AgentgatewayPolicy backend.ai.promptGuard.request.regex.action should be an Enum

[DuncanDoyle]

kgateway version

v2.2

Kubernetes Version

v1.31

Describe the bug

The AgentgatewayPolicy promptguard regex configuration accepts a string for its action property. The allowed actions seems to be predefined list including:

• MASK (default)
• REJECT

... and since this is a pre-defined list of actions, we should use an "enum" type instead of a "string" type for this property to make the API easier to consume.

Also note that when you currently put a random string value in the action, the policy is accepted and there is not status on the CR that indicates you have incorrectly configured the CR.

Expected Behavior

AgentgatewayPolicy and AgentgatewayBackend should use an enum type for the backend.ai.promptGuard.request.regex.action field.

Steps to reproduce the bug

Create an AgentgatewayBackend CRD with a promptguard action set to BLA.

apiVersion: agentgateway.dev/v1alpha1
kind: AgentgatewayBackend
metadata:
  labels:
    app: agentgateway
  name: openai
  namespace: agentgateway-system
spec:
  ai:
    provider:
      openai: {}
  policies:
    ai:
      routes:
        "/v1/chat/completions": "Completions"
        "/v1/responses": "Responses"
        "*": "Passthrough"
      promptGuard:
        request:
        - regex:
            action: BLA
            builtins:
            - CreditCard
          response: 
            message: "Rejected due to disallowed data patterns in request prompt."
            statusCode: 403
    auth:
      secretRef:
        name: openai-secret

Additional Environment Detail

n.a.

Additional Context

No response