Cloudflare Just AI-Cloned Next.js and Open Source Is Shook

Cloudflare just did something either brilliant or terrifying depending on where you sit: they used AI to recreate Next.js in one week. And they're not subtle about it—they're claiming 4x faster builds and 57% smaller bundles. Which sounds fake, right? Like suspiciously, impossibly fake?

But here's the thing: people are actually using it. In production. Including, somehow, a team modernizing government websites. And whether those performance numbers hold up or not, we need to talk about what just happened to open source.

The Actual Technical Achievement (Maybe)

Let's start with what Cloudflare actually did. They took Next.js—this meta-framework that's notoriously difficult to host anywhere except Vercel—and used 1,700 Vitest tests plus 380 Playwright end-to-end tests to train an AI agent. One week later: their own version, optimized for their infrastructure.

The YouTuber covering this, ThePrimeagen, initially got excited about their "94% API surface coverage" claim. Then he dug deeper and found the actual test coverage: 13% for dev, 20% for end-to-end, 10% for production. "One week of having an agent go hog wild," he noted. "I mean it's impressive it's made it this far and people are actually using it. Still a little worried about that government thing though."

Yeah, same.

Those Performance Claims Deserve Skepticism

About those numbers: 4x faster builds might be legit, but mostly because this version doesn't do everything Next.js does. It skips static pre-rendering at build time entirely. Less work equals faster builds—that's math, not magic.

The 57% smaller bundle claim? ThePrimeagen's reaction sums it up: "I don't believe you." He's seen enough performance marketing to know there are basically two possibilities here. Either this is an early version that's missing features (so it'll grow closer to Next.js size as they add stuff), or Next.js has somehow been shipping twice as much code as necessary for years.

"I did corner a Cloudflare engineer and I did ask them many a times and at the end of the conversation he's like it's real and I was like I don't believe you," he said. "That was my only answer."

Fair.

The Actually Interesting Part: Traffic-Aware Pre-Rendering

Buried in all this is one genuinely clever idea: traffic-aware pre-rendering. Next.js traditionally pre-renders every single page at build time. Got 10,000 product pages? That's 10,000 renders, even though 99% of them might never get a visitor. This is why some Next.js builds take 30+ minutes.

Cloudflare's approach: they already proxy your traffic, so they know which pages actually get visited. Why not just pre-render those? Their data shows that for sites with 12,000 unique paths, rendering just 184 pages covers 90% of traffic.

That's... actually smart? Like regardless of how this whole AI-cloning thing shakes out, that's a legitimately useful optimization.

The Open Source Question Nobody Wants to Answer

Okay, now the uncomfortable part. Cloudflare used public tests to recreate a competitor's framework in a week. They didn't need to understand the code, didn't need years of accumulated knowledge, didn't need to make the same mistakes Vercel made. They just pointed an AI at the test suite and said "go."

This is where ThePrimeagen brings up SQLite, which keeps significant portions of its test suite private. Their Test Harness 3 is proprietary—only SQLite developers can access it. At the time, this seemed weird. Security through obscurity, right? Wrong move?

Maybe they were onto something.

"Do you think we're going to see the day where company-backed open source no longer makes public any sort of testing?" he asks. "Because what's the purpose of producing all this stuff if somebody else can just say, 'Hey, that's mine now.' Or even more importantly, your competitor can just say, 'Oh, hey, that's mine now.'"

This isn't theoretical anymore. It happened. Cloudflare looked at Vercel's open tests, trained an AI, and now they have their own version optimized for their platform. They even tried this multiple times before and failed—but this time, with AI, it worked.

What Actually Changes

The practical implications split into short-term and long-term buckets. Short-term: Cloudflare has a Next.js fork that might be faster and smaller, or might be an incomplete prototype that'll converge back to normal framework bloat as features get added. We don't know yet, and the early production usage is... let's call it adventurous.

Long-term: the entire economic model of company-backed open source might be cooked. The traditional play was to open-source your core tech, then monetize through hosting, support, or proprietary add-ons. But if competitors can clone your work in a week using your own tests, what's the moat?

ThePrimeagen wonders about maintainability too: "Is it are they permanently just required to live in this slop universe until someone can finally wrangle their head around it?" Because attempts to port Next.js to other platforms have failed repeatedly. Maybe having AI-generated code that nobody fully understands isn't the win it appears to be.

"We are seeing truly for the first time a major technology that's going to be used by a lot of people in which I don't think any individual can reason about what it's actually doing currently," he says.

That's the sentence that should keep you up at night, honestly. Not the performance numbers, not the competitive dynamics—the fact that production infrastructure might increasingly be built by AI systems generating code that humans can't fully audit or understand.

We're maybe five minutes into this future, and already companies are deploying it for government websites. The question isn't whether AI can clone open source projects—Cloudflare just proved it can. The question is what developers, companies, and the open source community do now that this particular genie is out of the bottle.

—Zara Chen