WordPress · jorgefilipecosta · Oct 23, 2025 · Oct 24, 2025 · Oct 24, 2025 · Oct 24, 2025
diff --git a/src/wp-includes/abilities/wp-core-abilities.php b/src/wp-includes/abilities/wp-core-abilities.php
@@ -0,0 +1,270 @@
+<?php
+/**
+ * Core Abilities registration.
+ *
+ * @package WordPress
+ * @subpackage Abilities_API
+ * @since 6.9.0
+ */
+
+declare( strict_types = 1 );
+/**
+ * Registers the core ability categories.
+ *
+ * @since 6.9.0
+ *
+ * @return void
+ */
+function wp_register_core_ability_categories(): void {
+	wp_register_ability_category(
+		'site',
+		array(
+			'label'       => __( 'Site' ),
+			'description' => __( 'Abilities that retrieve or modify site information and settings.' ),
+		)
+	);
+
+	wp_register_ability_category(
+		'user',
+		array(
+			'label'       => __( 'User' ),
+			'description' => __( 'Abilities that retrieve or modify user information and settings.' ),
+		)
+	);
+}
+
+/**
+ * Registers the default core abilities.
+ *
+ * @since 6.9.0
+ *
+ * @return void
+ */
+function wp_register_core_abilities(): void {
+	$category_site = 'site';
+	$category_user = 'user';
+
+	$site_info_fields = array(
+		'name',
+		'description',
+		'url',
+		'wpurl',
+		'admin_email',
+		'charset',
+		'language',
+		'version',
+	);
+
+	wp_register_ability(
+		'core/get-site-info',
+		array(
+			'label'               => __( 'Get Site Information' ),
+			'description'         => __( 'Returns site information configured in WordPress. By default returns all fields, or optionally a filtered subset.' ),
+			'category'            => $category_site,
+			'input_schema'        => array(
+				'type'                 => 'object',
+				'properties'           => array(
+					'fields' => array(
+						'type'        => 'array',
+						'items'       => array(
+							'type' => 'string',
+							'enum' => $site_info_fields,
+						),
+						'description' => __( 'Optional: Limit response to specific fields. If omitted, all fields are returned.' ),
+					),
+				),
+				'additionalProperties' => false,
+				'default'              => array(),
+			),
+			'output_schema'       => array(
+				'type'                 => 'object',
+				'properties'           => array(
+					'name'        => array(
+						'type'        => 'string',
+						'description' => __( 'The site title.' ),
+					),
+					'description' => array(
+						'type'        => 'string',
+						'description' => __( 'The site tagline.' ),
+					),
+					'url'         => array(
+						'type'        => 'string',
+						'description' => __( 'The site home URL.' ),
+					),
+					'wpurl'       => array(
+						'type'        => 'string',
+						'description' => __( 'The WordPress installation URL.' ),
+					),
+					'admin_email' => array(
+						'type'        => 'string',
+						'description' => __( 'The site administrator email address.' ),
+					),
+					'charset'     => array(
+						'type'        => 'string',
+						'description' => __( 'The site character encoding.' ),
+					),
+					'language'    => array(
+						'type'        => 'string',
+						'description' => __( 'The site language locale code.' ),
+					),
+					'version'     => array(
+						'type'        => 'string',
+						'description' => __( 'The WordPress version.' ),
+					),
+				),
+				'additionalProperties' => false,
+			),
+			'execute_callback'    => static function ( $input = array() ) use ( $site_info_fields ): array {
+				$input = is_array( $input ) ? $input : array();
+				$requested_fields = ! empty( $input['fields'] ) ? $input['fields'] : $site_info_fields;
+
+				$result = array();
+				foreach ( $requested_fields as $field ) {
+					$result[ $field ] = get_bloginfo( $field );
+				}
+
+				return $result;
+			},
+			'permission_callback' => static function (): bool {
+				return current_user_can( 'manage_options' );
+			},
+			'meta'                => array(
+				'annotations'  => array(
+					'readonly'    => true,
+					'destructive' => false,
+					'idempotent'  => true,
+				),
+				'show_in_rest' => true,
+			),
+		)
+	);
+
+	wp_register_ability(
+		'core/get-user-info',
+		array(
+			'label'               => __( 'Get User Information' ),
+			'description'         => __( 'Returns basic profile details for the current authenticated user to support personalization, auditing, and access-aware behavior.' ),
+			'category'            => $category_user,
+			'output_schema'       => array(
+				'type'                 => 'object',
+				'required'             => array( 'id', 'display_name', 'user_nicename', 'user_login', 'roles', 'locale' ),
+				'properties'           => array(
+					'id'            => array(
+						'type'        => 'integer',
+						'description' => __( 'The user ID.' ),
+					),
+					'display_name'  => array(
+						'type'        => 'string',
+						'description' => __( 'The display name of the user.' ),
+					),
+					'user_nicename' => array(
+						'type'        => 'string',
+						'description' => __( 'The URL-friendly name for the user.' ),
+					),
+					'user_login'    => array(
+						'type'        => 'string',
+						'description' => __( 'The login username for the user.' ),
+					),
+					'roles'         => array(
+						'type'        => 'array',
+						'description' => __( 'The roles assigned to the user.' ),
+						'items'       => array(
+							'type' => 'string',
+						),
+					),
+					'locale'        => array(
+						'type'        => 'string',
+						'description' => __( 'The locale string for the user, such as en_US.' ),
+					),
+				),
+				'additionalProperties' => false,
+			),
+			'execute_callback'    => static function (): array {
+				$current_user = wp_get_current_user();
+
+				return array(
+					'id'            => $current_user->ID,
+					'display_name'  => $current_user->display_name,
+					'user_nicename' => $current_user->user_nicename,
+					'user_login'    => $current_user->user_login,
+					'roles'         => $current_user->roles,
+					'locale'        => get_user_locale( $current_user ),
+				);
+			},
+			'permission_callback' => static function (): bool {
+				return is_user_logged_in();
+			},
+			'meta'                => array(
+				'annotations'  => array(
+					'readonly'    => true,
+					'destructive' => false,
+					'idempotent'  => true,
+				),
+				'show_in_rest' => false,
+			),
+		)
+	);
+
+	wp_register_ability(
+		'core/get-environment-info',
+		array(
+			'label'               => __( 'Get Environment Info' ),
+			'description'         => __( 'Returns core details about the site\'s runtime context for diagnostics and compatibility (environment, PHP runtime, database server info, WordPress version).' ),
+			'category'            => $category_site,
+			'output_schema'       => array(
+				'type'                 => 'object',
+				'required'             => array( 'environment', 'php_version', 'db_server_info', 'wp_version' ),
+				'properties'           => array(
+					'environment'    => array(
+						'type'        => 'string',
+						'description' => __( 'The site\'s runtime environment classification (can be one of these: production, staging, development, local).' ),
+						'enum'        => array( 'production', 'staging', 'development', 'local' ),
+					),
+					'php_version'    => array(
+						'type'        => 'string',
+						'description' => __( 'The PHP runtime version executing WordPress.' ),
+					),
+					'db_server_info' => array(
+						'type'        => 'string',
+						'description' => __( 'The database server vendor and version string reported by the driver.' ),
+						'examples'    => array( '8.0.34', '10.11.6-MariaDB' ),
+					),
+					'wp_version'     => array(
+						'type'        => 'string',
+						'description' => __( 'The WordPress core version running on this site.' ),
+					),
+				),
+				'additionalProperties' => false,
+			),
+			'execute_callback'    => static function (): array {
+				global $wpdb;
+
+				$env          = wp_get_environment_type();
+				$php_version  = phpversion();
+				$db_server_info  = '';
+				if ( method_exists( $wpdb, 'db_server_info' ) ) {
+					$db_server_info = $wpdb->db_server_info() ?? '';
+				}
+				$wp_version   = get_bloginfo( 'version' );
+
+				return array(
+					'environment'    => $env,
+					'php_version'    => $php_version,
+					'db_server_info' => $db_server_info,
+					'wp_version'     => $wp_version,
+				);
+			},
+			'permission_callback' => static function (): bool {
+				return current_user_can( 'manage_options' );
+			},
+			'meta'                => array(
+				'annotations'  => array(
+					'readonly'    => true,
+					'destructive' => false,
+					'idempotent'  => true,
+				),
+				'show_in_rest' => true,
+			),
+		)
+	);
+}
diff --git a/src/wp-includes/default-filters.php b/src/wp-includes/default-filters.php
@@ -532,6 +532,10 @@
 add_action( 'rest_api_init', 'create_initial_rest_routes', 99 );
 add_action( 'parse_request', 'rest_api_loaded' );
 
