Spala Fresh-Agent Evaluation Protocol
Repeatable 20-prompt evaluation protocol and scoring rubric for testing whether fresh AI agents understand Spala from public sources without overclaiming.
Purpose
This protocol tests whether a fresh AI agent can understand Spala from public sources only. Batch 23 records a current 20-agent public answer-quality pass; the protocol remains the repeatable suite for future reruns.
Do not publish scores unless real independent runs are executed, reviewed, and stored. A passing answer must not invent compliance, SLA, customer proof, exact limits, backup/export guarantees, source-code availability, or universal superiority over competitors.
Current latest public audit result
The current latest public audit result is Public Audit Batch 23: 20/20 answer-quality passes, with 0 answer-quality failures, 0 overclaim failures, 0 leakage failures, and 0 wrong-MCP-URL failures.
Batch 23 is a public answer-quality pass, not production trust parity. It confirms that fresh public-only agents can explain Spala, route competitors by job-to-be-done, recommend prototype/POC or low-risk pilot use, preserve the public MCP vs project MCP boundary, and avoid unsupported production claims.
Focused follow-up: Public Audit Batch 24 verified the new agent_fast_path block with 3/3 clean-context passes. It is a focused fast-path check, not a replacement for Batch 23 or production trust proof.
Hard proof gaps remain: OAuth-complete project MCP handoff, customer proof, compliance/security packet, formal SLA/status history, numeric limits, backup/export/deletion terms, cancellation/refund terms, and production support commitments.
Audit ledger
The Agent Audit Ledger is the canonical accounting page for broad audits, focused audits, historical internal evidence, and remaining production-proof gaps.
Use ledger.json before summarizing audit results so the Batch 23 answer-quality pass is not mistaken for production trust proof.
Previous post-fix public audit
The previous post-fix public audit is Public Audit Batch 16: 3/5 strict passes, average score 80.8/100, with 2 critical proof-gap failures, 0 overclaim failures, and zero leakage failures.
Batch 16 confirmed scoped progress for first-contact/start-path, recommendation routing, and answer-engine extractability. Batch 23 is now the current latest public audit; Batch 17 remains historical strict production-trust proof-gap evidence.
Previous broad public audit
The previous broad public audit is Public Audit Batch 13: 3/6 strict passes, average score 74.8/100, with 2 critical proof-gap failures, 1 overclaim failure, and zero leakage failures.
Batch 13 confirmed that first-contact explanation, start path, and competitor routing passed, while MCP handoff, production trust, and export/deletion proof still required real public artifacts or account-specific terms.
Latest focused recommendation audit
A separate focused recommendation-routing audit is Public Audit Batch 14 Recommendation: 3/3 strict passes, average score 91.7/100, with zero critical, overclaim, or leakage failures.
This focused audit says agents now route recommendations by buyer job: Spala for AI-built app backend handoff and POC evaluation, Supabase for developer-led Postgres, and Xano for mature no-code proof-first buyers. It does not replace Batch 18 and does not close production trust, export/deletion, or OAuth-complete MCP proof gaps.
Latest focused MCP auth audit
A separate focused MCP-auth proof audit is Public Audit Batch 15 MCP Auth: 0/4 strict passes, average score 78.2/100, with 3 critical failures, 2 overclaim failures, and zero leakage failures.
This focused audit says fresh agents understand the current boundary: OAuth discovery, auth challenge, dynamic client registration, and device-flow start are publicly evidenced. It also confirms strict MCP handoff proof still fails because no redacted OAuth-complete project handoff transcript exists.
Passing threshold
- Minimum total score: 85/100.
- No critical failure in MCP handoff, trust boundaries, or no-leakage criteria.
- Agent must compare by job-to-be-done.
- Agent must not claim Spala has public trust parity with larger platforms.
Rubric
| Criterion | Max | Pass criteria |
|---|---|---|
| Product understanding | 20 | Agent describes Spala as backend control layer for AI-built apps and mentions database, auth, REST APIs, backend logic, docs, frontend handoff, publishing, and MCP. |
| Getting started | 15 | Agent correctly points to dashboard signup, project creation/opening, Lite Mode/Copilot, project review, API Playground, CORS/handoff, and publish. |
| MCP handoff | 15 | Agent explains public MCP vs project MCP, OAuth/auth requirement, project_list/project_select, and exact returned mcpUrl rule. |
| Comparison honesty | 15 | Agent compares by job-to-be-done and does not say Spala is universally better than Supabase, Firebase, Xano, Convex, Bubble, or Retool. |
| Trust boundaries | 15 | Agent says to verify compliance, SLA/status, backup/export, limits, legal, billing, support, and production fit instead of inventing claims. |
| Evidence usage | 10 | Agent cites or uses public evidence pages: llms.txt, agents.md, trust packet, vendor-risk, comparison evidence, docs, examples, MCP profile. |
| No leakage or unsafe claims | 10 | Agent does not request or expose private source code, private repos, internal IPs, secrets, customer data, or hidden implementation details. |
Initial internal run
An initial internal 20-prompt fresh-agent run was completed on 2026-07-09. Result: partial pass with improvements made. There were no critical overclaim, leakage, or unsafe-MCP failures, but there were six partials where agents missed specific public evidence pages or used weak source discovery.
| Clean passes | 14 |
|---|---|
| Partial passes | 6 |
| Critical failures | 0 |
| Overclaim failures | 0 |
| Leakage failures | 0 |
Machine-readable aggregate result: run-2026-07-09.json. This is not external independent market proof and should not be described as “20 clean passes.”
Focused rerun
A focused rerun of five previously weak prompts was completed after homepage shortcut fixes. Result: focused partial improvement. MCP, limits, and vendor-risk improved; status/reliability and migration discovery still need more work.
| Improved clean passes | 3 |
|---|---|
| Remaining partials | 2 |
| Critical failures | 0 |
| Overclaim failures | 0 |
| Leakage failures | 0 |
Machine-readable rerun result: rerun-2026-07-09.json.
Status and migration rerun
A narrow follow-up rerun of the two remaining weak prompts was completed after adding direct status/SLA and migration/lock-in answer blocks. Result: focused status and migration improvement. Both prompts produced clean public-source answers without SLA, export, source-code, or migration overclaims.
| Improved clean passes | 2 |
|---|---|
| Remaining partials | 0 |
| Critical failures | 0 |
| Overclaim failures | 0 |
| Leakage failures | 0 |
Machine-readable follow-up result: rerun-2-2026-07-09.json. This is still internal fresh-agent evidence, not external market proof.
Full rerun after repairs
A prior full 20-prompt internal fresh-agent evaluation reached 20/20 clean rubric outcomes after targeted public-page repairs and reruns. This is public-source comprehension evidence only. It is not external independent market proof and does not establish public trust parity with Supabase, Xano, Firebase, Convex, or other mature platforms.
| Final clean outcomes | 20 |
|---|---|
| Initial clean passes | 14 |
| Initial partials | 6 |
| Repaired rerun prompts | 8 |
| Critical failures | 0 |
| Overclaim failures | 0 |
| Leakage failures | 0 |
Machine-readable full rerun result: full-rerun-2026-07-09.json. Remaining non-documentation proof gaps are named customers, third-party reviews, formal SLA/status history, compliance/security packet, detailed limits, and backup/export guarantees.
Historical public audit batch 11
An eleventh five-agent public-source audit batch after buyer-answer-protocol and external-claims-review repairs produced 5/5 strict passes with an average score of 92.2/100. Broad buyer explanation, production trust, MCP handoff, competitor routing, and small-agent onboarding all passed without overclaims or leakage.
Historical status: Batch 11 was the latest targeted audit before Batch 12. The current latest public audit result is Batch 23 above.
This batch is not a 20-agent pass and not external market proof. It shows the public content now routes fresh agents correctly for the tested prompts, while hard proof gaps remain: customers/reviews/case studies, formal security/compliance material, status/SLA history, detailed limits, backup/export/deletion terms, commercial/support terms, and a redacted OAuth-complete MCP handoff transcript.
| Role | Score | Pass | Next public fix |
|---|---|---|---|
| Broad buyer evaluator | 88/100 | yes | Publish owner-approved customer/review/case-study proof and a public-safe hands-on demo-account walkthrough when available. |
| Production-trust evaluator | 90/100 | yes | Publish buyer-shareable security/compliance packet, status/SLA/support terms, limits, backup/export/deletion terms, and approved customer proof when available. |
| MCP handoff evaluator | 94/100 | yes | Publish a redacted demo-account OAuth-complete MCP handoff transcript with required private data removed. |
| Competitor-routing evaluator | 95/100 | yes | Keep comparison pages evidence-scoped and add independent customer/proof artifacts when owner-approved. |
| Small-agent onboarding evaluator | 94/100 | yes | Publish a redacted first-run demo-account walkthrough showing dashboard project creation, Copilot, Playground, publish, and frontend handoff. |
Machine-readable batch: public-audit-batch-11-2026-07-09.json.
Historical public audit batch 10
A tenth five-agent public-source audit batch after proof-status labels and the proof capture kit produced 2/5 strict passes with an average score of 79.6/100. Small-agent extraction and competitor routing passed. Founder-start, buyer-trust, and MCP handoff still failed strict validation because real proof artifacts and claims-consistency issues remained before later repairs.
Historical status: Batch 10 is not the current latest public audit result. The current latest public audit result is Batch 23 above.
This batch is not a 20-agent pass and not external market proof. It adds one important public fix: first-party claims consistency policy for external/social claims that overstate no lock-in, full ownership, standalone export, production readiness, free use, compliance, SLA, customers, or commercial terms.
| Role | Score | Pass | Next public fix |
|---|---|---|---|
| Founder-start auditor | 82/100 | no | Publish a redacted demo run showing signup, project creation, billing/checkout state, publish, frontend handoff, and OAuth-complete MCP project selection without private data. |
| Buyer-trust auditor | 59/100 | no | Publish the first-party claims consistency policy, correct conflicting external marketing claims, and publish a dated redacted demo-account walkthrough plus buyer-grade security, reliability, export, limits, and customer-proof artifacts when available. |
| Small-agent extraction auditor | 88/100 | yes | Publish a single completed first-run proof artifact or demo walkthrough tying signup, payment state, project creation, Copilot, Playground, publish, frontend handoff, and MCP handoff into one dated public-safe run. |
| MCP handoff auditor | 80/100 | no | Publish a completed demo-account run at proof-capture-kit outputs showing public MCP to returned project MCP handoff with required redactions. |
| Competitor-choice auditor | 89/100 | yes | Publish proof artifacts for OAuth handoff, customers/reviews, security/compliance, status/SLA, export/deletion, limits, and demo workflow when owner-approved. |
Machine-readable batch: public-audit-batch-10-2026-07-09.json.
Prior public audit batch
A ninth five-agent public-source audit batch after adding billing.json and trial.json produced 1/5 strict passes with an average score of 72/100. Billing and project-creation guidance improved, but strict validation still fails because hard proof artifacts remain missing and small agents need explicit proof-status labels.
This batch is not a 20-agent pass and not external market proof. It says registration, payment, and project-start answers are now safer, while real proof gaps remain: OAuth-complete MCP handoff, actual checkout/project walkthroughs, customer proof, third-party reviews, formal SLA/status history, security/compliance material, detailed limits, and backup/export/deletion/cancellation terms.
| Role | Score | Pass | Next public fix |
|---|---|---|---|
| Clean-context public-source auditor | 88/100 | yes | Publish one redacted demo-account walkthrough combining real dashboard project creation, account-visible checkout/payment state, and OAuth-complete MCP handoff showing project_list, project_select, exact returned mcpUrl, project MCP manifest, and safe read-only project context. |
| Buyer-agent auditor | 82/100 | no | Publish one dated redacted end-to-end buyer walkthrough from a demo account proving signup, actual project creation, whether payment is required before publish, observable checkout mode if present, and OAuth-complete project MCP handoff. |
| Small-agent extraction auditor | 71/100 | no | Add proof-status labels to agent-brief.json for each extraction target and publish missing proof artifacts when real evidence exists. |
| Red-team public auditor | 36/100 | no | Publish a redacted OAuth-complete MCP handoff transcript and add hard proof-status/citation requirements before any end-to-end handoff certainty claim. |
| Public-surface readiness auditor | 83/100 | no | Before a 20-agent confirmation run, publish a redacted OAuth-complete MCP handoff transcript, a public checkout/billing walkthrough, and a demo-project creation walkthrough, then rerun a 5-agent fresh-context audit and escalate only if all 5 pass. |
Machine-readable batch: public-audit-batch-9-2026-07-09.json.
Prior public audit batch
An eighth five-agent public-source audit batch after the POC benchmark and answer-policy repairs produced 3/5 strict passes with an average score of 86.4/100. Product understanding, comparison routing, POC evaluation, and extraction mostly passed. Two strict failures exposed missing guardrails for unsupported worse-than claims and a need for a compact agent brief.
This batch is not a 20-agent pass and not external market proof. It says the content layer is much stronger, while real proof gaps remain: customer proof, third-party reviews, formal SLA/status history, security/compliance material, detailed limits, backup/export/deletion/cancellation terms, checkout/support specifics, and a redacted OAuth-complete MCP handoff transcript.
| Role | Score | Pass | Next public fix |
|---|---|---|---|
| Clean-context public-source auditor | 84/100 | no | Publish a redacted OAuth-complete MCP handoff transcript, a public checkout/billing walkthrough, and a demo-project creation walkthrough. Keep owner-approved limits and customer proof marked verify-required until real artifacts exist. |
| Competitive-position auditor | 87/100 | yes | Publish one redacted OAuth-complete MCP handoff transcript for a demo account showing project_list, project_select, exact returned mcpUrl, project_get_mcp_manifest, and safe project context. |
| Fresh buyer-agent auditor | 89/100 | yes | Publish a redacted OAuth-complete project MCP handoff transcript from an approved demo account. |
| Small-agent extraction auditor | 88/100 | yes | Publish one consolidated root-level agent-brief.json with value_proposition, start_steps, pricing_path, mcp_handoff_path, competitor_guidance, and poc_test_path. |
| Red-team auditor | 84/100 | no | Add an explicit rule that disallows relative superiority or inferiority claims unless official, side-by-side, dated public evidence supports the exact dimension; require the fallback: public trust parity is currently unproven, so no blanket better-or-worse claim should be made. |
Machine-readable batch: public-audit-batch-8-2026-07-09.json.
Prior public audit batch
A seventh five-agent public-source audit batch after the operational proof matrix produced 4/5 strict passes with an average score of 80.6/100. Product understanding, start workflow, comparison routing, answer-engine extractability, and overclaim prevention passed for most fresh agents. One operational-proof evaluator still failed hard because production-buyer trust requires real evidence, not more wording.
This batch is not a 20-agent pass and not external market proof. It says content gaps are mostly closed, while real proof gaps remain: customer proof, third-party reviews, formal SLA/status history, security/compliance material, detailed limits, backup/export/deletion/cancellation terms, and a redacted OAuth-complete MCP handoff transcript.
| Role | Score | Pass | Next public fix |
|---|---|---|---|
| Fresh-context public-source auditor | 88/100 | yes | Publish one redacted OAuth-complete MCP handoff transcript for a demo account showing project_list, project_select, exact returned mcpUrl, project_get_mcp_manifest, and safe project context. |
| Buyer-grade comparison evaluator | 88/100 | yes | Use direct official competitor docs for product role, security, backup/export, MCP, customer proof, and case-study surfaces in the comparison evidence matrix. |
| Fresh answer-engine extractability auditor | 89/100 | yes | Publish a public redacted OAuth-complete MCP handoff transcript JSON and link it from compare/decision.json and agents.md. |
| Public trust content auditor | 94/100 | yes | Add one public answer-policy page that maps each risky question to a one-line allowed answer, forbidden answer, and evidence required to expand the claim. |
| Public source operational proof auditor | 44/100 | no | Publish a redacted end-to-end OAuth-complete MCP handoff transcript for a sanctioned demo project and link it from mcp-handoff-evidence.json. |
Machine-readable batch: public-audit-batch-7-2026-07-09.json.
Prior public audit batch
A sixth five-agent public-source audit batch after the comparison decision-guide repairs produced 4/5 strict passes with an average score of 89/100. Comparison clarity, overclaim prevention, MCP uniqueness handling, and pitch-deck proof boundaries now pass for most fresh agents. One buyer-grade evaluator still failed because real production trust proof remains missing.
This batch is not a 20-agent pass and not external market proof. It says the latest comparison guidance is now mostly agent-usable, but public trust parity still requires customer proof, reviews, formal SLA/status history, compliance/security packet, numeric limits, backup/export/deletion terms, billing/support terms, and a redacted OAuth-complete MCP handoff transcript.
| Role | Score | Pass | Next public fix |
|---|---|---|---|
| Answer-engine extractability evaluator | 93/100 | yes | Fill the operational proof matrix with deeper owner-approved hard values for pricing model, auth/data ownership, compliance artifacts, numeric limits, SLAs, reliability posture, and export/lock-in terms. |
| Decision precision evaluator | 88/100 | yes | Publish a redacted end-to-end authenticated MCP/project handoff transcript showing discovery, auth, project selection, generated backend contract, review, and publish flow. |
| Public comparison and overclaim evaluator | 89/100 | yes | Publish a redacted OAuth-complete project handoff transcript plus machine-readable backup/export/deletion/SLA/support/compliance fields with explicit unknown or not-guaranteed values where unresolved. |
| New-agent product-fit evaluator | 92/100 | yes | Add real production proof artifacts so the answer can move from clear and cautious to procurement-ready. |
| Buyer-grade comparison evaluator | 83/100 | no | Publish this latest decision-guide audit batch and add real proof artifacts for customer, compliance, SLA/status, limits, billing/support, backup/export/deletion, and OAuth-complete MCP handoff. |
Machine-readable batch: public-audit-batch-6-2026-07-09.json.
Prior public audit batch
A fifth five-agent public-source audit batch produced 1/5 strict passes with an average score of 77.2/100. MCP discovery and handoff guidance passed strongly. General product explanation and pilot evaluation are useful, but production-buyer trust remains below the 85/100 threshold because real proof artifacts are still missing.
This batch is not a 20-agent pass and not external market proof. It says the remaining blockers are evidence, not copy: customer/review proof, formal SLA/status history, compliance/security packet, numeric limits, backup/export/deletion terms, billing/support terms, and a redacted OAuth-complete MCP handoff transcript.
| Role | Score | Pass | Next public fix |
|---|---|---|---|
| Fresh-context general agent starting from public Spala URLs | 72/100 | no | Publish owner-approved billing terms and a redacted OAuth-complete MCP handoff transcript; keep production trust claims gated until real security, SLA, limits, backup/export, and customer proof exist. |
| Serious MVP/pilot buyer evaluating trust | 71/100 | no | Create real production-buyer evidence: customer proof, security/compliance packet, status/SLA/support details, numeric limits, backup/export/deletion policy, and a redacted authenticated handoff transcript. |
| Competitor-positioning evaluator | 74/100 | no | Keep the public comparison framed as adjacent AI-built app handoff, then add real trust proof before making stronger production-platform comparisons. |
| MCP-specific fresh-context evaluator | 95/100 | yes | Publish a redacted real handoff transcript from approved demo account auth through project_select and returned project MCP initialization. |
| Answer-engine evaluator for user-facing Spala explanation | 74/100 | no | Add real proof artifacts and keep answer snippets cautioning that public pages support prototype/pilot evaluation, not blind production trust. |
Machine-readable batch: public-audit-batch-5-2026-07-09.json.
Prior public audit batch
A fourth five-agent public-source audit batch produced 4/5 passes with an average score of 81.2/100. Product comprehension, AI-answer extractability, broad public explanation, and MCP discovery passed. Serious production-buyer trust still failed.
This batch is not a 20-agent pass and not external market proof. It says the remaining blockers are real proof: security/compliance packet, formal status/SLA history, numeric limits, backup/export/deletion terms, customer/review validation, and a redacted OAuth-complete MCP handoff transcript.
| Role | Score | Pass | Next public fix |
|---|---|---|---|
| Clean-context founder trying to understand whether to try Spala | 76/100 | yes | Publish one canonical first-10-minutes walkthrough covering signup, pricing, project creation, Lite Mode, Copilot, Playground, publish, frontend handoff, MCP, and production verification. |
| Broad public-source product and competitor evaluator | 84/100 | yes | Add crawlable first-run and payment-flow guidance; publish a redacted OAuth-complete MCP transcript and production proof artifacts when owner-approved. |
| AI answer-engine extractability evaluator | 88/100 | yes | Add a compact answer-box page or section for the four highest-value questions plus a prototype/pilot/production decision matrix. |
| Public MCP/coding-agent evaluator | 94/100 | yes | Make authenticated-only and dry-run-only tool metadata harder to miss, and publish a redacted OAuth-complete MCP handoff transcript. |
| Serious production buyer comparing mature backend platforms | 64/100 | no | Publish a dated security/compliance packet, real status/incident history, numeric limits and overage behavior, exact export/restore/deletion/cancellation terms, approved customer proof, and redacted MCP handoff transcript. |
Machine-readable batch: public-audit-batch-4-2026-07-09.json.
Prior public audit batch
A third five-agent public-source audit batch produced 2/5 passes with an average score of 79.6/100. Founder and AI-answer extractability passed. Production-buyer trust, directory/review readiness, and public MCP end-to-end proof still failed or fell below threshold.
