Economic Firewall Readiness Grader
Grade whether your agent/API stack can handle autonomous spend: identity, request-path budgets, MCP tool costs, revocation, delegation, audit, routing, and L402 robot payments.
Can you attribute every API/tool call to tenant, agent, workflow, delegated sub-agent, token, route, and model?
Can you block or route requests before they exceed per-agent, per-session, per-tool, daily, or per-request budgets?
Do MCP tool calls have prices, spend caps, risk tiers, and audit trails before tools execute?
Can you revoke or narrow an agent capability before the next request without rotating global API keys?
When agents spawn sub-agents, does delegated authority shrink by budget, scope, tool list, route, and expiry?
Can finance/security/platform teams reconstruct who spent what, why it was allowed, and which policy decided?
Can routine agent work route to cheaper providers while premium models require budget or justification?
If external agents call your APIs, can you charge them per request with L402 before access is unlocked?
Not ready for autonomous spend
This is static-key/dashboard territory. Put governance in the request path before scaling agents.
Priority fixes
Start in Observe mode and require agent/workflow metadata on every request before optimizing spend.
Move high-risk routes from dashboard-only monitoring to request-path Control policy.
Proxy MCP traffic and assign explicit costs to search, browser, cloud, code, data, and premium API tools.
Replace broad keys with scoped, expiring capabilities and immediate kill switches.
Require attenuation: child agents should inherit less power, not a copy of parent credentials.
What the grader measures
Authority
Agent identity, scoped credentials, expiry, attenuation, and revocation.
Spend control
Request-path budgets, per-tool caps, model routing, and loop prevention.
Evidence
Audit trails that explain every cost, policy decision, route, and outcome.
Commercial readiness
Observe, Control, and Charge paths for internal agents and robot customers.
Move weak areas into request-path control
SatGate is the economic control plane for AI agents: Observe what agents spend, Control risky requests before they execute, and Charge robot customers with L402 when APIs become products.