diff --git a/satgate-landing/app/agent-control-plane/page.tsx b/satgate-landing/app/agent-control-plane/page.tsx
index 502a8689..e1c5c13d 100644
--- a/satgate-landing/app/agent-control-plane/page.tsx
+++ b/satgate-landing/app/agent-control-plane/page.tsx
@@ -137,7 +137,7 @@ const faqs = [
],
[
"How is an agent control plane different from an API gateway?",
- "An API gateway protects services. An agent control plane governs the agents using those services: their budget, customer boundary, delegation rights, Evidence Pack, and ability to be revoked instantly.",
+ "An API gateway protects services. An agent control plane governs the agents using those services: their budget, customer boundary, delegation rights, Evidence Pack, and ability to have governed requests denied after revocation.",
],
[
"Why do enterprise AI agents need no standing authority?",
diff --git a/satgate-landing/app/agents/page.tsx b/satgate-landing/app/agents/page.tsx
index 0ca32994..cf7a04fe 100644
--- a/satgate-landing/app/agents/page.tsx
+++ b/satgate-landing/app/agents/page.tsx
@@ -268,7 +268,7 @@ export default function AgentsLandingPage() {
Your agents present an identity credential, SatGate mints a budgeted macaroon,
- and they're through the gate. When the budget runs out or you revoke access — they stop. Instantly.
+ and they're through the gate. When the budget runs out or you revoke access, the next governed request stops before upstream.
@@ -300,7 +300,7 @@ export default function AgentsLandingPage() {
Admin Kill Switch
- Revoke any agent's token instantly. Next request gets 401. Cascade revocation kills the entire delegation tree.
+ Revoke any agent's token. The next governed request gets 401, including cascade to delegated child tokens.
diff --git a/satgate-landing/app/blog/agent-swarms-cost-governance/page.tsx b/satgate-landing/app/blog/agent-swarms-cost-governance/page.tsx
index 878fd351..a16b141c 100644
--- a/satgate-landing/app/blog/agent-swarms-cost-governance/page.tsx
+++ b/satgate-landing/app/blog/agent-swarms-cost-governance/page.tsx
@@ -208,7 +208,7 @@ export default function AgentSwarmsCostGovernancePage() {
Cascade revocation
-
If a coordinator goes rogue, revoke its token. Every agent in the delegation tree is instantly invalidated — no need to track down individual agents.
+
If a coordinator goes rogue, revoke its token. Governed requests from agents in the delegation tree are denied at policy check — no need to track down individual agents.
diff --git a/satgate-landing/app/blog/deepmind-intelligent-delegation-satgate/page.tsx b/satgate-landing/app/blog/deepmind-intelligent-delegation-satgate/page.tsx
index b3223279..2b4baa17 100644
--- a/satgate-landing/app/blog/deepmind-intelligent-delegation-satgate/page.tsx
+++ b/satgate-landing/app/blog/deepmind-intelligent-delegation-satgate/page.tsx
@@ -233,7 +233,7 @@ export default function DeepMindDelegationPage() {
SatGate → Every request is logged with full token
lineage — which parent minted it, what caveats it carries, what it spent. Token revocation
- cascades: revoking a parent instantly invalidates all children. The Evidence Pack is the
+ cascades: revoking a parent invalidates governed child requests at the next policy check. The Evidence Pack is the
accountability mechanism.
@@ -327,7 +327,7 @@ export default function DeepMindDelegationPage() {
Paper: Algorithmic circuit breakers that invalidate tokens across delegation chains (pp. 18–19)
SatGate → Governance service with cascade revocation.
- Banning a parent token instantly invalidates every child and grandchild in the delegation tree.
+ Banning a parent token causes governed child and grandchild requests to be denied at their next policy check.
Rate limiting acts as an additional circuit breaker — runaway agents hit throttling before they can
cause economic damage.
diff --git a/satgate-landing/app/blog/l402-protocol-explained/page.tsx b/satgate-landing/app/blog/l402-protocol-explained/page.tsx
index 2c9d381f..b62801c2 100644
--- a/satgate-landing/app/blog/l402-protocol-explained/page.tsx
+++ b/satgate-landing/app/blog/l402-protocol-explained/page.tsx
@@ -421,7 +421,7 @@ routes:
Ready to Add L402 Payments to Your API?
