Free capability-token policy template

Revocable Capability Token Policy Template

Generate scoped, expiring, revocable token policy for AI agents, sub-agents, MCP tools, request budgets, delegation, kill switches, receipts, and Evidence Pack evidence.

Generate policy See Policy-to-Proof

Configure the token policy

TenantTaskAgent profile

Static API keys are wrong for autonomous agents. Capabilities should be narrow, priced, time-boxed, receipt-producing, and revocable.

YAML token policy

capability_token_policy: acme-prod-ship-agent-workflow
mode: enforce
issuer: satgate-economic-firewall
subject: agent:coding-assistant
audience: repo-and-model-tools
tenant_id: acme-prod
task_id: ship-agent-workflow
risk_tier: medium
validity:
  ttl_minutes: 240
  not_before: now
  expires_at: now + 240m
scopes:
  - model:responses:write
  - mcp:repo_search:read
  - mcp:pull_request:write
budgets:
  token_lifetime_usd: 25
  per_request_usd: 0.5
  on_exhausted: revoke_and_block
delegation:
  allowed: true
  child_budget_pct: 20
  child_ttl_minutes: 60
  child_scopes_must_be_subset: true
revocation:
  revoke_on_budget_exhausted: true
  revoke_on_loop_detected: true
  revoke_on_policy_violation: true
  revoke_on_parent_revoked: true
  kill_switch: tenant:acme-prod:agents
audit:
  required_fields:
    - token_id
    - parent_token_id
    - tenant_id
    - agent_id
    - task_id
    - scope
    - estimated_cost_usd
    - remaining_budget_usd
    - revocation_state
    - policy_decision
    - decision_reason
    - policy_version
    - receipt_id
    - evidence_pack_id

JSON token policy

{
  "capability_token_policy": "acme-prod-ship-agent-workflow",
  "mode": "enforce",
  "issuer": "satgate-economic-firewall",
  "subject": "agent:coding-assistant",
  "audience": "repo-and-model-tools",
  "tenant_id": "acme-prod",
  "task_id": "ship-agent-workflow",
  "risk_tier": "medium",
  "validity": {
    "ttl_minutes": 240,
    "not_before": "now",
    "expires_at": "now + 240m"
  },
  "scopes": [
    "model:responses:write",
    "mcp:repo_search:read",
    "mcp:pull_request:write"
  ],
  "budgets": {
    "token_lifetime_usd": 25,
    "per_request_usd": 0.5,
    "on_exhausted": "revoke_and_block"
  },
  "delegation": {
    "allowed": true,
    "child_budget_pct": 20,
    "child_ttl_minutes": 60,
    "child_scopes_must_be_subset": true
  },
  "revocation": {
    "revoke_on_budget_exhausted": true,
    "revoke_on_loop_detected": true,
    "revoke_on_policy_violation": true,
    "revoke_on_parent_revoked": true,
    "kill_switch": "tenant:acme-prod:agents"
  },
  "audit": {
    "required_fields": [
      "token_id",
      "parent_token_id",
      "tenant_id",
      "agent_id",
      "task_id",
      "scope",
      "estimated_cost_usd",
      "remaining_budget_usd",
      "revocation_state",
      "policy_decision",
      "decision_reason",
      "policy_version",
      "receipt_id",
      "evidence_pack_id"
    ]
  }
}

Capability-token policy checklist

Agent tokens need economic constraints, not just authentication. These fields make authority governable before execution and proof exportable after the decision.

Scope

Bind authority to tenant, agent, task, audience, route, and MCP tool permissions.

Expiry

Use short token lifetimes and shorter child-token TTLs for delegated sub-agents.

Revocation

Revoke on budget exhaustion, loops, parent revocation, policy violation, or kill switch.

Delegation

Require child capabilities to be strict subsets with attenuated budgets and scopes.

Audit

Log token id, parent id, spend context, remaining budget, scope, revocation state, decision, receipt id, and Evidence Pack id.

Economic control

Pair identity with budgets so authentication, spend context, and proof capture happen together.

FAQ

Revocable capability token questions

What is a revocable capability token for AI agents?

A revocable capability token gives an agent narrowly scoped authority for a tenant, task, tool, budget, and time window. Unlike a static API key, it can expire, be attenuated for sub-agents, and be revoked when policy fails.

Why are capability tokens better than shared API keys for agents?

Shared API keys are broad, long-lived, and hard to revoke safely. Capability tokens bind authority to a specific agent task with budget limits, expiry, delegation rules, receipts, and Evidence Pack fields.

How does SatGate enforce these token policies?

SatGate sits in the request path as an economic firewall, checking token scope, budget, delegation, revocation state, and receipt policy before upstream model, API, MCP, or externally exposed agent access.

Turn agent authority into Policy-to-Proof evidence.

Every scoped token decision should produce a receipt that can be exported into an Evidence Pack.

Govern agent authority Create Evidence Pack trail