fix: address Copilot review feedback on #937

Two comments from Copilot on PR #937, both addressed:

1. safeTick now includes the recovered panic value's type and a
   runtime/debug.Stack() dump. Since safeTick intentionally swallows all
   panics — including latent invariant bugs — the log must carry enough
   context to diagnose the bug from the log alone; repeated occurrences
   surface the problem via the stack, not just the message.

2. cr.tick() now ends its trace cycle via defer with a completion
   sentinel (matching the startup block). Previously, a panic inside
   tick() would be recovered by safeTick but the trace cycle would
   never call end(), orphaning the record. Now the trace closes as
   Aborted on panic or Completed on normal exit.

Unit test updated to assert the type and stack trace appear in the log.

Author: sjarmak

cmd/gc/city_runtime.go

@@ -6,6 +6,7 @@ import (
 	"io"
 	"os"
 	"path/filepath"
+	"runtime/debug"
 	"strings"
 	"sync"
 	"sync/atomic"
@@ -446,8 +447,12 @@ func (cr *CityRuntime) run(ctx context.Context) {
 func (cr *CityRuntime) safeTick(fn func(), trigger string) {
 	defer func() {
 		if r := recover(); r != nil {
-			fmt.Fprintf(cr.stderr, "%s: reconciler tick panicked (trigger=%s): %v\n", //nolint:errcheck // best-effort stderr
-				cr.logPrefix, trigger, r)
+			// Include the recovered type and a stack trace so a latent
+			// invariant bug (e.g. nil deref) is diagnosable from the log
+			// alone — crucial because safeTick intentionally swallows
+			// the panic and the bug may only surface via repetition.
+			fmt.Fprintf(cr.stderr, "%s: reconciler tick panicked (trigger=%s): %v (type=%T)\n%s\n", //nolint:errcheck // best-effort stderr
+				cr.logPrefix, trigger, r, r, debug.Stack())
 		}
 	}()
 	fn()
@@ -466,6 +471,15 @@ func (cr *CityRuntime) tick(
 ) {
 	sessionBeads := cr.loadSessionBeadSnapshot()
 	trace := cr.beginTraceCycle(trigger, "controller_tick", sessionBeads)
+	// End the trace via defer so a panic recovered by safeTick still
+	// closes the cycle (aborted). completion flips to Completed at the
+	// normal end of the tick body below.
+	completion := TraceCompletionAborted
+	defer func() {
+		if trace != nil {
+			trace.end(completion, traceRecordPayload{"phase": "tick", "trigger": trigger})
+		}
+	}()
 	// Detect pool instance deaths since last tick.
 	if len(cr.poolDeathHandlers) > 0 {
 		currentRunning, _ := cr.sp.ListRunning("")
@@ -551,9 +565,7 @@ func (cr *CityRuntime) tick(
 
 	// Convergence tick: process active convergence loops.
 	cr.convergenceTick(ctx)
-	if trace != nil {
-		trace.end(TraceCompletionCompleted, traceRecordPayload{"phase": "tick", "trigger": trigger})
-	}
+	completion = TraceCompletionCompleted
 }
 
 // reloadConfig attempts to reload city.toml and update all internal

cmd/gc/city_runtime_test.go

@@ -1404,6 +1404,12 @@ func TestCityRuntimeSafeTick_RecoversFromPanicAndLogsTrigger(t *testing.T) {
 	if !strings.Contains(got, "simulated dolt eof cascade") {
 		t.Errorf("stderr = %q, want to contain panic payload", got)
 	}
+	if !strings.Contains(got, "type=string") {
+		t.Errorf("stderr = %q, want to contain panic value type (helps distinguish errors from strings)", got)
+	}
+	if !strings.Contains(got, "goroutine ") {
+		t.Errorf("stderr = %q, want to contain a stack trace so latent bugs stay diagnosable", got)
+	}
 }
 
 // safeTick must forward normal (non-panicking) returns unchanged so the