Prototype rescue · Bolt

Make your Bolt app production-ready.

Kyln takes apps built in Bolt.new to production. Senior London engineers read what the AI wrote, put real environments and tests around it, then salvage, refactor or rebuild it into software you can charge for. Reviews start at £1,500, and every price is public.

Vite + Node · WebContainers · Netlify + Supabase · review from £1,500
Where it breaks

Where Bolt apps break.

Bolt gets a full-stack app running in the browser minutes after you describe it. Surviving paying customers is a different job, and the gap shows in the same six places.

Why the last 20% is the hard part

It works in Bolt, not in production

WebContainers are forgiving: everything runs in one sandbox, on one origin, with no cold starts. Deploy to real hosting and the seams show, in CORS errors, redirects and functions that time out under load.

Secrets with a VITE_ prefix

Vite ships anything prefixed VITE_ straight to the browser, and Bolt apps routinely carry API keys that way because it made the demo work. Rotating them and moving the calls server-side is day-one work.

The whole-file rewrite problem

Bolt edits by regenerating files. As the codebase grows, a fix in one place quietly rewrites another, and features drop out until a customer notices. Without tests and version-control discipline, every change is a coin toss.

Supabase, minus the security

The same story as every AI builder: tables created fast, row-level security missing or generated wrong, and the public key happily querying data it should never see.

No observability

No error tracking, no logs worth reading, no uptime checks. The first monitoring system is a customer emailing you, which is the most expensive one there is.

Token burn as a roadmap

Once the app crosses a size threshold, each prompt costs more and lands less. Teams arrive having spent more on tokens than the review costs, still without auth they trust.

The takeover

What survives, what changes.

A takeover is not a teardown. Bolt got the product in front of people, and the review names what that earned you before anything gets replaced.

What usually stays
  • The product and its validation. Bolt put it in front of real people, and that is the hard part.
  • The Supabase project, where there is one. Data, users and storage stay while policies and schema are corrected around them.
  • The code, exported to GitHub and put under version control like any other codebase.
  • The UI where it earns it. Screens users already understand are refactored, not redesigned for its own sake.
What gets fixed
  • Deploys made boring: environments, previews, rollbacks, functions that behave outside the sandbox.
  • Secrets rotated, moved server-side, and the client bundle audited.
  • Row-level security and auth completed and tested per role.
  • Tests around the flows that take money or touch data.
  • Error tracking and uptime monitoring, so you hear about failures before customers do.
  • A migrations story, so the schema can evolve without hand edits.
The review · from £1,500 · about a week

First, someone senior reads it.

The entry point is a fixed-scope review, from £1,500, about a week from access to answer. A senior engineer reads the code. Josh, Kyln's founder, signs off every review.

You get a prioritised risk list tied to user and business impact, and a prescription with costs: salvage, refactor or rebuild. If the app is closer to ready than you feared, the review says that instead. The fee buys the honest answer, not a sales document. How that call gets made.

After the fix, most teams keep us on a care plan: hosting, monitoring, security updates and small changes, from £175 a month. Where the product needs someone to own where it goes next, not just keep it running, that can include fractional-CTO direction, from £3,000 a month.

What we read on a Bolt app
  • What actually runs in production versus what only ran in the WebContainer.
  • The client bundle, for VITE_-prefixed secrets and calls that belong on a server.
  • Supabase policies, auth flows and what the public key can reach.
  • The deploy target: functions, redirects, cold starts and platform limits.
  • The history, for silently dropped features and dead code left by rewrites.
  • Schema and migrations, and the path for data to evolve safely.
Production readiness · free · 2 minutes

Is your AI-built product safe to sell yet?

The Production Readiness Scorecard is a two-minute self-assessment that grades how close your product is to something you can safely put in front of paying customers, and names the risks standing in the way.

  1. 01

    Describe what you built

    One line on what your product does and how many paying customers it has today.

  2. 02

    Answer honestly

    A short set of pointed questions across auth, data, security, testing and operations.

  3. 03

    Get your grade and risks

    An instant letter grade and a “% ready” score, then your three biggest risks ranked worst-first, specific to what you’ve built.

Get your grade
Free · no account · top-line grade is instant
How the grade is worked out
Kyln

C

64% ready

Promising, but not safe to charge for yet. Three issues would bite a real customer first.

Top risks · worst first

  • 01Admin endpoints have no authentication
  • 02API keys are committed to the repository
  • 03No automated tests run before deploy

Sample · your result is personalised

Bolt rescue questions

Want to talk through the fit? Email contact@kyln.digital

Yes. Bolt exports to GitHub, or to a zip where sync was never set up. We take the export, get it running outside the sandbox and put it under version control. You keep the Bolt project and can keep prototyping in it.