feat(webauthn): add webauthn_add_authenticator tool

Implements the ability to add virtual authenticators with configurable:
- protocol (u2f, ctap2)
- transport (usb, nfc, ble, internal)
- hasResidentKey (passkey support)
- hasUserVerification
- isUserVerified

Returns the authenticatorId for use in subsequent operations.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: ed-lepedus-thenvoi

src/tools/webauthn.ts

@@ -5,6 +5,7 @@
  */
 
 import type {CDPSession} from '../third_party/index.js';
+import {zod} from '../third_party/index.js';
 
 import {ToolCategory} from './categories.js';
 import {defineTool} from './ToolDefinition.js';
@@ -25,3 +26,54 @@ export const enableWebAuthn = defineTool({
     response.appendResponseLine('WebAuthn virtual authenticator environment enabled.');
   },
 });
+
+export const addVirtualAuthenticator = defineTool({
+  name: 'webauthn_add_authenticator',
+  description: 'Add a virtual WebAuthn authenticator.',
+  annotations: {
+    category: ToolCategory.EMULATION,
+    readOnlyHint: false,
+  },
+  schema: {
+    protocol: zod
+      .enum(['u2f', 'ctap2'])
+      .describe('The protocol the virtual authenticator speaks.'),
+    transport: zod
+      .enum(['usb', 'nfc', 'ble', 'internal'])
+      .describe('The transport for the authenticator.'),
+    hasResidentKey: zod
+      .boolean()
+      .optional()
+      .describe('Whether the authenticator supports resident keys (passkeys).'),
+    hasUserVerification: zod
+      .boolean()
+      .optional()
+      .describe('Whether the authenticator supports user verification.'),
+    isUserVerified: zod
+      .boolean()
+      .optional()
+      .describe('Whether user verification is currently enabled/verified.'),
+  },
+  handler: async (request, response, context) => {
+    const page = context.getSelectedPage();
+    // @ts-expect-error _client is internal Puppeteer API
+    const session = page._client() as CDPSession;
+
+    const {protocol, transport, hasResidentKey, hasUserVerification, isUserVerified} =
+      request.params;
+
+    const result = await session.send('WebAuthn.addVirtualAuthenticator', {
+      options: {
+        protocol,
+        transport,
+        hasResidentKey: hasResidentKey ?? false,
+        hasUserVerification: hasUserVerification ?? false,
+        isUserVerified: isUserVerified ?? false,
+      },
+    });
+
+    response.appendResponseLine(
+      `Added virtual authenticator (authenticatorId: ${result.authenticatorId})`,
+    );
+  },
+});

tests/tools/webauthn.test.ts

@@ -7,7 +7,10 @@
 import assert from 'node:assert';
 import {describe, it} from 'node:test';
 
-import {enableWebAuthn} from '../../src/tools/webauthn.js';
+import {
+  addVirtualAuthenticator,
+  enableWebAuthn,
+} from '../../src/tools/webauthn.js';
 import {withMcpContext} from '../utils.js';
 
 describe('webauthn', () => {
@@ -34,4 +37,34 @@ describe('webauthn', () => {
       });
     });
   });
+
+  describe('webauthn_add_authenticator', () => {
+    it('adds a virtual authenticator and returns its ID', async () => {
+      await withMcpContext(async (response, context) => {
+        // First enable WebAuthn
+        await enableWebAuthn.handler({params: {}}, response, context);
+
+        // Then add authenticator via tool
+        await addVirtualAuthenticator.handler(
+          {
+            params: {
+              protocol: 'ctap2',
+              transport: 'internal',
+              hasResidentKey: true,
+              hasUserVerification: true,
+              isUserVerified: true,
+            },
+          },
+          response,
+          context,
+        );
+
+        // Response should contain the authenticator ID
+        const hasAuthenticatorId = response.responseLines.some(line =>
+          line.includes('authenticatorId'),
+        );
+        assert.ok(hasAuthenticatorId, 'Should include authenticator ID in response');
+      });
+    });
+  });
 });