[WIP] Expose authenticator as a FIDO2 device

[Copilot]

Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.

Original prompt

For this software authenticator repository, the current main goal is to let this authenticator be exposed as an actual FIDO2 device, and can be detected by the OS FIDO. Currently, after I run it and check how the OS detects it, the console log show as below:

Remove existing Gemini installation

sudo rm -rf "/Applications/Gemini 2.app"

Remove its cached files (optional but recommended)

rm -rf ~/Library/Application\ Support/Gemini\ 2
rm -rf ~/Library/Caches/com.macpaw.Gemini2
rm -rf ~/Library/Preferences/com.macpaw.Gemini2.plist

Reinstall using Homebrew

brew reinstall --cask gemini

One possible cause is:
CTAPHID capability mask never advertises CAPABILITY_NMSG, so hosts assume CTAPHID_MSG is implemented and fall back to U2F when our transport rejects it.
The INIT response is hard-coded to 0x04 (CBOR only), but the CTAP spec requires us to set bit 0x08 when CTAPHID_MSG is not implemented; otherwise enumeration code keeps probing CTAPHID_MSG, sees repeated ERR_INVALID_COMMAND, and never upgrades to CTAP2 (hence the empty AAGUID you’re seeing).

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.