diff --git a/apps/desktop/scripts/dev.cjs b/apps/desktop/scripts/dev.cjs
index 05ed87c4..9dfd981a 100644
--- a/apps/desktop/scripts/dev.cjs
+++ b/apps/desktop/scripts/dev.cjs
@@ -10,6 +10,14 @@ const env = { ...process.env };
 // so Electron behaves like Node. The desktop dev app must launch real Electron.
 env.ELECTRON_RUN_AS_NODE = undefined;
 
+// Electron exits fatally when launched as uid 0 unless --no-sandbox is passed.
+// Containers, dev VMs, and CI runners commonly run as root; without this they
+// can never `pnpm dev` at all. electron-vite reads NO_SANDBOX=1 and forwards
+// --no-sandbox to the spawned Electron process (see electron-vite/dist startElectron).
+if (process.getuid && process.getuid() === 0 && !env.NO_SANDBOX) {
+  env.NO_SANDBOX = '1';
+}
+
 const child = spawn(process.execPath, [electronViteBin, 'dev', ...process.argv.slice(2)], {
   env,
   stdio: ['inherit', 'inherit', 'pipe'],
diff --git a/apps/desktop/src/main/preview-runtime.ts b/apps/desktop/src/main/preview-runtime.ts
index bbac0de1..d4783957 100644
--- a/apps/desktop/src/main/preview-runtime.ts
+++ b/apps/desktop/src/main/preview-runtime.ts
@@ -118,6 +118,10 @@ export async function runPreview(opts: RunPreviewOptions): Promise<PreviewResult
         // dialogs that would otherwise stall the launch handshake.
         '--no-first-run',
         '--no-default-browser-check',
+        // Chrome's zygote refuses to start as uid 0 without this. Containers,
+        // dev VMs, and CI runners frequently run as root; gating to root keeps
+        // the production launch path unchanged on macOS/Windows/user-mode Linux.
+        ...(process.getuid?.() === 0 ? ['--no-sandbox'] : []),
       ],
     });
     page = await browser.newPage();