docs: add architecture section to Node.js compatibility page

Explains the virtual kernel architecture: all I/O routes through VFS,
network stack, process table, and permissions engine. Clarifies that
HTTP server loopback routes through the kernel without real TCP, VFS
is not the host filesystem, and embedders provide host adapters.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: NathanFlurry

docs/nodejs-compatibility.mdx

@@ -10,6 +10,41 @@ icon: "list-check"
 
 `22.x` (derived from the `@types/node` `22.x` validation baseline used by tests and type checks).
 
+## Architecture
+
+secure-exec runs Node.js code inside a V8 isolate with a **virtual kernel** that mediates all system access. Nothing in the sandbox touches the host OS directly:
+
+```
+┌─────────────────────────────────────────────────┐
+│  Sandbox (V8 Isolate)                           │
+│                                                 │
+│  User Code (require, fs, http, etc.)            │
+│       │                                         │
+│       ▼                                         │
+│  Bridge Layer (polyfills + bridge modules)      │
+│       │                                         │
+│       ▼                                         │
+│  Virtual Kernel                                 │
+│  ├── VFS (virtual file system)                  │
+│  ├── Process table (spawn, signals, exit)       │
+│  ├── Network stack (TCP, HTTP, DNS, UDP)         │
+│  └── Permissions engine (deny-by-default)       │
+│       │                                         │
+│       ▼                                         │
+│  Host Adapters (embedder-provided)              │
+└─────────────────────────────────────────────────┘
+       │
+       ▼
+  Host OS (file system, network, etc.)
+```
+
+**Key points:**
+
+- **All I/O routes through the virtual kernel.** `fs.readFile()` goes through the VFS, `http.request()` goes through the network stack, `child_process.spawn()` goes through the process table. The kernel enforces permissions at every boundary.
+- **Network calls are kernel-mediated.** `http.createServer()` registers a virtual listener in the kernel's network stack. `http.request()` to localhost routes through the kernel without touching real TCP — the kernel connects the virtual server to the virtual client directly. External requests go through the host adapter after permission checks.
+- **The VFS is not the host file system.** Files written by sandbox code live in the VFS (in-memory by default). The host file system is accessible only through explicit read-only overlays (e.g., `node_modules`) configured by the embedder.
+- **Embedders provide host adapters** that implement the actual I/O. A Node.js embedder provides real `fs` and `net`; a browser embedder provides `fetch`-based networking and no file system. The sandbox code doesn't know or care which adapter backs the kernel.
+
 ## Support Tiers
 
 | Icon | Tier | Label | Meaning |