Saudi Invoices (ZATCA Fatoora Phase 2 reporting & clearance)
Server Details
Saudi ZATCA Fatoora Phase 2: AI agents report B2C and clear B2B tax invoices, stateless.
- Status
- Unhealthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.5/5 across 3 of 3 tools scored.
Each tool targets a distinct operation: check_invoice_compliance for validation only, clear_invoice for B2B clearance, and report_invoice for B2C reporting. No overlap, clear boundaries.
All tool names follow a consistent verb_noun pattern (check_invoice_compliance, clear_invoice, report_invoice), enhancing predictability.
Three tools is a minimal but reasonable set for ZATCA Phase 2 operations. It covers the essential actions, though additional tools for status queries or CSID management could be beneficial.
The set covers the core lifecycle: compliance check, clearance for standard invoices, and reporting for simplified invoices. Missing batch operations or invoice status retrieval, but these are not strictly required for the stated purpose.
Available Tools
3 toolscheck_invoice_complianceARead-onlyIdempotentInspect
Validate a signed invoice against the ZATCA compliance/invoices endpoint WITHOUT fiscally reporting or clearing it — used during EGS onboarding to confirm your CSID + invoice structure pass ZATCA checks. Same envelope { invoiceHash, uuid, invoice(base64 signed UBL) }; no fiscal effect regardless of mode. Result carries validation_status plus any warnings/errors; reporting_status / clearance_status echo how ZATCA would treat the document. Use this to debug an invoice before calling report_invoice or clear_invoice. Required credential headers (set once in your MCP client, per-request, never stored): x-zatca-csid-token (your CSID binarySecurityToken) + x-zatca-csid-secret (its secret) — sent as HTTP Basic auth to ZATCA. Optional header x-zatca-mode: developer (default, sandbox, no fiscal effect) | simulation | core (production, real fiscal effect). Optional owner-policy headers x-agentpay-max-amount / x-agentpay-approval-above / x-agentpay-allowed-tools.
| Name | Required | Description | Default |
|---|---|---|---|
| uuid | Yes | The invoice UUID (cbc:UUID) — a version-4 UUID your EGS assigned to this invoice, e.g. 3cf5ee18-ee25-44ea-a444-2c37ba7f28be. | |
| invoice | Yes | The FULL signed UBL 2.1 invoice XML, base64-encoded. You sign it with your ECDSA private key merchant-side; this server forwards the bytes untouched. | |
| invoiceHash | Yes | Base64 SHA-256 hash of the signed invoice (the same hash you embedded in the QR/UBL). Computed merchant-side; this server never recomputes or signs. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnly, idempotent, non-destructive. Description adds critical context: no fiscal effect regardless of mode, result structure (validation_status, warnings/errors), and how reporting_status/clearance_status echo ZATCA treatment. Also explains credential handling and headers.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Well-structured with core purpose first, then details. Slightly verbose on credential/header section but all information is necessary. Could be trimmed slightly but remains efficient.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Very complete for a tool with no output schema. Covers purpose, usage context, parameter behavior, result fields, credential requirements, mode options. No gaps given the complexity.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, but description adds meaning beyond schema: explains that invoice hash is computed merchant-side and server never recomputes, and that invoice is forwarded untouched. Provides operational context for each parameter.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: validating a signed invoice against ZATCA compliance without fiscal effect. It uses specific verbs ('validate', 'confirm') and distinguishes from sibling tools by specifying this is for debugging before report/clear.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly states when to use (during EGS onboarding, debugging before reporting/clearing) and contrasts with siblings. Provides context about no fiscal effect and credential setup.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
clear_invoiceAInspect
Clear a Saudi STANDARD tax invoice (B2B, فاتورة ضريبية) through ZATCA (Fatoora Phase 2) — the clearance/single call (sent with header Clearance-Status: 1). ZATCA validates and cryptographically stamps the invoice BEFORE you hand it to the buyer; on success the ZATCA-cleared XML is returned as cleared_invoice (base64). This server does NOT sign and does NOT keep the ICV/PIH hash-chain — you pass { invoiceHash, uuid, invoice(base64 signed UBL) }; signing/chain stay merchant-side. Result status values: clearance_status CLEARED (accepted and stamped — issue cleared_invoice to the buyer), or accepted-with-warnings (HTTP 202, cleared but fix warnings next time); NOT_CLEARED / an error means ZATCA rejected it. If you get an error saying the invoice is a simplified invoice, use report_invoice instead. Required credential headers (set once in your MCP client, per-request, never stored): x-zatca-csid-token (your CSID binarySecurityToken) + x-zatca-csid-secret (its secret) — sent as HTTP Basic auth to ZATCA. Optional header x-zatca-mode: developer (default, sandbox, no fiscal effect) | simulation | core (production, real fiscal effect). Optional owner-policy headers x-agentpay-max-amount / x-agentpay-approval-above / x-agentpay-allowed-tools.
