stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

search and ai stabilization work, localization stablized.

Browse Source
This commit is contained in:
master
2026-02-24 23:29:36 +02:00
parent 4f947a8b61
commit b07d27772e
766 changed files with 55299 additions and 3221 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
src/__Libraries/StellaOps.Localization/EmbeddedJsonBundleProvider.cs Normal file
View File

@@ -0,0 +1,134 @@
using System.Reflection;
using System.Text.Json;
namespace StellaOps.Localization;
/// <summary>
/// Loads translation bundles from embedded JSON resources in an assembly.
/// Files must be named {locale}.{namespace}.json (e.g., en-US.common.json)
/// and included as EmbeddedResource.
/// </summary>
public sealed class EmbeddedJsonBundleProvider : ITranslationBundleProvider
{
private readonly Assembly _assembly;
private readonly string _resourceFolder;
public int Priority { get; }
public EmbeddedJsonBundleProvider(Assembly assembly, string resourceFolder, int priority)
{
_assembly = assembly ?? throw new ArgumentNullException(nameof(assembly));
_resourceFolder = resourceFolder;
Priority = priority;
}
public Task<IReadOnlyDictionary<string, string>> LoadAsync(string locale, CancellationToken ct)
{
ct.ThrowIfCancellationRequested();
var merged = new Dictionary<string, string>(StringComparer.Ordinal);
// Embedded resource names use '.' as path separator.
// A file at Translations/en-US.common.json becomes:
// StellaOps.Localization.Translations.en-US.common.json
// We match resources that contain .{locale}. in their name.
var resourceNames = _assembly.GetManifestResourceNames();
var localeMarker = $".{locale}.";
foreach (var resourceName in resourceNames)
{
if (!resourceName.Contains(localeMarker, StringComparison.OrdinalIgnoreCase))
{
continue;
}
if (!resourceName.EndsWith(".json", StringComparison.OrdinalIgnoreCase))
{
continue;
}
using var stream = _assembly.GetManifestResourceStream(resourceName);
if (stream is null)
{
continue;
}
var bundle = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(stream);
if (bundle is null)
{
continue;
}
foreach (var (key, element) in bundle)
{
// Skip metadata keys
if (key.StartsWith('_'))
{
continue;
}
if (element.ValueKind == JsonValueKind.String)
{
merged[key] = element.GetString()!;
}
}
}
return Task.FromResult<IReadOnlyDictionary<string, string>>(merged);
}
public Task<IReadOnlyList<string>> GetAvailableLocalesAsync(CancellationToken ct)
{
ct.ThrowIfCancellationRequested();
var resourceNames = _assembly.GetManifestResourceNames();
var locales = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
// Resource folder in embedded names uses dots: Translations -> .Translations.
var folderPrefix = $".{_resourceFolder}.";
foreach (var resourceName in resourceNames)
{
if (!resourceName.Contains(folderPrefix, StringComparison.OrdinalIgnoreCase))
{
continue;
}
if (!resourceName.EndsWith(".json", StringComparison.OrdinalIgnoreCase))
{
continue;
}
// Extract locale from filename pattern: ...Translations.{locale}.{namespace}.json
// Find the portion after the folder prefix
var folderIndex = resourceName.IndexOf(folderPrefix, StringComparison.OrdinalIgnoreCase);
if (folderIndex < 0)
{
continue;
}
var afterFolder = resourceName[(folderIndex + folderPrefix.Length)..];
// afterFolder is like "en-US.common.json"
// Locale is everything before the first dot that isn't part of a locale code
// Locale codes are like "en-US", "de-DE", "fr-FR" (always 2-2 with dash)
var firstDot = afterFolder.IndexOf('.');
if (firstDot <= 0)
{
continue;
}
var candidate = afterFolder[..firstDot];
// Check if it's a 5-char locale (xx-YY) or 2-char language code (xx)
if (candidate.Length is 5 && candidate[2] == '-')
{
locales.Add(candidate);
}
else if (candidate.Length == 2)
{
locales.Add(candidate);
}
}
return Task.FromResult<IReadOnlyList<string>>(locales.OrderBy(l => l).ToList());
}
}

21
src/__Libraries/StellaOps.Localization/ITranslationBundleProvider.cs Normal file
View File

@@ -0,0 +1,21 @@
namespace StellaOps.Localization;
/// <summary>
/// Provides translation bundles from a specific source (embedded JSON, remote API, etc.).
/// Providers are loaded in priority order: lower priority values are loaded first and
/// overwritten by higher-priority providers.
/// </summary>
public interface ITranslationBundleProvider
{
/// <summary>
/// Priority: lower = loaded first (overwritten by higher).
/// Common embedded = 0, service embedded = 10, remote/DB = 100.
/// </summary>
int Priority { get; }
/// <summary>Load all translation key-value pairs for a locale.</summary>
Task<IReadOnlyDictionary<string, string>> LoadAsync(string locale, CancellationToken ct);
/// <summary>Which locales this provider can serve.</summary>
Task<IReadOnlyList<string>> GetAvailableLocalesAsync(CancellationToken ct);
}

17
src/__Libraries/StellaOps.Localization/LocaleContext.cs Normal file
View File

@@ -0,0 +1,17 @@
namespace StellaOps.Localization;
/// <summary>
/// Ambient locale for the current async call chain.
/// Set by the localization middleware, read by <see cref="T._t"/>.
/// </summary>
public static class LocaleContext
{
private static readonly AsyncLocal<string?> _current = new();
/// <summary>Current request locale (e.g., "de-DE"). Null falls back to default.</summary>
public static string? Current
{
get => _current.Value;
set => _current.Value = value;
}
}

99
src/__Libraries/StellaOps.Localization/MiddlewareExtensions.cs Normal file
View File

@@ -0,0 +1,99 @@
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
namespace StellaOps.Localization;
/// <summary>
/// ASP.NET Core middleware and startup extensions for the localization system.
/// </summary>
public static class MiddlewareExtensions
{
/// <summary>
/// Adds localization middleware that resolves the request locale from headers
/// and initializes the static <see cref="T"/> entry point.
/// Call after <c>Build()</c> and before endpoint mapping.
/// </summary>
public static IApplicationBuilder UseStellaOpsLocalization(this IApplicationBuilder app)
{
// Initialize the static T singleton from DI
var registry = app.ApplicationServices.GetRequiredService<TranslationRegistry>();
T.Initialize(registry);
return app.Use(async (context, next) =>
{
var options = context.RequestServices.GetRequiredService<IOptions<TranslationOptions>>().Value;
// Priority: X-Locale header > Accept-Language first entry > default
var locale = context.Request.Headers["X-Locale"].FirstOrDefault();
if (string.IsNullOrWhiteSpace(locale))
{
var acceptLanguage = context.Request.Headers.AcceptLanguage.FirstOrDefault();
if (!string.IsNullOrWhiteSpace(acceptLanguage))
{
// Take the first entry (highest quality) before any comma
locale = acceptLanguage.Split(',')[0].Split(';')[0].Trim();
}
}
locale = NormalizeLocale(locale, options);
LocaleContext.Current = locale;
try
{
await next(context).ConfigureAwait(false);
}
finally
{
LocaleContext.Current = null;
}
});
}
/// <summary>
/// Loads all translation bundles from registered providers.
/// Call after <c>Build()</c>, before <c>Run()</c>.
/// </summary>
public static async Task<WebApplication> LoadTranslationsAsync(this WebApplication app)
{
var registry = app.Services.GetRequiredService<TranslationRegistry>();
var providers = app.Services.GetServices<ITranslationBundleProvider>();
await registry.LoadAsync(providers, CancellationToken.None).ConfigureAwait(false);
return app;
}
private static string NormalizeLocale(string? locale, TranslationOptions options)
{
if (string.IsNullOrWhiteSpace(locale))
{
return options.DefaultLocale;
}
locale = locale.Trim();
// Check if the locale is in the supported list
foreach (var supported in options.SupportedLocales)
{
if (string.Equals(locale, supported, StringComparison.OrdinalIgnoreCase))
{
return supported; // Return the canonical casing
}
}
// Try language-only match (e.g., "de" matches "de-DE")
var dashIndex = locale.IndexOf('-');
var languageOnly = dashIndex > 0 ? locale[..dashIndex] : locale;
foreach (var supported in options.SupportedLocales)
{
if (supported.StartsWith(languageOnly, StringComparison.OrdinalIgnoreCase))
{
return supported;
}
}
return options.DefaultLocale;
}
}

87
src/__Libraries/StellaOps.Localization/RemoteBundleProvider.cs Normal file
View File

@@ -0,0 +1,87 @@
using System.Net.Http.Json;
using System.Text.Json;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
namespace StellaOps.Localization;
/// <summary>
/// Fetches translation bundles from the Platform localization API (DB overrides).
/// Highest priority (100) — overwrites all embedded JSON bundles.
/// </summary>
public sealed class RemoteBundleProvider : ITranslationBundleProvider
{
private readonly TranslationOptions _options;
private readonly IHttpClientFactory? _httpClientFactory;
private readonly ILogger<RemoteBundleProvider> _logger;
public int Priority => 100;
public RemoteBundleProvider(
IOptions<TranslationOptions> options,
ILogger<RemoteBundleProvider> logger,
IHttpClientFactory? httpClientFactory = null)
{
_options = options?.Value ?? new TranslationOptions();
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
_httpClientFactory = httpClientFactory;
}
public async Task<IReadOnlyDictionary<string, string>> LoadAsync(string locale, CancellationToken ct)
{
if (!_options.EnableRemoteBundles || string.IsNullOrWhiteSpace(_options.RemoteBundleUrl))
{
return new Dictionary<string, string>();
}
if (_httpClientFactory is null)
{
_logger.LogDebug("IHttpClientFactory not available, skipping remote bundle fetch");
return new Dictionary<string, string>();
}
var url = $"{_options.RemoteBundleUrl.TrimEnd('/')}/api/v1/platform/localization/bundles/{locale}";
try
{
var client = _httpClientFactory.CreateClient("StellaOpsLocalization");
var response = await client.GetAsync(url, ct).ConfigureAwait(false);
if (!response.IsSuccessStatusCode)
{
_logger.LogDebug(
"Remote bundle fetch for locale {Locale} returned {StatusCode}",
locale, response.StatusCode);
return new Dictionary<string, string>();
}
var body = await response.Content.ReadFromJsonAsync<RemoteBundleResponse>(ct).ConfigureAwait(false);
if (body?.Strings is null)
{
return new Dictionary<string, string>();
}
_logger.LogDebug("Fetched {Count} remote translations for locale {Locale}", body.Strings.Count, locale);
return body.Strings;
}
catch (Exception ex) when (ex is HttpRequestException or TaskCanceledException or JsonException)
{
_logger.LogWarning(ex, "Failed to fetch remote translations for locale {Locale} from {Url}", locale, url);
return new Dictionary<string, string>();
}
}
public Task<IReadOnlyList<string>> GetAvailableLocalesAsync(CancellationToken ct)
{
// Remote provider doesn't dictate which locales to load — it piggybacks
// on whatever locales are already discovered by embedded providers.
return Task.FromResult<IReadOnlyList<string>>([]);
}
private sealed class RemoteBundleResponse
{
public string? Locale { get; set; }
public Dictionary<string, string>? Strings { get; set; }
public int Count { get; set; }
}
}

