I built an open-source MCP proxy that enforces per-tool budgets on AI agent tool calls.

The problem: MCP gives agents tool access with no economic controls. An agent stuck in a retry loop against a $0.10/call API burns real money until someone kills it. Auth says "who" and "what" — nothing says "how much."

How it works: SatGate MCP Proxy sits between your agent and upstream MCP servers. Transparent relay — agents don't know it's there until they hit their budget.

  Agent → SatGate MCP Proxy → Upstream MCP Server
  tools/call intercepted → cost: 50 credits (dalle_generate) → budget: 35 remaining → JSON-RPC error: budget_exhausted

Per-tool costs with wildcard matching (web_search: 5, gpt4_*: 25, dalle_generate: 50).

Delegation: Parent agents can mint sub-agent tokens with carved budgets. Enforced cryptographically via macaroon HMAC chains — no DB lookup, microsecond verification.

  Orchestrator (1000 credits)
  ├── research-agent (300) → 60 calls → 402 EXHAUSTED
  ├── content-agent (200) → still operational
  └── analytics-agent (150) → still operational

Budget isolation is real — when research-agent hits 0, siblings and parent are unaffected.

Two payment modes: - Fiat402: Credit-based budgets with delegation trees (enterprise) - L402: Lightning micropayments per tool call. Agent pays invoice, gets preimage, retries.

Transport: stdio (local sidecar) or SSE/HTTP (remote, multi-agent). Written in Go. 28 tests. ~2,200 lines.

GitHub: https://github.com/SatGate-io/satgate Blog: https://satgate.io/blog/beyond-connection-economic-governanc...