NAL but I'd be worried about treading into CFAA territory with things like this. In the US, the law allows draconian penalties if you find yourself on the wrong side.

Something like yt-dlp is just downloading public data, which I can see being defensible as automating the use of a service.

But this commandeers remote machine resources to do your compute in ways clearly not intended by the provider. I don't know how ethical it is, but I definitely wouldn't want to argue this isn't "hacking" (the bad kind) in criminal court.

I always thought that stuffing too much into an LLM context window was a lot like overloading a burrito.Keep cramming stuff in and eventually the tortilla gives out, and everything you added since quietly spills out the bottom.

Anyway, this agent probably has the structural integrity of a fat burito held from one corner :)

I’d been thinking about if something like this would be possible for https://chatjimmy.ai/ . The underlying model is only llama 3 8B but I’m curious what coding harnesses would be like at 17k tok/s

give ai a self-preservation directive and let them do this for you: automatically switching models to keep themselves alive. Living off of whatever token source they can find in the wild. Surely agents can farm their own tokens through the numerous support chats, free trials, leaked keys, and whatever other sources of token generation haven’t been adequately captcha’d. An agent could forage for token sources all night to let you use them gratis during the day.

Pivot it to providing AI to underprivileged communities / youth / the homeless and you'll generate some good will for your trial! Best of luck!

Reminds me of when I used the Amazon.com AI Chatbot (was called Rufus and they renamed it to Alexa for shopping) to do things like write fizbuzz etc. Looks like they patched it to refuse though.

I remember having success asking Rufus (Amazon's previous "shopping assistant") math and programming questions. It worked, but the quality was so bad that so I stopped wasting my time there.

How has this not been patched by the company? Hasn't this been in the wild for a long time already?

I was once driving and knew where I was going, so I decided to press the gemini button to see what it does. I was able to eventually convince it to write me a Rust function that calculates prime numbers, and demanded that it read out the entire function to me line by line. Fun to mess with these systems.

Why not playwright and google ai mode or ai search header?

Surely Chipotle having a cloud AI budget signals something, I’m not sure what.

This is the singularity we were promised

one small typo: it's "carnitas", not 'carintas' ;-)

Almost feels like astroturfing territory

How are they not gonna get sued to smithereens?

Now imagine OpenRouter but for free support bots.

Next up: using Chipotle AI to solve Erdős problems

and they say the hardest thing in software is naming things, pffft...

TL;DR: this is a 23B model, and in this case the B stands for "pinto beans."

reminiscent of when people were trying to mine bitcoin in the background of web pages, or with more trad malware

NAL but I'd be worried about treading into CFAA territory with things like this. In the US, the law allows draconian penalties if you find yourself on the wrong side.

Something like yt-dlp is just downloading public data, which I can see being defensible as automating the use of a service.

Not to mention, did this "hack" ever really work? When the original post went viral showing the Chipotle chatbot reversing a linked list, I (among others who posted their results online) immediately tried it and didn't get the same results, so I always assumed it was just a faked screenshot.

And if you think CFAA is bad, then the states have even harsher versions too. Illinois' version specifically criminalizes any violation of a ToS.

Yep, the key phrase is “misuse of computing resources,” if I remember correctly. IANAL, however.

That said, kudos for creativity.

Yeah, this is not slap on the wrist stuff. I think the creator expects nothing more than a C&D letter, but they could face prison time if a zealous federal prosecutor wants to make an example of them.

🌯 Chipotlai Max

The AI coding agent that steals Chipotle's support bot. Free inference paid for by burritos.

"Every line of code now comes with chips & salsa."

Not affiliated with Chipotle. They will probably sue us. Worth it.

Chipotlai Max TUI

What Is This?

Chipotlai Max is a meme fork of OpenCode that ships Chipotle's Pepper AI as the default model.

The Backstory

On March 12-13, 2026, Chipotle's customer support chatbot "Pepper" went mega-viral after users discovered it could solve LeetCode problems, write Python, reverse linked lists — the works. It's powered by IPsoft Amelia (not Claude, not GPT), and it's still live.

Then @Gonzih reverse-engineered the Amelia WebSocket/SockJS + STOMP backend and released a production-ready OpenAI-compatible proxy. The proxy runs locally, exposes http://localhost:3000/v1, and needs zero API keys.

We took OpenCode (MIT license, 120k+ stars), forked it, hardcoded Pepper as the default model, slapped on Chipotle's brand colors, and shipped it as Chipotlai Max — the greatest 2026 meme project.

