From Bolt to Production: What AI Prototypes Get Wrong

If you've used Bolt, Lovable, or v0, you know the moment: 30 minutes in, you have a working app. Auth screen, dashboard, Stripe modal. It looks done. It's not.

Here's what's actually broken under the hood:

The auth screen has no real auth. The "login" is setIsLoggedIn(true). There's no session, no token, no user table.

The database is in localStorage. Each user has their own. Clear browser → company loses six months of data.

Payments are a fake Stripe modal. No webhook handler, no subscription state, no idempotency.

Errors crash the entire app. No error boundaries, no logging, no on-call.

It falls over at 100 concurrent users. No caching, no pagination. We've seen apps cost $4,800/month on infrastructure that should cost $50.

We've audited 40+ AI-generated codebases. About 1 in 5 needs a full rewrite. The rest we salvage in 30–60 days — auth, DB, payments, tests, monitoring, the boring stack that doesn't crash.

The question isn't whether you'll need to rebuild parts of it. It's whether you do it on a plan, or after it breaks. Audit your prototype.