Your Tools Already Tell You What Happened. This Closes the Loop.

enterprise-search is an excellent retrieval layer — it finds things across all your connected tools and hands you a single coherent answer with source attribution. Verified against the plugin source: every command, skill and example is retrieval and synthesis, and it ships no write or send capability. Even /digest, which classifies activity into action items, decisions and mentions and draws checkboxes, mutates nothing. Enterprise Actions keeps all of that — the three retrieval skills are byte-identical and /search and /digest are retained verbatim — and adds the layer enterprise-search deliberately leaves to you: six acting agents that triage, draft, file, update, post and send, each with a deterministic safety gate. The honest one-line version: they retrieve; we close the loop.

Only within the gates, and the gates are deterministic code, not adjectives. Every write or external action is classified by reversibility, blast-radius, confidence and whether its claims are cited. Reversible, confident, fully cited actions — a label, a staged draft, a private comment, a ticket assigned to yourself — run and are logged so you can undo them. Five action classes are always held for your confirmation and never auto-fired: anything sent to an outside party, anything that overwrites a trusted record (CRM stage or forecast, closing or 'done'-marking work), commitments on someone else's behalf, numbers put in front of leadership, and bulk or destructive operations. Uncited claims, low confidence or conflicting sources are blocked or escalated with the conflict shown. Every action is written to an append-only ledger, and it never acts outside your own connector permissions. The research anchor: Gartner expects more than 40% of agentic-AI projects to be cancelled by the end of 2027, often on policy violations and cascading errors — the gate is the countermeasure.

It uses the same tool-agnostic connector model as enterprise-search — it works with whatever you have connected in each category: chat (Slack), email (Gmail), project tracker (Linear, Jira, Asana, monday.com, ClickUp), knowledge base (Notion, Confluence), customer support (Intercom), CRM (Salesforce), meeting notes (Fireflies) and analytics (Amplitude). The more sources you connect, the more of the loop it can close. Requirements: Cowork or Claude Code, and at least one connected MCP source.

No — and we are deliberate about saying so. The propose-approve-execute pattern is table stakes among the serious enterprise players: Glean ships propose-preview-approve plus an alignment check across 85+ cross-vendor actions, and Dust ships explicit read/propose/execute separation. The gate is a shared trust bar, well-built and necessary, but not a moat. What is genuinely differentiated is distribution and form-factor: nobody else ships cross-vendor acting at near-zero adoption friction, riding the Cowork seats and MCP connectors you have already authorized, built on Anthropic's own retrieval spine. Heavyweight platforms (Glean, Moveworks, Copilot Studio) need their own index, seat and admin rollout; single-vendor agents (Notion-in-Notion, Atlassian Rovo, Salesforce Agentforce, Sierra) act inside one product. Enterprise Actions is a plugin you install in minutes that acts across your whole stack.

Automated (reversible and confident, fired and logged): sorting, labelling, prioritising and routing your queue; snoozing FYIs; staging internal reply drafts; creating tickets assigned to yourself; adding private comments; detecting chat-vs-tracker drift; drafting recaps, nudges and rollups. Human confirmation required (the five hard-gated classes): sending anything to an outside party; overwriting a trusted record such as a CRM stage or forecast, or closing or 'done'-marking work; committing someone else to a task or due date; putting numbers in front of leadership in a rollup or status; and any bulk or destructive operation. Anything uncited, low-confidence or built on conflicting sources is blocked or escalated rather than guessed.

In Claude Code or Cowork: claude plugins add knowledge-work-plugins/enterprise-actions. It installs the six acting agents and their commands — /triage, /draft-reply, /meeting-to-work, /board-sync, /rollup and /crm-log — plus the retained Anthropic retrieval skills and the /search and /digest commands verbatim, the deterministic action-safety gate (lib/action_safety.py and the action-gate hook), and the append-only action ledger. Connect your tools through their MCP servers — each category has a connector slot. Without connectors, the safety gate and the loop still run so you can see the gating behaviour before you wire in live writes.

Because /digest is /rollup's passive baseline, the line has to be crisp. /digest summarizes the week for you and stops — it renders a summary and mutates nothing. /rollup synthesizes the same week across tools and metrics, drafts it in the audience's register (the way your VP or your customers like to read it), and delivers it — it posts to the channel or sends the email. The terminal post or send is the entire difference, and it is non-optional: a drafted-but-undelivered rollup is treated as an incomplete run, not a feature. And because /rollup can put numbers in front of leadership, every metric and every wide send is held for your confirmation.

Yes. Enterprise Actions is free and open source at github.com/mlobo2012/enterprise-actions. You need an active Claude Code or Cowork subscription and your existing tool connectors at their own pricing — Slack, Gmail, Linear, Notion, Salesforce and so on. There is no charge for the plugin itself. AI Heroes offers paid implementation: connector wiring, gate calibration for your risk tolerance, action-ledger and audit setup, and a crawl-walk-run rollout for teams who want a managed deployment rather than self-serve. Book a call to discuss.