Back to Signal Feed
CodeTracked since May 21, 2026

Add wp-abilities-audit skill for structured plugin REST capability audits

This PR adds a new `wp-abilities-audit` skill that scans a WordPress plugin’s REST API surface and outputs a structured, machine-readable audit document describing controller inventory, capability-gate behavior, proposed abilities, and identified gaps.

wp-abilities-auditAbilities APIWordPress REST APIaudit-schema

What Happened

  • This PR adds a new `wp-abilities-audit` skill that scans a WordPress plugin’s REST API surface and outputs a structured, machine-readable audit document describing controller inventory, capability-gate behavior, proposed abilities, and identified gaps.
  • This PR adds a new `wp-abilities-audit` skill that scans a WordPress plugin’s REST API surface and outputs a structured, machine-readable audit document describing controller inventory, capability-gate behavior, proposed abilities, and identified gaps.
  • 1 evidence item attached for review.

What is Different

Before

Scattered source updates, isolated context, and manual follow-up across multiple feeds.

Now

Introduces a concrete planning artifact generator for plugin migration work: a skill-driven audit that inventories REST controllers, traces permission-gate patterns, and emits a schema-bound report (including implementation-readiness fields) that downstream agents and validators can consume consistently.

Why Track This

Why It Matters

Plugin teams adopting this can get one predictable audit document of REST behavior before implementation, so missing or incorrect capability registrations are discovered earlier and reduce late-stage surprises in Abilities API integration. Technically, the PR adds cross-linked audit schema and tracing guidance plus required readiness fields (`use_case_fit`, `side_effects`, `seed_data_needs`) to steer downstream selection between delegation and shared-service implementation shapes; continue watching for validation behavior on legacy audits and for dependency synchronization with PRs #44/#45 so the schema reference chain does not drift.

Impact

Plugin teams adopting this can get one predictable audit document of REST behavior before implementation, so missing or incorrect capability registrations are discovered earlier and reduce late-stage surprises in Abilities API integration. Technically, the PR adds cross-linked audit schema and tracing guidance plus required readiness fields (`use_case_fit`, `side_effects`, `seed_data_needs`) to steer downstream selection between delegation and shared-service implementation shapes; continue watching for validation behavior on legacy audits and for dependency synchronization with PRs #44/#45 so the schema reference chain does not drift.

What To Watch Next

  • Watch whether wp-abilities-audit becomes a repeated pattern.
  • Track follow-up changes around Structured Outputs.
  • Compare future signals against this evidence trail.
  • Re-check risk flags: legacy_audits_backward_compatibility_warning_policy, dependency_alignment_with_pr_44_and_45.
Open Topic TimelineOpen Technical EventOpen Original Sourcelegacy_audits_backward_compatibility_warning_policy / dependency_alignment_with_pr_44_and_45 / coverage_for_nonstandard_rest_layouts / enforcement_gaps_in_readiness_fields

Supporting Evidence

GITHUB PULL REQUESTHigh Trust

WordPress/agent-skills PR #46: wp-abilities-audit: add new skill for surveying a plugin's REST surface and producing a structured audit doc

The change introduces an audit workflow with a canonical schema so REST capability findings are no longer just prose notes but consistent planning artifacts.