Build the platform that powers long-running multi-step LLM agents — Devin, Manus, OpenAI Codex agents, Cursor agents, Claude Code background agents, Replit Agent, Lindy. Users describe a task; the platform spawns an agent that plans, calls an LLM, calls tools, executes code in a sandbox, captures results, and iterates — sometimes for minutes, sometimes for hours, sometimes (Cursor's Solid→React migration) for **three weeks**. The architectural pressure here is **not LLM inference** (that's an external dependency) — it's **durability**, **isolation**, and **cost containment** under failure. Three load-bearing concepts: 1. **An agent run is a durable workflow, not a request.** Brain (LLM gateway) / hands (sandbox) / state (orchestrator + history) are independently replaceable. When the sandbox host dies 90 minutes into a 2-hour Devin task, the workflow survives because Temporal's history is the source of truth. (Cognition's published architecture; Temporal's Replit case study.) 2. **KV-cache-aware routing is not optional.** Manus's blog calls KV-cache hit rate "the single most important metric for a production-stage AI agent" — Anthropic's prompt-caching read price is 10% of base, so a 90% cache hit rate cuts cost by ~80%. A naïve OpenAI-protocol-compatible passthrough cannot do this; the gateway must understand prefix locality. 3. **Cost runaway is enforcement, not alerting.** The published $47K LangChain incident (four agents in an unintended infinite loop, 11 days, $47K bill) is the canonical retro. Per-tenant kill-switches must fire at minute granularity, not at the daily billing job. Replit users have reported $30/hr → $360/day before their 2025 controls landed.