search and ai stabilization work, localization stablized.

src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/Endpoints/ExploitMaturityEndpoints.cs

@@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using static StellaOps.Localization.T;
 using StellaOps.RiskEngine.Core.Contracts;
 using StellaOps.RiskEngine.Core.Providers;
 using StellaOps.RiskEngine.WebService.Security;
@@ -42,7 +43,7 @@ public static class ExploitMaturityEndpoints
         })
         .WithName("GetExploitMaturity")
         .WithSummary("Assess exploit maturity for a CVE")
-        .WithDescription("Returns a unified exploit maturity assessment for the specified CVE by aggregating EPSS probability, KEV catalog membership, and in-the-wild exploitation signals. The result includes the overall maturity level, per-provider signal breakdown, and a composite confidence score.")
+        .WithDescription(_t("riskengine.exploit_maturity.assess_description"))
         .Produces<ExploitMaturityResult>()
         .ProducesProblem(400);
 
@@ -57,7 +58,7 @@ public static class ExploitMaturityEndpoints
                 var level = await service.GetMaturityLevelAsync(cveId, ct).ConfigureAwait(false);
                 return level.HasValue
                     ? Results.Ok(new { cveId, level = level.Value.ToString() })
-                    : Results.NotFound(new { cveId, error = "Maturity level could not be determined" });
+                    : Results.NotFound(new { cveId, error = _t("riskengine.error.maturity_level_undetermined") });
             }
             catch (ArgumentException ex)
             {
@@ -66,7 +67,7 @@ public static class ExploitMaturityEndpoints
         })
         .WithName("GetExploitMaturityLevel")
         .WithSummary("Get exploit maturity level for a CVE")
-        .WithDescription("Returns only the resolved maturity level enum value for the specified CVE without the full per-provider signal breakdown. Use this lightweight variant when only the top-level classification is needed. Returns 404 if the maturity level could not be determined.");
+        .WithDescription(_t("riskengine.exploit_maturity.get_level_description"));
 
         // GET /exploit-maturity/{cveId}/history - Get maturity history
         group.MapGet("/{cveId}/history", async (
@@ -86,7 +87,7 @@ public static class ExploitMaturityEndpoints
         })
         .WithName("GetExploitMaturityHistory")
         .WithSummary("Get exploit maturity history for a CVE")
-        .WithDescription("Returns the chronological history of maturity level assessments for the specified CVE, ordered from oldest to newest. Each entry records the maturity level, the contributing signals, and the timestamp of assessment. Useful for tracking escalation from theoretical to active exploitation.");
+        .WithDescription(_t("riskengine.exploit_maturity.get_history_description"));
 
         // POST /exploit-maturity/batch - Batch assess multiple CVEs
         group.MapPost("/batch", async (
@@ -96,7 +97,7 @@ public static class ExploitMaturityEndpoints
         {
             if (request.CveIds is null || request.CveIds.Count == 0)
             {
-                return Results.BadRequest(new { error = "CveIds list is required" });
+                return Results.BadRequest(new { error = _t("riskengine.error.cve_ids_required") });
             }
 
             var results = new List<ExploitMaturityResult>();
@@ -119,7 +120,7 @@ public static class ExploitMaturityEndpoints
         })
         .WithName("BatchAssessExploitMaturity")
         .WithSummary("Batch assess exploit maturity for multiple CVEs")
-        .WithDescription("Submits a list of CVE IDs for bulk exploit maturity assessment and returns results for all successfully evaluated CVEs plus a separate errors array for any that could not be resolved. Duplicate CVE IDs are deduplicated before evaluation.")
+        .WithDescription(_t("riskengine.exploit_maturity.batch_assess_description"))
         .RequireAuthorization(RiskEnginePolicies.Operate);
 
         return app;

src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/Program.cs

@@ -1,6 +1,7 @@
 
 using Microsoft.AspNetCore.Mvc;
 using StellaOps.Auth.Abstractions;
+using StellaOps.Localization;
 using StellaOps.Auth.ServerIntegration;
 using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.RiskEngine.Core.Contracts;
@@ -43,6 +44,9 @@ builder.Services.AddAuthorization(options =>
     options.AddStellaOpsScopePolicy(RiskEnginePolicies.Operate, StellaOpsScopes.RiskEngineOperate);
 });
 
