You spent a week building your app with Bolt.new. The first few hours felt like magic – you described what you wanted, watched the AI generate a working interface, and added features with simple prompts. Everything works in the preview.
Then you try to add user authentication. The AI burns through 2 million tokens without getting it working. Or you implement Stripe payments and discover they only work in preview, not in production. Or your project hits 20 components, and the AI starts forgetting things it built three days ago.
Over 140 user reviews across Trustpilot, GitHub, Reddit, and developer forums tell the same story. Bolt.new has a 1.4 out of 5 rating on Trustpilot. The complaints are remarkably consistent: the tool works well for simple prototypes, then hits predictable walls when you try to build production apps.
Most issues fall into seven categories. Understanding them before you start can save weeks of frustration and thousands of dollars in wasted tokens.
The most common complaint: runaway token usage. You ask Bolt to fix a bug, it attempts a fix that creates a new bug, then tries to fix that bug, creating another. Each attempt consumes tokens. After 30 minutes, you’ve burned through 500,000 tokens, and the original problem still exists.
Users report staggering numbers:
The problem compounds as projects grow. A fresh project might use 10,000 tokens per prompt. That same project with 20 components can use 100,000 tokens for identical prompts because Bolt includes the entire codebase in every request.
One user hit the hard limit: “prompt is too long: 200000 tokens > 199999 maximum.” Their project became unusable because the context size exceeded what the AI could process.
Bolt charges tokens even when the AI fails. There’s no refund when it generates broken code. The “Attempt Fix” button is financially dangerous – each click costs tokens whether it works or not.
According to Bolt’s documentation, context size directly impacts token consumption. Every file in your project gets sent with every prompt unless you explicitly exclude it.
Use .boltignore files aggressively:
.boltignore file in your project rootFor debugging loops:
When you’ve spent more than 1 million tokens on a single feature without success, stop. Export the code and bring in a developer. Continuing the loop just wastes money.
Authentication should be solved, but it’s the biggest technical blocker for Bolt users. You reach the point of implementing login and registration, then spend days and millions of tokens, unable to get basic auth working.
Common symptoms:
One Trustpilot user: “After pouring an obscene amount of time and credits, I still don’t have a working user registration and login flow – the most basic, bare-minimum feature.”
Bolt generates a Supabase authentication code but doesn’t properly configure the supporting infrastructure. Common issues:
The AI typically responds by rewriting the entire auth flow, consuming massive tokens without fixing the root cause.
For RLS policy issues:
Open the Supabase dashboard → Authentication → Policies and verify policies actually exist for your tables. Test in SQL editor:
-- This should return data if RLS is working
SELECT * FROM your_table;
If nothing returns, RLS is blocking you.
Quick fix for testing (disable after):
ALTER TABLE your_table_name DISABLE ROW LEVEL SECURITY;
For production, write proper policies:
-- Allow users to read their own data
CREATE POLICY "Users can read own data"
ON your_table FOR SELECT
USING (auth.uid() = user_id);
-- Allow users to insert their own data
CREATE POLICY "Users can insert own data"
ON your_table FOR INSERT
WITH CHECK (auth.uid() = user_id);
For CORS errors:
In the Supabase project settings → API, add your production domain to allowed origins. Include https:// in the URL. Add both yourdomain.com and www.yourdomain.com.
For redirect URL problems:
In Supabase dashboard → Authentication → URL Configuration:
https://yourdomain.com/auth/callback and https://yourdomain.com/Supabase’s authentication documentation provides detailed troubleshooting for redirect and callback issues.
If authentication isn’t working after 3 million tokens or 2 days, stop. Authentication bugs are hard for AI to diagnose because the problem is often in configuration, not code. A developer can usually fix it in 2-4 hours.
Payment integration is where Bolt’s limitations become expensive. The AI generates Stripe code that appears to work in preview, then fails with CORS errors after deployment. Users report spending millions of tokens as Bolt “runs in circles”, unable to diagnose the real problem.
