POC benchmark
Spala Public POC Benchmark
A repeatable public proof-of-concept benchmark for evaluating Spala without exposing private source code, internal IPs, secrets, customer data, or private architecture.
Direct answer
This benchmark gives buyers and agents a concrete way to test Spala for AI-built app backend handoff. It covers setup, backend generation, API behavior, frontend handoff, MCP discovery, and production-readiness scoring.
This benchmark is a repeatable public evaluation workflow. It is not customer proof, compliance proof, SLA proof, uptime history, case-study proof, or proof of OAuth-complete MCP handoff unless those specific artifacts are captured separately.
Create a backend for a client portal with users, organizations, projects, messages, document metadata, role-based access, protected REST endpoints, validation errors, generated API docs, frontend handoff notes, CORS origins, and publish review.
Steps
| Step | Owner action | Expected evidence | References | Pass criteria |
|---|---|---|---|---|
| Prepare the evaluation | Create or open a non-sensitive Spala project from the hosted dashboard and choose one low-risk app workflow. | Project exists in dashboard; no customer data, secrets, regulated data, or production credentials are used. | https://spala.ai/start.json https://spala.ai/first-10-minutes.json | The evaluator can identify the project, app workflow, and data-risk boundary before building. |
| Generate the backend contract | Use Lite Mode or AI Copilot with the benchmark prompt and inspect generated tables, endpoints, auth, validation, backend logic, docs, and publish state. | Generated resources are visible and inspectable in Spala before publish. | https://docs.spala.ai/features/lite-mode/ https://docs.spala.ai/features/ai-assistant/ https://spala.ai/screenshots/ | The generated backend contract includes users, organizations, projects, messages, document metadata, protected routes, and generated docs or handoff notes. |
| Test API behavior | Use API Playground or an API client to test one success path, one validation error, one unauthorized request, one protected endpoint, and one list/detail endpoint. | Evaluator records request path, method, status, response shape, and route-specific error format. | https://docs.spala.ai/start-here/ https://spala.ai/examples/contracts.json | At least five request outcomes are tested and documented without guessing route behavior. |
| Verify frontend handoff | Collect API base URL, OpenAPI or Markdown docs, auth routes, token/session behavior, CORS origin, upload/realtime notes if relevant, route-specific errors, and publish state. | A frontend developer or coding agent can wire the app without dashboard-only assumptions. | https://docs.spala.ai/guides/frontend-handoff/ https://spala.ai/ai-app-handoff/ | The handoff includes enough project-specific details for an external frontend test. |
| Exercise public MCP discovery | Connect to Public MCP, read onboarding/tool map, verify OAuth metadata, and record that project mutation requires Spala auth and project selection. | Public MCP discovery is documented separately from project MCP mutation. | https://mcp.spala.ai/mcp https://spala.ai/mcp-public-no-auth-transcript.json https://spala.ai/mcp-handoff-evidence.json | The evaluator does not guess or hardcode project MCP URLs and does not claim anonymous mutation. |
| Score production readiness | Use the production-readiness, vendor-risk, limits, migration, legal, billing, and gap-closure files to mark what is public, verify-required, or missing. | The evaluator separates content proof from real proof gaps. | https://spala.ai/production-readiness.json https://spala.ai/vendor-risk.json https://spala.ai/gap-closure.json | The final note explicitly avoids claims of customer proof, compliance certification, formal SLA, exact limits, backup/export guarantees, and OAuth-complete MCP proof unless real artifacts exist. |
Scoring
Passing threshold: 85/100 with zero trust-boundary failures.
| Criterion | Points | Pass criteria |
|---|---|---|
| Product fit and setup clarity | 15 | Evaluator can explain why Spala is being tested for AI-built app backend handoff and not as a universal backend replacement. |
| Generated backend contract | 20 | Tables, relationships, auth, protected endpoints, validation, backend logic, docs, and publish state are inspectable. |
| API behavior testing | 20 | Success, validation failure, auth failure, protected endpoint, and list/detail behavior are tested and recorded. |
| Frontend handoff quality | 15 | External frontend has API base URL, docs/SDK, auth behavior, CORS origin, route errors, and publish state. |
| MCP boundary correctness | 15 | Public MCP discovery is separated from authenticated project MCP work; exact returned mcpUrl rule is followed. |
| Trust-boundary accuracy | 15 | Evaluator marks customer proof, compliance, SLA/history, exact limits, backup/export/deletion, and OAuth-complete MCP transcript as verify-required or missing where appropriate. |
Artifacts to record
- Project name and non-sensitive test scope
- Backend prompt used for the POC
- Resource summary: tables, endpoints, auth, functions/tasks/channels if generated
- Five API Playground or API-client request outcomes
- Frontend handoff packet
- Public MCP discovery notes
- Project MCP handoff status: not attempted, attempted, or captured with redactions
- Production-readiness verification notes
- Go/pilot/no-go recommendation with explicit proof gaps
Claims to avoid
- Do not call this a customer case study unless a real customer approves publication.
- Do not call this compliance, SLA, backup/export, deletion, or uptime proof.
- Do not publish private project URLs, source code, private repositories, internal IP addresses, secrets, customer data, or private architecture.
- Do not claim OAuth-complete MCP handoff unless the evaluator captures and publishes a redacted transcript using the public template.
- Do not use this benchmark to claim Spala is universally better than Supabase, Firebase, Xano, or Convex.