@darbotlabs/darbot-browser-mcp 0.1.1 → 1.3.0

package/lib/auth/index.js

@@ -0,0 +1,210 @@
+/**
+ * Copyright (c) DarbotLabs.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { createEntraIDAuthenticator } from './entraAuth.js';
+import { createApiKeyAuthenticatorFromEnv } from './apiKeyAuth.js';
+import { createDevTunnelAuthenticator } from './tunnelAuth.js';
+import { initializeManagedIdentityAuth, createManagedIdentityConfig, } from './managedIdentityAuth.js';
+/**
+ * Unified Authenticator that combines all auth methods
+ */
+export class UnifiedAuthenticator {
+    config;
+    entraAuth;
+    apiKeyAuth;
+    tunnelAuth;
+    managedIdentityConfig;
+    managedIdentityInitialized = false;
+    constructor(config) {
+        // Build configuration from environment and overrides
+        this.config = {
+            allowAnonymous: process.env.ALLOW_ANONYMOUS_ACCESS === 'true',
+            enableApiKey: process.env.API_KEY_AUTH_ENABLED === 'true',
+            enableEntra: process.env.ENTRA_AUTH_ENABLED === 'true',
+            enableTunnel: process.env.TUNNEL_AUTH_ENABLED === 'true' ||
+                !!process.env.TUNNEL_URL ||
+                !!process.env.CODESPACE_NAME,
+            enableManagedIdentity: process.env.MANAGED_IDENTITY_ENABLED === 'true' ||
+                process.env.AZURE_USE_MANAGED_IDENTITY === 'true' ||
+                !!process.env.IDENTITY_ENDPOINT,
+            requiredRoles: process.env.REQUIRED_ROLES?.split(',').map(r => r.trim()),
+            ...config,
+        };
+        this.entraAuth = createEntraIDAuthenticator();
+        this.apiKeyAuth = createApiKeyAuthenticatorFromEnv();
+        this.tunnelAuth = createDevTunnelAuthenticator();
+        this.managedIdentityConfig = createManagedIdentityConfig();
+    }
+    /**
+     * Initialize async authentication providers
+     */
+    async initialize() {
+        // Initialize Managed Identity if enabled
+        if (this.config.enableManagedIdentity && !this.managedIdentityInitialized) {
+            this.managedIdentityInitialized = await initializeManagedIdentityAuth();
+            if (this.managedIdentityInitialized) {
+                // Reload Entra auth with secrets from Key Vault
+                this.entraAuth = createEntraIDAuthenticator();
+            }
+        }
+    }
+    /**
+     * Check if any authentication is enabled
+     */
+    isAuthEnabled() {
+        return this.config.enableApiKey ||
+            this.config.enableEntra ||
+            this.config.enableTunnel ||
+            this.config.enableManagedIdentity;
+    }
+    /**
+     * Check if a user has the required roles
+     */
+    hasRequiredRoles(user) {
+        if (!this.config.requiredRoles || this.config.requiredRoles.length === 0)
+            return true;
+        return this.config.requiredRoles.some(role => user.roles.includes(role));
+    }
+    /**
+     * Authenticate a request using all available methods
+     */
+    async authenticate(req) {
+        // If no auth is enabled and anonymous access is allowed
+        if (!this.isAuthEnabled() || this.config.allowAnonymous) {
+            return {
+                authenticated: true,
+                method: 'anonymous',
+            };
+        }
+        // 1. Check dev tunnel first (highest priority - trusted transport)
+        if (this.config.enableTunnel && this.tunnelAuth.isTunnelRequest(req)) {
+            const tunnelResult = await this.tunnelAuth.authenticate(req);
+            if (tunnelResult.authenticated) {
+                return {
+                    authenticated: true,
+                    method: 'tunnel',
+                    tunnel: tunnelResult,
+                    user: {
+                        userId: tunnelResult.githubUser || 'tunnel-user',
+                        tenantId: 'github',
+                        roles: ['user'],
+                        permissions: ['browser:read', 'browser:write'],
+                    },
+                };
+            }
+        }
+        // 2. Check Entra ID Bearer token
+        if (this.config.enableEntra) {
