Labsco
SatGate-io logo

SatGate

โ˜… 11

from SatGate-io

Open-source API gateway that adds budget enforcement, cost attribution, and monetization to AI agent API calls. MCP-aware with per-tool cost tracking, macaroon-based bearer tokens, L402 Lightning micropayments, and enterprise budget control (Fiat402). The economic firewall for the agent economy.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedFreeAdvanced setup

SatGate

SatGate

The Economic Firewall for AI Agents
Capabilities in ยท Receipts out ยท Rails abstracted

Go Report Card Go Reference

Why โ€ข Build โ€ข Features โ€ข Quick Start โ€ข Docs โ€ข Website โ€ข Blog


Build Agents with SatGate

SatGate's developer primitive is three calls: issue(), pay(), and verify().

import os
from satgate import SatGate

satgate = SatGate(api_key=os.getenv("SATGATE_API_KEY"))

capability = satgate.issue(
    task="research market prices",
    agent="research-agent",
    allow=["mcp:web.search", "api:prices.read"],
    budget_usd=25,
    expires_in="1h",
)

receipt = satgate.pay(
    upstream="https://api.example.com/search",
    capability=capability,
    max_usd=4.20,
)

verified = satgate.verify(receipt)
print(verified.decision, verified.evidence_pack_id)

Install today:

pip install satgate
npm install @satgate/sdk

The public packages install today; the issue/pay/verify API namespace is in private beta. Calls without private-beta access raise a structured error instead of returning fake receipts:

SatGateAuthError: This API namespace requires private beta access. Visit cloud.satgate.io/docs to request access.

Runnable examples:

  • examples/python/issue_pay_verify.py
  • examples/node/issue-pay-verify.mjs

Works with: MCP ยท OpenAI tools ยท Anthropic tools ยท LangChain ยท CrewAI ยท Raw HTTP


๐ŸŽฌ See SatGate in Action

ย ย 


โ˜๏ธ Don't want to self-host? Try SatGate Cloud

Managed SaaS โ€” zero setup, multi-tenant isolation, enterprise dashboard.
Free Observe tier. No credit card required.


The Problem

AI agents are making API calls autonomously. They spawn sub-agents, call MCP tools, and run overnight while you sleep.

Your existing stack answers: "Is this request authenticated?"

Nobody answers: "Should this agent have authority to spend, delegate, or invoke this paid resource?"

โœ“ Network Firewall    โ†’ "Can this packet enter?"
โœ“ Application Firewall โ†’ "Is this request safe?"
? Economic Firewall    โ†’ "Should this agent act, spend, or pay?"

That's the gap. SatGate fills it.

What is SatGate?

SatGate is an Economic Firewall for AI agent requests. Drop it in front of your APIs and MCP tools to enforce scoped authority, budgets, paid-rail context, and Evidence Pack receipts before agents act.

Not another routing layer. Routing gateways (Bifrost, LiteLLM, Portkey) optimize which provider handles a call. SatGate governs whether the call should happen at all based on authority, policy, budget, and paid-rail context.

Use them together:

Agent โ†’ SatGate (economic governance) โ†’ Routing Gateway โ†’ LLM Providers

Features

  • ๐Ÿ›ก๏ธ Capability Tokens (Macaroons) โ€” Cryptographic credentials with built-in caveats, delegation, and next-request revocation. Not API keys โ€” tokens that agents can safely sub-delegate.
  • ๐ŸŽฏ MCP-Aware โ€” Parses MCP JSON-RPC tool calls. Know that Agent X spent $47 on search_database and $12 on send_email โ€” not just "1,000 requests."
  • ๐Ÿ’ฐ Budget Enforcement โ€” Hard stops per agent, team, or API. When the budget hits zero, requests are blocked. Not logged. Not alerted. Blocked.
  • โšก Paid-Rail Governance โ€” Govern paid API access across L402, x402, API-key billing, and enterprise ledgers without making any one rail the control plane.
  • ๐Ÿ”’ Default-Deny โ€” All routes require valid credentials unless explicitly public. Zero Trust by design.
  • ๐Ÿš€ <50ms Overhead โ€” Lightweight Go proxy. Adds governance without adding latency.
  • ๐Ÿ“ฆ Self-Hosted โ€” Your infrastructure, your rules. Single binary, Docker, or Kubernetes.
  • ๐Ÿ”Œ Drop-in โ€” Works with any HTTP backend. REST, GraphQL, MCP servers. No code changes.