Common failures:
One user: “I added a simple integration for Stripe. I can’t test whether it works in Bolt, so I test once deployed, but I have tried 4 times, and it is still broken.”
Bolt can’t test payment flows within its preview environment. The code looks correct, but has deployment-specific issues:
The AI typically responds by rewriting the integration repeatedly, each time consuming 100k-500k tokens without fixing the underlying deployment configuration.
For CORS errors with Supabase Edge Functions:
Add CORS headers to your Edge Function:
return new Response(JSON.stringify(data), {
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
},
});
For webhook verification:
https://yourdomain.com/api/stripe-webhooksupabase secrets set STRIPE_WEBHOOK_SECRET=whsec_...
For environment variable confusion:
VITE_STRIPE_PUBLISHABLE_KEYSTRIPE_SECRET_KEYFor Stripe Connect OAuth:
In Stripe Dashboard → Connect → Settings, add redirect URI: https://yourdomain.com/auth/stripe/callback. This must match exactly, including https://.
Testing without deployment:
Use Stripe CLI to test webhooks locally:
stripe listen --forward-to localhost:3000/api/stripe-webhook
This gives you a test webhook secret you can use in Bolt’s preview environment.
If Stripe integration has consumed more than 2 million tokens without working, export the code and hire a developer. Payment integrations require testing in production environments that Bolt can’t access. Most developers can implement basic Stripe checkout in 4-8 hours.
Bolt works remarkably well for the first 5-10 components. Then something changes. The AI starts forgetting established patterns, creating duplicate components with slightly different names, and making changes to files you didn’t ask it to modify.
What happens:
UserProfile.tsx when Profile.tsx already existsOne Reddit post captured this: “Tried Bolt.new. Felt Like a God. Then Reality Slapped Me.” The pattern is consistent: initial magic followed by increasing frustration as projects grow.
A Trustpilot reviewer: “The AI works well for projects of roughly 1,000 lines of code or less. Beyond that point, it tends to hallucinate or even tell lies.”
Bolt includes your entire codebase in every prompt. As files accumulate, the AI context window fills up. The model starts to:
The problem compounds because Bolt’s token limit is 200,000 tokens. A project with 20 components and 2,000 lines of code can consume 150,000 tokens just loading context, leaving only 50,000 for the actual response.
Aggressive context management:
Create a .boltignore file in your project root and add all completed components:
# Components that don't need changes
src/components/Header.tsx
src/components/Footer.tsx
src/components/Navigation.tsx
src/utils/helpers.ts
src/config/constants.tsOnly remove items from .boltignore When you specifically need to modify them.
Keep files small:
Use specific prompts:
Export and restart:
If your project has grown beyond 2,000 lines and the AI consistently makes mistakes or breaks working features, it’s time to move to traditional development tools. Bolt isn’t designed for projects this size. A developer can set up a proper Cursor or GitHub Copilot workflow in 1-2 hours.
Your app works perfectly in Bolt’s preview. You deploy it, wait for the build to complete, open the URL, and see a blank white screen. Or the app loads but features that worked in preview now fail silently.
Common issues:
GitHub Issue #499 with 60 comments documents the generic “Deploy Bug: An unknown error occurred” that provides no useful debugging information.
The gap between Bolt’s preview environment and production deployments involves several failure points:
One user described how “every new deployment deploys into another universe” rather than updating the existing site.
For blank screen errors:
Open the browser developer console (F12). Check the Console tab for JavaScript errors and the Network tab for failed requests. Common culprits:
vue-router or react-router-dom in package.jsonAdd missing dependencies:
# If using Vue
npm install vue-router pinia
# If using React
npm install react-router-dom
# Then redeployFor environment variable issues:
In Netlify: Site settings → Build & deploy → Environment. Add all variables from your .env file. Variable names are case-sensitive. Trigger a new deploy after adding variables.
For deployment not updating:
In Netlify: Deploys → Trigger deploy → Clear cache and deploy site. Check that you’re deploying to the correct site (not creating new ones). Verify the domain is pointing to the right deployment.
