For the complete documentation index, see llms.txt. Markdown versions of all docs pages are available by appending .md to any docs URL.
CEL reference explorer
Explore the CEL expression context interactively, including all available variables and their nested fields.
- request
- methodstring
- uristring
- hoststring
- schemestring
- pathstring
- pathAndQuerystring
- versionstring
- headersobject
- bodystring
- startTimestring
- endTimestring
- response
- codeinteger
- headersobject
- bodystring
- env
- podNamestring
- namespacestring
- gatewaystring
- jwtobject
- apiKey
- *keystring
- basicAuth
- *usernamestring
- llm
- *streamingboolean
- *requestModelstring
- responseModelstring
- *providerstring
- inputTokensinteger
- inputImageTokensinteger
- inputTextTokensinteger
- inputAudioTokensinteger
- cachedInputTokensinteger
- cacheCreationInputTokensinteger
- outputTokensinteger
- outputImageTokensinteger
- outputTextTokensinteger
- outputAudioTokensinteger
- reasoningTokensinteger
- totalTokensinteger
- serviceTierstring
- countTokensinteger
- prompt
- *rolestring
- *contentstring
- completionstring[]
- *params
- temperaturenumber
- top_pnumber
- frequency_penaltynumber
- presence_penaltynumber
- seedinteger
- max_tokensinteger
- encoding_formatstring
- dimensionsinteger
- llmRequest
- source
- addressstring
- portinteger
- rawAddressstring
- rawPortinteger
- identity
- *trustDomainstring
- *namespacestring
- *serviceAccountstring
- subjectAltNamesstring[]
- issuerstring
- subjectstring
- subjectCnstring
- unverifiedWorkload
- namestring
- namespacestring
- serviceAccountstring
- mcp
- methodNamestring
- sessionIdstring
- tool
- *targetstring
- *namestring
- argumentsobject
- result
- error
- prompt
- targetstring
- namestring
- resource
- targetstring
- namestring
- backend
- namestring
- typestring
- protocolstring
- extauthzobject
- extprocobject
- metadataobject
request
request contains attributes about the incoming HTTP requestrequest.method
The HTTP method of the request. For example,
GETValidation
DefaultGET
request.uri
The complete URI of the request. For example,
http://example.com/path.Validation
Default/
request.host
The hostname of the request. For example,
example.com.Validation
Defaultnull
request.scheme
The scheme of the request. For example,
https.Validation
Defaultnull
request.path
The path of the request URI. For example,
/path.request.pathAndQuery
The path and query of the request URI. For example,
/path?foo=bar.Validation
Default/
request.version
The version of the request. For example,
HTTP/1.1.Validation
DefaultHTTP/1.1
request.headers
The headers of the request.
Validation
Default{}
request.body
The body of the request. Warning: accessing the body will cause the body to be buffered.
request.startTime
The time the request started
request.endTime
The time the request completed
response
response contains attributes about the HTTP responseresponse.code
The HTTP status code of the response.
Validation
Default0
Formatuint16
Minimum0
Maximum65535
response.headers
The headers of the response.
Validation
Default{}
response.body
The body of the response. Warning: accessing the body will cause the body to be buffered.
env
env contains selected process environment attributes exposed to CEL.This does NOT expose raw environment variables, but rather a subset of well-known variables.
env.podName
The name of the pod (when running on Kubernetes)
env.namespace
The namespace of the pod (when running on Kubernetes)
env.gateway
The Gateway we are running as (when running on Kubernetes)
jwt
jwt contains the claims from a verified JWT token. This is only present if the JWT policy is enabled.apiKey
apiKey contains the claims from a verified API Key. This is only present if the API Key policy is enabled.apiKey.key
No description for this field.
basicAuth
basicAuth contains the claims from a verified basic authentication Key. This is only present if the Basic authentication policy is enabled.basicAuth.username
No description for this field.
llm
llm contains attributes about an LLM request or response. This is only present when using an ai backend.llm.streaming
Whether the LLM response is streamed.
llm.requestModel
The model requested for the LLM request. This may differ from the actual model used.
llm.responseModel
The model that actually served the LLM response.
llm.provider
The provider of the LLM.
llm.inputTokens
The number of tokens in the input/prompt.
Validation
Formatuint64
Minimum0
llm.inputImageTokens
The number of image tokens in the input/prompt.
Validation
Formatuint64
Minimum0
llm.inputTextTokens
The number of text tokens in the input/prompt.
Note: this field is only set in multi-modal calls where the total token count is split out by
text/image/audio; for standard all-text calls, this is unset.
Note: this field is only set in multi-modal calls where the total token count is split out by
text/image/audio; for standard all-text calls, this is unset.
Validation
Formatuint64
Minimum0
llm.inputAudioTokens
The number of audio tokens in the input/prompt.
Validation
Formatuint64
Minimum0
llm.cachedInputTokens
The number of tokens in the input/prompt read from cache (savings)
Validation
Formatuint64
Minimum0
llm.cacheCreationInputTokens
Tokens written to cache (costs)
Not present with OpenAI
Not present with OpenAI
Validation
Formatuint64
Minimum0
llm.outputTokens
The number of tokens in the output/completion.
Validation
Formatuint64
Minimum0
llm.outputImageTokens
The number of image tokens in the output/completion.
Validation
Formatuint64
Minimum0
llm.outputTextTokens
The number of text tokens in the output/completion.
