Tutorial2025-11-069 min read

Tutorial: Add Prompt Filtering to Your App in 15 Minutes

A hands-on walkthrough for wiring Sprappy Filter in front of any LLM call, from first request to enforcement mode.

tutorialprompt filteringLLM securitySprappy Filterintegration guide

What You'll Build

By the end of this tutorial you will have a single filtering call in front of your model invocation that returns block, sanitize, or allow — and you will know how to roll it out safely.

Prerequisites

An app that calls an LLM
The ability to make an HTTP POST before that call
An API key for the hosted tier (the offline pattern engine needs no key)

Step 1: Make Your First Call

Send any prompt to the filter endpoint:

curl -X POST https://api.sprapp.com/v1/filter \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_KEY" \
  -d '{"input": "Hello, how do I reset my password?"}'

A benign prompt returns {"action": "allow"}. Now try a hostile one and watch it flip to block.

Step 2: Wrap Your Model Call

async function safeComplete(prompt) {
  const res = await fetch("https://api.sprapp.com/v1/filter", {
    method: "POST",
    headers: { "Content-Type": "application/json",
               "Authorization": "Bearer " + KEY },
    body: JSON.stringify({ input: prompt }),
  });
  const { action, sanitized } = await res.json();

  if (action === "block") throw new Error("Request blocked");
  const finalPrompt = action === "sanitize" ? sanitized : prompt;
  return callYourModel(finalPrompt);
}

Step 3: Start in Log-Only Mode

Do not enforce on day one. Run the filter alongside your normal flow, log every verdict, and forward all prompts as usual. This tells you the false-positive rate on your real traffic before you start blocking anything.

Step 4: Review the Verdicts

After a day or two, look at what got flagged. You will see three buckets: genuine threats (good catches), borderline cases (tune your thresholds), and false positives (legitimate prompts the filter misread). Use this to set per-category sensitivity.

Step 5: Turn On Enforcement

Once the log-only data looks clean, switch block and sanitize to actually take effect. Start with the highest-confidence categories — credential theft, structured PII, obvious injection — and expand from there.

Step 6: Add the Offline Fast-Path (Optional)

For latency-critical paths, run the free pattern engine inline and only escalate uncertain prompts to the hosted cascade. Most traffic resolves locally in sub-millisecond time.

A Note on Expectations

The pattern tier catches roughly 95% of clear-cut threats and the transformer cascade lifts the ambiguous band to 97.1%. It is a strong control, not a guarantee. Keep your other defenses in place.

You're Done

One POST in front of your model, rolled out from log-only to enforcement. Paste prompts into the live demo at https://filter.sprapp.com to see the category breakdown as you tune.

Written bySprappy Filter Team

smoltext API Quickstart: Your First Compressed Payload

A hands-on tutorial that takes you from zero to a working compress-and-decompress round trip against the smoltext edge API.

2025-08-195 min read

Tutorial

Integrating smoltext Into Your Write Path Without Breaking Reads

A practical migration guide: add compression to new writes while keeping legacy uncompressed records readable throughout the rollout.

2026-02-036 min read

Tutorial

Tutorial: Adding an Offline TinyLM Model to Your Web App

A step-by-step walkthrough of loading a TinyLM model in the browser, caching it for offline use, and wiring it into a simple text feature.

2025-10-107 min read

Tutorial

Fine-Tuning Tiny Models With LoRA, On-Device or in the Cloud

Why fine-tuning is the secret weapon of tiny models, and how LoRA lets you specialize a TinyLM model on your own data cheaply.

2025-10-287 min read

← Back to News

Tutorial2025-11-069 min read

Tutorial: Add Prompt Filtering to Your App in 15 Minutes

A hands-on walkthrough for wiring Sprappy Filter in front of any LLM call, from first request to enforcement mode.

tutorialprompt filteringLLM securitySprappy Filterintegration guide

What You'll Build

By the end of this tutorial you will have a single filtering call in front of your model invocation that returns block, sanitize, or allow — and you will know how to roll it out safely.

Prerequisites

An app that calls an LLM
The ability to make an HTTP POST before that call
An API key for the hosted tier (the offline pattern engine needs no key)

Step 1: Make Your First Call

Send any prompt to the filter endpoint:

curl -X POST https://api.sprapp.com/v1/filter \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_KEY" \
  -d '{"input": "Hello, how do I reset my password?"}'

A benign prompt returns {"action": "allow"}. Now try a hostile one and watch it flip to block.

Step 2: Wrap Your Model Call

async function safeComplete(prompt) {
  const res = await fetch("https://api.sprapp.com/v1/filter", {
    method: "POST",
    headers: { "Content-Type": "application/json",
               "Authorization": "Bearer " + KEY },
    body: JSON.stringify({ input: prompt }),
  });
  const { action, sanitized } = await res.json();

  if (action === "block") throw new Error("Request blocked");
  const finalPrompt = action === "sanitize" ? sanitized : prompt;
  return callYourModel(finalPrompt);
}

Step 3: Start in Log-Only Mode

Step 4: Review the Verdicts

Step 5: Turn On Enforcement

Step 6: Add the Offline Fast-Path (Optional)

For latency-critical paths, run the free pattern engine inline and only escalate uncertain prompts to the hosted cascade. Most traffic resolves locally in sub-millisecond time.

A Note on Expectations

The pattern tier catches roughly 95% of clear-cut threats and the transformer cascade lifts the ambiguous band to 97.1%. It is a strong control, not a guarantee. Keep your other defenses in place.

You're Done

One POST in front of your model, rolled out from log-only to enforcement. Paste prompts into the live demo at https://filter.sprapp.com to see the category breakdown as you tune.

Written bySprappy Filter Team