Add support for role scope trait.

[ggreer]

Summary by CodeRabbit

• New Features

  • Added RoleScopeTrait to associate roles with scoped resources.
  • Added ResourceDoesNotExist message for clearer error signaling.
  • New resource helpers and constructor to create resources with RoleScopeTrait.
  • Extended ResourceType enum to include a RoleScope trait.

• New Validation

  • Generated validation entry points and structured error types for RoleScope-related messages and ResourceDoesNotExist.
  • Validation supports single-error and aggregate-all reporting modes.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds RoleScopeTrait, RoleScopeConditions, and ResourceDoesNotExist protobuf messages; registers TRAIT_ROLE_SCOPE in ResourceType.Trait; generates Go validation scaffolding for the new messages; and adds resource helper options and a NewRoleScopeResource constructor to manage RoleScopeTrait on resources.

Changes

Cohort / File(s)	Summary
Protobuf message additions proto/c1/connector/v2/annotation_trait.proto, proto/c1/connector/v2/annotation_resource.proto	Adds RoleScopeConditions, RoleScopeCondition, RoleScopeTrait (fields: role_id, scope_resource_id) and ResourceDoesNotExist messages.
Proto enum update proto/c1/connector/v2/resource.proto	Adds enum value TRAIT_ROLE_SCOPE = 7 to ResourceType.Trait.
Generated validation code: trait pb/c1/connector/v2/annotation_trait.pb.validate.go	Adds Validate()/ValidateAll(), internal validate(all bool), multi-error types, and structured validation errors for RoleScopeConditions, RoleScopeCondition, and RoleScopeTrait; integrates nested validation into RoleTrait.
Generated validation code: resource pb/c1/connector/v2/annotation_resource.pb.validate.go	Adds Validate()/ValidateAll(), internal validate(all bool), multi-error and structured validation error types for ResourceDoesNotExist (scaffolded; no concrete field rules yet).
Resource helpers & constructors pkg/types/resource/role_scope_trait.go, pkg/types/resource/role_trait.go, pkg/types/resource/resource.go	Adds RoleScopeTraitOption and option constructors (WithRoleScopeRoleId, WithRoleScopeResourceId, WithRoleScopeConditions), GetRoleScopeTrait(), WithRoleScopeTrait() resource option, and NewRoleScopeResource() constructor.
Minor formatting tweaks proto/c1/connector/v2/annotation_resource_tree.proto, proto/c1/connector/v2/annotation_security_insight.proto, proto/c1/connector/v2/connector.proto	Small whitespace/newline changes only; no semantic or API changes.

Sequence Diagram(s)

(omitted — changes are additive protobufs, generated validators, and local helper functions without a multi-component sequential flow that warrants a diagram)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested reviewers

• jirwin
• loganintech

Poem

🐇 I hopped through proto fields and code,
I stitched a scope where roles can go,
validators hummed in neat array,
helpers baked to set the way,
a carrot nod — now off I go! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 58.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'Add support for role scope trait' directly and concisely summarizes the primary change: introducing new role scope trait functionality across protobuf definitions, validation handlers, and Go helper functions.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@pkg/types/resource/resource.go`:
- Around line 331-332: The doc comment for NewRoleScopeResource incorrectly
claims "configured with the provided profile" (copied from NewRoleResource);
update the comment to accurately describe that the returned resource includes a
RoleScopeTrait configured with role_id and scope_resource_id (reference
RoleScopeTrait and NewRoleScopeResource) instead of mentioning a profile, and
remove any leftover wording specific to RoleResource to avoid confusion.

In `@pkg/types/resource/role_scope_trait.go`:
- Around line 26-27: Update the doc comment above the GetRoleScopeTrait function
so the first word matches the function name (replace "GetRoleTrait" with
"GetRoleScopeTrait"); ensure the comment still describes that it attempts to
return the RoleScopeTrait instance on a resource and references
v2.RoleScopeTrait and the resource parameter consistently.

🧹 Nitpick comments (1)

proto/c1/connector/v2/annotation_trait.proto (1)

85-89: Consider adding validation rules for required fields.

The message definition looks correct and follows existing trait patterns. However, neither role_id nor scope_resource_id has validation rules. If both fields are semantically required for a valid RoleScopeTrait, consider adding [(validate.rules).message = {required: true}] to enforce this at the proto level.

[kans]

Can we change the name to something more general? We are just binding two other resources here.