SatGate

Open-source API gateway that adds budget enforcement, cost attribution, and monetization to AI agent API calls. MCP-aware with per-tool cost tracking, macaroon-based bearer tokens, L402 Lightning micropayments, and enterprise budget control (Fiat402). The economic firewall for the agent economy.

GitHub
<p align="center"> <img src="docs/assets/logo.png" alt="SatGate" width="120" /> </p> <h1 align="center">SatGate</h1> <p align="center"> <strong>The Economic Firewall for AI Agents</strong><br/> <em>Hard budget enforcement · Per-tool cost attribution · L402 micropayments</em> </p> <p align="center"> <a href="https://github.com/satgate-io/satgate/actions"><img src="https://github.com/satgate-io/satgate/workflows/CI/badge.svg" alt="CI Status"></a> <a href="https://goreportcard.com/report/github.com/satgate-io/satgate"><img src="https://goreportcard.com/badge/github.com/satgate-io/satgate" alt="Go Report Card"></a> <a href="https://pkg.go.dev/github.com/satgate-io/satgate"><img src="https://pkg.go.dev/badge/github.com/satgate-io/satgate.svg" alt="Go Reference"></a> <a href="LICENSE"><img src="https://img.shields.io/badge/License-Apache%202.0-blue.svg" alt="License"></a> </p> <p align="center"> <a href="#the-problem">Why</a> • <a href="#features">Features</a> • <a href="#quick-start">Quick Start</a> • <a href="#documentation">Docs</a> • <a href="https://satgate.io">Website</a> • <a href="https://satgate.io/blog/why-routing-isnt-governance">Blog</a> </p>
<div align="center">

☁️ Don't want to self-host? Try SatGate Cloud

Managed SaaS — zero setup, multi-tenant isolation, enterprise dashboard.<br/> Free Observe tier. No credit card required.

<a href="https://cloud.satgate.io"><img src="https://img.shields.io/badge/🚀_Try_SatGate_Cloud-Free-blue?style=for-the-badge" alt="Try SatGate Cloud"></a>

</div>

The Problem

AI agents are making API calls autonomously. They spawn sub-agents, call MCP tools, and run overnight while you sleep.

Your existing stack answers: "Is this request authenticated?"

Nobody answers: "Should this agent spend this?"

✓ Network Firewall    → "Can this packet enter?"
✓ Application Firewall → "Is this request safe?"
? Economic Firewall    → "Should this agent spend this?"

That's the gap. SatGate fills it.

What is SatGate?

SatGate is an Economic Firewall that enforces Economic Access Control for AI agent requests. Drop it in front of your APIs — it handles authentication, budget enforcement, cost attribution, and optional micropayments.

Not another routing layer. Routing gateways (Bifrost, LiteLLM, Portkey) optimize which provider handles a call. SatGate governs whether the call should happen at all based on budgets, policies, and cost.

Use them together:

Agent → SatGate (economic governance) → Routing Gateway → LLM Providers

Features

  • 🛡️ Capability Tokens (Macaroons) — Cryptographic credentials with built-in caveats, delegation, and instant revocation. Not API keys — tokens that agents can safely sub-delegate.
  • 🎯 MCP-Aware — Parses MCP JSON-RPC tool calls. Know that Agent X spent $47 on search_database and $12 on send_email — not just "1,000 requests."
  • 💰 Budget Enforcement — Hard stops per agent, team, or API. When the budget hits zero, requests are blocked. Not logged. Not alerted. Blocked.
  • L402 Protocol — Native Bitcoin Lightning micropayments for API monetization. Sub-cent pricing that's uneconomical on card rails.
  • 🔒 Default-Deny — All routes require valid credentials unless explicitly public. Zero Trust by design.
  • 🚀 <50ms Overhead — Lightweight Go proxy. Adds governance without adding latency.
  • 📦 Self-Hosted — Your infrastructure, your rules. Single binary, Docker, or Kubernetes.
  • 🔌 Drop-in — Works with any HTTP backend. REST, GraphQL, MCP servers. No code changes.

Quick Start

60-Second Demo

# Download the binary (macOS Apple Silicon — see Releases for other platforms)
curl -L https://github.com/satgate-io/satgate/releases/latest/download/satgate-darwin-arm64 -o satgate
chmod +x satgate

# Start with example config (mock Lightning, auto-generated keys)
export ADMIN_TOKEN=my-secret-token
export LIGHTNING_BACKEND=mock
./satgate --config examples/gateway.yaml

Try the three policies:

# 1. Public — no auth needed
curl http://localhost:8080/health

# 2. Protected — mint a capability token, then use it
curl -X POST http://localhost:8080/api/capability/mint \
  -H "X-Admin-Token: my-secret-token" \
  -H "Content-Type: application/json" \
  -d '{"scope": "api:read", "duration": "1h"}'

# Use the token:
curl -H "Authorization: Bearer <your-token>" \
  http://localhost:8080/api/capability/ping

# 3. Paid — get an L402 challenge (HTTP 402 + Lightning invoice)
curl http://localhost:8080/api/micro

Public → Protected → Paid. Three policies, one gateway.

