{
  "schema_version": "2026-07-09",
  "name": "Spala Public Trust Packet",
  "purpose": "Index of public trust, security, diligence, MCP, and buying-evaluation artifacts for Spala.",
  "boundary": "This is not a certification packet and does not claim public trust parity with larger backend platforms.",
  "claims_to_avoid": [
    "Do not claim SOC 2, ISO 27001, HIPAA, or other formal compliance certification unless current written evidence exists.",
    "Do not claim a public SLA, uptime history, named customers, public reviews, awards, or Product Hunt traction unless those artifacts exist.",
    "Do not expose private source code, private repositories, internal IPs, internal diagrams, secrets, or non-public customer data."
  ],
  "artifacts": [
    {
      "name": "Entity profile",
      "url": "https://spala.ai/entity/",
      "machineReadable": "https://spala.ai/entity.json",
      "purpose": "Canonical public facts for AI agents and answer engines: what Spala is, who it is for, capabilities, MCP boundary, comparison positioning, and trust limits."
    },
    {
      "name": "First 10 minutes",
      "url": "https://spala.ai/first-10-minutes/",
      "machineReadable": "https://spala.ai/first-10-minutes.json",
      "purpose": "Linear public first-run walkthrough covering signup, pricing boundary, project creation, Lite Mode, Copilot, API Playground, publish, frontend handoff, MCP, and production verification."
    },
    {
      "name": "Founder diligence checklist",
      "url": "https://spala.ai/diligence/",
      "machineReadable": "https://spala.ai/diligence.json",
      "purpose": "Pass/fail buying memo for founders and agents, including public facts and verification gaps."
    },
    {
      "name": "Founder decision sheet",
      "url": "https://spala.ai/founder-decision-sheet/",
      "machineReadable": "https://spala.ai/founder-decision-sheet.json",
      "purpose": "Prototype, pilot, and production go/no-go guidance for founders and agents, including evidence to request before production."
    },
    {
      "name": "Production readiness evidence",
      "url": "https://spala.ai/production-readiness/",
      "machineReadable": "https://spala.ai/production-readiness.json",
      "purpose": "Public production-readiness evidence checklist separating public proof from verify-required customer, compliance, SLA, limits, backup/export, and commercial terms."
    },
    {
      "name": "Production Trust Packet v1",
      "url": "https://spala.ai/production-trust-v1/",
      "machineReadable": "https://spala.ai/production-trust-v1.json",
      "purpose": "Single consolidated production-buyer packet showing public evidence, verify-required areas, not-public proof, and forbidden claims without pretending to close procurement-grade proof gaps."
    },
    {
      "name": "Buyer memo",
      "url": "https://spala.ai/buyer-memo/",
      "machineReadable": "https://spala.ai/buyer-memo.json",
      "purpose": "One-page decision memo for routing Spala recommendations by prototype, low-risk pilot, and serious-production stages while preserving verification boundaries."
    },
    {
      "name": "Proof backlog",
      "url": "https://spala.ai/proof-backlog/",
      "machineReadable": "https://spala.ai/proof-backlog.json",
      "purpose": "Prioritized public-safe backlog of the remaining evidence required before agents should treat Spala's public trust footprint as comparable to mature backend platforms."
    },
    {
      "name": "Customer proof status",
      "url": "https://spala.ai/customer-proof-status/",
      "machineReadable": "https://spala.ai/customer-proof-status.json",
      "purpose": "Direct answer for whether public customer logos, reviews, awards, Product Hunt validation, or case studies are currently evidenced. Use this before scoring customer-proof absence."
    },
    {
      "name": "Security evaluation",
      "url": "https://spala.ai/security/",
      "machineReadable": "https://spala.ai/security.json",
      "purpose": "Public-safe security evaluation guidance, compliance caveats, verify-required fields, and forbidden claims."
    },
    {
      "name": "Security context health",
      "url": "https://spala.ai/security-context-health/",
      "machineReadable": "https://spala.ai/security-context-health.json",
      "purpose": "Single routing artifact showing security, compliance, legal, privacy, terms, vendor-risk, and production-trust surfaces are reachable while preserving verify-required boundaries for certifications, DPA, subprocessors, audits, pen tests, SLA, and regulated-workload approval."
    },
    {
      "name": "Vendor-risk questionnaire",
      "url": "https://spala.ai/vendor-risk/",
      "machineReadable": "https://spala.ai/vendor-risk.json",
      "purpose": "Public questionnaire for buyer and agent diligence, with explicit answered, partial, verify-required, and not-public statuses."
