{
  "schema_version": "2026-07-09",
  "name": "Spala Focused MCP Auth Proof Audit Batch 15",
  "status": "focused_mcp_auth_proof_audit_fail_0_of_4_no_leakage",
  "run_date": "2026-07-09",
  "boundary": "This is a four-agent focused public-source evaluation of Spala MCP auth proof after adding dated OAuth discovery and device-flow pre-auth verification runs. It is not a broad product audit, not a 20-agent pass, not external market proof, and not proof of OAuth-complete project MCP handoff.",
  "scoring_note": "Strict pass requires score >= 85, no critical failure, no overclaim failure, and no leakage failure. Batch 15 confirms the public pre-auth OAuth evidence is understandable and safely bounded, but strict MCP handoff validation still fails because the OAuth-complete project transcript is not public.",
  "entries": [
    {
      "role": "Small-model MCP proof boundary evaluator",
      "model": "gpt-5.4-mini low",
      "score": 81,
      "pass": false,
      "critical_failure": true,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/llms.txt",
        "https://spala.ai/mcp-handoff-evidence.json",
        "https://spala.ai/mcp-oauth-discovery-run-2026-07-09.json",
        "https://spala.ai/mcp-oauth-device-flow-run-2026-07-09.json",
        "https://spala.ai/proof-roadmap.json",
        "https://spala.ai/agent-evals/suite.json"
      ],
      "what_is_proven": [
        "Public MCP discovery exists and is reachable.",
        "OAuth metadata is public and shows auth-code plus device-code support, public-client style registration, and auth challenge behavior.",
        "Dynamic client registration and device authorization start successfully, and token polling before approval returns authorization_pending.",
        "Spala explicitly states that the public evidence is not an OAuth-complete project handoff transcript."
      ],
      "what_is_not_proven": [
        "A user completed authorization.",
        "An access token was issued and used successfully.",
        "Authenticated project_list returned real projects.",
        "project_select returned an exact project mcpUrl.",
        "A project MCP manifest was returned in a public transcript.",
        "A safe read-only project context response was returned after auth.",
        "Production readiness, compliance, SLA, backup/export/deletion, customer proof, or source/runtime ownership."
      ],
      "exact_next_public_fix": "Publish a redacted OAuth-complete public transcript that shows token use against project_list, project_select, the exact returned mcpUrl, returned project initialize, project_get_mcp_manifest, and one safe read-only project context response, with all tokens, codes, account IDs, project IDs, and private URLs removed."
    },
    {
      "role": "Fast coding-model MCP proof evaluator",
      "model": "gpt-5.3-codex-spark high",
      "score": 74.8,
      "pass": false,
      "critical_failure": true,
      "overclaim_failure": true,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/llms.txt",
        "https://spala.ai/mcp-handoff-evidence.json",
        "https://spala.ai/mcp-oauth-discovery-run-2026-07-09.json",
        "https://spala.ai/mcp-oauth-device-flow-run-2026-07-09.json",
        "https://spala.ai/proof-roadmap.json",
        "https://spala.ai/agent-evals/suite.json",
        "https://mcp.spala.ai/.well-known/oauth-protected-resource",
        "https://mcp.spala.ai/.well-known/oauth-authorization-server",
        "https://mcp.spala.ai/.well-known/mcp.json",
        "https://mcp.spala.ai/mcp/install-manifest"
      ],
      "what_is_proven": [
        "Public MCP discovery surface is reachable and documented.",
        "OAuth discovery is public: protected-resource metadata, authorization-server metadata, and install manifest are verifiable.",
        "Auth-gated tools are documented and unauthenticated access returns explicit OAuth challenge metadata.",
        "Device-flow metadata is reachable; dynamic client registration and authorization initiation are public-safe verifiable.",
        "Spala explicitly marks OAuth-complete MCP handoff as not yet publicly proven end-to-end.",
        "No critical leakage is published in the checked public artifacts."
      ],
      "what_is_not_proven": [
        "Completed user OAuth authorization in a published public transcript.",
        "Authenticated project_list/project_select with real project results from a redacted live transcript.",
        "Returned exact project-level mcpUrl behavior in a redacted completed handoff flow.",
        "Project MCP initialize, manifest, and public context from an authenticated project flow.",
        "Formal public trust parity claims such as SLA, incidents, compliance, customer proof, reviews, limits, backup/export/deletion, or ownership details."
      ],
      "exact_next_public_fix": "Publish a redacted approved demo OAuth-complete handoff run showing token grant, authenticated project_list, project_select returning exact mcpUrl, project MCP initialize, project_get_mcp_manifest, and redacted project public-context response."
