triggerdotdev
diff --git a/‎.changeset/plugin-auth-path.md‎
Lines changed: 5 additions & 0 deletions b/‎.changeset/plugin-auth-path.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.changeset/rbac-assignable-role-ids.md‎
Lines changed: 0 additions & 5 deletions b/‎.changeset/rbac-assignable-role-ids.md‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎.changeset/rbac-authenticate-authorize-arrays.md‎
Lines changed: 0 additions & 5 deletions b/‎.changeset/rbac-authenticate-authorize-arrays.md‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎.changeset/rbac-mutation-result-types.md‎
Lines changed: 0 additions & 5 deletions b/‎.changeset/rbac-mutation-result-types.md‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎.changeset/rbac-plugin-array-resources.md‎
Lines changed: 0 additions & 5 deletions b/‎.changeset/rbac-plugin-array-resources.md‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎.changeset/rbac-system-role-ids-method.md‎
Lines changed: 0 additions & 5 deletions b/‎.changeset/rbac-system-role-ids-method.md‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎.changeset/rbac-system-roles.md‎
Lines changed: 0 additions & 5 deletions b/‎.changeset/rbac-system-roles.md‎
Lines changed: 0 additions & 5 deletions
@@ -0,0 +1,5 @@
+---
+"@trigger.dev/plugins": patch
+---
+
+Consolidate authentication and authorization into the `RoleBaseAccessController` contract. The interface now covers the full per-request flow — authenticate the caller, return a pre-built ability, optionally fold in an action + resource check — for both Bearer (API key + PAT + Public JWT) and session-cookie callers. Replaces several ad-hoc auth helpers consumers were stitching together themselves. Resources passed to `ability.can` may be a single `RbacResource` or an array (any element matches, for records addressable by multiple identifiers). Mutation methods return discriminated `Result` types so user-facing error strings flow through without try/catch.
-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@trigger.dev/plugins": patch
 +---
++
 +Consolidate authentication and authorization into the `RoleBaseAccessController` contract. The interface now covers the full per-request flow — authenticate the caller, return a pre-built ability, optionally fold in an action + resource check — for both Bearer (API key + PAT + Public JWT) and session-cookie callers. Replaces several ad-hoc auth helpers consumers were stitching together themselves. Resources passed to `ability.can` may be a single `RbacResource` or an array (any element matches, for records addressable by multiple identifiers). Mutation methods return discriminated `Result` types so user-facing error strings flow through without try/catch.