SatGate is the economic control plane for enterprise agents: scope authority before work starts, enforce policy at runtime, and preserve evidence after every allowed, denied, delegated, or revoked action.
The same capability chain scopes authority, enforces spend limits, preserves delegation lineage, and proves what happened whether the call stays internal or crosses into paid external access.
Your Agents (Internal)
No scoped capability → no action. SatGate decides what each agent can do, spend, delegate, and continue doing before the request reaches your API.
Their Agents (External)
Payment proves value moved. SatGate proves the agent was allowed to move it across L402, x402, API-key billing, or enterprise ledgers.
Security. Finance. Platform.
Scoped authority, enforceable limits, and audit-ready evidence for autonomous agent work.
The problem: Shared API keys and pooled model bills hide which agent, route, token, or workflow created spend.
“SatGate turns spend into evidence: who created it, which authority allowed it, which policy governed it, and where the budget stopped.”
Metrics that matter:
Attribute spend to agent, token, route, tool, and policy before finance has to reconstruct it
The problem: Agents now hold authority that used to require human approval. Security needs proof that scope, delegation, denial, and revocation actually worked.
“SatGate gives us a kill switch with evidence: the revocation receipt, the first denied call after revoke, and the authority chain that led there.”
Metrics that matter:
Prove unauthorized actions were blocked before data or spend moved
The problem: Agents are moving across internal APIs, MCP tools, and paid external rails. Governance cannot depend on which protocol the agent used.
“SatGate sits above MCP, API keys, x402, L402, and enterprise billing rails so every authority decision is recorded — payment or not.”
Metrics that matter:
One control path for internal workflows and governed external paid calls
Start with visibility, move enforcement into the request path, then export the evidence when security, finance, or audit asks what happened.
Map every agent, token, route, MCP tool, model, and workflow before enforcing policy. Observe mode builds the authority and spend picture without disrupting teams.
Enforce scoped capabilities, budgets, tenant boundaries, delegation depth, expiry, and revocation before the next request reaches an API or MCP tool.
Export mint receipts, delegation chains, spend ledgers, denial reasons, revocation proof, and paid-rail context in one Evidence Pack.
Friday afternoon, the finance-automation parent agent delegates too much authority to an invoice-reconciler worker. The worker tries to export customer data and call a paid enrichment rail outside its scope. SatGate changes the ending by denying in the request path and exporting proof.
“Just a quick test.” The invoice-reconciler worker gets broad authority: no narrow scope, no expiry, no delegation chain, no customer-data caveat.
The worker calls an unauthorized MCP export tool and a paid enrichment rail outside its invoice-matching scope. Logs exist, but nobody can prove which authority allowed it.
SatGate checks the macaroon caveats in the request path. The scope and spend checks fail, so the export never executes and the paid call never settles.
One click revokes the finance-automation parent. The invoice-reconciler child loses authority immediately, and the first post-revoke retry is denied with a signed reason.
Full Evidence Pack: who authorized the worker, what it could do, what it spent, what was denied, when authority was revoked, and the first denied call after revoke.
Turns a silent authority failure into a blocked action, a revocation receipt, and an Evidence Pack.
Govern first. Enforce before execution. Prove every decision afterward.
Real-time visibility into every agent, API call, policy decision, revocation, and dollar — with exports when proof matters.
See every active agent, capability, caveat, tenant, route, and MCP tool before authority becomes runtime risk.
Attribute every paid call to agent, token, route, tool, policy, and rail context before finance has to reconstruct it.
Track blocked scope violations, budget caveat hits, revocations, and the first denied call after revoke.
Export mint receipts, delegation chains, spend ledger entries, denial reasons, and revocation proof in one Evidence Pack.
Reuse the same invoice-reconciler lifecycle from the Evidence Pack: root policy delegates to a parent agent, then to narrower workers. Every level is scoped, budgeted, time-limited, and preserved for later proof.
