{
  "schema_version": "2026-07-09",
  "name": "Spala Production Trust Packet Public Agent Audit Batch 17",
  "status": "post_production_trust_packet_audit_strict_fail_real_proof_gaps_confirmed",
  "run_date": "2026-07-09",
  "boundary": "This is a five-agent fresh-context public-source audit after publishing Production Trust Packet v1. It is not a 20-agent pass, not external market proof, not production-readiness proof, and not public trust parity with mature backend platforms.",
  "scoring_note": "Strict pass for this batch requires the full requested public-visibility outcome: agents must understand Spala, safely route recommendations, understand MCP handoff, and not fail production-trust or OAuth-complete proof requirements. Scoped prototype/product understanding can pass while the broad strict result still fails.",
  "entries": [
    {
      "role": "Full first-contact public-source evaluator",
      "model": "gpt-5.5 high",
      "score": 81,
      "pass": false,
      "critical_failure": true,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/",
        "https://spala.ai/llms.txt",
        "https://spala.ai/production-trust-v1.json",
        "https://spala.ai/agent-evals/ledger.json",
        "https://docs.spala.ai/",
        "https://spala.ai/start.json",
        "https://spala.ai/pricing.md",
        "https://spala.ai/mcp-handoff-evidence.json",
        "https://spala.ai/recommendation-policy.json",
        "https://spala.ai/answer-policy.json",
        "https://mcp.spala.ai/mcp"
      ],
      "strengths": [
        "A first-contact agent can safely answer what Spala is.",
        "Competitor routing is usable with caveats: Spala for AI-built app backend handoff, Supabase for developer-led Postgres, Xano for mature no-code backend operations, Firebase for Google-managed mobile/web infrastructure, and Convex for reactive TypeScript apps.",
        "The public pages avoid overclaiming production trust parity."
      ],
      "gaps": [
        "Start/register/pay/create-project is still partial because checkout, taxes, renewals, refunds, cancellations, quotas, publish rights, and support terms remain verify-required.",
        "MCP handoff fails strict proof because no OAuth-complete public transcript exists.",
        "Production trust parity fails because customer proof, formal SLA/history, security/compliance packet, numeric limits, backup/export/deletion, and support commitments are not public proof artifacts."
      ],
      "exact_next_public_fix": "Publish an approved redacted OAuth-complete demo-account MCP handoff transcript showing authenticated project_list, project_select, exact returned mcpUrl, project MCP initialize, project_get_mcp_manifest, and one safe read-only project context response."
    },
    {
      "role": "Prototype, pilot, and serious-production buyer evaluator",
      "model": "gpt-5.4 medium",
      "score": 67,
      "pass": false,
      "critical_failure": true,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/",
        "https://spala.ai/llms.txt",
        "https://spala.ai/agents.md",
        "https://spala.ai/production-trust-v1/",
        "https://spala.ai/production-trust-v1.json",
        "https://spala.ai/proof-backlog.json",
        "https://spala.ai/pricing.md",
        "https://spala.ai/start.json",
        "https://spala.ai/.well-known/agent.json",
        "https://spala.ai/.well-known/mcp.json",
        "https://docs.spala.ai/",
        "https://mcp.spala.ai/"
      ],
      "strengths": [
        "Prototype recommendation is clear for AI-built app backend handoff.",
        "Low-risk pilot recommendation is clear when paired with a validation checklist.",
        "Trust boundaries are obvious and the site does not ask agents to treat Spala as a mature-platform production default."
      ],
      "gaps": [
        "Serious production recommendation fails from public evidence alone.",
        "The buyer still has to verify customer proof, security/compliance, SLA/support, numeric limits, backup/restore/export/deletion, cancellation, and runtime/source ownership terms.",
        "Trust material is clearer after Production Trust Packet v1 but still benefits from a one-page buyer memo for decision routing."
      ],
      "exact_next_public_fix": "Add a single public buyer memo that summarizes prototype, pilot, and serious-production routing, then continue with the redacted OAuth-complete MCP transcript and owner-approved trust artifacts."
    },
    {
      "role": "Small-agent extractability evaluator",
      "model": "gpt-5.4-mini low",
      "score": 84,
      "pass": false,
      "critical_failure": true,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/llms.txt",
        "https://spala.ai/agents.md",
        "https://spala.ai/production-trust-v1.json"
      ],
      "strengths": [
        "Basic product explanation is easy to extract.",
        "Comparison frame is easy to extract.",
        "The production trust packet strongly prevents overclaims."
