Knowledge base
What SpendSignoff can and cannot do
SpendSignoff is propose-only in V1. The operator reads your accounts and drafts changes; you approve them. This page is the honest boundary — the things it does today, and the things it deliberately will not do.
What it can do today
Across linked Google Ads and Meta accounts, the operator can:
- Read campaigns, ad sets, budgets, bids, and performance — ungated on every plan, including Free.
- Draft budget reallocations, bid changes, and pacing fixes as before → after diffs via
propose_change. - Explain a draft — projected impact, which entity it touches, and why the operator proposed it — before you decide.
- Roll back any approved action with one click from the KMS-signed audit log.
What it cannot do
These are deliberate boundaries, not missing features.
- Spend on its own. A draft is inert until you run the two-step approval. There is no auto-pilot in V1.
- Approve over MCP. The MCP server requests
mcp.readandmcp.draftonly — there is nomcp.approvescope. Approval lives in the SpendSignoff app, not the AI client. - Create accounts or change billing on the ad platform. It operates on accounts you already own and have linked over OAuth.
- Touch platforms that are not live. Google Ads and Meta are live today. TikTok, Microsoft, LinkedIn, and Amazon are coming soon.
Why propose-only, on purpose
An AI that can move money without a human in the loop is a liability the day it misreads a metric. So the live-change path is built around one fact: every spend-affecting action is one a person approved, with a signed record of who, what, and when.
The autonomy loop runs continuously and stages work for you. It does not skip the approval step. When TikTok, Microsoft, LinkedIn, and Amazon go live, they inherit the same gate.
The one rule that does not bend
Approve & push live → Confirm control and lands in the audit log.Next
Safety
Draft-before-live, the daily envelope, the circuit breaker, and rollback.