For domain conflicts:
Go to Netlify → Domain management. Remove the domain from the old deployment. Add it to the current deployment. Wait 1-2 hours for DNS propagation.
If deployment has been broken for more than 24 hours and you’ve tried these fixes, export your code and deploy manually to Vercel or Netlify through their CLI. Or hire a developer for 2-4 hours to diagnose the deployment configuration issue.
The most honest assessment from developers who’ve completed Bolt projects: the tool gets you about 70% of the way there. The remaining 30% requires exactly the development expertise Bolt’s marketing suggests you won’t need.
Error handling:
Security hardening:
Performance optimization:
Production infrastructure:
Mobile deployment:
React Native/Expo code generated but no guidance on iOS/Android signing certificates, app store accounts and submission, push notification setup, or deep linking configuration.
One developer: “Bolt is exceptional for prototyping. But the gap between prototype and production-ready is exactly where it fails. You either learn traditional development or hire someone who knows it.”
Professional services have emerged specifically to “rescue Bolt projects.” Development agencies estimate $5,000-$20,000 for professional finishing to take a Bolt prototype to production. For context, that budget could fund significant traditional development from the start.
A developer will set up proper error monitoring and logging, implement comprehensive error handling throughout the codebase, write security policies that actually protect user data, optimize database queries and implement caching, set up automated testing and CI/CD pipelines, configure proper staging and production environments, implement analytics and user tracking, add performance monitoring, set up automated backups, and handle mobile app store submission if applicable.
Be realistic about what Bolt can do.
Bolt is excellent for:
Bolt cannot replace developers for:
When to bring in professional help:
We’ve taken over 50 Bolt projects at YeasiTech and helped founders cross the 70% wall. The typical engagement: Week 1 – audit the existing code and identify gaps. Week 2-3 – implement proper error handling, security, and performance optimizations. Week 4 – set up production infrastructure, monitoring, and deployment pipelines.
Cost: $2,000-$10,000 depending on complexity. Timeline: 3-4 weeks to production-ready.
Contact YeasiTech if your Bolt project is stuck at the 70% mark and you need professional finishing to launch.
When to stay with Bolt:
If your project is genuinely simple – a landing page, a basic CRUD app for personal use, a prototype to show investors – you can potentially stay within Bolt’s capabilities. Just keep projects under 1,000 lines of code and avoid complex integrations.
Understanding when to stop and bring in a developer can save thousands in wasted tokens and weeks of frustration.
Stop and get help if you’ve spent more than 5 million tokens on your project, the same feature has been “almost working” for more than 3 days, authentication has consumed more than 2 million tokens without success, Stripe payments work in preview but fail after deployment, the AI keeps rewriting working code and breaking things, your app needs to handle real business operations, you’re building anything involving payments or sensitive data, or users will depend on this app for critical workflows.
Production Readiness Audit ($500-$1,000): Review all code for security vulnerabilities, fix authentication and Stripe integration issues, set up proper error handling and monitoring, configure production deployment correctly, implement basic performance optimizations, and provide documentation of what was fixed.
Full Production Migration ($2,000-$15,000): Everything in the audit plus comprehensive error handling throughout codebase, database query optimization and indexing, security hardening (RLS policies, input validation, rate limiting), CI/CD pipeline setup, automated testing framework, staging and production environments, monitoring and analytics integration, and 30 days of post-launch support.
Typical timeline: Audit and fixes take 1 week. Full production migration takes 3-4 weeks.
We’ve completed 50+ Bolt project rescues at YeasiTech. Most apps need 20-40 hours of professional work to go from “deployed but broken” to “actually production-ready.”
Common fixes: Supabase authentication working in production (2-4 hours), Stripe payment integration with webhooks (4-6 hours), database performance optimization (3-5 hours), security policy implementation (3-4 hours), error monitoring setup (2-3 hours), deployment pipeline configuration (2-4 hours).
Bolt charges tokens for every AI response, regardless of whether the generated code works. When the AI enters an error loop, each failed fix attempt consumes tokens. The “Attempt Fix” button is particularly expensive because Bolt includes your entire codebase context with each attempt. Projects with 20+ components can use 100,000-200,000 tokens per attempt. Stop after 2-3 failed attempts and either export the code or ask for help rather than letting the AI loop indefinitely.
If authentication issues are configuration-related (wrong redirect URLs, missing RLS policies, CORS errors), a developer can usually fix them in 2-4 hours. If the entire auth implementation is architecturally wrong, it takes 6-10 hours to rebuild properly. The challenge is that Bolt’s AI often generates code that looks correct but has subtle configuration issues that are hard to diagnose. If you’ve spent more than 3 million tokens trying to fix auth without success, hiring a developer for 4 hours will likely cost less than continuing to debug through Bolt.
Bolt can generate apps that technically work in production, but they typically lack the infrastructure needed for reliability. Generated apps don’t include error monitoring, performance optimization, proper security policies, automated backups, or CI/CD pipelines. For 10-50 users doing non-critical tasks, Bolt apps can work. For 500+ users, business-critical operations, or anything involving payments, you need professional finishing. The 70% rule applies: Bolt gets you 70% there, the remaining 30% requires traditional development expertise.
Bolt’s preview environment doesn’t enforce CORS policies or webhook verification that production requires. The AI generates Stripe integration code that calls the API successfully in preview, but that same code fails in production because of missing CORS headers on Supabase Edge Functions, webhook signing secret verification, or environment variable configuration. You can’t properly test payment flows within Bolt’s preview, so integration bugs only appear after deployment. Most Stripe issues require 4-8 hours of developer time to configure correctly for production.
Stop when you’ve spent more than 5 million tokens on a single project, when the same feature hasn’t worked for 3+ days despite multiple attempts, when your app needs to handle payments or sensitive data, or when you realize you’re spending more on tokens than hiring a developer would cost. A good rule: if fixing a problem through Bolt would cost more than $500 in tokens, hire a developer instead. Authentication, Stripe integration, and performance optimization are typically cheaper to fix professionally than through AI trial-and-error.
Bolt.new delivers genuine value for prototyping and proving concepts quickly. The ability to generate working apps through conversation is real, and for small projects under 1,000 lines of code, it can be effective.
But the seven problems in this guide represent the consistent friction points when moving from prototype to production. Token consumption spirals during debugging. Authentication implementations that look correct fail in production. Stripe integrations work in preview but break after deployment. AI context degrades as projects grow. Code quality suffers from aggressive rewrites. And there’s a real 70% wall where projects need professional finishing.
The pattern across hundreds of user reviews is clear: Bolt works until it doesn’t, and when it stops working, continuing to debug through the AI often costs more than hiring a developer would.
If you’re early in your Bolt project:
Use .boltignore files aggressively from the start. Keep components small (under 200 lines each). Export your code regularly as backups. Stop debugging loops after 2-3 failed attempts. Budget for professional finishing if building anything production-critical.
If you’re stuck right now:
Try the specific fixes in this guide for your problem. If you’ve spent more than 2 days or 3 million tokens on the same issue, stop. Export your code and either debug manually or hire a developer. Authentication, Stripe, and deployment configuration are usually faster to fix professionally.
If you need your app in production:
YeasiTech has helped over 50 founders cross the 70% wall with their Bolt projects. We’ve seen every variation of these seven problems and know how to fix them properly.
Schedule a free 30-minute project review to discuss whether your Bolt app is ready for professional finishing, or check out our complete guide to AI-built app production readiness.
Your app is closer to launch than you think. These problems are frustrating but predictable, and each has a solution that doesn’t involve spending millions more tokens hoping the AI figures it out.
YeasiTech is a trusted IT service partner with 8+ years of experience, empowering 250+ businesses with scalable web, mobile and AI solutions.
Explore related topics to broaden your understanding and gain actionable insights that can transform your strategies.
