datarekha
Agents May 21, 2026

Replit Agent's architecture, two years in

Replit Agent launched in September 2024 and turned a nine-year-old IDE into a $150M-ARR business. The architecture is unfashionably explicit — plan, confirm, execute, checkpoint — and the bet that explicit checkpoints beat full autonomy is paying off. Here's how it actually works.

13 min read · by datarekha · replitagentcoding-agentsproduction

In April 2024, Replit was a nine-year-old browser IDE with $2.8M in annualized revenue and a slow but real user base of hobbyists and educators. By September 2025, it was at $150M ARR. By March 2026, 50M+ users, with 85% of the Fortune 500 on the platform. The single thing in between those two snapshots is Replit Agent, launched in September 2024 and turned into the primary growth engine of the company.

The story the Replit team tells is interesting because it’s not the story you’d expect. They didn’t ship the smartest agent. Devin shipped six months earlier with a flashier autonomy pitch. Cursor was already the developer favourite for in-IDE AI. v0 had locked up UI generation. Replit’s wedge was a structural one: the agent is allowed to be less autonomous, because the platform underneath it is more resettable. Every checkpoint is a fork. Every fork is reversible. The user keeps the steering wheel.

This post walks through how that bet became an architecture, what each piece actually does in production, and what the explicit-checkpoint design buys that pure autonomy doesn’t.

The shape of an agent run

A Replit Agent task is structured around four phases that are visually and conceptually distinct in the product. You give the agent a prompt (“build me a flashcards app with login and a study mode”). It produces a plan — a numbered list of files it will create and steps it will take. You see the plan in the chat panel. You approve, edit, or reject it. On approval, the agent enters execution mode, writing files into a sandboxed Repl. It checkpoints between meaningful milestones, runs the app, takes a screenshot, and surfaces it back to you. You either move on or roll back.

REPLIT AGENT RUN — FOUR EXPLICIT PHASESPHASE 1Plannumbered task listuser OKPHASE 2Executewrites files in sandboxPHASE 3Checkpointsnapshot FS + DBPHASE 4Runscreenshotuser feedback → next task, or roll back to last checkpoint
The Replit Agent run shape. The phases are not just internal — they are visible UI states. The user can intervene at any boundary.

The structural choice is the explicit gate between Phase 1 and Phase 2. In contrast to Devin’s “kick it off and walk away” model, Replit holds the agent at the plan boundary and waits. This costs latency. It also buys two things that turn out to be load-bearing.

The first is trust. Users approve the plan because they can read it. The plan is in English, references concrete file paths, and is short enough to scan. If the agent misunderstood the request — and it routinely does — the user catches it before any code is written.

The second is scoping. The plan acts as a contract. When the agent deviates from the plan during execution (and it sometimes does, because real tasks surface complications), the deviation is visible. The agent explicitly says “I need to add a dependency I didn’t plan for; OK?” The user keeps a coarse-grained sense of “what am I about to spend agent minutes on” without having to read every diff.

The snapshot engine: why rollback is cheap

The piece that makes the explicit-checkpoint design work under the hood is Replit’s Snapshot Engine. Without it, a checkpoint is a vague promise; with it, a checkpoint is a copy-on-write fork of the entire Repl — filesystem, database, environment — that can be created in milliseconds and discarded just as cheaply.

The engineering is built on three primitives that have been in the Replit stack for years and were repurposed when the agent shipped:

  • Manifest-based filesystem. The Repl’s filesystem is represented as a manifest — essentially a content-addressed tree of file hashes. Checkpointing copies the manifest under a new name; restoring replaces the current manifest with a different version. Identical content across versions is shared. The result is that a snapshot of a 50MB project is a few kilobytes of metadata.

  • Versioned database. Replit’s database layer supports the same pattern — branches and forks of the database, with copy-on-write under the hood. An agent that mutates user data during a run can do so against a forked DB; the user can compare and either merge or discard.

  • Sandboxed Nix environment. Each Repl is a Nix-based sandbox, which gives a reproducible package environment that can also be checkpointed. If the agent installs a dependency that turns out to be a mistake, rolling back the checkpoint rolls back the dependency too.

When you combine these primitives, you get an agent runtime where every meaningful intermediate state is a reversible commit point. The agent is free to be wrong; the cost of being wrong is bounded.

This is the part of the architecture that competitors structurally cannot replicate without rebuilding their platform. Devin runs in its own cloud VMs but doesn’t expose checkpointing as a first-class user concept; Cursor edits your local filesystem and depends on git for rollback (which doesn’t cover the database or the dependency state); v0 runs in a sandboxed Next.js preview but only the code is versioned, not the runtime state. Replit’s checkpoint is the whole Repl, and the whole Repl is what the user cares about.

Why the agent is allowed to be less smart

A frequent observation from people switching between coding agents is that Replit Agent feels “less aggressive” than Devin or Cursor’s agentic mode. It asks more confirmation questions. It does fewer things per turn. It stops more often.

The reason is straightforward: when the cost of a mistake is “click rollback,” the system can afford to defer to the user more often without hurting throughput. The agent doesn’t have to one-shot a multi-step task because the user is sitting right there, approving plans and reviewing checkpoints. The agent’s job is to be a tireless executor and a clear explainer, not a perfect software engineer.

The trade-off shows up in the kind of tasks Replit Agent is good at relative to its competitors. It’s excellent at: “build me a CRUD app with login,” “add a settings page,” “wire this Postgres database to a form,” “make the design look more like X.” It’s mediocre at: “debug this 50-file inheritance bug across three microservices,” “refactor this entire repo to use the new framework version.” The latter category is where Cursor or a fully autonomous agent like Devin shines — Replit’s audience is doing the former.

