Operating model
Safety
The safety contract is the product. SpendSignoff is built so an AI can do useful work on your ad accounts without ever being able to spend on its own. Here is how that holds — not as policy text, but as enforced mechanics.
The guarantee
Draft-before-live
Every spend-affecting change is staged as a reviewable draft with a before → after diff. Drafts are inert — nothing reaches your account until you run the two-step approve control.
Propose-only (no auto-pilot in V1)
The autonomy loop proposes; it never applies. There is no scope, flag, or setting that lets SpendSignoff spend without a human approval. Approval is not an OAuth scope you can grant away.
The 24h envelope is a true ceiling
A hard daily cap on net spend change from approvals, enforced server-side. Once consumed, further approvals are blocked until the rolling window resets — not warned about, blocked.
Circuit breaker
If applied changes drift outside expected bounds — anomalous spend, repeated platform errors — the breaker trips, pauses new applies, and surfaces the incident for review.
What the AI can and cannot do
Scopes are the boundary.
Can
- Read campaigns, budgets, bids, and performance.
- Draft changes as reviewable diffs (propose_change).
- Explain its reasoning and projected impact.
Cannot
- Apply any change without your explicit approval.
- Hold an mcp.approve scope — it does not exist.
- Exceed the 24h envelope, even with your approval.
Audit & reversibility
Trust, but verify — and undo.
Every approval writes an immutable, KMS-signed audit entry: the approver, the exact diff, the projected impact, and the timestamp. Any applied change can be rolled back in one click from its recorded before-state. Nothing the operator does is opaque or one-way.
Next
Account & plans
Flat pricing, ungated reads, and the Free locked upgrade card — never a fake approve.