Capabilities Reference
Capabilities are the permission contract between your plugin and the tenants who install it. Declare every capability you need. In V2 (isolated-vm runtime), undeclared access is blocked at the sandbox boundary. Over-declaring — claiming capabilities you don't use — is a review rejection reason and reduces trust with tenants.
Risk levels
Low risk — no sensitive data, no external calls. Implicit consent on install.
Medium risk — sensitive data access or external network calls. Consent dialog shown to tenant before install.
High risk — destructive or wide-scope operations. Consent dialog with explicit warning. Review requires written justification.
All capabilities
| Capability | Risk | Grants |
|---|---|---|
| content:read | Low | Read posts, pages, media metadata (title, slug, status, content) |
| content:write | Medium | Create and update posts, pages |
| content:delete | High | Permanently delete posts and pages |
| schema:read | Low | View collection schemas and field definitions |
| schema:modify | High | Add custom fields and collections to the tenant database |
| ui:sidebar | Low | Inject a sidebar widget in the admin dashboard |
| ui:post_editor | Low | Add a toolbar button or side panel to the post editor |
| ui:dashboard | Low | Add a card to the admin dashboard overview |
| ui:settings | Low | Add a section under /admin/settings |
| email:send | Medium | Send transactional emails via Resend using the tenant's sender domain |
| network:fetch | Medium | Make HTTP requests to domains declared in network_access.allowedDomains |
| members:read | Medium | Read member emails, display names, and subscription tiers |
| members:write | High | Create, update, and manage member records |
| commerce:read | Low | Read product catalog and order records |
| commerce:write | High | Create and update products and process orders |
Minimal capability principle
// Correct — declare only what you actually use
{
"capabilities": ["members:read", "network:fetch"]
}
// Wrong — grabbing extra permissions "just in case"
{
"capabilities": ["content:read", "content:write", "content:delete",
"members:read", "members:write", "network:fetch",
"email:send", "schema:read"]
}