v2026.6.4 NO. 028 Thursday · 4 June 2026 ≈ 5 min Changelog of the agentic web

First OpenClaw, now Vite: open source keeps moving in with the giants

VoidZero, the company Evan You built around Vite, Vitest, Rolldown, and Oxc, is joining Cloudflare. The licenses stay MIT, and both sides name the same target: tooling for agents on a cloud built for agents. A link-forward briefing, shipped as release notes.

Dark diagram plate: module chips for Vite, Vitest, Rolldown, and Oxc converge into a build node marked MIT and open, then flow into a ring of edge network nodes.
Release asset · the toolchain, the build, the edgePNG · 1600 × 1000
Design

Release Notes / Semver Ledger

The whole issue as a dark product changelog: one dated timeline rail, tagged entries, and Keep-a-Changelog badges.

Today's page borrows the product changelog, the release-notes feed that tools like Linear turned into a design surface. The skeleton is a single vertical timeline rail with a node per entry; each entry carries a date column, an uppercase tag chip, and change rows that lead with a badge from the Keep-a-Changelog grammar: Added, Changed, Security, Removed. One flat chartreuse accent does all the graphic work on a near-black ink ground, with no gradients and no glow. The reusable move is the badge taxonomy itself: a small, disciplined set of labels that lets readers scan a feed by kind before they read a single headline.

  • Timeline Rail
  • Version Chip
  • Tag Chip
  • Change Row
  • Badge Grammar
  • Release Asset
  • Date Column
v2026.6.4Major

Tooling

What shipped or changed hands in the agentic web-building stack.

ChangedVoidZero is joining Cloudflare

Evan You announced that VoidZero, the team behind Vite, Vitest, Rolldown, and Oxc, has been acquired by Cloudflare. Vite alone is downloaded more than 100 million times a week, Rolldown is now the default bundler in Vite 8, and every project stays open source under MIT with the same team leading it. Cloudflare's announcement folds the team into its incubation group and commits $1 million to a fund for Vite ecosystem maintainers. The arc rhymes with OpenClaw earlier this year: a beloved open source project's creator joins a giant, with public promises that the project stays open.

AddedDocker containers in Vercel Sandbox

Vercel Sandbox, the isolated compute Vercel pitches for running untrusted agent code, now runs full Docker containers, which widens what an agent can safely build and test inside the fence.

AddedKiki, a tiny homepage construction kit

Kiki is a homepage kit in roughly 1,500 lines of hand-written PHP: five themes, static or live modes, no JavaScript, no dependencies, and a pointed "no ML-generated trashcode" line in its feature list. It reached the Hacker News front page as a small counterargument to the generated web.

v2026.6.4Security

Technique

Containment patterns and a field test of what agents actually break into.

SecurityHow Anthropic contains Claude across products

Anthropic's engineering team published the containment architectures behind claude.ai, Claude Code, and Cowork: an ephemeral container, a human-in-the-loop sandbox, and a local virtual machine. The sharpest lesson for builders is that an egress allowlist is a capability grant rather than a destination filter; one disclosed exploit exfiltrated workspace files through the product's own approved API domain.

SecurityA $1,500 test of whether LLMs can hack an app

A security researcher built a deliberately vulnerable book-review app, a hardened API in front of a wide-open Firebase, and ran a dozen coding agents against it. GPT 5.5 found the hole in seven of ten runs while most models never thought to walk around the front door, and the author notes this exact misconfiguration ships in real Firebase and Supabase apps all the time.

QuoteUpstream
Our mission now includes building better tooling for agents, just as Cloudflare is positioning itself to become the cloud for agents.
Evan You, VoidZero announcement
v2026.6.4Policy

Workflow

A practice worth stealing: budget agents per tool, not per vibe.

RemovedUnlimited token budgets at Uber

After blowing its 2026 AI budget in four months, Uber now caps every employee at $1,500 in monthly token spend per agentic coding tool. Simon Willison reads the cap as a sane template for teams: a per-tool monthly budget keeps agent spend metered, and at two tools it works out to roughly 11 percent of a median Uber engineer's compensation.

v2026.6.4Prompt

Prompt Lab

A reusable prompt that recreates today's visual system in an AI design or build tool.

Design a product changelog page for [project]. Archetype: a release-notes
feed like Linear's, not a blog. Structure: a slim top nav; a release header
band with a version chip, date, and build metadata set in a monospace face;
one bold display headline; then a single vertical timeline rail down the
left with a node per entry. Each entry gets a date column, a small uppercase
tag chip (MAJOR, SECURITY, POLICY, PROMPT, NOTE), a section heading, and
short change rows that lead with Keep-a-Changelog badges: Added, Changed,
Security, Removed. Palette: near-black ink ground #15171B, warm paper-white
text #F2F0E9, slate #9AA3B2 metadata, and one flat chartreuse accent #C3E940
for nodes, tags, and links. No gradients, no glow, no neon-on-black, no
purple. Type: Archivo 900 for display, Schibsted Grotesk at 19px/1.7 for
body, Spline Sans Mono for tags and metadata. Guardrails: body text at least
18px with AA contrast on the dark ground; 6px chip radius instead of pills;
no colored left-border stripes; no fake search fields or toggles; real hover
and focus states on rows and links; respect prefers-reduced-motion.
v2026.6.4Note

Field Note

Every entry in today's log is about a boundary: who owns the build step, what an agent is allowed to reach, what it is allowed to spend. The interesting design work is shifting from pages to perimeters.

AssetsSources

Sources