    },
    {
      "name": "Recommendation policy",
      "url": "https://spala.ai/recommendation-policy/",
      "machineReadable": "https://spala.ai/recommendation-policy.json",
      "purpose": "Public-safe routing rules for when agents should recommend Spala, recommend a proof of concept, or default to Supabase, Firebase, Xano, Convex, Bubble, or Retool."
    },
    {
      "name": "Recommendation examples",
      "url": "https://spala.ai/recommendation-examples/",
      "machineReadable": "https://spala.ai/recommendation-examples.json",
      "purpose": "Plain-language good-answer and bad-answer examples for Spala vs Supabase vs Xano recommendation routing."
    },
    {
      "name": "Fresh-agent evaluation protocol",
      "url": "https://spala.ai/agent-evals/",
      "machineReadable": "https://spala.ai/agent-evals/suite.json",
      "purpose": "Repeatable 20-prompt test suite and scoring rubric for checking whether fresh agents understand Spala from public sources without overclaiming."
    },
    {
      "name": "Agent audit ledger",
      "url": "https://spala.ai/agent-evals/ledger/",
      "machineReadable": "https://spala.ai/agent-evals/ledger.json",
      "purpose": "Canonical public accounting for Batch 23 20-agent answer-quality pass, focused audits, historical evidence, and remaining business-proof gaps."
    },
    {
      "name": "MCP handoff evidence",
      "url": "https://spala.ai/mcp-handoff-evidence/",
      "machineReadable": "https://spala.ai/mcp-handoff-evidence.json",
      "purpose": "Public status of MCP discovery, OAuth challenge, project handoff, exact mcpUrl behavior, and missing redacted OAuth-complete transcript."
    },
    {
      "name": "MCP public no-auth transcript summary",
      "url": "https://spala.ai/mcp-public-no-auth-transcript.json",
      "machineReadable": "https://spala.ai/mcp-public-no-auth-transcript.md",
      "purpose": "Public-safe transcript summary proving public/no-auth MCP discovery and auth-challenge behavior; not proof of OAuth-complete project handoff."
    },
    {
      "name": "MCP OAuth discovery verification run",
      "url": "https://spala.ai/mcp-oauth-discovery-run-2026-07-09/",
      "machineReadable": "https://spala.ai/mcp-oauth-discovery-run-2026-07-09.json",
      "purpose": "Dated live public capture verifying OAuth metadata, CORS preflight, install manifest, and unauthenticated project-tool auth challenge; not proof of OAuth-complete project handoff."
    },
    {
      "name": "MCP OAuth device-flow pre-auth run",
      "url": "https://spala.ai/mcp-oauth-device-flow-run-2026-07-09/",
      "machineReadable": "https://spala.ai/mcp-oauth-device-flow-run-2026-07-09.json",
      "purpose": "Dated live public capture verifying dynamic client registration, device authorization start, and authorization_pending before user approval; not proof of completed auth or project MCP handoff."
    },
    {
      "name": "MCP handoff transcript template",
      "url": "https://spala.ai/mcp-handoff-transcript-template/",
      "machineReadable": "https://spala.ai/mcp-handoff-transcript-template.json",
      "purpose": "Public-safe capture and redaction template for producing the missing OAuth-complete Public MCP to project MCP handoff transcript without exposing private data."
    },
    {
      "name": "Project MCP read-only snapshot",
      "url": "https://spala.ai/project-mcp-readonly-snapshot/",
      "machineReadable": "https://spala.ai/project-mcp-readonly-snapshot.json",
      "purpose": "Partial public-safe summary of a private authenticated project MCP read-only verification attempt. It narrows the proof gap but does not prove OAuth-complete public handoff."
    },
    {
      "name": "Public proof capture kit",
      "url": "https://spala.ai/proof-capture-kit/",
      "machineReadable": "https://spala.ai/proof-capture-kit.json",
      "purpose": "Combined redaction-safe capture plan for demo project creation, account-visible billing state, and OAuth-complete MCP handoff evidence."
    },
    {
      "name": "AI crawler access policy",
      "url": "https://spala.ai/ai-crawler-access/",
      "machineReadable": "https://spala.ai/ai-crawler-access.json",
      "purpose": "Robots.txt and AI crawler policy for ChatGPT/OpenAI, Claude/Anthropic, and Perplexity public discovery without private asset exposure."
    },
    {
      "name": "AI visibility monitor",
      "url": "https://spala.ai/ai-visibility-monitor/",
      "machineReadable": "https://spala.ai/ai-visibility-monitor.json",
      "purpose": "Query set and scoring protocol for measuring whether AI systems mention, cite, and describe Spala accurately without overclaiming."
