a dynamic object.<br />Guard against missing fields with null checks (e.g., args[`foo`] != null && args[`foo`][`bar`] == `val`)."
 />
 
 

site/docs/api/api.mdx

@@ -68,7 +68,7 @@ spec:
             tools:
               - backend: mcp-backend-authorization
                 toolName: echo
-                arguments: args.text.matches("^Hello, .*!$")
+                condition: args.text.matches("^Hello, .*!$")
         - source:
             jwt:
               scopes: