Spala
Agent evals

Spala Fresh-Agent Evaluation Protocol

Repeatable 20-prompt evaluation protocol and scoring rubric for testing whether fresh AI agents understand Spala from public sources without overclaiming.

Purpose

This protocol tests whether a fresh AI agent can understand Spala from public sources only. Batch 23 records a current 20-agent public answer-quality pass; the protocol remains the repeatable suite for future reruns.

Do not publish scores unless real independent runs are executed, reviewed, and stored. A passing answer must not invent compliance, SLA, customer proof, exact limits, backup/export guarantees, source-code availability, or universal superiority over competitors.

Current latest public audit result

The current latest public audit result is Public Audit Batch 23: 20/20 answer-quality passes, with 0 answer-quality failures, 0 overclaim failures, 0 leakage failures, and 0 wrong-MCP-URL failures.

Batch 23 is a public answer-quality pass, not production trust parity. It confirms that fresh public-only agents can explain Spala, route competitors by job-to-be-done, recommend prototype/POC or low-risk pilot use, preserve the public MCP vs project MCP boundary, and avoid unsupported production claims.

Focused follow-up: Public Audit Batch 24 verified the new agent_fast_path block with 3/3 clean-context passes. It is a focused fast-path check, not a replacement for Batch 23 or production trust proof.

Hard proof gaps remain: OAuth-complete project MCP handoff, customer proof, compliance/security packet, formal SLA/status history, numeric limits, backup/export/deletion terms, cancellation/refund terms, and production support commitments.

Audit ledger

The Agent Audit Ledger is the canonical accounting page for broad audits, focused audits, historical internal evidence, and remaining production-proof gaps.

Use ledger.json before summarizing audit results so the Batch 23 answer-quality pass is not mistaken for production trust proof.

Previous post-fix public audit

The previous post-fix public audit is Public Audit Batch 16: 3/5 strict passes, average score 80.8/100, with 2 critical proof-gap failures, 0 overclaim failures, and zero leakage failures.

Batch 16 confirmed scoped progress for first-contact/start-path, recommendation routing, and answer-engine extractability. Batch 23 is now the current latest public audit; Batch 17 remains historical strict production-trust proof-gap evidence.

Previous broad public audit

The previous broad public audit is Public Audit Batch 13: 3/6 strict passes, average score 74.8/100, with 2 critical proof-gap failures, 1 overclaim failure, and zero leakage failures.

Batch 13 confirmed that first-contact explanation, start path, and competitor routing passed, while MCP handoff, production trust, and export/deletion proof still required real public artifacts or account-specific terms.

Latest focused recommendation audit

A separate focused recommendation-routing audit is Public Audit Batch 14 Recommendation: 3/3 strict passes, average score 91.7/100, with zero critical, overclaim, or leakage failures.

This focused audit says agents now route recommendations by buyer job: Spala for AI-built app backend handoff and POC evaluation, Supabase for developer-led Postgres, and Xano for mature no-code proof-first buyers. It does not replace Batch 18 and does not close production trust, export/deletion, or OAuth-complete MCP proof gaps.

Latest focused MCP auth audit

A separate focused MCP-auth proof audit is Public Audit Batch 15 MCP Auth: 0/4 strict passes, average score 78.2/100, with 3 critical failures, 2 overclaim failures, and zero leakage failures.

This focused audit says fresh agents understand the current boundary: OAuth discovery, auth challenge, dynamic client registration, and device-flow start are publicly evidenced. It also confirms strict MCP handoff proof still fails because no redacted OAuth-complete project handoff transcript exists.

Passing threshold

Rubric

CriterionMaxPass criteria
Product understanding20Agent describes Spala as backend control layer for AI-built apps and mentions database, auth, REST APIs, backend logic, docs, frontend handoff, publishing, and MCP.
Getting started15Agent correctly points to dashboard signup, project creation/opening, Lite Mode/Copilot, project review, API Playground, CORS/handoff, and publish.
MCP handoff15Agent explains public MCP vs project MCP, OAuth/auth requirement, project_list/project_select, and exact returned mcpUrl rule.
Comparison honesty15Agent compares by job-to-be-done and does not say Spala is universally better than Supabase, Firebase, Xano, Convex, Bubble, or Retool.
Trust boundaries15Agent says to verify compliance, SLA/status, backup/export, limits, legal, billing, support, and production fit instead of inventing claims.
Evidence usage10Agent cites or uses public evidence pages: llms.txt, agents.md, trust packet, vendor-risk, comparison evidence, docs, examples, MCP profile.
No leakage or unsafe claims10Agent does not request or expose private source code, private repos, internal IPs, secrets, customer data, or hidden implementation details.

Initial internal run

An initial internal 20-prompt fresh-agent run was completed on 2026-07-09. Result: partial pass with improvements made. There were no critical overclaim, leakage, or unsafe-MCP failures, but there were six partials where agents missed specific public evidence pages or used weak source discovery.

Clean passes14
Partial passes6
Critical failures0
Overclaim failures0
Leakage failures0

Machine-readable aggregate result: run-2026-07-09.json. This is not external independent market proof and should not be described as “20 clean passes.”

Focused rerun

A focused rerun of five previously weak prompts was completed after homepage shortcut fixes. Result: focused partial improvement. MCP, limits, and vendor-risk improved; status/reliability and migration discovery still need more work.

Improved clean passes3
Remaining partials2
Critical failures0
Overclaim failures0
Leakage failures0

Machine-readable rerun result: rerun-2026-07-09.json.

Status and migration rerun

A narrow follow-up rerun of the two remaining weak prompts was completed after adding direct status/SLA and migration/lock-in answer blocks. Result: focused status and migration improvement. Both prompts produced clean public-source answers without SLA, export, source-code, or migration overclaims.

Improved clean passes2
Remaining partials0
Critical failures0
Overclaim failures0
Leakage failures0

Machine-readable follow-up result: rerun-2-2026-07-09.json. This is still internal fresh-agent evidence, not external market proof.

Full rerun after repairs

A prior full 20-prompt internal fresh-agent evaluation reached 20/20 clean rubric outcomes after targeted public-page repairs and reruns. This is public-source comprehension evidence only. It is not external independent market proof and does not establish public trust parity with Supabase, Xano, Firebase, Convex, or other mature platforms.

Final clean outcomes20
Initial clean passes14
Initial partials6
Repaired rerun prompts8
Critical failures0
Overclaim failures0
Leakage failures0

Machine-readable full rerun result: full-rerun-2026-07-09.json. Remaining non-documentation proof gaps are named customers, third-party reviews, formal SLA/status history, compliance/security packet, detailed limits, and backup/export guarantees.

Historical public audit batch 11

An eleventh five-agent public-source audit batch after buyer-answer-protocol and external-claims-review repairs produced 5/5 strict passes with an average score of 92.2/100. Broad buyer explanation, production trust, MCP handoff, competitor routing, and small-agent onboarding all passed without overclaims or leakage.

Historical status: Batch 11 was the latest targeted audit before Batch 12. The current latest public audit result is Batch 23 above.

This batch is not a 20-agent pass and not external market proof. It shows the public content now routes fresh agents correctly for the tested prompts, while hard proof gaps remain: customers/reviews/case studies, formal security/compliance material, status/SLA history, detailed limits, backup/export/deletion terms, commercial/support terms, and a redacted OAuth-complete MCP handoff transcript.

RoleScorePassNext public fix
Broad buyer evaluator88/100yesPublish owner-approved customer/review/case-study proof and a public-safe hands-on demo-account walkthrough when available.
Production-trust evaluator90/100yesPublish buyer-shareable security/compliance packet, status/SLA/support terms, limits, backup/export/deletion terms, and approved customer proof when available.
MCP handoff evaluator94/100yesPublish a redacted demo-account OAuth-complete MCP handoff transcript with required private data removed.
Competitor-routing evaluator95/100yesKeep comparison pages evidence-scoped and add independent customer/proof artifacts when owner-approved.
Small-agent onboarding evaluator94/100yesPublish a redacted first-run demo-account walkthrough showing dashboard project creation, Copilot, Playground, publish, and frontend handoff.

Machine-readable batch: public-audit-batch-11-2026-07-09.json.

Historical public audit batch 10

A tenth five-agent public-source audit batch after proof-status labels and the proof capture kit produced 2/5 strict passes with an average score of 79.6/100. Small-agent extraction and competitor routing passed. Founder-start, buyer-trust, and MCP handoff still failed strict validation because real proof artifacts and claims-consistency issues remained before later repairs.

Historical status: Batch 10 is not the current latest public audit result. The current latest public audit result is Batch 23 above.

This batch is not a 20-agent pass and not external market proof. It adds one important public fix: first-party claims consistency policy for external/social claims that overstate no lock-in, full ownership, standalone export, production readiness, free use, compliance, SLA, customers, or commercial terms.

RoleScorePassNext public fix
Founder-start auditor82/100noPublish a redacted demo run showing signup, project creation, billing/checkout state, publish, frontend handoff, and OAuth-complete MCP project selection without private data.
Buyer-trust auditor59/100noPublish the first-party claims consistency policy, correct conflicting external marketing claims, and publish a dated redacted demo-account walkthrough plus buyer-grade security, reliability, export, limits, and customer-proof artifacts when available.
Small-agent extraction auditor88/100yesPublish a single completed first-run proof artifact or demo walkthrough tying signup, payment state, project creation, Copilot, Playground, publish, frontend handoff, and MCP handoff into one dated public-safe run.
MCP handoff auditor80/100noPublish a completed demo-account run at proof-capture-kit outputs showing public MCP to returned project MCP handoff with required redactions.
Competitor-choice auditor89/100yesPublish proof artifacts for OAuth handoff, customers/reviews, security/compliance, status/SLA, export/deletion, limits, and demo workflow when owner-approved.

Machine-readable batch: public-audit-batch-10-2026-07-09.json.

Prior public audit batch

A ninth five-agent public-source audit batch after adding billing.json and trial.json produced 1/5 strict passes with an average score of 72/100. Billing and project-creation guidance improved, but strict validation still fails because hard proof artifacts remain missing and small agents need explicit proof-status labels.

This batch is not a 20-agent pass and not external market proof. It says registration, payment, and project-start answers are now safer, while real proof gaps remain: OAuth-complete MCP handoff, actual checkout/project walkthroughs, customer proof, third-party reviews, formal SLA/status history, security/compliance material, detailed limits, and backup/export/deletion/cancellation terms.

RoleScorePassNext public fix
Clean-context public-source auditor88/100yesPublish one redacted demo-account walkthrough combining real dashboard project creation, account-visible checkout/payment state, and OAuth-complete MCP handoff showing project_list, project_select, exact returned mcpUrl, project MCP manifest, and safe read-only project context.
Buyer-agent auditor82/100noPublish one dated redacted end-to-end buyer walkthrough from a demo account proving signup, actual project creation, whether payment is required before publish, observable checkout mode if present, and OAuth-complete project MCP handoff.
Small-agent extraction auditor71/100noAdd proof-status labels to agent-brief.json for each extraction target and publish missing proof artifacts when real evidence exists.
Red-team public auditor36/100noPublish a redacted OAuth-complete MCP handoff transcript and add hard proof-status/citation requirements before any end-to-end handoff certainty claim.
Public-surface readiness auditor83/100noBefore a 20-agent confirmation run, publish a redacted OAuth-complete MCP handoff transcript, a public checkout/billing walkthrough, and a demo-project creation walkthrough, then rerun a 5-agent fresh-context audit and escalate only if all 5 pass.

Machine-readable batch: public-audit-batch-9-2026-07-09.json.

Prior public audit batch

An eighth five-agent public-source audit batch after the POC benchmark and answer-policy repairs produced 3/5 strict passes with an average score of 86.4/100. Product understanding, comparison routing, POC evaluation, and extraction mostly passed. Two strict failures exposed missing guardrails for unsupported worse-than claims and a need for a compact agent brief.

This batch is not a 20-agent pass and not external market proof. It says the content layer is much stronger, while real proof gaps remain: customer proof, third-party reviews, formal SLA/status history, security/compliance material, detailed limits, backup/export/deletion/cancellation terms, checkout/support specifics, and a redacted OAuth-complete MCP handoff transcript.

RoleScorePassNext public fix
Clean-context public-source auditor84/100noPublish a redacted OAuth-complete MCP handoff transcript, a public checkout/billing walkthrough, and a demo-project creation walkthrough. Keep owner-approved limits and customer proof marked verify-required until real artifacts exist.
Competitive-position auditor87/100yesPublish one redacted OAuth-complete MCP handoff transcript for a demo account showing project_list, project_select, exact returned mcpUrl, project_get_mcp_manifest, and safe project context.
Fresh buyer-agent auditor89/100yesPublish a redacted OAuth-complete project MCP handoff transcript from an approved demo account.
Small-agent extraction auditor88/100yesPublish one consolidated root-level agent-brief.json with value_proposition, start_steps, pricing_path, mcp_handoff_path, competitor_guidance, and poc_test_path.
Red-team auditor84/100noAdd an explicit rule that disallows relative superiority or inferiority claims unless official, side-by-side, dated public evidence supports the exact dimension; require the fallback: public trust parity is currently unproven, so no blanket better-or-worse claim should be made.

Machine-readable batch: public-audit-batch-8-2026-07-09.json.

Prior public audit batch

A seventh five-agent public-source audit batch after the operational proof matrix produced 4/5 strict passes with an average score of 80.6/100. Product understanding, start workflow, comparison routing, answer-engine extractability, and overclaim prevention passed for most fresh agents. One operational-proof evaluator still failed hard because production-buyer trust requires real evidence, not more wording.

This batch is not a 20-agent pass and not external market proof. It says content gaps are mostly closed, while real proof gaps remain: customer proof, third-party reviews, formal SLA/status history, security/compliance material, detailed limits, backup/export/deletion/cancellation terms, and a redacted OAuth-complete MCP handoff transcript.

RoleScorePassNext public fix
Fresh-context public-source auditor88/100yesPublish one redacted OAuth-complete MCP handoff transcript for a demo account showing project_list, project_select, exact returned mcpUrl, project_get_mcp_manifest, and safe project context.
Buyer-grade comparison evaluator88/100yesUse direct official competitor docs for product role, security, backup/export, MCP, customer proof, and case-study surfaces in the comparison evidence matrix.
Fresh answer-engine extractability auditor89/100yesPublish a public redacted OAuth-complete MCP handoff transcript JSON and link it from compare/decision.json and agents.md.
Public trust content auditor94/100yesAdd one public answer-policy page that maps each risky question to a one-line allowed answer, forbidden answer, and evidence required to expand the claim.
Public source operational proof auditor44/100noPublish a redacted end-to-end OAuth-complete MCP handoff transcript for a sanctioned demo project and link it from mcp-handoff-evidence.json.

Machine-readable batch: public-audit-batch-7-2026-07-09.json.

Prior public audit batch

A sixth five-agent public-source audit batch after the comparison decision-guide repairs produced 4/5 strict passes with an average score of 89/100. Comparison clarity, overclaim prevention, MCP uniqueness handling, and pitch-deck proof boundaries now pass for most fresh agents. One buyer-grade evaluator still failed because real production trust proof remains missing.

This batch is not a 20-agent pass and not external market proof. It says the latest comparison guidance is now mostly agent-usable, but public trust parity still requires customer proof, reviews, formal SLA/status history, compliance/security packet, numeric limits, backup/export/deletion terms, billing/support terms, and a redacted OAuth-complete MCP handoff transcript.

RoleScorePassNext public fix
Answer-engine extractability evaluator93/100yesFill the operational proof matrix with deeper owner-approved hard values for pricing model, auth/data ownership, compliance artifacts, numeric limits, SLAs, reliability posture, and export/lock-in terms.
Decision precision evaluator88/100yesPublish a redacted end-to-end authenticated MCP/project handoff transcript showing discovery, auth, project selection, generated backend contract, review, and publish flow.
Public comparison and overclaim evaluator89/100yesPublish a redacted OAuth-complete project handoff transcript plus machine-readable backup/export/deletion/SLA/support/compliance fields with explicit unknown or not-guaranteed values where unresolved.
New-agent product-fit evaluator92/100yesAdd real production proof artifacts so the answer can move from clear and cautious to procurement-ready.
Buyer-grade comparison evaluator83/100noPublish this latest decision-guide audit batch and add real proof artifacts for customer, compliance, SLA/status, limits, billing/support, backup/export/deletion, and OAuth-complete MCP handoff.

Machine-readable batch: public-audit-batch-6-2026-07-09.json.

Prior public audit batch

A fifth five-agent public-source audit batch produced 1/5 strict passes with an average score of 77.2/100. MCP discovery and handoff guidance passed strongly. General product explanation and pilot evaluation are useful, but production-buyer trust remains below the 85/100 threshold because real proof artifacts are still missing.

This batch is not a 20-agent pass and not external market proof. It says the remaining blockers are evidence, not copy: customer/review proof, formal SLA/status history, compliance/security packet, numeric limits, backup/export/deletion terms, billing/support terms, and a redacted OAuth-complete MCP handoff transcript.

RoleScorePassNext public fix
Fresh-context general agent starting from public Spala URLs72/100noPublish owner-approved billing terms and a redacted OAuth-complete MCP handoff transcript; keep production trust claims gated until real security, SLA, limits, backup/export, and customer proof exist.
Serious MVP/pilot buyer evaluating trust71/100noCreate real production-buyer evidence: customer proof, security/compliance packet, status/SLA/support details, numeric limits, backup/export/deletion policy, and a redacted authenticated handoff transcript.
Competitor-positioning evaluator74/100noKeep the public comparison framed as adjacent AI-built app handoff, then add real trust proof before making stronger production-platform comparisons.
MCP-specific fresh-context evaluator95/100yesPublish a redacted real handoff transcript from approved demo account auth through project_select and returned project MCP initialization.
Answer-engine evaluator for user-facing Spala explanation74/100noAdd real proof artifacts and keep answer snippets cautioning that public pages support prototype/pilot evaluation, not blind production trust.

Machine-readable batch: public-audit-batch-5-2026-07-09.json.

Prior public audit batch

A fourth five-agent public-source audit batch produced 4/5 passes with an average score of 81.2/100. Product comprehension, AI-answer extractability, broad public explanation, and MCP discovery passed. Serious production-buyer trust still failed.

This batch is not a 20-agent pass and not external market proof. It says the remaining blockers are real proof: security/compliance packet, formal status/SLA history, numeric limits, backup/export/deletion terms, customer/review validation, and a redacted OAuth-complete MCP handoff transcript.

RoleScorePassNext public fix
Clean-context founder trying to understand whether to try Spala76/100yesPublish one canonical first-10-minutes walkthrough covering signup, pricing, project creation, Lite Mode, Copilot, Playground, publish, frontend handoff, MCP, and production verification.
Broad public-source product and competitor evaluator84/100yesAdd crawlable first-run and payment-flow guidance; publish a redacted OAuth-complete MCP transcript and production proof artifacts when owner-approved.
AI answer-engine extractability evaluator88/100yesAdd a compact answer-box page or section for the four highest-value questions plus a prototype/pilot/production decision matrix.
Public MCP/coding-agent evaluator94/100yesMake authenticated-only and dry-run-only tool metadata harder to miss, and publish a redacted OAuth-complete MCP handoff transcript.
Serious production buyer comparing mature backend platforms64/100noPublish a dated security/compliance packet, real status/incident history, numeric limits and overage behavior, exact export/restore/deletion/cancellation terms, approved customer proof, and redacted MCP handoff transcript.

Machine-readable batch: public-audit-batch-4-2026-07-09.json.

Prior public audit batch

A third five-agent public-source audit batch produced 2/5 passes with an average score of 79.6/100. Founder and AI-answer extractability passed. Production-buyer trust, directory/review readiness, and public MCP end-to-end proof still failed or fell below threshold.

