{
  "schema_version": "2026-07-09",
  "name": "Spala Five-Agent Public Audit Sample",
  "status": "sample_not_20_agent_pass",
  "boundary": "This is a public-source sample of five independent agent audits. It is not a 20-agent pass, not external market proof, and not public trust parity evidence.",
  "source": "multi_agent_v1 public-source audits run from the local workspace",
  "scores": [
    {
      "focus": "MCP/coding-agent workflow",
      "score": 88,
      "summary": "Public MCP discovery and handoff are strong. The main gap was wording that suggested appending /mcp to an access URL; this was fixed in mcp.spala.ai live output."
    },
    {
      "focus": "Founder trying to build an app",
      "score": 68,
      "summary": "Core product and starting path are clear, but production trust, compliance, limits, export, backup, and customer proof remain incomplete for high-stakes production decisions."
    },
    {
      "focus": "General fresh-agent discovery",
      "score": 84,
      "summary": "A fresh agent can understand product, signup, project start, MCP handoff, and competitor positioning. Gaps remain in signup mechanics, project permissions/defaults, scattered MCP setup details, production proof, and quantitative competitor criteria."
    },
    {
      "focus": "Buyer/comparison trust evidence",
      "score": 57,
      "summary": "Spala is discoverable and understandable, but buyer trust remains materially below Supabase/Xano-like public expectations because named customers, reviews, SLA/history, compliance packet, exact limits, and backup/export guarantees are not publicly evidenced."
    },
    {
      "focus": "AI-search and answer-engine extractability",
      "score": 87,
      "summary": "Spala is strong on answer-engine extractability for what-is, pricing, MCP, and comparison queries. The weak area is proof, not page structure."
    }
  ],
  "aggregate": {
    "count": 5,
    "average_score": 76.8,
    "minimum_score": 57,
    "maximum_score": 88,
    "interpretation": "Public agent discoverability is strong. Public buyer-trust parity is not achieved because the remaining gaps require real external proof or contractual artifacts, not more copy."
  },
  "consistent_strengths": [
    "Core positioning is understandable: backend control layer for AI-built apps.",
    "MCP public-vs-project boundary is clear after the URL wording fix.",
    "AI-readable files, comparison pages, trust packet, vendor-risk JSON, examples, screenshots, and docs are easy to find.",
    "Spala avoids most dangerous overclaims by explicitly marking production proof gaps."
  ],
  "consistent_gaps": [
    "No public named customers, case studies, testimonials, public reviews, or directory traction.",
    "No formal public SLA, incident history, or hosted historical status page.",
    "No public compliance packet such as DPA, subprocessors, audit summaries, or certification evidence.",
    "No detailed public numeric limits, overages, support expectations, backup retention, restore, export, deletion, cancellation, or source/runtime ownership terms.",
    "Signup/project creation details are still high-level for brand-new users."
  ],
  "completed_fix_from_sample": {
    "issue": "Public MCP docs_search result suggested using a returned access URL plus /mcp.",
    "fix": "Updated mcp.spala.ai wording so live docs search and metadata tell agents to use the exact returned mcpUrl and not append or infer project MCP URLs.",
    "verified_live": [
      "https://mcp.spala.ai/mcp docs_search says not to construct URLs and not to append /mcp unless explicitly instructed by a response schema.",
      "https://mcp.spala.ai/.well-known/oauth-authorization-server says api.spala.ai/mcp is authorization-server-only, not the MCP server to configure.",
      "https://mcp.spala.ai/llms.txt says to use the exact returned mcpUrl."
    ]
  },
  "claim_guidance": "Do not publish this as a 20-agent pass. Use it to prioritize proof collection and the next public content fixes."
}