Operating model
Compatibility
SpendSignoff speaks MCP over Streamable HTTP with OAuth 2.1, so it works with any compliant client. These three are tested end-to-end today. The safety model is identical across all of them — approval always lives in the SpendSignoff app, never in the client.
ClaudeFull support
ChatGPTDeveloper Mode
CursorFull support
Client capability matrix
Per-client transport, scopes, and rendering.
Desktop & web. Add via Settings → Developer → Edit Config.
Streamable HTTP transport SupportedNative HTTP MCP support.
OAuth 2.1 connect SupportedBrowser OAuth handoff.
Read tools (mcp.read) SupportedFull read tool coverage.
Draft surface (mcp.draft) Supportedpropose_change returns drafts inline.
Inline diff rendering SupportedDiffs render in the chat surface.
Other clients
Any MCP client that supports Streamable HTTP and OAuth 2.1 can connect using the same config. If a client only renders text, drafts still arrive in full — you just review the diff as monospace text and approve in the SpendSignoff app as usual.
What never changes across clients
The contract is server-side.
Scopes (mcp.read + mcp.draft), the absence of an approve scope, the 24h envelope, and the audit log are enforced by the SpendSignoff server — not by the client. Switching clients changes the chat surface, never the safety guarantees.
Next
Changelog
Dated, shipped changes to SpendSignoff.