It works in Bolt, not in production
WebContainers are forgiving: everything runs in one sandbox, on one origin, with no cold starts. Deploy to real hosting and the seams show, in CORS errors, redirects and functions that time out under load.
Kyln takes apps built in Bolt.new to production. Senior London engineers read what the AI wrote, put real environments and tests around it, then salvage, refactor or rebuild it into software you can charge for. Reviews start at £1,500, and every price is public.
Vite + Node · WebContainers · Netlify + Supabase · review from £1,500Bolt gets a full-stack app running in the browser minutes after you describe it. Surviving paying customers is a different job, and the gap shows in the same six places.
Why the last 20% is the hard partIt works in Bolt, not in production
WebContainers are forgiving: everything runs in one sandbox, on one origin, with no cold starts. Deploy to real hosting and the seams show, in CORS errors, redirects and functions that time out under load.
Secrets with a VITE_ prefix
Vite ships anything prefixed VITE_ straight to the browser, and Bolt apps routinely carry API keys that way because it made the demo work. Rotating them and moving the calls server-side is day-one work.
The whole-file rewrite problem
Bolt edits by regenerating files. As the codebase grows, a fix in one place quietly rewrites another, and features drop out until a customer notices. Without tests and version-control discipline, every change is a coin toss.
Supabase, minus the security
The same story as every AI builder: tables created fast, row-level security missing or generated wrong, and the public key happily querying data it should never see.
No observability
No error tracking, no logs worth reading, no uptime checks. The first monitoring system is a customer emailing you, which is the most expensive one there is.
Token burn as a roadmap
Once the app crosses a size threshold, each prompt costs more and lands less. Teams arrive having spent more on tokens than the review costs, still without auth they trust.
A takeover is not a teardown. Bolt got the product in front of people, and the review names what that earned you before anything gets replaced.
The entry point is a fixed-scope review, from £1,500, about a week from access to answer. A senior engineer reads the code. Josh, Kyln's founder, signs off every review.
You get a prioritised risk list tied to user and business impact, and a prescription with costs: salvage, refactor or rebuild. If the app is closer to ready than you feared, the review says that instead. The fee buys the honest answer, not a sales document. How that call gets made.
After the fix, most teams keep us on a care plan: hosting, monitoring, security updates and small changes, from £175 a month. Where the product needs someone to own where it goes next, not just keep it running, that can include fractional-CTO direction, from £3,000 a month.
The Production Readiness Scorecard is a two-minute self-assessment that grades how close your product is to something you can safely put in front of paying customers, and names the risks standing in the way.
One line on what your product does and how many paying customers it has today.
A short set of pointed questions across auth, data, security, testing and operations.
An instant letter grade and a “% ready” score, then your three biggest risks ranked worst-first, specific to what you’ve built.
C
64% ready
Promising, but not safe to charge for yet. Three issues would bite a real customer first.
Top risks · worst first
Sample · your result is personalised
RLS policies, exposed keys, half-wired auth and one-environment deploys. The Lovable-specific route to production.
Read the Lovable page
Prototype rescue · v0The interface exists; the product behind it does not yet. Data, auth and APIs on the stack v0 already ships. The v0-specific route to production.
Read the v0 page
Prototype rescue · all toolsThe route is the same whatever generated the code: a senior review, then salvage, refactor or rebuild.
Start at the rescue hub