
SatGate
โ 11from SatGate-io
Open-source API gateway that adds budget enforcement, cost attribution, and monetization to AI agent API calls. MCP-aware with per-tool cost tracking, macaroon-based bearer tokens, L402 Lightning micropayments, and enterprise budget control (Fiat402). The economic firewall for the agent economy.
SatGate
The Economic Firewall for AI Agents
Capabilities in ยท Receipts out ยท Rails abstracted
Why โข Build โข Features โข Quick Start โข Docs โข Website โข Blog
Build Agents with SatGate
SatGate's developer primitive is three calls: issue(), pay(), and verify().
import os
from satgate import SatGate
satgate = SatGate(api_key=os.getenv("SATGATE_API_KEY"))
capability = satgate.issue(
task="research market prices",
agent="research-agent",
allow=["mcp:web.search", "api:prices.read"],
budget_usd=25,
expires_in="1h",
)
receipt = satgate.pay(
upstream="https://api.example.com/search",
capability=capability,
max_usd=4.20,
)
verified = satgate.verify(receipt)
print(verified.decision, verified.evidence_pack_id)Install today:
pip install satgate
npm install @satgate/sdkThe public packages install today; the issue/pay/verify API namespace is in private beta. Calls without private-beta access raise a structured error instead of returning fake receipts:
SatGateAuthError: This API namespace requires private beta access. Visit cloud.satgate.io/docs to request access.Runnable examples:
examples/python/issue_pay_verify.pyexamples/node/issue-pay-verify.mjs
Works with: MCP ยท OpenAI tools ยท Anthropic tools ยท LangChain ยท CrewAI ยท Raw HTTP
๐ฌ See SatGate in Action
ย ย
โ๏ธ Don't want to self-host? Try SatGate Cloud
Managed SaaS โ zero setup, multi-tenant isolation, enterprise dashboard.
Free Observe tier. No credit card required.
The Problem
AI agents are making API calls autonomously. They spawn sub-agents, call MCP tools, and run overnight while you sleep.
Your existing stack answers: "Is this request authenticated?"
Nobody answers: "Should this agent have authority to spend, delegate, or invoke this paid resource?"
โ Network Firewall โ "Can this packet enter?"
โ Application Firewall โ "Is this request safe?"
? Economic Firewall โ "Should this agent act, spend, or pay?"That's the gap. SatGate fills it.
What is SatGate?
SatGate is an Economic Firewall for AI agent requests. Drop it in front of your APIs and MCP tools to enforce scoped authority, budgets, paid-rail context, and Evidence Pack receipts before agents act.
Not another routing layer. Routing gateways (Bifrost, LiteLLM, Portkey) optimize which provider handles a call. SatGate governs whether the call should happen at all based on authority, policy, budget, and paid-rail context.
Use them together:
Agent โ SatGate (economic governance) โ Routing Gateway โ LLM ProvidersFeatures
- ๐ก๏ธ Capability Tokens (Macaroons) โ Cryptographic credentials with built-in caveats, delegation, and next-request revocation. Not API keys โ tokens that agents can safely sub-delegate.
- ๐ฏ MCP-Aware โ Parses MCP JSON-RPC tool calls. Know that Agent X spent $47 on
search_databaseand $12 onsend_emailโ not just "1,000 requests." - ๐ฐ Budget Enforcement โ Hard stops per agent, team, or API. When the budget hits zero, requests are blocked. Not logged. Not alerted. Blocked.
- โก Paid-Rail Governance โ Govern paid API access across L402, x402, API-key billing, and enterprise ledgers without making any one rail the control plane.
- ๐ Default-Deny โ All routes require valid credentials unless explicitly public. Zero Trust by design.
- ๐ <50ms Overhead โ Lightweight Go proxy. Adds governance without adding latency.
- ๐ฆ Self-Hosted โ Your infrastructure, your rules. Single binary, Docker, or Kubernetes.
- ๐ Drop-in โ Works with any HTTP backend. REST, GraphQL, MCP servers. No code changes.
Policy Types
| Policy | Description | Use Case |
|---|---|---|
public | No authentication | Health checks, docs, webhooks |
capability | Requires valid Macaroon | Protected API endpoints |
l402 | Requires Lightning payment and records paid-rail context | Monetized endpoints; x402/ledger context can be preserved in Evidence Packs |
How It's Different
| SatGate | Routing Gateways | Traditional API Gateways | |
|---|---|---|---|
| Primary concern | Economic governance | Provider routing | Traffic management |
| Budget enforcement | Hard caps (blocked at limit) | Soft alerts only | โ |
| MCP cost attribution | Per-tool granularity | โ | โ |
| Credential model | Macaroons (delegatable) | API keys | API keys / OAuth |
| Agent delegation | Sub-tokens with reduced budgets | โ | โ |
| Paid-rail governance | L402, x402, API-key billing, enterprise ledgers | โ | โ |
| Works alongside | โ | โ Use together | โ Use together |
Architecture
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ SatGate โ
โ โ
โ Request โ Route Match โ Policy Check โ Proxy โ
โ โ โ
โ โโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโ โ
โ โ โ โ โ
โ [public] [capability] [paid rail] โ
โ pass verify token verify โ
โ check budget payment โ
โ log MCP tool context โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโKey Concepts:
- Macaroons: Bearer tokens with embedded caveats (expiry, scope, budget, IP). Not API keys โ they support delegation without server roundtrips.
