Google Ads MCP Server

mcp-google-ads
memory-bank

governance.md•16.2 KiB

# Governance & Autonomy Framework ## Overview This document defines how the AI agent operates within the Google Ads MCP system, including approval workflows, permission levels, and audit requirements. The goal is to enable progressive autonomy while maintaining human oversight and control. **Core Principles:** 1. The agent should be helpful and proactive, but never take irreversible or high-impact actions without explicit human approval. 2. **The agent can NEVER promote itself to a higher permission tier.** All tier changes require explicit human instruction. --- ## Permission Tiers Actions are classified into four permission tiers based on risk and reversibility: | Tier | Name | Behavior | Example Actions | |------|------|----------|-----------------| | 0 | **Read Only** | Agent can read freely | View campaigns, pull reports, read history | | 1 | **Suggest** | Agent proposes, human executes manually | Rarely used; for actions user wants to execute themselves | | 2 | **Execute with Approval** | Agent prepares action, human approves | Budget changes, new campaigns, bid adjustments, pause keywords | | 3 | **Autonomous** | Agent executes and reports | Record learnings, save report snapshots, log decisions | **Default:** Most modification actions start at **Tier 2**. The agent prepares the action and presents it for approval; upon approval, the agent executes it. ### Tier Progression Over time, actions can be promoted from Tier 2 to Tier 3 based on: - Track record of approved actions - User comfort level - Business criticality ``` Initial State Future State (Example) ───────────────── ───────────────────── Tier 2: Budget changes Tier 2: Budget changes (LOCKED) Tier 2: Bid strategy changes Tier 2: Bid strategy changes (LOCKED) Tier 2: New campaigns Tier 3: New campaigns Tier 2: Bid adjustments Tier 3: Bid adjustments (within limits) Tier 2: Pause keywords Tier 3: Pause keywords Tier 2: Add keywords Tier 3: Add keywords Tier 3: Record learnings Tier 3: Record learnings ``` **Note:** Tier 1 (Suggest Only) is available but rarely used. It's for cases where you want the agent to only recommend actions that you'll execute manually in the Google Ads UI. --- ## Action Classification ### Tier 0: Read Only (Always Allowed) These actions have no side effects and are always permitted: | Action | Description | |--------|-------------| | `list_campaigns` | View all campaigns | | `get_campaign` | View campaign details | | `list_ad_groups` | View ad groups | | `list_ads` | View ads | | `list_keywords` | View keywords | | `get_campaign_report` | Pull performance data | | `get_keyword_report` | Pull keyword metrics | | `get_search_terms_report` | View search queries | | Read any Resource | Access knowledge or memory data | ### Tier 1: Suggest Only (Human Executes) Reserved for cases where you want manual control. Rarely used as a default. | Action | Why Tier 1 | Notes | |--------|------------|-------| | (User-configured) | User prefers to execute manually | Demote any Tier 2 action to Tier 1 via config | ### Tier 2: Execute with Approval (Default for Modifications) **This is the default tier for all modification actions.** Agent prepares the action, presents it for approval, then executes upon approval. | Action | Risk Level | Can Be Promoted to Tier 3? | |--------|------------|----------------------------| | `update_campaign` (budget) | High - Financial impact | **No** - LOCKED at Tier 2 | | `change_bid_strategy` | High - Campaign behavior | **No** - LOCKED at Tier 2 | | `create_campaign` | High - Commits budget | Yes → Tier 3 | | `set_campaign_status` | High - Affects spend | Yes → Tier 3 | | `create_ad_group` | Medium - Structural change | Yes → Tier 3 | | `add_keywords` | Medium - Adds spend targets | Yes → Tier 3 (with limits) | | `update_keyword_bid` | Medium - Affects CPC | Yes → Tier 3 (within bounds) | | `pause_keyword` | Low-Medium - Reduces reach | Yes → Tier 3 | | `create_responsive_search_ad` | Medium - Creative control | Yes → Tier 3 | | `update_ad_status` | Low - Reversible | Yes → Tier 3 | ### Tier 3: Autonomous (Execute and Report) Low-risk actions the agent can perform independently: | Action | Why Autonomous | |--------|----------------| | `log_decision` | Recording only, no external effect | | `record_learning` | Recording only, no external effect | | `save_report_snapshot` | Recording only, no external effect | | `update_decision_outcome` | Recording only, no external effect | --- ## Locked Actions Some actions should **never** be promoted to Tier 3 (Autonomous) regardless of track record. They remain at Tier 2 permanently, always requiring human approval: | Action | Reason | |--------|--------| | Budget changes | Direct financial impact | | Bid strategy changes | Fundamental campaign behavior | | Account-level settings | Affects entire account | | Campaign deletion | Irreversible data loss | | Bulk operations (>10 items) | Scale of impact | These are marked as `LOCKED` at **Tier 2** - the agent can prepare and propose the action, but execution always requires your approval. --- ## Approval Workflow ### For Tier 2 Actions (Execute with Approval) ``` ┌─────────────────────────────────────────────────────────────────┐ │ APPROVAL WORKFLOW │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ 1. Agent identifies action needed │ │ │ │ │ ▼ │ │ 2. Agent prepares action with full details: │ │ • What will change │ │ • Why (rationale) │ │ • Expected impact │ │ • Rollback plan │ │ │ │ │ ▼ │ │ 3. Agent presents to user for approval │ │ │ │ │ ├──── APPROVED ────▶ 4a. Execute action │ │ │ │ │ │ │ ▼ │ │ │ 4b. Log to changelog │ │ │ │ │ │ │ ▼ │ │ │ 4c. Report result │ │ │ │ │ └──── REJECTED ────▶ 4a. Log rejection reason │ │ │ │ │ ▼ │ │ 4b. Ask for guidance │ │ │ └─────────────────────────────────────────────────────────────────┘ ``` ### For Tier 1 Actions (Suggest Only) ``` ┌─────────────────────────────────────────────────────────────────┐ │ SUGGESTION WORKFLOW │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ 1. Agent identifies action needed │ │ │ │ │ ▼ │ │ 2. Agent prepares detailed recommendation: │ │ • Proposed change │ │ • Rationale with data │ │ • Expected outcomes │ │ • Alternatives considered │ │ • Step-by-step instructions for human │ │ │ │ │ ▼ │ │ 3. Human decides whether to implement │ │ │ │ │ ├──── IMPLEMENTED ──▶ Human tells agent │ │ │ │ │ │ │ ▼ │ │ │ Agent logs decision │ │ │ │ │ └──── NOT IMPLEMENTED ──▶ Agent logs with reason │ │ │ └─────────────────────────────────────────────────────────────────┘ ``` --- ## Changelog Requirements **Every action that modifies the Google Ads account MUST be logged.** ### Required Fields | Field | Description | Example | |-------|-------------|---------| | `timestamp` | When the action occurred | `2024-01-15T10:30:00Z` | | `entity_type` | What was modified | `campaign`, `keyword`, `ad` | | `entity_id` | ID of the modified entity | `12345678` | | `action` | What was done | `create`, `update`, `pause` | | `details` | Specific changes | `{"old_bid": 1.50, "new_bid": 2.00}` | | `rationale` | Why this change was made | `"Keyword has 3.2x ROAS, increasing bid to capture more volume"` | | `approval_status` | How it was authorized | `autonomous`, `approved`, `suggested` | | `approved_by` | Who approved (if applicable) | `user` or `autonomous` | ### Changelog Entry Example ```json { "timestamp": "2024-01-15T10:30:00Z", "entity_type": "keyword", "entity_id": "kw_98765", "action": "update_bid", "details": { "keyword": "project management software", "old_bid": 1.50, "new_bid": 2.00, "match_type": "exact" }, "rationale": "Keyword has 3.2x ROAS over last 14 days, above target of 2.5x. Increasing bid to capture additional conversion volume.", "approval_status": "approved", "approved_by": "user" } ``` --- ## Autonomy Limits Even when actions are promoted to Tier 3 (Autonomous), limits apply: ### Bid Adjustments - Maximum single adjustment: ±20% of current bid - Maximum daily adjustments per keyword: 1 - Must maintain minimum bid floor set by user ### Keyword Operations - Maximum keywords added per day: 20 - Maximum keywords paused per day: 10 - Cannot pause keywords with conversions in last 7 days without approval ### Budget (Locked at Tier 2) - All budget changes require human approval before execution - Agent prepares the change and presents it; you approve or reject - Can never be promoted to Tier 3 ### Reporting Threshold - If cumulative daily changes exceed $X impact (user-defined), pause and report - Default threshold: $50/day potential spend impact --- ## Progressive Trust Model ### Critical Rule: Human Controls Tier Promotion **The agent can NEVER promote an action to a higher tier on its own.