Y0 Agents
previewModels that act — scoped tools, step ceilings, and a kernel that says no.
[ 01 ]Spec sheet
Y0 Agents is the family that crosses the line from describing work to doing it: sending the email, filing the invoice, updating the tracker, booking the slot. Everything about its design follows from taking that line seriously. An agent run executes inside an execution graph — a typed plan of steps the model proposes and the runtime enforces — and every tool the agent can touch is declared up front with an explicit scope. The trust kernel sits between intention and action: an agent holding calendar:read cannot write to your calendar no matter how convincingly it argues, and any step marked consequential (payments, external sends, deletions) can be gated on human approval. The max_steps ceiling is a hard wall, so an agent that loses the plot halts and reports rather than improvising. Every action lands in the audit log with the scope that authorized it, which means the answer to 'what did the agent actually do' is a query, not a reconstruction. The family is in preview: tool coverage across the eight lanes is still expanding, and we would rather widen the action surface slowly than explain an unscoped write after the fact.
[ 02 ]Capabilities
Tool use across calendar, documents, finance, and webhook targets
Execution-graph planning with enforced step ceilings
Scope-checked actions — the kernel blocks what the key does not grant
Human approval gates on consequential steps
Full audit trail of every action with its authorizing scope
[ 03 ]Best for
Recurring operational work — filing, scheduling, follow-ups
Workflows that need a human sign-off before the irreversible step
Teams replacing brittle RPA with traceable, scoped agents
[ 04 ]Sample request
{
"model": "y0-agent",
"prompt": "Chase the three unpaid invoices over 30 days.",
"tools": ["email.send", "finance.read"],
"approval": { "required_for": ["email.send"] },
"max_steps": 8
}