Free MCP proxy config generator

MCP Proxy Config Generator

Generate a starter SatGate MCP proxy config for Cursor, Claude Desktop, Claude Code, OpenClaw, or custom MCP clients with budgets, audit, revocation, and optional paid-rail context.

Generate config MCP governance

Configure the proxy

.cursor/mcp.json

{
  "mcpServers": {
    "satgate-internal-tools": {
      "command": "satgate-mcp-proxy",
      "args": [
        "--upstream",
        "stdio://internal-tools",
        "--mode",
        "control",
        "--budget-usd",
        "50",
        "--max-tool-call-usd",
        "5",
        "--audit",
        "full",
        "--on-budget-exhausted",
        "block"
      ],
      "env": {
        "SATGATE_POLICY": "internal-tools-mcp-policy",
        "SATGATE_REQUIRE_AGENT_ID": "true",
        "SATGATE_REQUIRE_TASK_ID": "true"
      }
    }
  }
}

Policy YAML

mcp_proxy:
  name: satgate-internal-tools
  client: Cursor
  config_path: .cursor/mcp.json
  upstream: stdio://internal-tools
  mode: control
policy:
  require_agent_id: true
  require_task_id: true
  session_budget_usd: 50
  max_tool_call_usd: 5
  on_budget_exhausted: block
  paid_rail: disabled
credentials:
  type: revocable_capability
  expiry_minutes: 240
  allow_delegation: false
audit:
  level: full
  include:
    - tenant_id
    - agent_id
    - task_id
    - mcp_server
    - mcp_tool
    - estimated_cost_usd
    - remaining_budget_usd
    - policy_decision
    - revocation_state

What the proxy makes governable

MCP turns tools into runtime authority. The proxy turns that authority into policy decisions before the tool runs.

Tool cost

Attach prices, budgets, and risk tiers to individual MCP tools.

Spend caps

Block or observe calls when session, tool, or per-request budgets are exhausted.

Capabilities

Require scoped, revocable, expiring authority instead of broad ambient access.

Audit

Record agent, task, server, tool, cost, budget, policy, and decision.

Revocation

Stop future tool calls when a loop, violation, or risky delegation appears.

Modes

Start in Observe, enforce in Control, and preserve paid-rail context when tools require payment.

FAQ

MCP proxy config questions

What is an MCP proxy?

An MCP proxy sits between an AI agent client and MCP servers so tool calls can be observed, audited, budgeted, denied, revoked, or governed with paid-rail context before expensive actions execute.

Why put SatGate in front of MCP servers?

MCP tools can trigger paid APIs, cloud work, searches, code agents, or sensitive data access. SatGate adds request-path economic governance around those tool calls.

Which MCP clients can use this pattern?

The proxy pattern applies to Cursor, Claude Desktop, Claude Code, OpenClaw, and custom MCP-capable clients that can route tool calls through an MCP server command or proxy.

Should an MCP proxy start in Observe or Control mode?

Start an MCP proxy in Observe mode when mapping normal tool use, then move expensive, sensitive, external, or high-volume tools into Control mode with hard budgets and revocation.

What policy should an MCP proxy enforce?

An MCP proxy should enforce agent and task identity, session budgets, per-tool cost caps, unknown-tool behavior, revocation triggers, audit fields, and optional paid-rail context before tool execution.

Put MCP tools behind an economic firewall.

SatGate lets agent teams observe, control, revoke, audit, and govern paid context for MCP tool calls in the request path — before expensive or sensitive work executes.

MCP cost control MCP tool policy generator