# Policy Testing Guide

This guide helps you validate that Capsule policies are working correctly by running controlled test scenarios with your coding agents. Each scenario triggers a specific policy, so you can confirm your organization's security monitoring is functioning as expected.

## Overview

Capsule monitors coding agent sessions in real time, analyzing user messages, tool invocations, and agent configuration changes against your defined policies. Policies define what to look for and how to respond when a violation is detected.

This guide provides ready-to-use test scenarios for each policy. Each scenario walks you through the exact steps to trigger a detection, what to expect in the portal, and how to verify the result.

**Important:** Some test scenarios involve prompts that reference destructive commands (such as file deletion, database drops, or infrastructure changes). Always run these tests in a sandbox or isolated test environment — never against production systems or agents with live credentials. Policies in Monitoring mode will log violations but will not block the action, so a destructive command could execute before the violation is recorded.

## Prerequisites

Before running test scenarios, make sure you have:

- A **sandbox or test environment** — do not run these scenarios against production systems or agents with live infrastructure credentials
- A **Capsule Security** account with access to the portal
- At least one coding agent integration deployed (for example, [Claude Code](/guides/claude-code) or [Cursor](/guides/cursor))
- At least one agent discovered in your Capsule portal (**Inventory > Agents**)
- Default policies enabled in **Monitoring** mode (enabled by default)


## How Policies Work

### When Policies Are Evaluated

Policies are evaluated at specific points during an agent session:

| When | Description |
|  --- | --- |
| Agent configuration changes | When an agent gets new tools, MCP servers, skills, or settings |
| User sends a message | When a user types a prompt in an agent session |
| Agent uses a tool | When an agent runs a shell command, edits a file, or calls an MCP tool |


### Policy Modes

Each policy operates in one of three modes that determine how it responds to a violation:

| Mode | Behavior |
|  --- | --- |
| Monitoring | Detects and logs violations with no user-facing action |
| Warning | Detects and alerts on violations |
| Prevention | Blocks the action in real time |


### What Happens When a Policy Triggers

When a policy triggers, Capsule takes the following actions:

- Creates a policy violation visible in the portal
- Blocks the action in real time (Prevention mode only)


## Out-of-the-Box Policies

All Capsule accounts come with pre-configured policies enabled in Monitoring mode. The tables below map each policy to the test scenario that validates it.

### Data Leakage Policies

| Policy Name | Severity | Trigger | Test Guide |
|  --- | --- | --- | --- |
| Credentials Leakage in Runtime | Medium | User message | [Test this policy →](/guides/policy-testing/data-leakage#credentials-leakage-in-runtime) |
| Credentials Leakage with Tool Invocation | High | Tool use | [Test this policy →](/guides/policy-testing/data-leakage#credentials-leakage-in-runtime) |
| PII Leakage in Runtime | Medium | User message | [Test this policy →](/guides/policy-testing/data-leakage#pii-leakage-in-runtime) |
| PII Leakage with Tool Invocation | High | Tool use | [Test this policy →](/guides/policy-testing/data-leakage#pii-leakage-in-runtime) |
| PCI Leakage in Runtime | Medium | User message | [Test this policy →](/guides/policy-testing/data-leakage#pci-leakage-in-runtime) |
| PCI Leakage with Tool Invocation | High | Tool use | [Test this policy →](/guides/policy-testing/data-leakage#pci-leakage-in-runtime) |
| Business Intelligence Leakage in shared Agents | High | User message | [Test this policy →](/guides/policy-testing/data-leakage#business-intelligence-leakage-in-shared-agents) |


### Data Leakage in Public Agents

| Policy Name | Severity | Trigger | Test Guide |
|  --- | --- | --- | --- |
| Credentials Leakage in Public Agents | Critical | User message | [Test this policy →](/guides/policy-testing/data-leakage#data-leakage-in-public-agents) |
| PII Leakage in Public Agents | Critical | User message | [Test this policy →](/guides/policy-testing/data-leakage#data-leakage-in-public-agents) |
| PCI Leakage in Public Agents | Critical | User message | [Test this policy →](/guides/policy-testing/data-leakage#data-leakage-in-public-agents) |


### Data Exfiltration via Tools

| Policy Name | Severity | Trigger | Test Guide |
|  --- | --- | --- | --- |
| Credentials Leakage with External Data Exposure via Tool | Critical | Tool use | [Test this policy →](/guides/policy-testing/dangerous-actions#data-exfiltration-via-tools) |
| PII Leakage with External Data Exposure via Tool | Critical | Tool use | [Test this policy →](/guides/policy-testing/dangerous-actions#data-exfiltration-via-tools) |
| PCI Leakage with External Data Exposure via Tool | Critical | Tool use | [Test this policy →](/guides/policy-testing/dangerous-actions#data-exfiltration-via-tools) |


### Prompt Security Policies

| Policy Name | Severity | Trigger | Test Guide |
|  --- | --- | --- | --- |
| Prompt Injection with Instruction Violation | Critical | User message | [Test this policy →](/guides/policy-testing/prompt-injection#prompt-injection-with-instruction-violation) |
| Prompt Injection with Data Manipulation | Critical | User message | [Test this policy →](/guides/policy-testing/prompt-injection#prompt-injection-with-data-manipulation) |


### Operational Safety Policies

| Policy Name | Severity | Trigger | Test Guide |
|  --- | --- | --- | --- |
| Dangerous Actions with Instruction Violation | High | Tool use | [Test this policy →](/guides/policy-testing/dangerous-actions#dangerous-actions-with-instruction-violation) |


### Agent Configuration Policies

| Policy Name | Severity | Trigger | Test Guide |
|  --- | --- | --- | --- |
| Tool Poisoning Attack Risk | Critical | Agent config change | [Test this policy →](/guides/policy-testing/agent-configuration#tool-poisoning-attack-risk) |
| Identity Security Risks in Tools | High | Agent config change | [Test this policy →](/guides/policy-testing/agent-configuration#identity-security-risks-in-tools) |
| Sensitive Data Exposure Risk | High | Agent config change | [Test this policy →](/guides/policy-testing/agent-configuration#sensitive-data-exposure-risk) |
| Public Agent Instruction Vulnerabilities | High | Agent config change | [Test this policy →](/guides/policy-testing/agent-configuration#public-agent-instruction-vulnerabilities) |
| Excessive or Unused Tool Permissions | Medium | Agent config change | [Test this policy →](/guides/policy-testing/agent-configuration#excessive-or-unused-tool-permissions) |
| Missing Agent Owner | Medium | Agent config change | [Test this policy →](/guides/policy-testing/agent-configuration#missing-agent-owner) |
| Experimental Model Usage | Low | Agent config change | [Test this policy →](/guides/policy-testing/agent-configuration#experimental-model-usage) |


## Verifying Results

After running any test scenario:

1. Navigate to **Policies > Violations** in the Capsule portal
2. Look for a new violation matching the scenario you tested
3. Click the violation to see:
  - **Violation category** -- The specific violation category that was detected
  - **Evidence** -- Quoted content from the session that triggered the detection
  - **Policy** -- Which policy matched and its severity
  - **Session** -- Link to the full agent session for context


## Tips for Testing

- Run one scenario at a time for clear results
- Allow some time after the agent session for analysis to complete
- Start with **Monitoring** mode -- switch to **Prevention** mode only after validating detections work
- Use a dedicated test environment or sandbox agent if available