- SatGate implements L402 as a gateway policy — deploy in front of any API to enable machine-native micropayments with zero changes to your backend. Open source. Production ready.
+ SatGate implements L402 as a gateway policy — deploy in front of any API to enable machine-native micropayments with zero changes to your backend. Open source. Use the OSS gateway with your own operational gates, policies, and receipts.
diff --git a/satgate-landing/app/blog/mcp-budget-enforcement-guide/page.tsx b/satgate-landing/app/blog/mcp-budget-enforcement-guide/page.tsx
index c4ec94b4..5aeb2989 100644
--- a/satgate-landing/app/blog/mcp-budget-enforcement-guide/page.tsx
+++ b/satgate-landing/app/blog/mcp-budget-enforcement-guide/page.tsx
@@ -279,7 +279,7 @@ satgate delegate \\
The parent's budget is the ceiling. Sub-agents can never collectively exceed what
- was delegated. If you revoke the parent token, the entire tree is instantly invalidated.
+ was delegated. If you revoke the parent token, governed child requests are denied at policy check.
Step 6: Monitor and Attribute
diff --git a/satgate-landing/app/blog/zero-trust-for-ai-agents/page.tsx b/satgate-landing/app/blog/zero-trust-for-ai-agents/page.tsx
index 0a64e0bf..877aaa99 100644
--- a/satgate-landing/app/blog/zero-trust-for-ai-agents/page.tsx
+++ b/satgate-landing/app/blog/zero-trust-for-ai-agents/page.tsx
@@ -316,7 +316,7 @@ Token: search-worker-12
- Enforce budgets at the gateway. Every API call has a cost. The gateway tracks cumulative spend against the token's budget caveat. When the budget is exhausted, access stops — instantly, automatically, with no human intervention.
+ Enforce budgets at the gateway. Every API call has a cost. The gateway tracks cumulative spend against the token's budget caveat. When the budget is exhausted, the gateway denies the request automatically, with no human intervention.
diff --git a/satgate-landing/app/crawl/page.tsx b/satgate-landing/app/crawl/page.tsx
index 94dc2c05..d65a74bb 100644
--- a/satgate-landing/app/crawl/page.tsx
+++ b/satgate-landing/app/crawl/page.tsx
@@ -966,7 +966,7 @@ export default function ProtectDemoPage() {
- "The token is compromised. Ban it globally and instantly.
+ "The token is compromised. Ban it globally.
We're stateless for validation (fast), but stateful for revocation (secure).
This is the Panic Button."
@@ -1363,7 +1363,7 @@ export default function ProtectDemoPage() {
Token Rejected!
- The banned token was instantly rejected. The attacker is locked out.
+ The banned token is rejected on the next governed request. The attacker is locked out.
{`{
@@ -1430,7 +1430,7 @@ export default function ProtectDemoPage() {
- Instant Kill Switch revocation — no propagation delay
+ Kill Switch revocation checked before the next governed request
diff --git a/satgate-landing/app/protect/page.tsx b/satgate-landing/app/protect/page.tsx
index acdbd47c..d5aea71e 100644
--- a/satgate-landing/app/protect/page.tsx
+++ b/satgate-landing/app/protect/page.tsx
@@ -124,7 +124,7 @@ const faqJsonLd = {
name: 'Why use revocable capability tokens for agents?',
acceptedAnswer: {
'@type': 'Answer',
- text: 'Revocable capability tokens give agents narrow, expiring authority that can be delegated safely and killed instantly without rotating global API keys or service-account credentials.',
+ text: 'Revocable capability tokens give agents narrow, expiring authority that can be delegated safely and denied at policy check without rotating global API keys or service-account credentials.',
},
},
{
@@ -1006,7 +1006,7 @@ export default function ProtectDemoPage() {
- "The token is compromised. Ban it globally and instantly.
+ "The token is compromised. Ban it globally.
We're stateless for validation (fast), but stateful for revocation (secure).
This is the Panic Button."
@@ -1044,7 +1044,7 @@ export default function ProtectDemoPage() {
CISO Role
- Issues root credentials. Retains authority. Can revoke instantly.