+            const user = await this.entraAuth.authenticate(req);
+            if (user) {
+                // Check RBAC roles if configured
+                if (!this.hasRequiredRoles(user)) {
+                    return {
+                        authenticated: false,
+                        method: 'none',
+                        error: 'Insufficient permissions. Required roles: ' + this.config.requiredRoles?.join(', '),
+                    };
+                }
+                return {
+                    authenticated: true,
+                    method: 'entra',
+                    user,
+                };
+            }
+        }
+        // 3. Check API Key (legacy)
+        if (this.config.enableApiKey && this.apiKeyAuth.authenticate(req)) {
+            return {
+                authenticated: true,
+                method: 'api-key',
+                user: {
+                    userId: 'api-key-user',
+                    tenantId: 'local',
+                    roles: ['user'],
+                    permissions: ['browser:read', 'browser:write'],
+                },
+            };
+        }
+        // 4. Check Managed Identity context
+        // This is for Azure-to-Azure calls where the caller is another Azure service
+        if (this.config.enableManagedIdentity && this.managedIdentityInitialized) {
+            // For Azure service-to-service, the token would come in the Bearer header
+            // and be validated through the Entra flow above. This is a fallback
+            // for when we're making outbound calls.
+            return {
+                authenticated: false,
+                method: 'none',
+                error: 'Managed Identity is configured but no valid token provided',
+            };
+        }
+        return {
+            authenticated: false,
+            method: 'none',
+            error: 'No valid authentication provided',
+        };
+    }
+    /**
+     * Express-style middleware
+     */
+    middleware() {
+        return async (req, res, next) => {
+            const result = await this.authenticate(req);
+            if (!result.authenticated) {
+                res.statusCode = 401;
+                res.setHeader('Content-Type', 'application/json');
+                res.end(JSON.stringify({
+                    error: 'unauthorized',
+                    message: result.error || 'Authentication required',
+                    methods_available: this.getAvailableMethods(),
+                }));
+                return;
+            }
+            // Attach auth result to request
+            req.auth = result;
+            req.user = result.user;
+            next();
+        };
+    }
+    /**
+     * Get list of available authentication methods
+     */
+    getAvailableMethods() {
+        const methods = [];
+        if (this.config.enableTunnel)
+            methods.push('VS Code Dev Tunnel');
+        if (this.config.enableEntra)
+            methods.push('Entra ID Bearer Token');
+        if (this.config.enableApiKey)
+            methods.push('API Key (X-API-Key header)');
+        if (this.config.enableManagedIdentity)
+            methods.push('Azure Managed Identity');
+        if (this.config.allowAnonymous)
+            methods.push('Anonymous');
+        return methods;
+    }
+}
+/**
+ * Create a unified authenticator from environment
+ */
+export function createUnifiedAuthenticator(config) {
+    return new UnifiedAuthenticator(config);
+}
+// Re-export all auth modules
+export * from './entraAuth.js';
+export * from './apiKeyAuth.js';
+export * from './tunnelAuth.js';
+export * from './managedIdentityAuth.js';
+export * from './mcpOAuthProvider.js';
+export * from './entraJwtVerifier.js';

package/lib/auth/managedIdentityAuth.js

@@ -0,0 +1,175 @@
+/**
+ * Copyright (c) DarbotLabs.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Azure Managed Identity Authentication
+ *
+ * Enables automatic authentication for Azure services using Managed Identity.
+ * This eliminates the need for API keys or secrets when running in Azure.
