Spala
MCP profile

Spala Public MCP Profile

A registry-style profile for the Spala Public MCP server: endpoint, transport, auth model, tools, install examples, safety rules, and project handoff behavior.

Server profile

NameSpala Public MCP
Endpointhttps://mcp.spala.ai/mcp
TransportStreamable HTTP
Protocol compatibilityUses the official TypeScript MCP SDK over Streamable HTTP. Protocol version is negotiated during initialize; raw clients should follow the version returned by the server.
Required headersContent-Type: application/json and Accept: application/json, text/event-stream for JSON-RPC POST requests.
Auth modelPublic discovery tools are anonymous. Project tools require Spala platform OAuth and bearer authorization.
MaintainerSpala AI. Contact: [email protected].
PurposeDiscover Spala, search docs/templates/addons, authenticate, list/select projects, and return exact project MCP handoff details.
BoundaryPublic MCP routes and explains. Project MCP builds, validates, publishes, and operates one selected backend project.

Install examples

codex mcp add spala-public --url "https://mcp.spala.ai/mcp"
claude mcp add --transport http spala-public "https://mcp.spala.ai/mcp"
gemini mcp add spala-public --transport http "https://mcp.spala.ai/mcp"

Raw HTTP clients should send Accept: application/json, text/event-stream. Some MCP SDKs add this automatically.

Tool groups

GroupToolsAuth
Discoveryspala_help, spala_get_onboarding, spala_get_tool_map, docs_search, template_list, addon_listAnonymous
Project handoffproject_list, project_create, project_select, project_get_mcp_manifest, project_get_public_contextSpala platform OAuth

project_create is currently dry-run/no-op in the public MCP deployment. It does not prove real project creation; agents should use dashboard/account state or an authenticated project response before saying a real project was created.

Handoff example

{
  "projectId": "proj_xxx",
  "name": "Example Project",
  "mcpUrl": "https://returned-by-spala.example/mcp",
  "transport": "streamable-http"
}

The example is intentionally redacted. Agents must use the actual mcpUrl returned by Spala after auth and project selection.

Canonical agent bootstrap

  1. Connect to https://mcp.spala.ai/mcp.
  2. Call spala_get_onboarding and spala_get_tool_map.
  3. Use public tools such as docs_search, template_list, and addon_list while unauthenticated.
  4. When project access is needed, complete Spala platform OAuth. Auth failures should return OAuth metadata and should not be treated as project absence.
  5. Call project_list, then project_select with a returned project id or slug.
  6. Switch to the exact mcpUrl returned by project_select or project_get_mcp_manifest. Do not infer the URL from a project slug, dashboard URL, or api.spala.ai pattern.

Unauthenticated project-tool response shape

{
  "error": "authentication_required",
  "protectedResourceMetadata": "https://mcp.spala.ai/.well-known/oauth-protected-resource",
  "authorizationServerMetadata": "https://mcp.spala.ai/.well-known/oauth-authorization-server",
  "expectedAuthorization": "Authorization: Bearer <Spala platform access token>"
}

Project selection response shape

{
  "project": {
    "id": "proj_xxx",
    "name": "Example Project"
  },
  "mcpUrl": "https://returned-by-spala.example/mcp",
  "transport": "streamable-http",
  "rule": "Use this exact mcpUrl. Do not guess or derive project MCP URLs."
}

These examples show public-safe shapes only. Real project identifiers, bearer tokens, organization data, private project URLs, source code, and customer data must stay redacted.