fix: crash-proofing + small robustness fixes

- pool.js: add pool.on('error') handler — an idle-client error (DB restart /
  .215 failover) previously crashed the process (no 'error' listener → throw)
- context tool: project a SAFE_COLUMNS allow-list for resources (never the
  monitoring/metadata JSON blobs); also add 'resource' to TABLE (was unhandled)
- applyPendingChange: guard the 'upsert' arm so a non-upsertable entity_type
  fails with a clear ValidationError instead of a bare TypeError

Tests: pool_error, context (resource case), pending_extended_actions (guard).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

lib/ai/agent/tools/context.js

@@ -1,6 +1,13 @@
 import { pool } from '../../../db/pool.js';
 
-const TABLE = { page: 'pages', ref: 'refs', task: 'tasks', project: 'projects', space: 'spaces' };
+const TABLE = { page: 'pages', ref: 'refs', task: 'tasks', project: 'projects', space: 'spaces', resource: 'resources' };
+
+// Explicit column projection per entity type (defaults to '*'). Resources carry
+// monitoring/metadata JSON that can hold connection hints / vault_path pointers,
+// so we never surface those blobs to an agent — see docs/security-sweep-2026-06-01.md.
+const SAFE_COLUMNS = {
+  resource: 'id, space_id, slug, name, runtime_type, host, url, version, status, last_check, maintenance_until'
+};
 
 export const contextTool = {
   name: 'context',
@@ -13,7 +20,8 @@ export const contextTool = {
     }
     const table = TABLE[view.entityType];
     if (!table) return { entityType: view.entityType, entityId: view.entityId, note: 'unrecognised entity type' };
-    const { rows: [row] } = await pool.query(`SELECT * FROM ${table} WHERE id=$1`, [view.entityId]);
+    const cols = SAFE_COLUMNS[view.entityType] || '*';
+    const { rows: [row] } = await pool.query(`SELECT ${cols} FROM ${table} WHERE id=$1`, [view.entityId]);
     if (!row) return { entityType: view.entityType, entityId: view.entityId, error: 'not found' };
     return { entityType: view.entityType, ...row };
   }