fix: update stale remediation-strategy.md links after rename to .mdx

website/docs/how-it-works.md

@@ -62,7 +62,7 @@ This separation enables a "fix the root" strategy. Instead of chasing every nest
 
 CVE Lite CLI turns findings into package-manager-native commands when the available metadata supports a confident path. Direct findings use validated package upgrades. Transitive findings prefer the parent package that introduced the vulnerable dependency, including npm-specific `npm update <parent>` recommendations when a known non-vulnerable child version already fits within the current parent range.
 
-See the [Remediation Strategy guide](remediation-strategy.md) for the full decision model and package-manager notes.
+See the [Remediation Strategy guide](remediation-strategy) for the full decision model and package-manager notes.
 
 ---
 

website/docs/index.md

@@ -13,7 +13,7 @@ CVE Lite CLI is designed around short local feedback loops: scan a lockfile, und
 
 - [Getting Started](./getting-started.md) explains how to get started
 - [Workflow Integration](./workflow-integration.md) explains how to integrate with CI, GitHub Actions, GitHub Code Scanning (SARIF upload), git hooks, and offline mode.
-- [Remediation Strategy](./remediation-strategy.md) explains how the CLI chooses direct upgrades, parent updates, and parent upgrades.
+- [Remediation Strategy](./remediation-strategy) explains how the CLI chooses direct upgrades, parent updates, and parent upgrades.
 - [Fix Mode Guide](./fix-mode.md) explains the conservative `--fix` workflow.
 - [HTML Vulnerability Report](./html-report.md) explains the local dashboard generated by `--report`.
 - [How CVE Lite CLI Works](./how-it-works.md) covers the scanner model and lockfile-first behavior.