From 4ba89d4f49e60906eb96f52afc05503d051dacb3 Mon Sep 17 00:00:00 2001
From: Garry Tan <garrytan@gmail.com>
Date: Mon, 23 Mar 2026 16:50:19 -0700
Subject: [PATCH] fix: add --no-sandbox for Chromium in CI/container
 environments

Chromium's sandbox requires unprivileged user namespaces which are
disabled in Docker containers. Without --no-sandbox, Chromium silently
fails to launch, causing browse E2E tests to exhaust all turns trying
to start the server.

Detects CI or CONTAINER env vars and adds --no-sandbox automatically.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 browse/src/browser-manager.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/browse/src/browser-manager.ts b/browse/src/browser-manager.ts
index 06fb64ee..caaa5e86 100644
--- a/browse/src/browser-manager.ts
+++ b/browse/src/browser-manager.ts
@@ -69,6 +69,13 @@ export class BrowserManager {
     const launchArgs: string[] = [];
     let useHeadless = true;
 
+    // Docker/CI: Chromium sandbox requires unprivileged user namespaces which
+    // are typically disabled in containers. Detect container environment and
+    // add --no-sandbox automatically.
+    if (process.env.CI || process.env.CONTAINER) {
+      launchArgs.push('--no-sandbox');
+    }
+
     if (extensionsDir) {
       launchArgs.push(
         `--disable-extensions-except=${extensionsDir}`,