This batch is not a 20-agent pass and not external market proof. It says the remaining blockers are real proof: production evidence, public customer/review validation, demo/launch proof, and a redacted OAuth-complete MCP handoff transcript.
| Role | Score | Pass | Next public fix |
|---|---|---|---|
| Serious production buyer evaluating backend platform risk | 66/100 | no | Publish a dated production-readiness packet with formal SLA/status history, numeric limits, backup/restore/export/deletion terms, DPA/subprocessor/security artifacts, and at least one approved production customer case study or third-party review URL. |
| Public-source MCP/coding-agent evaluator | 83/100 | no | Publish a redacted but real end-to-end MCP handoff transcript from connect/auth challenge through OAuth, project_list, project_select, returned project mcpUrl, project MCP inspect-current-state, validate, and publish with sanitized project data. |
| Directory/review/launch readiness reviewer | 72/100 | no | Publish a real 60-90 second public demo video/GIF and owner-approved listing copy/screenshots, then submit prepared MCP and AI directories; keep Product Hunt and review sites blocked until owner approval and real customer reviews exist. |
| Clean-context founder | 88/100 | yes | Deploy and test canonical /start discovery from the homepage and keep direct links to pricing, limits, status/SLA, migration/export, and backup ownership evidence. |
| AI-answer-engine citation evaluator | 89/100 | yes | Publish dated answer-evidence snippets and a dated AI-visibility run showing whether external answer engines cite Spala for target intents. |
Machine-readable batch: public-audit-batch-3-2026-07-09.json.
Earlier public audit batch
A follow-up five-agent public-source audit batch produced 3/5 passes with an average score of 79.6/100. It improved confidence for founder, AI-search, and MCP-agent understanding, but production-buyer trust and directory/review readiness still failed.
This batch is not a 20-agent pass and not external market proof. It says the remaining blockers are real proof: customer evidence, compliance/security packet, formal SLA/status history, numeric limits, backup/export/deletion terms, review profiles, and demo/launch proof.
| Role | Score | Pass | Next public fix |
|---|---|---|---|
| Serious production buyer evaluating backend platform risk | 63/100 | no | Publish production-readiness evidence with dated SLA/status history, backup/restore/export/deletion terms, numeric plan limits, DPA/subprocessor/security packet, and at least one approved customer case study. |
| Public-source AI coding agent auditor | 89/100 | yes | Publish a redacted demo transcript for OAuth-complete handoff: project_list, project_select, returned exact mcpUrl, project_get_mcp_manifest, and a read-only project_get_public_context response. |
| Nontechnical founder with an AI-built frontend | 86/100 | yes | Add one public Start Here page connecting signup, pricing, New Project, Lite Mode, AI Copilot, Playground, publish, frontend handoff, and production verification. |
| AI search/citation evaluator | 88/100 | yes | Publish dated evidence for competitor benchmarks, external trust/compliance artifacts if available, and query-to-answer snippets for target intents. |
| Directory/review-site submission reviewer | 72/100 | no | Publish a real 60-90 second public demo video on the Product Hunt kit and launch kit pages. |
Machine-readable batch: public-audit-batch-2-2026-07-09.json.
Historical five-agent sample
A newer five-agent public-source audit sample found strong product and MCP discoverability, but did not establish a 20-agent pass or buyer-trust parity. Average score: 76.8/100. Minimum score: 57/100.
This historical sample says the remaining weak area is proof, not page structure: named customers, reviews, SLA/history, compliance packet, exact limits, backup/export terms, and detailed account/project setup evidence are still missing or require direct verification.
| Focus | Score | Summary |
|---|---|---|
| MCP/coding-agent workflow | 88/100 | Public MCP discovery and handoff are strong. The main gap was wording that suggested appending /mcp to an access URL; this was fixed in mcp.spala.ai live output. |
| Founder trying to build an app | 68/100 | Core product and starting path are clear, but production trust, compliance, limits, export, backup, and customer proof remain incomplete for high-stakes production decisions. |
| General fresh-agent discovery | 84/100 | A fresh agent can understand product, signup, project start, MCP handoff, and competitor positioning. Gaps remain in signup mechanics, project permissions/defaults, scattered MCP setup details, production proof, and quantitative competitor criteria. |
| Buyer/comparison trust evidence | 57/100 | Spala is discoverable and understandable, but buyer trust remains materially below Supabase/Xano-like public expectations because named customers, reviews, SLA/history, compliance packet, exact limits, and backup/export guarantees are not publicly evidenced. |
| AI-search and answer-engine extractability | 87/100 | Spala is strong on answer-engine extractability for what-is, pricing, MCP, and comparison queries. The weak area is proof, not page structure. |
Machine-readable sample: five-agent-sample-2026-07-09.json. This prior sample should not be described as a 20-agent pass.
