Existing MCP authorization mechanisms struggle to handle risky invocation parameters, often leading to user consent fatigue and lacking fine-grained control. This work proposes Conleash, a client-side middleware that automatically permits safe calls using a risk lattice, integrates a policy engine enabling users to define custom invariants, and leverages refinement loops to transform one-time user decisions into reusable, boundary-aware authorization rules. Evaluated on 984 real-world traces, the system achieves 98.2% accuracy and captures 99.4% of risk escalations, with policy validation introducing only 8.2 ms of overhead. A user study (N=16) demonstrates that participants significantly trust and prefer this approach over existing methods.

As Model Context Protocol adoption grows, securing tool invocations via meaningful user consent has become a critical challenge, as existing methods, broad always allow toggles or opaque LLM-based decisions, fail to account for dangerous call arguments and often lead to consent fatigue. In this work, we present Conleash, a client-side middleware that enforces boundary-scoped authorization by utilizing a risk lattice to auto-permit safe calls within known boundaries while escalating risks, a policy engine for user-defined invariants, and a refinement loop that converts user decisions into reusable rules. Evaluated on 984 real-world traces, Conleash achieved 98.2% accuracy, caught 99.4% of escalations, and added only 8.2 ms of overhead for policy verification; furthermore, in a user study where N=16, participants significantly preferred Conleash scoped permissions over traditional methods, citing higher trust and reduced prompting.