update api

zhaohuabing · zhaohuabing · commit f3196ca6b5d4 · 2025-12-03T11:30:45.000+08:00
Signed-off-by: Huabing Zhao &lt;zhaohuabing@gmail.com&gt;
diff --git a/api/v1alpha1/mcp_route.go b/api/v1alpha1/mcp_route.go
@@ -259,11 +259,17 @@ type MCPRouteAuthorizationRule struct {
 	//
 	// +kubebuilder:validation:Required
 	Target MCPAuthorizationTarget `json:"target"`
+
+	// Action defines whether to allow or deny requests that match this rule.
+	//
+	// +kubebuilder:validation:Required
+	Action egv1a1.AuthorizationAction `json:"action"`
 }
 
 type MCPAuthorizationTarget struct {
 	// Tools defines the list of tools this rule applies to.
 	//
+	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=16
 	Tools []ToolCall `json:"tools"`
@@ -280,6 +286,7 @@ type JWTSource struct {
 	// Scopes defines the list of JWT scopes required for the rule.
 	// If multiple scopes are specified, all scopes must be present in the JWT for the rule to match.
 	//
+	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=16
 	Scopes []egv1a1.JWTScope `json:"scopes"`
diff --git a/manifests/charts/ai-gateway-crds-helm/templates/aigateway.envoyproxy.io_mcproutes.yaml b/manifests/charts/ai-gateway-crds-helm/templates/aigateway.envoyproxy.io_mcproutes.yaml
@@ -603,6 +603,13 @@ spec:
                             MCPRouteAuthorizationRule defines an authorization rule for MCPRoute based on the MCP authorization spec.
                             Reference: https://modelcontextprotocol.io/specification/draft/basic/authorization#scope-challenge-handling
                           properties:
+                            action:
+                              description: Action defines whether to allow or deny
+                                requests that match this rule.
+                              enum:
+                              - Allow
+                              - Deny
+                              type: string
                             source:
                               description: Source defines the authorization source
                                 for this rule.
@@ -653,6 +660,7 @@ spec:
                               - tools
                               type: object
                           required:
+                          - action
                           - source
                           - target
                           type: object
diff --git a/site/docs/api/api.mdx b/site/docs/api/api.mdx
@@ -1684,6 +1684,11 @@ Reference: https://modelcontextprotocol.io/specification/draft/basic/authorizati
   type="[MCPAuthorizationTarget](#mcpauthorizationtarget)"
   required="true"
   description="Target defines the authorization target for this rule."
+/><ApiField
+  name="action"
+  type="[AuthorizationAction](#authorizationaction)"
+  required="true"
+  description="Action defines whether to allow or deny requests that match this rule."
 />
 
 
