Nice open-source project you got there

Welcome to Runtime! Today: Cloudflare's Next.js rewrite project could be an early sign of a new era of custom software, a roundup of enterprise tech earnings, and the latest enterprise moves.

Please forward this email to a friend or colleague! If it was forwarded to you, sign up here to get Runtime each week, and if you value independent enterprise tech journalism, click the button below and become a Runtime supporter today.

Get me rewrite

Open-source software became nearly ubiquitous in enterprise tech and the engine for a generation of commercial ventures several years ago, but it has been groaning under the weight of new forces ranging from restrictive licensing practices to, most recently, a deluge of poorly crafted submissions from script kiddies with coding agents. This week Cloudflare added a new concern to the mix.

Cloudflare announced Tuesday that "one engineer and an AI model rebuilt the most popular front-end framework from scratch," unveiling a framework called vinext that the company said "is a drop-in replacement for Next.js." That last phrase is a little over the top, in that Cloudflare was careful deeper in its blog post to acknowledge the experimental nature of the project, but it's yet another sign that AI coding tools are having a huge impact on software development.

• Next.js is widely used to deploy applications written in JavaScript on serverless infrastructure, but it is closely tied to Vercel's infrastructure and requires developers to jump through some hoops to get it working on other serverless platforms like Cloudflare Workers or AWS Lambda.
• But in less than a week, a Cloudflare engineer used Claude Code to rewrite Next.js on top of Vite, a popular build tool, for $1,100 in tokens.
• Right now vinext only works on Cloudflare Workers — which is amusing given how much shade Cloudflare threw at Vercel over its control of the project — but versions for other serverless platforms are in the works.
• "We honestly didn't think it would work. But it’s 2026, and the cost of building software has completely changed." Cloudflare's Steve Faulkner said in the post.

It turns out that the open nature of open-source projects gives AI coding agents an enormous amount of material to work with, especially a project like Next.js that has been active for a decade. "A project like this would normally take a team of engineers months, if not years," Faulkner wrote, noting that Cloudflare had tried to replicate Next.js at one point but gave up before the onset of tools like Claude Code.

• But when Faulkner pointed Claude at Next.js's years of documentation and test suites and spent several hours crafting a prompt, the tool was able to generate "almost every line of code in vinext" in a week.
• Cloudflare also used agents to test the code before it was merged into the main repository, and while those agents weren't perfect Faulkner was able to "course-correct" as needed to keep the process flowing.
• "All of those things had to be true at the same time. Well-documented target API, comprehensive test suite, solid build tool underneath, and a model that could actually handle the complexity. Take any one of them away and this doesn't work nearly as well," he wrote.

As Faulkner noted, vinext is a splashy proof-of-concept project that could be hard to duplicate, and Vercel CEO Guillermo Rauch pointed out several security holes that Cloudflare said it would patch, But vinext is a warning shot across the bow of any widely-used open-source project.

• Permissively licensed open-source projects allow anyone to use the code from that project in their own endeavors, but vinext shows that anybody with a thousand bucks and some engineering chops can simply duplicate that code in a week with no obligation to the original developers.
• Companies built around open-source projects have increasingly deployed restricted-source licenses in hopes of preventing other groups from using that code to compete against them, but those rules may no longer matter.
• "...the dictating of the rules has largely been built upon a premise that code is intrinsically valuable because it's a scarce resource. Difficult to maintain. Expensive to write. AI is now rapidly overturning that premise," wrote John O'Nolan, founder and CEO of Ghost.org, in a blog post. (Disclaimer: Runtime is a Ghost customer.)

Money talks

Wednesday and Thursday were big days for enterprise tech earnings, and here's how they went:

• Nvidia beat expectations and projected first-quarter revenue above expectations, but that wasn't enough to satisfy investors looking for even more growth, and its stock sank more than 5% Thursday.
• Salesforce delivered similar results and was rewarded with a 4% jump in its beleaguered stock Thursday, despite the fact CEO Marc Benioff might have preannounced a new furry mascot for next year's Dreamforce called the "SaaSquatch."
• Shares of Snowflake jumped more than 2% Thursday after it raised its revenue guidance for the year and announced that it had signed the largest deal in the company's history.
• Dell also beat expectations on the strength of demand for AI servers and raised its guidance for the year, which sent its stock up more than 7% in after-hours trading Thursday.
• Zoom, on the other hand, beat revenue expectations but missed profit expectations, and its stock fell more than 11% on Thursday.
• And CoreWeave's stock fell more than 8% in after-hours trading Thursday after it reported a wider-than-expected loss and projected that revenue in the current quarter would come in below expectations.

Enterprise moves

Azi Cohen is the new CEO of Mend.io, after co-founding the company in 2011 and serving as president for the last year.

Scott Stout is the new president of Halcyon, joining the ransomware defense company after serving as security chief revenue officer at Cisco.

Brian O'Reilly is the new chief operating officer at Writer, a promotion from his previous role as general manager of the AI company's international business.

The Runtime roundup

Cisco customers are being urged to patch a maximum-severity flaw in its SD-WAN networking products that is being actively exploited by "malicious cyber threat actors," according to The Register.

Executives from all the major hyperscalers are expected to sign a pledge to provide their own power for new data centers at the White House next week, rather than relying on existing power plants and driving up residential power costs.

Thanks for reading — see you Saturday!