The latest articles on DEV Community by Guilherme Ferreira (@guilherme_ferreira_87ce22). https://dev.to/guilherme_ferreira_87ce22 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3587691%2F2ddb0667-9f69-4114-a59a-c4653086b9a2.png https://dev.to/guilherme_ferreira_87ce22 en Guilherme Ferreira Sat, 31 Jan 2026 01:14:51 +0000 https://dev.to/guilherme_ferreira_87ce22/i-built-a-serverless-openai-gateway-to-cut-costs-by-30-and-sanitize-pii-open-source-5g06 https://dev.to/guilherme_ferreira_87ce22/i-built-a-serverless-openai-gateway-to-cut-costs-by-30-and-sanitize-pii-open-source-5g06 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc4khcb83p8s23seu2u12.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc4khcb83p8s23seu2u12.png" alt="Dashboard Preview" width="800" height="564"></a></p> <h2> canonical_url: <a href="https://github.com/guimaster97/pii-sanitizer-gateway" rel="noopener noreferrer">https://github.com/guimaster97/pii-sanitizer-gateway</a> </h2> <p>If you are building LLM wrappers or internal tools, you probably noticed two things killing your margins (and your sleep):</p> <ol> <li> <strong>Redundant API Costs:</strong> Users asking the same questions over and over, forcing you to pay OpenAI for the same tokens.</li> <li> <strong>Compliance Anxiety:</strong> The fear of a user accidentally pasting a client's Name, Email, or Tax ID into your chatbot, which then gets sent to a third-party server (OpenAI/DeepSeek).</li> </ol> <p>I looked for solutions, but most were heavy Enterprise Gateways (Java/Docker) or expensive SaaS. So, I decided to engineer my own solution running entirely on the Edge using <strong>Cloudflare Workers</strong>.</p> <p>Here is how I built <strong>Sanitiza.AI</strong>, an open-source gateway that caches requests and scrubs PII before they leave your network.</p> <h2> 🏗️ The Architecture </h2> <p>The goal was <strong>Zero DevOps</strong>. No Docker containers to manage, no Redis instances to pay for. Just pure Serverless functions.</p> <ul> <li> <strong>Runtime:</strong> Cloudflare Workers (TypeScript)</li> <li> <strong>Framework:</strong> Hono (A lightweight web framework, like Express but for the Edge)</li> <li> <strong>Storage:</strong> Cloudflare KV (Key-Value store for caching)</li> <li> <strong>Logic:</strong> Native Web Crypto API for hashing.</li> </ul> <h3> 1. The Money Saver: Smart Caching </h3> <p>For RAG (Retrieval-Augmented Generation) apps, redundancy is huge. To solve this, I implemented a "Smart Cache" mechanism.</p> <p>Before forwarding a request to OpenAI, the Worker creates a <strong>SHA-256 hash</strong> of the request body (the prompt + system instructions).</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> typescript // How we create a unique fingerprint for the request async function generateHash(message: string) { const msgBuffer = new TextEncoder().encode(message); const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer); const hashArray = Array.from(new Uint8Array(hashBuffer)); return hashArray.map(b =&gt; b.toString(16).padStart(2, '0')).join(''); } It then checks Cloudflare KV. Hit: Returns the stored JSON instantly (&lt;50ms latency). Cost: $0. Miss: Forwards to OpenAI, gets the response, and saves it to KV for 24 hours. The Result: In my internal tools, I achieved a ~30% cache hit rate, effectively cutting my OpenAI bill by a third. 2. The Shield: PII Sanitization Sending PII (Personally Identifiable Information) to external LLMs is a GDPR/LGPD nightmare. I implemented a hybrid sanitization engine that runs before the request leaves the Edge. It uses Regex patterns (and can be extended with NER models) to identify sensitive entities. Example Input: "Analyze the contract for john.doe@email.com regarding the debt of $50k." What OpenAI Receives: "Analyze the contract for [EMAIL_HIDDEN] regarding the debt of [MONEY_HIDDEN]." The Worker maintains a mapping of these placeholders. When the LLM responds, the Worker "re-hydrates" the response, putting the real data back in if necessary, so the user never knows it was hidden. 3. The ROI Dashboard Engineering is useless if you can't prove value. I built a simple Admin Dashboard (served by the Worker itself via Hono) that tracks every token saved. (You can see the live calculator in the repo) 🚀 Performance on the Edge The biggest advantage of using Cloudflare Workers over a Python Proxy (like LiteLLM) is latency. The code runs in data centers close to the user. Cold Start: 0ms (practically). Cache Response Time: &lt; 50ms. Throughput: Cloudflare's network handles the load balancing. 💻 The Code (Open Source) I decided to open-source the core engine under the MIT license. You can deploy it to your own Cloudflare account in about 2 minutes using the "Deploy" button. It works with OpenAI, DeepSeek, Groq, and any other compatible API. Repository: github.com/guimaster97/pii-sanitizer-gateway I'm currently looking for contributors to help implement Semantic Caching (using Vectorize) to catch prompts that are similar but not identical. If you are into Rust/WASM or Vector Databases, let's talk! If you found this useful, drop a star on the repo. It helps a lot! </code></pre> </div> cloudflare openai serverless security