{
  "schema_version": "2026-07-09",
  "name": "Spala Project MCP Read-Only Snapshot",
  "status": "partial_private_capture_public_safe_summary",
  "purpose": "Public-safe summary of a private authenticated project MCP read-only verification attempt. It narrows the MCP proof gap without exposing project data or pretending the public OAuth handoff is complete.",
  "boundary": "This is not an OAuth-complete public MCP handoff transcript. It does not prove project_list, project_select, the exact returned mcpUrl, project MCP manifest, production readiness, customer proof, compliance, SLA, backup/export, deletion, source/runtime ownership, or successful project mutation.",
  "capture_context": {
    "capture_date": "2026-07-09",
    "account_type": "private authenticated Spala account",
    "project_identity": "redacted",
    "project_resource_details": "redacted",
    "raw_outputs": "not_published",
    "publication_reason": "Raw project MCP outputs may contain private project context. Only public-safe observations and failure boundaries are published."
  },
  "public_safe_observations": [
    {
      "step": "Authenticated project MCP onboarding",
      "attempted": true,
      "observed": "A private authenticated project MCP session returned onboarding context for the selected project.",
      "public_claim_enabled": "A project-scoped MCP surface exists for an authenticated Spala session.",
      "caveat": "This does not show how a fresh public client completes OAuth or selects the project."
    },
    {
      "step": "Authenticated project MCP tool map",
      "attempted": true,
      "observed": "A private authenticated project MCP session returned a tool map that includes project-oriented inspect, validate, and review workflows.",
      "public_claim_enabled": "Project MCP is intended for project-scoped workflow after authorization.",
      "caveat": "Tool names and private project context are not sufficient proof of end-to-end safe mutation or publish."
    },
    {
      "step": "project_get_state",
      "attempted": true,
      "observed": "The call was attempted, but the client reported output larger than the available capture context. No public-safe pass/fail result was extracted.",
      "public_claim_enabled": "None beyond attempted read-only capture.",
      "caveat": "Do not claim project state proof from this partial capture."
    },
    {
      "step": "project_validate",
      "attempted": true,
      "observed": "The call was attempted, but the client reported output larger than the available capture context. No public-safe validation result was extracted.",
      "public_claim_enabled": "None beyond attempted validation capture.",
      "caveat": "Do not claim validation passed or failed from this partial capture."
    },
    {
      "step": "project_test_review",
      "attempted": true,
      "observed": "The call was attempted, but the client reported output larger than the available capture context. No public-safe review result was extracted.",
      "public_claim_enabled": "None beyond attempted review capture.",
      "caveat": "Do not claim smoke tests passed or failed from this partial capture."
    }
  ],
  "proves": [
    "A private authenticated Spala project MCP session can return project-scoped onboarding/tool-map context.",
    "The project MCP read-only/validation/review tools were reachable enough to produce responses in a private session.",
    "Spala can publish a public-safe proof boundary without exposing source code, private project details, internal IPs, secrets, customer data, or raw project outputs."
  ],
  "does_not_prove": [
    "A fresh public agent can complete Spala OAuth from only public MCP metadata.",
    "project_list and project_select return the expected exact mcpUrl in a public transcript.",
    "The selected project MCP manifest is publicly captured.",
    "A safe read-only project context response is publicly captured.",
    "Validation, smoke tests, publish review, or mutation passed.",
    "Production readiness, mature-platform trust parity, customer proof, compliance, SLA, backup/export, deletion, cancellation, no lock-in, or source/runtime ownership terms."
  ],
  "redactions_applied": [
    "project name",
    "project IDs",
    "organization/account identifiers",
    "emails",
    "private project URLs",
    "resource names and counts",
    "raw tool responses",
    "tokens, cookies, session IDs, request IDs, and trace IDs",
    "source code, private repository data, internal IPs, infrastructure hostnames, secrets, env vars, customer data, and private architecture"
  ],
  "next_proof_needed": "Run the OAuth-complete transcript template with an approved demo account and publish a redacted transcript showing public MCP initialize, OAuth metadata, authorization completion, project_list, project_select, exact returned mcpUrl, returned project MCP initialize, project MCP manifest, and one safe read-only project context response.",
  "related": {
    "mcp_handoff_evidence": "https://spala.ai/mcp-handoff-evidence/",
    "mcp_handoff_evidence_json": "https://spala.ai/mcp-handoff-evidence.json",
    "transcript_template": "https://spala.ai/mcp-handoff-transcript-template/",
    "transcript_template_json": "https://spala.ai/mcp-handoff-transcript-template.json",
    "proof_capture_kit": "https://spala.ai/proof-capture-kit/",
    "latest_agent_audit": "https://spala.ai/agent-evals/public-audit-batch-23-clean-20-agent-run-2026-07-09.json"
  },
  "agent_guidance": "Cite this snapshot only as a partial private authenticated read-only capture. Do not use it to claim OAuth-complete public handoff or production readiness."
}
