Approvals And Audit Logs
Daspire uses approvals to keep AI-assisted and scripted changes reviewable. Workspace administrators can choose which MCP action categories require approval from Workspace Settings > Approval.
By default, MCP clients and proposal-mode API requests create approval proposals for these categories:
- Manual sync runs
- Source changes
- Source deletion
- Destination changes
- Pipeline changes
- Connection deletion
- Reverse ETL configuration
- Reverse ETL manual runs
If an administrator disables approval for a category, MCP requests in that category execute directly when the caller has permission. Requests sent with X-Daspire-Execution-Mode: proposal still create proposals.
Approvals contain:
approval_idworkspace_idoperationstatussourceproposal
Audit logs record:
- Actor user
- Workspace
- Client source:
api,cli, ormcp - Resource type and action
- Redacted summary
- Timestamp
Secret-like values are redacted before they are written into approval proposals or audit summaries.
Approval policy changes are recorded in audit logs. MCP clients do not expose policy mutation tools, so agents cannot disable their own approval requirements through the MCP gateway.