Options, Not Clicks: Lattice Refinement for Consent-Driven MCP Authorization

TL;DR

Conleash is a client-side middleware that improves consent-driven authorization for Model Context Protocols by using a risk lattice and user-defined rules, achieving high accuracy and user trust.

Contribution

It introduces a novel risk lattice and refinement loop to enhance consent management, reducing prompts and increasing trust in authorization decisions.

Findings

Achieved 98.2% accuracy in real-world trace evaluation.

Caught 99.4% of escalation cases.

Added only 8.2 ms overhead for policy verification.

Abstract

As Model Context Protocol adoption grows, securing tool invocations via meaningful user consent has become a critical challenge, as existing methods, broad always allow toggles or opaque LLM-based decisions, fail to account for dangerous call arguments and often lead to consent fatigue. In this work, we present Conleash, a client-side middleware that enforces boundary-scoped authorization by utilizing a risk lattice to auto-permit safe calls within known boundaries while escalating risks, a policy engine for user-defined invariants, and a refinement loop that converts user decisions into reusable rules. Evaluated on 984 real-world traces, Conleash achieved 98.2% accuracy, caught 99.4% of escalations, and added only 8.2 ms of overhead for policy verification; furthermore, in a user study where N=16, participants significantly preferred Conleash scoped permissions over traditional methods, citing higher trust and reduced prompting.