feat(plugin): support plugin-defined roles

[adityathebe]

Plugins can now declare roles in their manifest and Mission Control resolves matching plugin-role:<plugin>:<role> permissions during invocation.

Mission Control still only enforces invoke:<plugin>:<operation> for access, then forwards any resolved roles in the short-lived invocation JWT.

The plugin SDK exposes those roles to gRPC and HTTP operation handlers so plugins can apply their own role-aware authorization.

[coderabbitai]

Warning

Rate limit exceeded

@adityathebe has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 3 minutes and 57 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 09575026-03f3-4ae3-ac65-dfc2580a7a58

📥 Commits

Reviewing files that changed from the base of the PR and between 3876562 and a644b4b.

⛔ Files ignored due to path filters (1)

• plugin/proto/plugin.pb.go is excluded by !**/*.pb.go

📒 Files selected for processing (10)

• AGENTS.md
• auth/plugin_invocation.go
• plugin/controller/controller.go
• plugin/controller/proxy.go
• plugin/controller/roles.go
• plugin/proto/plugin.proto
• plugin/runtime/invoke.go
• plugin/sdk/caller_context.go
• plugin/sdk/sdk.go
• plugin/sdk/server.go

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/plugin-roles

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch feat/plugin-roles

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}