Author: Olivier Vitrac, PhD, HDR — olivier.vitrac@adservio.fr
Affiliation: Adservio Innovation Lab · Applied Artificial Intelligence & Engineering Sciences
Purpose: Background and follow-up materials for the lecture series
License: CC BY-NC-SA 4.0 International
| Theme | Focus |
|---|---|
| 1 — Agents & Model Context Protocol (MCP) | Understanding agent frameworks and Claude Code’s MCP |
| 2 — Claude Code Guides & Examples | Official manuals, quickstarts, and tool examples |
| 3 — Code Auditing & Software Quality | From introductory linting to advanced audits |
| 4 — Ethics · Regulations · Governance | AI governance and responsible engineering |
| 5 — Research & Academic Frontiers | Seminal papers and benchmark groups |
| 6 — Language-Specific Audit Toolchains | Practical stacks for Python / JS |
| 7 — Suggested Progression | When to read what |
Claude Code Overview — concept, architecture, and MCP integration
https://docs.claude.com/en/docs/claude-code/overview
Claude Documentation Hub — all official guides
https://docs.claude.com/
Model Context Protocol Organization — specification & reference schemas
https://github.com/modelcontextprotocol
https://github.com/modelcontextprotocol/modelcontextprotocol
Using MCP with GitHub Copilot Chat — example of cross-integration
https://docs.github.com/copilot/how-tos/provide-context/use-mcp
LangGraph (LangChain extension) — graph-based agent orchestration
https://langchain-ai.github.io/langgraph/
CrewAI — multi-agent framework (roles · memory · tools)
https://docs.crewai.com/en/concepts/agents
Microsoft AutoGen — conversation-centric agents for development tasks
https://microsoft.github.io/autogen/stable/
OpenDevin / OpenHands Projects — community efforts for autonomous dev
https://github.com/OpenDevin · https://github.com/Kurtisone/OpenDevin
Sourcegraph Cody — contextual coding assistant with search integration
https://docs.sourcegraph.com/cody/overview
Quickstart / Reference — official entry point
https://docs.claude.com/
Best Practices for Agentic Coding — Anthropic Engineering blog
https://www.anthropic.com/engineering/claude-code-best-practices
Prompt Patterns for Code Audits — reproducible examples
see repo → lectures/lecture2_audit/audit_prompts.html
MCP Tool Registration Examples — YAML/JSON schemas in the repo
see repo → tools/mcp/config.json
OWASP Top 10 (2021) — canonical list of web application risks
https://owasp.org/Top10/
MITRE CWE Database + Top 25 — classification of software weaknesses
https://cwe.mitre.org/top25/
NIST Secure Software Development Framework (SP 800-218)
https://csrc.nist.gov/pubs/sp/800/218/final
ISO/IEC 25010 — software quality model (maintainability, security, reliability)
https://iso25000.com/index.php/en/iso-25010
Semgrep — fast SAST multi-language rules · docs https://semgrep.dev/docs/
Bandit — Python security scanner · repo https://github.com/PyCQA/bandit
Ruff — Python linter/formatter · docs https://docs.astral.sh/ruff/
ESLint — JavaScript / TypeScript lint rules · docs https://eslint.org/docs/latest/
SonarQube Docs — continuous quality platform https://docs.sonarsource.com/sonarqube/latest/
EU Artificial Intelligence Act (2024)
https://artificialintelligenceact.eu/the-act/
https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
NIST AI Risk Management Framework (1.0)
https://www.nist.gov/itl/ai-risk-management-framework
OECD AI Principles (2024 Update)
https://oecd.ai/en/ai-principles
ISO/IEC 42001 (2023) — AI management systems framework
https://www.iso.org/standard/42001.html
ISO/IEC 23894 (2023) — AI risk management guidelines
https://www.iso.org/standard/77304.html
Use these documents to align agentic development and auditing with current AI governance frameworks.
SWE-bench Benchmark (2024) — real GitHub issue fixing tasks
https://github.com/SWE-bench/SWE-bench
SWE-agent Paper (arXiv 2405.15793) — agent-computer interface for repo fixing
https://arxiv.org/abs/2405.15793
Multi-SWE-bench — multilingual extension (7 languages)
https://github.com/multi-swe-bench/multi-swe-bench
AlphaCode (Science 2022) — competition-level program synthesis
https://www.science.org/doi/10.1126/science.abq1158
Codex (OpenAI 2021) — foundational LLM for code generation
https://arxiv.org/abs/2107.03374
SWE-Search (2024) — Monte Carlo Tree Search + iterative refinement
https://arxiv.org/abs/2410.20285
Ruff + Bandit + Semgrep → baseline security + style + pattern analysis
https://docs.astral.sh/ruff/ · https://bandit.readthedocs.io/ · https://semgrep.dev/docs/
ESLint + Semgrep Rules + Type Checking https://eslint.org/docs/latest/use/getting-started · https://semgrep.dev/
| Stage | When to Read | Focus |
|---|---|---|
| Before Lecture 1 | MCP intro · Claude overview | Understand agent architecture |
| Before Lecture 2 | OWASP · CWE · NIST SP 800-218 | Build vocabulary for auditing |
| After Lecture 2 | SWE-bench / SWE-agent papers | Explore cutting-edge agentic research |
| Ongoing | ISO 42001 · AI Act · OECD Principles | Integrate governance and ethics |
When reusing these materials in academic or industrial contexts, please cite as:
Vitrac, O. (2025). AI Agents and Code Auditing Lecture Series.
Adservio Innovation Lab — https://adservio.fr
Licensed under CC BY-NC-SA 4.0 International.
Version 1.0 — November 2025
Maintained by Adservio Innovation Lab · Generative Simulation Initiative