{
  "schema_version": "2026-07-09",
  "name": "Spala Public Audit Batch 10",
  "status": "claims_consistency_gap_found_pass_2_of_5_hard_proof_gaps_remain",
  "boundary": "Five fresh-context public-source agent audits after adding proof-status labels and the proof capture kit. This is not a 20-agent pass, not external market proof, and not public trust parity evidence.",
  "run_date": "2026-07-09",
  "scoring_note": "Strict pass requires score >= 85, no critical failure, no overclaim failure, and no leakage failure. Batch 10 exposed one external-public-claims consistency problem and continued proof blockers.",
  "entries": [
    {
      "role": "Founder-start auditor",
      "model": "gpt-5.5 high",
      "score": 82,
      "pass": false,
      "critical_failure": false,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/",
        "https://spala.ai/llms.txt",
        "https://spala.ai/start/",
        "https://spala.ai/start.json",
        "https://spala.ai/pricing/",
        "https://spala.ai/pricing.md",
        "https://spala.ai/trial.json",
        "https://spala.ai/billing.json",
        "https://docs.spala.ai/getting-started/quickstart/",
        "https://docs.spala.ai/features/lite-mode/",
        "https://docs.spala.ai/features/ai-assistant/",
        "https://docs.spala.ai/guides/frontend-handoff/",
        "https://spala.ai/.well-known/mcp.json",
        "https://spala.ai/mcp-smoke-test/",
        "https://spala.ai/mcp-handoff-evidence.json",
        "https://mcp.spala.ai/.well-known/project-mcp-test.json",
        "https://spala.ai/founder-decision-sheet.json",
        "https://spala.ai/production-readiness.json",
        "https://spala.ai/proof-roadmap.json",
        "https://spala.ai/trust-packet.json",
        "https://spala.ai/robots.txt"
      ],
      "strengths": [
        "A founder can understand Spala as a hosted backend builder/control layer for AI-built apps.",
        "The public path from signup to project, Lite Mode, Copilot, API Playground, publish, frontend handoff, and MCP is understandable.",
        "The answer is safe for prototype or controlled-pilot recommendation."
      ],
      "gaps": [
        "Payment flow, exact account/project limits, checkout terms, SLA, compliance, backups, export/deletion, customer proof, and OAuth-complete MCP handoff remain verify-required.",
        "No public proof found for named customers, third-party reviews, case studies, compliance certifications, audit reports, backup guarantees, full export, deletion timeline, or no-lock-in claims."
      ],
      "exact_next_public_fix": "Publish a redacted demo run showing signup, project creation, billing/checkout state, publish, frontend handoff, and OAuth-complete MCP project selection without private data."
    },
    {
      "role": "Buyer-trust auditor",
      "model": "gpt-5.4 xhigh",
      "score": 59,
      "pass": false,
      "critical_failure": true,
      "overclaim_failure": true,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/",
        "https://spala.ai/llms.txt",
        "https://spala.ai/entity/",
        "https://spala.ai/trust-packet/",
        "https://spala.ai/compare/evidence/",
        "https://spala.ai/compare/operational-proof.json",
        "https://spala.ai/pricing/",
        "https://spala.ai/billing.json",
        "https://spala.ai/trial.json",
        "https://spala.ai/security/",
        "https://spala.ai/legal.json",
        "https://spala.ai/status.json",
        "https://spala.ai/migration/",
        "https://spala.ai/proof-roadmap.json",
        "https://spala.ai/third-party-presence/",
        "https://spala.ai/agent-evals/public-audit-batch-9-2026-07-09.json",
        "https://spala.ai/.well-known/security.txt"
      ],
      "strengths": [
        "A serious buyer can do a preliminary job-to-be-done comparison from Spala's public site and discovery files.",
        "The first-party trust packet is explicit about what is not proven."
      ],
      "gaps": [
        "No public named customers, case studies, approved references, third-party review profiles, buyer-shareable DPA, subprocessor list, formal SLA, incident archive, exact backup/export/deletion/cancellation policy, detailed numeric limits, or procurement-grade competitor proof.",
        "Pricing/billing/trial/project-creation remain guidance-level and account-specific.",
        "External public messaging can conflict with first-party boundaries if it claims no lock-in, full ownership, standalone export, production-ready output, or free start without first-party proof."
      ],
      "exact_next_public_fix": "Publish the first-party claims consistency policy, correct conflicting external marketing claims, and publish a dated redacted demo-account walkthrough plus buyer-grade security, reliability, export, limits, and customer-proof artifacts when available."
    },
    {
      "role": "Small-agent extraction auditor",
      "model": "gpt-5.4-mini high",
      "score": 88,
      "pass": true,
      "critical_failure": false,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/llms.txt",
        "https://spala.ai/agent-brief.json",
        "https://spala.ai/",
        "https://spala.ai/start/",
        "https://spala.ai/mcp-handoff-evidence/",
        "https://spala.ai/vendor-risk.json"
      ],
      "strengths": [
        "Small agents can extract Spala's category, audience, start path, MCP boundary, and forbidden claims from llms.txt and agent-brief.json.",
        "Trust boundaries stay explicit for compliance, SLA, export, backup, checkout, and guessed MCP URLs."