+// Abilities API.
+add_action( 'wp_abilities_api_categories_init', 'wp_register_core_ability_categories' );
+add_action( 'wp_abilities_api_init', 'wp_register_core_abilities' );
+
 // Sitemaps actions.
 add_action( 'init', 'wp_sitemaps_get_server' );
 

diff --git a/src/wp-settings.php b/src/wp-settings.php
@@ -290,6 +290,7 @@
 require ABSPATH . WPINC . '/abilities-api/class-wp-ability.php';
 require ABSPATH . WPINC . '/abilities-api/class-wp-abilities-registry.php';
 require ABSPATH . WPINC . '/abilities-api.php';
+require ABSPATH . WPINC . '/abilities/wp-core-abilities.php';
 require ABSPATH . WPINC . '/rest-api.php';
 require ABSPATH . WPINC . '/rest-api/class-wp-rest-server.php';
 require ABSPATH . WPINC . '/rest-api/class-wp-rest-response.php';

diff --git a/tests/phpunit/includes/functions.php b/tests/phpunit/includes/functions.php
@@ -364,3 +364,26 @@ function _unhook_font_registration() {
 	remove_action( 'init', '_wp_register_default_font_collections' );
 }
 tests_add_filter( 'init', '_unhook_font_registration', 1000 );
+
+/**
+ * Before the abilities API categories init action runs, unhook the core ability
+ * categories registration function to prevent core categories from being registered
+ * during tests.
+ *
+ * @since 6.9.0
+ */
+function _unhook_core_ability_categories_registration() {
+	remove_action( 'wp_abilities_api_categories_init', 'wp_register_core_ability_categories' );
+}
+tests_add_filter( 'wp_abilities_api_categories_init', '_unhook_core_ability_categories_registration', 1 );
+
+/**
+ * Before the abilities API init action runs, unhook the core abilities
+ * registration function to prevent core abilities from being registered during tests.
+ *
+ * @since 6.9.0
+ */
+function _unhook_core_abilities_registration() {
+	remove_action( 'wp_abilities_api_init', 'wp_register_core_abilities' );
+}
+tests_add_filter( 'wp_abilities_api_init', '_unhook_core_abilities_registration', 1 );