Add initial core abilities for WordPress 6.9 (#108)

## Add initial core abilities for WordPress

Implements three foundational abilities in the `core/` namespace:

- **core/get-site-info**: Returns site configuration fields (name, url, version, etc.)  
  Supports optional field filtering with all fields returned by default.  
  Requires `manage_options` capability.

- **core/get-user-info**: Returns authenticated user profile data (id, roles, locale, etc.)  
  Requires user authentication.

- **core/get-environment-info**: Returns runtime environment details (PHP version,  
  database server, WordPress version, environment type).  
  Requires `manage_options` capability.

### Key decisions

- Uses `core/` namespace to align with Gutenberg conventions  
- Organizes abilities into “site” and “user” categories  
- Self-documenting schemas with default values for optional inputs  
- Input normalization handles empty REST API calls gracefully

Addresses **#105**

**Co-authored-by:**
- Jameswlepage <isotropic@git.wordpress.org>  
- JasonTheAdams <jason_the_adams@git.wordpress.org>  
- gziolo <gziolo@git.wordpress.org>  
- justlevine <justlevine@git.wordpress.org>

Author: Jameswlepage

includes/abilities-api/class-wp-ability.php

@@ -320,6 +320,27 @@ public function get_input_schema(): array {
 		return $this->input_schema;
 	}
 
+	/**
+	 * Applies the defined input default when no input is provided.
+	 *
+	 * @since 0.4.0
+	 *
+	 * @param mixed $input Optional. The raw input provided for the ability. Default `null`.
+	 * @return mixed The input with the schema default applied when available.
+	 */
+	public function normalize_input( $input = null ) {
+		if ( null !== $input ) {
+			return $input;
+		}
+
+		$input_schema = $this->get_input_schema();
+		if ( ! empty( $input_schema ) && array_key_exists( 'default', $input_schema ) ) {
+			return $input_schema['default'];
+		}
+
+		return null;
+	}
+
 	/**
 	 * Retrieves the output schema for the ability.
 	 *
@@ -436,6 +457,7 @@ protected function invoke_callback( callable $callback, $input = null ) {
 	 * @return bool|\WP_Error Whether the ability has the necessary permission.
 	 */
 	public function check_permissions( $input = null ) {
+		$input    = $this->normalize_input( $input );
 		$is_valid = $this->validate_input( $input );
 		if ( is_wp_error( $is_valid ) ) {
 			return $is_valid;
@@ -522,6 +544,7 @@ protected function validate_output( $output ) {
 	 * @return mixed|\WP_Error The result of the ability execution, or WP_Error on failure.
 	 */
 	public function execute( $input = null ) {
+		$input           = $this->normalize_input( $input );
 		$has_permissions = $this->check_permissions( $input );
 		if ( true !== $has_permissions ) {
 			if ( is_wp_error( $has_permissions ) ) {