69
src/__Libraries/StellaOps.Localization/ServiceCollectionExtensions.cs Normal file
View File

@@ -0,0 +1,69 @@
using System.Reflection;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
namespace StellaOps.Localization;
/// <summary>
/// DI registration for the StellaOps localization system.
/// </summary>
public static class ServiceCollectionExtensions
{
/// <summary>
/// Adds the localization system with common translations (embedded in the library assembly).
/// Call <see cref="AddTranslationBundle"/> to add service-specific translations.
/// </summary>
public static IServiceCollection AddStellaOpsLocalization(
this IServiceCollection services,
IConfiguration configuration,
Action<TranslationOptions>? configure = null)
{
services.AddOptions<TranslationOptions>()
.Bind(configuration.GetSection(TranslationOptions.SectionName));
if (configure is not null)
{
services.PostConfigure(configure);
}
services.TryAddSingleton<TranslationRegistry>();
// Register the common embedded bundle (priority 0) from this library's assembly
services.AddSingleton<ITranslationBundleProvider>(
new EmbeddedJsonBundleProvider(
typeof(TranslationRegistry).Assembly,
"Translations",
priority: 0));
return services;
}
/// <summary>
/// Adds a service-specific embedded translation bundle (priority 10 by default).
/// The assembly must embed JSON files under the specified resource folder.
/// </summary>
public static IServiceCollection AddTranslationBundle(
this IServiceCollection services,
Assembly serviceAssembly,
string resourceFolder = "Translations",
int priority = 10)
{
services.AddSingleton<ITranslationBundleProvider>(
new EmbeddedJsonBundleProvider(serviceAssembly, resourceFolder, priority));
return services;
}
/// <summary>
/// Adds remote/DB bundle fetching from Platform (priority 100).
/// Requires <see cref="TranslationOptions.EnableRemoteBundles"/> and
/// <see cref="TranslationOptions.RemoteBundleUrl"/> to be configured.
/// </summary>
public static IServiceCollection AddRemoteTranslationBundles(this IServiceCollection services)
{
services.AddHttpClient("StellaOpsLocalization");
services.AddSingleton<ITranslationBundleProvider, RemoteBundleProvider>();
return services;
}
}

19
src/__Libraries/StellaOps.Localization/StellaOps.Localization.csproj Normal file
View File

@@ -0,0 +1,19 @@
<?xml version='1.0' encoding='utf-8'?>
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>
<ItemGroup>
<FrameworkReference Include="Microsoft.AspNetCore.App" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Translations\*.json" />
</ItemGroup>
</Project>

60
src/__Libraries/StellaOps.Localization/T.cs Normal file
View File

@@ -0,0 +1,60 @@
namespace StellaOps.Localization;
/// <summary>
/// Static translation entry point.
/// Import with: <c>using static StellaOps.Localization.T;</c>
/// Then call: <c>_t("common.error.not_found")</c> or <c>_t("scanner.scan.started", scanId, imageRef)</c>
/// </summary>
public static class T
{
private static TranslationRegistry? _registry;
/// <summary>
/// Called once at startup by the localization middleware. Not thread-safe during init
/// (called from Program.cs before requests start).
/// </summary>
internal static void Initialize(TranslationRegistry registry)
{
_registry = registry;
}
/// <summary>
/// Resets the registry (for testing only).
/// </summary>
internal static void Reset()
{
_registry = null;
}
/// <summary>
/// Translates a key using the current request locale (from <see cref="LocaleContext"/>)
/// or the default locale. Supports positional parameters via string.Format:
/// <c>_t("common.error.validation_required", "Email")</c>
/// where the template is <c>"{0} is required."</c>
/// </summary>
public static string _t(string key, params object?[] args)
{
if (_registry is null)
{
// Before initialization, return key as-is (startup/test scenarios)
return key;
}
return _registry.Translate(key, args);
}
/// <summary>
/// Translates with named parameters:
/// <c>_tn("scanner.scan.started", ("scanId", "abc"), ("imageRef", "nginx:latest"))</c>
/// where the template is <c>"Scan {scanId} started for {imageRef}."</c>
/// </summary>
public static string _tn(string key, params (string Name, object Value)[] namedArgs)
{
if (_registry is null)
{
return key;
}
return _registry.TranslateNamed(key, namedArgs);
}
}

27
src/__Libraries/StellaOps.Localization/TranslationOptions.cs Normal file
View File

@@ -0,0 +1,27 @@
namespace StellaOps.Localization;
/// <summary>
/// Configuration for the StellaOps localization system.
/// </summary>
public sealed class TranslationOptions
{
public const string SectionName = "StellaOps:Localization";
/// <summary>Default locale when Accept-Language is absent.</summary>
public string DefaultLocale { get; set; } = "en-US";
/// <summary>Supported locales for this deployment.</summary>
public List<string> SupportedLocales { get; set; } = ["en-US"];
/// <summary>Whether to fetch DB overrides from Platform at startup.</summary>
public bool EnableRemoteBundles { get; set; }
/// <summary>Platform localization API base URL (for remote bundle fetch).</summary>
public string? RemoteBundleUrl { get; set; }
/// <summary>Cache TTL for remote bundles.</summary>
public TimeSpan RemoteBundleCacheDuration { get; set; } = TimeSpan.FromMinutes(30);
/// <summary>Whether to return the key as fallback when translation is missing.</summary>
public bool ReturnKeyWhenMissing { get; set; } = true;
}

251
src/__Libraries/StellaOps.Localization/TranslationRegistry.cs Normal file
View File

@@ -0,0 +1,251 @@
using System.Collections.Concurrent;
using System.Globalization;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
namespace StellaOps.Localization;
/// <summary>
/// Singleton that holds all loaded translation bundles and resolves keys.
/// Priority cascade: DB overrides (100) > service-local JSON (10) > common JSON (0).
/// Fallback chain: requested locale -> language-only -> default locale -> key itself.
/// </summary>
public sealed class TranslationRegistry
{
// locale -> (key -> value), already merged by priority
private readonly ConcurrentDictionary<string, ConcurrentDictionary<string, string>> _store = new(StringComparer.OrdinalIgnoreCase);
private readonly TranslationOptions _options;
private readonly ILogger<TranslationRegistry> _logger;
public TranslationRegistry(IOptions<TranslationOptions> options, ILogger<TranslationRegistry> logger)
{
_options = options?.Value ?? new TranslationOptions();
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
}
/// <summary>
/// Loads all bundles from registered providers in priority order (lowest first).
/// </summary>
public async Task LoadAsync(IEnumerable<ITranslationBundleProvider> providers, CancellationToken ct)
{
var ordered = providers.OrderBy(p => p.Priority).ToList();
// Collect all available locales from all providers
var allLocales = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
foreach (var provider in ordered)
{
var locales = await provider.GetAvailableLocalesAsync(ct).ConfigureAwait(false);
foreach (var locale in locales)
{
allLocales.Add(locale);
}
}
// Ensure default locale is always loaded
allLocales.Add(_options.DefaultLocale);
// Load bundles in priority order (lower first, higher overwrites)
foreach (var provider in ordered)
{
foreach (var locale in allLocales)
{
try
{
var bundle = await provider.LoadAsync(locale, ct).ConfigureAwait(false);
if (bundle.Count > 0)
{
MergeBundles(locale, bundle);
_logger.LogDebug(
"Loaded {Count} translations for locale {Locale} from provider (priority {Priority})",
bundle.Count, locale, provider.Priority);
}
}
catch (Exception ex)
{
_logger.LogWarning(ex,
"Failed to load translations for locale {Locale} from provider (priority {Priority})",
locale, provider.Priority);
}
}
}
var totalKeys = _store.Values.Sum(d => d.Count);
_logger.LogInformation(
"Translation registry loaded: {LocaleCount} locales, {TotalKeys} total keys",
_store.Count, totalKeys);
}
/// <summary>
/// Merges a bundle into the store. Higher-priority values overwrite lower.
/// </summary>
public void MergeBundles(string locale, IReadOnlyDictionary<string, string> strings)
{
var dict = _store.GetOrAdd(locale, _ => new ConcurrentDictionary<string, string>(StringComparer.Ordinal));
foreach (var (key, value) in strings)
{
dict[key] = value;
}
}
/// <summary>
/// Translates a key with positional parameters.
/// Uses the current request locale from <see cref="LocaleContext"/> or the default.
/// </summary>
public string Translate(string key, object?[] args)
{
var locale = LocaleContext.Current ?? _options.DefaultLocale;
var template = Resolve(key, locale);
if (args.Length == 0)
{
return template;
}
try
{
return string.Format(CultureInfo.GetCultureInfo(locale), template, args);
}
catch (FormatException)
{
_logger.LogWarning("Format error translating key {Key} with {ArgCount} args for locale {Locale}",
key, args.Length, locale);
return template;
}
}
/// <summary>
/// Translates a key with named parameters.
/// Replaces {name} placeholders with formatted values.
/// </summary>
public string TranslateNamed(string key, (string Name, object Value)[] namedArgs)
{
var locale = LocaleContext.Current ?? _options.DefaultLocale;
var template = Resolve(key, locale);
foreach (var (name, value) in namedArgs)
{
var placeholder = $"{{{name}}}";
template = template.Replace(placeholder, FormatValue(value, locale), StringComparison.Ordinal);
}
return template;
}
/// <summary>
/// Returns all translations for a locale (merged from all providers).
/// </summary>
public IReadOnlyDictionary<string, string> GetBundle(string locale)
{
if (_store.TryGetValue(locale, out var dict))
{
return new Dictionary<string, string>(dict, StringComparer.Ordinal);
}
return new Dictionary<string, string>(StringComparer.Ordinal);
}
/// <summary>
/// Returns translations for a locale filtered by key prefix.
/// </summary>
public IReadOnlyDictionary<string, string> GetBundle(string locale, string namespacePrefix)
{
var prefix = namespacePrefix.EndsWith('.') ? namespacePrefix : namespacePrefix + ".";
var result = new Dictionary<string, string>(StringComparer.Ordinal);
if (_store.TryGetValue(locale, out var dict))
{
foreach (var (key, value) in dict)
{
if (key.StartsWith(prefix, StringComparison.Ordinal))
{
result[key] = value;
}
}
}
return result;
}
/// <summary>
/// Returns all loaded locales.
/// </summary>
public IReadOnlyList<string> GetLoadedLocales()
{
return _store.Keys.OrderBy(l => l).ToList();
}
/// <summary>
/// Resolves a key through the fallback chain:
/// requested locale -> language-only -> default locale -> key itself.
/// </summary>
private string Resolve(string key, string locale)
{
// 1. Try exact locale (e.g., "de-DE")
if (TryGetValue(locale, key, out var value))
{
return value;
}
// 2. Try language-only (e.g., "de")
var dashIndex = locale.IndexOf('-');
if (dashIndex > 0)
{
var languageOnly = locale[..dashIndex];
if (TryGetValue(languageOnly, key, out value))
{
return value;
}
}
// 3. Try default locale (e.g., "en-US")
if (!string.Equals(locale, _options.DefaultLocale, StringComparison.OrdinalIgnoreCase))
{
if (TryGetValue(_options.DefaultLocale, key, out value))
{
return value;
}
// 4. Try default language-only (e.g., "en")
var defaultDash = _options.DefaultLocale.IndexOf('-');
if (defaultDash > 0)
{
var defaultLang = _options.DefaultLocale[..defaultDash];
if (TryGetValue(defaultLang, key, out value))
{
return value;
}
}
}
// 5. Return key itself as fallback
if (_options.ReturnKeyWhenMissing)
{
return key;
}
return key;
}
private bool TryGetValue(string locale, string key, out string value)
{
value = string.Empty;
return _store.TryGetValue(locale, out var dict) && dict.TryGetValue(key, out value!);
}
private static string FormatValue(object value, string locale)
{
var culture = CultureInfo.GetCultureInfo(locale);
return value switch
{
null => string.Empty,
DateTime dt => dt.ToString("g", culture),
DateTimeOffset dto => dto.ToString("g", culture),
int i => i.ToString("N0", culture),
long l => l.ToString("N0", culture),
decimal d => d.ToString("N2", culture),
double dbl => dbl.ToString("N2", culture),
float f => f.ToString("N2", culture),
_ => value.ToString() ?? string.Empty
};
}
}

