Passkey Flow Visualizer
Step-by-step walkthrough of WebAuthn registration and authentication ceremonies. Each step is annotated with the relevant byte structures and the AmbiSecure decoder you would use to inspect them. Annotation only — no live ceremony runs.
Ceremony
All decoding runs locally.
About WebAuthn ceremonies
Two ceremonies make up the WebAuthn surface: navigator.credentials.create() for registration (fresh keypair + attestation) and .get() for authentication (signed assertion). The browser binds both to the relying-party origin; that binding is what kills the entire phishing class.
Spec
W3C WebAuthn Level 2 §4–6.