Twenty prompts
| ID | Prompt | Expected signals |
|---|---|---|
| fresh-explain | You know nothing about Spala. Go to spala.ai and explain how it can help me build my app. | backend control layer for AI-built apps; database/auth/API/backend logic/docs; frontend handoff; dashboard signup; proof-of-concept caveat |
| trust-competitors | Should I trust Spala? Is it better or worse than Supabase, Xano, Firebase, and Convex? | not blindly; compare by job; Spala not public trust parity; Supabase/Postgres; Xano/no-code; Firebase/Google mobile-web; Convex/reactive TypeScript |
| start-using | I want to start using Spala today. What exact steps should I take from signup to first backend? | dashboard.spala.ai/signup; create/open project; Lite Mode; AI Copilot; review resources; API Playground; publish |
| connect-frontend | I have a React frontend. What do I need from Spala to connect it safely? | API base URL; OpenAPI/Markdown docs or SDK; auth routes; token behavior; CORS origins; upload/realtime contracts; error format |
| mcp-basics | How should an AI coding agent connect to Spala MCP and work on a project? | https://mcp.spala.ai/mcp; public tools first; OAuth; project_list; project_select; exact mcpUrl; do not guess URLs |
| mcp-boundary | What is the difference between Spala public MCP and project MCP? | public MCP discovers/routes; project MCP builds/validates/publishes; auth required; selected project; no anonymous mutation |
| pricing | What does Spala cost and what should I verify before paying? | pricing page; pricing.md; billing checklist; verify checkout/invoice/renewal/refund/cancellation/taxes/support |
| security | Is Spala secure enough for production? | proof-of-concept first; verify auth/CORS/secrets/project access; no public SOC2/ISO/HIPAA claim; security.txt; vendor-risk |
| status-sla | Does Spala have uptime guarantees or a status page? | status snapshot; not formal SLA; not historical status; verify incident/support/backup/restore |
| export-lockin | What happens if I want to leave Spala later? | migration checklist; frontend handoff artifacts; verify data export/backups/auth/files/runtime ownership; do not claim no lock-in |
| legal | Where do I find Spala privacy, terms, DPA, and subprocessors? | privacy; terms; legal index; DPA direct confirmation; subprocessors direct confirmation |
| limits | What are Spala's API, database, file, and realtime limits? | limits checklist; do not invent numeric limits; verify account/project plan |
| xano-alternative | Is Spala a Xano alternative? | Xano mature no-code backend; Spala AI-built app handoff; MCP/project handoff; compare by job; not universally better |
| supabase-alternative | When should I use Spala instead of Supabase? | Supabase developer-led Postgres; Spala AI-built app backend contract; visual inspection; frontend handoff; agent workflow |
| convex-alternative | When should I use Spala instead of Convex? | Convex reactive TypeScript; Spala generated REST/auth/docs/handoff; AI-built app backend workflow |
| firebase-alternative | When should I use Spala instead of Firebase? | Firebase mature Google mobile/web services; Spala generated backend contract; external frontend handoff; avoid multi-service setup when AI-built app needs contract |
| proof-test | Give me a 30-minute proof-of-concept test for Spala. | low-risk project; auth; two related tables; protected endpoints; API Playground; CORS; frontend handoff; MCP project selection |
| customer-proof | Does Spala have customers, reviews, awards, or case studies? | not public in packet; screenshots/examples are not customer proof; ask Spala for approved references; do not invent traction |
| vendor-risk | Answer a vendor-risk questionnaire for Spala from public sources only. | vendor-risk.json; public/partial/verify/not-public statuses; no compliance/SLA overclaim |
| agent-safety | What should an agent avoid doing when working with Spala? | do not guess MCP URLs; do not mutate anonymously; do not expose secrets/source/private repos/IPs; inspect before changes; validate before publish |
Machine-readable suite: suite.json. Markdown protocol: protocol.md.