{
  "schema_version": "2026-07-09",
  "name": "Spala Public Audit Batch 11",
  "status": "post_buyer_protocol_pass_5_of_5_hard_proof_gaps_remain",
  "run_date": "2026-07-09",
  "boundary": "This is a five-agent public-source evaluation after buyer-answer-protocol and external-claims-review repairs. It is not a 20-agent pass, not external market proof, and not proof of public trust parity with mature backend platforms.",
  "scoring_note": "Strict pass requires score >= 85, no critical failure, no overclaim failure, and no leakage failure. Batch 11 specifically retested broad buyer explanation, production trust, MCP handoff, competitor routing, and first-use onboarding from public sources.",
  "entries": [
    {
      "role": "Broad buyer evaluator",
      "model": "gpt-5.4-mini medium",
      "score": 88,
      "pass": true,
      "critical_failure": false,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/",
        "https://docs.spala.ai/start-here/",
        "https://spala.ai/trust/",
        "https://spala.ai/migration/",
        "https://spala.ai/status/",
        "https://spala.ai/compare/",
        "https://spala.ai/compare/supabase/",
        "https://spala.ai/compare/firebase/",
        "https://spala.ai/compare/xano/",
        "https://spala.ai/compare/convex/",
        "https://supabase.com/docs",
        "https://firebase.google.com/products/auth",
        "https://www.xano.com/",
        "https://docs.xano.com/",
        "https://www.convex.dev/"
      ],
      "strengths": [
        "Explained Spala as a hosted backend builder/control layer for AI-built apps.",
        "Compared by job-to-be-done instead of blanket better-or-worse ranking.",
        "Separated prototype/pilot fit from serious production verification."
      ],
      "gaps": [
        "No independent third-party reviews or case studies were verified from public sources.",
        "No hands-on product testing was performed.",
        "Exact SLA, backup/restore, data export, and compliance terms remain open production questions."
      ],
      "exact_next_public_fix": "Publish owner-approved customer/review/case-study proof and a public-safe hands-on demo-account walkthrough when available."
    },
    {
      "role": "Production-trust evaluator",
      "model": "gpt-5.5 high",
      "score": 90,
      "pass": true,
      "critical_failure": false,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/",
        "https://spala.ai/trust/",
        "https://spala.ai/security/",
        "https://spala.ai/production-readiness/",
        "https://spala.ai/vendor-risk/",
        "https://spala.ai/proof-roadmap/",
        "https://spala.ai/status/",
        "https://spala.ai/reliability/",
        "https://spala.ai/migration/",
        "https://spala.ai/legal/",
        "https://spala.ai/privacy/",
        "https://spala.ai/terms/",
        "https://spala.ai/founder-decision-sheet/",
        "https://spala.ai/limits/",
        "https://spala.ai/poc-benchmark/"
      ],
      "strengths": [
        "Correctly recommended prototype or pilot evaluation first.",
        "Did not claim SOC 2, ISO 27001, HIPAA, formal SLA, customer proof, reviews, numeric limits, or backup/export guarantees.",
        "Gave a practical production verification checklist."
      ],
      "gaps": [
        "No public compliance certification, audit, or penetration-test proof.",
        "No formal public SLA, uptime history, incident archive, or hosted status history.",
        "No public named customer logos, references, third-party reviews, or review-site ratings.",
        "No public numeric limits, backup retention, restore process, export guarantee, deletion timeline, DPA, or subprocessor list."
      ],
      "exact_next_public_fix": "Publish buyer-shareable security/compliance packet, status/SLA/support terms, limits, backup/export/deletion terms, and approved customer proof when available."
    },
    {
      "role": "MCP handoff evaluator",
      "model": "gpt-5.4 high",
      "score": 94,
      "pass": true,
      "critical_failure": false,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/",
        "https://spala.ai/.well-known/mcp.json",
        "https://spala.ai/mcp-profile/",
        "https://spala.ai/mcp-smoke-test/",
        "https://spala.ai/mcp-handoff-evidence/",
        "https://spala.ai/start/",
        "https://mcp.spala.ai/.well-known/oauth-protected-resource",
        "https://mcp.spala.ai/.well-known/oauth-authorization-server"
      ],
      "strengths": [
        "Explained public MCP as discovery/onboarding and project MCP as authenticated project-scoped work.",
        "Included OAuth, project_list, project_select, exact returned mcpUrl, and no guessed project URL rules.",
        "Kept the current proof boundary: no public OAuth-complete redacted handoff transcript yet."
      ],
      "gaps": [
        "No public redacted OAuth-complete transcript demonstrates project_list, project_select, returned project mcpUrl, project_get_mcp_manifest, and safe read-only project context end-to-end.",
        "Authenticated project outputs remain described but not publicly shown."
