13 tools from the Watsonx MCP Server, categorised by risk level.
View the Watsonx policy →key_protect_create_key Create a new encryption key in IBM Key Protect (stored in FIPS 140-2 Level 3 HSM) 2/5 key_protect_unwrap_key Unwrap (decrypt) data using a root key in IBM Key Protect 2/5 key_protect_wrap_key Wrap (encrypt) data using a root key in IBM Key Protect - for envelope encryption 2/5 watsonx_chat Have a conversation with watsonx.ai chat models 2/5 watsonx_embeddings Generate text embeddings using watsonx.ai embedding models 2/5 watsonx_generate Generate text using IBM watsonx.ai foundation models (Granite, Llama, Mistral, etc.) 2/5 zos_connect_call_service Call a z/OS Connect service to interact with mainframe programs (CICS, IMS, batch). Requires ZOS_CONNECT_URL to be configured. 2/5 zos_connect_get_service_info Get detailed information about a z/OS Connect service including its OpenAPI specification 2/5 zos_connect_list_services List available z/OS Connect services (RESTful APIs to mainframe programs). Requires ZOS_CONNECT_URL to be configured. 2/5 The Watsonx MCP server exposes 13 tools across 3 categories: Read, Write, Destructive.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Watsonx server.
Watsonx tools are categorised as Read (3), Write (9), Destructive (1). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept