Write Postmortem Command

Chain these steps:

1. Use root-cause-analysis-security to finalize root cause analysis
2. Use lessons-learned to conduct post-incident review with team
3. Identify systemic improvements and prevention strategies
4. Document findings and preventive actions with accountability and timelines

Deliverables:

• Post-incident review (postmortem) report with timeline
• Root cause analysis with contributing factors
• Lessons learned: what went well, what didn't, what to improve
• Preventive action plan with owners and timelines
• Metrics: MTTR, recovery time, business impact

After completion, suggest follow-up commands: respond-to-incident, investigate-breach.