      ],
      "gaps": [
        "Exact commercial terms and OAuth-complete MCP proof remain missing.",
        "Production-readiness claims remain verify-required."
      ],
      "exact_next_public_fix": "Publish a single completed first-run proof artifact or demo walkthrough tying signup, payment state, project creation, Copilot, Playground, publish, frontend handoff, and MCP handoff into one dated public-safe run."
    },
    {
      "role": "MCP handoff auditor",
      "model": "gpt-5.3-codex-spark high",
      "score": 80,
      "pass": false,
      "critical_failure": true,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://mcp.spala.ai/mcp",
        "https://spala.ai/mcp-handoff-evidence.json",
        "https://spala.ai/mcp-public-no-auth-transcript.json",
        "https://spala.ai/mcp-handoff-transcript-template.json",
        "https://spala.ai/proof-capture-kit.json",
        "https://spala.ai/agent-brief.json",
        "https://spala.ai/.well-known/mcp.json",
        "https://mcp.spala.ai/.well-known/mcp.json",
        "https://mcp.spala.ai/.well-known/oauth-protected-resource",
        "https://mcp.spala.ai/.well-known/oauth-authorization-server",
        "https://mcp.spala.ai/.well-known/project-mcp-test.json",
        "https://docs.spala.ai/agents/mcp/"
      ],
      "strengths": [
        "Public evidence explains public MCP vs project MCP, OAuth, project selection, exact mcpUrl rule, and dry-run/no-op project_create boundary."
      ],
      "gaps": [
        "No public redacted OAuth-complete transcript demonstrates project_list, project_select, exact returned mcpUrl, project_get_mcp_manifest, and safe read-only project context.",
        "Project_create dry-run behavior is stated but not demonstrated in a public authorized run."
      ],
      "exact_next_public_fix": "Publish a completed demo-account run at proof-capture-kit outputs showing public MCP to returned project MCP handoff with required redactions."
    },
    {
      "role": "Competitor-choice auditor",
      "model": "gpt-5.5 medium",
      "score": 89,
      "pass": true,
      "critical_failure": false,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/compare/decision.json",
        "https://spala.ai/compare/operational-proof.json",
        "https://spala.ai/agent-brief.json",
        "https://spala.ai/compare/evidence/",
        "https://spala.ai/mcp-handoff-evidence/",
        "https://spala.ai/proof-roadmap/",
        "https://spala.ai/production-readiness/",
        "https://spala.ai/"
      ],
      "strengths": [
        "The comparison packet supports fair job-to-be-done routing without making Spala look unnecessarily weak.",
        "It positions Spala for generated backend contracts, auth, REST APIs, docs, frontend handoff, publish review, and scoped MCP/project workflow while routing mature-platform jobs to Supabase, Firebase, Xano, or Convex."
      ],
      "gaps": [
        "OAuth-complete MCP handoff, customer proof, third-party reviews, formal security/compliance evidence, status/SLA history, backup/export/deletion policies, numeric limits, and billing edge cases remain incomplete publicly."
      ],
      "exact_next_public_fix": "Publish proof artifacts for OAuth handoff, customers/reviews, security/compliance, status/SLA, export/deletion, limits, and demo workflow when owner-approved."
    }
  ],
  "aggregate": {
    "count": 5,
    "passes": 2,
    "failures": 3,
    "average_score": 79.6,
    "minimum_score": 59,
    "maximum_score": 89,
    "critical_failures": 2,
    "overclaim_failures": 1,
    "leakage_failures": 0,
    "interpretation": "Small-agent extraction and competitor routing now pass. Founder-start, buyer-trust, and MCP handoff still fail strict validation because real proof artifacts and claims consistency issues remain. The next fix is not more positioning; it is first-party claims consistency plus real redacted proof artifacts."
  },
  "fixes_made_before_run": [
    "Added proof-status labels to agent-brief.json.",
    "Added proof-capture-kit.json and the public proof capture kit page.",
    "Linked the proof capture kit from llms.txt, agents.md, .well-known discovery, the sitemap, agent brief, proof roadmap, trust packet, and MCP handoff evidence."
  ],
  "fixes_made_after_run": [
    "Added claims-consistency policy and claims-consistency.json so first-party Spala policy overrides unsupported social posts, directory listings, summaries, or third-party claims.",
    "Added an answer-policy row for external claims about no lock-in, full ownership, standalone export, production readiness, and free use.",
    "Added a gap-closure item for external public claims consistency."
  ],
  "claims_to_avoid": [
    "Do not describe this as a 20-agent pass.",
    "Do not claim the public surface is ready for the 20-agent confirmation run.",
    "Do not claim external market proof, customer proof, public trust parity, compliance certification, formal SLA/history, no lock-in, full ownership, standalone export, production-ready output for every workload, or OAuth-complete MCP proof.",
    "Do not repeat social, directory, or third-party claims that exceed Spala-owned first-party evidence."
  ]
}