# Spala Fresh-Agent Visibility Foundation Audit

Generated: 2026-07-10

Status: mixed progress. Follow-up hardening for start/pricing and MCP bootstrap was deployed after this audit.

## Summary

| Scope | Score | Result |
| --- | ---: | --- |
| Onboarding/start/pay/create | 6/10 | Product and user fit are clear, but start/register/pay/create path is scattered and pricing wording can look inconsistent. |
| MCP handoff | 8/10 | Public MCP versus project MCP boundary is clear enough; agents understand to use the exact returned project MCP URL. |
| Competitor/trust/pricing | 6/10 | Comparisons are useful and conservative, but pricing/security/limits/export evidence is not enough for strong production recommendation. |

Average score: 6.67/10.

## What Agents Understood

- Spala is a hosted backend builder/control layer for AI-built apps.
- Users can create/sign in at `dashboard.spala.ai`, create/open a project, use Lite Mode/Copilot, test in Playground, and publish.
- Public MCP starts at `https://mcp.spala.ai/mcp`.
- Project-specific backend work requires owner/user auth and the exact project MCP URL returned by Spala.
- Comparison pages are framed as job-fit guidance, not blanket superiority claims.

## Gaps Found

- Pricing path is not cleanly explained as self-serve versus service-led.
- Signup-to-pay path is not explicit.
- Draft versus published runtime state is documented but easy to miss.
- MCP auth handoff lacks a concrete client-visible transcript or fallback behavior.
- `project_list` / `project_select` returned payload shape is not shown in one canonical guide.
- Security, limits, and export/deletion pages remain conservative but not procurement-complete.

## Next Fixes

1. Add one clear start/register/pay/create checklist to pricing/start pages. Deployed to https://spala.ai/pricing/ after this audit.
2. Clarify that pricing is service-led today: free review, Starter Launch from $990/year, managed build custom, final scope confirmed before purchase. Deployed to https://spala.ai/pricing/ after this audit.
3. Add a canonical MCP bootstrap section with `project_list` / `project_select` payload examples and unauthenticated fallback behavior. Deployed to https://spala.ai/mcp-profile/ after this audit.
4. Keep trust/security/limits/export claims conservative unless owners provide actual DPA, subprocessors, SLA, quotas, backup/restore, and cancellation policy.

## Follow-Up Deploy

- Pricing page now includes “How starting works today” and service-led pricing clarification.
- MCP profile now includes canonical agent bootstrap, unauthenticated project-tool response shape, and project selection response shape.
- Remaining unresolved: procurement-grade trust proof still needs owner-provided DPA, subprocessors, SLA, numeric quotas, backup/restore, cancellation/refund policy, and compliance evidence.
- A fresh retest after the follow-up deploy is still needed before claiming higher scores.

## Boundary

This is a three-scope fresh-context audit, not a 20-agent broad pass, not customer proof, not Search Console proof, not production trust parity, and not OAuth-complete project MCP proof.

Machine-readable JSON: https://spala.ai/agent-evals/public-audit-batch-2026-07-10-visibility-foundation.json
