MCP (Model Context Protocol) is becoming the standard way AI agents interact with tools. But MCP has no built-in concept of cost. A tools/call request to a cheap lookup function and a $2 code execution tool look identical at the protocol level. This guide shows how to add economic governance to any MCP server.
The Problem with Unmetered MCP
When you connect an AI agent to MCP servers, the agent can call any tool it has access to, as many times as it wants. There's no protocol-level mechanism for:
- Assigning costs to different tool calls
- Tracking cumulative spend per agent
- Enforcing a budget ceiling
- Attributing costs to teams or departments
- Delegating budget from a parent agent to sub-agents
Most MCP gateways solve the connectivity problem — routing, auth, discovery. But connectivity without cost control is like an open highway with no toll booths. Traffic flows, but nobody's tracking who owes what.
Step 1: Define Per-Tool Costs
The first step is mapping tool calls to costs. SatGate's MCP proxy lets you define a cost profile with per-tool pricing:
# MCP Cost Profile
mcp:
costProfile:
defaultCostCredits: 1
tools:
- name: "web_search"
costCredits: 2
- name: "code_execute"
costCredits: 10
- name: "file_read"
costCredits: 1
- name: "database_query"
costCredits: 5
- name: "send_email"
costCredits: 3
- name: "*_premium"
costCredits: 20 # wildcard matchingWildcard matching (*_premium) lets you price tool families without listing every variant. Any tool not matched gets thedefaultCostCredits.
Step 2: Mint Tokens with Budgets
Agents authenticate with capability tokens (macaroons) that carry their budget as a cryptographic caveat:
# Mint a token with 500-credit budget satgate mint \ --agent "research-bot" \ --budget 500 \ --scope "/mcp/*" \ --expiry 24h \ --cost-center "engineering" # Token carries: # budget_total_credits: 500 # scope: /mcp/* # cost_center: engineering # expires: 2026-03-06T07:00:00Z
The budget is embedded in the token itself. The gateway doesn't need a database lookup to know the ceiling — it reads the caveat. Spend tracking uses a lightweight ledger (Redis-backed by default).
Step 3: Agent Sees Its Own Budget
SatGate injects economic metadata into the MCP tools/list response, so agents can make cost-aware decisions:
// tools/list response (with SatGate metadata)
{
"tools": [
{
"name": "web_search",
"description": "Search the web [SatGate: 2 credits per call]",
"x-satgate": {
"cost_credits": 2,
"budget_remaining": 487,
"calls_affordable": 243
}
}
]
}Smart agents can use this metadata to choose cheaper alternatives when budget is low, or batch operations to minimize calls.
Step 4: Enforce at the Gateway
When an agent makes a tools/call, the MCP proxy intercepts the JSON-RPC message, looks up the tool cost, checks the agent's remaining budget, and either:
Forwards the request if budget is sufficient (deducts the cost from the ledger)
Returns a budget error if the agent has exceeded its cap — with remaining balance and cost in the error payload
This happens at the proxy layer, before the request reaches your MCP server. Your tools don't need any changes.
Step 5: Delegation Trees
In multi-agent systems, a coordinator agent often delegates tasks to specialist agents. With macaroon-based delegation, the coordinator can mint sub-tokens from its own token:
# Coordinator has 500 credits # Delegate 100 to research-agent satgate delegate \ --from <coordinator-token> \ --to "research-agent" \ --budget 100 \ --scope "/mcp/search*" # Delegate 200 to code-agent satgate delegate \ --from <coordinator-token> \ --to "code-agent" \ --budget 200 \ --scope "/mcp/code*" # Coordinator keeps 200 for itself # Total across tree: still ≤ 500
The parent's budget is the ceiling. Sub-agents can never collectively exceed what was delegated. If you revoke the parent token, the entire tree is instantly invalidated.
Step 6: Monitor and Attribute
Every tool call generates an event with full attribution:
- Agent identity: which agent made the call
- Tool name: which tool was invoked
- Cost: credits charged
- Budget remaining: after this call
- Cost center: department/team tag
- Delegation chain: full path from root to leaf agent
The SatGate dashboard aggregates this into a Shadow Report — showing spend by agent, by tool, by team, with trends over time. Start in Observe mode to see the data, then switch to Control when you're ready to enforce.
MCP Budget Enforcement FAQ
What is MCP budget enforcement?
MCP budget enforcement prices each MCP tool call, assigns an agent or workflow budget, checks remaining budget before the tool executes, and blocks or downgrades calls that would exceed the limit.
How do you set per-tool MCP costs?
Set a default cost for ordinary MCP tools, then override expensive tools with explicit prices or wildcard rules. The gateway resolves the tool cost before each tools/call request and deducts it from the agent budget atomically.
Where should MCP budget checks happen?
Budget checks should happen in the request path, before the MCP server executes the tool. Dashboards and alerts are useful for reporting, but they cannot stop runaway tool calls after an autonomous agent has already spent the money.
Can MCP budget enforcement hard-cap specific expensive tools?
Yes. MCP budget enforcement can assign higher prices, stricter daily caps, approval requirements, or deny rules to expensive tools such as code execution, web search, database queries, or deployment actions.
Quick Start
Get MCP budget enforcement running in 5 minutes:
# 1. Install
go install github.com/SatGate-io/satgate@latest
# 2. Configure (mcp-proxy.yaml)
listen: :8080
admin:
separateListener: :9090
routes:
- path: /mcp/*
upstream: http://your-mcp-server:3000
policy:
kind: control
control:
enforceBudget: true
budgetMode: request_path
mcp:
costProfile:
defaultCostCredits: 1
tools:
- name: "expensive_tool"
costCredits: 10
# 3. Run
satgate -config mcp-proxy.yaml
# 4. Mint a token
curl -X POST http://localhost:9090/admin/mint \
-d '{"agent":"my-bot","budget_total_credits":100}'
# 5. Connect your agent to localhost:8080/mcpTry it live
See MCP budget enforcement in the interactive sandbox — no setup required.
Generate an MCP budget policy
Turn this guide into copyable policy: price MCP tools, set per-agent budgets, and generate proxy config for Cursor, Claude, OpenClaw, or custom clients.