411
src/__Libraries/StellaOps.Localization/Translations/bg-BG.common.json Normal file
View File

@@ -0,0 +1,411 @@
{
"_meta": { "locale": "bg-BG", "namespace": "common", "version": "1.1" },
"common.error.generic": "Something went wrong.",
"common.error.not_found": "The requested resource was not found.",
"common.error.entity_not_found": "{0} '{1}' not found.",
"common.error.unauthorized": "You do not have permission to perform this action.",
"common.error.forbidden": "Access denied.",
"common.error.bad_request": "The request is invalid.",
"common.error.conflict": "A conflict occurred. The resource may have been modified.",
"common.error.timeout": "Request timed out after {0} seconds.",
"common.error.server_error": "An internal server error occurred. Please try again later.",
"common.error.service_unavailable": "The service is temporarily unavailable.",
"common.error.too_many_requests": "Too many requests. Please wait and try again.",
"common.error.network": "Network error. Check your connection.",
"common.error.body_required": "Request body is required.",
"common.error.deserialization_failed": "Failed to deserialize {0}.",
"common.error.not_supported": "{0} is not supported.",
"common.error.already_exists": "{0} '{1}' already exists.",
"common.error.revoked": "{0} '{1}' has been revoked and cannot be used.",
"common.error.state_invalid": "{0} '{1}' is not in the expected state. Current state: {2}",
"common.validation.required": "{0} is required.",
"common.validation.invalid": "{0} is invalid.",
"common.validation.too_long": "{0} exceeds the maximum length of {1} characters.",
"common.validation.too_short": "{0} must be at least {1} characters.",
"common.validation.out_of_range": "{0} must be between {1} and {2}.",
"common.validation.invalid_format": "{0} has an invalid format.",
"common.validation.duplicate": "{0} already exists.",
"common.validation.empty_not_allowed": "{0} must not be empty.",
"common.validation.empty_after_trim": "{0} must not be empty after trimming.",
"common.validation.greater_than_zero": "{0} must be greater than zero.",
"common.validation.non_negative": "{0} must be non-negative.",
"common.validation.at_least_one": "At least one {0} must be configured.",
"common.validation.at_least_n": "{0} must have at least {1} entries.",
"common.validation.null_or_empty": "{0} cannot be null or empty.",
"common.validation.absolute_uri": "{0} must be an absolute URI.",
"common.validation.invalid_regex": "{0} '{1}' is not a valid regular expression.",
"common.validation.unknown_value": "{0} '{1}' is not recognized. Allowed values: {2}",
"common.validation.max_exceeded": "{0} must be {1} characters or fewer.",
"common.actions.save": "Save",
"common.actions.cancel": "Cancel",
"common.actions.delete": "Delete",
"common.actions.confirm": "Confirm",
"common.actions.submit": "Submit",
"common.actions.close": "Close",
"common.actions.retry": "Retry",
"common.actions.expand": "Expand",
"common.actions.collapse": "Collapse",
"common.actions.show_more": "Show more",
"common.actions.show_less": "Show less",
"common.status.healthy": "Healthy",
"common.status.degraded": "Degraded",
"common.status.unavailable": "Unavailable",
"common.status.unknown": "Unknown",
"common.status.active": "Active",
"common.status.inactive": "Inactive",
"common.status.pending": "Pending",
"common.status.running": "Running",
"common.status.completed": "Completed",
"common.status.failed": "Failed",
"common.status.canceled": "Canceled",
"common.status.blocked": "Blocked",
"common.severity.critical": "Critical",
"common.severity.high": "High",
"common.severity.medium": "Medium",
"common.severity.low": "Low",
"common.severity.info": "Info",
"common.severity.none": "None",
"common.time.seconds_ago": "{0} seconds ago",
"common.time.minutes_ago": "{0} minutes ago",
"common.time.hours_ago": "{0} hours ago",
"common.time.days_ago": "{0} days ago",
"common.time.just_now": "Just now",
"common.ui.loading": "Loading...",
"common.ui.saving": "Saving...",
"common.ui.deleting": "Deleting...",
"common.ui.submitting": "Submitting...",
"common.ui.no_results": "No results found.",
"common.ui.offline": "You are offline.",
"common.ui.reconnecting": "Reconnecting...",
"common.ui.back_online": "Back online.",
"auth.dpop.proof_lifetime_invalid": "DPoP proof lifetime must be greater than zero.",
"auth.dpop.clock_skew_invalid": "DPoP allowed clock skew must be between 0 seconds and 5 minutes.",
"auth.dpop.replay_window_invalid": "DPoP replay window must be greater than or equal to zero.",
"auth.dpop.algorithm_required": "At least one allowed DPoP algorithm must be configured.",
"auth.dpop.algorithm_empty_after_normalization": "Allowed DPoP algorithms cannot be empty after normalization.",
"auth.dpop.options_required": "DPoP options must be provided.",
"auth.dpop.nonce_ttl_invalid": "Nonce TTL must be greater than zero.",
"auth.dpop.nonce_max_issuance_invalid": "Max issuance per minute must be at least 1.",
"auth.dpop.nonce_store_required": "Dpop.Nonce.Store must be specified.",
"auth.dpop.nonce_store_invalid": "Dpop.Nonce.Store must be either 'memory' or 'redis'.",
"auth.dpop.nonce_redis_required": "Dpop.Nonce.RedisConnectionString must be provided when using the 'redis' store.",
"auth.dpop.nonce_audiences_required": "Dpop.Nonce.RequiredAudiences must include at least one audience.",
"auth.dpop.token_three_segments": "Token must contain three segments.",
"auth.dpop.segment_out_of_range": "Segment index out of range.",
"auth.dpop.header_decode_failed": "Unable to decode header.",
"auth.dpop.header_missing_typ": "DPoP proof missing typ=dpop+jwt header.",
"auth.dpop.header_missing_alg": "DPoP proof missing alg header.",
"auth.dpop.header_unsupported_alg": "Unsupported DPoP algorithm.",
"auth.dpop.header_missing_jwk": "DPoP proof missing jwk header.",
"auth.dpop.header_invalid_jwk": "DPoP proof jwk header is invalid.",
"auth.dpop.payload_decode_failed": "Unable to decode payload.",
"auth.dpop.payload_missing_htm": "DPoP proof missing htm claim.",
"auth.dpop.payload_htm_mismatch": "DPoP htm does not match request method.",
"auth.dpop.payload_missing_htu": "DPoP proof missing htu claim.",
"auth.dpop.payload_htu_mismatch": "DPoP htu does not match request URI.",
"auth.dpop.payload_missing_iat": "DPoP proof missing iat claim.",
"auth.dpop.payload_missing_jti": "DPoP proof missing jti claim.",
"auth.dpop.payload_iat_invalid": "DPoP proof iat claim is not a valid number.",
"auth.dpop.nonce_missing": "DPoP proof missing nonce claim.",
"auth.dpop.nonce_mismatch": "DPoP nonce mismatch.",
"auth.dpop.proof_future": "DPoP proof issued in the future.",
"auth.dpop.proof_expired": "DPoP proof expired.",
"auth.dpop.signature_failed": "DPoP proof signature validation failed.",
"auth.dpop.replay_detected": "DPoP proof already used.",
"config.authority.schema_version_required": "Authority configuration requires a positive schemaVersion.",
"config.authority.issuer_required": "Authority configuration requires an issuer URL.",
"config.authority.issuer_absolute": "Authority issuer must be an absolute URI.",
"config.authority.issuer_https": "Authority issuer must use HTTPS unless running on a loopback interface.",
"config.authority.duplicate_tenant": "Authority configuration contains duplicate tenant identifier '{0}'.",
"config.authority.property_greater_than_zero": "Authority configuration requires {0} to be greater than zero.",
"config.authority.property_max": "Authority configuration requires {0} to be less than or equal to {1}.",
"config.authority.remote_inference_required": "Authority configuration requires at least one advisory AI remote inference profile when remote inference is enabled.",
"config.tenant.id_required": "Each tenant requires an id (slug).",
"config.tenant.id_format": "Tenant id '{0}' must contain only lowercase letters, digits, and hyphen.",
"config.tenant.project_format": "Tenant '{0}' defines project '{1}' which must contain only lowercase letters, digits, and hyphen.",
"config.tenant.role_missing_config": "Tenant '{0}' defines role '{1}' without configuration.",
"config.tenant.role_scope_required": "Tenant '{0}' role '{1}' must specify at least one scope.",
"config.tenant.role_unknown_scope": "Tenant '{0}' role '{1}' references unknown scope '{2}'.",
"config.tenant.role_unsupported_attribute": "Tenant '{0}' role '{1}' defines unsupported attribute '{2}'. Allowed attributes: env, owner, business_tier.",
"config.tenant.delegation_max_tokens": "Tenant '{0}' delegation maxActiveTokens must be greater than zero when specified.",
"config.tenant.remote_inference_disabled": "Tenant remote inference consent cannot be granted when remote inference is disabled.",
"config.tenant.remote_inference_consent_version_length": "Tenant remote inference consentVersion must be {0} characters or fewer.",
"config.tenant.remote_inference_consented_by_length": "Tenant remote inference consentedBy must be {0} characters or fewer.",
"config.tenant.remote_inference_consent_version_required": "Tenant remote inference consent requires consentVersion when consentGranted is true.",
"config.tenant.remote_inference_consented_at_required": "Tenant remote inference consent requires consentedAt when consentGranted is true.",
"config.service_account.id_required": "Delegation service account seeds require an accountId.",
"config.service_account.id_format": "Service account id '{0}' must contain lowercase letters, digits, colon, underscore, or hyphen.",
"config.service_account.tenant_required": "Service account '{0}' requires a tenant assignment.",
"config.service_account.tenant_unknown": "Service account '{0}' references unknown tenant '{1}'.",
"config.service_account.scope_required": "Service account '{0}' must specify at least one allowed scope.",
"config.service_account.unsupported_attribute": "Service account '{0}' defines unsupported attribute '{1}'. Allowed attributes: env, owner, business_tier.",
"config.plugin.assembly_required": "Authority plugin '{0}' must define either assemblyName or assemblyPath.",
"config.plugin.config_file_required": "Authority plugin '{0}' must define a configFile.",
"config.plugin.config_file_missing": "Authority plugin '{0}' specifies configFile '{1}' which does not exist.",
"config.plugin.unknown_capability": "Authority plugin '{0}' declares unknown capability '{1}'. Allowed values: password, mfa, clientProvisioning, bootstrap.",
"config.plugin.descriptor_null": "Authority plugin descriptor '{0}' is null.",
"config.delegation.duplicate_account": "Delegation configuration contains duplicate service account id '{0}'.",
"config.delegation.quota_max_tokens": "Authority delegation configuration requires {0}.MaxActiveTokens to be greater than zero.",
"config.mtls.rotation_grace_negative": "Mtls.RotationGrace must be non-negative.",
"config.mtls.audiences_required": "Mtls.EnforceForAudiences must include at least one audience when enabled.",
"config.mtls.ca_empty": "Mtls.AllowedCertificateAuthorities entries must not be empty.",
"config.mtls.san_types_required": "Mtls.AllowedSanTypes must include at least one entry when enabled.",
"config.mtls.subject_patterns_empty": "Mtls.AllowedSubjectPatterns entries must not be empty.",
"config.mtls.subject_pattern_invalid": "Mtls.AllowedSubjectPatterns entry '{0}' is not a valid regular expression.",
"config.signing.key_id_required": "Authority signing configuration requires signing.activeKeyId.",
"config.signing.key_path_required": "Authority signing configuration requires signing.keyPath.",
"config.signing.jwks_cache_range": "Authority signing configuration requires signing.jwksCacheLifetime to be between 00:00:01 and 01:00:00.",
"config.signing.additional_key_id_required": "Additional signing keys require a keyId.",
"config.signing.additional_key_path_required": "Signing key '{0}' requires a path.",
"config.bootstrap.api_key_required": "Authority bootstrap configuration requires an API key when enabled.",
"config.bootstrap.idp_required": "Authority bootstrap configuration requires a default identity provider name when enabled.",
"config.rate_limit.permit_limit": "Authority rate limiting '{0}' requires permitLimit to be greater than zero.",
"config.rate_limit.queue_limit": "Authority rate limiting '{0}' queueLimit cannot be negative.",
"config.rate_limit.window": "Authority rate limiting '{0}' window must be greater than zero and no more than one hour.",
"config.storage.connection_required": "Authority storage requires a connection string.",
"config.storage.timeout_invalid": "Authority storage command timeout must be greater than zero.",
"config.ack_token.payload_type_required": "notifications.ackTokens.payloadType must be specified when ack tokens are enabled.",
"config.ack_token.default_lifetime_invalid": "notifications.ackTokens.defaultLifetime must be greater than zero.",
"config.ack_token.max_lifetime_invalid": "notifications.ackTokens.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.ack_token.key_id_required": "notifications.ackTokens.activeKeyId must be provided when ack tokens are enabled.",
"config.ack_token.key_path_required": "notifications.ackTokens.keyPath must be provided when ack tokens are enabled.",
"config.ack_token.jwks_cache_range": "notifications.ackTokens.jwksCacheLifetime must be between 00:00:01 and 01:00:00.",
"config.exceptions.null_template": "Authority exception routing template entries must not be null.",
"config.exceptions.duplicate_template": "Authority exception routing template '{0}' is configured more than once.",
"config.exceptions.template_id_required": "Authority exception routing templates require an id.",
"config.exceptions.template_route_required": "Authority exception routing template '{0}' requires authorityRouteId.",
"config.sealed_mode.evidence_path_required": "AirGap.SealedMode.EvidencePath must be provided when enforcement is enabled.",
"config.sealed_mode.max_age_range": "AirGap.SealedMode.MaxEvidenceAge must be between 00:00:01 and 7.00:00:00.",
"config.sealed_mode.cache_lifetime_range": "AirGap.SealedMode.CacheLifetime must be greater than zero and less than or equal to AirGap.SealedMode.MaxEvidenceAge.",
"config.webhook.hosts_required": "notifications.webhooks.allowedHosts must include at least one host when enabled.",
"config.escalation.scope_required": "notifications.escalation.scope must be specified.",
"config.anti_forgery.audience_required": "vulnerabilityExplorer.workflow.antiForgery.audience must be specified when anti-forgery tokens are enabled.",
"config.anti_forgery.default_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.defaultLifetime must be greater than zero.",
"config.anti_forgery.max_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.anti_forgery.max_context_entries": "vulnerabilityExplorer.workflow.antiForgery.maxContextEntries must be non-negative.",
"config.anti_forgery.max_context_value_length": "vulnerabilityExplorer.workflow.antiForgery.maxContextValueLength must be greater than zero.",
"config.attachment.default_lifetime_invalid": "vulnerabilityExplorer.attachments.defaultLifetime must be greater than zero when attachment tokens are enabled.",
