refactor: add createNodeV8Runtime wrapper, remove @secure-exec/v8 from public API

createNodeV8Runtime() in @secure-exec/node bakes in bridge code and
warm pool defaults (pool of 3, 128MB heap). Callers no longer need to
import @secure-exec/v8 directly. Updated benchmarks, docs, and internal
refs to use the new wrapper.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: NathanFlurry

docs-internal/specs/v8-runtime.md

@@ -473,9 +473,9 @@ await jail.set("_fsReadFile", new ivm.Reference(async (path) => { ... }));
 const script = await isolate.compileScript(code);
 await script.run(context);
 
-// After (@secure-exec/v8)
-import { createV8Runtime } from "@secure-exec/v8";
-const runtime = createV8Runtime();
+// After (@secure-exec/node)
+import { createNodeV8Runtime } from "@secure-exec/node";
+const runtime = createNodeV8Runtime();
 const session = runtime.createSession({ heapLimitMb: 128 });
 const result = await session.execute(code, {
   _fsReadFile: async (path: string) => { ... },

docs/process-isolation.mdx

@@ -62,15 +62,15 @@ NodeRuntime C ──── Tenant 2 Process (sessions: C1)
 ```
 
 ```ts
-import { createV8Runtime } from "@secure-exec/v8";
+import { createNodeV8Runtime } from "@secure-exec/node";
 import {
   NodeRuntime,
   createNodeDriver,
   createNodeRuntimeDriverFactory,
 } from "@secure-exec/node";
 
 // Create a dedicated process for this tenant
-const tenantProcess = await createV8Runtime({ maxSessions: 10 });
+const tenantProcess = await createNodeV8Runtime({ maxSessions: 10 });
 
 const rt1 = new NodeRuntime({
   systemDriver: createNodeDriver(),
@@ -95,15 +95,15 @@ NodeRuntime B ──── Process B (session: B1)
 ```
 
 ```ts
-import { createV8Runtime } from "@secure-exec/v8";
+import { createNodeV8Runtime } from "@secure-exec/node";
 import {
   NodeRuntime,
   createNodeDriver,
   createNodeRuntimeDriverFactory,
 } from "@secure-exec/node";
 
-const processA = await createV8Runtime();
-const processB = await createV8Runtime();
+const processA = await createNodeV8Runtime();
+const processB = await createNodeV8Runtime();
 
 const rtA = new NodeRuntime({
   systemDriver: createNodeDriver(),
@@ -132,7 +132,7 @@ Choose based on your isolation requirements. The shared topology is the most mem
 
 ```ts
 // This process allows up to 5 concurrent sessions
-const process = await createV8Runtime({ maxSessions: 5 });
+const process = await createNodeV8Runtime({ maxSessions: 5 });
 
 // Both runtimes share the 5-session budget
 const rt1 = new NodeRuntime({
@@ -157,7 +157,7 @@ When a V8 process crashes (OOM, segfault, panic):
 3. **New sessions cannot be created on the crashed process.** Create a new `V8Runtime` to recover.
 
 ```ts
-const process = await createV8Runtime();
+const process = await createNodeV8Runtime();
 const factory = createNodeRuntimeDriverFactory({ v8Runtime: process });
 
 const rt = new NodeRuntime({
@@ -171,14 +171,14 @@ const result = await rt.exec("const a = []; while(true) a.push(new Array(1e6))")
 // Host process is still alive
 ```
 
-Runtimes using the default shared process share crash fate — if the global process dies, all runtimes are affected. Use explicit `createV8Runtime()` handles to control which runtimes share a crash domain.
+Runtimes using the default shared process share crash fate — if the global process dies, all runtimes are affected. Use explicit `createNodeV8Runtime()` handles to control which runtimes share a crash domain.
 
 ## Warm pool
 
 Cold-starting a new session costs ~6ms (thread spawn + isolate creation from snapshot). The warm pool eliminates this by pre-creating sessions with isolates already initialized.
 
 ```ts
-const process = await createV8Runtime({
+const process = await createNodeV8Runtime({
   warmupBridgeCode: bridgeCode,
   warmPoolSize: 3,           // default: 3 when bridgeCode provided, 0 otherwise
   defaultWarmHeapLimitMb: 128,
@@ -199,7 +199,7 @@ Set `warmPoolSize: 0` to disable the pool entirely (falls back to the cold path
 The caller owns the `V8Runtime` handle and is responsible for disposing it when done.
 
 ```ts
-const process = await createV8Runtime();
+const process = await createNodeV8Runtime();
 
 // ... use process ...
 

packages/secure-exec-node/src/bridge-handlers.ts

@@ -34,7 +34,7 @@ import {
 	RESOURCE_BUDGET_ERROR_CODE,
 } from "./isolate-bootstrap.js";
 import type { DriverDeps } from "./isolate-bootstrap.js";
-import type { BridgeHandlers } from "@secure-exec/v8";
+import type { BridgeHandlers } from "./execution-driver.js";
 import type { StdioHook, StdioEvent } from "@secure-exec/core/internal/shared/api-types";
 
 // Estimate serialized size of a network response object for payload limit checks

packages/secure-exec-node/src/driver.ts

@@ -40,6 +40,9 @@ export interface NodeDriverOptions {
 
 export interface NodeRuntimeDriverFactoryOptions {
 	createIsolate?(memoryLimit: number): unknown;
+	/** V8 runtime process to use for sessions.
+	 *  If omitted, uses the global shared process (current behavior). */
+	v8Runtime?: import("./execution-driver.js").V8Runtime;
 }
 
 /** Thin VFS adapter that delegates directly to `node:fs/promises`. */
@@ -777,6 +780,7 @@ export function createNodeRuntimeDriverFactory(
 			new NodeExecutionDriver({
 				...runtimeOptions,
 				createIsolate: options.createIsolate,
+				v8Runtime: options.v8Runtime,
 			}),
 	};
 }