It's extremely late here so I don't really have the thinking power to explain in detail, but having a truly "custom roles" bot is technically impossible. There can be a "role creator" command(s) and "custom rules" commands, but that's still limited to whatever is already in the bot's programming. Anything beyond that would require modding of the bot by the host or bot owner (similar to how you can mod video and computer games with new maps and weapons and whatnot).
Adding additional roles and having multiple modes (such as "classic" mafia, "updated" mafia, "custom" mafia where you can change various settings such as day/night length) shouldn't be difficult, however. It just depends on how much new stuff needs to be added to the bot and how many/which settings need to be customizable.
Oh, you can have pretty extreme customization if you allow code snippets to be evaluated, e.g.:
!addrole hooker priority=1000 query="hook %target" tags=hooker code="deschedule_where(user = target, message = ...)" description="..."
!addrole bodyguard priority=900 query="protect %target" tags=bodyguard code="deschedule_where(action = 'kill', target = target, message = ...)" description="..."
!addrole inspector priority=100 query="inspect %target" tags=inspector code="send(user, target.role.description)" description="..."
!addrole thief priority=100 query="steal from %target" tags=thief code="user.items += target.items; target.items = []; send(user, 'you got ' + target.items); send(target, 'your items were stolen')" description="..."
!addrole redirect priority=1200 query="redirect %target1 to %target2" tags=redirect code="target1.target = target2" description="..."
!addrole mayor day_query="vote %target" day_code="vote[user] = (target, 2)" description="..."
etc.
The main problem with that system is that it's a gaping security hole (afaik there are no facilities in python to make it safe), but the point is, you could have a system with full customization. In any case, if I was to remake mafiabot, it should be that easy to make new roles, but the host would need to add them to a configuration file, not through the security liability that !addrole would be.