"config.attachment.max_lifetime_invalid": "vulnerabilityExplorer.attachments.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.attachment.payload_type_required": "vulnerabilityExplorer.attachments.payloadType must be specified when attachment tokens are enabled.",
"config.attachment.max_metadata_entries": "vulnerabilityExplorer.attachments.maxMetadataEntries must be non-negative.",
"config.attachment.max_metadata_value_length": "vulnerabilityExplorer.attachments.maxMetadataValueLength must be greater than zero.",
"config.api_lifecycle.sunset_after_deprecation": "Legacy auth sunset date must be after the deprecation date.",
"config.api_lifecycle.docs_url_format": "Legacy auth documentation URL must be an absolute HTTP or HTTPS URL.",
"crypto.provider.algorithm_not_supported": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.hash_not_supported": "Hash algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.verify_not_supported": "Verification algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.key_not_registered": "Signing key '{0}' is not registered with provider '{1}'.",
"crypto.provider.key_algorithm_mismatch": "Signing key '{0}' is registered for algorithm '{1}', not '{2}'.",
"crypto.provider.ec_keys_only": "Provider '{0}' only accepts EC signing keys.",
"crypto.provider.no_password_hashing": "Provider '{0}' does not expose password hashing capabilities.",
"crypto.provider.no_content_hashing": "Provider '{0}' does not support content hashing.",
"crypto.provider.no_ephemeral_verification": "Provider '{0}' does not support ephemeral verification.",
"crypto.provider.not_signing_capable": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.es256_only": "Only ES256 signing keys are currently supported by provider '{0}'.",
"crypto.provider.p256_required": "ES256 signing keys must use the NIST P-256 curve.",
"crypto.provider.curve_mismatch": "Signing key curve mismatch. Expected curve '{0}' for algorithm '{1}'.",
"crypto.registry.empty": "At least one crypto provider must be registered.",
"crypto.registry.algorithm_required": "Algorithm identifier is required.",
"crypto.registry.signing_not_supported": "Signing algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.hash_not_supported": "Hash algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.verify_not_supported": "Verification algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.active_profile_required": "Active profile is required.",
"crypto.registry.profile_not_found": "Profile ID '{0}' is not found in the registry.",
"crypto.registry.profile_id_required": "Profile ID cannot be null or empty.",
"crypto.key.algorithm_required": "Algorithm identifier is required.",
"crypto.key.private_scalar_required": "Private key parameters must include the scalar component.",
"crypto.key.verification_only": "This constructor is only for verification-only keys. Set verificationOnly to true.",
"crypto.key.public_xy_required": "Public key parameters must include X and Y coordinates.",
"crypto.key.private_material_required": "Private key material must be provided.",
"crypto.hash.algorithm_unsupported": "Unsupported hash algorithm '{0}'.",
"crypto.hash.purpose_required": "Purpose cannot be null or empty.",
"crypto.hmac.algorithm_unknown": "Unknown HMAC algorithm '{0}'.",
"crypto.hmac.algorithm_unsupported": "Unsupported HMAC algorithm '{0}'.",
"crypto.ecdsa.algorithm_unsupported": "Unsupported ECDSA signing algorithm '{0}'.",
"crypto.ecdsa.curve_unsupported": "Unsupported ECDSA curve mapping for algorithm '{0}'.",
"crypto.digest.required": "Digest is required.",
"crypto.digest.prefix_required": "{0} must start with '{1}'.",
"crypto.digest.algorithm_unsupported": "Unsupported digest algorithm in '{0}'. Only sha256 is supported.",
"crypto.digest.hex_length": "{0} must contain {1} hexadecimal characters.",
"crypto.password.memory_cost_invalid": "Password hashing memory cost must be greater than zero.",
"crypto.password.iterations_invalid": "Password hashing iteration count must be greater than zero.",
"crypto.password.parallelism_invalid": "Password hashing parallelism must be greater than zero.",
"crypto.password.algorithm_mismatch": "{0} only supports the {1} algorithm.",
"crypto.password.pbkdf2_iterations": "PBKDF2 requires a positive iteration count.",
"crypto.gost.not_der": "Signature is not DER encoded.",
"crypto.gost.invalid_der": "Invalid DER structure for GOST signature.",
"crypto.gost.raw_length": "Raw GOST signature must be {0} bytes.",
"crypto.gost.neither_format": "Signature payload is neither DER nor raw GOST format.",
"crypto.gost.coordinate_overflow": "Coordinate exceeds expected length.",
"crypto.profile.unknown_purpose": "Unknown hash purpose '{0}' in profile '{1}'.",
"crypto.compliance.at_least_one_signing": "At least one signing algorithm must be supplied.",
"crypto.compliance.at_least_one_hash": "At least one hash algorithm must be supplied.",
"crypto.ed25519.private_key_size": "Ed25519 private key must be 32 or 64 bytes.",
"crypto.ed25519.public_key_size": "Ed25519 public key must be 32 bytes.",
"crypto.ed25519.no_hashing": "BouncyCastle Ed25519 provider does not expose hashing capabilities.",
"crypto.ed25519.raw_key_required": "Provider '{0}' requires raw Ed25519 private key material.",
"crypto.sm.no_password_hashing": "SM provider does not expose password hashing.",
"crypto.sm.raw_key_required": "SM2 provider requires raw private key bytes (PKCS#8 DER).",
"crypto.sm.unsupported_format": "Unsupported SM2 key format. Expect PEM or PKCS#8 DER.",
"crypto.sm.disabled": "Provider '{0}' is disabled. Set {1}=1 (or disable RequireEnvironmentGate) to enable software SM2/SM3.",
"crypto.di.registry_empty": "Crypto provider registry cannot be empty. Configure at least one provider for RU deployments.",
"crypto.di.ru_openssl_required": "Linux RU baseline requires provider 'ru.openssl.gost' (set STELLAOPS_CRYPTO_ENABLE_RU_OPENSSL=0 to override explicitly).",
"crypto.di.ru_provider_required": "RU Linux baseline is misconfigured: both ru.openssl.gost and ru.pkcs11 are disabled via environment. Enable at least one provider.",
"crypto.di.no_plugins_loaded": "No crypto providers were loaded. Check plugin configuration and manifest.",
"crypto.kms.rotation_via_policy": "{0} rotation must be orchestrated via {1} policies or schedules.",
"crypto.kms.revocation_via_policy": "{0} revocation must be managed through {1} APIs or console.",
"crypto.kms.public_key_missing_x": "Public key missing X coordinate.",
"crypto.kms.public_key_missing_y": "Public key missing Y coordinate.",
"crypto.kms.hash_failed": "Failed to hash payload with SHA-256.",
"crypto.kms.key_not_found": "Key '{0}' does not exist.",
"crypto.kms.key_revoked": "Key '{0}' has been revoked and cannot be rotated.",
"crypto.kms.key_revoked_signing": "Key '{0}' is revoked and cannot be used for signing.",
"crypto.kms.key_version_not_found": "Key version '{0}' does not exist for key '{1}'.",
"crypto.kms.key_no_active_version": "Key '{0}' does not have an active version.",
"crypto.kms.key_version_inactive": "Key version '{0}' is not active. Current state: {1}",
"crypto.kms.key_no_public_material": "Key '{0}' version '{1}' does not have public key material.",
"crypto.kms.algorithm_unsupported": "Algorithm '{0}' is not supported by the file KMS driver.",
"crypto.kms.curve_unsupported": "Curve '{0}' is not supported.",
"crypto.kms.metadata_failed": "Failed to create or load key metadata.",
"crypto.kms.algorithm_mismatch": "Algorithm mismatch. Expected '{0}', received '{1}'.",
"crypto.kms.version_exists": "Key version '{0}' already exists for key '{1}'.",
"crypto.kms.material_not_found": "Key material for version '{0}' was not found.",
"crypto.kms.envelope_deserialize_failed": "Key envelope could not be deserialized.",
"crypto.kms.payload_deserialize_failed": "Key payload could not be deserialized.",
"crypto.kms.pem_empty": "Public key PEM cannot be empty.",
"crypto.kms.no_primary_version": "Crypto key '{0}' does not have an active primary version.",
"crypto.kms.es256_only": "Provider '{0}' only supports ES256 signing keys.",
"crypto.kms.version_metadata_required": "KMS signing keys must include metadata entry 'kms.version'.",
"crypto.kms.missing_public_key": "KMS signing key is missing public key material.",
"crypto.fido2.curve_unsupported": "Unsupported FIDO2 curve OID '{0}'.",
"crypto.fido2.rotation_required": "FIDO2 credential rotation requires new enrolment.",
"crypto.fido2.revocation_relying_party": "FIDO2 credential revocation must be managed in the relying party.",
"crypto.fido2.missing_x": "FIDO2 public key missing X coordinate.",
"crypto.fido2.missing_y": "FIDO2 public key missing Y coordinate.",
"crypto.fido2.authenticator_required": "IFido2Authenticator must be registered to use FIDO2 KMS.",
"crypto.pkcs11.rotation_hsm": "PKCS#11 rotation requires HSM administrative tooling.",
"crypto.pkcs11.revocation_hsm": "PKCS#11 revocation must be handled by HSM policies.",
"crypto.pkcs11.slot_not_found": "Could not resolve PKCS#11 slot.",
"crypto.pkcs11.private_key_not_found": "PKCS#11 private key not found.",
"crypto.pkcs11.public_key_not_found": "PKCS#11 public key not found.",
"crypto.pkcs11.missing_ec_point": "Public key missing EC point.",
"crypto.pkcs11.missing_ec_params": "Public key missing EC parameters.",
"crypto.pkcs11.unsupported_point_format": "Unsupported EC point format.",
"crypto.pkcs11.curve_oid_unsupported": "Unsupported EC curve OID '{0}'.",
"crypto.pkcs11.curve_unsupported": "Unsupported EC curve '{0}'.",
"common.provcache.sbom_hash_required": "SBOM hash cannot be null or empty.",
"common.provcache.fetch_url_absolute": "Lazy fetch base URL must be absolute.",
"common.provcache.fetch_url_no_userinfo": "Lazy fetch base URL must not include user info.",
"common.provcache.fetch_url_host_required": "Lazy fetch base URL must include a host.",
"common.provcache.fetch_url_scheme_invalid": "Lazy fetch base URL scheme '{0}' is not allowed.",
"common.provcache.fetch_url_host_invalid": "Lazy fetch base URL host '{0}' is not allowlisted.",
"common.provcache.no_chunks_provided": "No chunks provided.",
"common.provcache.bundle_deserialize_failed": "Failed to deserialize bundle.",
"common.provcache.signer_not_configured": "Signer is not configured.",
"common.provcache.signing_requested_no_signer": "Signing requested but no signer is configured.",
"common.provcache.cache_entry_not_found": "Cache entry not found for VeriKey: {0}",
"common.provcache.chunk_manifest_not_found": "Chunk manifest not found for proof root: {0}",
"common.provcache.http_timeout_invalid": "Lazy fetch HTTP timeout must be a positive, non-infinite duration.",
"common.provcache.http_base_address_required": "HttpChunkFetcher requires a BaseAddress on the HTTP client.",
"common.provcache.merkle_root_mismatch": "Merkle root mismatch. Expected: {0}, Computed: {1}",
"common.provcache.chunk_verification_failed": "Chunk {0} verification failed. Expected hash: {1}",
"common.provcache.artifact_reference_required": "Artifact reference is required.",
"common.provcache.artifact_digest_required": "Artifact digest is required.",
"common.provcache.decision_digest_required": "DecisionDigest is required.",
"common.provcache.decision_digest_verikey_required": "DecisionDigest.VeriKey is required.",
"common.provcache.digest_empty": "Digest cannot be empty.",
"common.provcache.time_window_required": "Time window cannot be null or empty.",
"common.provcache.vex_hash_required": "VEX hash set hash cannot be null or empty.",
"common.provcache.policy_hash_required": "Policy hash cannot be null or empty.",
"common.provcache.source_hash_required": "Source hash cannot be null or empty.",
"common.provcache.signer_set_hash_required": "Signer set hash cannot be null or empty.",
"common.evidence.toolchain_required": "ToolChain must be set before building index.",
"common.evidence.deserialization_failed": "Failed to deserialize evidence index.",
"common.evidence.verdict_deserialization_failed": "Failed to deserialize verdict.",
"common.evidence.inputs_json_required": "JSON cannot be null or empty.",
"common.evidence.inputs_deserialization_failed": "Failed to deserialize pinned scoring inputs.",
"common.evidence.bundle_alert_id_required": "AlertId is required",
"common.evidence.bundle_artifact_id_required": "ArtifactId is required",
"common.evidence.pdf_export_requires_config": "PDF export requires additional configuration",
"common.evidence.invalid_uri_format": "Invalid evidence URI format: {0}. Expected stella://type/path",
"common.evidence.invalid_uri_missing_path": "Invalid evidence URI format: {0}. Missing path.",
"common.evidence.null_resolver_cannot_resolve": "NullTypeResolver cannot resolve evidence type: {0}",
"common.evidence.schema_resource_not_found": "Schema resource not found: {0}",
"common.evidence.schema_resource_not_available": "Schema resource not available: {0}",
"common.evidence.provenance_deserialize_failed": "Failed to deserialize provenance for evidence {0}",
"common.evidence.bundle_deserialize_failed": "Failed to deserialize verdict bundle",
"common.evidence.delta_verdict_deserialize_failed": "Failed to deserialize delta verdict",
"common.canonicalization.value_empty_after_trim": "Value must not be empty after trimming.",
"common.canonicalization.deserialize_failed": "Failed to deserialize {0}",
"common.canonicalization.datetime_value_null": "DateTimeOffset value is null.",
"common.canonicalization.dict_key_null": "Dictionary key cannot be null.",
"common.audit.replay_token_value_empty": "Token value cannot be empty.",
"common.audit.replay_token_empty": "Token cannot be empty.",
"common.audit.replay_token_format_invalid": "Invalid replay token format: {0}",
"common.audit.replay_token_version_invalid": "Invalid replay token version: {0}",
"common.audit.replay_token_expiration_invalid": "Invalid expiration timestamp in replay token: {0}",
"common.audit.replay_token_duplicate_context_key": "AdditionalContext contains duplicate key after normalization: '{0}'.",
"common.artifact.uri_format_invalid": "Invalid URI format: {0}",
"common.artifact.uri_scheme_not_supported": "URI scheme not supported: {0}",
"common.artifact.file_not_accessible": "File not accessible: {0}",
"common.artifact.file_too_large": "File too large: {0} bytes exceeds 100MB limit",
"common.artifact.uri_not_accessible": "URI not accessible: {0} returned {1}",
"common.artifact.content_too_large": "Content too large: {0} bytes exceeds 100MB limit",
"common.artifact.fetch_failed": "Failed to fetch from {0}: {1}",
"common.delta_verdict.artifact_ref_required": "Artifact reference is required.",
"common.delta_verdict.unsupported_signing_algorithm": "Unsupported signing algorithm: {0}",
"common.delta_verdict.hmac_secret_required": "HMAC signing requires a base64 secret.",
"common.eventing.no_entry_assembly": "No entry assembly found",
"auth.persistence.deserialize_inputs_failed": "Failed to deserialize inputs",
"auth.persistence.deserialize_result_failed": "Failed to deserialize result",
"auth.persistence.revocation_sequence_mismatch": "Revocation export sequence mismatch. Expected {0}, current {1}.",
"auth.persistence.revocation_update_rejected": "Revocation export state update rejected. Expected sequence {0}."
}

367
src/__Libraries/StellaOps.Localization/Translations/de-DE.common.json Normal file
View File

@@ -0,0 +1,367 @@
{
"_meta": {
"locale": "de-DE",
"namespace": "common",
"version": "1.0"
},
"common.error.generic": "Something went wrong.",
"common.error.not_found": "Die angeforderte Ressource wurde nicht gefunden.",
"common.error.entity_not_found": "{0} \u0027{1}\u0027 not found.",
"common.error.unauthorized": "Sie sind nicht berechtigt, diese Aktion auszufuehren.",
"common.error.forbidden": "Access denied.",
"common.error.bad_request": "The request is invalid.",
"common.error.conflict": "A conflict occurred. The resource may have been modified.",
"common.error.timeout": "Request timed out after {0} seconds.",
"common.error.server_error": "Ein interner Serverfehler ist aufgetreten. Bitte spaeter erneut versuchen.",
"common.error.service_unavailable": "The service is temporarily unavailable.",
"common.error.too_many_requests": "Zu viele Anfragen. Bitte warten und erneut versuchen.",
"common.error.network": "Network error. Check your connection.",
"common.error.body_required": "Anfrageinhalt ist erforderlich.",
"common.error.deserialization_failed": "Failed to deserialize {0}.",
"common.error.not_supported": "{0} is not supported.",
"common.error.already_exists": "{0} \u0027{1}\u0027 already exists.",
"common.error.revoked": "{0} \u0027{1}\u0027 has been revoked and cannot be used.",
"common.error.state_invalid": "{0} \u0027{1}\u0027 is not in the expected state. Current state: {2}",
"common.validation.required": "{0} is required.",
"common.validation.invalid": "{0} is invalid.",
"common.validation.too_long": "{0} exceeds the maximum length of {1} characters.",
"common.validation.too_short": "{0} must be at least {1} characters.",
"common.validation.out_of_range": "{0} must be between {1} and {2}.",
"common.validation.invalid_format": "{0} has an invalid format.",
"common.validation.duplicate": "{0} already exists.",
"common.validation.empty_not_allowed": "{0} must not be empty.",
"common.validation.empty_after_trim": "{0} must not be empty after trimming.",
"common.validation.greater_than_zero": "{0} must be greater than zero.",
"common.validation.non_negative": "{0} must be non-negative.",
"common.validation.at_least_one": "At least one {0} must be configured.",
"common.validation.at_least_n": "{0} must have at least {1} entries.",
"common.validation.null_or_empty": "{0} cannot be null or empty.",
"common.validation.absolute_uri": "{0} must be an absolute URI.",
"common.validation.invalid_regex": "{0} \u0027{1}\u0027 is not a valid regular expression.",
"common.validation.unknown_value": "{0} \u0027{1}\u0027 is not recognized. Allowed values: {2}",
"common.validation.max_exceeded": "{0} must be {1} characters or fewer.",
"common.actions.save": "Save",
"common.actions.cancel": "Cancel",
"common.actions.delete": "Delete",
"common.actions.confirm": "Confirm",
"common.actions.submit": "Submit",
"common.actions.close": "Close",
"common.actions.retry": "Retry",
"common.actions.expand": "Expand",
"common.actions.collapse": "Collapse",
"common.actions.show_more": "Show more",
"common.actions.show_less": "Show less",
"common.status.healthy": "Healthy",
"common.status.degraded": "Degraded",
"common.status.unavailable": "Unavailable",
"common.status.unknown": "Unknown",
"common.status.active": "Active",
"common.status.inactive": "Inactive",
"common.status.pending": "Pending",
"common.status.running": "Running",
"common.status.completed": "Completed",
"common.status.failed": "Failed",
"common.status.canceled": "Canceled",
"common.status.blocked": "Blocked",
"common.severity.critical": "Critical",
"common.severity.high": "High",
"common.severity.medium": "Medium",
"common.severity.low": "Low",
"common.severity.info": "Info",
"common.severity.none": "None",
"common.time.seconds_ago": "{0} seconds ago",
"common.time.minutes_ago": "{0} minutes ago",
"common.time.hours_ago": "{0} hours ago",
"common.time.days_ago": "{0} days ago",
"common.time.just_now": "Just now",
"common.ui.loading": "Loading...",
"common.ui.saving": "Saving...",
"common.ui.deleting": "Deleting...",
"common.ui.submitting": "Submitting...",
"common.ui.no_results": "No results found.",
"common.ui.offline": "You are offline.",
"common.ui.reconnecting": "Reconnecting...",
"common.ui.back_online": "Back online.",
"auth.dpop.proof_lifetime_invalid": "DPoP proof lifetime must be greater than zero.",
"auth.dpop.clock_skew_invalid": "DPoP allowed clock skew must be between 0 seconds and 5 minutes.",
"auth.dpop.replay_window_invalid": "DPoP replay window must be greater than or equal to zero.",
"auth.dpop.algorithm_required": "At least one allowed DPoP algorithm must be configured.",
"auth.dpop.algorithm_empty_after_normalization": "Allowed DPoP algorithms cannot be empty after normalization.",
"auth.dpop.options_required": "DPoP options must be provided.",
"auth.dpop.nonce_ttl_invalid": "Nonce TTL must be greater than zero.",
"auth.dpop.nonce_max_issuance_invalid": "Max issuance per minute must be at least 1.",
"auth.dpop.nonce_store_required": "Dpop.Nonce.Store must be specified.",
"auth.dpop.nonce_store_invalid": "Dpop.Nonce.Store must be either \u0027memory\u0027 or \u0027redis\u0027.",
"auth.dpop.nonce_redis_required": "Dpop.Nonce.RedisConnectionString must be provided when using the \u0027redis\u0027 store.",
"auth.dpop.nonce_audiences_required": "Dpop.Nonce.RequiredAudiences must include at least one audience.",
"auth.dpop.token_three_segments": "Token must contain three segments.",
"auth.dpop.segment_out_of_range": "Segment index out of range.",
"auth.dpop.header_decode_failed": "Unable to decode header.",
"auth.dpop.header_missing_typ": "DPoP proof missing typ=dpop+jwt header.",
"auth.dpop.header_missing_alg": "DPoP proof missing alg header.",
"auth.dpop.header_unsupported_alg": "Unsupported DPoP algorithm.",
"auth.dpop.header_missing_jwk": "DPoP proof missing jwk header.",
"auth.dpop.header_invalid_jwk": "DPoP proof jwk header is invalid.",
"auth.dpop.payload_decode_failed": "Unable to decode payload.",
"auth.dpop.payload_missing_htm": "DPoP proof missing htm claim.",
"auth.dpop.payload_htm_mismatch": "DPoP htm does not match request method.",
"auth.dpop.payload_missing_htu": "DPoP proof missing htu claim.",
"auth.dpop.payload_htu_mismatch": "DPoP htu does not match request URI.",
"auth.dpop.payload_missing_iat": "DPoP proof missing iat claim.",
"auth.dpop.payload_missing_jti": "DPoP proof missing jti claim.",
"auth.dpop.payload_iat_invalid": "DPoP proof iat claim is not a valid number.",
"auth.dpop.nonce_missing": "DPoP proof missing nonce claim.",
"auth.dpop.nonce_mismatch": "DPoP nonce mismatch.",
"auth.dpop.proof_future": "DPoP proof issued in the future.",
"auth.dpop.proof_expired": "DPoP proof expired.",
"auth.dpop.signature_failed": "DPoP proof signature validation failed.",
"auth.dpop.replay_detected": "DPoP proof already used.",
"config.authority.schema_version_required": "Authority configuration requires a positive schemaVersion.",
"config.authority.issuer_required": "Authority configuration requires an issuer URL.",
"config.authority.issuer_absolute": "Authority issuer must be an absolute URI.",
"config.authority.issuer_https": "Authority issuer must use HTTPS unless running on a loopback interface.",
"config.authority.duplicate_tenant": "Authority configuration contains duplicate tenant identifier \u0027{0}\u0027.",
"config.authority.property_greater_than_zero": "Authority configuration requires {0} to be greater than zero.",
"config.authority.property_max": "Authority configuration requires {0} to be less than or equal to {1}.",
"config.authority.remote_inference_required": "Authority configuration requires at least one advisory AI remote inference profile when remote inference is enabled.",
"config.tenant.id_required": "Each tenant requires an id (slug).",
"config.tenant.id_format": "Tenant id \u0027{0}\u0027 must contain only lowercase letters, digits, and hyphen.",
"config.tenant.project_format": "Tenant \u0027{0}\u0027 defines project \u0027{1}\u0027 which must contain only lowercase letters, digits, and hyphen.",
"config.tenant.role_missing_config": "Tenant \u0027{0}\u0027 defines role \u0027{1}\u0027 without configuration.",
"config.tenant.role_scope_required": "Tenant \u0027{0}\u0027 role \u0027{1}\u0027 must specify at least one scope.",
"config.tenant.role_unknown_scope": "Tenant \u0027{0}\u0027 role \u0027{1}\u0027 references unknown scope \u0027{2}\u0027.",
"config.tenant.role_unsupported_attribute": "Tenant \u0027{0}\u0027 role \u0027{1}\u0027 defines unsupported attribute \u0027{2}\u0027. Allowed attributes: env, owner, business_tier.",
"config.tenant.delegation_max_tokens": "Tenant \u0027{0}\u0027 delegation maxActiveTokens must be greater than zero when specified.",
"config.tenant.remote_inference_disabled": "Tenant remote inference consent cannot be granted when remote inference is disabled.",
"config.tenant.remote_inference_consent_version_length": "Tenant remote inference consentVersion must be {0} characters or fewer.",
"config.tenant.remote_inference_consented_by_length": "Tenant remote inference consentedBy must be {0} characters or fewer.",
"config.tenant.remote_inference_consent_version_required": "Tenant remote inference consent requires consentVersion when consentGranted is true.",
"config.tenant.remote_inference_consented_at_required": "Tenant remote inference consent requires consentedAt when consentGranted is true.",
"config.service_account.id_required": "Delegation service account seeds require an accountId.",
"config.service_account.id_format": "Service account id \u0027{0}\u0027 must contain lowercase letters, digits, colon, underscore, or hyphen.",
"config.service_account.tenant_required": "Service account \u0027{0}\u0027 requires a tenant assignment.",
"config.service_account.tenant_unknown": "Service account \u0027{0}\u0027 references unknown tenant \u0027{1}\u0027.",
"config.service_account.scope_required": "Service account \u0027{0}\u0027 must specify at least one allowed scope.",
"config.service_account.unsupported_attribute": "Service account \u0027{0}\u0027 defines unsupported attribute \u0027{1}\u0027. Allowed attributes: env, owner, business_tier.",
"config.plugin.assembly_required": "Authority plugin \u0027{0}\u0027 must define either assemblyName or assemblyPath.",
"config.plugin.config_file_required": "Authority plugin \u0027{0}\u0027 must define a configFile.",
