All non-PUBLIC routes have Default Protection — cryptographic verification, caveats, delegation, revocation. Then choose your economic policy: observe (audit), control (budget), or charge (payments).
Protection is the starting state. Economics are configurable.
Layer 0 — Always-On Cryptographic Verification
Default Protection is the foundation of SatGate's security model. Every request is cryptographically verified — signatures, caveats, delegation chains. You can't turn this off. Then you choose your economic policy: observe, control, or charge.
Issues root credentials. Retains authority. Can revoke instantly.
Uses tokens. Can delegate restricted sub-tokens offline.
Receives delegated tokens. Cannot escalate beyond granted scope.
FAQ
SatGate Control protects agent API and MCP tool calls by enforcing scoped capability tokens, budgets, delegation limits, revocation, and audit policy before requests reach upstream services.
Revocable capability tokens give agents narrow, expiring authority that can be delegated safely and killed instantly without rotating global API keys or service-account credentials.
Control enforces access, budget, scope, and revocation policy for agent activity. Charge uses paid-rail context when external agents or paid agents should pay before API access is unlocked.
This demo runs against the live SatGate OSS deployment on Railway.