A lot of companies would pay actual money for some semblance of supply-chain security. Hosted, verified, certified Python dependencies. This is how Red Hat made all their money in Linux. Something like "use our vetted and secure pypi instead of the free-for-all full of typo squaters and package takeovers that the public pypi.org offers."
Starting with some nice developer tooling and going from there doesn't seem crazy at all.
I don't know their plan, so I can't speak for them.
What I would do is build an entire ecosystem of that quality that would include a tool to solve the Python distributions problem.
Either you help with deployment on the server, and you offer hosting.
Or you help with making an installer, and you offer nodes to build installers for multiple OS and upload to multiple app stores, manage updates, cdn, permissions...
You can even start small and just help with a service for cross-compiling C extensions and scale from that.
Or provide machine learning analysis of the quality of your code and make companies pay for it.
Or go full Continuum.
They are good enough that they can pick and choose whatever they want, really.
When you solve pain, people pay. If readthedoc managed to survive by being a static rst site, astral has a shot provided they keep the business side of things in mind as nicely as they build their user stories.
Like sentry made a good logging library, then pivoted to an observability service.
And today I use sentry because I have a great history with their product.
It's smart and a positive way to make money.
I dig it.
PS: ruff is not replacing black (although it will probably in the end), but compete with flake8 and pylint.