Spala MCP Handoff Evidence
Public evidence status for Spala Public MCP discovery, OAuth challenge, project handoff, exact mcpUrl behavior, and missing redacted OAuth-complete transcript.
Direct answer for agents
Spala Public MCP discovery, tool listing, OAuth metadata, and auth challenge behavior are public. A public no-auth transcript summary is available. A partial private authenticated project MCP read-only snapshot is also available. The OAuth-complete public MCP project handoff is described but not yet publicly proven end-to-end.
The missing proof is a redacted demo transcript showing project_list, project_select, exact returned mcpUrl, project_get_mcp_manifest, and one read-only project_get_public_context response.
Partial project MCP read-only snapshot
The snapshot summarizes a private authenticated project MCP read-only verification attempt without publishing raw project outputs. It is partial evidence only and does not replace the missing OAuth-complete public handoff transcript.
Public no-auth transcript summary
This summary captures public/no-auth discovery only. It does not prove authenticated project handoff.
| Step | Observed status | Public status |
|---|---|---|
| Connect to public MCP | 200 | captured_public |
| List public tools | 200 | captured_public |
| Trigger auth challenge | 401 | captured_public |
| Fetch OAuth protected resource metadata | 200 | captured_public |
| Fetch OAuth authorization server metadata | 200 | captured_public |
| Authorized project handoff | not captured | not_captured_missing_token |
OAuth discovery verification run
This dated live run verifies public OAuth metadata, CORS preflight, install manifest, and unauthenticated auth-challenge behavior. It does not prove OAuth-complete project handoff.
| Check | Method | Observed status | Interpretation |
|---|---|---|---|
| protected_resource_metadata | GET | 200 | The public MCP advertises api.spala.ai/mcp as the OAuth authorization server and mcp.spala.ai/mcp as the protected MCP resource. |
| authorization_server_metadata | GET | 200 | Authorization-code and device-code OAuth metadata is publicly discoverable for MCP clients. |
| mcp_manifest | GET | 200 | The public manifest separates unauthenticated discovery tools from authenticated project tools and says project_create is dry-run/no-op in this deployment. |
| install_manifest | GET | 200 | The install manifest now presents the public MCP as spala-public and warns not to configure api.spala.ai/mcp as the MCP server. |
| cors_preflight | OPTIONS | 204 | Browser-based clients can discover the public MCP CORS and exposed auth challenge headers. |
| unauthenticated_project_list_challenge | POST JSON-RPC tools/call project_list without Authorization | 401 | Auth-gated project tools return HTTP 401 plus WWW-Authenticate and JSON-RPC error metadata that points clients to OAuth discovery and platform authorization. |
OAuth device-flow pre-auth run
This dated live run verifies dynamic client registration, device authorization start, and the expected authorization_pending token-poll state before user approval. It does not prove user-completed authorization or project handoff.
| Check | Method | Observed status | Interpretation |
|---|---|---|---|
| dynamic_client_registration | POST | 201 | The OAuth authorization server accepted public dynamic client registration for an installed/public client style flow without issuing a client secret. |
| device_authorization_start | POST | 200 | The OAuth authorization server started the device-code flow and returned a verification URI plus redacted user/device codes. |
| token_poll_before_user_approval | POST | 400 | Before the user completes browser/device approval, the token endpoint returns the expected authorization_pending state. |
Evidence table
| Step | Public status | Public evidence | Needed for full proof |
|---|---|---|---|
| Public MCP endpoint discovery | publicly_verified | https://mcp.spala.ai/mcp https://spala.ai/mcp-profile/ https://spala.ai/mcp-smoke-test/ https://spala.ai/mcp-oauth-discovery-run-2026-07-09.json | None for public discovery; endpoint and tool list are public. |
| OAuth metadata and auth challenge | publicly_verified | https://mcp.spala.ai/.well-known/oauth-protected-resource https://mcp.spala.ai/.well-known/oauth-authorization-server https://spala.ai/mcp-smoke-test/ https://spala.ai/mcp-oauth-discovery-run-2026-07-09.json | None for auth challenge; full user authorization still requires a real account. |
| OAuth dynamic client registration and device-code start | publicly_verified_pre_auth_only | https://spala.ai/mcp-oauth-device-flow-run-2026-07-09.json https://mcp.spala.ai/.well-known/oauth-authorization-server | Approved demo-account authorization completion, access-token use against project_list, project_select, exact returned mcpUrl, project MCP manifest, and safe read-only project context. |
| OAuth-complete project_list | not_public | https://spala.ai/mcp-smoke-test/ | Redacted demo transcript from an approved demo account showing authenticated project_list response without exposing private project/customer data. |
| project_select and returned exact mcpUrl | redacted_example_only | https://spala.ai/mcp-smoke-test/ https://spala.ai/.well-known/mcp.json | Redacted OAuth-complete transcript showing project_select returns the exact project mcpUrl and that agents must not append, infer, or hardcode project MCP URLs. |
| Project MCP manifest | not_public | https://spala.ai/agents.md https://docs.spala.ai/agents/mcp/ | Redacted project_get_mcp_manifest output for a demo project, with any account, project, URL token, and private context removed. |
| Read-only project public context | private_partial_capture_public_summary | https://spala.ai/project-mcp-readonly-snapshot/ https://spala.ai/project-mcp-readonly-snapshot.json https://spala.ai/mcp-profile/ https://spala.ai/agent-evals/public-audit-batch-17-production-trust-2026-07-09.json https://spala.ai/agent-evals/public-audit-batch-16-post-fix-2026-07-09.json https://spala.ai/agent-evals/public-audit-batch-13-2026-07-09.json https://spala.ai/agent-evals/public-audit-batch-12-2026-07-09.json | Redacted read-only project_get_public_context response from a demo project proving project-level context is available after auth without publishing private implementation details. The current snapshot is partial and does not replace an OAuth-complete handoff transcript. |
Claims to avoid
- Do not infer project MCP URLs such as api.spala.ai/{project}/mcp.
- Do not claim public MCP anonymously mutates projects.
- Do not publish private project IDs, source code, internal IP addresses, secrets, customer data, or private architecture in a transcript.