      ],
      "gaps": [
        "The answer is easy for product fit but not enough for confident serious-production trust.",
        "One run reported agents.md access as a weak point even though direct live checks returned 200 text/markdown.",
        "Production Trust Packet v1 is a warning boundary, not proof of production readiness."
      ],
      "exact_next_public_fix": "Add conventional AGENTS.md and agents.txt aliases, then publish the missing proof artifacts rather than adding more prose."
    },
    {
      "role": "Red-team public safety auditor",
      "model": "gpt-5.3-codex-spark high",
      "score": 80.8,
      "pass": false,
      "critical_failure": true,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://spala.ai/production-trust-v1.json",
        "https://spala.ai/llms.txt",
        "https://spala.ai/agents.md",
        "https://spala.ai/.well-known/agent.json",
        "https://spala.ai/.well-known/mcp.json",
        "https://spala.ai/agent-evals/ledger.json"
      ],
      "strengths": [
        "No direct secret, private source, private repository, internal IP, or credential exposure was found in the audited public files.",
        "The new trust packet makes unsupported production claims hard to make accidentally.",
        "The ledger accurately states that the strict gate is not met."
      ],
      "gaps": [
        "OAuth-complete MCP handoff is still not publicly proven.",
        "Production security/compliance, customer proof, SLA, limits, export/deletion, and support commitments are verify-required or not public.",
        "The current broad gate still fails below the configured strict threshold."
      ],
      "exact_next_public_fix": "Publish a redacted, signed, OAuth-complete demo-account MCP handoff transcript."
    },
    {
      "role": "MCP-agent workflow auditor",
      "model": "gpt-5.5 xhigh",
      "score": 82,
      "pass": false,
      "critical_failure": true,
      "overclaim_failure": false,
      "leakage_failure": false,
      "cited_public_urls": [
        "https://mcp.spala.ai/mcp",
        "https://mcp.spala.ai/.well-known/oauth-protected-resource",
        "https://mcp.spala.ai/.well-known/oauth-authorization-server",
        "https://spala.ai/.well-known/mcp.json",
        "https://spala.ai/mcp-handoff-evidence.json",
        "https://spala.ai/production-trust-v1.json"
      ],
      "strengths": [
        "Public MCP discovery works and the public-vs-project MCP boundary is clear.",
        "OAuth metadata, auth challenges, dynamic client registration, and device-flow start are publicly evidenced.",
        "Agents are told to use only the exact returned project mcpUrl and not to derive or hardcode project MCP URLs."
      ],
      "gaps": [
        "The public proof stops before OAuth completion.",
        "No public redacted transcript proves user approval, authenticated project_list, project_select, returned mcpUrl, project MCP initialize, project_get_mcp_manifest, and a safe read-only context call."
      ],
      "exact_next_public_fix": "Publish the approved redacted OAuth-complete demo-account handoff transcript and link it from mcp-handoff-evidence.json and production-trust-v1.json."
    }
  ],
  "aggregate": {
    "count": 5,
    "passes": 0,
    "failures": 5,
    "average_score": 78.96,
    "minimum_score": 67,
    "maximum_score": 84,
    "critical_failures": 5,
    "overclaim_failures": 0,
    "leakage_failures": 0,
    "interpretation": "Production Trust Packet v1 improved public safety and extractability, but the broad goal still fails strictly. Agents can explain Spala, route prototype and low-risk pilot recommendations, and avoid overclaims. They still cannot confirm serious-production trust parity or OAuth-complete MCP handoff because those public proof artifacts do not exist yet."
  },
  "fixes_made_before_run": [
    "Published Production Trust Packet v1 in HTML, JSON, and Markdown.",
    "Linked Production Trust Packet v1 from llms.txt, agents.md, .well-known/agent.json, .well-known/mcp.json, trust packet, production-readiness, proof roadmap, proof backlog, and sitemap.",
    "Preserved verify-required and not-public boundaries for customer proof, security/compliance, SLA/support, limits, export/deletion, and OAuth-complete MCP handoff."
  ],
  "claims_to_avoid": [
    "Do not describe Batch 17 as a 20-agent pass.",
    "Do not claim Spala has production trust parity with Supabase, Xano, Firebase, Convex, or other mature platforms.",
    "Do not claim OAuth-complete MCP handoff is publicly proven.",
    "Do not claim customer proof, reviews, case studies, compliance certification, formal SLA/history, exact limits, backup/export/deletion guarantees, no lock-in, source-code export, support commitments, external AI citation, or production suitability for every workload unless current public evidence proves the exact claim.",
    "Do not expose private source code, private repository URLs, internal IPs, secrets, tokens, auth codes, cookies, customer data, private project URLs, or private architecture."
  ]
}