+ *
+ * Supports:
+ * - System-assigned Managed Identity
+ * - User-assigned Managed Identity
+ * - Azure Key Vault secret retrieval
+ */
+import { DefaultAzureCredential, ManagedIdentityCredential } from '@azure/identity';
+import { SecretClient } from '@azure/keyvault-secrets';
+// Cached credential instance
+let cachedCredential = null;
+let cachedSecretClient = null;
+/**
+ * Get Azure credential for Managed Identity
+ */
+export function getManagedIdentityCredential(config) {
+    if (cachedCredential)
+        return cachedCredential;
+    if (config.userAssignedClientId) {
+        // User-assigned managed identity
+        cachedCredential = new ManagedIdentityCredential(config.userAssignedClientId);
+    }
+    else {
+        // System-assigned or default credential chain
+        cachedCredential = new DefaultAzureCredential();
+    }
+    return cachedCredential;
+}
+/**
+ * Verify that Managed Identity is available and working
+ */
+export async function verifyManagedIdentity(config) {
+    if (!config.enabled) {
+        return {
+            authenticated: false,
+            identityType: 'none',
+            error: 'Managed Identity is not enabled',
+        };
+    }
+    try {
+        const credential = getManagedIdentityCredential(config);
+        // Try to get a token for Azure Resource Manager to verify identity works
+        const token = await credential.getToken('https://management.azure.com/.default');
+        if (token) {
+            return {
+                authenticated: true,
+                identityType: config.userAssignedClientId ? 'user-assigned' : 'system',
+                clientId: config.userAssignedClientId,
+            };
+        }
+        return {
+            authenticated: false,
+            identityType: 'none',
+            error: 'Failed to acquire token',
+        };
+    }
+    catch (error) {
+        return {
+            authenticated: false,
+            identityType: 'none',
+            error: error.message || 'Managed Identity authentication failed',
+        };
+    }
+}
+/**
+ * Get a secret from Azure Key Vault using Managed Identity
+ */
+export async function getKeyVaultSecret(secretName, config) {
+    if (!config.keyVaultUrl) {
+        // eslint-disable-next-line no-console
+        console.error('[ManagedIdentity] Key Vault URL not configured');
+        return null;
+    }
+    try {
+        if (!cachedSecretClient) {
+            const credential = getManagedIdentityCredential(config);
+            cachedSecretClient = new SecretClient(config.keyVaultUrl, credential);
+        }
+        const secret = await cachedSecretClient.getSecret(secretName);
+        return secret.value || null;
+    }
+    catch (error) {
+        // eslint-disable-next-line no-console
+        console.error(`[ManagedIdentity] Failed to get secret '${secretName}':`, error.message);
+        return null;
+    }
+}
+/**
+ * Load configuration from Key Vault secrets
+ */
+export async function loadSecretsFromKeyVault(config) {
+    const secrets = {};
+    if (!config.keyVaultUrl || !config.enabled)
+        return secrets;
+    // Standard secret names to load
+    const secretNames = [
+        'AZURE-TENANT-ID',
+        'AZURE-CLIENT-ID',
+        'AZURE-CLIENT-SECRET',
+    ];
+    for (const secretName of secretNames) {
+        const value = await getKeyVaultSecret(secretName, config);
+        if (value) {
+            // Convert Key Vault naming (AZURE-TENANT-ID) to env var naming (AZURE_TENANT_ID)
+            const envName = secretName.replace(/-/g, '_');
+            secrets[envName] = value;
+        }
+    }
+    return secrets;
+}
+/**
+ * Create Managed Identity configuration from environment
+ */
+export function createManagedIdentityConfig() {
+    return {
+        enabled: process.env.MANAGED_IDENTITY_ENABLED === 'true' ||
+            process.env.AZURE_USE_MANAGED_IDENTITY === 'true' ||
+            // Auto-detect Azure environment
+            !!process.env.IDENTITY_ENDPOINT,
+        userAssignedClientId: process.env.AZURE_CLIENT_ID_MANAGED_IDENTITY,
+        keyVaultUrl: process.env.AZURE_KEY_VAULT_URL || process.env.KEY_VAULT_URL,
+    };
+}
+/**
+ * Initialize authentication using Managed Identity
+ * Loads secrets from Key Vault and sets environment variables
+ */
+export async function initializeManagedIdentityAuth() {
+    const config = createManagedIdentityConfig();
+    if (!config.enabled) {
+        // eslint-disable-next-line no-console