This is a market segmentation insight, not an architecture limitation. Replit’s product is for people who want to build new software, often without being professional developers. The agent’s design fits that audience because the audience’s tolerance for “the agent went off and did something inscrutable” is essentially zero. They want to see what’s being done, approve it, and roll back when it’s wrong.

The business numbers that vindicate the choice

The metrics are striking. From public reporting in 2025 and Replit’s own announcements:

  • Replit’s ARR grew from $2.8M in early 2024 to $150M by September 2025 — a 50× jump in eighteen months.
  • The user base went from roughly 25M in early 2024 to 40M+ by September 2025 and 50M+ by March 2026.
  • 85% of the Fortune 500 has users on the platform — most of them experimenting with non-developer software creation via Agent.
  • Replit raised $250M in late 2025 at a reported $3B+ valuation, and is publicly targeting $1B run-rate revenue by end of 2026.

The pricing model shift mattered. Agent usage is consumption-priced on top of the existing subscription, which is why ARPU jumped sharply. Users who would have paid $20/month for the IDE alone now spend several hundred a month on agent compute when they’re actively building. That’s the AI-coding business model in a nutshell: subscription floor, consumption upside.

Amjad Masad, the CEO, said in early 2025 something that became a much quoted line in developer-tools: “We don’t care about professional coders anymore.” The framing was deliberately provocative, and read mostly as a marketing line, but the architecture underneath the agent backs it up. The audience Replit is building for is the one that needs the rollback button — because they aren’t going to read the diff.

Comparing the architectures

The clearest way to see what Replit’s design buys is to put it next to its two closest competitors at the architecture level.

CODING-AGENT ARCHITECTURES, COMPAREDReplit Agentplan → confirm → execexplicit user gatessnapshot-engine FS + DBNix sandboxscreenshot feedback looptrade-off:latency, but reversibleaudience: non-devs +prototypersCursor (agentic)in-IDE, narrow scopeapply-model + planneredits local filesgit for rollbacktype-checker as verifiertrade-off:fast, but FS onlyaudience: pro devsin existing reposDevinlong-horizon autonomouscloud VM per taskimplicit checkpointsend-of-run PRgateway interrupts loopstrade-off:unattended, but priceyaudience: dev teamsautomating tickets
Three different products, three different architectures, three different audiences. The architecture and the audience are not independent variables.

The architectures map directly to who they serve. Replit’s snapshot engine is overkill if you’re a senior engineer in a 10k-line repo — you already have git, you don’t need a database fork. Cursor’s in-IDE flow is incomprehensible to someone who’s never used an IDE. Devin’s end-of-run PR model is a tool you trust because you’re going to review the PR carefully. Each design picks a different point on the autonomy/trust trade-off and builds the platform that supports it.

Where the design starts to strain

The Replit Agent design has known weak points, and the team has been public about them.

Multi-Repl tasks. The snapshot engine is per-Repl. When a user wants the agent to span two Repls (say, a frontend and a separate backend project), the checkpoint story gets muddier. The 2026 roadmap includes cross-Repl deployments and the agent is gradually being extended to span them, but the rollback semantics are not as clean as single-Repl yet.

The “vibe-coding” failure mode. When non-developer users iterate on an app via Agent, they tend to accumulate complexity that the agent hasn’t fully understood. After 50 turns, the agent’s context window is full of old plans and old diffs, and small changes start producing surprising regressions. Replit’s response has been better context selection (the agent now retrieves only relevant chunks of recent history) and stronger nudges to start fresh from a checkpoint, but the class of bug is structural.

Security in shared environments. Replit has been very public about defense-in-depth measures around AI sandboxes after some early embarrassments with users running questionable code and one well-publicised incident in mid-2025 where an agent dropped a database. The fix was, predictably, more layers of sandboxing and stricter database fork semantics — and was visible to users mostly as a wave of new “are you sure?” confirmations.

What to take away

  • Reversibility is an architecture, not a feature. The thing that lets Replit Agent be conservative without being slow is the snapshot engine underneath. The agent can confidently propose a destructive change because the platform can undo it in milliseconds. Most competitors can’t because their platforms don’t fork.

  • Explicit user gates are not a UX choice; they’re a trust multiplier. The plan-confirm step looks like friction. It is the thing that makes 50M users willing to let an AI write code that touches their databases.

  • Pick your audience, then design the autonomy level. Replit’s audience needed the rollback button. Cursor’s audience needed speed-of-thought. Devin’s audience needed unattended runs. Trying to serve all three with one design is how you get a product that satisfies none of them.

  • The platform underneath the agent is the moat. Frontier models are getting commoditised by the month. Snapshot engines, Nix sandboxes, versioned databases, and the operational maturity of running them at 50M-user scale are not. Replit’s growth from $2.8M to $150M ARR in eighteen months is, more than anything, a story about a nine-year-old platform suddenly turning out to be the right shape for an agent.

The unfashionable lesson is that the best architecture for an agent might be the one that asks the user the most questions. Two years of shipped product and a 50× revenue growth curve is starting to look like a serious argument for it.

Further reading: Replit’s own snapshot engine post is the clearest technical writeup of the reversibility primitives. The Replit Agent docs walk through the user-facing flow. Sacra’s revenue profile tracks the business numbers in detail. For the broader strategic frame, the TechCrunch piece on Replit finally finding its market is a useful counterweight to the hype.

Skip to content