runtime: implement cow-api, chain, local-store host backends

[brunota20]

Draft, opening for early visibility — happy to revise scope or split further.

Context: Bleu has been working on the same M2 deliverables (TWAP + EthFlow + cow-api host) in a parallel repo (bleu/shepherd) on a raw-FFI ABI that predated this repo. Once we saw the Nexum/Component-Model architecture here, the right move was to port the CoW Protocol logic onto your contract rather than continue two parallel runtimes. This PR is that port — only the pieces that fit the WIT contract you've already shipped; the raw-FFI side stays in our repo as a reference implementation.

What this lands

Replaces the 0.2 Unsupported stubs for cow-api, chain, and local-store with working backends. Each capability lives in its own host submodule (crates/nexum-engine/src/host/{cow_orderbook,provider_pool,local_store_redb}.rs) so the trait impls in main.rs stay thin and the backends are unit-testable without a wasmtime store.

cow_api

Function	Implementation
request(chain_id, method, path, body)	REST passthrough. Base URL is whichever URL the pool's OrderBookApi client carries, so OrderBookApi::new_with_base_url overrides (staging / wiremock) flow through. Orderbook 4xx/5xx bodies surface verbatim so guests can decode {errorType, description}.
submit_order(chain_id, order_data)	Parses JSON cowprotocol::OrderCreation, dispatches via OrderBookApi::post_order, returns the assigned OrderUid as 0x-prefixed hex.

chain

Function	Implementation
request(chain_id, method, params)	Raw JSON-RPC dispatch over an alloy DynProvider opened from engine.toml. ws:// / wss:// engage pubsub (needed for eth_subscribe); http:// / https:// use the HTTP transport. Params pass through as serde_json::RawValue so alloy does not re-encode.
request_batch	Falls back to per-call dispatch (same shape as the earlier stub, now backed by real RPC).

local-store

get / set / delete / list_keys against a redb file under engine_config.engine.state_dir. Single shared table; per-module namespacing is enforced host-side via [len:u8][module_name][raw_key] prefix on every key. list_keys strips the prefix before returning to the guest. Two modules using the same key string see disjoint data.

logging

Routes through tracing::event! tagged with module=<namespace>. Engine boot installs an EnvFilter-based subscriber; RUST_LOG overrides the engine.toml log_level. The 0.1-style eprintln! lines are gone — fmt subscriber renders the same info plus structured fields.

Out of scope (deliberate)

identity, remote-store, messaging, http stay at Unsupported. Each has the 0.3 roadmap (keystore / Swarm / Waku) cited inline in main.rs.

Engine config

New optional engine.toml (sibling of the binary, or third positional arg):

[engine]
state_dir = "./data"
log_level = "info"

[chains.11155111]
rpc_url = "wss://ethereum-sepolia-rpc.publicnode.com"

[chains.42161]
rpc_url = "https://arb1.arbitrum.io/rpc"

Missing file ⇒ defaults (no chain endpoints; chain::request and cow_api::submit_order return Unsupported until configured). engine.example.toml ships in tree.

Tests

14 unit tests, all green:

• cow_orderbook: pool default-chains, unknown-chain typing, REST GET passthrough, relative-path resolution, unknown-method rejection, submit_order round-trip — last three under wiremock so the full HTTP path is exercised without hitting api.cow.fi.
• provider_pool: empty pool surfaces UnknownChain.
• local_store: roundtrip, namespace isolation, delete, list_keys prefix-stripping, empty-namespace rejection.

End-to-end against modules/example: example.wasm loads under the new wiring, logs init + on_event through the tracing pipeline. `just run` works unchanged.

```
cargo fmt --all --check # clean
RUSTFLAGS=-D warnings cargo clippy --workspace --all-targets --all-features # clean
cargo test -p nexum-engine --bins # 14 passed
```

Threat-model notes

• Orderbook is trusted, same posture as cow-rs. cow_api::request returns the response body verbatim; we do not parse or validate beyond what cowprotocol::OrderBookApi already does.
• Module is untrusted. submit_order re-parses the guest's JSON via serde_json::from_slice::<OrderCreation> and reuses cowprotocol's OrderCreation::from_signed_order_data validation (from != ZERO, app-data digest check) before posting. A malicious guest cannot bypass that path because the host calls cowprotocol, not its own re-encoder.
• `chain::request` is a raw passthrough with no method allowlist (per the 0.7-doc design). The RPC endpoint itself is in the trust boundary; a guest cannot reach a chain that was not declared in engine.toml.

Open questions for the maintainer

1. engine.toml shape. I put it sibling to the binary with [engine] state_dir + [chains.<id>] rpc_url. Open to moving knobs into env vars, splitting it differently, or merging with nexum.toml if you prefer one config surface. Yelled at the missing-config path with a tracing::warn! rather than failing boot.

2. OrderBookPool::with_default_chains hard-codes the five chains cowprotocol exposes via Chain::try_from. If you'd rather it consult engine.toml.[cow_api] for URL overrides per chain (mirroring the chain RPC table), happy to add it — the OrderBookApi::new_with_base_url plumbing is already there.

3. Coupling to cowprotocol. This PR pulls cowprotocol directly into nexum-engine. If the long-term design is "engine stays nexum-only, cow extensions live behind a feature flag", I can gate every cow-api code path behind --features cow so a pure-Nexum build does not see the cowprotocol tree.

4. local_store quota / transactional rollback. docs/04 mentions "per-event all-or-nothing" semantics and per-module storage quotas. This PR ships neither — every host call commits its own redb txn. Both fit naturally on top (we have a working quota counter in our other repo); want to do them in a follow-up?

Bleu happy to iterate on any of the above before this leaves draft.