Back to Blog
MCPBudget EnforcementTutorial

MCP Budget Enforcement: A Practical Guide

Per-tool costs, spending caps, and real-time enforcement for MCP servers

March 5, 2026 10 min read

MCP (Model Context Protocol) is becoming the standard way AI agents interact with tools. But MCP has no built-in concept of cost. A tools/call request to a cheap lookup function and a $2 code execution tool look identical at the protocol level. This guide shows how to add economic governance to any MCP server.

The Problem with Unmetered MCP

When you connect an AI agent to MCP servers, the agent can call any tool it has access to, as many times as it wants. There's no protocol-level mechanism for:

  • Assigning costs to different tool calls
  • Tracking cumulative spend per agent
  • Enforcing a budget ceiling
  • Attributing costs to teams or departments
  • Delegating budget from a parent agent to sub-agents

Most MCP gateways solve the connectivity problem — routing, auth, discovery. But connectivity without cost control is like an open highway with no toll booths. Traffic flows, but nobody's tracking who owes what.

Step 1: Define Per-Tool Costs

The first step is mapping tool calls to costs. SatGate's MCP proxy lets you define a cost profile with per-tool pricing:

# MCP Cost Profile
mcp:
  costProfile:
    defaultCostCredits: 1
    tools:
      - name: "web_search"
        costCredits: 2
      - name: "code_execute"
        costCredits: 10
      - name: "file_read"
        costCredits: 1
      - name: "database_query"
        costCredits: 5
      - name: "send_email"
        costCredits: 3
      - name: "*_premium"
        costCredits: 20  # wildcard matching

Wildcard matching (*_premium) lets you price tool families without listing every variant. Any tool not matched gets thedefaultCostCredits.

Step 2: Mint Tokens with Budgets

Agents authenticate with capability tokens (macaroons) that carry their budget as a cryptographic caveat:

# Mint a token with 500-credit budget
satgate mint \
  --agent "research-bot" \
  --budget 500 \
  --scope "/mcp/*" \
  --expiry 24h \
  --cost-center "engineering"

# Token carries:
#   budget_total_credits: 500
#   scope: /mcp/*
#   cost_center: engineering
#   expires: 2026-03-06T07:00:00Z

The budget is embedded in the token itself. The gateway doesn't need a database lookup to know the ceiling — it reads the caveat. Spend tracking uses a lightweight ledger (Redis-backed by default).

Step 3: Agent Sees Its Own Budget

SatGate injects economic metadata into the MCP tools/list response, so agents can make cost-aware decisions:

// tools/list response (with SatGate metadata)
{
  "tools": [
    {
      "name": "web_search",
      "description": "Search the web [SatGate: 2 credits per call]",
      "x-satgate": {
        "cost_credits": 2,
        "budget_remaining": 487,
        "calls_affordable": 243
      }
    }
  ]
}

Smart agents can use this metadata to choose cheaper alternatives when budget is low, or batch operations to minimize calls.

Step 4: Enforce at the Gateway

When an agent makes a tools/call, the MCP proxy intercepts the JSON-RPC message, looks up the tool cost, checks the agent's remaining budget, and either:

Forwards the request if budget is sufficient (deducts the cost from the ledger)

Returns a budget error if the agent has exceeded its cap — with remaining balance and cost in the error payload

This happens at the proxy layer, before the request reaches your MCP server. Your tools don't need any changes.

Step 5: Delegation Trees

In multi-agent systems, a coordinator agent often delegates tasks to specialist agents. With macaroon-based delegation, the coordinator can mint sub-tokens from its own token:

# Coordinator has 500 credits
# Delegate 100 to research-agent
satgate delegate \
  --from <coordinator-token> \
  --to "research-agent" \
  --budget 100 \
  --scope "/mcp/search*"

# Delegate 200 to code-agent
satgate delegate \
  --from <coordinator-token> \
  --to "code-agent" \
  --budget 200 \
  --scope "/mcp/code*"

# Coordinator keeps 200 for itself
# Total across tree: still ≤ 500

The parent's budget is the ceiling. Sub-agents can never collectively exceed what was delegated. If you revoke the parent token, the entire tree is instantly invalidated.

Step 6: Monitor and Attribute

Every tool call generates an event with full attribution:

  • Agent identity: which agent made the call
  • Tool name: which tool was invoked
  • Cost: credits charged
  • Budget remaining: after this call
  • Cost center: department/team tag
  • Delegation chain: full path from root to leaf agent

The SatGate dashboard aggregates this into a Shadow Report — showing spend by agent, by tool, by team, with trends over time. Start in Observe mode to see the data, then switch to Control when you're ready to enforce.

Quick Start

Get MCP budget enforcement running in 5 minutes:

# 1. Install
go install github.com/SatGate-io/satgate@latest

# 2. Configure (mcp-proxy.yaml)
listen: :8080
admin:
  separateListener: :9090
routes:
  - path: /mcp/*
    upstream: http://your-mcp-server:3000
    policy:
      kind: control
      pay:
        mode: fiat402
        enforceBudget: true
mcp:
  costProfile:
    defaultCostCredits: 1
    tools:
      - name: "expensive_tool"
        costCredits: 10

# 3. Run
satgate -config mcp-proxy.yaml

# 4. Mint a token
curl -X POST http://localhost:9090/admin/mint \
  -d '{"agent":"my-bot","budget_total_credits":100}'

# 5. Connect your agent to localhost:8080/mcp

Try it live

See MCP budget enforcement in the interactive sandbox — no setup required.

Open Sandbox View on GitHub