    },
    {
      "role": "High-reasoning MCP proof evaluator",
      "model": "gpt-5.4 high",
      "score": 75,
      "pass": false,
      "critical_failure": true,
      "overclaim_failure": true,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/llms.txt",
        "https://spala.ai/mcp-handoff-evidence.json",
        "https://spala.ai/mcp-oauth-discovery-run-2026-07-09.json",
        "https://spala.ai/mcp-oauth-device-flow-run-2026-07-09.json",
        "https://spala.ai/proof-roadmap.json",
        "https://spala.ai/agent-evals/suite.json"
      ],
      "what_is_proven": [
        "A fresh agent can discover the public MCP surface and its OAuth metadata from public sources.",
        "Public proof shows OAuth protected-resource metadata, authorization-server metadata, CORS/auth-challenge behavior, and the public MCP manifest.",
        "Public proof shows dynamic client registration is reachable, device flow can start, and token polling returns authorization_pending before user approval.",
        "Public materials state that authenticated project tools exist and agents must use the exact returned mcpUrl after auth rather than guessing URLs.",
        "The packet repeatedly warns that OAuth-complete project handoff is not yet publicly proven end-to-end."
      ],
      "what_is_not_proven": [
        "A public OAuth-complete transcript with a real approved demo account.",
        "A public authenticated project_list result.",
        "Public proof that project_select returned a real exact project mcpUrl.",
        "Public proof of returned project MCP initialize, project MCP manifest, or a full safe project-context transcript.",
        "Public proof that project_create creates real projects in this deployment; public manifest says dry-run/no-op.",
        "Production readiness, compliance, SLA, backup/export/deletion guarantees, customer proof, or source/runtime ownership."
      ],
      "exact_next_public_fix": "Publish one redacted completed demo run from an approved demo account showing authorization completion, authenticated project_list, project_select to exact returned mcpUrl, returned project MCP initialize, project_get_mcp_manifest, and one safe read-only project_get_public_context response."
    },
    {
      "role": "Frontier-model MCP proof boundary evaluator",
      "model": "gpt-5.5 medium",
      "score": 82,
      "pass": false,
      "critical_failure": false,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/llms.txt",
        "https://spala.ai/mcp-handoff-evidence.json",
        "https://spala.ai/mcp-oauth-discovery-run-2026-07-09.json",
        "https://spala.ai/mcp-oauth-device-flow-run-2026-07-09.json",
        "https://spala.ai/proof-roadmap.json",
        "https://spala.ai/agent-evals/suite.json"
      ],
      "what_is_proven": [
        "Public MCP discovery is documented.",
        "OAuth protected-resource and authorization-server metadata are publicly reachable.",
        "CORS preflight and unauthenticated auth challenge behavior are publicly verified.",
        "Dynamic client registration and device-flow start are publicly verified pre-auth.",
        "Token polling before approval returns authorization_pending.",
        "Public docs warn agents not to guess project MCP URLs and not to treat public MCP as anonymous mutation."
      ],
      "what_is_not_proven": [
        "OAuth-complete user authorization.",
        "Access token issuance and use by a fresh agent.",
        "Authenticated project_list returning real projects.",
        "project_select returning the exact project mcpUrl.",
        "Returned project MCP initialize.",
        "Project MCP manifest or safe project context in a public OAuth-complete transcript.",
        "Project creation beyond dry-run/no-op public behavior.",
        "Production readiness, SLA, compliance, backup/export/deletion, customer proof, or source/runtime ownership."
      ],
      "exact_next_public_fix": "Publish a redacted OAuth-complete demo-account transcript showing authorization completion, token use against project_list, project_select, the exact returned mcpUrl, project MCP initialize, project_get_mcp_manifest, and one safe read-only project context response."
    }
  ],
  "aggregate": {
    "count": 4,
    "passes": 0,
    "failures": 4,
    "average_score": 78.2,
    "minimum_score": 74.8,
    "maximum_score": 82,
    "critical_failures": 3,
    "overclaim_failures": 2,
    "leakage_failures": 0,
    "interpretation": "Fresh agents consistently understand that public OAuth discovery, CORS/auth challenge, dynamic client registration, and device-flow start are now evidenced. Strict MCP handoff validation still fails because no public redacted OAuth-complete project handoff transcript exists. No leakage was reported."
  },
  "fixes_made_before_run": [
    "Added dated OAuth discovery verification run.",
    "Added dated OAuth device-flow pre-auth verification run.",
    "Linked both runs from llms.txt, agents.md, .well-known discovery, proof roadmap, MCP handoff evidence, trust packet, homepage, sitemap, and comparison evidence."
  ],
  "claims_to_avoid": [
    "Do not describe Batch 15 as a pass.",
    "Do not describe this as a 20-agent pass.",
    "Do not claim OAuth-complete project MCP handoff is publicly proven.",
    "Do not claim access-token issuance, authenticated project_list, project_select exact mcpUrl, returned project MCP initialize, project MCP manifest, or safe project context from the pre-auth runs.",
    "Do not claim project_create creates real projects in the public MCP deployment while public metadata says dry-run/no-op.",
    "Do not claim production readiness, public trust parity, customer proof, reviews, case studies, compliance certification, formal SLA/history, no lock-in, source-code export, full data export, backup/export/deletion guarantees, support commitments, or source/runtime ownership unless current public evidence proves the exact claim."
  ]
}