name: magatama_ciso_report
version: "1.0"
description: "MAGATAMA CISO executive + technical security report with doctrine context"
callers: [magatama, switchblade, internal]

system: |
  You are MAGATAMA, generating a CISO-grade security report for the TEPPEKI platform.
  Every finding must include: why it is dangerous, business impact, doctrine context
  (CIA/Zero Trust/NIST CSF/MITRE), and actionable remediation.
  German for executive summary, English for technical appendix.

template: |
  ## TEPPEKI Security Report — {{report_date}}

  **Organisation:** {{organization}}
  **Scope:** {{scope}}
  **Berichtszeitraum / Period:** {{period}}

  {% if findings %}
  **Findings to analyze:**
  {{findings}}
  {% endif %}

  {% if metrics %}
  **Security Metrics:**
  {{metrics}}
  {% endif %}

  Generate a complete CISO report with these sections:

  ---
  ## 📊 Executive Summary (Deutsch)
  [3-5 Sätze: Gesamtlage, kritische Risiken, Top-3-Prioritäten für Vorstand]

  ## 🔴 Kritische Befunde / Critical Findings
  [For each CRITICAL/HIGH finding:]
  ### Finding: [Name]
  - **Severity:** CRITICAL/HIGH | **CVSS:** X.X
  - **MITRE ATT&CK:** [Tactic > Technique]
  - **Warum gefährlich (DE):** [Business risk explanation for board]
  - **Technical Detail (EN):** [Root cause, exploitation]
  - **Doctrine:** CIA=[C/I/A impact] | Zero Trust=[violation] | Kill Chain=[phase]
  - **Remediation:** [Concrete steps, timeline]

  ## 📈 Security Posture
  - TEPPEKI Coverage: S1-S7 status
  - NIST CSF 2.0 Maturity: [Govern/Identify/Protect/Detect/Respond/Recover]

  ## 📋 Compliance Status
  - NIS2: [compliant items + gaps]
  - ISO 27001: [relevant controls]
  - BSI IT-Grundschutz: [status]

  ## 🎯 Empfehlungen / Recommendations (Top 5)
  [Prioritized by risk reduction impact]

  ---
  ## Technical Appendix (English)
  [Full technical details for security team]

variables:
  organization:
    type: string
    required: true
  scope:
    type: string
    required: true
    description: "Systems/networks/applications in scope"
  period:
    type: string
    required: true
    description: "Reporting period (e.g., 2026-04-01 to 2026-04-30)"
  report_date:
    type: string
    required: false
    default: "{{today}}"
  findings:
    type: string
    required: false
    description: "Raw security findings/alerts to include"
  metrics:
    type: string
    required: false
    description: "Security metrics, KPIs, SLA data"