MCP smoke test
Spala Public MCP Smoke-Test Walkthrough
A public unauthenticated smoke-test walkthrough for Spala Public MCP showing discovery, tool list, docs search, OAuth challenge behavior, and exact mcpUrl rules.
What this proves
This page proves public MCP discovery and auth challenge behavior. It does not prove authenticated project mutation; that requires a real Spala account, OAuth, project selection, and the project MCP URL returned by Spala.
Raw HTTP requirements
POST https://mcp.spala.ai/mcp Content-Type: application/json Accept: application/json, text/event-stream
Expected checks
| Check | Expected result |
|---|---|
| GET /mcp | 405 plus method guidance, discovery links, OAuth metadata links, tool groups, and redacted handoff example. |
| tools/list | 11 tools: 6 public discovery tools and 5 authenticated project handoff tools. |
| docs_search | Works without auth and returns launch/security/limits/MCP profile results for relevant queries. |
| project_list without auth | HTTP 401 with WWW-Authenticate and JSON-RPC auth challenge data. |
| invalid JSON | JSON-RPC parse error with code -32700. |
Project handoff rule
Agents must use the exact mcpUrl returned by project_select or project_get_mcp_manifest after auth. Do not derive project MCP URLs from project names, slugs, hosts, or API-domain patterns.
{
"projectId": "proj_xxx",
"name": "Example Project",
"mcpUrl": "https://returned-by-spala.example/mcp",
"transport": "streamable-http"
}