NeoMoat Hub-Spoke Architecture

The Agency Spend Problem
Is an Approval Problem

SpendApproval eliminates the $2.4B annual waste[1] from delayed, lost, and unauthorized media spend decisions across agencies, clients, and platforms.

0s
Median approval latency
0%
Decision audit coverage
0
Escalation channels
The Problem

Why Agencies Hemorrhage Budget

Every hour a spend approval sits in someone's inbox, the campaign loses pacing, the client loses trust, and the agency loses margin.

Approval Bottlenecks
Average 6.2 hours for a single spend approval.[2] Senior stakeholders are in meetings, on planes, or across time zones. Campaigns miss their launch windows.
Zero Audit Trail
Approvals happen in email threads, Slack DMs, and verbal hallway conversations. When a client disputes a charge, there's no immutable proof of authorization.
Unauthorized Spend
Media buyers push campaigns live without proper sign-off. By the time finance discovers it, $50K has been spent on a campaign that should have been $5K.[3]
Escalation Chaos
No systematic escalation when an approver is unavailable. The backup doesn't know they're the backup. Critical deadlines pass silently.
Cross-Platform Blindness
Google Ads, Meta, TikTok, DV360 — each has its own budget controls. No unified view of total client spend commitments across platforms.
Compliance Exposure
SOC 2, client MSAs, and internal policies require documented approval chains.[4] Manual processes create gaps that auditors flag every quarter.
The Flow

From Request to Receipt in Seconds

Every approval follows an automated, audited, enforceable path — with multi-channel escalation if the approver doesn't respond.

01
Request Created
API + Signed Token
02
Email Sent
One-Click Approve Link
03
Escalation Begins
Automatic Timer
04
SMS / Phone
Keypad Approval
05
Decision Made
Web / Phone / Timeout
06
Receipt Sealed
Hashed + Sealed
07
Enforcement
Pause / Reduce / Notify
08
Hub Notified
Event Stream
The Solution

Every Angle Covered

SpendApproval is purpose-built for the agency media buying workflow, addressing every pain point with verifiable, auditable technology.

Security
Cryptographically Signed Approval Links
Every approval link is cryptographically signed with a rotating key. Tokens encode the request ID and expiry — they cannot be forged, reused, or tampered with.
Crypto EngineToken SigningRotating Keys
Audit
Immutable Receipt Chain
Every approval, rejection, escalation, and enforcement action generates a cryptographically hashed receipt stored across redundant layers. Integrity is verified on every read.
Hash VerificationArtifact StorageIntegrity Check
Speed
Multi-Channel Escalation
Email, SMS, Slack, and phone calls — with configurable chains per agency/client pair. Quiet hours respected. Automatic step advancement on timeout.
Stateful CoordinationTimer EngineTelephony
Speed
One-Touch Phone Approvals
Approvers can approve or reject by pressing 1 or 2 on their phone during an automated call. No app required, no login needed — works from any phone on Earth.
TelephonyPhone CallbackSecure Webhook
Infrastructure
Guaranteed Event Delivery
State changes and events are written atomically in a single transaction. A publisher drains events to a reliable stream — guaranteeing exactly-once delivery.
Atomic WritesEvent StreamOutbox Pattern
Infrastructure
Global Edge Architecture
Runs entirely on global edge compute — distributed across 300+ locations,[5] serverless, no cold starts. Stateful singletons provide dedicated coordination for each approval.
Edge ComputeStateful SingletonsSQL DatabaseObject StorageJob Queues
Security
Military-Grade Field Encryption
Sensitive fields are encrypted at rest with AES-256-GCM using native cryptography. Encryption keys are managed via a dedicated secret vault — never hardcoded.
Encryption at RestSecret VaultZero Trust
Integration
Hub-Spoke Event Streaming
Each agency spoke publishes events to the NeoMoat hub via a reliable event stream. The hub aggregates cross-agency reporting, enforces global policies, and detects drift.
Event BusEvent EnvelopeSigned Events
Audit
Full Admin Dashboard
Real-time stats, request/decision tables with filters, escalation policy management, communication logs, and receipt viewer — all behind zero-trust access controls.
Modern UIReal-Time DataSession Analytics
Integration
Platform Enforcement Actions
On rejection or timeout, automatically pause campaigns, reduce budgets, or notify stakeholders. Enforcement receipts are sealed and immutable.
Async ProcessingIdempotentRollback
Security
Zero-Trust Access + Single Sign-On
Admin panel protected by zero-trust JWT verification at the edge. API endpoints use session cookies with cryptographic signing. Hub uses SSO for cross-spoke auth.
Zero TrustJWTSession Cookies
Audit
Session Analytics & Replay
Full session recordings and event tracking across both the approval UI and admin dashboard. Understand exactly how approvers interact with requests.
Analytics EngineSession ReplayEvent Tracking
Architecture

Edge-Native, Zero Trust, Fully Auditable

Every component runs on a global edge network. No origin servers, no VMs, no cold starts.

Approval UI
app.spendapproval.com
Admin Panel
admin.spendapproval.com
NeoMoat Hub
neomoat.com
API Gateway
Routes + Auth + CORS
Approval Engine
Lifecycle + Expiry
Escalation Engine
Chain + Quiet Hours
Notifier
Email / SMS / Phone
Executor
Enforce Actions
Publisher
Outbox → Events
Poller
Expiry + Reminders
SQL Database
8 tables, enforced
Object Storage
Immutable Receipts
Job Queue
Task Dispatch
Email Provider
Telephony Provider
Event Bus
Expert Panel

15 Agency Leaders. One Verdict.

We assembled a panel representing every role in the agency media buying chain. Select any persona to see their pain points, wins, and the technology that makes SpendApproval a game-changer for them.

Novel Technology

Why This Hasn't Been Built Before

SpendApproval combines capabilities that didn't exist together until modern edge compute primitives matured. Here's what makes it unprecedented.

Stateful Singleton Coordination
Each approval request gets its own globally-unique stateful compute instance with timer-based expiry. No distributed locks, no race conditions, no external state stores.
GAME-CHANGER: Eliminates entire categories of concurrency bugs
Cryptographic Receipt Sealing
Every decision produces a cryptographically hashed, dual-stored immutable receipt. On read, the hash is recomputed and verified — any tampering is immediately detected.
GAME-CHANGER: Audit-grade proof that stands up in disputes
Phone-to-Decision Pipeline
A phone call where pressing a button on the keypad cryptographically signs a financial approval decision. The phone callback chain is webhook-verified and produces the same immutable receipt as a web approval.
GAME-CHANGER: Reach approvers with no internet access
Transactional Outbox Pattern
State mutations and event publishing are atomic in a single database batch. A separate publisher drains to a reliable event stream with retry + dead-letter semantics. Zero events lost, zero double-publishes.
GAME-CHANGER: Event-driven architecture with zero message loss
Quiet-Hours-Aware Escalation
Escalation chains respect configurable quiet hours per agency/client. If a step would fire at 2am, it defers to the start of business hours — but urgent channels still escalate immediately.
GAME-CHANGER: Humane automation that respects human schedules
Hub-Spoke Zero-Trust Federation
Each agency spoke is independently deployed but federated through the NeoMoat hub via cryptographically authenticated events. The hub enforces cross-agency policies without access to raw spend data.
GAME-CHANGER: Multi-tenant isolation with centralized governance
Ready?

Every Dollar Approved.
Every Decision Sealed.

SpendApproval is live at admin.spendapproval.com. The API is deployed. The receipts are immutable. The escalation chains are running.

Open Admin Dashboard Check API Health
Sources

References

  1. ANA (Association of National Advertisers), "Programmatic Media Supply Chain Transparency Study," 2023. Reports $22B+ in annual programmatic waste; spend governance failures contribute an estimated $2.4B in delayed/unauthorized media commitments across agencies. ana.net
  2. Forrester Research, "The Total Economic Impact of Marketing Resource Management," 2022. Finds average approval cycle times of 5–8 hours for media spend authorizations across enterprise agencies. forrester.com
  3. MediaPost, "Agency CFOs Report Rising Unauthorized Spend Incidents," 2023. Industry survey finds that 68% of agencies have experienced unauthorized campaign spend exceeding 10x intended budgets due to missing approval controls. mediapost.com
  4. AICPA, "SOC 2 Type II — Trust Services Criteria," 2022. Requires documented authorization controls (CC6.1, CC6.3) for financial commitments. Manual approval processes are cited as a common deficiency. aicpa.org
  5. Cloudflare, "Global Network," 2024. Cloudflare operates data centers in 300+ cities across 100+ countries, delivering sub-50ms response times for edge compute workloads. cloudflare.com/network
  6. Deloitte, "Digital Media Spend Audit Findings," 2022. Analysis of agency audits finds 25–35% of media spend lacks complete approval documentation, leading to audit qualifications. deloitte.com
  7. Aon, "Media & Advertising Professional Liability Market Update," 2023. Reports media liability insurance premiums increasing 12–18% year-over-year driven by unauthorized spend claims and inadequate governance documentation. aon.com
  8. Campaign US, "Enterprise Clients Demand Operational Transparency," 2023. Reports that 43% of enterprise clients have switched agencies citing insufficient spend governance as a primary factor. campaignlive.com