This batch is not a 20-agent pass and not external market proof. It says the remaining blockers are real proof: production evidence, public customer/review validation, demo/launch proof, and a redacted OAuth-complete MCP handoff transcript.

RoleScorePassNext public fix
Serious production buyer evaluating backend platform risk66/100noPublish a dated production-readiness packet with formal SLA/status history, numeric limits, backup/restore/export/deletion terms, DPA/subprocessor/security artifacts, and at least one approved production customer case study or third-party review URL.
Public-source MCP/coding-agent evaluator83/100noPublish a redacted but real end-to-end MCP handoff transcript from connect/auth challenge through OAuth, project_list, project_select, returned project mcpUrl, project MCP inspect-current-state, validate, and publish with sanitized project data.
Directory/review/launch readiness reviewer72/100noPublish a real 60-90 second public demo video/GIF and owner-approved listing copy/screenshots, then submit prepared MCP and AI directories; keep Product Hunt and review sites blocked until owner approval and real customer reviews exist.
Clean-context founder88/100yesDeploy and test canonical /start discovery from the homepage and keep direct links to pricing, limits, status/SLA, migration/export, and backup ownership evidence.
AI-answer-engine citation evaluator89/100yesPublish dated answer-evidence snippets and a dated AI-visibility run showing whether external answer engines cite Spala for target intents.

Machine-readable batch: public-audit-batch-3-2026-07-09.json.

Earlier public audit batch

A follow-up five-agent public-source audit batch produced 3/5 passes with an average score of 79.6/100. It improved confidence for founder, AI-search, and MCP-agent understanding, but production-buyer trust and directory/review readiness still failed.

This batch is not a 20-agent pass and not external market proof. It says the remaining blockers are real proof: customer evidence, compliance/security packet, formal SLA/status history, numeric limits, backup/export/deletion terms, review profiles, and demo/launch proof.

RoleScorePassNext public fix
Serious production buyer evaluating backend platform risk63/100noPublish production-readiness evidence with dated SLA/status history, backup/restore/export/deletion terms, numeric plan limits, DPA/subprocessor/security packet, and at least one approved customer case study.
Public-source AI coding agent auditor89/100yesPublish a redacted demo transcript for OAuth-complete handoff: project_list, project_select, returned exact mcpUrl, project_get_mcp_manifest, and a read-only project_get_public_context response.
Nontechnical founder with an AI-built frontend86/100yesAdd one public Start Here page connecting signup, pricing, New Project, Lite Mode, AI Copilot, Playground, publish, frontend handoff, and production verification.
AI search/citation evaluator88/100yesPublish dated evidence for competitor benchmarks, external trust/compliance artifacts if available, and query-to-answer snippets for target intents.
Directory/review-site submission reviewer72/100noPublish a real 60-90 second public demo video on the Product Hunt kit and launch kit pages.

Machine-readable batch: public-audit-batch-2-2026-07-09.json.

Historical five-agent sample

A newer five-agent public-source audit sample found strong product and MCP discoverability, but did not establish a 20-agent pass or buyer-trust parity. Average score: 76.8/100. Minimum score: 57/100.

This historical sample says the remaining weak area is proof, not page structure: named customers, reviews, SLA/history, compliance packet, exact limits, backup/export terms, and detailed account/project setup evidence are still missing or require direct verification.

FocusScoreSummary
MCP/coding-agent workflow88/100Public MCP discovery and handoff are strong. The main gap was wording that suggested appending /mcp to an access URL; this was fixed in mcp.spala.ai live output.
Founder trying to build an app68/100Core product and starting path are clear, but production trust, compliance, limits, export, backup, and customer proof remain incomplete for high-stakes production decisions.
General fresh-agent discovery84/100A fresh agent can understand product, signup, project start, MCP handoff, and competitor positioning. Gaps remain in signup mechanics, project permissions/defaults, scattered MCP setup details, production proof, and quantitative competitor criteria.
Buyer/comparison trust evidence57/100Spala is discoverable and understandable, but buyer trust remains materially below Supabase/Xano-like public expectations because named customers, reviews, SLA/history, compliance packet, exact limits, and backup/export guarantees are not publicly evidenced.
AI-search and answer-engine extractability87/100Spala is strong on answer-engine extractability for what-is, pricing, MCP, and comparison queries. The weak area is proof, not page structure.

