Governed ability
Create user
aafm/create-user Guarded write
Create a new user with the site default role (never a caller-chosen role). Requires the create-users capability. Off by default.
How it is governed
The same model as every ability in the plugin, stated for this one.
- Off until you enable it
Like every ability, Create user ships switched off. You turn it on one at a time, and an update never widens access on its own.
- Guarded write
Writes stay conservative, and the plugin re-checks the capability before the call runs.
- Capability gated
A connection only sees Create user if the user you connected can run it, and the plugin checks that capability again before it executes.
- Every call audited
The call is written to the log in your own database, denials included, with the argument keys but never the values.
- It can delete
This ability can delete. Where WordPress supports it, items go to Trash and can be restored, and the last administrator can never be removed.
See it in action
An illustrative run. Your real calls and data stay on your own site.
Try it with a prompt
Example requests you could paste to your agent.
Create a new user for Jordan Lee with the email jordan@example.com.
Add a site account for our new writer using the address writer@example.com.
Set up a user for Priya at priya@example.com so she can be added to posts later.
These are illustrative example prompts. The agent runs them as the user you connected, checked against that user's capabilities and written to your audit log.
Frequently asked
Short answers for Create user.
Can the agent choose an administrator role for the new user?
No. New users are always created with the site default role, never a role the caller picks, so an agent cannot mint itself an admin account. It requires the create-users capability and is off by default.
This creates a real person account. How is that controlled?
Creating a user is treated as a sensitive write: it is capability-gated, off until an administrator enables it, and each creation is recorded in the plugin audit log with the acting user.
Governed by default, from the first call.
Create user is off until you enable it, scoped to the user you connect, and logged like everything else. Turn on only what you need.
Every ability off until you enable it, capability-gated on every call.