Fix certificate docs: validate TS samples, use aspire certs, remove .NET-isms

.github/skills/doc-tester/SKILL.md

@@ -246,9 +246,25 @@ The doc-tester agent produces actionable feedback that can:
 | **Code examples** | Do code samples compile and run as described? |
 | **CLI commands** | Do Aspire CLI commands work as documented? |
 | **Integration docs** | Are integration configurations accurate? |
-| **Navigation & links** | Do internal links work? Are pages accessible? |
+| **Navigation & links** | Do internal links work? Are pages accessible? Do they follow link format conventions? |
 | **Feature coverage** | Are all significant features documented? |
 
+### Link Validation Rules
+
+When testing any page, verify that **all internal links** follow these conventions:
+
+1. **Site-relative paths**: Internal links must start with `/` (not relative paths like `../` except within the same integration section)
+2. **Trailing slash required**: All internal links must end with `/` (e.g., `/get-started/first-app/` not `/get-started/first-app`)
+3. **Anchor links**: Hash links to sections on the same page (e.g., `#configuration`) are fine without a trailing slash
+4. **Valid targets**: Every internal link must point to a page that actually exists in the docs
+5. **No broken anchors**: Section anchor links (e.g., `/page/#section-name`) must reference an actual heading on the target page
+
+**How to validate links:**
+- Extract all `[text](url)` and `href="url"` patterns from the page source
+- For site-relative links, verify the target `.mdx` file exists under `src/frontend/src/content/docs/`
+- For links with anchors, verify the heading exists on the target page
+- Use Playwright to click links and verify they resolve (no 404s)
+
 ### Documentation Structure
 
 The documentation site includes:
@@ -441,6 +457,7 @@ When given a focus area, use these templates to guide testing:
 - [ ] All sections visible in snapshot
 - [ ] Code examples readable
 - [ ] Links to related pages work
+- [ ] All internal links are site-relative with trailing slashes
 
 #### CLI Command Testing
 - [ ] `aspire new` commands work as shown
@@ -484,6 +501,7 @@ When given a focus area, use these templates to guide testing:
 #### Cross-References
 - [ ] Links to official docs work
 - [ ] Links to related Aspire docs work
+- [ ] All internal links are site-relative with trailing slashes
 - [ ] See also section is complete
 ```
 

src/frontend/src/content/docs/fundamentals/persist-data-volumes.mdx

@@ -121,10 +121,10 @@ Since the `password` parameter isn't provided when calling `AddSqlServer`, Aspir
   runs.
 </Aside>
 
-To create a _persistent_ password, you must override the generated password. To do this, run the following command in your AppHost project directory to set a local password in your .NET user secrets:
+To create a _persistent_ password, you must override the generated password. To do this, run the following command in your AppHost project directory to set a local secret:
 
-```bash title=".NET CLI"
-dotnet user-secrets set Parameters:sql-password <password>
+```bash title="Aspire CLI"
+aspire secret set Parameters:sql-password <password>
 ```
 
 The naming convention for these secrets is important to understand. The password is stored in configuration with the `Parameters:sql-password` key. The naming convention follows this pattern:

src/frontend/src/content/docs/get-started/aspire-sdk-templates.mdx

@@ -167,10 +167,10 @@ aspire new aspire-starter --name MyApp --output ./projects
 
 :::
 
-You need to trust the ASP.NET Core localhost certificate before running the app. Run the following command:
+You need to trust the development certificate before running the app. Run the following command:
 
-```bash title=".NET CLI"
-dotnet dev-certs https --trust
+```bash title="Aspire CLI"
+aspire certs trust
 ```
 
 For more information, see [Troubleshoot untrusted localhost certificate](https://learn.microsoft.com/dotnet/aspire/troubleshooting/untrusted-localhost-certificate). For in-depth details about troubleshooting localhost certificates on Linux, see [ASP.NET Core: GitHub repository issue #32842](https://github.com/dotnet/aspnetcore/issues/32842).

src/frontend/src/content/docs/integrations/ai/openai/openai-get-started.mdx

@@ -60,10 +60,10 @@ The preceding code adds an OpenAI parent resource and two model resources. Refer
 
 ### Configure authentication
 
-The integration creates a secret parameter named `openai-openai-apikey` that automatically falls back to the `OPENAI_API_KEY` environment variable. Provide the key via user-secrets:
+The integration creates a secret parameter named `openai-openai-apikey` that automatically falls back to the `OPENAI_API_KEY` environment variable. Provide the key via the Aspire CLI:
 
 ```bash
-dotnet user-secrets set Parameters:openai-openai-apikey sk-your-api-key
+aspire secret set Parameters:openai-openai-apikey sk-your-api-key
 ```
 
 ## Set up client integration

src/frontend/src/content/docs/integrations/ai/openai/openai-host.mdx

@@ -55,10 +55,10 @@ Calling `AddOpenAI("openai")` creates a secret parameter named `openai-openai-ap
 1. The `Parameters:openai-openai-apikey` configuration key (user secrets, `appsettings.*`, or environment variables).
 2. The `OPENAI_API_KEY` environment variable.
 
-If neither source provides a value, startup throws an exception. Provide the key via user-secrets:
+If neither source provides a value, startup throws an exception. Provide the key via the Aspire CLI:
 
 ```bash
-dotnet user-secrets set Parameters:openai-openai-apikey sk-your-api-key
+aspire secret set Parameters:openai-openai-apikey sk-your-api-key
 ```
 
 ## Use custom API key parameter

src/frontend/src/content/docs/integrations/cloud/azure/local-provisioning.mdx

@@ -44,12 +44,11 @@ Local provisioning requires configuring your Azure subscription and location. Yo
 
 ### User secrets
 
-The recommended approach for development is using user secrets:
+The recommended approach for development is using the Aspire CLI:
 
 ```bash
-dotnet user-secrets init --project ./YourAppHost/YourAppHost.csproj
-dotnet user-secrets set "Azure:SubscriptionId" "your-subscription-id" --project ./YourAppHost
-dotnet user-secrets set "Azure:Location" "eastus" --project ./YourAppHost
+aspire secret set "Azure:SubscriptionId" "your-subscription-id"
+aspire secret set "Azure:Location" "eastus"
 ```
 
 ### appsettings.json
@@ -155,8 +154,8 @@ To prevent Aspire from creating resource groups:
 2. **Configure Azure subscription** (if not already done)
 
    ```bash
-   dotnet user-secrets set "Azure:SubscriptionId" "your-sub-id" --project ./AppHost
-   dotnet user-secrets set "Azure:Location" "eastus" --project ./AppHost
+   aspire secret set "Azure:SubscriptionId" "your-sub-id"
+   aspire secret set "Azure:Location" "eastus"
    ```
 
 3. **Run your application**

src/frontend/src/content/docs/integrations/custom-integrations/secure-communication.mdx

@@ -213,14 +213,14 @@ Next, configure the secrets for these parameters. Right-click on the `MailDevRes
 }
 ```
 
-Alternatively, you can use the `dotnet user-secrets` CLI to set these parameters:
+Alternatively, you can use the Aspire CLI to set these parameters:
 
 ```bash
-dotnet user-secrets set "Parameters:maildev-username" "@admin"
+aspire secret set "Parameters:maildev-username" "@admin"
 ```
 
 ```bash
-dotnet user-secrets set "Parameters:maildev-password" "t3st1ng"
+aspire secret set "Parameters:maildev-password" "t3st1ng"
 ```
 
 <Aside type="danger">