MCP Gateway for Agent Governance and Evidence Packs
SatGate sits between AI agents — Claude, Hermes, Ollama, Cursor, OpenClaw, or custom MCP clients — and the tools they want to call. Every MCP request is checked for authority, budget, tenant, tool scope, and delegation before execution — then preserved as Evidence Pack proof.
MCP connection is not MCP governance
MCP makes tools reachable. It does not answer whether this agent, tenant, budget, delegation chain, or tool call should be trusted right now. That missing decision point is where runaway spend, cross-tenant mistakes, and unauditable agent actions sneak in.
SatGate turns the MCP gateway into a Zero Trust policy enforcement point for agents: authority before execution, receipt after every action, and Evidence Pack proof when a security, platform, finance, or buyer team asks what happened. That is Policy-to-Proof applied to MCP.
The governed MCP request path
Observe, Control, Prove MCP tool use
The point is not just to connect agents to tools. The point is to prove what happened, stop what should not happen, and preserve receipts for what was allowed or denied.
Capture MCP tool receipts
Preserve a receipt for each MCP call with tenant, principal, agent, token, client, server, tool, budget, workflow, and Evidence Pack linkage.
Control access and budgets
Enforce scoped capabilities, tool allowlists, MCP budget enforcement, spend caps, tenant isolation, delegation depth, expiry, and next-request revocation before execution.
Produce MCP Evidence Packs
Record the agent, tool, policy version, decision, budget state, delegation chain hash, receipt ID, and outcome so MCP activity can be reviewed as proof.
Downloadable templates
MCP policy templates teams can start from
Evidence Pack sample
Sample MCP Evidence Pack showing the receipt fields buyers expect after allow, deny, budget, tenant, and delegation decisions.
Download JSON →Spend caps
Per-session, per-agent, per-tool, and per-tenant MCP budget enforcement with fail-closed spend controls.
Download YAML →Tool allowlists
Default-deny MCP tool access by tenant, principal, agent, server, risk tier, and explicit tool scope.
Download YAML →Tenant isolation
Tenant-bound credentials, budgets, ledgers, MCP servers, and Evidence Packs without trusting client-supplied tenant headers.
Download YAML →Delegation depth
Macaroon-style delegation ceilings, child-budget attenuation, parent revocation, and receipt-ready chain hashes.
Download YAML →Verified MCP-compatible path
Claude, Hermes, and Ollama get scoped MCP authority — not standing authority
SatGate’s verification uses an MCP-compatible stdio client path: initialize, list tools, call an allowed tool, attempt expensive work until the budget blocks, and preserve the decision transcript as proof. Claude, Hermes, Ollama, and other agents route through MCP clients or wrappers; the governance boundary is the MCP call path, not the model vendor.
Claude Desktop / Claude Code
MCP stdio config points the client at satgate-mcp before the upstream server.
Verified MCP-compatible path: allowed web_search call, budget-exhausted code_execute denial, Evidence Pack-style decision transcript.
Ollama agent wrapper
Local Ollama agents use an MCP-capable wrapper that speaks stdio or SSE to SatGate.
Same protocol path: list tools, call allowed tool, burn budget, receive denial before upstream execution.
Hermes agent runtime
Hermes agents running through an MCP client receive no standing tool authority; SatGate grants scoped calls per policy.
The sample Evidence Pack shows the receipt fields that bind tenant, agent, tool, policy digest, budget ID, decision reason, and remaining credits.
SaaS MCP is Fly-hosted
Use SaaS MCP when the buyer wants fast onboarding, managed runtime, and immediate MCP call receipts without operating infrastructure.
Hybrid MCP is Hetzner-hosted
Use Hybrid MCP when regulated environments need dedicated runtime boundaries, stronger operational control, and deployment evidence separate from the shared SaaS plane.
MCP gateway questions
What is an MCP gateway?
An MCP gateway sits between AI agents and Model Context Protocol servers. SatGate observes tool calls, applies access policy and MCP budget enforcement, records MCP Evidence Pack receipts, and proves decisions before tools execute.
What is MCP budget enforcement?
MCP budget enforcement checks the cost of a requested tool call against a tenant, agent, session, delegation, or tool budget before the call reaches the upstream MCP server. If the budget is missing or exhausted, SatGate denies the call in the request path.
What is an MCP Evidence Pack?
An MCP Evidence Pack is the proof artifact for governed tool activity: who called which MCP tool, through which client and server, under which policy and budget, with which allow or deny decision, and what receipt proves it.
Can SatGate govern Claude, Hermes, or Ollama MCP agents?
Yes. Claude Desktop, Claude Code, Hermes, Ollama wrappers, Cursor, OpenClaw, and custom MCP-capable clients can route tool calls through SatGate. The agent gets no standing authority; SatGate grants or denies each tool call.
How is an MCP gateway different from an API gateway?
A traditional API gateway mostly routes HTTP traffic and checks identity. An MCP gateway also understands agent tool calls, capability scope, per-tool cost, budget policy, tenant isolation, delegation lineage, and Evidence Pack outcomes.
Can SatGate host MCP servers?
Yes. SatGate supports SaaS MCP for fast hosted deployment and Hybrid MCP for dedicated enterprise runtime control. The split is deliberate: SaaS MCP is Fly-hosted; Hybrid MCP is Hetzner-hosted.
Related MCP governance resources
MCP governance
Govern MCP tool calls with authority, policy, revocation, and Evidence Pack receipts.
MCP budget enforcement
Hard-cap per-tool spend before MCP tools execute.
MCP tool policy generator
Generate MCP tool cost and Evidence Pack policy.
Evidence Pack demo
See the machine-readable proof artifact.
Launch an MCP gateway agents can safely use.
Start with policy templates, enforce authority before execution, and produce MCP Evidence Pack receipts that prove what each agent was allowed or denied to do.