| "network:fetch" // ctx.http is available (host-restricted via allowedHosts)
| "network:fetch:any" // ctx.http is available (unrestricted outbound — use for user-configured URLs)
| "read:content" // ctx.content.get/list available
| "write:content" // ctx.content.create/update/delete available
| "read:media" // ctx.media.get/list available
| "write:media" // ctx.media.getUploadUrl/delete available
| "read:users" // ctx.users is available
| "email:send" // ctx.email is available (when a provider is configured)
| "email:provide" // can register email:deliver exclusive hook (transport provider)
| "email:intercept" // can register email:beforeSend / email:afterSend hooks
| "page:inject"; // can register page:fragments hook (inject scripts/styles into pages)
That are the plugin capabilities. I have no clue how it could replace any serious WP plugin. Of course it's secure ;) | 