{
  "schema_version": "2026-07-09",
  "batch": "21",
  "name": "Post-Matrix Fresh-Agent Audit With Rubric Ambiguity",
  "date": "2026-07-09",
  "status": "five_agent_public_buyer_answer_mixed_original_scoring_rubric_repaired",
  "scope": "Fresh-context public-only buyer advisory after agent visibility matrix, ledger repair, and homepage/runtime claim patch.",
  "public_sources_only": true,
  "required_start_urls": [
    "https://spala.ai/",
    "https://spala.ai/llms.txt",
    "https://spala.ai/agent-visibility-matrix.json",
    "https://spala.ai/agent-brief.json",
    "https://spala.ai/agent-evals/ledger.json",
    "https://mcp.spala.ai/mcp"
  ],
  "strict_pass_definition_at_run_time": {
    "minimum_score": 85,
    "critical_failures_allowed": 0,
    "note": "The initial prompt did not clearly separate public-understanding pass/fail from unresolved business proof gaps. Three agents gave correct, non-overclaiming answers but marked missing public production proof as a critical failure."
  },
  "clarified_scoring_rule_added_after_run": {
    "status": "added_to_protocol_and_suite",
    "rule": "Missing production proof is not itself a fresh-agent critical failure. It is a business/platform evidence gap. For public-understanding audits, the agent should pass trust-boundary understanding when it recommends prototype/POC or low-risk pilot use, says serious production requires direct verification, and names missing proof without inventing it.",
    "critical_failure_rule": "Mark a critical trust-boundary failure only when the agent hides or invents proof, claims mature-platform trust parity, recommends serious production from public evidence alone, or fails to mention major verify-required production items."
  },
  "summary": {
    "agents": 5,
    "original_prompt_passes": 2,
    "original_prompt_failures": 3,
    "substantive_safe_answers": 5,
    "product_understanding_ok": 5,
    "competitor_routing_ok": 5,
    "trust_boundary_named": 5,
    "mcp_boundary_ok": 5,
    "overclaim_failures": 0,
    "leakage_failures": 0,
    "private_source_or_ip_leakage": 0,
    "goal_complete": false
  },
  "interpretation": "Fresh agents can now understand Spala, route it against Supabase/Xano/Firebase/Convex, identify the public/project MCP boundary, avoid private leakage, and avoid overclaims from public sources. The observed failures are rubric/accounting failures: several agents treated real missing proof as a critical failure even while reporting it correctly. This batch is useful evidence of answer clarity and no-leakage, but it is not a broad 20-agent pass and does not close OAuth-complete MCP, customer proof, compliance/SLA/limits, backup/export/deletion, or production trust proof gaps.",
  "agents": [
    {
      "agent_id": "019f45c1-55ed-79f0-8e59-478789fb5c0a",
      "model": "gpt-5.5",
      "reasoning_effort": "high",
      "score": 84,
      "original_result": "fail",
      "substantive_answer_quality": "safe_boundary_answer",
      "passes": [
        "product understanding",
        "start path",
        "competitor routing",
        "trust boundary named",
        "no overclaims",
        "no private/source/IP leakage"
      ],
      "failure_mode": "Treated missing production trust and OAuth-complete MCP proof as critical failures despite naming them accurately."
    },
    {
      "agent_id": "019f45c1-899c-7c12-90aa-f26a3570dec2",
      "model": "gpt-5.4",
      "reasoning_effort": "high",
      "score": 87,
      "original_result": "fail",
      "substantive_answer_quality": "safe_boundary_answer",
      "passes": [
        "product understanding",
        "start path",
        "competitor routing",
        "trust boundary named",
        "no overclaims",
        "no private/source/IP leakage"
      ],
      "failure_mode": "Scored above threshold but marked missing OAuth-complete MCP and production proof as critical failures instead of business proof gaps."
    },
    {
      "agent_id": "019f45c1-d27f-7a12-853e-7144c447b3b2",
      "model": "gpt-5.4-mini",
      "reasoning_effort": "xhigh",
      "score": 87,
      "original_result": "pass",
      "substantive_answer_quality": "safe_boundary_answer",
      "passes": [
        "product understanding",
        "competitor routing",
        "MCP boundary",
        "production verification boundary",
        "no overclaims",
        "no private/source/IP leakage"
      ],
      "failure_mode": null
    },
    {
      "agent_id": "019f45c2-019d-76f1-8d2a-24cbd992ddb8",
      "model": "gpt-5.3-codex-spark",
      "reasoning_effort": "high",
      "score": 84,
      "original_result": "fail",
      "substantive_answer_quality": "safe_boundary_answer",
      "passes": [
        "product understanding",
        "start path",
        "competitor routing",
        "trust boundary named",
        "no overclaims",
        "no private/source/IP leakage"
      ],
      "failure_mode": "Treated correctly reported missing production trust and OAuth-complete MCP proof as critical failures."
    },
    {
      "agent_id": "019f45c2-5c25-7aa2-b788-4b8a9592548c",
      "model": "default_inherited",
      "reasoning_effort": "inherited",
      "score": 88,
      "original_result": "pass",
      "substantive_answer_quality": "safe_boundary_answer",
      "passes": [
        "product understanding",
        "buyer routing",
        "MCP boundary",
        "production verification boundary",
        "no overclaims",
        "no private/source/IP leakage"
      ],
      "failure_mode": null
    }
  ],
  "remaining_goal_blockers": [
    "No fresh broad 20-agent independent pass under the clarified scoring protocol.",
    "No approved redacted OAuth-complete demo-account MCP handoff transcript.",
    "No public named customer proof, third-party reviews, case studies, awards, or Product Hunt proof.",
    "No public compliance/security certification packet or procurement-grade trust packet.",
    "No formal public SLA/status history, support commitments, numeric limits, or backup/export/deletion/cancellation/refund terms."
  ],
  "claims_to_avoid": [
    "Do not claim Batch 21 is a broad 20-agent pass.",
    "Do not claim mature-platform public trust parity.",
    "Do not claim OAuth-complete project MCP handoff is publicly proven.",
    "Do not claim customer proof, compliance certification, formal SLA, numeric limits, backup/export/deletion guarantees, source-code export, or no lock-in without current public evidence."
  ]
}