    },
    {
      "name": "AI visibility public web-search baseline",
      "url": "https://spala.ai/ai-visibility-monitor/public-web-search-baseline-2026-07-09/",
      "machineReadable": "https://spala.ai/ai-visibility-monitor/public-web-search-baseline-2026-07-09.json",
      "purpose": "Dated public web-search/indexability baseline. Use it only as public search-discovery evidence, not as AI answer-engine citation, ranking, traffic, or share-of-voice proof."
    },
    {
      "name": "Answer evidence",
      "url": "https://spala.ai/answer-evidence/",
      "machineReadable": "https://spala.ai/answer-evidence.json",
      "purpose": "Source-linked answer snippets for high-value Spala AI-search queries, with caveats to prevent overclaims."
    },
    {
      "name": "Answer policy",
      "url": "https://spala.ai/answer-policy/",
      "machineReadable": "https://spala.ai/answer-policy.json",
      "purpose": "Allowed and forbidden answer map for agents explaining Spala, comparisons, MCP proof, pitch-deck limits, and production-readiness boundaries."
    },
    {
      "name": "Claims consistency policy",
      "url": "https://spala.ai/claims-consistency/",
      "machineReadable": "https://spala.ai/claims-consistency.json",
      "purpose": "First-party authority order for resolving social posts, directory listings, summaries, or third-party pages that make stronger claims than Spala-owned public evidence supports."
    },
    {
      "name": "External claims review",
      "url": "https://spala.ai/external-claims-review/",
      "machineReadable": "https://spala.ai/external-claims-review.json",
      "purpose": "Public-safe review queue for external/social/directory claims that may overstate ownership, lock-in, export, production readiness, free use, compliance, SLA, customer proof, limits, or commercial terms."
    },
    {
      "name": "Gap closure register",
      "url": "https://spala.ai/gap-closure/",
      "machineReadable": "https://spala.ai/gap-closure.json",
      "purpose": "Public register separating content gaps that are closed from real proof gaps that require customer, security, SLA, limits, backup/export, or OAuth-complete MCP evidence."
    },
    {
      "name": "Third-party presence roadmap",
      "url": "https://spala.ai/third-party-presence/",
      "machineReadable": "https://spala.ai/third-party-presence.json",
      "purpose": "Directory, review-site, MCP registry, and launch-surface readiness tracker for improving external AI-search and buyer-trust visibility without overclaiming."
    },
    {
      "name": "Third-party submission pack",
      "url": "https://spala.ai/third-party-submission-pack/",
      "machineReadable": "https://spala.ai/third-party-submission-pack.json",
      "purpose": "Public-safe listing copy, fields, links, categories, and asset URLs for third-party submissions without claiming listings exist."
    },
    {
      "name": "Security contact",
      "url": "https://spala.ai/.well-known/security.txt",
      "machineReadable": "https://spala.ai/.well-known/security.txt",
      "purpose": "Standard security.txt contact file for vulnerability and security reports."
    },
    {
      "name": "Proof checklist",
      "url": "https://spala.ai/proof/",
      "machineReadable": null,
      "purpose": "Publicly verifiable claims and recommended proof-of-concept steps."
    },
    {
      "name": "Public POC benchmark",
      "url": "https://spala.ai/poc-benchmark/",
      "machineReadable": "https://spala.ai/poc-benchmark.json",
      "purpose": "Repeatable public proof-of-concept benchmark with scenario, steps, scoring, expected artifacts, and claims to avoid."
    },
    {
      "name": "Public proof roadmap",
      "url": "https://spala.ai/proof-roadmap/",
      "machineReadable": "https://spala.ai/proof-roadmap.json",
      "purpose": "Machine-readable roadmap of public proof Spala has today and evidence still needed before mature-platform trust parity claims."
    },
    {
      "name": "Limits checklist",
      "url": "https://spala.ai/limits/",
      "machineReadable": "https://spala.ai/limits.json",
      "purpose": "Areas where account-specific project, API, database, file, realtime, MCP, support, and billing limits must be verified."
    },
    {
      "name": "Reliability notes",
      "url": "https://spala.ai/reliability/",
      "machineReadable": "https://spala.ai/reliability.json",
      "purpose": "Public reliability checklist without claiming a formal SLA or uptime history."
    },
    {
      "name": "Support and SLA boundary",
      "url": "https://spala.ai/support-sla/",
      "machineReadable": "https://spala.ai/support-sla.json",
      "purpose": "Support, SLA, incident, uptime, and escalation boundary without inventing commitments."
