MCP budget enforcement tool

MCP Tool Cost Policy Generator

Generate request-path policy for MCP tools: per-tool prices, session budgets, expensive-tool caps, denial rules, revocation behavior, and Evidence Pack receipts before agents execute paid work.

See MCP governance Read budget guide

Generated MCP policy

mcp_policy: cursor_github-tools
client: cursor
mcp_server: github-tools
mode: control
risk_profile: medium
budget:
  per_session: 8.00 USD
  per_tool_call_default: 0.25 USD
  expensive_tool_cap: 2.00 USD
tools:
  repo_search:
    decision: allow
    estimated_cost: 0.13 USD
  issue_create:
    decision: allow
    estimated_cost: 0.25 USD
  browser_search:
    decision: budget_required
    max_cost: 2.00 USD
  deploy_prod:
    decision: deny
controls:
  on_session_budget_exhausted: block
  on_tool_cost_unknown: require_budget_and_audit
  on_loop_detected: block_and_revoke_session
  on_sensitive_tool: require_explicit_policy
audit:
  include:
    - tenant
    - agent
    - client
    - mcp_server
    - tool
    - estimated_cost
    - remaining_budget
    - policy_decision
    - outcome
evidence_pack:
  required: true
  receipt_id: generated_per_tool_call
  include_paid_rail_context: true
Show JSON version
{
  "mcp_policy": "cursor_github-tools",
  "client": "cursor",
  "mcp_server": "github-tools",
  "mode": "control",
  "risk_profile": "medium",
  "budget": {
    "per_session_usd": 8,
    "per_tool_call_default_usd": 0.25,
    "expensive_tool_cap_usd": 2
  },
  "tools": {
    "repo_search": {
      "decision": "allow",
      "estimated_cost_usd": 0.13
    },
    "issue_create": {
      "decision": "allow",
      "estimated_cost_usd": 0.25
    },
    "browser_search": {
      "decision": "budget_required",
      "max_cost_usd": 2
    },
    "deploy_prod": {
      "decision": "deny"
    }
  },
  "evidence_pack": {
    "required": true,
    "receipt_id": "generated_per_tool_call",
    "include_paid_rail_context": true
  },
  "controls": {
    "on_session_budget_exhausted": "block",
    "on_tool_cost_unknown": "require_budget_and_audit",
    "on_loop_detected": "block_and_revoke_session",
    "on_sensitive_tool": "require_explicit_policy"
  }
}

What the policy should control

Per-tool economics

Attach cost to searches, browser sessions, cloud tasks, code agents, and paid APIs.

Risk actions

Block, route, revoke, or require explicit policy when unknown or sensitive tools appear.

Evidence Pack receipts

Record agent, MCP server, tool, cost, remaining budget, policy decision, outcome, and paid-rail context.

Server unchanged

Wrap governance around existing MCP servers without rewriting every tool implementation.

FAQ

MCP tool policy questions

What is an MCP tool cost policy?

An MCP tool cost policy assigns spend limits, allowed actions, risk rules, revocation behavior, and Evidence Pack receipt fields to tool calls made through Model Context Protocol.

Why do MCP tools need per-tool prices?

MCP tools can hide paid APIs, searches, browser sessions, compute jobs, or data calls. Pricing each tool lets budget enforcement happen before expensive work executes.

Can SatGate govern Cursor or Claude MCP tool use?

Yes. SatGate can sit around MCP-capable clients such as Cursor, Claude Desktop, Claude Code, OpenClaw, and custom agents to enforce budgets and audit tool calls.

What should happen when an MCP tool cost is unknown?

Unknown MCP tool costs should trigger a conservative policy action such as observe-only logging, explicit budget review, blocking, or revoking the session capability depending on risk tier.

Which MCP tools should be marked high risk?

High-risk MCP tools include browser automation, paid search, code execution, cloud write actions, data export, production deploys, premium APIs, and any tool that can spend money or change state.

MCP makes tools easy. SatGate makes them governable.

Route MCP traffic through SatGate to observe, control, and preserve Evidence Pack receipts before autonomous agents trigger paid or risky work.

Govern MCP tools Generate OpenAI budget policy