Beans to Bots: Hacking My Coffee Machine with AI
This post is not sponsored in any form.
Speciality coffee has been in my life for over a decade. What used to be near-impossible to find is now commonplace, even in chains like Starbucks. Over the years, I've roasted coffee, formed a business around it and quested for the perfect espresso. Naturally, I found ways to incorporate technology; I've written a library for my roaster, built a web application to interface and manage coffee inventory and found ways to apply data analysis to compare coffees. These days, I spend more time enjoying coffee than I do the process, so when I saw Fellow had developed an automated coffee brewer, I purchased immediately.
I've had the Fellow Aiden for months and it makes a great cup of coffee, largely in-part due to the innovations they've made in temperature stability and other well-thought features. The bonus of the product was its connection to the Internet and ability to get brewing recipes delivered to the machine from Fellow directly. They partner with roasters, experiment to find the best recipe that highlights the coffee and then ship direct to you and the machine. Conceptually, their approach allows you to replicate the same cup of coffee they managed to achieve in the lab, but in your home. It's an awesome idea and I've very much enjoyed it.
Two weeks ago, I deviated from the Fellow path and bought a few coffees on my own. In particular, I had a blend from Black and White roasters that had a whopping six different coffees with wildly different profiles. Unsure how to proceed, I turned to AI to see how it would do in suggesting a recipe. It took about an hour of prompt engineering and experimentation, but I ended up with a good-looking output and one I manually entered into my Fellow app to sync with the machine. The next day I brewed the new coffee and I was blown away. So blown away, everything that follows this long preamble, is because of how much I enjoyed that cup of coffee.
Hack the Aiden
As I sat at my table, I reflected on how amazing it was to be enjoying such a great cup of coffee and how AI helped to form such a good recipe. While using ChatGPT and manually entering the recipe into the app was fine, I wanted more automation. Part of the magic of the Aiden is the internet connection and ability to get recipes synced from Fellow or within the app. This meant there was an interface I could leverage, if only I could enumerate it properly.
Enter, Proxyman. I found this app when looking for a way to proxy traffic egressing from my phone to the Internet. Using the app, I performed every activity I had available and captured all the traffic. Within 10 minutes, I had a full enumeration of the Aiden API calls along with sample requests/responses and I never left the table. Thinking back 12 years ago and the tools that would have been required to achieve this is just astonishing. Modern technology rocks.
Have Spec, Will Dev
With the API endpoints in hand, I moved to building a harness. My goal with any coding project like this is to first prove the end-to-end outcome is possible through hacky code, then move to a proper implementation. Very quickly, I was able to get authenticated, and was immediately overwhelmed with the device configuration that came back from the initial device listing. The Fellow application is extremely minimal, yet the device configuration implied a lot more configurable options. Before diving into that, I stubbed a sample profile out and posted it to the machine with success.
Coming back to the device configurations, there were all sorts of settings that I grouped into "reporting", "monitoring", "configuration" and "customization". Curious, I began attempting to play around with different data points. Fellow embeds simplistic games into their devices and I noticed a "gameHighScore" field set to None, that asked to be set to 99999. No dice. My other immediate area of interest was "enabledFlags", but this too could not be adjusted. Fellow either through anticipation of having their API enumerated, or more than likely, as general good product practice, have appeared to gate specific functionality behind flags that are set with privileged accounts or specific device IDs. Good on them, and no material take-away from me as I can still post my custom recipes.
9b
Python fellow-aiden library
As a next task, I moved to build out a proper Python library. I wanted this to ease my interface with the machine and have it serve as the foundation to any application I or someone else would build. Hacking these projects out is easy as I have templates and the API was small. I released the library that night and woke the next day to feature requests. Apparently someone found my library and began forming a Home Assistant integration for it. It ended up being one of those unique moments where two independent people were both working at the same time, collaborating on two independent projects in real-time and making both our outcomes better.
Let the AI Cook
I decided I would approach the application build a bit differently. Under normal circumstances, I'd use an existing template and finish the app extremely fast. Given the success I had with OpenAI O1 model on recipe development, I decided I would have AI lead the way on the application. I formed a sparse specification of what I wanted the app to do, how it should be laid out and several interactions I wanted to achieve. Every O1 output would get copied and ran with no material change from myself. Errors were fed back into the model and the process was repeated. In total, I did about 30 turns against the model to get a lot of what I wanted.
Overall, O1 was successful in building the application, though I had to step in multiple times to make adjustments. Still, it did a good job and it's easy to see how outputs will improve over time and how those with less experience could eventually describe what they want and have a software agent build it. For the models of today, I observed they tend to focus on parts of the code that may not matter and spend too much time extrapolating from variables or concepts humans would ignore. I also noticed that the model would form a clean implementation, and when asked to perform a similar task, wouldn't bother using what it previously created, but would instead create an elaborate and useless new version. In retrospect, I also realized my "spec" was really just a starting point and only once I began seeing the code did my ideas solidify.
To properly test the models ability to code, I pasted the finished application into O1 and asked it to form a detailed spec that a developer could use to recreate the project. I then fed that spec directly into Deepseeks R1 model to see what it would come up with. In the first pass, I got over 90% of the same code, demonstrating how important a well-written and detailed spec was to a more robust output. Of course, I still had to make minor adjustments to get the application fully functional, but it was far less work to do and hinted at what future development patterns may look like.
Open the Podbay Doors, Please, Aiden
Once complete, I deployed the application to a hosted environment and shared with the Fellow tribe on Reddit. It was exciting to see the feedback and feature requests stream in. I worked fast to knock each one of them out and after the initial flurry, took a look at my work and thought, I can take this one step further. And what better time to knock out development than on a 5 hour plane trip across the country.
For the final application form, I wanted to embody the Fellow Aiden as an AI agent. I worked several security problems using multi-agent frameworks like Autogen and CrewAI in the past, but for this, I felt the OpenAI Assistants API was the best choice, plus despite knowing all of the features, I had not built anything with it yet. As I did with the first app, I used O1 to help me out. This time, I took a staged approach where I first formed a basic chat application that used the API and then moved to merge the Fellow library capabilities. Within three hours, I had a completed assistant capable of scraping coffee websites, forming recipes and sending them to the machine.
In general, I am not a fan of making every interface a chat, but felt this use case worked well. My click-ops recipe development offered more ways to customize and manage recipes, but I found myself not deviating that much from what the AI suggested. I found the chat interface useful for articulating what I want and having AI select and execute the right tools and give me back results. I found I had more flexibility in adjusting the outputs and it was pretty cool to consider I was chatting with a coffee machine (in a way).
Parting Thoughts
Adding AI to my Fellow Aiden has made the product even more enjoyable and apparently, others feel the same. What made this project a lot of fun was that it combined coffee, security, technology and AI into a single output that I now use on a routine basis. More importantly, this project was a reminder that there's greater way to learn than getting your hands dirty and working through a problem. I've made extensive use of AI in my daily routines and it's the focus of my full time job, but I had not bothered to have AI build an application from scratch. The experience left me equally parts frustrated as I was amazed.
It's clear to see the future of software development is likely to radically change within the next year or two. My post, "If you can write, you're a developer", from last year has aged well and we are on a pathway where those without deep technical experience will be able to imagine software applications, both for the web and mobile devices. As more capable models and tools hit the market, I expect to see a lot more software "developed" and deployed. The code these models create won't always use the most secure libraries or best practices; they will introduce bugs, evaluate remote code and lead to compromises. Yet, in time, I believe this will also improve, especially with reasoning models.
For those in security today, start thinking about a future where non-technical users are deploying applications at global scale. Humans will fail to keep up, and while our tools of today will help us locate the issues, they are not enough to exact the fixes. As defenders, we need to rethink our roles with AI at the forefront. If you're not using the technology yet, you ought to start.
Stay curious.
P.S. If folks from the Fellow team see this, here's a few suggestions
- You are ahead of the curve in blending technology and coffee together
- Design AI into your processes now and start building a strong foundation
- Adding an assistant to the brewer into the mobile app would be easy to achieve
- Within profiles, allow for additional metadata like ideal grind settings for your products, descriptions and tags
- Increased semantics in profile data allow for AI to be used in suggesting new recipes or guiding a user to a new coffee based on characteristics they like
- Create a central community space to discover and share profile information
