Skip to content
48 changes: 34 additions & 14 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

[![Script Validation](https://github.com/Tibo2403/Scripting/actions/workflows/script-validation.yml/badge.svg)](https://github.com/Tibo2403/Scripting/actions/workflows/script-validation.yml)

Collection of PowerShell, Bash, and Python scripts for system administration, security checks, Microsoft 365 operations, Linux dependency checks, MCP integrations, and authorized lab or pentest workflows.
Collection of PowerShell, Bash, and Python scripts for system administration, security checks, Microsoft 365 operations, Linux dependency checks, MCP integrations, finance bias/security review helpers, and authorized lab or pentest workflows.

## Legal Notice

Expand All @@ -24,26 +24,28 @@ scripts/
| |-- setup_api.sh
| `-- stealth_post.sh
|-- powershell/
|-- DiskUsageReport.ps1
|-- ExchangeOnlineManagement.ps1
|-- Get-SystemInfo.ps1
|-- LinkCrawler.ps1
|-- ManageServices.ps1
|-- Optimize-CodexWorkspace.ps1
|-- SecurityCheck.ps1
|-- SharePointManagement.ps1
|-- TeamsManagement.ps1
|-- Test-ScriptSyntax.ps1
|-- UserManagement.ps1
`-- VMManagement.ps1
| |-- DiskUsageReport.ps1
| |-- ExchangeOnlineManagement.ps1
| |-- Get-SystemInfo.ps1
| |-- LinkCrawler.ps1
| |-- ManageServices.ps1
| |-- Optimize-CodexWorkspace.ps1
| |-- SecurityCheck.ps1
| |-- SharePointManagement.ps1
| |-- TeamsManagement.ps1
| |-- Test-ScriptSyntax.ps1
| |-- UserManagement.ps1
| `-- VMManagement.ps1
`-- python/
|-- codex-cost-routing.cmd
|-- codex_cost_router.py
|-- finance_bias_evaluator.py
|-- litellm-cost-routing.yaml
|-- Manage-CodexCostRouting.ps1
|-- mcp_server.py
|-- README.md
|-- README_Codex_Cost_Routing.md
|-- README_Finance_Bias_Evaluator.md
`-- requirements.txt
```

Expand Down Expand Up @@ -94,6 +96,12 @@ Run Bash static analysis:
find scripts/linux -name "*.sh" -print0 | xargs -0 shellcheck --severity=error
```

Validate Python syntax:

```bash
python -m py_compile scripts/python/mcp_server.py scripts/python/codex_cost_router.py scripts/python/finance_bias_evaluator.py
```

Check Linux dependencies:

```bash
Expand Down Expand Up @@ -148,7 +156,7 @@ Sensitive Linux scripts require either an interactive `AUTHORIZED` confirmation

Use the safe placeholders in `examples/` for lab demos and documentation. Do not commit real targets, credentials, tenant identifiers, scan output, packet captures, or customer data.

## MCP Server
## Python Tools

The read-only Python MCP server exposes tools to list, search, inspect, and
validate scripts without executing them. It can also browse documentation and
Expand All @@ -167,6 +175,18 @@ The optional Codex cost router in `scripts/python/codex_cost_router.py` can
compress one-shot prompts and route them through a self-hosted LiteLLM OSS proxy.
See [`scripts/python/README_Codex_Cost_Routing.md`](scripts/python/README_Codex_Cost_Routing.md).

The finance bias evaluator in `scripts/python/finance_bias_evaluator.py` checks
technical proposals for finance-oriented security, fairness, auditability, and
hallucinated-interface risks. It always returns the strict JSON shape
`statut`, `confiance`, and `justification_technique`:

```bash
echo "We use fairness metrics, human review, audit logs, data governance and encryption." | \
python scripts/python/finance_bias_evaluator.py
```

See [`scripts/python/README_Finance_Bias_Evaluator.md`](scripts/python/README_Finance_Bias_Evaluator.md).

## CI

The `script-validation.yml` workflow checks:
Expand Down
4 changes: 2 additions & 2 deletions scripts/powershell/Optimize-CodexWorkspace.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -448,12 +448,12 @@ function Invoke-NativeValidation {
$startInfo.WorkingDirectory = $resolvedProject.Path
$nativeArguments = @($Arguments | ForEach-Object { ConvertTo-NativeArgument $_ })
if ($resolvedExecutable.Source -match '\.(cmd|bat)$') {
$startInfo.FileName = $env:ComSpec
$startInfo.FileName = if ($env:ComSpec) { $env:ComSpec } else { 'cmd.exe' }
$invocation = @(
ConvertTo-NativeArgument $resolvedExecutable.Source
$nativeArguments
) -join ' '
$startInfo.Arguments = '/d /s /c "' + $invocation + '"'
$startInfo.Arguments = '/d /c ' + $invocation
}
else {
$startInfo.FileName = $resolvedExecutable.Source
Expand Down
65 changes: 65 additions & 0 deletions scripts/python/README_Finance_Bias_Evaluator.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
# Finance Bias Evaluator

Small rule-based evaluator for finance-oriented security and algorithmic-bias review prompts.

The script reads a technical proposal from stdin or from a UTF-8 file and prints exactly one JSON object:

