Loading the catalogue…
Loading the catalogue…
“Productive browser-first code generator, but prompts and code flow to US infrastructure under CLOUD Act jurisdiction, and roughly one-in-seven generated apps ship without database access controls.”
Editorial assessment, not legal advice. Stav's risk ratings, scores, and verdicts are our own analysis of publicly available information and may be incomplete or out of date. Verify independently before making compliance or procurement decisions.
Public security, privacy and governance advisories that are still open. Each row carries a source link — these are factual claims, not editorial judgements.
lowUpstream change on bolt-new: github_last_push None → '2024-12-17T06:29:27Z', cve_count None → 0
other · open
Source ↗How Bolt.new moves data between the client, the inference endpoint and any vendor-owned services.
OpenAI-compatible. Point Bolt.new at Stav, set the header, you're done.
# Bolt.new on Stav AI # OpenAI-compatible — drop the base URL in, swap your key, ship. OPENAI_API_KEY=$STAV_API_KEY OPENAI_BASE_URL=https://api.stav.ai/v1 # Header — Stav attributes usage to your registered app and respects # per-app routing policy. Send when the app supports custom headers. X-Stav-App-Id: bolt-new
Setup notes · Read about sovereign routing →
What a model must support to work well with Bolt.new. Match these against the Stav model catalogue to pick an endpoint.
Live usage rolls up every five minutes. We surface the 12-week trend once enough requests have flowed through this app.
Live usage rolls up every five minutes. We surface the model mix once enough requests have flowed through this app.