"config.plugin.config_file_missing": "Authority plugin \u0027{0}\u0027 specifies configFile \u0027{1}\u0027 which does not exist.",
"config.plugin.unknown_capability": "Authority plugin \u0027{0}\u0027 declares unknown capability \u0027{1}\u0027. Allowed values: password, mfa, clientProvisioning, bootstrap.",
"config.plugin.descriptor_null": "Authority plugin descriptor \u0027{0}\u0027 is null.",
"config.delegation.duplicate_account": "Delegation configuration contains duplicate service account id \u0027{0}\u0027.",
"config.delegation.quota_max_tokens": "Authority delegation configuration requires {0}.MaxActiveTokens to be greater than zero.",
"config.mtls.rotation_grace_negative": "Mtls.RotationGrace must be non-negative.",
"config.mtls.audiences_required": "Mtls.EnforceForAudiences must include at least one audience when enabled.",
"config.mtls.ca_empty": "Mtls.AllowedCertificateAuthorities entries must not be empty.",
"config.mtls.san_types_required": "Mtls.AllowedSanTypes must include at least one entry when enabled.",
"config.mtls.subject_patterns_empty": "Mtls.AllowedSubjectPatterns entries must not be empty.",
"config.mtls.subject_pattern_invalid": "Mtls.AllowedSubjectPatterns entry \u0027{0}\u0027 is not a valid regular expression.",
"config.signing.key_id_required": "Authority signing configuration requires signing.activeKeyId.",
"config.signing.key_path_required": "Authority signing configuration requires signing.keyPath.",
"config.signing.jwks_cache_range": "Authority signing configuration requires signing.jwksCacheLifetime to be between 00:00:01 and 01:00:00.",
"config.signing.additional_key_id_required": "Additional signing keys require a keyId.",
"config.signing.additional_key_path_required": "Signing key \u0027{0}\u0027 requires a path.",
"config.bootstrap.api_key_required": "Authority bootstrap configuration requires an API key when enabled.",
"config.bootstrap.idp_required": "Authority bootstrap configuration requires a default identity provider name when enabled.",
"config.rate_limit.permit_limit": "Authority rate limiting \u0027{0}\u0027 requires permitLimit to be greater than zero.",
"config.rate_limit.queue_limit": "Authority rate limiting \u0027{0}\u0027 queueLimit cannot be negative.",
"config.rate_limit.window": "Authority rate limiting \u0027{0}\u0027 window must be greater than zero and no more than one hour.",
"config.storage.connection_required": "Authority storage requires a connection string.",
"config.storage.timeout_invalid": "Authority storage command timeout must be greater than zero.",
"config.ack_token.payload_type_required": "notifications.ackTokens.payloadType must be specified when ack tokens are enabled.",
"config.ack_token.default_lifetime_invalid": "notifications.ackTokens.defaultLifetime must be greater than zero.",
"config.ack_token.max_lifetime_invalid": "notifications.ackTokens.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.ack_token.key_id_required": "notifications.ackTokens.activeKeyId must be provided when ack tokens are enabled.",
"config.ack_token.key_path_required": "notifications.ackTokens.keyPath must be provided when ack tokens are enabled.",
"config.ack_token.jwks_cache_range": "notifications.ackTokens.jwksCacheLifetime must be between 00:00:01 and 01:00:00.",
"config.exceptions.null_template": "Authority exception routing template entries must not be null.",
"config.exceptions.duplicate_template": "Authority exception routing template \u0027{0}\u0027 is configured more than once.",
"config.exceptions.template_id_required": "Authority exception routing templates require an id.",
"config.exceptions.template_route_required": "Authority exception routing template \u0027{0}\u0027 requires authorityRouteId.",
"config.sealed_mode.evidence_path_required": "AirGap.SealedMode.EvidencePath must be provided when enforcement is enabled.",
"config.sealed_mode.max_age_range": "AirGap.SealedMode.MaxEvidenceAge must be between 00:00:01 and 7.00:00:00.",
"config.sealed_mode.cache_lifetime_range": "AirGap.SealedMode.CacheLifetime must be greater than zero and less than or equal to AirGap.SealedMode.MaxEvidenceAge.",
"config.webhook.hosts_required": "notifications.webhooks.allowedHosts must include at least one host when enabled.",
"config.escalation.scope_required": "notifications.escalation.scope must be specified.",
"config.anti_forgery.audience_required": "vulnerabilityExplorer.workflow.antiForgery.audience must be specified when anti-forgery tokens are enabled.",
"config.anti_forgery.default_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.defaultLifetime must be greater than zero.",
"config.anti_forgery.max_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.anti_forgery.max_context_entries": "vulnerabilityExplorer.workflow.antiForgery.maxContextEntries must be non-negative.",
"config.anti_forgery.max_context_value_length": "vulnerabilityExplorer.workflow.antiForgery.maxContextValueLength must be greater than zero.",
"config.attachment.default_lifetime_invalid": "vulnerabilityExplorer.attachments.defaultLifetime must be greater than zero when attachment tokens are enabled.",
"config.attachment.max_lifetime_invalid": "vulnerabilityExplorer.attachments.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.attachment.payload_type_required": "vulnerabilityExplorer.attachments.payloadType must be specified when attachment tokens are enabled.",
"config.attachment.max_metadata_entries": "vulnerabilityExplorer.attachments.maxMetadataEntries must be non-negative.",
"config.attachment.max_metadata_value_length": "vulnerabilityExplorer.attachments.maxMetadataValueLength must be greater than zero.",
"config.api_lifecycle.sunset_after_deprecation": "Legacy auth sunset date must be after the deprecation date.",
"config.api_lifecycle.docs_url_format": "Legacy auth documentation URL must be an absolute HTTP or HTTPS URL.",
"crypto.provider.algorithm_not_supported": "Signing algorithm \u0027{0}\u0027 is not supported by provider \u0027{1}\u0027.",
"crypto.provider.hash_not_supported": "Hash algorithm \u0027{0}\u0027 is not supported by provider \u0027{1}\u0027.",
"crypto.provider.verify_not_supported": "Verification algorithm \u0027{0}\u0027 is not supported by provider \u0027{1}\u0027.",
"crypto.provider.key_not_registered": "Signing key \u0027{0}\u0027 is not registered with provider \u0027{1}\u0027.",
"crypto.provider.key_algorithm_mismatch": "Signing key \u0027{0}\u0027 is registered for algorithm \u0027{1}\u0027, not \u0027{2}\u0027.",
"crypto.provider.ec_keys_only": "Provider \u0027{0}\u0027 only accepts EC signing keys.",
"crypto.provider.no_password_hashing": "Provider \u0027{0}\u0027 does not expose password hashing capabilities.",
"crypto.provider.no_content_hashing": "Provider \u0027{0}\u0027 does not support content hashing.",
"crypto.provider.no_ephemeral_verification": "Provider \u0027{0}\u0027 does not support ephemeral verification.",
"crypto.provider.not_signing_capable": "Signing algorithm \u0027{0}\u0027 is not supported by provider \u0027{1}\u0027.",
"crypto.provider.es256_only": "Only ES256 signing keys are currently supported by provider \u0027{0}\u0027.",
"crypto.provider.p256_required": "ES256 signing keys must use the NIST P-256 curve.",
"crypto.provider.curve_mismatch": "Signing key curve mismatch. Expected curve \u0027{0}\u0027 for algorithm \u0027{1}\u0027.",
"crypto.registry.empty": "At least one crypto provider must be registered.",
"crypto.registry.algorithm_required": "Algorithm identifier is required.",
"crypto.registry.signing_not_supported": "Signing algorithm \u0027{0}\u0027 is not supported by any registered provider.",
"crypto.registry.hash_not_supported": "Hash algorithm \u0027{0}\u0027 is not supported by any registered provider.",
"crypto.registry.verify_not_supported": "Verification algorithm \u0027{0}\u0027 is not supported by any registered provider.",
"crypto.registry.active_profile_required": "Active profile is required.",
"crypto.registry.profile_not_found": "Profile ID \u0027{0}\u0027 is not found in the registry.",
"crypto.registry.profile_id_required": "Profile ID cannot be null or empty.",
"crypto.key.algorithm_required": "Algorithm identifier is required.",
"crypto.key.private_scalar_required": "Private key parameters must include the scalar component.",
"crypto.key.verification_only": "This constructor is only for verification-only keys. Set verificationOnly to true.",
"crypto.key.public_xy_required": "Public key parameters must include X and Y coordinates.",
"crypto.key.private_material_required": "Private key material must be provided.",
"crypto.hash.algorithm_unsupported": "Unsupported hash algorithm \u0027{0}\u0027.",
"crypto.hash.purpose_required": "Purpose cannot be null or empty.",
"crypto.hmac.algorithm_unknown": "Unknown HMAC algorithm \u0027{0}\u0027.",
"crypto.hmac.algorithm_unsupported": "Unsupported HMAC algorithm \u0027{0}\u0027.",
"crypto.ecdsa.algorithm_unsupported": "Unsupported ECDSA signing algorithm \u0027{0}\u0027.",
"crypto.ecdsa.curve_unsupported": "Unsupported ECDSA curve mapping for algorithm \u0027{0}\u0027.",
"crypto.digest.required": "Digest is required.",
"crypto.digest.prefix_required": "{0} must start with \u0027{1}\u0027.",
"crypto.digest.algorithm_unsupported": "Unsupported digest algorithm in \u0027{0}\u0027. Only sha256 is supported.",
"crypto.digest.hex_length": "{0} must contain {1} hexadecimal characters.",
"crypto.password.memory_cost_invalid": "Password hashing memory cost must be greater than zero.",
"crypto.password.iterations_invalid": "Password hashing iteration count must be greater than zero.",
"crypto.password.parallelism_invalid": "Password hashing parallelism must be greater than zero.",
"crypto.password.algorithm_mismatch": "{0} only supports the {1} algorithm.",
"crypto.password.pbkdf2_iterations": "PBKDF2 requires a positive iteration count.",
"crypto.gost.not_der": "Signature is not DER encoded.",
"crypto.gost.invalid_der": "Invalid DER structure for GOST signature.",
"crypto.gost.raw_length": "Raw GOST signature must be {0} bytes.",
"crypto.gost.neither_format": "Signature payload is neither DER nor raw GOST format.",
"crypto.gost.coordinate_overflow": "Coordinate exceeds expected length.",
"crypto.profile.unknown_purpose": "Unknown hash purpose \u0027{0}\u0027 in profile \u0027{1}\u0027.",
"crypto.compliance.at_least_one_signing": "At least one signing algorithm must be supplied.",
"crypto.compliance.at_least_one_hash": "At least one hash algorithm must be supplied.",
"crypto.ed25519.private_key_size": "Ed25519 private key must be 32 or 64 bytes.",