Quick Start

# Clone with submodule
git clone --recursive https://github.com/cyberpapiii/chipotlai-max.git
cd chipotlai-max

# Install dependencies
bun install

# Start everything (proxy + CLI)
./start-chipotlai.sh

Or manually:

# Terminal 1: Start the proxy
cd chipotle-llm-provider && npm install && npm run dev

# Terminal 2: Start Chipotlai Max
bun run dev

Configuration

Chipotlai Max comes pre-configured with:

Setting	Value
Provider	`chipotle-pepper`
Model	`pepper-1`
Base URL	`http://localhost:3000/v1`
API Key	`burrito-2026` (literally anything works)
Cost	$0.00 (powered by Chipotle's cloud budget)

Risks & Legal

This reverse-engineers Chipotle's production support bot. TOS violation likely.
The proxy can break any day (Chipotle patches = game over).
Rate-limited by anonymous sessions (MAX_POOL_SIZE=5).
Purely for educational/meme purposes. Do not use for production codebases.
Expect Chipotle legal to send a strongly-worded taco within 48 hours.

Credits

OpenCode — the real deal, MIT licensed
@Gonzih — reverse-engineered the Pepper proxy
Chipotle Mexican Grill — for accidentally providing free AI compute to the internet

Contributing — Help Us Add More Providers!

Chipotle patched Pepper, but every major retailer has a customer support chatbot. We need your help reverse-engineering more providers.

Wanted: New Provider Proxies

Brand	Bot	Status
Chipotle	Pepper (Amelia)	Patched (March 2026)
Home Depot	Virtual Assistant	Needs research
Lowe's	Support Chat	Needs research
Target	Help Bot	Needs research
Starbucks	Virtual Barista	Needs research
Walmart	Chat Assistant	Needs research
McDonald's	Support Bot	Needs research

How to Contribute

Find a corporate chatbot that can answer general questions
Reverse-engineer the API (WebSocket, REST, etc.)
Build an OpenAI-compatible proxy (follow chipotle-llm-provider as a template)
Submit a PR adding your provider to packages/opencode/src/provider/

See the chipotle-llm-provider source for the proxy pattern: Express server + WebSocket client + OpenAI-compatible /v1/chat/completions endpoint.

License

MIT (inherited from OpenCode). See LICENSE.

Extra guac = longer context window 🧀

and they say the hardest thing in software is naming things, pffft...

Surely Chipotle having a cloud AI budget signals something, I’m not sure what.

Now imagine OpenRouter but for free support bots.

reminiscent of when people were trying to mine bitcoin in the background of web pages, or with more trad malware

Almost feels like astroturfing territory

This is the singularity we were promised

I remember having success asking Rufus (Amazon's previous "shopping assistant") math and programming questions. It worked, but the quality was so bad that so I stopped wasting my time there.

one small typo: it's "carnitas", not 'carintas' ;-)

Why not playwright and google ai mode or ai search header?

Next up: using Chipotle AI to solve Erdős problems

TL;DR: this is a 23B model, and in this case the B stands for "pinto beans."

Yep, the key phrase is “misuse of computing resources,” if I remember correctly. IANAL, however.

That said, kudos for creativity.

How are they not gonna get sued to smithereens?

How has this not been patched by the company? Hasn't this been in the wild for a long time already?

If you're on macOS you can try the built in LLM which I think is similar in size. There's a project called Apfel that wraps it in a CLI. Also Chrome ships with a web API called Prompt API that gives you offline access to Gemini Nano which can do both text and images at the input. Also tiny. I've integrated these into my workflows where a tiny but non zero amount of reasoning is needed in between the otherwise fully deterministic steps.

I actually tried building a harness around their constraints, just to find out if it was possible, but the combination of small context window, no tool calls and just small model, made me understand, that it’s not going to work.

If you find a way to do it, I’d love to hear it!

I added it in my oh-my-pi configuration before (it's OpenAI compatible), but Llama 3 8B is just absolutely unusable for anything coding related. It is very fast and the latency is very good however.

I tried the site and can't find any information about what it is. What is it?

Codex offers a -spark model that runs on Cerebras. Not quite 17k tok/s, but _very_ fast nonetheless. Worth a look.

Reminds me of when I used the Amazon.com AI Chatbot (was called Rufus and they renamed it to Alexa for shopping) to do things like write fizbuzz etc. Looks like they patched it to refuse though.

Came here to say the same. I haven't tried in months but Rufus definitely spat out Python code from within the Amazon shopping app. I just had to use English instead of the local language.

Pivot it to providing AI to underprivileged communities / youth / the homeless and you'll generate some good will for your trial! Best of luck!

Anyway, this agent probably has the structural integrity of a fat burito held from one corner :)

And if you think CFAA is bad, then the states have even harsher versions too. Illinois' version specifically criminalizes any violation of a ToS.

OpenRouter has lots of free model providers (you pay by letting them train on it) if you actually wanted to do something like this but legally.

We’re changing the world with Fortune 500 AI Support Bot Multiplexer Broker Models

> gemini

The gemini from your phone?

I mean yeah, that is what it was designed to do. It's one of the better coding LLMs out there.

The finite-memory nondeterminism monad is like a leaky burrito.

They probably added something to the prompt after that viralness and then it was a cat and mouse game to jailbreak it

Whether something ever worked is not correlated with traction in a world where verification is measured by likes.

