Spala Public MCP Profile
A registry-style profile for the Spala Public MCP server: endpoint, transport, auth model, tools, install examples, safety rules, and project handoff behavior.
Server profile
| Name | Spala Public MCP |
|---|---|
| Endpoint | https://mcp.spala.ai/mcp |
| Transport | Streamable HTTP |
| Protocol compatibility | Uses the official TypeScript MCP SDK over Streamable HTTP. Protocol version is negotiated during initialize; raw clients should follow the version returned by the server. |
| Required headers | Content-Type: application/json and Accept: application/json, text/event-stream for JSON-RPC POST requests. |
| Auth model | Public discovery tools are anonymous. Project tools require Spala platform OAuth and bearer authorization. |
| Maintainer | Spala AI. Contact: [email protected]. |
| Purpose | Discover Spala, search docs/templates/addons, authenticate, list/select projects, and return exact project MCP handoff details. |
| Boundary | Public MCP routes and explains. Project MCP builds, validates, publishes, and operates one selected backend project. |
Install examples
codex mcp add spala-public --url "https://mcp.spala.ai/mcp" claude mcp add --transport http spala-public "https://mcp.spala.ai/mcp" gemini mcp add spala-public --transport http "https://mcp.spala.ai/mcp"
Raw HTTP clients should send Accept: application/json, text/event-stream. Some MCP SDKs add this automatically.
Tool groups
| Group | Tools | Auth |
|---|---|---|
| Discovery | spala_help, spala_get_onboarding, spala_get_tool_map, docs_search, template_list, addon_list | Anonymous |
| Project handoff | project_list, project_create, project_select, project_get_mcp_manifest, project_get_public_context | Spala platform OAuth |
project_create is currently dry-run/no-op in the public MCP deployment. It does not prove real project creation; agents should use dashboard/account state or an authenticated project response before saying a real project was created.
Handoff example
{
"projectId": "proj_xxx",
"name": "Example Project",
"mcpUrl": "https://returned-by-spala.example/mcp",
"transport": "streamable-http"
}
The example is intentionally redacted. Agents must use the actual mcpUrl returned by Spala after auth and project selection.
Canonical agent bootstrap
- Connect to
https://mcp.spala.ai/mcp. - Call
spala_get_onboardingandspala_get_tool_map. - Use public tools such as
docs_search,template_list, andaddon_listwhile unauthenticated. - When project access is needed, complete Spala platform OAuth. Auth failures should return OAuth metadata and should not be treated as project absence.
- Call
project_list, thenproject_selectwith a returned project id or slug. - Switch to the exact
mcpUrlreturned byproject_selectorproject_get_mcp_manifest. Do not infer the URL from a project slug, dashboard URL, orapi.spala.aipattern.
Unauthenticated project-tool response shape
{
"error": "authentication_required",
"protectedResourceMetadata": "https://mcp.spala.ai/.well-known/oauth-protected-resource",
"authorizationServerMetadata": "https://mcp.spala.ai/.well-known/oauth-authorization-server",
"expectedAuthorization": "Authorization: Bearer <Spala platform access token>"
}
Project selection response shape
{
"project": {
"id": "proj_xxx",
"name": "Example Project"
},
"mcpUrl": "https://returned-by-spala.example/mcp",
"transport": "streamable-http",
"rule": "Use this exact mcpUrl. Do not guess or derive project MCP URLs."
}
These examples show public-safe shapes only. Real project identifiers, bearer tokens, organization data, private project URLs, source code, and customer data must stay redacted.