+        console.error('[ManagedIdentity] Not enabled or not running in Azure');
+        return false;
+    }
+    // Verify Managed Identity is working
+    const verifyResult = await verifyManagedIdentity(config);
+    if (!verifyResult.authenticated) {
+        // eslint-disable-next-line no-console
+        console.error('[ManagedIdentity] Verification failed:', verifyResult.error);
+        return false;
+    }
+    // eslint-disable-next-line no-console
+    console.error(`[ManagedIdentity] Authenticated using ${verifyResult.identityType} identity`);
+    // Load secrets from Key Vault if configured
+    if (config.keyVaultUrl) {
+        const secrets = await loadSecretsFromKeyVault(config);
+        for (const [key, value] of Object.entries(secrets)) {
+            if (!process.env[key]) {
+                process.env[key] = value;
+                // eslint-disable-next-line no-console
+                console.error(`[ManagedIdentity] Loaded ${key} from Key Vault`);
+            }
+        }
+    }
+    return true;
+}

package/lib/auth/mcpOAuthProvider.js

@@ -0,0 +1,186 @@
+/**
+ * Copyright (c) DarbotLabs.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * MCP OAuth Provider using Entra ID as the upstream authorization server.
+ *
+ * This implements the MCP OAuth protocol by proxying to Microsoft Entra ID,
+ * enabling VS Code's MCP client to authenticate users through standard OAuth flow.
+ *
+ * Supports Dynamic Client Registration (RFC 7591) for VS Code compatibility.
+ */
+import crypto from 'node:crypto';
+import { ProxyOAuthServerProvider } from '@modelcontextprotocol/sdk/server/auth/providers/proxyProvider.js';
+import { verifyEntraJwt } from './entraJwtVerifier.js';
+/**
+ * Get Entra ID OAuth endpoints for a given tenant
+ */
+function getEntraEndpoints(tenantId) {
+    const authority = `https://login.microsoftonline.com/${tenantId}`;
+    return {
+        authorizationUrl: `${authority}/oauth2/v2.0/authorize`,
+        tokenUrl: `${authority}/oauth2/v2.0/token`,
+        // We handle dynamic client registration ourselves
+        registrationUrl: undefined,
+        // Entra doesn't have a standard revocation endpoint
+        revocationUrl: undefined,
+    };
+}
+/**
+ * Verify an Entra ID access token and return AuthInfo
+ */
+async function verifyEntraToken(token, config) {
+    const payload = await verifyEntraJwt(token, {
+        tenantId: config.tenantId,
+        clientId: config.clientId,
+        clientSecret: config.clientSecret,
+    });
+    return {
+        token,
+        clientId: config.clientId,
+        scopes: payload.scp?.split(' ') || [],
+        expiresAt: payload.exp ? payload.exp * 1000 : undefined,
+        // Additional user info from token
+        extra: {
+            sub: payload.sub,
+            oid: payload.oid,
+            tid: payload.tid,
+            roles: payload.roles,
+        },
+    };
+}
+/**
+ * In-memory OAuth clients store with dynamic registration support.
+ * This allows VS Code's MCP client to register automatically.
+ */
+class DynamicClientsStore {
+    clients = new Map();
+    config;
+    constructor(config) {
+        this.config = config;
+        // Pre-register our own Azure AD app as a known client
+        this.registerStaticClient(config);
+    }
+    /**
+     * Register the main Azure AD app as a static client
+     */
+    registerStaticClient(config) {
+        this.clients.set(config.clientId, {
+            client_id: config.clientId,
+            client_secret: config.clientSecret,
+            redirect_uris: [
+                // VS Code localhost redirect (accepts any port)
+                'http://127.0.0.1/callback',
+                // VS Code web redirect
+                'https://vscode.dev/redirect',
+                // Azure AD redirect
+                `${config.serverBaseUrl}/auth/callback`,
+            ],
+            grant_types: ['authorization_code', 'refresh_token'],
+            response_types: ['code'],
+            token_endpoint_auth_method: 'client_secret_post',
+            client_name: 'Darbot Browser MCP',
+            scope: 'openid profile email User.Read',
+            client_id_issued_at: Math.floor(Date.now() / 1000),
+        });
+    }
+    /**
+     * Get a registered client by ID
+     */
+    async getClient(clientId) {
+        return this.clients.get(clientId);
+    }
+    /**
+     * Dynamic Client Registration (RFC 7591)
+     * VS Code's MCP client will call this to register itself automatically.
+     * We create a client that proxies to our Entra ID app.
+     */
+    async registerClient(clientMetadata) {
+        // Generate a unique client ID for this dynamically registered client
+        const clientId = `vscode-mcp-${crypto.randomUUID()}`;
+        const clientIdIssuedAt = Math.floor(Date.now() / 1000);
+        // For dynamically registered clients, we use our Entra app's credentials
+        // This is safe because the OAuth flow still goes through Entra ID validation
+        const registeredClient = {
+            ...clientMetadata,
+            client_id: clientId,
+            client_id_issued_at: clientIdIssuedAt,
+            // Use our Entra app's secret - this allows the proxy to work
+            client_secret: this.config.clientSecret,
+            // Ensure proper redirect URIs are set
+            redirect_uris: clientMetadata.redirect_uris || [
+                'http://127.0.0.1/callback',
+                'https://vscode.dev/redirect',
+            ],
+            // Set default grant types if not provided
+            grant_types: clientMetadata.grant_types || ['authorization_code', 'refresh_token'],
+            response_types: clientMetadata.response_types || ['code'],
+            token_endpoint_auth_method: clientMetadata.token_endpoint_auth_method || 'client_secret_post',
+        };
+        this.clients.set(clientId, registeredClient);
+        // eslint-disable-next-line no-console
+        console.error(`[OAuth] Dynamic client registered: ${clientId} (${clientMetadata.client_name || 'unnamed'})`);
+        return registeredClient;
+    }
+}
+/**
+ * Create an MCP OAuth provider that proxies to Entra ID
+ * with support for Dynamic Client Registration
+ */
+export function createMcpOAuthProvider(config) {
+    const endpoints = getEntraEndpoints(config.tenantId);
+    const clientsStore = new DynamicClientsStore(config);
+    const options = {
+        endpoints,
+        verifyAccessToken: async (token) => verifyEntraToken(token, config),
+        getClient: async (clientId) => clientsStore.getClient(clientId),
+    };
+    const provider = new ProxyOAuthServerProvider(options);
+    // Override the clientsStore to enable dynamic registration
+    // The SDK checks clientsStore.registerClient to determine if registration is supported
+    Object.defineProperty(provider, 'clientsStore', {
+        get: () => clientsStore,
+        configurable: true,
+    });
+    // Skip local PKCE validation since Entra handles it
+    provider.skipLocalPkceValidation = true;
+    return provider;
+}
+/**
+ * Check if OAuth is properly configured
+ */
+export function isOAuthConfigured() {
+    return !!(process.env.AZURE_TENANT_ID &&
+        process.env.AZURE_CLIENT_ID &&
+        process.env.AZURE_CLIENT_SECRET);
+}
+/**
+ * Get OAuth configuration from environment
+ */
+export function getOAuthConfig() {
+    const tenantId = process.env.AZURE_TENANT_ID;
+    const clientId = process.env.AZURE_CLIENT_ID;
+    const clientSecret = process.env.AZURE_CLIENT_SECRET;
+    const serverBaseUrl = process.env.SERVER_BASE_URL || 'https://darbot-browser-mcp.azurewebsites.net';
+    if (!tenantId || !clientId || !clientSecret) {
+        return null;
+    }
+    return {
+        tenantId,
+        clientId,
+        clientSecret,
+        serverBaseUrl,
+    };
+}

package/lib/auth/tunnelAuth.js

@@ -0,0 +1,120 @@
+/**
+ * Copyright (c) DarbotLabs.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Check if request is coming through a VS Code dev tunnel
+ */
