From 014a51bd6f9af4747612b1663d37465244fbd70e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Furkan=20K=C3=B6yk=C4=B1ran?= <furkankoykiran@gmail.com>
Date: Fri, 8 May 2026 02:10:58 +0300
Subject: [PATCH] fix(browser): add --no-sandbox for root user on Linux/WSL2

Chromium's sandbox can't initialize when running as root on Linux,
causing an immediate exit. Extend the existing CI/CONTAINER check to
also cover this case, keeping the Windows-safe `typeof getuid` guard.
---
 browse/src/browser-manager.ts | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/browse/src/browser-manager.ts b/browse/src/browser-manager.ts
index f5a3121db9..7791ef7f2b 100644
--- a/browse/src/browser-manager.ts
+++ b/browse/src/browser-manager.ts
@@ -182,10 +182,11 @@ export class BrowserManager {
     const launchArgs: string[] = [];
     let useHeadless = true;
 
-    // Docker/CI: Chromium sandbox requires unprivileged user namespaces which
-    // are typically disabled in containers. Detect container environment and
-    // add --no-sandbox automatically.
-    if (process.env.CI || process.env.CONTAINER) {
+    // Docker/CI/root: Chromium sandbox requires unprivileged user namespaces which
+    // are typically disabled in containers and are never available for the root
+    // user on Linux. Detect all three cases and add --no-sandbox automatically.
+    const isRoot = typeof process.getuid === 'function' && process.getuid() === 0;
+    if (process.env.CI || process.env.CONTAINER || isRoot) {
       launchArgs.push('--no-sandbox');
     }