Fix: Allow Puppeteer to run as root

[hannesrudolph]

Closes #2537
This is a jules test
This commit addresses an issue where RooCode, when running as a remote SSH plugin as root, was unable to fetch HTTP pages. The problem stemmed from Puppeteer's default security measure that prevents it from running as root without the --no-sandbox flag.

The solution involves modifying the launchBrowser method in src/services/browser/UrlContentFetcher.ts. The code now checks if the current user is root (UID 0). If so, it adds the --no-sandbox flag to the Puppeteer launch arguments, allowing it to operate correctly in a root environment.

Additionally, I've added unit tests to src/services/browser/__tests__/UrlContentFetcher.test.ts to verify this new behavior. The tests mock process.getuid() to simulate both root and non-root users, ensuring that the --no-sandbox flag is conditionally added as expected and that URL fetching remains functional.

Related GitHub Issue

Closes: #

Description

Test Procedure

Type of Change

• 🐛 Bug Fix: Non-breaking change that fixes an issue.
• ✨ New Feature: Non-breaking change that adds functionality.
• 💥 Breaking Change: Fix or feature that would cause existing functionality to not work as expected.
• ♻️ Refactor: Code change that neither fixes a bug nor adds a feature.
• 💅 Style: Changes that do not affect the meaning of the code (white-space, formatting, etc.).
• 📚 Documentation: Updates to documentation files.
• ⚙️ Build/CI: Changes to the build process or CI configuration.
• 🧹 Chore: Other changes that don't modify src or test files.

Pre-Submission Checklist

• Issue Linked: This PR is linked to an approved GitHub Issue (see "Related GitHub Issue" above).
• Scope: My changes are focused on the linked issue (one major feature/fix per PR).
• Self-Review: I have performed a thorough self-review of my code.
• Code Quality:
  • My code adheres to the project's style guidelines.
  • There are no new linting errors or warnings (npm run lint).
  • All debug code (e.g., console.log) has been removed.
• Testing:
  • New and/or updated tests have been added to cover my changes.
  • All tests pass locally (npm test).
  • The application builds successfully with my changes.
• Branch Hygiene: My branch is up-to-date (rebased) with the main branch.
• Documentation Impact: I have considered if my changes require documentation updates (see "Documentation Updates" section below).
• Changeset: A changeset has been created using npm run changeset if this PR includes user-facing changes or dependency updates.
• Contribution Guidelines: I have read and agree to the Contributor Guidelines.

Screenshots / Videos

Documentation Updates

Additional Notes

Get in Touch

---

Important

Fixes Puppeteer root execution by adding --no-sandbox flag in UrlContentFetcher.ts and tests in UrlContentFetcher.test.ts.

• Behavior:
  • Modify launchBrowser in UrlContentFetcher.ts to add --no-sandbox flag if running as root (UID 0).
  • Ensures Puppeteer can fetch HTTP pages when running as root.
• Testing:
  • Add unit tests in UrlContentFetcher.test.ts to verify --no-sandbox flag is added for root users and not for non-root users.
  • Tests mock process.getuid() to simulate different user environments.
  • Verify URL fetching and conversion to markdown functionality.

^{This description was created by for b0123bc. You can customize this summary. It will automatically update as commits are pushed.}

[daniel-lxs]

This is too risky. Running Chrome without sandbox as root means any malicious website could take over the entire system.

The real problem is running Roo Code/VSCode as root in the first place. We shouldn't enable bad security practices. Instead, users should create a regular user account for development and only use sudo when absolutely necessary.

If we really need to support running Roo Code as root, at least make it opt-in with a big warning about the security risks. But honestly, we should just tell people to stop running Roo Code as root and help them set up a proper non-root environment instead.

Let's not make it easier for people to shoot themselves in the foot.