PR: storage/sim — NativeFIH storage interface prototype with FihIo abstraction #{83}

[metasmile]

Summary

This PR introduces storage/sim, the storage-layer simulator for the nexus FIH engine. It serves as the interface prototype for NativeFihStorage (#81) and the deterministic testbed for scenario-driven verification (#69).

Architecture

storage/sim/
├── io.rs              — FihIo trait (read/write/list/delete), WriteOp, FihIoBatch
├── sim_io.rs          — SimFihIo (HashMap-backed, deterministic, failure injection)
├── record.rs          — FactRecord, IntentRecord, HintRecord, IntentStatus enum
├── intent_status.rs   — IntentStatus compile-time transitions (Submitted→Claimed→Concluded)
├── store.rs           — NativeFihStorage<I: FihIo> — all trait impls
├── index.rs           — TimeIndex (append-only Vec + partition_point binary search)
├── session.rs         — FihSession<I: FihIo> — hydrate/buffer/flush lifecycle
├── tests/
│   ├── common/mod.rs  — FakeClock (deterministic)
│   ├── foundational_scenarios.rs — 4 FIH scenarios ported from nex
│   ├── full_lifecycle.rs — submit→claim→heartbeat→conclude
│   ├── gateway_scenarios.rs — MockGateway JSON round-trip ported from nex
│   └── time_filter.rs — 6 deterministic since/until/range/as_of tests

Core design decisions

FihIo: single IO abstraction

Replaces DualStorage { hot: PetgraphStorage, cold: CompositeColdStorage { MetaStore + BlobStore + ObjectStore } } with a single FihIo trait. Every storage backend (disk, S3, SQLite, CF KV) implements this trait. The core storage logic never calls IO directly — all writes go through a pending buffer and are batch-committed by FihSession::flush().

NativeFihStorage<I: FihIo>: sync core + async buffer

All FIH trait methods (FactCapable, IntentCapable, HintCapable, StorageRead, EvictCapable, FilterCapable) are sync. They enqueue WriteOps into a pending buffer. The outer FihSession layer provides hydrate() → (read/write) → flush() lifecycle. The Now trait is injected via with_clock() for platform-independent time (native SystemClock, WASM WasmClock, test FakeClock).

Blackboard as aggregate trait

Blackboard is now StorageRead + FactCapable + HintCapable + IntentCapable with a blanket impl. Any type implementing the four capability traits automatically satisfies Blackboard. No duplicate read_state() between Blackboard and StorageRead.

TimeIndex: O(log N) temporal seek

Vec<(u64, String)> with partition_point binary search. Append-only — FIH's monotonically increasing submitted_at guarantees push order equals time order. Provides since(), as_of(), range() for time-travel queries.

Ref_count: O(1) orphan detection

AtomicU64 per Fact. Incremented on submit_intent(), decremented on conclude_intent(). Orphan detection is an O(1) load() check.

Changes vs existing nex tests

All existing nex scenario tests (d_gateway_scenarios, foundational_scenarios) were ported to run against NativeFihStorage<SimFihIo> by changing only the storage initialization. Test logic is identical — storage is the only variable.

Test results

39 tests: 26 lib + 4 foundational + 2 lifecycle + 1 gateway + 6 time_filter
0 failed, 0 warnings (cargo clippy -- -D warnings)
wasm32-unknown-unknown: cargo check passes

Relationship to other issues

• storage/sim: Scenario-driven storage simulator for NativeFIH interface iteration and attack verification #69 (nexus-sim): storage/sim provides the deterministic storage backend for attack scenario execution.
• gateway/nex-cf: Connect nexus-model types and CompositeColdStorage over CF bindings #80 (gateway/nex-cf): gateway/nex-cf now uses NativeFihStorage<SimFihIo> pattern (reflected in SyncOnce). The CF Worker was the stress-test vehicle that drove all wasm32 compatibility fixes.
• Native FIH storage: trait-bound blob store with unified encryption, composite tiering, and sparse retrieval interface #81 (Native FIH storage): storage/sim is the interface prototype for NativeFihStorage. All trait contracts verified. Production implementation (encryption, tiering, FPGA) builds on this interface.