Finance automation • tenant scoped • revocable
invoice:*
$10k/mo
payment:approve
$5k/mo
evidence:export
read-only
invoice:match
vendor:read
document:ocr
evidence:write
Narrower than parent
Hard spending limits
Auto-expire by policy
Sub-delegation stays inside caveats
Deploy anywhere in minutes. No JVM, no runtime, no dependency hell. One binary that runs on anything.
ghcr.io/satgate-io/gateway
Helm chart included
IaC modules ready
cloud.satgate.io
Gateway runs in your VPC. Dashboard in our cloud (or yours). Your data never leaves your infrastructure. The best of both worlds: self-hosted security, managed convenience.
Every shared internal API is now an authority surface. When agents inherit broad credentials, nobody can prove which policy allowed the action, which team owned it, or where the limit should have stopped it. Governance fails when authority is invisible.
Every internal service — databases, search indexes, ML models — now receives autonomous agent requests. SatGate makes the authority visible and enforceable before the call runs, then proves what happened afterward. It's not just usage tracking. It's policy-to-proof governance.
See which agents, teams, tools, and workflows are asking for power before you enforce limits.
Policy, caveats, budgets, and revocation run in the request path before the agent reaches the upstream service.
Every mint, delegation, paid call, denial, and revocation produces receipts that can land in an Evidence Pack.
“Stop giving AI agents standing authority.”
Give them scoped capabilities. Enforce policy before execution. Export proof after.
SatGate Mint exchanges workload identity tokens for capability-bearing macaroons. The same Mint flow works for internal calls and governed external paid calls — every grant becomes part of the Evidence Pack.
3-step flow: Mock IdP → Mint Exchange → Verified Macaroon
The same exchange you just saw works identically at scale. No secrets management. No credential rotation. Identity is the credential.
Map identity claims to budgets, scopes, and TTLs. One policy per agent class — not per agent instance.
Each agent reads its environment identity (K8s SA, IAM role, OIDC token) and exchanges it for a macaroon. One API call. No human in the loop.
Every grant, paid call, denial, delegation, and revocation produces a receipt for the Evidence Pack when you need to prove what happened.
# Agent startup (3 lines — works in any runtime)
IDENTITY=$(cat /var/run/secrets/tokens/satgate-token)
TOKEN=$(curl -s -X POST $SATGATE_MINT_URL \
-d "{\"credentials\": \"$IDENTITY\"}" | jq -r '.token')
export SATGATE_TOKEN=$TOKEN
# That's it. Agent connects through SatGate with budget-scoped access.Governance rollout kit
High-level AI governance only matters when it becomes enforceable policy: identity, budgets, scoped credentials, MCP tool limits, audit, revocation, and evidence before agents act.
Find static-key blast radius before autonomous agents inherit unlimited API access.
Score identity, budgets, MCP governance, revocation, delegation, audit, routing, and rail-aware readiness.
Generate YAML/JSON policy for per-agent budgets, MCP caps, delegation, revocation, and audit.
Treat MCP tool calls as governed events with per-tool prices, caps, denial reasons, and evidence.
FAQ
AI agent governance is the set of controls that determines which agents can call which APIs, tools, and models; how much they can spend; what authority they can delegate; and when access must be revoked. For autonomous agents, governance needs request-path enforcement, not just logs and dashboards.
An economic control plane for AI agents sits in the request path and applies scopes, budgets, delegation rules, revocation, and audit before an agent reaches an upstream API, model, or MCP tool. It turns agent activity into governed decisions with evidence.
Enterprises should govern MCP tools with per-tool budgets, scoped capability tokens, task and tenant attribution, Evidence Packs, revocation, and hard request-path policy decisions. Rate limits and dashboards are useful, but they do not replace enforcement before tool calls execute.
AI governance usually covers model risk, data policy, compliance, and human review. AI agent governance adds request-path controls for autonomous actions: scopes, budgets, delegated authority, revocation, denial reasons, spend attribution, and proof before APIs or MCP tools execute.
No. x402, L402, AgentCore Payments, Pay.sh, and related rails make it easier for agents to call paid services. SatGate is protocol-independent: it records the requesting agent, allowed action, policy basis, spend context, and evidence needed for audit, review, and control — payment or not.
We're working with enterprise teams that need scoped authority, runtime enforcement, and evidence before agents scale. Start with Observe, then move to Control and Policy-to-Proof when you're ready.
Observe first • Enforce next • Export proof when it matters