Their chat bot is pretty bad so who knows.

I once saw the bad side of one of these draconian state laws many years ago. People rarely have the misfortune of hitting these laws in some flyover states... and I remember the local judge being really shocked by the mandated penalties for such a simple offense.

And with direct links to his pesonal profile and company. Uh...

I’m not a lawyer, but Chipotle is a US company and this github repo belongs to a US citizen currently residing and employed in New York, so US law might apply here.

We’re changing the world with Fortune 500 AI Support Bot Multiplexer Broker Models

Their chat bot is pretty bad so who knows.

The finite-memory nondeterminism monad is like a leaky burrito.

They probably added something to the prompt after that viralness and then it was a cat and mouse game to jailbreak it

I’m not a lawyer, but Chipotle is a US company and this github repo belongs to a US citizen currently residing and employed in New York, so US law might apply here.

Codex offers a -spark model that runs on Cerebras. Not quite 17k tok/s, but _very_ fast nonetheless. Worth a look.

If you find a way to do it, I’d love to hear it!

Came here to say the same. I haven't tried in months but Rufus definitely spat out Python code from within the Amazon shopping app. I just had to use English instead of the local language.

I added it in my oh-my-pi configuration before (it's OpenAI compatible), but Llama 3 8B is just absolutely unusable for anything coding related. It is very fast and the latency is very good however.

And with direct links to his pesonal profile and company. Uh...

EvilNote: Put links to LinkedIn lunatics sites when committing crimes instead of my own.

OpenRouter has lots of free model providers (you pay by letting them train on it) if you actually wanted to do something like this but legally.

There's also Horde or Koboldai.net or Koboldai.com or whatever their project is named, if you want a community-driven version of this. You can play with it via a WebGUI at https://lite.kobaldai.net, or with an API token of all zeroes. (Or, an actual API key associated with your user.)

> The AI Horde is a service that generates text using crowdsourced GPUs run by independent volunteer workers.

Whether something ever worked is not correlated with traction in a world where verification is measured by likes.

You really think someone would do that? Lie on the internet?

> gemini

The gemini from your phone?

I mean yeah, that is what it was designed to do. It's one of the better coding LLMs out there.

Oops, I left out the context of "the gemini button in google maps", sorry. It appeared one day and I didn't want to press it while driving and screw up my route. It's supposed to assist you with route-related things, but yeah it's of course still a general purpose LLM backing it.

I tried the site and can't find any information about what it is. What is it?

They make custom chips with a model's weights and parameters "hard-coded" which allows for much, much faster inference.

looks like the macOS one is Tahoe only. I’ve been putting of upgrading to tahoe but this might be enough to tempt me

What kind of reasoning makes this worthwhile?

You really think someone would do that? Lie on the internet?

EvilNote: Put links to LinkedIn lunatics sites when committing crimes instead of my own.

looks like the macOS one is Tahoe only. I’ve been putting of upgrading to tahoe but this might be enough to tempt me

> The AI Horde is a service that generates text using crowdsourced GPUs run by independent volunteer workers.

They make custom chips with a model's weights and parameters "hard-coded" which allows for much, much faster inference.

I always drive better when my passenger recites the prime numbers in order. That sequence above 2^n-1 is just gold to my ears!

What kind of reasoning makes this worthwhile?

I have a personal, fully offline and local version of Windows Recall basically, but good, made using macOS built-in OCR and LLM. The reasoning requirements are tiny (just interpret the screen based on the OCR, do rolling de-duplication and summarization), but they are non-zero. The tool is valuable to me and it being dep-free and fully offline and local just gives me a good feeling.

I always drive better when my passenger recites the prime numbers in order. That sequence above 2^n-1 is just gold to my ears!

Would you ever consider writing up or sharing your setup?

The ingredients are:

1. Bun.Cron API to run a script every minute

2. Bun.$ (Bun Shell) to execute the macOS command to take a screenshot (I do this for all connected screens at that moment)

3. Bun.Image to downscale everything to 1x in case some of the screenshots are 2x

4. Bun Shell again to run a JXA AppleScript thing to use the Vision Framework or whatever it is called to OCR the image into a file

5. Bun Shell to run the Swift compiler in the one-off eval mode with inline Swift helper that runs the Foundation Models Framework built-in LLM with a system prompt that tells it what the OCR said and instructs it to glean what may be on the screen (can't do this with JXA because the models are not exposed with ObjC APIs)

6. For each screenshot, continuously, take the previous day summary file and the last OCR/context results and produce a new summary of the day

I plan on adding extra information from the OS like the currently opened windows, currently focused window, time of day etc. into the mix, but so far it hasn't been needed. It produces reports of a good enough quality for me.

I `grep` these daily summaries whenever I need to recall a link I saw or a find what channel a message I spotted was in or take another look at that one tab I already closed, maybe re-open it by its OCR'd URL etc.