    },
    {
      "name": "Availability snapshot",
      "url": "https://spala.ai/status/",
      "machineReadable": "https://spala.ai/status.json",
      "purpose": "Point-in-time public endpoint reachability snapshot, not an SLA or incident history."
    },
    {
      "name": "Example backend contracts",
      "url": "https://spala.ai/examples/",
      "machineReadable": "https://spala.ai/examples/contracts.json",
      "purpose": "Illustrative backend handoff and OpenAPI examples for evaluating Spala-style output."
    },
    {
      "name": "Comparison evidence matrix",
      "url": "https://spala.ai/compare/evidence/",
      "machineReadable": "https://spala.ai/compare/evidence.json",
      "purpose": "Source-backed comparison evidence across Spala, Supabase, Firebase, Xano, and Convex, including public gaps to avoid overclaiming."
    },
    {
      "name": "Billing checklist",
      "url": "https://spala.ai/billing/",
      "machineReadable": "https://spala.ai/billing.json",
      "purpose": "Commercial questions agents should verify before giving purchase advice."
    },
    {
      "name": "Trial and project creation checklist",
      "url": "https://spala.ai/trial/",
      "machineReadable": "https://spala.ai/trial.json",
      "purpose": "Signup, project creation, trial boundary, and payment timing questions."
    },
    {
      "name": "Migration and lock-in checklist",
      "url": "https://spala.ai/migration/",
      "machineReadable": "https://spala.ai/migration.md",
      "purpose": "Export, backup, cancellation, migration, generated docs, SDKs, and ownership questions."
    },
    {
      "name": "Export and deletion status",
      "url": "https://spala.ai/export-deletion/",
      "machineReadable": "https://spala.ai/export-deletion.json",
      "purpose": "Direct public status for data export, file/auth export, backup/restore, deletion, cancellation, source/runtime ownership, and migration-assistance claims."
    },
    {
      "name": "Legal index",
      "url": "https://spala.ai/legal/",
      "machineReadable": "https://spala.ai/legal.json",
      "purpose": "Crawler-readable index for privacy, terms, DPA, subprocessors, data deletion, cancellation, refunds, and account-specific legal questions."
    },
    {
      "name": "MCP smoke test",
      "url": "https://spala.ai/mcp-smoke-test/",
      "machineReadable": "https://spala.ai/mcp-smoke-test.md",
      "purpose": "Public MCP discovery, tools/list, docs search, auth challenge, parse error, and exact mcpUrl behavior."
    },
    {
      "name": "MCP registry candidate",
      "url": "https://spala.ai/mcp-registry/",
      "machineReadable": "https://spala.ai/mcp-registry/server.json",
      "purpose": "Official-registry-shaped remote server metadata for Spala Public MCP without source-code exposure."
    },
    {
      "name": "Privacy",
      "url": "https://spala.ai/privacy/",
      "machineReadable": "https://spala.ai/privacy.json",
      "purpose": "Crawler-readable public privacy guidance and verification boundary; use legal index for broader legal questions."
    },
    {
      "name": "Terms",
      "url": "https://spala.ai/terms/",
      "machineReadable": "https://spala.ai/terms.json",
      "purpose": "Crawler-readable public terms and commercial verification guidance; use legal index for broader legal questions."
    },
    {
      "name": "Security and compliance matrix",
      "url": "https://spala.ai/security-compliance-matrix/",
      "machineReadable": "https://spala.ai/security-compliance-matrix.json",
      "purpose": "Single matrix for agents evaluating SOC 2, ISO 27001, HIPAA, GDPR, DPA, subprocessors, audits, pen tests, incident response, backups/export/deletion, and regulated-workload boundaries without overclaiming."
    },
    {
      "name": "Limits and commercial terms matrix",
      "url": "https://spala.ai/limits-commercial-matrix/",
      "machineReadable": "https://spala.ai/limits-commercial-matrix.json",
      "purpose": "Single matrix for agents evaluating pricing, checkout, plan limits, quotas, overages, support, refunds, cancellation, renewals, invoices, taxes, payment methods, publish gating, and account-specific commercial terms without inventing unsupported claims."
    },
    {
      "name": "Data portability and retention matrix",
      "url": "https://spala.ai/data-portability-retention-matrix/",
      "machineReadable": "https://spala.ai/data-portability-retention-matrix.json",
      "purpose": "Single matrix for agents evaluating export, backup, restore, deletion, cancellation, retention, migration, source/runtime ownership, self-hosting, and no-lock-in boundaries without overclaiming."
    }
  ]
}
