fix: address all CodeRabbit comments on PR 108

cve.find.md:
- Update subcomponent jq query for new simplified schema:
  .repos[].containers instead of container_to_repo_mapping/repositories

cve.fix.md:
- Fix misleading comment: --label exits non-zero (not silent), fallback
  exists for that reason; 2>/dev/null only suppresses the label error

onboard.md:
- Use __ as directory separator (not -) to avoid org/repo-name vs
  org-repo/name collision ambiguity
- Use printf '%s\n' instead of echo for writing generated markdown
  (echo interprets backslashes, corrupts code fences and regexes)
- Make co-author attribution version-agnostic: Claude instead of
  Claude Sonnet 4.6 (1M context)

component-repository-mappings.json:
- All repos already have correct types (no unknown values exist)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: vmrh21

workflows/cve-fixer/.claude/commands/cve.find.md

@@ -148,12 +148,12 @@ Report: artifacts/cve-fixer/find/cve-issues-20260226-145018.md
 
    # Append subcomponent filter if provided
    if [ -n "$SUBCOMPONENT" ] && [ -n "$MAPPING_FILE" ] && [ -f "$MAPPING_FILE" ]; then
-     # Reverse lookup: find ALL containers whose primary repo has matching subcomponent
+     # Reverse lookup: find ALL containers on repos with matching subcomponent (new schema)
      PSCOMPONENTS=$(jq -r --arg comp "$COMPONENT_NAME" --arg sub "$SUBCOMPONENT" '
-       .components[$comp] as $c |
-       $c.container_to_repo_mapping | to_entries[] |
-       select($c.repositories[.value].subcomponent == $sub) |
-       "pscomponent:" + .key
+       .components[$comp].repos[] |
+       select(.subcomponent == $sub) |
+       .containers[]? |
+       "pscomponent:" + .
      ' "$MAPPING_FILE")
 
      if [ -n "$PSCOMPONENTS" ]; then

workflows/cve-fixer/.claude/commands/cve.fix.md

@@ -1251,8 +1251,9 @@ EOF
          --base <target-branch> \
          --title "Security: Fix CVE-YYYY-XXXXX (<package-name>)" \
          --body "$PR_BODY")
-       # Note: --label silently fails if the label doesn't exist in the repo.
-       # The fallback without --label ensures PR is always created.
+       # Note: gh pr create --label exits non-zero if the label doesn't exist.
+       # The fallback (without --label) ensures PR is always created even if labelling fails.
+       # 2>/dev/null suppresses the label-not-found error from the first attempt.
 
        # Enable automerge if --automerge flag was passed and PR was created successfully
        if [ "$AUTOMERGE" = "true" ] && [ -n "$PR_URL" ] && [ "$PR_URL" != "null" ]; then

workflows/cve-fixer/.claude/commands/onboard.md

@@ -320,7 +320,7 @@ to `ambient-code/workflows` containing both the mapping update and the guidance
 
    Add ${COMPONENT_NAME} to component-repository-mappings.json
 
-   Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>"
+   Co-Authored-By: Claude <noreply@anthropic.com>"
 
    git push "$REMOTE" "$BRANCH_NAME"
    ```
@@ -362,7 +362,7 @@ to `ambient-code/workflows` containing both the mapping update and the guidance
    ```bash
    for i in "${!REPO_URLS[@]}"; do
      REPO_FULL=$(echo "${REPO_URLS[$i]}" | sed 's|https://github.com/||')
-     REPO_DIR="/tmp/onboard-${REPO_FULL//\//-}"
+     REPO_DIR="/tmp/onboard-${REPO_FULL//\//__}"
 
      # Check write access / fork if needed
      PUSH_ACCESS=$(gh api repos/${REPO_FULL} --jq '.permissions.push' 2>/dev/null)
@@ -383,14 +383,14 @@ to `ambient-code/workflows` containing both the mapping update and the guidance
      cd "$REPO_DIR"
      git checkout -b add-cve-fix-guidance
      mkdir -p .cve-fix
-     echo "${GENERATED_EXAMPLES[$i]}" > .cve-fix/examples.md
+     printf '%s\n' "${GENERATED_EXAMPLES[$i]}" > .cve-fix/examples.md
      git add .cve-fix/examples.md
      git commit -m "chore: add CVE fixer guidance file
 
 Generated by /onboard — teaches the CVE fixer workflow how to create
 fix PRs matching this repo's conventions.
 
-Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>"
+Co-Authored-By: Claude <noreply@anthropic.com>"
      git push "$REPO_REMOTE" add-cve-fix-guidance
 
      gh pr create \