refactor(policies): prefix SG guardrail policy IDs with country code

[ron-zhong]

Type

🧹 Refactoring

Changes

• Align SG guardrail policy IDs to common country-code-first convention.
• Rename pdpa-sg-* -> sg-pdpa-* and mas-sg-* -> sg-mas-* in policy references and guardrail_name values.
• Apply updates in policy_templates.json and litellm/policy_templates_backup.json.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
litellm	Ready	Preview, Comment	Feb 24, 2026 3:58am

[CLAassistant]

All committers have signed the CLA.

[greptile-apps]

Greptile Summary

Renames Singapore guardrail policy IDs from regulation-first (pdpa-sg-*, mas-sg-*) to country-first (sg-pdpa-*, sg-mas-*) in both policy_templates.json and the backup copy. No code logic changes—only string identifier renames in data files.

• All references to the old IDs have been removed; no stale references remain in the codebase
• Both JSON files remain valid after the rename
• Existing tests in tests/guardrails_tests/test_sg_pdpa_guardrails.py already use the new sg- prefixed naming convention
• The new convention is inconsistent with existing EU GDPR guardrails which use gdpr-eu-* (regulation-first), though it aligns with the EU AI Act naming pattern (eu-ai-act-*). Consider standardizing the GDPR IDs as well for full consistency

Confidence Score: 4/5

• This PR is safe to merge — it only renames string identifiers in JSON data files with no logic changes.
• Score of 4 reflects that the changes are purely mechanical string renames in JSON configuration files, both files validate as correct JSON, no stale references remain, and tests already align with the new naming. Deducted 1 point for the naming convention inconsistency with existing EU GDPR guardrails.
• No files require special attention. Both JSON files contain straightforward identifier renames.

Important Files Changed

Filename	Overview
policy_templates.json	Renames SG guardrail IDs from pdpa-sg-*/mas-sg-* to sg-pdpa-*/sg-mas-* across guardrails arrays, guardrailDefinitions, and policy guardrails_add lists. JSON remains valid. Note: naming convention is inconsistent with existing EU policies that use gdpr-eu-*.
litellm/policy_templates_backup.json	Mirror of the same guardrail ID renames as policy_templates.json. Backup file stays in sync with the primary template. JSON is valid.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[policy_templates.json] -->|"defines guardrail IDs"| B["SG PDPA Policy\n(pdpa-singapore)"]
    A -->|"defines guardrail IDs"| C["SG MAS Policy\n(mas-ai-risk-management)"]
    
    B -->|"renamed: pdpa-sg-* → sg-pdpa-*"| D["sg-pdpa-pii-identifiers\nsg-pdpa-contact-information\nsg-pdpa-financial-data\nsg-pdpa-business-identifiers\nsg-pdpa-personal-identifiers\nsg-pdpa-sensitive-data\nsg-pdpa-do-not-call\nsg-pdpa-data-transfer\nsg-pdpa-profiling-automated-decisions"]
    
    C -->|"renamed: mas-sg-* → sg-mas-*"| E["sg-mas-fairness-bias\nsg-mas-transparency-explainability\nsg-mas-human-oversight\nsg-mas-data-governance\nsg-mas-model-security"]
    
    A -.->|"synced to"| F[litellm/policy_templates_backup.json]

Loading

_{Last reviewed commit: d15423d}

[greptile-apps]

_{2 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Inconsistent naming convention across regions

The SG guardrails now use country-first naming (sg-pdpa-*, sg-mas-*), but existing EU GDPR guardrails still use regulation-first naming (gdpr-eu-*) — see lines 950–1024. The EU AI Act guardrails use eu-ai-act-* (region-first, consistent with this PR), but the GDPR ones do not.

If the intent is to standardize on country/region-first, consider also renaming gdpr-eu-* → eu-gdpr-* for full consistency. Otherwise, the codebase will have two different conventions for the same concept.

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}