Skip to main content

BayanCore Product Development Lifecycle

Building the definitive OS for Saudi business — engineered for ZATCA Phase 2, PDPL data residency, and Arabic-first experience from day one.

Overview

Our PDLC ensures every phase delivers working software that runs real Saudi businesses, not just demos.

Foundation: ERPNext v15+ | Hosting: OCI Riyadh | Compliance: ZATCA • PDPL • SDAIA

The 8 Phases

Phase 1: Blueprint

Define scope, MVP, architecture, compliance model

Purpose: Establish single source of truth before code

Key Activities:

  • Compliance map: ZATCA Fatoora Phase 2, PDPL, SDAIA AI principles
  • Residency decision: Riyadh OCI primary, Jeddah DR
  • Arabic-first principles: RTL, Hijri/Gregorian, Arabic PDF/A-3
  • ZATCA happy-path: onboarding, clearance, reporting

Deliverables: Product Brief v1.0, ADRs 001-008, Compliance Matrix, UX Principles Exit Criteria: MVP scope signed; ZATCA happy-path validated in sandbox

Phase 2: Forge

Set up repos, CI/CD, environments

Purpose: Create reproducible, secure engineering foundation

Key Activities:

  • OCI landing zone: VCN, private subnets, WAF, Bastion
  • Secret management for CSIDs: OCI Vault with auto-rotation
  • ZATCA sandbox pipeline with automated compliance checks
  • Feature flags for phased rollouts

Deliverables: Monorepo scaffold, CI/CD pipelines, IaC (Terraform), Runbooks Exit Criteria: Dev/staging/prod environments live; first green build

Phase 3: Aesthetic

Design system, API contracts

Purpose: Lock design before building to prevent rework

Key Activities:

  • Design tokens: Saudi green, Arabic typography, RTL mirroring
  • OpenAPI 3.1 contracts for Invoices, Customers, VAT
  • RTL components: data grids, ZATCA onboarding flow
  • Arabic number formatting and PDF preview

Deliverables: Figma Design System v1, OpenAPI specs, Interactive prototype Exit Criteria: Prototype passes Arabic UX review; APIs frozen

Phase 4: Builder + Guardian

Implement core with compliance built-in

Purpose: Ship ERP core where every transaction validates against ZATCA

Key Activities:

  • Core modules: Sales, Purchase, Stock, Accounting (ERPNext fork)
  • Guardian validator: pre-submission ZATCA checks (BR-KSA rules)
  • Arabic PDF/A-3 with QR code and embedded XML
  • 500+ automated compliance tests

Deliverables: Working Alpha, Guardian Service v0.1, PDF Generator Exit Criteria: 100% happy-path invoices clear ZATCA sandbox

Phase 5: Automation

Build AI assistant in depth — our moat

Purpose: Introduce assistive AI that accelerates work without risking financial integrity

Key Activities:

  • Ship first agent: Ask/Act/Automate framework
  • Tool registry with JSON schemas and RBAC
  • RAG in Riyadh: embeddings stored in KSA only
  • Deterministic finance models: LLM proposes, Python validates, human approves
  • Arabic NLU for Saudi business dialect

Deliverables: Agent v1, RAG Pipeline, Tool Registry, AI Guardrails Doc Exit Criteria: Agent accuracy >95%; zero hallucinated postings; all inference in Riyadh

Phase 6: Shadow

Pilot with real data, including AI

Purpose: Prove reliability with production-like data before customers

Key Activities:

  • Ingest 3 real datasets: retail, services, trading (anonymized per PDPL)
  • ZATCA downtime simulation: queue, replay, idempotency
  • PDPL purge test across DB, logs, backups
  • AI stress test: 1,000 real invoices with assistant

Deliverables: Shadow Operations Report, Resilience Dashboard, Data Purge SOP Exit Criteria: 1,000 invoices with zero manual fixes; 99.9% clearance <60s

Phase 7: Pulse

Beta with 3-5 real Saudi clients

Purpose: Validate operations in live environments

Key Activities:

  • Cohort mix: retail (B2C), services (B2B), trading (high-volume)
  • 24/7 Arabic support: <1h P1 response via WhatsApp/Slack
  • ZATCA patch SLA: <48h for breaking changes

Deliverables: Beta Report, NPS Score, Incident Postmortems Exit Criteria: 30 days continuous operation; NPS >40; zero data residency violations

Phase 8: Horizon

Launch, raise, scale

Purpose: Go to market with enterprise-grade governance

Key Activities:

  • GA launch (KSA), Arabic/English marketing site
  • Pricing for Saudi SMEs
  • Fundraising data room
  • Scale OCI multi-AZ architecture

Deliverables: Public Website, GA Platform, Investor Deck Exit Criteria: 10+ paying customers; SOC2 Type I initiated

Continuous Threads

These run across all 8 phases:

ThreadFocus
Compliance & TrustZATCA validation in every build, PDPL mapping, SDAIA ethics
SecurityThreat modeling, SAST/DAST, secrets rotation, pentests
Arabic-FirstRTL by default, Saudi dialect, WCAG 2.2 AA
ObservabilityLogs in Riyadh, SLOs for ZATCA latency, AI success rate
DocumentationArabic guides, API docs, ADRs, runbooks
Change & ReleaseSemantic versioning, feature flags, rollback plans

PDLC v1.0 — May 2026 | BayanCore — Saudi data stays in Saudi