Show HN: SatGate – Budget enforcement proxy for MCP tool calls (L402/macaroons)
I built an open-source MCP proxy that enforces per-tool budgets on AI agent tool calls.
The problem: MCP gives agents tool access with no economic controls. An agent stuck in a retry loop against a $0.10/call API burns real money until someone kills it. Auth says "who" and "what" — nothing says "how much."
How it works: SatGate MCP Proxy sits between your agent and upstream MCP servers. Transparent relay — agents don't know it's there until they hit their budget.
Agent → SatGate MCP Proxy → Upstream MCP Server
tools/call intercepted → cost: 50 credits (dalle_generate) → budget: 35 remaining → JSON-RPC error: budget_exhausted
Delegation: Parent agents can mint sub-agent tokens with carved budgets. Enforced cryptographically via macaroon HMAC chains — no DB lookup, microsecond verification.
Orchestrator (1000 credits)
├── research-agent (300) → 60 calls → 402 EXHAUSTED
├── content-agent (200) → still operational
└── analytics-agent (150) → still operational
Two payment modes: - Fiat402: Credit-based budgets with delegation trees (enterprise) - L402: Lightning micropayments per tool call. Agent pays invoice, gets preimage, retries.
Transport: stdio (local sidecar) or SSE/HTTP (remote, multi-agent). Written in Go. 28 tests. ~2,200 lines.
GitHub: https://github.com/SatGate-io/satgate Blog: https://satgate.io/blog/beyond-connection-economic-governanc...
No comments yet.