Spend caps + the approval gate

Reading time: 7 minutes. Hands-on time: 5 minutes. What you'll have at the end: Per-day, per-month, and per-feature spend ceilings configured. The approval gate tuned to your tolerance. Confidence that the system physically cannot spend more than you said it could.

This is the most important safety tutorial in the library. Read it before you generate ads in volume.

The two layers of cost protection

Scarif One has two independent mechanisms that gate AI spend. Either one can stop a generation. Both are on by default.

Layer 1 — The approval gate. Pauses BEFORE every AI call and asks you to confirm. Catches misclicks, runaway scripts, UI bugs, malicious actors. Per-feature, can auto-approve specific feature classes.

Layer 2 — Spend caps. Per-day and per-month £ ceilings. Hard ceiling. The budget check is wrapped around every Gemini API call — if approving the call would push you past the cap, the call doesn't happen and the system surfaces a clear "would exceed cap" error.

You can think of it like this:

• Approval gate = the brake pedal you tap before each move
• Spend caps = the guard rail that stops the car going off the cliff regardless

You want both.

Setting up spend caps

1. Dashboard nav → 💰 Spend caps (or open /spend-caps).
2. You'll see four cap sliders, plus per-feature breakdowns.

Cap 1 — Daily total

Hard ceiling on AI spend per calendar day. Resets at midnight your timezone.

Recommended starting values:

The free tier defaults to £2/day so a misclick in the dashboard never costs you more than the price of a coffee. You can raise it any time.

Cap 2 — Monthly total

Hard ceiling per calendar month. Resets on the 1st.

Recommended: ~30× your daily cap. If you set £5/day, set £150/mo. The monthly cap kicks in earlier than the daily-times-30 if you have a busy week — the system will refuse to spend on day 25 if you've already done 5 days at the cap.

Cap 3 — Per-feature caps

Below the totals, each feature has its own slider:

You don't need to fiddle with these unless you have a specific use case (e.g. you're an agency running 20 client tenants and want each to share the cap fairly). The defaults work for 90%+ of customers.

Cap 4 — Cost-per-task ceilings

Below per-feature caps, there's an "Advanced" expandable. Per-call ceiling:

• Max £0.10 per ad gen (Flash). Going past triggers a "this looks expensive — confirm?" dialog
• Max £0.50 per Pro-quality call

These default values exist so a malformed prompt that asks Gemini for 500K tokens doesn't slip past your budget. You'll never hit them in normal use.

Save

Click Save spend caps. The new caps apply immediately to the next AI call.

What auto-pause means

When you hit any cap, the system enters auto-pause for that feature.

What this looks like:

1. Every UI button that would generate (e.g. "Generate ad") shows a yellow banner: Spend cap reached for ad creatives this month. Resumes Apr 1 or raise cap.
2. The button is disabled.
3. Existing scheduled jobs (e.g. weekly Judge.me sync) continue — they don't cost AI tokens.
4. Email + push notifications fire to your account email.
5. The dashboard top-bar shows a "PAUSED" badge.

Auto-pause is per-feature. Hitting the ad-creatives cap doesn't pause email-drafting if email is below its own cap.

To unpause: raise the cap, or wait until the period rolls.

The approval gate

The approval gate works upstream of spend caps — it pauses BEFORE the budget check, so even a free AI call asks for your nod.

What it gates

By default: every AI-spend action. That includes ad generations, email drafts, image gens, voice scans, concierge runs, autonomous campaign moves, even trivial ones.

For your first week of using Scarif One: keep this aggressive. You're learning what the system does and approval interruptions are the cheapest way to find that out.

Tuning per-feature

Open /approvals → Per-feature settings:

The two you should keep gated forever:

• Image generation (cost concentration)
• Autonomous multi-step flows (action concentration — these can post to Meta, send emails, etc.)

Approving from your phone

The approval widget syncs across devices via web push.

1. Set up web push: /profile → Enable browser notifications → Allow.
2. Now any pending approval triggers a phone notification.
3. Tap the notification → opens the approval widget on your phone → tap Approve or Reject.

Useful when you're away from the computer but the autonomous campaign agent (/campaigns) wants to make a move that needs nodding.

Reading the spend dashboard

Open /admin/health for an at-a-glance view:

• This month's total — sum across all features (vs. monthly cap)
• Today's total — daily total (vs. daily cap)
• Per-feature breakdown — which feature you're spending most on
• Cost-per-output table — how much each individual ad/email/campaign cost
• 7-day trend chart — are you accelerating or coasting?

If "this month" is climbing faster than "expected" (which equals monthly_cap × (days_so_far / days_in_month)), the dashboard surfaces a yellow warning: Spend pace exceeds budget — adjust generation volume or raise cap.

What happens if you exceed cap (you can't, but here's the safety)

It's mathematically impossible to exceed your cap because:

1. Every AI call has a budgetCheck() wrapper
2. The wrapper computes the call's estimated cost from the model + token count
3. If currentSpend + estimatedCost > cap, the wrapper returns an error and the API call never fires
4. You see the error in the UI as "Spend cap reached for {feature}"

There is no race condition where two parallel requests could both pass the check and double-spend. The check is atomic — it reads the current total + writes the reservation in one step, with file-locked atomicity in self-host and a database transaction in hosted mode.

If you ever see your monthly spend exceed the cap by more than 1% (rounding errors), file a 🐛 — it's a bug we want to know about immediately.

Recommended cap sequence for a new install

Day 1:

• Daily cap: £2
• Monthly cap: £40
• Approval gate: aggressive (everything on)

End of week 1 (after ~10 ads generated):

• Daily cap: £5
• Monthly cap: £100
• Approval gate: auto-approve text-only generations, keep image gens gated

End of month 1 (when you have a feel for normal spend):

• Daily cap: ~3× your average daily spend
• Monthly cap: ~1.5× your average monthly spend
• Approval gate: per-feature based on what's actually risky for you

The point isn't to set caps so high they're decorative — it's to set them slightly above your normal use, so a runaway script is catchable but a normal busy day doesn't trigger spurious pauses.

When to raise vs. lower caps

Raise when:

• You hit a cap because of legitimate volume (e.g. a campaign launch week)
• You're adding a new tenant / brand under your account
• Per-feature is uneven and one feature got starved

Lower when:

• You consistently use less than half your cap (no point having safety you don't need)
• Your business model changed (e.g. dropped paid ads, only doing email now)
• You're letting a junior staff member operate the dashboard for the first time — drop their assigned tier's caps until you've watched their pattern

A note on the philosophy

The defaults are conservative because the worst-case for a SaaS provider is a customer churning over a surprise £200 AI bill.

Conservative caps + aggressive approval gates mean you'll never get that bill. The cost is some friction in the first week of use. We think that's the right tradeoff.

If you disagree — if you'd rather have more frictionless generation and accept the risk — you can disable the approval gate entirely (/approvals → toggle off) and raise caps to a tier you're comfortable with. The system trusts you to manage that. It just doesn't trust itself by default.

Where to next

• Tutorial 11 — The dashboard tour (now that you understand caps + approval, the rest of the dashboard makes more sense)
• Tutorial 10 — The bug widget (also a safety mechanism — file bugs as you find them)
• Tutorial 18 — Backups + disaster recovery (for self-hosted customers)