> How good is the model at composing actions?

I think you mean taking the results of one function call and putting it into another? We saw some promise but didn't heavily train for this use case in the base model. The thing we noticed with the 270m sized models, and the performance expectations of AI models in 2025, is that these size models perform best for _specific users_ when finetuned to that specific use case.

What I suggest is mocking some data either by hand or using some automated tool and finetuning in this kind of use case and using the finetuning colab setup.

> is there a way to give the model ability to scope action for example if actions are related to permissions

Permissions depend on your system architecture more than the model. The model itself just takes in tokens and outputs tokens. Permissions are defined by your security/system setup in which the model itself is running.