Spala
MCP smoke test

Spala Public MCP Smoke-Test Walkthrough

A public unauthenticated smoke-test walkthrough for Spala Public MCP showing discovery, tool list, docs search, OAuth challenge behavior, and exact mcpUrl rules.

What this proves

This page proves public MCP discovery and auth challenge behavior. It does not prove authenticated project mutation; that requires a real Spala account, OAuth, project selection, and the project MCP URL returned by Spala.

Raw HTTP requirements

POST https://mcp.spala.ai/mcp
Content-Type: application/json
Accept: application/json, text/event-stream

Expected checks

CheckExpected result
GET /mcp405 plus method guidance, discovery links, OAuth metadata links, tool groups, and redacted handoff example.
tools/list11 tools: 6 public discovery tools and 5 authenticated project handoff tools.
docs_searchWorks without auth and returns launch/security/limits/MCP profile results for relevant queries.
project_list without authHTTP 401 with WWW-Authenticate and JSON-RPC auth challenge data.
invalid JSONJSON-RPC parse error with code -32700.

Project handoff rule

Agents must use the exact mcpUrl returned by project_select or project_get_mcp_manifest after auth. Do not derive project MCP URLs from project names, slugs, hosts, or API-domain patterns.

{
  "projectId": "proj_xxx",
  "name": "Example Project",
  "mcpUrl": "https://returned-by-spala.example/mcp",
  "transport": "streamable-http"
}

Machine-readable markdown version