Hi folks,

This week’s lead story looks at OpenAI’s move to acquire Astral, the company behind popular open-source Python tools Ruff and uv, as it continues to pull widely used developer tools and viral projects into its orbit.

Elsewhere, there’s fresh funding for open-source security, growing corporate interest around OpenClaw, and a lot more.

As usual, feel free to reach out to me with any questions, tips, corrections, or suggestions: forkable[at]pm.me.

Paul

<Open issue>

OpenAI’s Astral projection

OpenAI this week announced plans to acquire Astral, the company behind widely used open-source Python tools including Ruff and uv. The plan is to fold Astral into OpenAI’s Codex team, which builds the company’s AI coding agent, and connect Codex “more directly with the tools developers already use.”

Astral has built a following by replacing slower, fragmented Python tooling with faster, unified alternatives. Ruff acts as a high-speed linter and formatter, while uv rethinks package management and environments — both designed to speed up day-to-day development.

The deal gives OpenAI a foothold in the tooling developers actually use when writing and running code, far beyond the model layer.

The move follows OpenAI bringing in the creator of OpenClaw, the viral open-source agent that spread quickly as developers forked and adapted it. It also comes alongside a separate deal for Promptfoo, an open-source testing tool.

While OpenAI mostly abandoned its open-source roots a long time ago, these recent deals are a tacit acknowledgement of the power of open source — and the communities that drive it.

Astral’s tools have grown rapidly these past few years, reaching hundreds of millions of downloads per month and becoming a mainstay of modern Python development. Founder and CEO Charlie Marsh said that growth exceeded expectations.

“Open source is at the heart of that impact and the heart of that story; it sits at the center of everything we do,” Marsh wrote. “In line with our philosophy…. OpenAI will continue supporting our open source tools after the deal closes. We'll keep building in the open, alongside our community – and for the broader Python ecosystem – just as we have from the start.”

Read more: OpenAI & Astral

<Patch notes>

$12.5M for open source security

The Linux Foundation has secured $12.5 million in new funding from major tech firms — including Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI — to support open-source security projects. The effort targets long-standing gaps in maintaining widely used but under-resourced infrastructure.

Read more: Press release

Germany backs open document standards

Germany’s sovereign digital stack will mandate the Open Document Format (ODF) — an open, standardised file format used by office suites like LibreOffice — reinforcing a shift away from proprietary file formats in public sector systems. The move aims to improve interoperability and reduce vendor lock-in.

Read more: The Document Foundation

MCP maps next steps

The folks behind the Model Context Protocol (MCP) have outlined a set of priorities for 2026, including better support for remote servers, improved scaling, and clearer agent-to-tool communication — all designed to make it easier for agents to connect reliably to external tools and data.

Read more: The New Stack

Tencent backs OpenClaw after copycat complaint

Chinese tech giant Tencent has moved to sponsor OpenClaw after complaints from its creator Peter Steinberger about copycat projects.

Read more: SCMP

Chainguard bolsters software supply chain

Software supply chain security company Chainguard has launched a central repository of hardened open-source packages and container images, designed to reduce risks in dependencies.

Read more: The New Stack

OpenClaw gets guardrails

After Nvidia CEO Jensen Huang called OpenClaw “the next ChatGPT,” Nvidia has introduced a project dubbed Nemoclaw to add guardrails to the open-source agent. The effort reflects growing interest in making autonomous systems safer for more serious enterprise deployment.

Read more: The New Stack

<Final commit>

A browser built for bots

Open-source headless browser Lightpanda this week added support for Web Bot Auth, a protocol designed to let automated agents securely identify themselves and access websites without being treated as malicious traffic.

The project itself isn’t new. Lightpanda has been around since 2022, but is gaining attention as developers seek infrastructure built for AI systems. It’s a browser written from scratch for machines, rather than humans — no rendering engine, just the parts needed to load pages and run JavaScript.

That stripped-down design makes it far lighter than Chrome, which still carries decades of features meant for people. Lightpanda remains in beta, but with strong early traction and a growing star count, it’s looking like a serious attempt to rebuild a core piece of the web stack for agents.

Read more: Linuxiac & Lightpanda & GitHub