Validation
Formatuint64
Minimum0
llm.outputAudioTokens
The number of audio tokens in the output/completion.
Note: this field is only set in multi-modal calls where the total token count is split out by
text/image/audio; for standard all-text calls, this is unset.
Note: this field is only set in multi-modal calls where the total token count is split out by
text/image/audio; for standard all-text calls, this is unset.
Validation
Formatuint64
Minimum0
llm.reasoningTokens
The number of reasoning tokens in the output/completion.
Validation
Formatuint64
Minimum0
llm.totalTokens
The total number of tokens for the request.
Validation
Formatuint64
Minimum0
llm.serviceTier
The service tier the provider served the request under.
llm.countTokens
The number of tokens in the request, when using the token counting endpoint
These are not counted as 'input tokens' since they do not consume input tokens.
These are not counted as 'input tokens' since they do not consume input tokens.
Validation
Formatuint64
Minimum0
llm.prompt
The prompt sent to the LLM. Warning: accessing this has some performance impacts for large prompts.
llm.prompt.role
No description for this field.
llm.prompt.content
No description for this field.
llm.completion
The completion from the LLM. Warning: accessing this has some performance impacts for large responses.
llm.params
The parameters for the LLM request.
llm.params.temperature
No description for this field.
Validation
Formatdouble
llm.params.top_p
No description for this field.
Validation
Formatdouble
llm.params.frequency_penalty
No description for this field.
Validation
Formatdouble
llm.params.presence_penalty
No description for this field.
Validation
Formatdouble
llm.params.seed
No description for this field.
Validation
Formatint64
llm.params.max_tokens
No description for this field.
Validation
Formatuint64
Minimum0
llm.params.encoding_format
No description for this field.
llm.params.dimensions
No description for this field.
Validation
Formatuint64
Minimum0
llmRequest
llmRequest contains the raw LLM request before processing. This is only present *during* LLM policies;policies occurring after the LLM policy, such as logs, will not have this field present even for LLM requests.
source
source contains attributes about the source of the request.source.address
The IP address of the downstream connection.
Validation
Default0.0.0.0
Formatip
source.port
The port of the downstream connection.
Validation
Default0
Formatuint16
Minimum0
Maximum65535
source.rawAddress
The original TCP peer IP address of the downstream connection.
This can differ from the
This can differ from the
address when using tunneling protocols like PROXY.Validation
Default0.0.0.0
Formatip
source.rawPort
The original TCP peer port of the downstream connection.
This can differ from the
This can differ from the
port when using tunneling protocols like PROXY.Validation
Default0
Formatuint16
Minimum0
Maximum65535
source.identity
The (Istio SPIFFE) identity of the downstream connection, if available.
Validation
Defaultnull
source.identity.trustDomain
The trust domain of the identity.
source.identity.namespace
The namespace of the identity.
source.identity.serviceAccount
The service account of the identity.
source.subjectAltNames
The subject alt names from the downstream certificate, if available.
Validation
Default[]
source.issuer
The issuer from the downstream certificate, if available.
source.subject
The subject from the downstream certificate, if available.
source.subjectCn
The CN of the subject from the downstream certificate, if available.
Validation
Defaultnull
source.unverifiedWorkload
The workload context of the downstream connection, resolved from the
workload discovery store by source IP. Available when the source pod is
known to the controller's workload discovery store.
workload discovery store by source IP. Available when the source pod is
known to the controller's workload discovery store.
Fields are nested under
from the source IP (not cryptographically authenticated). Policy
authors should prefer
unverified to signal that they are derivedfrom the source IP (not cryptographically authenticated). Policy
authors should prefer
source.identity.* for trust-sensitive checks.source.unverifiedWorkload.name
The pod name of the source workload.
source.unverifiedWorkload.namespace
The namespace of the source workload.
source.unverifiedWorkload.serviceAccount
The service account of the source workload.
mcp
mcp contains attributes about the MCP request.Request-time CEL only includes identity fields such as
tool, prompt, or resource.Post-request CEL may also include fields like
methodName, sessionId, and tool payloads.mcp.methodName
No description for this field.
mcp.sessionId
No description for this field.
mcp.tool
No description for this field.
mcp.tool.target
The target handling the tool call after multiplexing resolution.
mcp.tool.name
The resolved tool name sent to the upstream target.
mcp.tool.arguments
The JSON arguments passed to the tool call.
mcp.tool.result
The terminal tool result payload, if available.
mcp.tool.error
The terminal JSON-RPC error payload, if available.
mcp.prompt
No description for this field.
mcp.prompt.target
The target of the resource
mcp.prompt.name
The name of the resource
mcp.resource
No description for this field.
mcp.resource.target
The target of the resource
mcp.resource.name
The name of the resource
backend
backend contains information about the backend being used.backend.name
The name of the backend being used. For example,
my-service or service/my-namespace/my-service:8080.backend.type
The type of backend.
Validation
Enumai, mcp, static, dynamic, service, unknown
Defaultunknown
backend.protocol
The protocol of backend.
Validation
Enumhttp, tcp, a2a, mcp, llm
Defaulthttp
extauthz
extauthz contains dynamic metadata from ext_authz filtersextproc
extproc contains dynamic metadata from ext_proc filtersmetadata
metadata contains values set by transformation metadata expressions.Was this page helpful?
