Tony Lâmpada tonylampada

PR Review: OAuth Implementation for MCP

Repository: roboflow/roboflow-mcp PR: #51 — OAuth Implementation for MCP Branch: mike/mcp-oauth → main Author: Mike-Medvedev (Michael Medvedev) Review Date: 2026-05-25 Generation Timestamp: 2026-05-25 15:20 America/Sao_Paulo Base Commit: e79d8aeb05cb7c2703dd62d572e48d53df058d1f Head Commit: ded89e9a0c784231df5392b911bbbfc5873bb06c

PR Review: OAuth Implementation for MCP

Repository: roboflow/roboflow-mcp PR: #51 — OAuth Implementation for MCP Branch: mike/mcp-oauth → main Author: Mike-Medvedev (Michael Medvedev) Review Date: 2026-05-25 Generation Timestamp: 2026-05-25 14:49:53 America/Sao_Paulo Base Commit: e79d8aeb05cb7c2703dd62d572e48d53df058d1f Head Commit: ded89e9a0c784231df5392b911bbbfc5873bb06c

Making OAuth Work for Roboflow MCP (Remote Server)

Context

Our MCP server (roboflow-mcp) is a remote HTTP server at mcp.roboflow.com/mcp. MCP clients (Claude Desktop, Cursor, etc.) connect to it over the network. Currently it authenticates via x-api-key header.

We want MCP clients to authenticate users via OAuth instead — the standard flow defined by the MCP spec for remote servers.

Nick has 4 open PRs (#11839, #11343, #11363, #11364) implementing "Sign in with Roboflow" — a full OAuth 2.1 provider. Mike looked at this work and concluded it doesn't help because it targets local MCP servers. This is partially correct but misses the bigger picture.

PR Review: Add devcontainer staging mode with read-only service-account sandbox

Repository: roboflow/roboflow PR: #11753 Branch: tonylampada/devcontainer-staging → master Author: tonylampada Base commit: d66eb3da5cdb03b351265952ab57e870b49f8468 Head commit: a41198420b4c6d4f0a5b7256271accbb935628cc Changed files: 4 — cli.sh, docker-compose.yml, nginx.conf.template (new), SKILL.md Additions/Deletions: ~+340 / −12

PR Review: Show annotation groups on Asset Library preview (DATAMAN-230)

Repository: roboflow/roboflow PR: #11061 Branch: dataman-230-show-annotation-groups-preview → master Author: @digaobarbosa Review Date: 2026-04-08

Summary

Video Script — "The System's DNA" (~3 min)

[0:00–0:30] The Problem (hook)

Have you ever looked at our codebase and wondered: "is it a Source or an Image? A Dataset or a Project? Why do we have both datasets[] and projects[] on the same record?"

These aren't just naming inconsistencies — they're symptoms of a missing piece. We never wrote down what our system actually is at the conceptual level. So over the years, storage details and legacy names leaked into services, routes, types, and UI code. And every new dev that joins has to reverse-engineer the domain from implementation artifacts.

[0:30–1:10] What This PR Introduces

Production Readiness Report - Support Debug Website

Author: Bar Shimshon (Support Team)
Project: roboflow-support
Review Date: 2026-01-26
Reviewer: Tony França / Jarbas (AI Assistant)

Executive Summary

a

Plumbing + Intelligence: A Practical Mindset for Software Architecture

1. Introduction

As I gained experience in building software, I realized a fundamental distinction between two types of code, which in my mind, I refer to as:

"plumbing" code, vs
"intelligence" code.

I want to explain this duality because I believe it assists in cultivating a programming mindset that tends to produce quality software (*).

	#!/bin/bash

	# Script to generate S3 signed URLs for image files in JSONL format
	# Usage: ./generateS3SignedUrls.sh <s3-path> [output-file] [expiration-seconds] [parallel-jobs]
	# Or with curl:
	# curl -fsSL https://gist.githubusercontent.com/tonylampada/20b7bc984a455f53e2d07f88b33bf43c/raw/generateS3SignedUrls.sh \| bash -s -- s3://bucket/path output.jsonl

	set -e

	# Check if S3 path is provided