62 tools from the Qiskit IBM Runtime MCP Server MCP Server, categorised by risk level.
View the Qiskit IBM Runtime MCP Server policy →account_info Account details including channel, url, token (masked for security) 2/5 accounts Dictionary of saved accounts (keyed by account name) 2/5 adjacency_list Neighbor mapping for each qubit 2/5 average_path_length Mean shortest path between qubit pairs 2/5 backend Name of the backend used 2/5 backend_name Name of the backend (e.g., `ibm_brisbane`) 2/5 bidirectional Whether all connections work in both directions 2/5 CANCELLED Job was cancelled 2/5 chain_length Number of qubits in the chain (default: 5, range: 2-20) 2/5 channel Service channel (default: `"ibm_quantum_platform"`) 2/5 circuit Quantum circuit (OpenQASM 3.0/2.0 string or base64-encoded QPY). Must include measurement operations. 2/5 circuit_format `"auto"` (default), `"qasm3"`, or `"qpy"` 2/5 combined Weighted combination of gate errors, readout, and coherence 2/5 connectivity Maximize internal edges and minimize path lengths 2/5 connectivity_ratio internal_edges / max_possible_edges 2/5 counts Dictionary of measurement outcomes and their counts (e.g., `{"00": 2048, "11": 2048}`) 2/5 dd_sequence DD pulse sequence: `"XX"`, `"XpXm"`, or `"XY4"` (default) 2/5 deleted Boolean indicating if deletion was successful 2/5 DONE Job completed successfully 2/5 dynamical_decoupling Suppress decoherence during idle periods (default: True) 2/5 edge_errors Two-qubit gate error for each internal edge 2/5 edges List of [control, target] qubit connection pairs 2/5 ERROR Job failed with an error 2/5 execution_time Quantum execution time in seconds (if available) 2/5 faulty_gates List of non-operational gates with affected qubits 2/5 faulty_qubits List of non-operational qubit indices 2/5 gate_error Minimize total two-qubit gate errors on internal edges 2/5 INITIALIZING Job is being prepared 2/5 instance_crn The CRN string identifying the active instance 2/5 instances List of available instances with CRN, plan, name, and pricing info 2/5 internal_edges Number of edges within the subgraph 2/5 job_id Get quantum job details by ID 2/5 job_status Current status of the job 2/5 limit The N of jobs to retrieve 2/5 measure_twirling Measurement twirling for readout error mitigation (default: True) 2/5 message Status message 2/5 metric Scoring metric to optimize: 2/5 num_qubits Number of qubits in the subgraph (default: 5, range: 2-10) 2/5 num_results Number of top subgraphs to return (default: 5, max: 20) 2/5 observables Observable(s) to measure. Accepts: 2/5 optimization_level Transpilation level 0-3 (default: 1) 2/5 qubit_details T1, T2, readout_error for each qubit 2/5 qubits List of qubit indices in the subgraph (sorted) 2/5 QUEUED Job is waiting in the queue 2/5 qv_optimized Balanced scoring for QV (connectivity + errors + coherence) (default) 2/5 readout_error Minimize sum of measurement errors 2/5 resilience_level Error mitigation level 0-2 (default: 1) 2/5 RUNNING Job is currently executing 2/5 score Total score (lower is better) 2/5 shots Number of measurement repetitions (default: 4096) 2/5 status "success" or "error" 2/5 total_instances Count of available instances 2/5 twirling Pauli twirling on 2-qubit gates (default: True) 2/5 two_qubit_error Minimize sum of CX/ECR gate errors (default) 2/5 usage Usage metrics including: 2/5 usage_consumed_seconds Time consumed this period 2/5 usage_limit_reached Boolean indicating if limit is reached 2/5 usage_limit_seconds Total quota for the period 2/5 usage_period Current billing period 2/5 usage_remaining_seconds Remaining quota 2/5 zne_mitigation Enable Zero Noise Extrapolation (default: True) 2/5 The Qiskit IBM Runtime MCP Server MCP server exposes 62 tools across 2 categories: Read, Destructive.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Qiskit IBM Runtime MCP Server server.
Qiskit IBM Runtime MCP Server tools are categorised as Read (61), Destructive (1). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept