feat: add database, security, and VCS distillers with registry integration and snapshot tests

Author: fajarhide

src/distillers/database.rs

@@ -0,0 +1,134 @@
+use crate::distillers::Distiller;
+use crate::pipeline::{OutputSegment, SignalTier};
+
+pub struct DatabaseDistiller;
+
+impl Distiller for DatabaseDistiller {
+    fn distill(
+        &self,
+        segments: &[OutputSegment],
+        input: &str,
+        _session: Option<&crate::pipeline::SessionState>,
+    ) -> String {
+        // Detect apakah ini query result, error, atau migration output
+        if input.contains("ERROR:") || input.contains("FATAL:") || input.contains("error:") {
+            distill_db_error(input)
+        } else if input.contains("rows)") || input.contains("row)") || looks_like_table(input) {
+            distill_query_result(input)
+        } else {
+            distill_db_generic(segments, input)
+        }
+    }
+}
+
+fn distill_db_error(input: &str) -> String {
+    let mut errors: Vec<String> = vec![];
+    let mut hint: Option<String> = None;
+    let mut position: Option<String> = None;
+
+    for line in input.lines() {
+        let l = line.trim();
+        if l.contains("ERROR:") || l.contains("FATAL:") || l.contains("error:") {
+            errors.push(l.to_string());
+        } else if l.starts_with("HINT:") || l.starts_with("DETAIL:") {
+            hint = Some(l.to_string());
+        } else if l.starts_with("LINE ") || l.starts_with("POSITION:") {
+            position = Some(l.to_string());
+        }
+    }
+
+    let mut out = format!("DB Error ({} found):\n", errors.len());
+    for e in errors.iter().take(3) {
+        out.push_str(e);
+        out.push('\n');
+    }
+    if let Some(p) = position {
+        out.push_str(&p);
+        out.push('\n');
+    }
+    if let Some(h) = hint {
+        out.push_str(&h);
+        out.push('\n');
+    }
+    out.trim().to_string()
+}
+
+fn distill_query_result(input: &str) -> String {
+    let lines: Vec<&str> = input.lines().collect();
+    let total = lines.len();
+
+    // Cari baris "N rows"
+    let row_summary = lines
+        .iter()
+        .rev()
+        .take(5)
+        .find(|l| l.contains("row") && (l.contains('(') || l.trim().parse::<usize>().is_ok()))
+        .map(|l| l.trim().to_string());
+
+    // Header (kolom) biasanya baris pertama non-empty
+    let header = lines
+        .iter()
+        .find(|l| !l.trim().is_empty() && !l.starts_with('-') && !l.starts_with('('))
+        .map(|l| l.trim().to_string());
+
+    let mut out = String::new();
+    if let Some(h) = &header {
+        out.push_str(&format!("Query result columns: {}\n", h));
+    }
+    if let Some(summary) = row_summary {
+        out.push_str(&format!("Result: {}\n", summary));
+    } else {
+        out.push_str(&format!("Result: {} lines output\n", total));
+    }
+    // Show first 3 data rows as sample
+    let data_rows: Vec<&str> = lines
+        .iter()
+        .filter(|l| !l.trim().is_empty() && !l.starts_with('-') && !l.starts_with('('))
+        .skip(1) // skip header
+        .take(3)
+        .copied()
+        .collect();
+    if !data_rows.is_empty() {
+        out.push_str("Sample rows:\n");
+        for row in &data_rows {
+            out.push_str(row);
+            out.push('\n');
+        }
+        if total > data_rows.len() + 2 {
+            out.push_str(&format!(
+                "  ... [{} more rows]\n",
+                total - data_rows.len() - 2
+            ));
+        }
+    }
+    out.trim().to_string()
+}
+
+fn distill_db_generic(segments: &[OutputSegment], _input: &str) -> String {
+    let errors: Vec<&str> = segments
+        .iter()
+        .filter(|s| s.tier == SignalTier::Critical)
+        .map(|s| s.content.as_str())
+        .collect();
+    if errors.is_empty() {
+        format!("DB: ok ({} lines output)", segments.len())
+    } else {
+        format!(
+            "DB errors: {}\n{}",
+            errors.len(),
+            errors
+                .iter()
+                .take(5)
+                .cloned()
+                .collect::<Vec<_>>()
+                .join("\n")
+        )
+    }
+}
+
+fn looks_like_table(input: &str) -> bool {
+    input
+        .lines()
+        .take(5)
+        .any(|l| l.contains(" | ") || l.starts_with("---"))
+}

src/distillers/mod.rs

@@ -2,11 +2,14 @@ use crate::pipeline::OutputSegment;
 
 pub mod build;
 pub mod cloud;
+pub mod database;
 pub mod generic;
 pub mod git;
 pub mod jsts;
+pub mod security;
 pub mod system_ops;
 pub mod test;
+pub mod vcs;
 
 pub trait Distiller: Send + Sync {
     fn distill(
@@ -42,6 +45,43 @@ pub fn distill_with_command(
         return git::GitDistiller.distill(segments, input, session);
     }
 
+    // Database tools
+    if matches!(base, "psql" | "mysql" | "sqlite3" | "pg_dump" | "redis-cli") {
+        return database::DatabaseDistiller.distill(segments, input, session);
+    }
+
+    // Security scanners
+    if matches!(
+        base,
+        "semgrep" | "trivy" | "snyk" | "hadolint" | "gosec" | "bandit"
+    ) {
+        return security::SecurityDistiller.distill(segments, input, session);
+    }
+
+    // GitHub/VCS CLIs
+    if matches!(base, "gh" | "hub" | "glab") {
+        return vcs::VcsDistiller.distill(segments, input, session);
+    }
+
+    // Java/JVM — use BuildDistiller (sudah ada)
+    if matches!(
+        base,
+        "java" | "javac" | "mvn" | "mvnw" | "gradle" | "gradlew"
+    ) {
+        if cmd_lower.contains("test") {
+            return test::TestDistiller.distill(segments, input, session);
+        }
+        return build::BuildDistiller.distill(segments, input, session);
+    }
+
+    // Flutter/Dart
+    if matches!(base, "flutter" | "dart") {
+        if cmd_lower.contains("test") || cmd_lower.contains("analyze") {
+            return test::TestDistiller.distill(segments, input, session);
+        }
+        return build::BuildDistiller.distill(segments, input, session);
+    }
+
     // Build tools → BuildDistiller
     if matches!(
         base,
@@ -238,4 +278,15 @@ mod tests {
         "playwright test"
     );
     snapshot_test!(test_jsts_eslint, "eslint_errors.txt", "eslint");
+
+    snapshot_test!(
+        test_database_psql_error,
+        "psql_error.txt",
+        "psql -U postgres mydb"
+    );
+    snapshot_test!(
+        test_security_trivy_scan,
+        "trivy_output.txt",
+        "trivy image myapp:latest"
+    );
 }

src/distillers/security.rs

@@ -0,0 +1,58 @@
+use crate::distillers::Distiller;
+use crate::pipeline::OutputSegment;
+
+pub struct SecurityDistiller;
+
+impl Distiller for SecurityDistiller {
+    fn distill(
+        &self,
+        _segments: &[OutputSegment],
+        input: &str,
+        _session: Option<&crate::pipeline::SessionState>,
+    ) -> String {
+        let mut critical_findings: Vec<String> = vec![];
+        let mut high_findings: Vec<String> = vec![];
+        let mut medium_count = 0usize;
+        let mut low_count = 0usize;
+
+        for line in input.lines() {
+            let l = line.trim();
+            // Semgrep, trivy, snyk format detection
+            if l.contains("CRITICAL") || l.contains("critical") {
+                critical_findings.push(l.to_string());
+            } else if l.contains("HIGH") || l.contains("high") {
+                high_findings.push(l.to_string());
+            } else if l.contains("MEDIUM") || l.contains("medium") {
+                medium_count += 1;
+            } else if l.contains("LOW") || l.contains("low") {
+                low_count += 1;
+            }
+        }
+
+        let total_critical = critical_findings.len();
+        let total_high = high_findings.len();
+
+        if total_critical == 0 && total_high == 0 && medium_count == 0 {
+            return "Security scan: no issues found ✓".to_string();
+        }
+
+        let mut out = format!(
+            "Security scan: {} CRITICAL, {} HIGH, {} MEDIUM, {} LOW\n",
+            total_critical, total_high, medium_count, low_count
+        );
+
+        for f in critical_findings.iter().take(5) {
+            out.push_str(&format!("  🔴 {}\n", f));
+        }
+        for f in high_findings.iter().take(3) {
+            out.push_str(&format!("  🟠 {}\n", f));
+        }
+        if total_critical + total_high > 8 {
+            out.push_str(&format!(
+                "  ... [{} more findings]\n",
+                total_critical + total_high - 8
+            ));
+        }
+        out.trim().to_string()
+    }
+}

src/distillers/snapshots/omni__distillers__tests__database_psql_error.snap

@@ -0,0 +1,6 @@
+---
+source: src/distillers/mod.rs
+expression: output
+---
+DB Error (1 found):
+psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL:  role "myuser" does not exist

src/distillers/snapshots/omni__distillers__tests__security_trivy_scan.snap

@@ -0,0 +1,8 @@
+---
+source: src/distillers/mod.rs
+expression: output
+---
+Security scan: 2 CRITICAL, 1 HIGH, 0 MEDIUM, 1 LOW
+  🔴 Total: 3 (CRITICAL: 1, HIGH: 1, MEDIUM: 0, LOW: 1)
+  🔴 CRITICAL CVE-2023-1234 libssl vulnerabilities found
+  🟠 HIGH CVE-2023-5678 libcrypto issue detected

src/distillers/vcs.rs

@@ -0,0 +1,31 @@
+use crate::distillers::Distiller;
+use crate::pipeline::OutputSegment;
+
+pub struct VcsDistiller;
+
+impl Distiller for VcsDistiller {
+    fn distill(
+        &self,
+        _segments: &[OutputSegment],
+        input: &str,
+        _session: Option<&crate::pipeline::SessionState>,
+    ) -> String {
+        let lines: Vec<&str> = input.lines().filter(|l| !l.trim().is_empty()).collect();
+        let total = lines.len();
+
+        if total <= 10 {
+            return input.trim().to_string();
+        }
+
+        // PR/Issue list — show first 10, summarize rest
+        let shown: Vec<&str> = lines.iter().take(10).copied().collect();
+        let mut out = shown.join("\n");
+        if total > 10 {
+            out.push_str(&format!(
+                "\n... [{} more items — use --limit to see more]",
+                total - 10
+            ));
+        }
+        out
+    }
+}