toggle cursor visibility

[mateoCuervo]

Checklist

• A link to a related issue in our repository: https://linear.app/onkernel/issue/KERNEL-443/api-expose-option-to-hide-remote-browser-cursor-in-api
• A description of the changes proposed in the pull request.
• @mentions of the person or team responsible for reviewing proposed changes.

---

Note

Introduces POST /computer/cursor to hide/show the cursor via unclutter, updates OpenAPI and generated client/server code, adds runtime dependency and docs for local testing.

• API/Backend:
  • New endpoint POST /computer/cursor with SetCursorRequest { hidden: boolean } to hide/show the cursor.
  • Implements SetCursor in server/cmd/api/api/computer.go (kills existing unclutter, optionally starts new with DISPLAY, idle=0, large jitter).
  • Updates generated OAPI code: models, client methods, server handlers, routing, and response parsers; embeds updated swagger.
• Images:
  • Adds unclutter to runtime packages in images/chromium-headful/Dockerfile.
  • Minor build script: logs image index/name in build-unikernel.sh.
• Docs:
  • Adds images/README.md with local testing steps and example curl for the new endpoint.

^{Written by Cursor Bugbot for commit 51ef3a0. This will update automatically on new commits. Configure here.}

[mesa-dot-dev]

Mesa Description

Checklist

• A link to a related issue in our repository: https://linear.app/onkernel/issue/KERNEL-443/api-expose-option-to-hide-remote-browser-cursor-in-api
• A description of the changes proposed in the pull request.
• @mentions of the person or team responsible for reviewing proposed changes.

This PR introduces a new API endpoint to programmatically toggle the visibility of the cursor in the remote browser.

Summary of Changes

• New API Endpoint: Added POST /computer/cursor to show or hide the cursor.
  • The implementation in server/cmd/api/api/computer.go uses the unclutter utility to manage cursor visibility.
  • OpenAPI specs and the generated Go client in server/lib/oapi/oapi.go have been updated accordingly.
• Docker Image: The unclutter package is now installed in the chromium-headful Docker image to support this functionality.
• Documentation & Tooling:
  • Added a README.md in images/chromium-headful/ with instructions for testing the new endpoint.
  • The unikernel build script was updated to print the image name during packaging for better visibility.

^{Description generated by Mesa. Update settings}

[cursor]

Bug: Bug

The SetCursor function hard-codes the DISPLAY environment variable to :1 for the unclutter command. This is inconsistent with other functions in the file, such as TakeScreenshot, which dynamically resolve the display using s.resolveDisplayFromEnv(). This could cause unclutter to fail or target the wrong display if the system's display configuration is not :1.

 

[Sayan-]

==

we have a config that should be used https://github.com/onkernel/kernel-images/blob/ce469829c779a1f26647c6373c2a55b3597e69ec/server/cmd/config/config.go#L16

[mesa-dot-dev]

Performed full review of a0dca70...01c20fd

Analysis

1. Root privilege usage for cursor management introduces potential security risks - the system is running unclutter with root privileges (UID/GID 0), which could become a security issue if input validation is insufficient or if the command execution isn't properly isolated.

2. Platform dependency on Linux-specific unclutter utility creates a portability limitation that may affect cross-platform compatibility and could require alternative implementations for other operating systems.

3. System call approach for cursor management introduces a shell command dependency instead of using more direct APIs, which could be fragile if the underlying utility changes behavior across versions.

4. Process lifecycle management adds complexity - the solution needs to carefully track and clean up external processes, which introduces potential failure modes if processes aren't properly terminated.

Tip

Help

Configure your agents

Mesa Docs

Slash Commands:

• /review - Request a full code review
• /review latest - Review only changes since the last review
• /describe - Generate PR description. This will update the PR body or issue comment depending on your configuration
• /help - Get help with Mesa commands and configuration options

^{4 files reviewed | 0 comments | Edit Agent Settings}

[cursor]

Bug: Inconsistent Display Handling Causes Unclutter Failures

The SetCursor function hardcodes DISPLAY=:1 for unclutter, which is inconsistent with other display resolution methods and may cause cursor hiding to fail. The unclutter process is also started without being waited on, potentially creating zombie processes. Additionally, pkill's error handling broadly interprets exit code 1 as 'no processes found,' which could mask other failures.

 

[mateoCuervo]

@Sayan- can you enumerate the steps you did on your side. For docu completeness. Trying to reduce friction for future devs trying to test kernel-images locally

[Sayan-]

since this is public repo we should remove instructions for internal dev please!

[Sayan-]

still needs to be addressed!

[Sayan-]

overall looks good. I agree with bugbot + pending merge conflicts!

[Sayan-]

since this is public repo we should remove instructions for internal dev please!

[Sayan-]

==

we have a config that should be used https://github.com/onkernel/kernel-images/blob/ce469829c779a1f26647c6373c2a55b3597e69ec/server/cmd/config/config.go#L16

[cursor]

Bug: Hide Internal Dev Instructions from Public Readme (Bugbot Rules)

The README contains internal development instructions including internal infrastructure details (IP address 3.91.184.17, hostnames, and internal endpoints). According to the PR discussion, "@Sayan-: since this is public repo we should remove instructions for internal dev please!", these internal instructions should not be in a public repository as they expose internal infrastructure information.

 

[Sayan-]

== this should be removed!

[Sayan-]

api changes look great! please clean up the readme and we'll be good to go!

[Sayan-]

== this should be removed!

[Sayan-]

still needs to be addressed!