+export function isDevTunnelRequest(req, config) {
+    if (!config.enabled)
+        return false;
+    // Check X-Forwarded-Host for tunnel domain
+    const forwardedHost = req.headers['x-forwarded-host'];
+    if (forwardedHost) {
+        return config.allowedDomains.some(domain => forwardedHost.endsWith(domain));
+    }
+    // Check Host header
+    const host = req.headers.host;
+    if (host) {
+        return config.allowedDomains.some(domain => host.endsWith(domain));
+    }
+    return false;
+}
+/**
+ * Extract tunnel information from request headers
+ */
+export function extractTunnelInfo(req) {
+    // VS Code dev tunnels add specific headers when proxying requests
+    // X-VS-Tunnel-User: GitHub username
+    // X-VS-Tunnel-Session: Session ID
+    // X-Original-URL: Original URL before tunnel
+    const tunnelUser = req.headers['x-vs-tunnel-user'];
+    const tunnelSession = req.headers['x-vs-tunnel-session'];
+    // Alternative headers that GitHub Codespaces uses
+    const codespaceUser = req.headers['x-github-user'];
+    const forwardedUser = req.headers['x-forwarded-user'];
+    const githubUser = tunnelUser || codespaceUser || forwardedUser;
+    if (githubUser) {
+        return {
+            authenticated: true,
+            githubUser,
+            tunnelId: tunnelSession,
+        };
+    }
+    // If we're in a tunnel but no user header, the tunnel is in public mode
+    // This is acceptable for public tunnels
+    return {
+        authenticated: true,
+        tunnelId: tunnelSession,
+    };
+}
+/**
+ * Authenticate a request from a dev tunnel
+ */
+export async function authenticateTunnelRequest(req, config) {
+    if (!isDevTunnelRequest(req, config)) {
+        return {
+            authenticated: false,
+            error: 'Not a dev tunnel request',
+        };
+    }
+    return extractTunnelInfo(req);
+}
+/**
+ * Create tunnel auth configuration from environment
+ */
+export function createTunnelAuthConfig() {
+    const domains = process.env.TUNNEL_ALLOWED_DOMAINS || '.devtunnels.ms,.tunnels.api.visualstudio.com,.github.dev';
+    return {
+        enabled: process.env.TUNNEL_AUTH_ENABLED === 'true' ||
+            process.env.VS_TUNNEL_ENABLED === 'true' ||
+            // Auto-detect if we're in a tunnel
+            !!process.env.TUNNEL_URL ||
+            !!process.env.CODESPACE_NAME,
+        allowedDomains: domains.split(',').map(d => d.trim()),
+        trustForwardedHeaders: process.env.TRUST_PROXY === 'true' ||
+            process.env.NODE_ENV === 'production',
+    };
+}
+/**
+ * Dev Tunnel Authenticator class for middleware use
+ */
+export class DevTunnelAuthenticator {
+    config;
+    constructor(config) {
+        const defaultConfig = createTunnelAuthConfig();
+        this.config = { ...defaultConfig, ...config };
+    }
+    get enabled() {
+        return this.config.enabled;
+    }
+    /**
+     * Check if request is from a dev tunnel
+     */
+    isTunnelRequest(req) {
+        return isDevTunnelRequest(req, this.config);
+    }
+    /**
+     * Authenticate a tunnel request
+     */
+    async authenticate(req) {
+        return authenticateTunnelRequest(req, this.config);
+    }
+}
+/**
+ * Create a dev tunnel authenticator from environment
+ */
+export function createDevTunnelAuthenticator() {
+    return new DevTunnelAuthenticator();
+}

package/lib/browserContextFactory.js

@@ -1,5 +1,5 @@
 /**
- * Copyright (c) Microsoft Corporation.
+ * Copyright (c) DarbotLabs.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.