Rate limits won't help — they're per-key, not per-agent. Spending alerts won't help — by the time the email arrives, the swarm is done. Revoking the key kills all 100 agents, not just the one that's hallucinating against a paid API.
We built satgate-proxy to solve this with macaroon delegation trees. Macaroons are bearer tokens with cryptographically enforced caveats. The key property: any token can be attenuated (made more restrictive) without contacting the server. So an orchestrator with a 1,000-credit token can locally mint 100 child tokens capped at 10 credits each. Each sub-agent gets its own token. When agent #37 burns through its budget, it gets blocked — the proxy returns either HTTP 402 (server mode) or a JSON-RPC error (local mode) — and stops. The other 99 keep running.
No dashboard to watch. No human in the loop. The budget is enforced on every request.
Try it:
npx satgate-proxy --local --budget 5.00 --config satgate.yaml
Zero dependencies. Wraps any MCP tool server with hard budget caps locally. Every tool call deducts from the budget. When it hits zero, the proxy returns a clean JSON-RPC error and the agent stops. No account needed for local mode.
The npm package is the lightweight proxy. The full server (macaroon minting, delegation trees, L402/Fiat402 protocol support) is the Go codebase: https://github.com/SatGate-io/satgate
Both MIT licensed. We're building the economic constraint layer for agent systems. Happy to answer questions about the macaroon model, the protocol design, or how this fits into MCP.