[wp-trac] [WordPress Trac] #64455: WordPress Core Abilities

Fri Dec 26 20:03:59 UTC 2025

#64455: WordPress Core Abilities
------------------------------+--------------------
 Reporter:  jorgefilipecosta  |      Owner:  (none)
     Type:  defect (bug)      |     Status:  new
 Priority:  high              |  Milestone:  7.0
Component:  AI                |    Version:  trunk
 Severity:  normal            |   Keywords:
  Focuses:                    |
------------------------------+--------------------
 Quoted from https://github.com/WordPress/ai/issues/40. As the Abilities
 API is developed for inclusion in WordPress Core, we need to define a
 default set of abilities that will be bundled with it. This proposal
 outlines a foundational set of abilities intended to be safe, useful for
 the majority of use cases, and non-destructive by default.

 All ability names below follow the established namespace/ability-name
 convention enforced by the API. The core namespace is used to designate
 that they are part of the WordPress Core set.

 ==== Proposed Core Abilities ====

 '''Site and Settings''' - core/get-site-info - core/get-settings - core
 /update-settings

 '''Users''' - core/get-current-user - core/get-user - core/find-users -
 core/update-user-profile

 '''Posts and Pages''' - core/find-posts - core/get-post - core/create-post
 - core/update-post - core/find-pages - core/get-page - core/create-page -
 core/update-page

 '''Media''' - core/find-media-items - core/get-media-item - core/upload-
 media-item - core/update-media-item

 '''Comments''' - core/find-comments - core/get-comment

 '''Taxonomy''' - core/find-categories - core/get-category - core/find-tags
 - core/get-tag

 '''Menus''' - core/get-menu-locations - core/get-menu

 '''Themes''' - core/get-active-theme - core/list-themes

 '''Plugins''' - core/list-plugins - core/get-plugin - core/activate-plugin
 - core/deactivate-plugin - core/update-plugin

 ==== Out of Scope for this Proposal ====

 * ''Deleting'' content, users, or media.
 * Installing or uninstalling plugins and themes.
 * Theme switching.
 * Creating or modifying menus.
 * Any actions that cannot be easily reversed.

 ==== Open Questions ====

 # '''Plugin Management''': This proposal includes abilities to activate,
 deactivate, and update plugins. Given the potential for site instability,
 what guardrails are essential? Should these actions be limited to an
 allowlist of specific plugins by default to prevent unintended changes?
 # '''Destructive Actions''': This initial set deliberately excludes
 destructive actions like deleting posts or users. Should a future version
 include them? If so, what additional security measures, like a ‘trash’ or
 ‘undo’ ability, would be required to maintain a high degree of safety?

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/64455>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform