Your scenario - reducing developer rights from full admin to only what’s needed is a good fit for Endpoint Privilege Manager. You can remove local admin rights and selectively elevate specific apps, scripts, or tools.
Totally understand where you’re coming from. Community reply aims to share direction and experience rather than full support, but I’ll gladly expand a bit:
From what I’ve seen, Netwrix PolicyPak can cover most of what you’re asking.
It’s just Approval-based workflows? That’s not out of the box, but achievable with conditions via Admin Approval. Netwrix Documentation
The link I shared gives real-world examples from users who’ve implemented similar controls - worth a look for practical context.
Let us know if you’re trying something specific and hit a wall - happy to help troubleshoot.