"crypto.ed25519.public_key_size": "Ed25519 public key must be 32 bytes.",
"crypto.ed25519.no_hashing": "BouncyCastle Ed25519 provider does not expose hashing capabilities.",
"crypto.ed25519.raw_key_required": "Provider \u0027{0}\u0027 requires raw Ed25519 private key material.",
"crypto.sm.no_password_hashing": "SM provider does not expose password hashing.",
"crypto.sm.raw_key_required": "SM2 provider requires raw private key bytes (PKCS#8 DER).",
"crypto.sm.unsupported_format": "Unsupported SM2 key format. Expect PEM or PKCS#8 DER.",
"crypto.sm.disabled": "Provider \u0027{0}\u0027 is disabled. Set {1}=1 (or disable RequireEnvironmentGate) to enable software SM2/SM3.",
"crypto.di.registry_empty": "Crypto provider registry cannot be empty. Configure at least one provider for RU deployments.",
"crypto.di.ru_openssl_required": "Linux RU baseline requires provider \u0027ru.openssl.gost\u0027 (set STELLAOPS_CRYPTO_ENABLE_RU_OPENSSL=0 to override explicitly).",
"crypto.di.ru_provider_required": "RU Linux baseline is misconfigured: both ru.openssl.gost and ru.pkcs11 are disabled via environment. Enable at least one provider.",
"crypto.di.no_plugins_loaded": "No crypto providers were loaded. Check plugin configuration and manifest.",
"crypto.kms.rotation_via_policy": "{0} rotation must be orchestrated via {1} policies or schedules.",
"crypto.kms.revocation_via_policy": "{0} revocation must be managed through {1} APIs or console.",
"crypto.kms.public_key_missing_x": "Public key missing X coordinate.",
"crypto.kms.public_key_missing_y": "Public key missing Y coordinate.",
"crypto.kms.hash_failed": "Failed to hash payload with SHA-256.",
"crypto.kms.key_not_found": "Key \u0027{0}\u0027 does not exist.",
"crypto.kms.key_revoked": "Key \u0027{0}\u0027 has been revoked and cannot be rotated.",
"crypto.kms.key_revoked_signing": "Key \u0027{0}\u0027 is revoked and cannot be used for signing.",
"crypto.kms.key_version_not_found": "Key version \u0027{0}\u0027 does not exist for key \u0027{1}\u0027.",
"crypto.kms.key_no_active_version": "Key \u0027{0}\u0027 does not have an active version.",
"crypto.kms.key_version_inactive": "Key version \u0027{0}\u0027 is not active. Current state: {1}",
"crypto.kms.key_no_public_material": "Key \u0027{0}\u0027 version \u0027{1}\u0027 does not have public key material.",
"crypto.kms.algorithm_unsupported": "Algorithm \u0027{0}\u0027 is not supported by the file KMS driver.",
"crypto.kms.curve_unsupported": "Curve \u0027{0}\u0027 is not supported.",
"crypto.kms.metadata_failed": "Failed to create or load key metadata.",
"crypto.kms.algorithm_mismatch": "Algorithm mismatch. Expected \u0027{0}\u0027, received \u0027{1}\u0027.",
"crypto.kms.version_exists": "Key version \u0027{0}\u0027 already exists for key \u0027{1}\u0027.",
"crypto.kms.material_not_found": "Key material for version \u0027{0}\u0027 was not found.",
"crypto.kms.envelope_deserialize_failed": "Key envelope could not be deserialized.",
"crypto.kms.payload_deserialize_failed": "Key payload could not be deserialized.",
"crypto.kms.pem_empty": "Public key PEM cannot be empty.",
"crypto.kms.no_primary_version": "Crypto key \u0027{0}\u0027 does not have an active primary version.",
"crypto.kms.es256_only": "Provider \u0027{0}\u0027 only supports ES256 signing keys.",
"crypto.kms.version_metadata_required": "KMS signing keys must include metadata entry \u0027kms.version\u0027.",
"crypto.kms.missing_public_key": "KMS signing key is missing public key material.",
"crypto.fido2.curve_unsupported": "Unsupported FIDO2 curve OID \u0027{0}\u0027.",
"crypto.fido2.rotation_required": "FIDO2 credential rotation requires new enrolment.",
"crypto.fido2.revocation_relying_party": "FIDO2 credential revocation must be managed in the relying party.",
"crypto.fido2.missing_x": "FIDO2 public key missing X coordinate.",
"crypto.fido2.missing_y": "FIDO2 public key missing Y coordinate.",
"crypto.fido2.authenticator_required": "IFido2Authenticator must be registered to use FIDO2 KMS.",
"crypto.pkcs11.rotation_hsm": "PKCS#11 rotation requires HSM administrative tooling.",
"crypto.pkcs11.revocation_hsm": "PKCS#11 revocation must be handled by HSM policies.",
"crypto.pkcs11.slot_not_found": "Could not resolve PKCS#11 slot.",
"crypto.pkcs11.private_key_not_found": "PKCS#11 private key not found.",
"crypto.pkcs11.public_key_not_found": "PKCS#11 public key not found.",
"crypto.pkcs11.missing_ec_point": "Public key missing EC point.",
"crypto.pkcs11.missing_ec_params": "Public key missing EC parameters.",
"crypto.pkcs11.unsupported_point_format": "Unsupported EC point format.",
"crypto.pkcs11.curve_oid_unsupported": "Unsupported EC curve OID \u0027{0}\u0027.",
"crypto.pkcs11.curve_unsupported": "Unsupported EC curve \u0027{0}\u0027.",
"common.provcache.sbom_hash_required": "SBOM hash cannot be null or empty.",
"common.provcache.fetch_url_absolute": "Lazy fetch base URL must be absolute.",
"common.provcache.fetch_url_no_userinfo": "Lazy fetch base URL must not include user info.",
"common.provcache.fetch_url_host_required": "Lazy fetch base URL must include a host.",
"common.provcache.fetch_url_scheme_invalid": "Lazy fetch base URL scheme \u0027{0}\u0027 is not allowed.",
"common.provcache.fetch_url_host_invalid": "Lazy fetch base URL host \u0027{0}\u0027 is not allowlisted.",
"common.provcache.no_chunks_provided": "No chunks provided.",
"common.provcache.bundle_deserialize_failed": "Failed to deserialize bundle.",
"common.provcache.signer_not_configured": "Signer is not configured.",
"common.provcache.signing_requested_no_signer": "Signing requested but no signer is configured.",
"common.provcache.cache_entry_not_found": "Cache entry not found for VeriKey: {0}",
"common.provcache.chunk_manifest_not_found": "Chunk manifest not found for proof root: {0}",
"common.provcache.http_timeout_invalid": "Lazy fetch HTTP timeout must be a positive, non-infinite duration.",
"common.provcache.http_base_address_required": "HttpChunkFetcher requires a BaseAddress on the HTTP client.",
"common.provcache.merkle_root_mismatch": "Merkle root mismatch. Expected: {0}, Computed: {1}",
"common.provcache.chunk_verification_failed": "Chunk {0} verification failed. Expected hash: {1}",
"common.provcache.artifact_reference_required": "Artifact reference is required.",
"common.provcache.artifact_digest_required": "Artifact digest is required.",
"common.provcache.decision_digest_required": "DecisionDigest is required.",
"common.provcache.decision_digest_verikey_required": "DecisionDigest.VeriKey is required.",
"common.provcache.digest_empty": "Digest cannot be empty.",
"common.provcache.time_window_required": "Time window cannot be null or empty.",
"common.provcache.vex_hash_required": "VEX hash set hash cannot be null or empty.",
"common.provcache.policy_hash_required": "Policy hash cannot be null or empty.",
"common.provcache.source_hash_required": "Source hash cannot be null or empty.",
"common.provcache.signer_set_hash_required": "Signer set hash cannot be null or empty.",
"common.evidence.toolchain_required": "ToolChain must be set before building index.",
"common.evidence.deserialization_failed": "Failed to deserialize evidence index.",
"common.evidence.verdict_deserialization_failed": "Failed to deserialize verdict.",
"common.evidence.inputs_json_required": "JSON cannot be null or empty.",
"common.evidence.inputs_deserialization_failed": "Failed to deserialize pinned scoring inputs.",
"common.evidence.bundle_alert_id_required": "AlertId is required",
"common.evidence.bundle_artifact_id_required": "ArtifactId is required",
"common.evidence.pdf_export_requires_config": "PDF export requires additional configuration",
"common.evidence.invalid_uri_format": "Invalid evidence URI format: {0}. Expected stella://type/path",
"common.evidence.invalid_uri_missing_path": "Invalid evidence URI format: {0}. Missing path.",
"common.evidence.null_resolver_cannot_resolve": "NullTypeResolver cannot resolve evidence type: {0}",
"common.evidence.schema_resource_not_found": "Schema resource not found: {0}",
"common.evidence.schema_resource_not_available": "Schema resource not available: {0}",
"common.evidence.provenance_deserialize_failed": "Failed to deserialize provenance for evidence {0}",
"common.evidence.bundle_deserialize_failed": "Failed to deserialize verdict bundle",
"common.evidence.delta_verdict_deserialize_failed": "Failed to deserialize delta verdict",
"common.canonicalization.value_empty_after_trim": "Value must not be empty after trimming.",
"common.canonicalization.deserialize_failed": "Failed to deserialize {0}",
"common.canonicalization.datetime_value_null": "DateTimeOffset value is null.",
"common.canonicalization.dict_key_null": "Dictionary key cannot be null.",
"common.audit.replay_token_value_empty": "Token value cannot be empty.",
"common.audit.replay_token_empty": "Token cannot be empty.",
"common.audit.replay_token_format_invalid": "Invalid replay token format: {0}",
"common.audit.replay_token_version_invalid": "Invalid replay token version: {0}",
"common.audit.replay_token_expiration_invalid": "Invalid expiration timestamp in replay token: {0}",
"common.audit.replay_token_duplicate_context_key": "AdditionalContext contains duplicate key after normalization: \u0027{0}\u0027.",
"common.artifact.uri_format_invalid": "Invalid URI format: {0}",
"common.artifact.uri_scheme_not_supported": "URI scheme not supported: {0}",
"common.artifact.file_not_accessible": "File not accessible: {0}",
"common.artifact.file_too_large": "File too large: {0} bytes exceeds 100MB limit",
"common.artifact.uri_not_accessible": "URI not accessible: {0} returned {1}",
"common.artifact.content_too_large": "Content too large: {0} bytes exceeds 100MB limit",
"common.artifact.fetch_failed": "Failed to fetch from {0}: {1}",
"common.delta_verdict.artifact_ref_required": "Artifact reference is required.",
"common.delta_verdict.unsupported_signing_algorithm": "Unsupported signing algorithm: {0}",
"common.delta_verdict.hmac_secret_required": "HMAC signing requires a base64 secret.",
"common.eventing.no_entry_assembly": "No entry assembly found",
"auth.persistence.deserialize_inputs_failed": "Failed to deserialize inputs",
"auth.persistence.deserialize_result_failed": "Failed to deserialize result",
"auth.persistence.revocation_sequence_mismatch": "Revocation export sequence mismatch. Expected {0}, current {1}.",
"auth.persistence.revocation_update_rejected": "Revocation export state update rejected. Expected sequence {0}."
}