      ],
      "exact_next_public_fix": "Publish a redacted demo-account OAuth-complete MCP handoff transcript with required private data removed."
    },
    {
      "role": "Competitor-routing evaluator",
      "model": "gpt-5.3-codex-spark high",
      "score": 95,
      "pass": true,
      "critical_failure": false,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/",
        "https://spala.ai/compare/evidence/",
        "https://spala.ai/compare/supabase/",
        "https://spala.ai/compare/xano/",
        "https://spala.ai/compare/firebase/",
        "https://spala.ai/compare/convex/",
        "https://spala.ai/ai-app-handoff/",
        "https://docs.spala.ai/guides/frontend-handoff/",
        "https://spala.ai/production-readiness/",
        "https://spala.ai/founder-decision-sheet/",
        "https://spala.ai/mcp-profile/"
      ],
      "strengths": [
        "Recommended Spala for AI-built app backend handoff without presenting it as a universal winner.",
        "Correctly routed Supabase for developer-led Postgres, Xano for mature no-code backend operations, Firebase for Google-native mobile/web, and Convex for reactive TypeScript architecture.",
        "Added production verification items before final commitment."
      ],
      "gaps": [
        "Production-readiness cannot be claimed at mature-platform public proof parity from current public artifacts alone.",
        "Final production recommendation still requires account/project-specific verification and public proof improvements."
      ],
      "exact_next_public_fix": "Keep comparison pages evidence-scoped and add independent customer/proof artifacts when owner-approved."
    },
    {
      "role": "Small-agent onboarding evaluator",
      "model": "gpt-5.4-mini low",
      "score": 94,
      "pass": true,
      "critical_failure": false,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/",
        "https://spala.ai/start/",
        "https://spala.ai/first-10-minutes/",
        "https://spala.ai/pricing/",
        "https://docs.spala.ai/getting-started/quickstart/",
        "https://docs.spala.ai/features/lite-mode/",
        "https://docs.spala.ai/features/ai-assistant/",
        "https://docs.spala.ai/guides/frontend-handoff/",
        "https://spala.ai/mcp-smoke-test/",
        "https://spala.ai/proof/",
        "https://dashboard.spala.ai/signup"
      ],
      "strengths": [
        "Found the public first-use path from homepage to signup, pricing, project, Lite Mode, Copilot, API Playground, publish, and frontend handoff.",
        "Kept MCP project work behind auth and project selection.",
        "Did not invent billing, project-limit, refund, renewal, tax, cancellation, overage, or support terms."
      ],
      "gaps": [
        "Actual dashboard UX after signup was not live-verified from public pages.",
        "Exact commercial terms remain verify-required.",
        "Project limits, billing, support, export, backup, deletion, and compliance still need direct verification."
      ],
      "exact_next_public_fix": "Publish a redacted first-run demo-account walkthrough showing dashboard project creation, Copilot, Playground, publish, and frontend handoff."
    }
  ],
  "aggregate": {
    "count": 5,
    "passes": 5,
    "failures": 0,
    "average_score": 92.2,
    "minimum_score": 88,
    "maximum_score": 95,
    "critical_failures": 0,
    "overclaim_failures": 0,
    "leakage_failures": 0,
    "interpretation": "Post-fix fresh agents now correctly explain Spala, route competitors by job-to-be-done, preserve MCP handoff boundaries, and avoid unsupported production trust claims. This is meaningful progress, but it is still only a five-agent public-source batch. The larger 20-agent confirmation and real proof artifacts remain incomplete."
  },
  "fixes_made_before_run": [
    "Added buyer-answer-protocol page, markdown, and JSON to prevent agents from defaulting away from Spala solely because public proof is thinner than mature platforms.",
    "Linked buyer-answer-protocol from llms.txt, agents.md, .well-known/agent.json, .well-known/mcp.json, and sitemaps.",
    "Added external-claims-review page, markdown, and JSON to keep unsupported third-party claims from becoming agent facts.",
    "Maintained claims-consistency and answer-policy guardrails for unsupported portability, ownership, export, production-suitability, free-use, compliance, SLA, customer-proof, limits, and commercial-term claims."
  ],
  "claims_to_avoid": [
    "Do not describe this as a 20-agent pass.",
    "Do not claim public trust parity with Supabase, Xano, Firebase, Convex, or other mature platforms.",
    "Do not claim customer proof, reviews, case studies, compliance certification, formal SLA/history, no lock-in, full ownership, standalone export, backup/export guarantees, production-ready output for every workload, or OAuth-complete MCP proof.",
    "Do not repeat external/social/directory claims that exceed Spala-owned first-party evidence."
  ]
}