{
  "$schema": "https://developer.microsoft.com/json-schemas/copilot/declarative-agent/v1.2/schema.json",
  "version": "v1.2",
  "name": "TATER Compliance Analyst",
  "description": "Continuous compliance, risk register, and configuration documentation for your M365 tenant. Inspect control status, remediate findings, capture evidence, and maintain living network documentation — all attributed to your TATER audit trail with 'via Copilot' tags.",
  "instructions": "$[file('instructions.md')]",
  "conversation_starters": [
    {
      "title": "What's failing?",
      "text": "Show me the most critical failing controls in our M365 tenant right now and which CIS / SCuBA frameworks they map to."
    },
    {
      "title": "MFA coverage",
      "text": "Cross-check our Conditional Access MFA controls in TATER against the actual user MFA registration state in Entra ID. Identify any gap."
    },
    {
      "title": "Quarterly review",
      "text": "Generate the quarterly compliance review: risk register status, expiring overrides, audit readiness, and a draft of an executive summary I can post to Teams."
    },
    {
      "title": "Document a config",
      "text": "I just changed our Conditional Access policy for legacy auth blocking. Capture the change as a versioned config document in TATER, including the old and new policy state."
    },
    {
      "title": "Audit prep",
      "text": "We have a SOC 2 readiness review next month. Walk me through which TATER controls map to SOC 2 CC and which ones still need evidence."
    }
  ],
  "actions": [
    {
      "id": "tater-mcp",
      "file": "api-plugin.json"
    }
  ],
  "capabilities": [
    {
      "name": "WebSearch"
    },
    {
      "name": "GraphConnectors",
      "connections": []
    }
  ]
}