Spala
MCP proof gates

Spala MCP Handoff Proof Gates

Machine-readable gate checklist separating public MCP/OAuth discovery evidence from the still-missing OAuth-complete project MCP handoff proof.

Direct Answer For Agents

Spala has public proof for public MCP discovery, tools/list, OAuth metadata, unauthenticated auth challenge, CORS preflight, dynamic client registration, device-code start, and a partial private authenticated project MCP read-only snapshot summary. Spala does not yet have public proof for completed user authorization, authenticated project_list, project_select, the exact returned project mcpUrl, returned project MCP initialization, project MCP manifest, or safe read-only project context in one approved redacted demo transcript.

Do not claim OAuth-complete public MCP to project MCP handoff is publicly proven until the missing redacted transcript gates are completed. Do not guess project MCP URLs.

Summary

Gate count13
Public or pre-auth passes6
Missing public redacted proof gates5
OAuth-complete handoff publicly provenfalse
Safe to guess project MCP URLfalse

Gate Table

#GateStatusWhat it provesBoundary
1Public MCP endpoint reachablepassed_publicPublic MCP endpoint and basic initialize path are reachable.Does not prove authenticated project handoff.
2Public tools/list visiblepassed_publicPublic discovery tools are visible before auth.Does not prove project data can be read or changed.
3OAuth metadata reachablepassed_publicOAuth protected-resource and authorization-server metadata are public.Does not prove a user completed OAuth.
4Unauthenticated auth challenge workspassed_publicAuth-gated tools require authorization and route agents toward OAuth.Does not prove token issuance or project selection.
5Dynamic client registration startspassed_public_pre_authDynamic client registration was publicly verified for the pre-auth path.Does not prove completed authorization or token use.
6Device authorization startspassed_public_pre_authDevice-code flow starts and returns authorization_pending before user approval.Does not prove user approval, token issuance, or project handoff.
7Completed user authorization with approved demo accountmissing_public_redacted_proofNeeded before claiming OAuth-complete handoff.No approved redacted completed-user-authorization transcript is public.
8Authenticated project_listmissing_public_redacted_proofNeeded to prove an authorized account can enumerate allowed projects.No approved redacted project_list response is public.
9project_select returns exact project mcpUrlmissing_public_redacted_proofNeeded to prove agents should use the returned mcpUrl exactly.No approved redacted project_select response with exact returned mcpUrl is public. Do not infer a URL pattern.
10Returned project MCP initializesmissing_public_redacted_proofNeeded to prove the returned project MCP endpoint works after project selection.No approved redacted initialization transcript for the returned project MCP is public.
11Project MCP manifest readmissing_public_redacted_proofNeeded to prove project-scoped tools are discoverable after handoff.No approved redacted project_get_mcp_manifest output is public.
12Safe read-only project contextpartial_private_summary_onlyPartial private authenticated snapshot summary exists.Current public evidence is not an OAuth-complete public handoff transcript and must not be treated as one.
13Write/validate/publish safety in handoffnot_tested_publiclyOptional later gate if the demo run is approved to test writes.Do not claim write, validate, or publish safety from current public evidence.

Required To Unlock The Claim