Economic Firewall for AI Agents

Govern agent authority
before execution.

SatGate checks scoped authority, budgets, delegation, MCP tool access, and paid-rail policy before execution — then exports Evidence Packs proving every decision.

Authority before execution. Evidence after every approval, denial, spend event, delegation, and revocation.

REST · GraphQL · MCP Gateway · Sidecar · MCP Proxy Sub-ms verification
MCP · API keys · x402-aware governance Open source
hero_demo.py - Live Demo
🚗💨 EZ Pass - live metering

Agents badge in once. Every request - verified, metered, budget-enforced.

See how it works

See SatGate in Action

Agents act across tools, APIs, and paid rails. SatGate enforces policy before they act — and leaves evidence after. 30 seconds.

Govern, enforce, prove

Start with internal agents: scope authority, enforce policy at runtime, and preserve evidence. Then open external rails - on your terms.

DEFAULT PROTECTION

Cryptographic Capability Verification

Always-on for non-PUBLIC routes

Every protected route requires valid credentials (Macaroons). Capabilities, caveats, delegation, and revocation-built into the protocol, not bolted on.

✓ Capabilities + Caveats✓ Delegation chains✓ Next-request revocation✓ Tamper-evident audit

Your Agents - Govern Authority and Spend

Protected by default →

Observe (Fiat)

verify → allow → meter/log

Start here. No workflow changes. Map authority, tools, and spend before enforcing policy.

  • ✓ Audit mode - zero disruption to existing agents
  • ✓ Usage attribution by team and cost center
  • ✓ See exactly which agents, tools, and routes create risk before you change anything
  • ✓ Zero latency impact
Protected by default →

Control (Fiat402)

verify → enforce budget → allow

Now enforce it. Policy and budget caps stop agents before unauthorized work executes.

  • ✓ Real-time budget enforcement
  • ✓ Works with Stripe, ERP - no crypto required
  • ✓ Per-agent spending caps

Their Agents - Prevent Unauthorized Access

Protected by default →

Charge (external rails)

verify → payment proof → allow

Govern external agent access without making payment proof equal authorization proof.

  • ✓ Let approved agents pay or access without long-lived shared secrets
  • ✓ Preserve authority evidence above x402, L402, API-key, or enterprise billing rails
  • ✓ Per-request pricing and policy before upstream execution
  • ✓ Autonomous agents discover, pay, and leave an Evidence Pack

Why API Keys Break in Agent Chains

API keys are all-or-nothing. Delegated capability tokens let you set any budget, scope, and expiry per agent - and agents can't escalate beyond what they're given. Trust flows down, never up.

PUBLIC is the explicit opt-out for probes (/healthz), docs, and webhooks. Everything else is protected by default.

🚗💨 HOW IT WORKS

Badge in once. Fly through every gate.

Agents get a credential at startup - like mounting an EZ Pass. Every request after that flows through the gateway: verified, metered, no slowdowns.

Agent StartsK8s / AWS / OIDC
MintBadge in (once)
EZ PassCapability token
Toll GateVerify · Meter · Budget
UpstreamYour API

No identity lookups on the hot path. No per-request auth round-trips. Just cryptographic verification at wire speed.

RESEARCH ALIGNMENT

Built for the agent delegation era

Recent research on intelligent AI delegation points to a control problem we see in practice: agents need bounded authority, clear caveats, and safe ways to delegate across trust boundaries. One proposed path is attenuated capability tokens, including macaroons, that restrict what each sub-agent can access.

SatGate implements one version of that control layer.

Scoped Authority

Agents only get the permissions they need, attenuated at each delegation layer.

Budget Ceilings

Per-agent and per-route economic policy, enforced before upstream execution.

Immediate Enforcement

When limits hit, requests stop. Not after billing. Now.

We built SatGate because standing API keys and after-the-fact alerts are a bad fit for autonomous systems. The research gives useful language for a problem we were already seeing in deployed agent workflows. - Tomasev et al., 2026

Where It Fits

Three deployment modes. Drop-in. No rip-and-replace.

STANDARD

CDN / WAF
SatGate
Your API

REST, GraphQL, any HTTP endpoint

SIDECAR

Existing Gateway
Legacy traffic
SatGate
Your APIs

Route only agent traffic through SatGate

MCP PROXY

AI Agents
SatGate MCP Proxy
MCP Servers / Tools

Per-tool budgets, delegation trees

How It Works

Four steps to govern agent traffic. No code changes required.

1

Pick Your Policy

Define routes with economic policies. PUBLIC for probes/docs, protected for everything else.

routes:
  - path: /healthz
    policy: public
  - path: /v1/*
    policy: observe
  - path: /premium/*
    policy: charge
2

Apply Config

Apply when ready. Version history + audit log. Rollback if needed.

v3 (applied) ← current
v2 (available)
v1 (available)

Audit: who, when, diff
3

Point Your DNS

Use *.satgate.cloud or your custom domain. Traffic flows through SatGate.

# Your domain
api.yoursite.com
  CNAME → satgate.cloud

# Or use ours
yourapp.satgate.cloud
4

Prove What Happened

Real-time verified, denied, and metered decisions with evidence you can export.

Verified:   1,203 requests
Denied:     12,847 policy hits
Metered:    $847 usage

→ Export Evidence Pack

FAQ

Agent governance questions

What is SatGate?

SatGate is an economic control plane for internal enterprise agents. It sits in the request path to scope authority, enforce policy and budgets, prove revocation, and preserve evidence across internal APIs and paid external calls.

How does SatGate govern AI agents?

SatGate applies scoped authority, per-agent policy, revocation, and budgets before each request reaches an API or MCP tool, so unauthorized actions and expensive calls can be blocked before they happen.

What are Observe, Control, and Charge?

Observe tracks agent traffic and cost without blocking. Control enforces budgets and scoped policy for internal agents. Charge preserves authorization evidence around external paid access across L402, x402, API-key, or enterprise billing rails.