Why SpendSignoff exists
AI clients can now read an ad account, find the wasted spend, and write the fix. But moving money is the one step that should never happen on a model’s say-so. So we put a hard human gate between the draft and the dollar — and built the operator around it.
The operator that drafts and never spends
The same idea, stated the way the architecture enforces it.
An always-on operator that drafts changes — and a human who approves every one before money moves.
SpendSignoff is an MCP server. You connect it to Claude, ChatGPT, or Cursor, link a Google Ads or Meta account over OAuth, and the operator runs read-only by default. When it finds a budget to reallocate or a bid to cut, it writes a draft with the full before→after diff. Approving is a two-step arm-then-confirm control that only a signed-in human can take. The split between drafting and pushing live is not a setting — it is enforced server-side in the policy core, and the AI client is only ever issued read and draft scopes.
What we believe
Read first
Every connection starts read-only over the platform’s own OAuth. The operator looks at the account before it has any standing to change it, and reads stay free on every plan.
Propose, never spend
The AI drafts a budget shift, a bid change, a pacing fix — and stops. Going live is a separate, server-enforced step that only a signed-in human can take. There is no mcp.approve scope to mint.
Audit everything
Every read, draft, approval, push, and rollback is written to a KMS-signed append-only ledger. Entries can be appended but never edited or deleted, so the record stays tamper-evident.
Reversible by default
The prior state lives in the diff and the ledger, so an approved change rolls back in one click. The rollback is itself a signed entry — undoing a change leaves a record too.
Cheaper than a retainer
Flat, account-anchored plans — Free, Solo, Pro, Agency — instead of an agency percentage of spend. You pay for the operator, not a cut of every dollar it touches.
Your tokens stay vaulted
Platform OAuth tokens are envelope-encrypted and stored in a managed vault. They are decrypted only inside the policy core at the moment of an approved action, never returned to the model.
Where we are right now
An honest read on what ships today and what is still coming.
SpendSignoff is early. Google Ads and Meta are connected and working today; LinkedIn, TikTok, and the rest are on the build list, not the live list. We would rather two platforms that hold the safety contract end to end than six that half-do. As more platforms ship, the same propose-only gate and signed ledger apply to every one — nothing connects with a shortcut around approval.
Connect your stack
See which ad platforms and AI clients are live, and which are next on the runtime.
Run your ad accounts from your AI client
Start on the free plan, connect a Google Ads or Meta account read-only, and watch the operator draft its first change. Nothing goes live until you approve it.
Your AI can read and draft — it can never spend without your approval.