MCP handoff transcript template
Spala MCP Handoff Transcript Template
Public-safe redaction and capture template for producing the missing OAuth-complete Spala Public MCP to project MCP handoff transcript.
Direct answer for agents
This is a public-safe capture plan for producing the missing OAuth-complete Spala Public MCP to project MCP handoff transcript. It is not itself proof that the handoff has been captured.
Use the exact project MCP URL returned after Spala authorization and project selection. Do not infer, append, or hardcode project MCP URLs.
Required transcript steps
| # | Step | What to capture | Expected result | Redact before publish |
|---|---|---|---|---|
| 1 | Connect to public MCP | Initialize an MCP client against https://mcp.spala.ai/mcp and record protocol initialization metadata. | Public MCP initializes and exposes public discovery tools. | client session identifiers local machine paths client-specific debug headers |
| 2 | List public tools | Call tools/list before authentication. | Public tools are visible. Project tools may be listed but must require authentication before returning private project state. | client-specific trace IDs |
| 3 | Trigger auth challenge | Call an auth-gated project tool such as project_list without a token. | The server returns an auth-required result or OAuth challenge that points agents to Spala platform authorization. | request IDs cookies session identifiers |
| 4 | Fetch OAuth metadata | Fetch protected-resource and authorization-server metadata from the public MCP domain. | OAuth metadata identifies Spala API authorization endpoints and supported flows. | none expected unless headers include session details |
| 5 | Complete Spala authorization | Complete browser/device authorization with an approved demo account. | Client receives an access token usable for the public MCP project-selection tools. | access tokens refresh tokens authorization codes cookies email addresses account IDs browser profile paths |
| 6 | Call project_list | Call project_list with the authorized demo account. | The public MCP returns projects available to the authorized account. | project IDs project names unless demo-approved organization IDs owner emails customer names plan/account identifiers |
| 7 | Call project_select | Select one approved demo project and record the response shape. | The response includes the exact project MCP URL or install handoff for that selected project. | project IDs project slug if not demo-approved tenant/account identifiers URL tokens private hostnames |
| 8 | Verify exact mcpUrl rule | Show that the client uses the returned mcpUrl exactly and does not derive an API-domain project path or any hardcoded pattern. | Transcript proves agents should trust the returned mcpUrl from project_select. | the full project MCP URL if it contains private identifiers; replace with https://[returned-project-mcp-url] while preserving field names |
| 9 | Connect to returned project MCP | Initialize a second MCP client against the returned project MCP URL. | Project MCP initializes only after authorization and project selection. | full project MCP URL if private session IDs trace IDs |
| 10 | Read project MCP manifest | Call project_get_mcp_manifest or the current equivalent manifest tool. | Project MCP describes project-scoped build, inspect, validate, and publish tools. | private resource names project IDs internal URLs private tool implementation details |
| 11 | Read public project context | Call a read-only project context or state inspection tool on the demo project. | The agent receives enough project context to understand the selected backend without exposing secrets. | table rows customer data secret names and values env vars private business data private source code internal architecture |
| 12 | Validate read-only safety | Confirm no write/build/publish action happens during the proof run unless explicitly approved. | The published transcript proves discovery and handoff without changing a customer project. | approval logs with personal names unless approved |
Required redactions
- Access tokens, refresh tokens, authorization codes, cookies, API keys, secrets, env var values, private keys, and bearer headers.
- Email addresses, account IDs, organization IDs, billing/customer IDs, and personal names unless explicitly approved for publication.
- Private project IDs, private project names, tenant slugs, exact project MCP URLs containing private identifiers, and URL tokens.
- Customer data, table rows, uploaded-file names, data samples, logs containing user content, and private business records.
- Private source code, private repository names or URLs, implementation architecture, internal IPs, stack traces, and non-public infrastructure hostnames.
- Local machine paths, browser profile paths, terminal usernames, SSH hostnames, and client session/debug identifiers.
Safe publish checklist
- Transcript uses an approved demo account and demo project.
- Every token, authorization code, cookie, email, account ID, project ID, tenant slug, URL token, and private project URL has been redacted.
- No customer data, private source code, private repo URL, internal IP, secret, stack trace, or private architecture detail appears.
- The transcript preserves field names and high-level response shapes needed for agents to understand the handoff.
- The transcript clearly labels itself as redacted and dated.
- The transcript separates public MCP discovery from project MCP build/validate/publish capabilities.
- Any write, validate, publish, or project mutation step is either omitted or explicitly approved and documented.