Policy Types

PolicyDescriptionUse Case
publicNo authenticationHealth checks, docs, webhooks
capabilityRequires valid MacaroonProtected API endpoints
l402Requires Lightning payment and records paid-rail contextMonetized endpoints; x402/ledger context can be preserved in Evidence Packs

How It's Different

SatGateRouting GatewaysTraditional API Gateways
Primary concernEconomic governanceProvider routingTraffic management
Budget enforcementHard caps (blocked at limit)Soft alerts onlyโŒ
MCP cost attributionPer-tool granularityโŒโŒ
Credential modelMacaroons (delegatable)API keysAPI keys / OAuth
Agent delegationSub-tokens with reduced budgetsโŒโŒ
Paid-rail governanceL402, x402, API-key billing, enterprise ledgersโŒโŒ
Works alongsideโ€”โœ… Use togetherโœ… Use together

Architecture

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚                    SatGate                        โ”‚
โ”‚                                                   โ”‚
โ”‚  Request โ†’ Route Match โ†’ Policy Check โ†’ Proxy    โ”‚
โ”‚                             โ”‚                     โ”‚
โ”‚              โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”     โ”‚
โ”‚              โ”‚              โ”‚              โ”‚      โ”‚
โ”‚          [public]    [capability]   [paid rail]  โ”‚
โ”‚          pass        verify token     verify     โ”‚
โ”‚                      check budget     payment    โ”‚
โ”‚                      log MCP tool     context    โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

Key Concepts:

  • Macaroons: Bearer tokens with embedded caveats (expiry, scope, budget, IP). Not API keys โ€” they support delegation without server roundtrips.
  • Delegation: Agent A gives Agent B a sub-token with reduced permissions and a $50 budget cap. B can't escalate.
  • MCP Parsing: SatGate reads MCP JSON-RPC payloads to attribute costs to specific tool calls, not just HTTP endpoints.
  • Paid-rail context: SatGate treats L402, x402, API-key billing, and enterprise ledgers as rails to govern around. Evidence Packs preserve which rail was involved without making the rail the product.

SDKs

LanguagePackageDocs
Pythonpip install satgateREADME
JavaScriptnpm install @satgate/sdkREADME

MCP Proxy (NEW)

SatGate now includes a native MCP proxy that governs tool calls for any MCP-compatible agent:

# Run MCP proxy with 1000-credit budget
satgate-mcp --config satgate-mcp.yaml
  • Budget enforcement: Hard 402 when agents exhaust their allocation
  • Delegation: Parent agents mint sub-agent tokens with carved budgets
  • Per-tool costs: web_search: 5, dalle_generate: 50 (wildcard patterns supported)
  • Two transports: stdio (local sidecar) or SSE/HTTP (remote multi-agent)
  • Three auth modes: none, static token, macaroon (HMAC chain)

See pkg/mcpserver/README.md for full documentation.

Documentation

โ˜๏ธ SatGate Cloud & Enterprise

Self-hosting not your thing? SatGate Cloud is the fully managed version โ€” same gateway, zero ops.

The open-source gateway handles protection, budgets, and paid-rail enforcement. SatGate Cloud adds the control plane:

  • ๐Ÿ“Š Observe โ€” Real-time dashboards, usage attribution, cost center tagging
  • ๐ŸŽš๏ธ Control โ€” Budget and policy enforcement before agent requests execute
  • ๐Ÿค– SatGate Mint โ€” Zero-touch agent provisioning (K8s, AWS, OIDC)
  • ๐Ÿข Multi-tenant โ€” Team isolation, RBAC, SSO/SCIM
  • ๐Ÿ“ Audit โ€” Tamper-evident logging, compliance exports

Start Free โ†’ (Observe mode is free, unlimited, forever)


Built with โšก by SatGate โ€” The Economic Firewall