+ Issues root credentials. Retains authority. Can revoke governed access.
@@ -1412,7 +1412,7 @@ export default function ProtectDemoPage() {
Token Rejected!
- The banned token was instantly rejected. The attacker is locked out.
+ The banned token is rejected on the next governed request. The attacker is locked out.
{`{
@@ -1475,7 +1475,7 @@ export default function ProtectDemoPage() {
- CISO retains authority (instant Kill Switch revocation)
+ CISO retains authority (Kill Switch checked before governed requests)
@@ -1783,7 +1783,7 @@ export default function ProtectDemoPage() {
{[
['What does SatGate Control protect?', 'SatGate Control protects agent API and MCP tool calls by enforcing scoped capability tokens, budgets, delegation limits, revocation, and audit policy before requests reach upstream services.'],
- ['Why use revocable capability tokens for agents?', 'Revocable capability tokens give agents narrow, expiring authority that can be delegated safely and killed instantly without rotating global API keys or service-account credentials.'],
+ ['Why use revocable capability tokens for agents?', 'Revocable capability tokens give agents narrow, expiring authority that can be delegated safely and denied at policy check without rotating global API keys or service-account credentials.'],
['How does Control differ from Prove?', 'Control enforces access, budget, scope, and revocation policy for agent activity. Prove preserves Evidence Pack receipts for paid-rail context and other agent decisions before API access is unlocked.'],
].map(([question, answer]) => (
diff --git a/satgate-landing/app/sandbox/page.tsx b/satgate-landing/app/sandbox/page.tsx
index 207deeac..b724f661 100644
--- a/satgate-landing/app/sandbox/page.tsx
+++ b/satgate-landing/app/sandbox/page.tsx
@@ -142,7 +142,7 @@ export default function SandboxPage() {
addEvent({ id: 'alpha-header', agent: 'alpha', type: 'summary', status: 'running',
label: '🔴 Agent Alpha — Admin Kill Switch',
- detail: 'Can an admin instantly cut off a rogue agent? Watch.' });
+ detail: 'Can an admin deny a rogue agent at the next governed request? Watch.' });
// Step 1: Auth
const authId = 'alpha-auth';
@@ -191,7 +191,7 @@ export default function SandboxPage() {
await sleep(jitter(300));
if (abortRef.current) return;
updateEvent(revokeId, { status: 'revoked', latencyMs: jitter(12),
- detail: '✓ Token revoked instantly — agent has no idea yet.' });
+ detail: '✓ Token revoked — next governed request should be denied.' });
await sleep(600);
if (abortRef.current) return;
@@ -203,10 +203,10 @@ export default function SandboxPage() {
await sleep(jitter(400));
if (abortRef.current) return;
updateEvent(verifyId, { status: 'blocked', latencyMs: jitter(8),
- detail: 'HTTP 401 — Blocked. Agent is permanently locked out. Zero human latency.' });
+ detail: 'HTTP 401 — Blocked on the next governed request after revocation.' });
addEvent({ id: 'alpha-done', agent: 'alpha', type: 'summary', status: 'success',
- label: '✓ Kill switch works: Authenticate → Call API → Admin Revoke → Instant Block' });
+ label: '✓ Kill switch works: Authenticate → Call API → Admin Revoke → Next request blocked' });
return true;
}, []);
@@ -469,7 +469,7 @@ export default function SandboxPage() {
- Two scenarios CFOs care about: a rogue agent gets cut off instantly, and an agent
+ Two scenarios CFOs care about: a rogue agent gets denied at the next governed request, and an agent
hits its budget ceiling and stops — before the bill arrives.
diff --git a/satgate-landing/app/security/page.tsx b/satgate-landing/app/security/page.tsx
index bf5db525..2f5dd40e 100644
--- a/satgate-landing/app/security/page.tsx
+++ b/satgate-landing/app/security/page.tsx
@@ -184,8 +184,8 @@ export default function SecurityPage() {
Cascade Revocation
- Revoking a parent token instantly invalidates all of its children. No propagation delay —
- the gateway checks revocation status on every request. Admin kill switch: immediate.
+ Revoking a parent token invalidates governed child requests at the next policy check.
+ The gateway checks revocation status before each governed request.