Docs/Architecture

Architecture

How SatGate is built — open-source core, enterprise gateway, and cloud platform.

Open-core model

SatGate follows an open-core model:

  • OSS Core (github.com/SatGate-io/satgate) — reverse proxy, macaroon auth, MCP JSON-RPC parser, admin API. Written in Go.
  • Enterprise Gateway — multi-tenant dashboard, MCP cost attribution, delegation hierarchies, SCIM, SSO, billing. Private repo.
  • SatGate Cloud (cloud.satgate.io) — managed SaaS. Sign up, connect agents, zero infrastructure.

Component overview

┌──────────────────────────────────────────────┐
│  Agent (Cursor / Claude Code / Custom)       │
│  ↓ SSE/Streamable HTTP                       │
├──────────────────────────────────────────────┤
│  SatGate MCP Proxy                           │
│  ├─ Macaroon auth (tenant + budget caveats)  │
│  ├─ MCP JSON-RPC parser                      │
│  ├─ Per-tool cost attribution                │
│  ├─ Budget enforcement (402 on exhaustion)   │
│  └─ Real-time event pipeline                 │
│  ↓                                           │
├──────────────────────────────────────────────┤
│  Upstream MCP Servers                        │
│  (your tools, hosted anywhere)               │
├──────────────────────────────────────────────┤
│  Enterprise Gateway                          │
│  ├─ Dashboard API (BFF)                      │
│  ├─ Tenant management                        │
│  ├─ Delegation tree                          │
│  ├─ Shadow Report engine                     │
│  └─ WebSocket event hub                      │
├──────────────────────────────────────────────┤
│  Data Layer                                  │
│  ├─ Relational DB (tenants, tokens, config)  │
│  └─ Cache + event bus (sessions, events)     │
└──────────────────────────────────────────────┘

Key design decisions

  • Inline proxy. SatGate sits in the request path. No sidecar, no SDK, no agent code changes. Point your MCP client at SatGate instead of your upstream — everything else is transparent.
  • Macaroons, not JWTs. Macaroons support delegation without server roundtrips. A team lead can mint a sub-token for an agent without calling any API — just add caveats and HMAC.
  • Event-driven monitoring. Every request generates events pushed to the dashboard via WebSocket in real-time. No polling.
  • Multi-tenant by design. Every request is scoped to a tenant ID extracted from the macaroon. Data isolation is enforced at the query layer.

Deployment options

SatGate Cloud

Fully managed. Sign up and connect agents. No infrastructure to manage.

Hybrid

Gateway in your VPC, dashboard on SatGate Cloud. Data stays in your network.

Self-hosted

Everything on your infrastructure. Docker, Kubernetes, or bare metal.

Related