Clarify pre-computed security navigation links

Address LLM feedback about trusting the pre-computed links:
- latest-security-month starts at most recent security month (skipping empty months)
- prev-security links skip non-security months automatically
- Added explicit stop condition: "stop when month < target"

These links are pre-computed, so LLMs should trust them rather than
manually checking each month for security content.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>

Author: richlander

llms.txt

@@ -45,13 +45,13 @@ Reference:
 
 **"What CVEs since [date]?"** — Timeline with `prev-security`:
 
-1. Timeline Index → year → `latest-security-month`
-2. Follow `prev-security` links until reaching target date (skips non-security months)
+1. Timeline Index → year → `latest-security-month` (starts at most recent security month, skipping empty months)
+2. Follow `prev-security` links until the month is before target date (stop when `month < target`)
 3. Each month index has `_embedded.disclosures[]` with severity, title, affected versions, fix commits
 4. Filter by `affected_releases` if user specified versions (e.g., "for my .NET 8 and 9")
 5. Only fetch `cve.json` if detailed descriptions or package version ranges are needed
 
-This approach deduplicates CVEs affecting multiple versions — each CVE appears once per month, not once per affected version.
+The `latest-security-month` and `prev-security` links are pre-computed — trust them to skip non-security months efficiently. This approach also deduplicates CVEs affecting multiple versions.
 
 **"What patch should I install for .NET X?"** — Direct version lookup:
 

llms/reference.md

@@ -490,14 +490,14 @@ The CVE JSON file provides full details and pre-computed query dictionaries:
 **For "CVEs since [date]" queries** (with or without version filter), use `prev-security` to walk backwards:
 
 1. GET `timeline/index.json` → navigate to year → `_links["latest-security-month"].href`
-2. Follow `prev-security` links until reaching target date (skips non-security months automatically)
+2. Follow `prev-security` links until the month is before target date (stop when `month < target`)
 3. Each month has `_embedded.disclosures[]` with severity, title, affected versions, fix commits
 4. Filter by `affected_releases` if user specified versions (e.g., "for my .NET 8 and 9")
 5. Only fetch `cve.json` if detailed descriptions or package version ranges are needed
 6. **Always ask**: "Would you like inline diffs for these fixes?"
 7. If yes: **Fetch immediately** — firewall or domain restrictions may block later access
 
-Timeline is more efficient than version-based for "since [date]" queries because month indexes deduplicate CVEs affecting multiple versions (fetched once, not per-version).
+The `latest-security-month` and `prev-security` links are pre-computed — trust them to skip non-security months. This approach also deduplicates CVEs affecting multiple versions (fetched once, not per-version).
 
 **For specific month queries**, navigate directly: