afterbuild/ops
ERR-559/stack trace
ERR-559
Bolt.new Works in Preview but Broken on Netlify/Vercel? 3 Fixes (2026)

Bolt.new Works in Preview but Broken on Netlify/Vercel? 3 Fixes (2026)

Last updated 15 April 2026 · 8 min read · By Hyder Shah
Emergency triage — $299Free diagnostic
Direct answer

Bolt.new apps break in production for three reasons: env vars not propagated to the host, Netlify/Vercel build config mismatch, and webhook/OAuth URLs still pointing at the StackBlitz preview. Users put it bluntly: “every new deployment deploys into another universe rather than updating the existing site.” Fix below.

Quick fix for Bolt.new Works in Preview but Broken

Start here

Fix 1 — Propagate every env var to your host

In Bolt, open .env. Copy every VITE_* and server-side key.

On Netlify: Site settings → Environment variables → Add variable. On Vercel: Project → Settings → Environment Variables, scoped to Production. Use production Supabase, production Stripe keys, production Resend keys — never the preview values.

Trigger a fresh deploy (don’t just clear cache — re-run the build). Hard-refresh the production URL.

Deeper fixes when the quick fix fails

  1. 02

    Fix 2 — Align build config with your host

    For a Vite + React Bolt project, Netlify/Vercel need:

    • Build command: npm run build
    • Publish directory: dist
    • Node version: pin via .nvmrc (Node 20)
    • SPA routing: add public/_redirects with /* /index.html 200 (Netlify) or vercel.json rewrite (Vercel)

    If assets 404, check vite.config.ts base. It should be '/' for a root-domain deploy.

  2. 03

    Fix 3 — Repoint every webhook and OAuth redirect

    Go through the third-party services the app touches and replace every StackBlitz URL with your production domain:

    • Stripe Dashboard → Webhooks: delete preview endpoint, add https://yourapp.com/api/stripe-webhook, copy the new whsec_ into host env.
    • Supabase → Authentication → URL Configuration: set Site URL, add redirect variants.
    • Google Cloud Console: add production domain to Authorized redirect URIs.
    • Any OpenAI / Resend / Postmark webhook: same treatment.

Still broken after all three?

You’re in the uncommon 15%. Check:

  • CORS on a custom serverless function
  • Build cache holding stale bundle — clear cache and redeploy
  • DNS not propagated — verify with dig yourapp.com

Why AI-built apps hit Bolt.new Works in Preview but Broken

Bolt.new runs in a StackBlitz WebContainer — a sandbox that auto-wires Supabase, auto-injects env vars, and runs with permissive CORS. Your production host does none of that. Each publish creates a fresh Netlify or Vercel deployment with its own env scope, its own build log, and its own cache.

Industry benchmarks put AI-code vulnerability rates close to half (see our 2026 research). The Bolt preview masks these because it runs inside a trusted sandbox. Production is the first time real browsers, real DNS, and real users meet your code.

Every new deployment deploys into another universe rather than updating the existing site.
Bolt.new user, Reddit

Diagnose Bolt.new Works in Preview but Broken by failure mode

Open the production URL in an incognito window, open DevTools, and match the error pattern to the table before you change anything.

Error you seeRoot causeFix
Blank page, console: supabaseUrl is undefinedEnv vars missing on Netlify/VercelFix #1
404 on routes that work in previewSPA redirect missing; wrong publish directoryFix #2
Stripe/auth callbacks go to StackBlitz URLWebhook URLs not repointedFix #3
CSS missing; assets 404Wrong base path in vite.config.tsFix #2

Related errors we fix

Still stuck with Bolt.new Works in Preview but Broken?

Emergency triage · $299 · 48h turnaround
We restore service and write the root-cause report.

If the three fixes aren’t cutting it, a fixed-price fix ships in days:

  • You've been stuck for >4 hours
  • Each Bolt publish creates a new Netlify site
  • You have paying users on the broken deploy
  • Stripe webhooks aren't landing in production
start the triage →
Free Rescue Diagnostic
$0
30-min call, we tell you what's wrong
Emergency Triage
$299 · 48h
Single-bug root-cause fix
Deployment & Launch
From $1,999
Full productionization + monitoring
Integration Fix
$799
Stripe, auth, domain, webhooks

Bolt.new Works in Preview but Broken questions

Why does Bolt.new work in preview but break on Netlify?+
Bolt.new runs inside a StackBlitz WebContainer that auto-wires env vars, CORS, and Supabase credentials. Netlify does none of that. The moment you deploy, those conveniences disappear and every previously-implicit value has to be explicitly set on the host. 85% of production failures are env vars, build config, or webhook URLs still pointing at the preview.
How do I deploy a Bolt.new Vite app to Netlify?+
Build command: npm run build. Publish directory: dist. Pin Node 20 via .nvmrc. Add public/_redirects with /* /index.html 200 for SPA routing. Copy every VITE_* variable from your Bolt .env into Netlify Site settings → Environment variables, using production values. Trigger a fresh deploy and hard-refresh.
Why do my Bolt.new environment variables not work in production?+
Vite only exposes variables prefixed with VITE_ to the browser bundle. If your production build log shows undefined references to a VITE_* key, the variable isn't set in Netlify/Vercel environment scope. Server-side keys (Stripe secret, service role) should NEVER be prefixed VITE_ — they go in server runtime env only.
What does 'every new deployment deploys into another universe' mean?+
Users describe this when Bolt.new's publish button creates a fresh Netlify or Vercel site instead of updating the existing one. Cause: Bolt's Netlify integration isn't reliably bound to a single site ID. Fix: connect your GitHub repo to Netlify/Vercel manually and deploy on push. Bolt becomes the editor, GitHub becomes the source of truth.
How do I connect Bolt.new to an existing Netlify site?+
Don't use Bolt's built-in publish. Push your Bolt project to GitHub. In Netlify, create a new site from Git and point it at the repo. Every future git push auto-deploys to the same site. You can still edit in Bolt — you just commit and push instead of clicking publish.
Is my Bolt.new production deploy secure?+
Not by default. Industry benchmarks put AI-code vulnerability rates close to half (see our 2026 research). The common Bolt production gaps are: Supabase RLS disabled, Stripe webhook signature verification skipped, service role keys accidentally exposed to the browser bundle, and CORS set to wildcard. A 48-hour security audit before launch catches these; assume your current deploy has at least one.
Next step

Ship the fix. Keep the fix.

Emergency Triage restores service in 48 hours. Break the Fix Loop rebuilds CI so this error cannot ship again.

Emergency triage — $299Free diagnostic
About the author

Hyder Shah leads Afterbuild Labs, shipping production rescues for apps built in Lovable, Bolt.new, Cursor, Replit, v0, and Base44. our rescue methodology.

Bolt.new Works in Preview but Broken experts

If this problem keeps coming back, you probably need ongoing expertise in the underlying stack.

Sources