comparison
AgentKit Cloud vs rolling your own
Everything AgentKit does, you could build: auth, quotas, budgets, analytics, key management, routing, attestation. The question is whether you want to build and run it forever.
Rolling your own means operating the backend yourself, for example a serverless function that relays to a provider.
| AgentKit Cloud | Rolling your own | |
|---|---|---|
| Model providers | Anthropic, OpenAI, Gemini, and Apple on-device | Whatever you integrate |
| Provider keys off the device | Encrypted server-side; the app ships a publishable key | You build the key handling |
| End-user identity verified per request | A JWT from your trusted issuer, checked every request | You implement and test it |
| Hard spend cap per user | A hard ceiling per user and per project. Hit it, requests stop. | You build the metering |
| Subscription-tier model routing | Bind tiers to RevenueCat entitlements | You wire RevenueCat yourself |
| Change models without an app update | Name a tier; remap it server-side | You design the config layer |
| On-device option | Apple Foundation Models on-device, cloud when needed | You integrate each path |
| In-app agent loop with tools, guards, undo | Runs in your app with guards, undo, and run limits | You write the agent loop |
| Device attestation | Optional App Attest binds requests to real devices | You implement App Attest |
| Backend to build and maintain | None. AgentKit Cloud is the backend. | All of it, on you, forever |
The work comes after it works
A relay is a weekend. Identity, per-user limits, spend caps, analytics, and kill switches are the part that takes months.
Maintenance is the real cost
Provider changes, key rotation, and attestation never stop. AgentKit carries that so you ship the app.
Keep your keys and your exit
Bring your own provider keys, and the same SDK still runs against any provider directly if you ever move off.