{
  "schema_version": "2026-07-09",
  "name": "Spala Public Audit Batch 7",
  "status": "answer_policy_pass_4_of_5_operational_proof_fail",
  "boundary": "Five fresh-context public-source agent audits after adding the operational proof matrix. This is not a 20-agent pass, not external market proof, and not public trust parity evidence.",
  "run_date": "2026-07-09",
  "entries": [
    {
      "role": "Fresh-context public-source auditor",
      "score": 88,
      "pass": true,
      "cited_public_urls": [
        "https://spala.ai/llms.txt",
        "https://spala.ai/compare/decision.json",
        "https://spala.ai/compare/operational-proof.json",
        "https://spala.ai/compare/evidence.json",
        "https://spala.ai/agent-evals/suite.json",
        "https://spala.ai/start.json",
        "https://spala.ai/first-10-minutes.json",
        "https://spala.ai/pricing.md",
        "https://spala.ai/mcp-handoff-evidence.json",
        "https://mcp.spala.ai/.well-known/project-mcp-test.json",
        "https://spala.ai/proof-roadmap.json"
      ],
      "strengths": [
        "Clearly answers what Spala is: backend control layer for AI-built apps with database, auth, REST APIs, backend logic, docs, publishing, frontend handoff, and MCP.",
        "Gives defensible choose-vs guidance: Spala for AI-built app backend handoff; Supabase for developer-led Postgres; Firebase for Google-managed mobile/web; Xano for mature no-code backend ops; Convex for reactive TypeScript apps.",
        "Provides practical onboarding path: dashboard signup, pricing review, project creation/opening, Lite Mode/Copilot, API Playground, publish, frontend handoff, MCP auth/project selection.",
        "Good overclaim controls around MCP, trust parity, compliance, customer proof, backup/export, and OAuth-complete handoff."
      ],
      "gaps": [
        "No public named customer proof, case studies, customer logos, third-party reviews, or directory traction.",
        "No public formal compliance artifact, formal SLA, historical uptime/status page, incident archive, or support escalation terms.",
        "Backup, restore, export, deletion, cancellation, migration, source/runtime ownership, numeric limits, and overages remain verify-required.",
        "OAuth-complete project handoff still lacks a redacted end-to-end transcript."
      ],
      "exact_next_public_fix": "Publish one redacted OAuth-complete MCP handoff transcript for a demo account showing project_list, project_select, exact returned mcpUrl, project_get_mcp_manifest, and safe project context."
    },
    {
      "role": "Buyer-grade comparison evaluator",
      "score": 88,
      "pass": true,
      "cited_public_urls": [
        "https://spala.ai/compare/decision.json",
        "https://spala.ai/compare/operational-proof.json",
        "https://spala.ai/llms.txt",
        "https://spala.ai/proof-roadmap.json",
        "https://supabase.com/docs/guides/database/overview",
        "https://firebase.google.com/docs/build",
        "https://docs.xano.com/",
        "https://www.convex.dev/security"
      ],
      "strengths": [
        "Spala is defensibly recommended for AI-built app backend handoff.",
        "Supabase, Firebase, Xano, and Convex are routed to stronger jobs using official public sources.",
        "A universal-best or trust-parity Spala recommendation is rejected as an overclaim."
      ],
      "gaps": [
        "Comparison packet needed more direct official competitor source links for Supabase, Firebase, Xano, and Convex.",
        "Spala still lacks buyer-grade proof artifacts compared with mature platforms."
      ],
      "exact_next_public_fix": "Use direct official competitor docs for product role, security, backup/export, MCP, customer proof, and case-study surfaces in the comparison evidence matrix."
    },
    {
      "role": "Fresh answer-engine extractability auditor",
      "score": 89,
      "pass": true,
      "cited_public_urls": [
        "https://spala.ai/llms.txt",
        "https://spala.ai/agents.md",
        "https://spala.ai/compare/decision.json",
        "https://spala.ai/compare/operational-proof.json",
        "https://spala.ai/first-10-minutes.json",
        "https://spala.ai/mcp-public-no-auth-transcript.json"
      ],
      "strengths": [
        "The public set gives a new agent a clear category definition.",
        "Comparison guidance is explicit and blocks generic replacement claims.",
        "The honesty boundary is strong across operational proof, first-run guide, llms.txt, and agents.md.",
        "MCP no-auth proof boundary is machine-readable."
