fix: SQL Explorer handles comments and shows descriptive errors

- Strip SQL comments (-- and /* */) before checking for SELECT,
  so queries with leading comments don't get rejected
- Show the actual error detail from the API response instead of
  generic 'API error 400' in the SQL Explorer UI

frontend/src/pages/SqlExplorer.tsx

@@ -53,7 +53,11 @@ export function SqlExplorerPage() {
   const executeMutation = useMutation({
     mutationFn: (sqlText: string) => apiPost<QueryResult>('query', '/api/analytics/pg-query', { sql: sqlText, limit: 1000 }),
     onSuccess: (data) => { setResult(data); setError(null); },
-    onError: (err: Error) => { setError(err.message); setResult(null); },
+    onError: (err: Error) => {
+      const detail = (err as { body?: { detail?: string } }).body?.detail;
+      setError(detail || err.message);
+      setResult(null);
+    },
   });
 
   const saveMutation = useMutation({

services/api/app.py

@@ -1712,7 +1712,12 @@ async def pg_query(body: dict[str, Any]):
     limit = min(int(body.get("limit", 1000)), 10000)
 
     # Safety: only allow SELECT statements
-    if not sql.upper().startswith("SELECT"):
+    # Strip SQL comments (-- and /* */) and whitespace before checking
+    import re
+    stripped = re.sub(r'--[^\n]*', '', sql)  # remove -- comments
+    stripped = re.sub(r'/\*.*?\*/', '', stripped, flags=re.DOTALL)  # remove /* */ comments
+    stripped = stripped.strip()
+    if not stripped.upper().startswith("SELECT"):
         raise HTTPException(400, "Only SELECT queries are allowed")
 
     # Add LIMIT if not present