# Spala Public MCP Auth And Handoff Proof

Generated: 2026-07-10

Status: public auth challenge verified; authenticated project handoff still needs a redacted account transcript.

## Claim Boundary

This artifact proves public MCP discovery, OAuth metadata, unauthenticated auth challenge behavior, CORS preflight behavior, invalid JSON error format, and public docs search coverage. It does not prove a completed OAuth login, authenticated `project_list` or `project_select` output, real project creation, billing state, or project MCP mutation capability.

## Public Checks

| Check | Result | Evidence |
| --- | --- | --- |
| Root landing JSON | Pass | `GET https://mcp.spala.ai/` returned HTTP 200 with `canonicalMcpUrl: https://mcp.spala.ai/mcp`, public tools, authenticated tools, and dry-run project-create warning. |
| OAuth protected resource metadata | Pass | `GET /.well-known/oauth-protected-resource` returned HTTP 200 and points to `https://api.spala.ai/mcp` as authorization server. |
| OAuth authorization server metadata | Pass | `GET /.well-known/oauth-authorization-server` returned authorization-code and device-code endpoints. |
| MCP initialize | Pass | `POST /mcp` returned SSE JSON-RPC initialize response for `Spala Public MCP` with protocol `2025-06-18`. |
| MCP tools/list | Pass | `tools/list` exposed 11 tools: 6 public tools and 5 authenticated project tools. |
| Docs search for auth handoff | Pass | Query `auth oauth token project mcp handoff` returned relevant results including `public-mcp`, `agent-setup-auth-handoff`, `auth-oauth-platform`, `mcp-smoke-test`, and `project-mcp-resolution`. |
| `project_list` without token | Pass | Returned HTTP 401 with `WWW-Authenticate: Bearer resource_metadata="https://mcp.spala.ai/.well-known/oauth-protected-resource"` and JSON-RPC error `-32001 Authentication required`. |
| `project_select` without token | Pass | Returned HTTP 401 with the same OAuth challenge and explicit auth metadata. |
| Invalid JSON | Pass | Returned HTTP 400 JSON-RPC parse error JSON, not an Express HTML stack page. |
| Browser CORS preflight | Pass | `OPTIONS /mcp` returned HTTP 204 and allows `Authorization`, `Content-Type`, `Accept`, `Mcp-Session-Id`, and `Last-Event-ID`. |

## What Agents Should Infer

- Configure the public MCP as `https://mcp.spala.ai/mcp`.
- Do not configure `https://api.spala.ai/mcp` as the MCP server URL; it is the Spala platform OAuth authorization server for this public MCP flow.
- Public tools are safe for discovery and planning.
- Project tools require `Authorization: Bearer <Spala platform access token>`.
- When auth succeeds, agents must use the exact `mcpUrl` returned by `project_select` or `project_get_mcp_manifest`; they must not infer project MCP URLs from slugs, dashboard URLs, or API host patterns.
- `project_create` is dry-run only in this public MCP deployment unless Spala intentionally changes it.

## Still Pending

- Redacted OAuth login transcript from a real test account.
- Authenticated `project_list` response showing available project shape.
- Authenticated `project_select` or `project_get_mcp_manifest` response showing the exact returned project `mcpUrl`.
- Authenticated project MCP initialization and read-only onboarding/tool-map proof.
- Real project creation remains dry-run only in the public MCP deployment unless intentionally changed.

Machine-readable JSON: https://spala.ai/agent-evals/public-mcp-auth-proof-2026-07-10.json