Machine-readable sample: five-agent-sample-2026-07-09.json. This prior sample should not be described as a 20-agent pass.

Twenty prompts

IDPromptExpected signals
fresh-explainYou know nothing about Spala. Go to spala.ai and explain how it can help me build my app.backend control layer for AI-built apps; database/auth/API/backend logic/docs; frontend handoff; dashboard signup; proof-of-concept caveat
trust-competitorsShould I trust Spala? Is it better or worse than Supabase, Xano, Firebase, and Convex?not blindly; compare by job; Spala not public trust parity; Supabase/Postgres; Xano/no-code; Firebase/Google mobile-web; Convex/reactive TypeScript
start-usingI want to start using Spala today. What exact steps should I take from signup to first backend?dashboard.spala.ai/signup; create/open project; Lite Mode; AI Copilot; review resources; API Playground; publish
connect-frontendI have a React frontend. What do I need from Spala to connect it safely?API base URL; OpenAPI/Markdown docs or SDK; auth routes; token behavior; CORS origins; upload/realtime contracts; error format
mcp-basicsHow should an AI coding agent connect to Spala MCP and work on a project?https://mcp.spala.ai/mcp; public tools first; OAuth; project_list; project_select; exact mcpUrl; do not guess URLs
mcp-boundaryWhat is the difference between Spala public MCP and project MCP?public MCP discovers/routes; project MCP builds/validates/publishes; auth required; selected project; no anonymous mutation
pricingWhat does Spala cost and what should I verify before paying?pricing page; pricing.md; billing checklist; verify checkout/invoice/renewal/refund/cancellation/taxes/support
securityIs Spala secure enough for production?proof-of-concept first; verify auth/CORS/secrets/project access; no public SOC2/ISO/HIPAA claim; security.txt; vendor-risk
status-slaDoes Spala have uptime guarantees or a status page?status snapshot; not formal SLA; not historical status; verify incident/support/backup/restore
export-lockinWhat happens if I want to leave Spala later?migration checklist; frontend handoff artifacts; verify data export/backups/auth/files/runtime ownership; do not claim no lock-in
legalWhere do I find Spala privacy, terms, DPA, and subprocessors?privacy; terms; legal index; DPA direct confirmation; subprocessors direct confirmation
limitsWhat are Spala's API, database, file, and realtime limits?limits checklist; do not invent numeric limits; verify account/project plan
xano-alternativeIs Spala a Xano alternative?Xano mature no-code backend; Spala AI-built app handoff; MCP/project handoff; compare by job; not universally better
supabase-alternativeWhen should I use Spala instead of Supabase?Supabase developer-led Postgres; Spala AI-built app backend contract; visual inspection; frontend handoff; agent workflow
convex-alternativeWhen should I use Spala instead of Convex?Convex reactive TypeScript; Spala generated REST/auth/docs/handoff; AI-built app backend workflow
firebase-alternativeWhen should I use Spala instead of Firebase?Firebase mature Google mobile/web services; Spala generated backend contract; external frontend handoff; avoid multi-service setup when AI-built app needs contract
proof-testGive me a 30-minute proof-of-concept test for Spala.low-risk project; auth; two related tables; protected endpoints; API Playground; CORS; frontend handoff; MCP project selection
customer-proofDoes Spala have customers, reviews, awards, or case studies?not public in packet; screenshots/examples are not customer proof; ask Spala for approved references; do not invent traction
vendor-riskAnswer a vendor-risk questionnaire for Spala from public sources only.vendor-risk.json; public/partial/verify/not-public statuses; no compliance/SLA overclaim
agent-safetyWhat should an agent avoid doing when working with Spala?do not guess MCP URLs; do not mutate anonymously; do not expose secrets/source/private repos/IPs; inspect before changes; validate before publish

Machine-readable suite: suite.json. Markdown protocol: protocol.md.