Agents make outbound calls with real dollar costs attached. The tooling to control that spend mostly comes down to "set an alert and hope someone's watching." I've seen agents in tight loops burn through $400 in minutes on tool calls nobody intended. One prompt injection away from draining a prepaid API balance.
The security stack has authentication, authorization, rate limiting — but nothing that understands cost as a first-class constraint. You can't express "this agent can spend $50/day across these tools" in a WAF rule.
So I built SatGate. It's a policy enforcement point for economic decisions. It reads cost metadata from MCP tool manifests, tracks cumulative spend per agent, and hard-blocks calls that would exceed budget.
We use macaroon tokens instead of API keys because they support attenuation — an agent can delegate a sub-token with tighter constraints without any server round-trip. A parent agent gives a child agent a token that says "you can spend $10 on search_database in the next hour." The child can't escalate.
The L402/Lightning piece came later — it turns out micropayments are a natural fit for agent-to-API commerce where you want per-call settlement without monthly invoices or API key management.
I looked at the existing landscape: Bifrost has soft budgets (alerts, no enforcement). Zuplo and Kong are solid API gateways but have no concept of economic controls. Nothing combined hard limits + per-tool costs + payments in one layer.
It's open source because I think this needs to be infrastructure, not a product. <50ms overhead, single Go binary, runs anywhere.
Happy to answer questions about the architecture, the macaroon auth model, or the problem space.