Abilities API: Use the public meta flag for core abilities#12517
Abilities API: Use the public meta flag for core abilities#12517gziolo wants to merge 3 commits into
public meta flag for core abilities#12517Conversation
Switch the three core abilities (`core/get-site-info`, `core/get-user-info`, and `core/get-environment-info`) from `meta.show_in_rest` to the higher-level `meta.public` flag. The `public` flag seeds `show_in_rest`, so REST exposure stays the same. Other channels (MCP, AI agents) can now read the intent through the `wp_register_ability_args` filter. Follow-up to PR WordPress#12463. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the Core Committers: Use this line as a base for the props when committing in SVN: To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
Test using WordPress PlaygroundThe changes in this pull request can previewed and tested using a WordPress Playground instance. WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser. Some things to be aware of
For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation. |
There was a problem hiding this comment.
Pull request overview
Updates WordPress core Abilities API registrations to use the new high-level meta.public flag (introduced in #12463) as the source of truth for client exposure, while preserving REST exposure via the existing show_in_rest null-coalescing default.
Changes:
- Switch core abilities from
meta.show_in_rest => truetometa.public => truein core registration. - Update PHPUnit assertions to verify
meta.publicis set for the three core abilities while still confirmingshow_in_restresolves totrue.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
src/wp-includes/abilities.php |
Sets meta.public for the three core abilities, relying on core defaulting to derive meta.show_in_rest. |
tests/phpunit/tests/abilities-api/wpRegisterCoreAbilities.php |
Adds assertions that public is true while keeping show_in_rest assertions to confirm REST exposure remains enabled. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Make the `public` meta flag default to false so it is always present in the resolved meta, and authors opt in explicitly. A null value is treated as unset. Reword the flag documentation across the class, registry, REST schema, and `wp_register_ability()`. Describe it as "available to clients such as the REST API, MCP, or AI agents", note the false default, and mention that per-channel settings such as `show_in_rest` can override it. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
@mukeshpanchal27, appreciate your review. I applied some follow-up changes to improve the documentation via c832138. I plan another pass after reviewing PHPDoc in other places that document the example usage of the Abilities API to promote the revised approach. |
…` docs. Update the examples and guidance in the Abilities API documentation to use the high-level `public` flag instead of `show_in_rest`. Rename the "REST API Integration" section to "Client Exposure", explain that `public` seeds the per-channel defaults, and show how to override a single channel such as `show_in_rest`. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Follow-up to #12463, which introduced the
publicflag in ability metadata as a single high-level control over client exposure.This change adopts that flag for the core abilities shipped with WordPress. The three core abilities now declare
meta.publicinstead ofmeta.show_in_rest:core/get-site-infocore/get-user-infocore/get-environment-infoWhy
publicseedsshow_in_restthrough the null-coalescing chain (show_in_rest = meta['show_in_rest'] ?? meta['public'] ?? false), so REST exposure stays exactly the same. Usingpublicalso keeps the intent in stored metadata, so other channels (MCP, AI agents) can read it through thewp_register_ability_argsfilter. An explicitshow_in_rest: falsewould still win if a channel ever needs to opt out.Testing
Each
..._ability_is_registeredtest now asserts thatpublicistrueand keeps theshow_in_restassertion to confirm the flag still enables REST exposure.Trac ticket: https://core.trac.wordpress.org/ticket/65568
🤖 Generated with Claude Code