| Name | Required | Description | Default |
|---|---|---|---|
| uuid | Yes | The invoice UUID (cbc:UUID) — a version-4 UUID your EGS assigned to this invoice, e.g. 3cf5ee18-ee25-44ea-a444-2c37ba7f28be. | |
| invoice | Yes | The FULL signed UBL 2.1 invoice XML, base64-encoded. You sign it with your ECDSA private key merchant-side; this server forwards the bytes untouched. | |
| invoiceHash | Yes | Base64 SHA-256 hash of the signed invoice (the same hash you embedded in the QR/UBL). Computed merchant-side; this server never recomputes or signs. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description discloses important behavioral traits beyond annotations: the server does not sign or keep the ICV/PIH hash-chain, signing stays merchant-side. It explains the result status values (CLEARED, accepted-with-warnings, NOT_CLEARED) and that the ZATCA-stamped XML is returned. Annotations are consistent.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is detailed but well-structured, starting with the primary action, then server behavior, status values, alternatives, and credentials. While somewhat lengthy, every sentence adds necessary information without redundancy.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the complexity of ZATCA integration, the description covers all aspects: purpose, parameters, cryptographic responsibilities, credential headers, optional modes, error handling, and alternative tools. Although no output schema exists, the description explains what is returned.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with each parameter described. The description adds meaning: invoiceHash is the SHA-256 hash of the signed invoice, uuid is a version-4 UUID, and invoice is the base64-encoded signed UBL XML. It explains that the server forwards bytes untouched.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly specifies the tool's purpose: clearing a Saudi STANDARD tax invoice through ZATCA. It distinguishes between standard and simplified invoices, and the verb 'clear' combined with the specific resource 'Saudi STANDARD tax invoice' makes the action unambiguous.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides explicit usage guidelines: use for B2B standard invoices, and if an error indicates a simplified invoice, use report_invoice instead. It also explains the credential headers and modes. However, it does not directly compare with check_invoice_compliance.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
report_invoiceAInspect
Report a Saudi SIMPLIFIED tax invoice (B2C, فاتورة مبسطة) to ZATCA (Fatoora Phase 2) — the reporting/single call. You issue the simplified invoice to the buyer first, then report it to ZATCA within 24 hours; this tool forwards your already-signed invoice. This server does NOT sign and does NOT keep the ICV/PIH hash-chain — signing and chain state stay merchant-side; you pass { invoiceHash, uuid, invoice(base64 signed UBL) }. Result status values: reporting_status REPORTED (accepted — the invoice is reported), or accepted-with-warnings (HTTP 202, reported but fix the warnings on the next invoice); NOT_REPORTED / an error means ZATCA rejected it (see validation errors). Required credential headers (set once in your MCP client, per-request, never stored): x-zatca-csid-token (your CSID binarySecurityToken) + x-zatca-csid-secret (its secret) — sent as HTTP Basic auth to ZATCA. Optional header x-zatca-mode: developer (default, sandbox, no fiscal effect) | simulation | core (production, real fiscal effect). Optional owner-policy headers x-agentpay-max-amount / x-agentpay-approval-above / x-agentpay-allowed-tools.
| Name | Required | Description | Default |
|---|---|---|---|
| uuid | Yes | The invoice UUID (cbc:UUID) — a version-4 UUID your EGS assigned to this invoice, e.g. 3cf5ee18-ee25-44ea-a444-2c37ba7f28be. | |
| invoice | Yes | The FULL signed UBL 2.1 invoice XML, base64-encoded. You sign it with your ECDSA private key merchant-side; this server forwards the bytes untouched. | |
| invoiceHash | Yes | Base64 SHA-256 hash of the signed invoice (the same hash you embedded in the QR/UBL). Computed merchant-side; this server never recomputes or signs. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description adds significant behavioral context beyond the annotations: it clarifies that this server does NOT sign or maintain the hash-chain, that signing and chain state remain merchant-side, and it explains result status values. Annotations already indicate a mutation (not read-only), and the description aligns, providing deeper transparency.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is well-structured and concise: it leads with the core purpose, then prerequisites, result status values, required headers, and optional headers. Every sentence contributes useful information without redundancy.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the complexity of ZATCA reporting and the absence of an output schema, the description covers purpose, prerequisites, input parameters (via schema), status outputs, authentication headers, and behavioral caveats (no signing, no chain state). It is sufficiently complete for an agent to invoke the tool correctly.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema already covers all three parameters with descriptions (100% coverage), so the baseline is 3. The description adds value by explaining that the signing is done merchant-side and the server forwards untouched, giving agents a clearer understanding of their responsibility.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: reporting a Saudi simplified tax invoice to ZATCA. It specifies the verb ('Report'), the resource ('SIMPLIFIED tax invoice'), and the target (ZATCA). However, it does not explicitly differentiate from sibling tools like 'check_invoice_compliance' or 'clear_invoice', which would help an agent choose more precisely.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides some usage context: the invoice must be issued to the buyer first, then reported within 24 hours, and the tool forwards an already-signed invoice. However, it lacks explicit guidance on when to use this tool versus alternatives (e.g., when to use 'check_invoice_compliance' first) and does not state when not to use it.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!