+builder.Services.AddStellaOpsLocalization(builder.Configuration);
+builder.Services.AddTranslationBundle(System.Reflection.Assembly.GetExecutingAssembly());
+
 // Stella Router integration
 var routerEnabled = builder.Services.AddRouterMicroservice(
     builder.Configuration,
@@ -62,11 +66,14 @@ if (app.Environment.IsDevelopment())
 }
 
 app.UseStellaOpsCors();
+app.UseStellaOpsLocalization();
 app.UseAuthentication();
 app.UseAuthorization();
 app.UseStellaOpsTenantMiddleware();
 app.TryUseStellaRouter(routerEnabled);
 
+await app.LoadTranslationsAsync();
+
 // Map exploit maturity endpoints
 app.MapExploitMaturityEndpoints();
 
@@ -153,7 +160,7 @@ app.MapPost("/risk-scores/simulations/summary", async (
 // Refresh Router endpoint cache
 app.TryRefreshStellaRouterEndpoints(routerEnabled);
 
-app.Run();
+await app.RunAsync().ConfigureAwait(false);
 
 static async Task<List<RiskScoreResult>> EvaluateAsync(
     IReadOnlyCollection<ScoreRequest> requests,

src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/StellaOps.RiskEngine.WebService.csproj

@@ -34,6 +34,10 @@
     <ProjectReference Include="..\StellaOps.RiskEngine.Infrastructure\StellaOps.RiskEngine.Infrastructure.csproj"/>
     <ProjectReference Include="..\..\..\Router/__Libraries/StellaOps.Router.AspNet\StellaOps.Router.AspNet.csproj"/>
     <ProjectReference Include="..\..\..\Authority\StellaOps.Authority\StellaOps.Auth.ServerIntegration\StellaOps.Auth.ServerIntegration.csproj"/>
+    <ProjectReference Include="..\..\..\__Libraries\StellaOps.Localization\StellaOps.Localization.csproj"/>
+  </ItemGroup>
+  <ItemGroup>
+    <EmbeddedResource Include="Translations\*.json" />
   </ItemGroup>
   
 

src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.WebService/Translations/en-US.riskengine.json

@@ -0,0 +1,11 @@
+{
+  "_meta": { "locale": "en-US", "namespace": "riskengine", "version": "1.0" },
+
+  "riskengine.exploit_maturity.assess_description": "Returns a unified exploit maturity assessment for the specified CVE by aggregating EPSS probability, KEV catalog membership, and in-the-wild exploitation signals. The result includes the overall maturity level, per-provider signal breakdown, and a composite confidence score.",
+  "riskengine.exploit_maturity.get_level_description": "Returns only the resolved maturity level enum value for the specified CVE without the full per-provider signal breakdown. Use this lightweight variant when only the top-level classification is needed. Returns 404 if the maturity level could not be determined.",
+  "riskengine.exploit_maturity.get_history_description": "Returns the chronological history of maturity level assessments for the specified CVE, ordered from oldest to newest. Each entry records the maturity level, the contributing signals, and the timestamp of assessment. Useful for tracking escalation from theoretical to active exploitation.",
+  "riskengine.exploit_maturity.batch_assess_description": "Submits a list of CVE IDs for bulk exploit maturity assessment and returns results for all successfully evaluated CVEs plus a separate errors array for any that could not be resolved. Duplicate CVE IDs are deduplicated before evaluation.",
+
+  "riskengine.error.maturity_level_undetermined": "Maturity level could not be determined",
+  "riskengine.error.cve_ids_required": "CveIds list is required"
+}