From 1e7ddb15d1f08f377bef7d9e2e8670ecea41000d Mon Sep 17 00:00:00 2001
From: Tiege Bentley <secondbrain189@gmail.com>
Date: Sat, 23 May 2026 15:39:00 +0000
Subject: [PATCH] fix(desktop): support --no-sandbox when launched as uid 0

Two Chrome/Chromium spawn sites in the desktop app crash with
"Running as root without --no-sandbox is not supported" on the first
launch attempt:

  1. apps/desktop/scripts/dev.cjs spawns Electron via electron-vite.
  2. apps/desktop/src/main/preview-runtime.ts spawns Chrome via
     puppeteer to render preview artifacts (used by 9 vitest cases).

This makes `pnpm dev` unusable and the preview-runtime test file fail
9 of 17 cases in any root-running environment (containers, dev VMs,
most CI images). The macOS/Windows/user-mode-Linux launch paths are
unaffected.

The dev wrapper now sets NO_SANDBOX=1 when uid is 0; electron-vite
already reads this env var and forwards --no-sandbox to Electron.
The preview-runtime launch args conditionally append --no-sandbox
under the same uid check.
---
 apps/desktop/scripts/dev.cjs             | 8 ++++++++
 apps/desktop/src/main/preview-runtime.ts | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/apps/desktop/scripts/dev.cjs b/apps/desktop/scripts/dev.cjs
index 05ed87c4..9dfd981a 100644
--- a/apps/desktop/scripts/dev.cjs
+++ b/apps/desktop/scripts/dev.cjs
@@ -10,6 +10,14 @@ const env = { ...process.env };
 // so Electron behaves like Node. The desktop dev app must launch real Electron.
 env.ELECTRON_RUN_AS_NODE = undefined;
 
+// Electron exits fatally when launched as uid 0 unless --no-sandbox is passed.
+// Containers, dev VMs, and CI runners commonly run as root; without this they
+// can never `pnpm dev` at all. electron-vite reads NO_SANDBOX=1 and forwards
+// --no-sandbox to the spawned Electron process (see electron-vite/dist startElectron).
+if (process.getuid && process.getuid() === 0 && !env.NO_SANDBOX) {
+  env.NO_SANDBOX = '1';
+}
+
 const child = spawn(process.execPath, [electronViteBin, 'dev', ...process.argv.slice(2)], {
   env,
   stdio: ['inherit', 'inherit', 'pipe'],
diff --git a/apps/desktop/src/main/preview-runtime.ts b/apps/desktop/src/main/preview-runtime.ts
index bbac0de1..d4783957 100644
--- a/apps/desktop/src/main/preview-runtime.ts
+++ b/apps/desktop/src/main/preview-runtime.ts
@@ -118,6 +118,10 @@ export async function runPreview(opts: RunPreviewOptions): Promise<PreviewResult
         // dialogs that would otherwise stall the launch handshake.
         '--no-first-run',
         '--no-default-browser-check',
+        // Chrome's zygote refuses to start as uid 0 without this. Containers,
+        // dev VMs, and CI runners frequently run as root; gating to root keeps
+        // the production launch path unchanged on macOS/Windows/user-mode Linux.
+        ...(process.getuid?.() === 0 ? ['--no-sandbox'] : []),
       ],
     });
     page = await browser.newPage();