includes/abilities/class-wp-core-abilities.php

@@ -0,0 +1,317 @@
+<?php
+/**
+ * Core Abilities registration.
+ *
+ * @package WordPress
+ * @subpackage Abilities_API
+ * @since 0.3.0
+ */
+
+declare( strict_types = 1 );
+
+/**
+ * Registers the default core abilities that ship with the Abilities API.
+ *
+ * @since 0.3.0
+ */
+// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound -- Core class intended for WordPress core.
+final class WP_Core_Abilities {
+	/**
+	 * Category slugs for core abilities.
+	 *
+	 * @since 0.3.0
+	 */
+	public const CATEGORY_SITE = 'site';
+	public const CATEGORY_USER = 'user';
+	/**
+	 * Registers the core abilities categories.
+	 *
+	 * @since 0.3.0
+	 *
+	 * @return void
+	 */
+	public static function register_category(): void {
+		// Site-related capabilities
+		wp_register_ability_category(
+			self::CATEGORY_SITE,
+			array(
+				'label'       => __( 'Site' ),
+				'description' => __( 'Abilities that retrieve or modify site information and settings.' ),
+			)
+		);
+
+		// User-related capabilities
+		wp_register_ability_category(
+			self::CATEGORY_USER,
+			array(
+				'label'       => __( 'User' ),
+				'description' => __( 'Abilities that retrieve or modify user information and settings.' ),
+			)
+		);
+	}
+
+	/**
+	 * Registers the default core abilities.
+	 *
+	* @since 0.3.0
+	 *
+	 * @return void
+	 */
+	public static function register(): void {
+		self::register_get_site_info();
+		self::register_get_user_info();
+		self::register_get_environment_info();
+	}
+
+	/**
+	 * Registers the `core/get-site-info` ability.
+	 *
+	 * @since 0.3.0
+	 *
+	 * @return void
+	 */
+	protected static function register_get_site_info(): void {
+		$fields = array(
+			'name',
+			'description',
+			'url',
+			'wpurl',
+			'admin_email',
+			'charset',
+			'language',
+			'version',
+		);
+
+		wp_register_ability(
+			'core/get-site-info',
+			array(
+				'label'               => __( 'Get Site Information' ),
+				'description'         => __( 'Returns site information configured in WordPress. By default returns all fields, or optionally a filtered subset.' ),
+				'category'            => self::CATEGORY_SITE,
+				'input_schema'        => array(
+					'type'                 => 'object',
+					'properties'           => array(
+						'fields' => array(
+							'type'        => 'array',
+							'items'       => array(
+								'type' => 'string',
+								'enum' => $fields,
+							),
+							'description' => __( 'Optional: Limit response to specific fields. If omitted, all fields are returned.' ),
+						),
+					),
+					'additionalProperties' => false,
+					'default'              => array(),
+				),
+				'output_schema'       => array(
+					'type'                 => 'object',
+					'properties'           => array(
+						'name'        => array(
+							'type'        => 'string',
+							'description' => __( 'The site title.' ),
+						),
+						'description' => array(
+							'type'        => 'string',
+							'description' => __( 'The site tagline.' ),
+						),
+						'url'         => array(
+							'type'        => 'string',
+							'description' => __( 'The site home URL.' ),
+						),
+						'wpurl'       => array(
+							'type'        => 'string',
+							'description' => __( 'The WordPress installation URL.' ),
+						),
+						'admin_email' => array(
+							'type'        => 'string',
+							'description' => __( 'The site administrator email address.' ),
+						),
+						'charset'     => array(
+							'type'        => 'string',
+							'description' => __( 'The site character encoding.' ),
+						),
+						'language'    => array(
+							'type'        => 'string',
+							'description' => __( 'The site language locale code.' ),
+						),
+						'version'     => array(
+							'type'        => 'string',
+							'description' => __( 'The WordPress version.' ),
+						),
+					),
+					'additionalProperties' => false,
+				),
+				'execute_callback'    => static function ( $input = array() ): array {
+					$input = is_array( $input ) ? $input : array();
+					$all_fields       = array( 'name', 'description', 'url', 'wpurl', 'admin_email', 'charset', 'language', 'version' );
+					$requested_fields = ! empty( $input['fields'] ) ? $input['fields'] : $all_fields;
+
+					$result = array();
+					foreach ( $requested_fields as $field ) {
+						$result[ $field ] = get_bloginfo( $field );
+					}
+
+					return $result;
+				},
+				'permission_callback' => static function (): bool {
+					return current_user_can( 'manage_options' );
+				},
+				'meta'                => array(
+					'annotations'  => array(
+						'readonly'    => true,
+						'destructive' => false,
+						'idempotent'  => true,
+					),
+					'show_in_rest' => true,
+				),
+			)
+		);
+	}
+
+	/**
+	 * Registers the `core/get-user-info` ability.
+	 *
+	 * @since 0.3.0
+	 *
+	 * @return void
+	 */
+	protected static function register_get_user_info(): void {
+		wp_register_ability(
+			'core/get-user-info',
+			array(
+				'label'               => __( 'Get User Information' ),
+				'description'         => __( 'Returns basic profile details for the current authenticated user to support personalization, auditing, and access-aware behavior.' ),
+				'category'            => self::CATEGORY_USER,
+				'output_schema'       => array(
+					'type'                 => 'object',
+					'required'             => array( 'id', 'display_name', 'user_nicename', 'user_login', 'roles', 'locale' ),
+					'properties'           => array(
+						'id'            => array(
+							'type'        => 'integer',
+							'description' => __( 'The user ID.' ),
+						),
+						'display_name'  => array(
+							'type'        => 'string',
+							'description' => __( 'The display name of the user.' ),
+						),
+						'user_nicename' => array(
+							'type'        => 'string',
+							'description' => __( 'The URL-friendly name for the user.' ),
+						),
+						'user_login'    => array(
+							'type'        => 'string',
+							'description' => __( 'The login username for the user.' ),
+						),
+						'roles'         => array(
+							'type'        => 'array',
+							'description' => __( 'The roles assigned to the user.' ),
+							'items'       => array(
+								'type' => 'string',
+							),
+						),
+						'locale'        => array(
+							'type'        => 'string',
+							'description' => __( 'The locale string for the user, such as en_US.' ),
+						),
+					),
+					'additionalProperties' => false,
+				),
+				'execute_callback'    => static function (): array {
+					$current_user = wp_get_current_user();
+
+					return array(
+						'id'            => $current_user->ID,
+						'display_name'  => $current_user->display_name,
+						'user_nicename' => $current_user->user_nicename,
+						'user_login'    => $current_user->user_login,
+						'roles'         => $current_user->roles,
+						'locale'        => get_user_locale( $current_user ),
+					);
+				},
+				'permission_callback' => static function (): bool {
+					return is_user_logged_in();
+				},
+				'meta'                => array(
+					'annotations'  => array(
+						'readonly'    => true,
+						'destructive' => false,
+						'idempotent'  => true,
+					),
+					'show_in_rest' => false,
+				),
+			)
+		);
+	}
+
+	/**
+	 * Registers the `core/get-environment-info` ability.
+	 *
+	 * @since 0.3.0
+	 *
+	 * @return void
+	 */
+	protected static function register_get_environment_info(): void {
+		wp_register_ability(
+			'core/get-environment-info',
+			array(
+				'label'               => __( 'Get Environment Info' ),
+				'description'         => __( 'Returns core details about the site\'s runtime context for diagnostics and compatibility (environment, PHP runtime, database server info, WordPress version).' ),
+				'category'            => self::CATEGORY_SITE,
+				'output_schema'       => array(
+					'type'                 => 'object',
+					'required'             => array( 'environment', 'php_version', 'db_server_info', 'wp_version' ),
+					'properties'           => array(
+						'environment'    => array(
+							'type'        => 'string',
+							'description' => __( 'The site\'s runtime environment classification (e.g., production, staging, development).' ),
+							'examples'    => array( 'production', 'staging', 'development', 'local' ),
+						),
+						'php_version'    => array(
+							'type'        => 'string',
+							'description' => __( 'The PHP runtime version executing WordPress.' ),
+						),
+						'db_server_info' => array(
+							'type'        => 'string',
+							'description' => __( 'The database server vendor and version string reported by the driver.' ),
+							'examples'    => array( '8.0.34', '10.11.6-MariaDB' ),
+						),
+						'wp_version'     => array(
+							'type'        => 'string',
+							'description' => __( 'The WordPress core version running on this site.' ),
+						),
+					),
+					'additionalProperties' => false,
+				),
+				'execute_callback'    => static function (): array {
+					global $wpdb;
+
+					$env          = wp_get_environment_type();
+					$php_version  = phpversion();
+					$db_server_info  = '';
+					if ( isset( $wpdb ) && is_object( $wpdb ) && method_exists( $wpdb, 'db_server_info' ) ) {
+						$db_server_info = $wpdb->db_server_info() ?? '';
+					}
+					$wp_version   = get_bloginfo( 'version' );
+
+					return array(
+						'environment'    => $env,
+						'php_version'    => $php_version,
+						'db_server_info' => $db_server_info,
+						'wp_version'     => $wp_version,
+					);
+				},
+				'permission_callback' => static function (): bool {
+					return current_user_can( 'manage_options' );
+				},
+				'meta'                => array(
+					'annotations'  => array(
+						'readonly'    => true,
+						'destructive' => false,
+						'idempotent'  => true,
+					),
+					'show_in_rest' => true,
+				),
+			)
+		);
+	}
+}

includes/bootstrap.php

@@ -41,6 +41,20 @@
 	require_once __DIR__ . '/abilities-api.php';
 }
 
+// Load core abilities class.
+if ( ! class_exists( 'WP_Core_Abilities' ) ) {
+	require_once __DIR__ . '/abilities/class-wp-core-abilities.php';
+}
+
+// Register core abilities category and abilities when requested via filter or when not in test environment.
+// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound -- Plugin-specific hook for feature plugin context.
+if ( ! ( defined( 'WP_RUN_CORE_TESTS' ) || defined( 'WP_TESTS_CONFIG_FILE_PATH' ) || ( function_exists( 'getenv' ) && false !== getenv( 'WP_PHPUNIT__DIR' ) ) ) || apply_filters( 'abilities_api_register_core_abilities', false ) ) {
+	if ( function_exists( 'add_action' ) ) {
+		add_action( 'abilities_api_categories_init', array( 'WP_Core_Abilities', 'register_category' ) );
+		add_action( 'abilities_api_init', array( 'WP_Core_Abilities', 'register' ) );
+	}
+}
+
 // Load REST API init class for plugin bootstrap.
 if ( ! class_exists( 'WP_REST_Abilities_Init' ) ) {
 	require_once __DIR__ . '/rest-api/class-wp-rest-abilities-init.php';