📖 Full Quick Start Guide →

Other Install Methods

# Docker
docker run -v $(pwd)/gateway.yaml:/etc/satgate/gateway.yaml \
  -e ADMIN_TOKEN=my-secret-token -e LIGHTNING_BACKEND=mock \
  -p 8080:8080 ghcr.io/satgate-io/satgate:latest

# Build from source
git clone https://github.com/satgate-io/satgate.git
cd satgate && go build -o satgate ./cmd/satgate

Configuration

version: 1

server:
  listen: ":8080"

admin:
  capabilityRootKey: "${CAPABILITY_ROOT_KEY}"

lightning:
  provider: "${LIGHTNING_BACKEND}"
  config:
    connectionString: "${NWC_CONNECTION_STRING}"

upstreams:
  api:
    url: "http://localhost:3000"

routes:
  - name: public-health
    match:
      pathPrefix: /health
    upstream: api
    policy:
      kind: public

  - name: protected-api
    match:
      pathPrefix: /api/
    upstream: api
    policy:
      kind: capability
      scope: "api:read"

  - name: premium-api
    match:
      pathPrefix: /premium/
    upstream: api
    policy:
      kind: l402
      priceSats: 100

Policy Types

PolicyDescriptionUse Case
publicNo authenticationHealth checks, docs, webhooks
capabilityRequires valid MacaroonProtected API endpoints
l402Requires Lightning paymentMonetized endpoints

How It's Different

SatGateRouting GatewaysTraditional API Gateways
Primary concernEconomic governanceProvider routingTraffic management
Budget enforcementHard caps (blocked at limit)Soft alerts only
MCP cost attributionPer-tool granularity
Credential modelMacaroons (delegatable)API keysAPI keys / OAuth
Agent delegationSub-tokens with reduced budgets
MicropaymentsL402 Lightning-native
Works alongside✅ Use together✅ Use together

Architecture

┌──────────────────────────────────────────────────┐
│                    SatGate                        │
│                                                   │
│  Request → Route Match → Policy Check → Proxy    │
│                             │                     │
│              ┌──────────────┼──────────────┐     │
│              │              │              │      │
│          [public]    [capability]      [l402]     │
│          pass        verify token     verify     │
│                      check budget     payment    │
│                      log MCP tool     + token    │
└──────────────────────────────────────────────────┘

Key Concepts:

  • Macaroons: Bearer tokens with embedded caveats (expiry, scope, budget, IP). Not API keys — they support delegation without server roundtrips.
  • Delegation: Agent A gives Agent B a sub-token with reduced permissions and a $50 budget cap. B can't escalate.
  • MCP Parsing: SatGate reads MCP JSON-RPC payloads to attribute costs to specific tool calls, not just HTTP endpoints.
  • L402: HTTP 402 + Lightning invoice for machine-to-machine payments. The protocol for the agent economy.

SDKs

LanguagePackageDocs
Pythonpip install satgateREADME
JavaScriptnpm install satgate-sdkREADME

MCP Proxy (NEW)

SatGate now includes a native MCP proxy that governs tool calls for any MCP-compatible agent:

# Run MCP proxy with 1000-credit budget
satgate-mcp --config satgate-mcp.yaml
  • Budget enforcement: Hard 402 when agents exhaust their allocation
  • Delegation: Parent agents mint sub-agent tokens with carved budgets
  • Per-tool costs: web_search: 5, dalle_generate: 50 (wildcard patterns supported)
  • Two transports: stdio (local sidecar) or SSE/HTTP (remote multi-agent)
  • Three auth modes: none, static token, macaroon (HMAC chain)

See pkg/mcpserver/README.md for full documentation.

Documentation

☁️ SatGate Cloud & Enterprise

Self-hosting not your thing? SatGate Cloud is the fully managed version — same gateway, zero ops.

The open-source gateway handles protection and payments. SatGate Cloud adds the control plane:

  • 📊 Observe — Real-time dashboards, usage attribution, cost center tagging
  • 🎚️ Control — Budget enforcement with Fiat402 (enterprise credits)
  • 🤖 SatGate Mint — Zero-touch agent provisioning (K8s, AWS, OIDC)
  • 🏢 Multi-tenant — Team isolation, RBAC, SSO/SCIM
  • 📝 Audit — Tamper-evident logging, compliance exports

<a href="https://cloud.satgate.io"><strong>Start Free →</strong></a> (Observe mode is free, unlimited, forever)

Contributing

We welcome contributions! See CONTRIBUTING.md for guidelines.

git clone https://github.com/satgate-io/satgate.git
cd satgate
go mod download
go test ./...
go build -o satgate ./cmd/satgate

License

Apache License 2.0 — see LICENSE for details.

Links

<p align="center"> <sub>Built with ⚡ by <a href="https://satgate.io">SatGate</a> — The Economic Firewall</sub> </p>

Related Servers