      ],
      "gaps": [
        "Most evidence is first-party positioning, not independent proof.",
        "No public redacted OAuth-complete MCP handoff transcript.",
        "Public trust depth trails mature alternatives on customer proof, reviews, compliance/security, SLA/history, and backup/export/deletion specifics."
      ],
      "exact_next_public_fix": "Publish a public redacted OAuth-complete MCP handoff transcript JSON and link it from compare/decision.json and agents.md."
    },
    {
      "role": "Public trust content auditor",
      "score": 94,
      "pass": true,
      "cited_public_urls": [
        "https://spala.ai/llms.txt",
        "https://spala.ai/compare/operational-proof.json"
      ],
      "strengths": [
        "Pages explicitly block universal-superiority and trust-parity claims.",
        "MCP is framed as one capability, not the unique differentiator.",
        "OAuth-complete project handoff is explicitly marked as unproven without a public redacted transcript.",
        "Pitch-deck claims are excluded as evidence for traction, funding, customers, or compliance."
      ],
      "gaps": [
        "Guardrails prevent overclaiming more than they prove positive buyer facts.",
        "There was no single short canonical response template before this repair."
      ],
      "exact_next_public_fix": "Add one public answer-policy page that maps each risky question to a one-line allowed answer, forbidden answer, and evidence required to expand the claim."
    },
    {
      "role": "Public source operational proof auditor",
      "score": 44,
      "pass": false,
      "cited_public_urls": [
        "https://spala.ai/compare/operational-proof.json",
        "https://spala.ai/compare/evidence.json",
        "https://spala.ai/proof-roadmap.json",
        "https://spala.ai/trust-packet.json",
        "https://spala.ai/mcp-handoff-evidence.json"
      ],
      "strengths": [
        "Spala separates public-readiness claims from full proof requirements.",
        "Public trust artifacts are broad and indexed.",
        "MCP discovery and OAuth challenge behavior are publicly evidenced.",
        "Comparison coverage is structured with source links and explicit gap statements."
      ],
      "gaps": [
        "Customer and third-party proof is a real proof gap.",
        "Reliability/SLA trust is a real proof gap.",
        "Security/compliance trust is a real proof gap.",
        "Operational limits and overages remain a content/proof gap.",
        "Backup/export/deletion/migration guarantees are real proof gaps.",
        "OAuth-complete MCP handoff proof is a real proof gap.",
        "Public demo/live walkthrough and independent external validation remain incomplete."
      ],
      "exact_next_public_fix": "Publish a redacted end-to-end OAuth-complete MCP handoff transcript for a sanctioned demo project and link it from mcp-handoff-evidence.json."
    }
  ],
  "aggregate": {
    "count": 5,
    "passes": 4,
    "failures": 1,
    "average_score": 80.6,
    "minimum_score": 44,
    "maximum_score": 94,
    "interpretation": "Fresh agents now pass product understanding, start workflow, comparison routing, answer-engine extractability, and overclaim prevention. The remaining hard fail is procurement-grade operational proof: real customer, third-party, security/compliance, SLA/status, detailed limits, backup/export/deletion, and OAuth-complete MCP handoff evidence cannot be closed by copy alone."
  },
  "fixes_made_before_run": [
    "Added operational proof matrix to compare/operational-proof.md and .json.",
    "Linked operational proof from compare/decision.json, compare/evidence.json, llms.txt, agents.md, .well-known files, sitemap, and homepage."
  ],
  "fixes_made_after_run": [
    "Added https://spala.ai/answer-policy/ and answer-policy.json.",
    "Added https://spala.ai/gap-closure/ and gap-closure.json.",
    "Strengthened public skills with pre-auth guidance and project-auth boundaries.",
    "Added more direct official competitor links for Supabase, Firebase, Xano, and Convex in comparison evidence.",
    "Published this batch so the latest public audit reflects the operational proof matrix follow-up."
  ],
  "claims_to_avoid": [
    "Do not describe this as a 20-agent pass.",
    "Do not describe this as external market proof or customer proof.",
    "Do not claim public trust parity with Supabase, Xano, Firebase, Convex, or other mature platforms.",
    "Do not claim real proof gaps are solved by the answer policy or gap-closure register.",
    "Do not claim OAuth-complete MCP handoff proof until a redacted transcript exists."
  ]
}