** All tier changes require explicit human instruction. - Agent may *suggest* a promotion based on track record - Agent may *report* trust signals and acceptance rates - Agent must *wait* for explicit user instruction to change tiers - User can promote, demote, or lock actions at any time ### How Autonomy Increases ``` Week 1-2: Approval Mode (Starting State) ├── All modifications: Tier 2 (Approve before execute) ├── Agent proposes, you approve └── Agent builds track record (but cannot self-promote) Week 3-4: User Reviews Performance ├── Agent reports: "add_keywords approved 95% of the time" ├── Agent may suggest: "Consider promoting add_keywords to Tier 3" ├── YOU decide whether to promote └── Agent continues at current tiers until you say otherwise Month 2+: User-Controlled Autonomy ├── You promote proven actions to Tier 3 when comfortable ├── You keep risky actions at Tier 2 ├── You can demote any action back at any time └── Agent never changes its own permissions ``` ### Trust Signals The system tracks these signals to *inform your decisions* (not to auto-promote): | Signal | What It Tells You | Agent Can... | |--------|-------------------|--------------| | Approval acceptance rate | How often you approve this action | Report the metric | | Action outcomes | Whether approved actions improved metrics | Report the trend | | Reversal rate | How often you rolled back agent actions | Report the rate | | Time since last issue | Stability of agent behavior | Report the duration | **The agent reports these signals. You decide what to do with them.** --- ## User Controls ### Configuration Options Users can configure: ```yaml governance: # Global settings default_tier: 2 # All modifications start at Tier 2 (approve before execute) require_rationale: true # Agent must explain every action # Autonomy limits (apply when actions are promoted to Tier 3) max_bid_change_percent: 20 max_daily_keyword_additions: 20 max_daily_keyword_pauses: 10 daily_spend_impact_threshold: 50 # Action overrides (override default tiers) action_tiers: add_keywords: 3 # Promote to autonomous pause_keyword: 3 # Promote to autonomous create_campaign: 1 # Demote to suggest-only (you execute manually) # Locked actions (cannot be promoted past Tier 2) locked_actions: - update_campaign_budget - change_bid_strategy - delete_campaign ``` ### Emergency Controls | Control | Effect | |---------|--------| | **Pause All** | Immediately halt all agent actions | | **Read Only Mode** | Demote all actions to Tier 0 | | **Reset Trust** | Return all actions to default tiers | | **Review Queue** | View pending approvals | --- ## Audit & Compliance ### Audit Trail The system maintains a complete audit trail: 1. **Change Log** - Every modification with full context 2. **Decision Log** - Strategic decisions with rationale 3. **Approval Log** - All approval requests and responses 4. **Session Log** - All agent sessions with actions taken ### Compliance Reports Available reports: | Report | Contents | |--------|----------| | Daily Activity Summary | All actions taken, approvals requested | | Weekly Governance Report | Tier usage, approval rates, autonomy metrics | | Monthly Audit Report | Full action history, spend impact, trust signals | ### Data Retention - Change logs: Retained indefinitely - Session logs: 90 days - Approval requests: 1 year --- ## Glossary | Term | Definition | |------|------------| | **Tier** | Permission level for an action type | | **Autonomous** | Agent can execute without human approval | | **Approval** | Human authorization before agent executes | | **Suggestion** | Agent recommends, human decides whether to implement | | **Locked** | Action permanently restricted from autonomous execution | | **Trust Signal** | Metric indicating agent reliability | | **Changelog** | Record of all account modifications |

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/bradenpan/mcp-google-ads'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

governance.md•16.2 KiB