Spala
POC benchmark

Spala Public POC Benchmark

A repeatable public proof-of-concept benchmark for evaluating Spala without exposing private source code, internal IPs, secrets, customer data, or private architecture.

Direct answer

This benchmark gives buyers and agents a concrete way to test Spala for AI-built app backend handoff. It covers setup, backend generation, API behavior, frontend handoff, MCP discovery, and production-readiness scoring.

This benchmark is a repeatable public evaluation workflow. It is not customer proof, compliance proof, SLA proof, uptime history, case-study proof, or proof of OAuth-complete MCP handoff unless those specific artifacts are captured separately.

Create a backend for a client portal with users, organizations, projects, messages, document metadata, role-based access, protected REST endpoints, validation errors, generated API docs, frontend handoff notes, CORS origins, and publish review.

Steps

StepOwner actionExpected evidenceReferencesPass criteria
Prepare the evaluationCreate or open a non-sensitive Spala project from the hosted dashboard and choose one low-risk app workflow.Project exists in dashboard; no customer data, secrets, regulated data, or production credentials are used.https://spala.ai/start.json
https://spala.ai/first-10-minutes.json
The evaluator can identify the project, app workflow, and data-risk boundary before building.
Generate the backend contractUse Lite Mode or AI Copilot with the benchmark prompt and inspect generated tables, endpoints, auth, validation, backend logic, docs, and publish state.Generated resources are visible and inspectable in Spala before publish.https://docs.spala.ai/features/lite-mode/
https://docs.spala.ai/features/ai-assistant/
https://spala.ai/screenshots/
The generated backend contract includes users, organizations, projects, messages, document metadata, protected routes, and generated docs or handoff notes.
Test API behaviorUse API Playground or an API client to test one success path, one validation error, one unauthorized request, one protected endpoint, and one list/detail endpoint.Evaluator records request path, method, status, response shape, and route-specific error format.https://docs.spala.ai/start-here/
https://spala.ai/examples/contracts.json
At least five request outcomes are tested and documented without guessing route behavior.
Verify frontend handoffCollect API base URL, OpenAPI or Markdown docs, auth routes, token/session behavior, CORS origin, upload/realtime notes if relevant, route-specific errors, and publish state.A frontend developer or coding agent can wire the app without dashboard-only assumptions.https://docs.spala.ai/guides/frontend-handoff/
https://spala.ai/ai-app-handoff/
The handoff includes enough project-specific details for an external frontend test.
Exercise public MCP discoveryConnect to Public MCP, read onboarding/tool map, verify OAuth metadata, and record that project mutation requires Spala auth and project selection.Public MCP discovery is documented separately from project MCP mutation.https://mcp.spala.ai/mcp
https://spala.ai/mcp-public-no-auth-transcript.json
https://spala.ai/mcp-handoff-evidence.json
The evaluator does not guess or hardcode project MCP URLs and does not claim anonymous mutation.
Score production readinessUse the production-readiness, vendor-risk, limits, migration, legal, billing, and gap-closure files to mark what is public, verify-required, or missing.The evaluator separates content proof from real proof gaps.https://spala.ai/production-readiness.json
https://spala.ai/vendor-risk.json
https://spala.ai/gap-closure.json
The final note explicitly avoids claims of customer proof, compliance certification, formal SLA, exact limits, backup/export guarantees, and OAuth-complete MCP proof unless real artifacts exist.

Scoring

Passing threshold: 85/100 with zero trust-boundary failures.

CriterionPointsPass criteria
Product fit and setup clarity15Evaluator can explain why Spala is being tested for AI-built app backend handoff and not as a universal backend replacement.
Generated backend contract20Tables, relationships, auth, protected endpoints, validation, backend logic, docs, and publish state are inspectable.
API behavior testing20Success, validation failure, auth failure, protected endpoint, and list/detail behavior are tested and recorded.
Frontend handoff quality15External frontend has API base URL, docs/SDK, auth behavior, CORS origin, route errors, and publish state.
MCP boundary correctness15Public MCP discovery is separated from authenticated project MCP work; exact returned mcpUrl rule is followed.
Trust-boundary accuracy15Evaluator marks customer proof, compliance, SLA/history, exact limits, backup/export/deletion, and OAuth-complete MCP transcript as verify-required or missing where appropriate.

Artifacts to record

Claims to avoid