Skip to main content
Agent Mode’s power comes from its ability to interact with your real apps. To use Agent Mode with Gmail, GitHub, Notion, or any other service, you must first connect that app in Settings → Connectors.

Setup: Connect Your Apps

1

Open Settings

Click your profile icon and select Settings, or navigate to /settings.
2

Go to Connectors

Click the Connectors tab in Settings.
3

Find the app

Scroll or search for the app you want to connect. Available connectors include Gmail, GitHub, Google Drive, Google Calendar, Google Contacts, Notion, Slack, Dropbox, Box, Linear, Supabase, Canva, and more.
4

Click Connect

Click the Connect button next to the app.
5

Authorize OAuth

Your browser redirects to the app’s authorization page. Sign in and grant the requested permissions.Review the permission list carefully — this determines what Agent Mode can do with this app.
6

Return to ZeroTwo

After authorization, you’re redirected back to ZeroTwo. The connector shows as Connected. Agent Mode can now use this app.

How Agent Mode Knows Which App to Use

When writing an Agent Mode prompt, mention the app explicitly: 
// Explicit — always the safest approach
"Using GitHub, create an issue in my 'api-service' repository..."
"In Notion, create a new page titled..."
"Via Gmail, send an email to..."
"Check my Google Calendar for tomorrow's events..."
If your prompt doesn’t specify an app, ZeroTwo infers the most relevant connected app based on context. Being explicit is more predictable and reduces the chance of Agent Mode using the wrong app.

Permission Model

Agent Mode uses the OAuth scopes you granted when you connected each app. The agent inherits your authorization — it can only do what you explicitly permitted at connection time.
Connector typeWhat the agent can do
Read-onlyRead data, retrieve information, search — but cannot create, modify, or delete
Read + WriteFull access within granted scopes: create, read, update, delete as permitted
The permission level is determined when you connect the app. You choose the scope during the OAuth authorization screen.

Connector Reference

ConnectorAgent can do
GmailRead emails, draft messages, send emails, search inbox
Google DriveCreate, read, and update docs; organize folders; move files
Google CalendarRead events, check availability, create events, invite attendees
GitHubCreate issues, comment on PRs, search repos and code, create branches
NotionCreate and update pages, search workspace, manage databases
SlackSend messages, read channels, post to specific channels
SupabaseQuery tables, insert records (if write scope granted)
LinearCreate and update issues, list projects and team members
DropboxRead and upload files, create and manage folders
BoxBrowse and read content, upload files (if write scope granted)
Google ContactsRead contacts, create or update contact records
Exact available permissions vary by connector. Some apps (e.g., GitHub) offer granular scope selection — choose which repositories to grant access to. Others grant access at the account level.

Minimal Permission Principle

Only grant the permissions Agent Mode actually needs for your intended use cases. Fewer permissions means a smaller impact if something goes wrong. Practical examples:
  • For a task that only reads your calendar → connect Google Calendar with read-only scope
  • For a task that creates GitHub issues → connect GitHub with read + write issue permissions
  • For a research task reading emails → connect Gmail read-only; no send access needed
This also limits the blast radius of any prompt injection attempt — an agent with read-only Gmail access cannot send emails even if manipulated by malicious content.

Managing Connector Authorization

Refreshing a Connector

OAuth tokens expire over time. If Agent Mode reports it can’t access an app that was previously connected:
  1. Go to Settings → Connectors
  2. Find the connector showing an error or “Reconnect needed”
  3. Click Disconnect → then Connect again
  4. Complete OAuth authorization — this issues a fresh token

Disconnecting a Connector

To remove an app’s access from ZeroTwo entirely:
  1. Go to Settings → Connectors
  2. Click Disconnect next to the app
  3. ZeroTwo’s access is immediately revoked — Agent Mode can no longer use it
You may also want to revoke access from the app’s own settings (e.g., GitHub → Settings → Applications → Authorized OAuth Apps) for complete removal.

Safety Best Practices

  • Start read-only — when first testing Agent Mode with a connector, grant read-only permissions. Confirm the agent reads data correctly before granting write access.
  • Use minimal permissions — only grant the scopes the agent genuinely needs for your workflows.
  • Review before approving — read every confirmation dialog before clicking Approve. The dialog shows exactly what will be done and to which resource.
  • Revoke when not needed — disconnect connectors you’re not actively using with Agent Mode. You can always reconnect later.
For production or business-critical apps, test Agent Mode workflows in a development or staging environment before running against live data.