- Delegation: Agent A gives Agent B a sub-token with reduced permissions and a $50 budget cap. B can't escalate.
- MCP Parsing: SatGate reads MCP JSON-RPC payloads to attribute costs to specific tool calls, not just HTTP endpoints.
- Paid-rail context: SatGate treats L402, x402, API-key billing, and enterprise ledgers as rails to govern around. Evidence Packs preserve which rail was involved without making the rail the product.
SDKs
MCP Proxy (NEW)
SatGate now includes a native MCP proxy that governs tool calls for any MCP-compatible agent:
# Run MCP proxy with 1000-credit budget
satgate-mcp --config satgate-mcp.yaml- Budget enforcement: Hard 402 when agents exhaust their allocation
- Delegation: Parent agents mint sub-agent tokens with carved budgets
- Per-tool costs:
web_search: 5,dalle_generate: 50(wildcard patterns supported) - Two transports: stdio (local sidecar) or SSE/HTTP (remote multi-agent)
- Three auth modes: none, static token, macaroon (HMAC chain)
See pkg/mcpserver/README.md for full documentation.
Documentation
- Architecture Overview
- Quick Start Guide
- Configuration Reference
- Production Checklist
- Kubernetes Deployment
- LangChain Integration
- MCP Gateway Guide
โ๏ธ SatGate Cloud & Enterprise
Self-hosting not your thing? SatGate Cloud is the fully managed version โ same gateway, zero ops.
The open-source gateway handles protection, budgets, and paid-rail enforcement. SatGate Cloud adds the control plane:
- ๐ Observe โ Real-time dashboards, usage attribution, cost center tagging
- ๐๏ธ Control โ Budget and policy enforcement before agent requests execute
- ๐ค SatGate Mint โ Zero-touch agent provisioning (K8s, AWS, OIDC)
- ๐ข Multi-tenant โ Team isolation, RBAC, SSO/SCIM
- ๐ Audit โ Tamper-evident logging, compliance exports
Start Free โ (Observe mode is free, unlimited, forever)
Links
- ๐ satgate.io โ Website
- ๐ Blog โ Technical articles
- ๐ข Enterprise Governance โ CISO/CFO/CTO use cases
- ๐ฐ Pricing โ Free Observe tier, Pro for enforcement
- ๐ Security Model โ Architecture & compliance
- ๐งช Sandbox โ Try without signup
- ๐ ROI Calculator โ Estimate savings
- โ๏ธ Compare โ SatGate vs Zuplo, Bifrost, cloud-native
- ๐ง contact@satgate.io
Built with โก by SatGate โ The Economic Firewall
pip install satgate
npm install @satgate/sdkQuick Start
60-Second Demo
# Download the binary (macOS Apple Silicon โ see Releases for other platforms)
curl -L https://github.com/satgate-io/satgate/releases/latest/download/satgate-darwin-arm64 -o satgate
chmod +x satgate
# Start with example config (mock Lightning, auto-generated keys)
export ADMIN_TOKEN=my-secret-token
export LIGHTNING_BACKEND=mock
./satgate --config examples/gateway.yamlTry the three policies:
# 1. Public โ no auth needed
curl http://localhost:8080/health
# 2. Protected โ mint a capability token, then use it
curl -X POST http://localhost:8080/api/capability/mint \
-H "X-Admin-Token: my-secret-token" \
-H "Content-Type: application/json" \
-d '{"scope": "api:read", "duration": "1h"}'
# Use the token:
curl -H "Authorization: Bearer YOUR_CAPABILITY_TOKEN" \
http://localhost:8080/api/capability/ping
# 3. Paid โ get a payment challenge (L402 today; x402/other rails as governed context)
curl http://localhost:8080/api/microPublic โ Protected โ Paid. Three policies, one gateway; paid rails are governed context, not the product boundary.
๐ Full Quick Start Guide โ
Other Install Methods
# Docker
docker run -v $(pwd)/gateway.yaml:/etc/satgate/gateway.yaml \
-e ADMIN_TOKEN=my-secret-token -e LIGHTNING_BACKEND=mock \
-p 8080:8080 ghcr.io/satgate-io/satgate:latest
# Build from source
git clone https://github.com/satgate-io/satgate.git
cd satgate && go build -o satgate ./cmd/satgateConfiguration
version: 1
server:
listen: ":8080"
admin:
capabilityRootKey: "${CAPABILITY_ROOT_KEY}"
lightning:
provider: "${LIGHTNING_BACKEND}"
config:
connectionString: "${NWC_CONNECTION_STRING}"
upstreams:
api:
url: "http://localhost:3000"
routes:
- name: public-health
match:
pathPrefix: /health
upstream: api
policy:
kind: public
- name: protected-api
match:
pathPrefix: /api/
upstream: api
policy:
kind: capability
scope: "api:read"
- name: premium-api
match:
pathPrefix: /premium/
upstream: api
policy:
kind: l402 # paid-rail policy; use payment_context to preserve L402/x402/ledger evidence
priceSats: 100No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.
Licensed under Apache-2.0โ you can use, modify, and redistribute it under that license's terms.
License
Apache License 2.0 โ see LICENSE for details.