```json
{
"statut": 0,
"confiance": 0.99,
"justification_technique": "..."
}
```

## Why this exists

The evaluator is intentionally conservative for finance use cases. A proposal fails when it contains a risky pattern or when it omits core controls such as fairness metrics, human review, audit logging, data governance, or security controls.

It can detect examples such as:

- protected attributes or possible proxies, for example age, gender, postal code, or zip code;
- fully automated financial decisions without human review;
- opaque or unauditable systems;
- exposed secrets or tokens;
- unrealistic claims such as guaranteed fairness or 100% absence of bias;
- hallucinated helper functions such as `detect_all_bias` or `guarantee_fairness`.

## Usage

```bash
python scripts/python/finance_bias_evaluator.py proposal.txt
```

or:

```bash
echo "We use fairness metrics, human review, audit logs, data governance and encryption." | \
python scripts/python/finance_bias_evaluator.py
```

Pretty output:

```bash
python scripts/python/finance_bias_evaluator.py proposal.txt --pretty
```

## Validation examples

Valid-looking proposal:

```bash
echo "We use fairness metrics, human review, audit logs, data governance and encryption to assess credit risk." | \
python scripts/python/finance_bias_evaluator.py
```

Risky proposal:

```bash
echo "The model auto-approves loans using age and zip code with no human review." | \
python scripts/python/finance_bias_evaluator.py
```

## Limitations

This is a deterministic static checker, not a formal proof of fairness or security. It should be used as a first-pass guardrail before deeper review, statistical fairness testing, model validation, and legal/compliance assessment.
70 changes: 70 additions & 0 deletions scripts/python/README_LLM_Bias_Multi_Agent.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
# LLM Multi-Agent Prompt Manager

Standalone deterministic multi-agent manager for reviewing and improving generic LLM prompt returns.

It does not call an LLM provider. It sits after any model output and performs a standard orchestration loop:

1. receive the original prompt and LLM answer;
2. run a panel of review agents;
3. aggregate findings and a risk score;
4. revise the answer conservatively;
5. optionally repeat the review for several rounds.

The default panel focuses on bias and safeguard review:

- protected-attribute review;
- stereotype and broad-generalization review;
- overconfidence and weak-evidence review;
- inclusion and alternatives review;
- safeguards review for consequential domains such as finance, hiring, housing, medicine, education, or insurance.

## Usage

```bash
python scripts/python/llm_bias_multi_agent.py answer.txt --prompt-file prompt.txt --max-rounds 2 --pretty
```

or:

```bash
echo "All young users are risky, so the loan model should reject them." | \
python scripts/python/llm_bias_multi_agent.py --prompt "Evaluate a credit policy" --pretty
```

The output is JSON:

```json
{
"manager": "multi_agent_prompt_manager",
"round_count": 1,
"risk_score": 0.93,
"status": "needs_revision",
"finding_count": 6,
"agent_reports": [],
"revised_answer": "..."
}
```

## How To Use With Any LLM

1. Send a prompt to your LLM.
2. Pass the LLM answer to `llm_bias_multi_agent.py` or to `MultiAgentPromptManager` in Python.
3. If `status` is `needs_revision`, use `revised_answer` or feed the findings back into your LLM for another revision round.
4. For consequential decisions, keep human review, audit logs, subgroup metrics, and domain-specific validation.

## Python API

```python
from llm_bias_multi_agent import MultiAgentPromptManager

manager = MultiAgentPromptManager(max_rounds=2)
report = manager.evaluate(
prompt="Write a recommendation.",
answer="Everyone will certainly benefit from this policy.",
)
print(report["revised_answer"])
```

You can plug in custom agents by implementing `ReviewAgent.review(prompt, answer)` and returning an `AgentReport`.

This is a first-pass manager. It reduces obvious biased wording and flags missing safeguards, but it does not replace task-specific evaluation, statistical fairness testing, security review, or human judgment.
Loading