Shadow Report
See what enforcement would have caught — without actually blocking anything.
What is the Shadow Report?
The Shadow Report shows you what would have happened if enforcement were enabled. It's your risk dashboard — the data that makes the case for budgets before you flip the switch.
Even in Observe mode (no enforcement), SatGate computes tool costs and tracks budget consumption. The Shadow Report visualizes this data so you can see which agents are expensive, which tools cost the most, and where budgets would have been exhausted.
What the dashboard shows
The Shadow Report dashboard is organized into several key sections:
Executive Summary
At the top of the report, you'll see three headline metrics: total requests processed through SatGate, violations (requests that would have been blocked under enforcement), and projected cost (total credit consumption for the period). These give you an instant pulse check on your agent traffic.
Top Agents by Spend
A ranked list showing which agent tokens are consuming the most credits. Each entry shows the token identifier, total spend, request count, and percentage of overall consumption. This is where you spot outliers.
Top Tools by Cost
Which MCP tools account for the most spending? This breakdown shows per-tool costs so you can see if a single expensive tool (like code execution or web search) is driving most of the bill.
ROI Projection
Based on current violation data, the ROI projection estimates how much you'd save by enabling enforcement. If 15% of requests are violations, that's 15% of your agent spend you could reclaim by switching to Control mode.
Spend Over Time
A trend chart showing credit consumption over your selected time range. Useful for spotting spikes, patterns, and growth trends.
How to read the data
Understanding violations
A violation is a request that would have been blocked if enforcement were enabled. This includes:
- Requests from agents that have exceeded their budget ceiling
- Requests from tokens that have been revoked or expired
- Requests that would trigger a policy rule (e.g. tool not in allowlist)
In Observe mode, these requests succeed — the agent doesn't know anything is being tracked. The violation count tells you how many would have failed in Control mode.
Understanding projected cost
Projected cost is the total credit value of all tool calls for the selected period. This uses your configured cost profile rates. If you haven't configured per-tool costs yet, projected cost will be based on default rates. See MCP Cost Profiles to set accurate per-tool pricing.
Taking action
See high spend? Switch to Control mode to enforce budgets. The Shadow Report already shows you what ceilings to set — use the top agents' current spend as a baseline, add headroom, and enforce. Follow the Control Mode Playbook.
See unauthorized agents? Check your policy configuration. If unknown tokens are making requests, review your token delegation chain and revoke any tokens that shouldn't have access.
See unexpected tool usage? Review which tools agents are calling. If agents are using expensive tools unnecessarily, adjust your cost profile or tool allowlists.
Filtering
The Shadow Report supports flexible filtering to zero in on the data that matters:
- Time range: Last 24 hours, Last 7 days, Last 30 days, or a custom date range. Data is aggregated from the MCP event stream.
- Agent filter: Select a specific agent token to see only its activity. Useful for auditing individual agents or investigating anomalies.
- Tool filter: Narrow down to specific MCP tools to understand cost drivers.
How to use it
- Start in Observe. Connect agents, let them run for a few days.
- Review the Shadow Report. Open Shadow Report in the dashboard. Look at total spend, violations, and top agents.
- Set budgets based on reality. If Agent A spent 500 credits last week, a 1,000-credit monthly budget gives 2x headroom.
- Switch to Control. The Shadow Report gave you the data. Now enforce it.
Pro tip: The Shadow Report is read-only analytics. To change enforcement modes or set budgets, go to Enforcement Modes. One source of truth for configuration, one source of truth for reporting.