> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zerotwo.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Use Connectors with Agent Mode

> How to connect your apps so Agent Mode can act on your behalf across Gmail, GitHub, Notion, Google Drive, and more.

Agent Mode's power comes from its ability to interact with your real apps. To use Agent Mode with Gmail, GitHub, Notion, or any other service, you must first connect that app in **Settings → Connectors**.

## Setup: Connect Your Apps

<Steps>
  <Step title="Open Settings">
    Click your profile icon and select **Settings**, or navigate to `/settings`.
  </Step>

  <Step title="Go to Connectors">
    Click the **Connectors** tab in Settings.
  </Step>

  <Step title="Find the app">
    Scroll or search for the app you want to connect. Available connectors include Gmail, GitHub, Google Drive, Google Calendar, Google Contacts, Notion, Slack, Dropbox, Box, Linear, Supabase, Canva, and more.
  </Step>

  <Step title="Click Connect">
    Click the **Connect** button next to the app.
  </Step>

  <Step title="Authorize OAuth">
    Your browser redirects to the app's authorization page. Sign in and grant the requested permissions.

    Review the permission list carefully — this determines what Agent Mode can do with this app.
  </Step>

  <Step title="Return to ZeroTwo">
    After authorization, you're redirected back to ZeroTwo. The connector shows as **Connected**. Agent Mode can now use this app.
  </Step>
</Steps>

## How Agent Mode Knows Which App to Use

When writing an Agent Mode prompt, mention the app explicitly:

```
// Explicit — always the safest approach
"Using GitHub, create an issue in my 'api-service' repository..."
"In Notion, create a new page titled..."
"Via Gmail, send an email to..."
"Check my Google Calendar for tomorrow's events..."
```

If your prompt doesn't specify an app, ZeroTwo infers the most relevant connected app based on context. Being explicit is more predictable and reduces the chance of Agent Mode using the wrong app.

## Permission Model

Agent Mode uses the **OAuth scopes** you granted when you connected each app. The agent inherits your authorization — it can only do what you explicitly permitted at connection time.

| Connector type   | What the agent can do                                                          |
| ---------------- | ------------------------------------------------------------------------------ |
| **Read-only**    | Read data, retrieve information, search — but cannot create, modify, or delete |
| **Read + Write** | Full access within granted scopes: create, read, update, delete as permitted   |

The permission level is determined when you connect the app. You choose the scope during the OAuth authorization screen.

## Connector Reference

| Connector           | Agent can do                                                          |
| ------------------- | --------------------------------------------------------------------- |
| **Gmail**           | Read emails, draft messages, send emails, search inbox                |
| **Google Drive**    | Create, read, and update docs; organize folders; move files           |
| **Google Calendar** | Read events, check availability, create events, invite attendees      |
| **GitHub**          | Create issues, comment on PRs, search repos and code, create branches |
| **Notion**          | Create and update pages, search workspace, manage databases           |
| **Slack**           | Send messages, read channels, post to specific channels               |
| **Supabase**        | Query tables, insert records (if write scope granted)                 |
| **Linear**          | Create and update issues, list projects and team members              |
| **Dropbox**         | Read and upload files, create and manage folders                      |
| **Box**             | Browse and read content, upload files (if write scope granted)        |
| **Google Contacts** | Read contacts, create or update contact records                       |

<Note>
  Exact available permissions vary by connector. Some apps (e.g., GitHub) offer granular scope selection — choose which repositories to grant access to. Others grant access at the account level.
</Note>

## Minimal Permission Principle

Only grant the permissions Agent Mode actually needs for your intended use cases. Fewer permissions means a smaller impact if something goes wrong.

**Practical examples:**

* For a task that only reads your calendar → connect Google Calendar with read-only scope
* For a task that creates GitHub issues → connect GitHub with read + write issue permissions
* For a research task reading emails → connect Gmail read-only; no send access needed

This also limits the blast radius of any prompt injection attempt — an agent with read-only Gmail access cannot send emails even if manipulated by malicious content.

## Managing Connector Authorization

### Refreshing a Connector

OAuth tokens expire over time. If Agent Mode reports it can't access an app that was previously connected:

1. Go to **Settings → Connectors**
2. Find the connector showing an error or "Reconnect needed"
3. Click **Disconnect** → then **Connect** again
4. Complete OAuth authorization — this issues a fresh token

### Disconnecting a Connector

To remove an app's access from ZeroTwo entirely:

1. Go to **Settings → Connectors**
2. Click **Disconnect** next to the app
3. ZeroTwo's access is immediately revoked — Agent Mode can no longer use it

You may also want to revoke access from the app's own settings (e.g., GitHub → Settings → Applications → Authorized OAuth Apps) for complete removal.

## Safety Best Practices

* **Start read-only** — when first testing Agent Mode with a connector, grant read-only permissions. Confirm the agent reads data correctly before granting write access.
* **Use minimal permissions** — only grant the scopes the agent genuinely needs for your workflows.
* **Review before approving** — read every confirmation dialog before clicking Approve. The dialog shows exactly what will be done and to which resource.
* **Revoke when not needed** — disconnect connectors you're not actively using with Agent Mode. You can always reconnect later.

<Tip>
  For production or business-critical apps, test Agent Mode workflows in a development or staging environment before running against live data.
</Tip>
