Open source · MIT

Give your AI coding agent the guardrails you wish it came with.

Answer a short questionnaire about what you're building. Get a ready-to-drop-in skill pack for Claude Code, Cursor, Codex, or any agent that reads AGENTS.md — covering Saudi compliance, security hygiene, and architecture discipline.

Start the questionnaire Browse the library

Takes about 3 minutes. No account. Nothing leaves your browser.

.claude/skills/zatca-phase2/SKILL.md

Peer-reviewed

---
name: zatca-phase2
description: ZATCA Phase 2 e-invoicing rules for Saudi Arabia
version: 0.4.2
status: reviewed
last_verified: 2026-03-18
---

# ZATCA Phase 2

> This is engineering guidance, not legal advice. Verify every
> rule against the official ZATCA documentation linked in /sources.

## When this applies

You are working on a product that issues invoices to Saudi customers
and is using **Node.js** as the backend stack.

## Non-negotiables

- Every B2B invoice must be cleared with ZATCA **before** being
  delivered to the buyer.
- Every B2C invoice must be reported within **24 hours** of issuance.
- Every invoice XML must include a cryptographic stamp derived from
  the taxpayer's CSID certificate.

## Your stack specifics

```ts
// Use the UBL builder — don't hand-roll the XML.
import { buildInvoiceXML, stamp } from "@zatca/ubl";
```

See references/invoice-b2c.xml for a full sample.

§ 01

What’s a skill, and why do I want one?

When an AI coding agent opens your repo, it looks for instructions. A skill is a short, focused document — sometimes with helper scripts — that tells the agent the rules for one specific domain: how to handle invoices in Saudi Arabia, how to keep secrets out of commits, where to draw the line between admin and user code. Good skills turn an agent from “smart intern” into “teammate who read the handbook.”

Written for your stack

Answers to stack, payments, and PII questions rewrite the skill so Node/Django/Laravel projects get guidance that actually matches their code.

Compliance-aware by default

Saudi skills (ZATCA Phase 2, PDPL, Nafath) ship with disclaimers, source links, and a verification date — never stale and never silent.

One zip, every agent

Pick Claude Code, Cursor, Codex, or plain AGENTS.md. Same canonical content, rendered for the target you actually use.

§ 02

The library

Every skill is versioned, dated, and reviewed. Draft items are clearly marked — use them as starting points, not gospel.

Browse the library

ArchitectureReviewed

CI Hygiene

If the repo has no CI the agent adds one. If it does the agent keeps it honest — lint, typecheck, tests, and migration hygiene as rules the agent can actually enforce.

v: 0.6.0
Verified: 2026-04-24

ArchitectureCommunity

Testability Check

Keep generated code writable-to-test. Clean seams, isolated side effects, no hidden singletons — so the test suite remains a first-class artifact as the codebase grows.

v: 0.5.0
Verified: 2026-04-24

Saudi complianceCommunityDisclaimer

mada and STC Pay Payment Basics

Practical integration notes for Saudi-local payment rails — BIN handling, 3DS quirks, settlement expectations, and common pitfalls generic payment tutorials miss.

v: 0.3.0
Verified: 2026-04-24

Saudi complianceDraftDisclaimer

Nafath and Yakeen Identity Onboarding

Keep the agent from inventing fake Nafath or Yakeen endpoints. Explains the approval path, the integration model, and which behaviors you cannot ship without a credential.

v: 0.2.0
Verified: 2026-04-24

Saudi complianceCommunityDisclaimer

PDPL Basics for Engineers

Engineering-level guardrails for Saudi Arabia's Personal Data Protection Law — consent, retention, minimization, and data export patterns your agent can actually enforce in code.

v: 0.3.0
Verified: 2026-04-24

Saudi complianceDraftDisclaimer

Saudi ZATCA Phase 2 E-Invoicing

Engineering guardrails for ZATCA Phase 2 invoicing — XML structure, signing flow, and onboarding steps an AI agent should respect before it writes code.

v: 0.2.0
Verified: 2026-04-24