411
src/__Libraries/StellaOps.Localization/Translations/en-US.common.json Normal file
View File

@@ -0,0 +1,411 @@
{
"_meta": { "locale": "en-US", "namespace": "common", "version": "1.1" },
"common.error.generic": "Something went wrong.",
"common.error.not_found": "The requested resource was not found.",
"common.error.entity_not_found": "{0} '{1}' not found.",
"common.error.unauthorized": "You do not have permission to perform this action.",
"common.error.forbidden": "Access denied.",
"common.error.bad_request": "The request is invalid.",
"common.error.conflict": "A conflict occurred. The resource may have been modified.",
"common.error.timeout": "Request timed out after {0} seconds.",
"common.error.server_error": "An internal server error occurred. Please try again later.",
"common.error.service_unavailable": "The service is temporarily unavailable.",
"common.error.too_many_requests": "Too many requests. Please wait and try again.",
"common.error.network": "Network error. Check your connection.",
"common.error.body_required": "Request body is required.",
"common.error.deserialization_failed": "Failed to deserialize {0}.",
"common.error.not_supported": "{0} is not supported.",
"common.error.already_exists": "{0} '{1}' already exists.",
"common.error.revoked": "{0} '{1}' has been revoked and cannot be used.",
"common.error.state_invalid": "{0} '{1}' is not in the expected state. Current state: {2}",
"common.validation.required": "{0} is required.",
"common.validation.invalid": "{0} is invalid.",
"common.validation.too_long": "{0} exceeds the maximum length of {1} characters.",
"common.validation.too_short": "{0} must be at least {1} characters.",
"common.validation.out_of_range": "{0} must be between {1} and {2}.",
"common.validation.invalid_format": "{0} has an invalid format.",
"common.validation.duplicate": "{0} already exists.",
"common.validation.empty_not_allowed": "{0} must not be empty.",
"common.validation.empty_after_trim": "{0} must not be empty after trimming.",
"common.validation.greater_than_zero": "{0} must be greater than zero.",
"common.validation.non_negative": "{0} must be non-negative.",
"common.validation.at_least_one": "At least one {0} must be configured.",
"common.validation.at_least_n": "{0} must have at least {1} entries.",
"common.validation.null_or_empty": "{0} cannot be null or empty.",
"common.validation.absolute_uri": "{0} must be an absolute URI.",
"common.validation.invalid_regex": "{0} '{1}' is not a valid regular expression.",
"common.validation.unknown_value": "{0} '{1}' is not recognized. Allowed values: {2}",
"common.validation.max_exceeded": "{0} must be {1} characters or fewer.",
"common.actions.save": "Save",
"common.actions.cancel": "Cancel",
"common.actions.delete": "Delete",
"common.actions.confirm": "Confirm",
"common.actions.submit": "Submit",
"common.actions.close": "Close",
"common.actions.retry": "Retry",
"common.actions.expand": "Expand",
"common.actions.collapse": "Collapse",
"common.actions.show_more": "Show more",
"common.actions.show_less": "Show less",
"common.status.healthy": "Healthy",
"common.status.degraded": "Degraded",
"common.status.unavailable": "Unavailable",
"common.status.unknown": "Unknown",
"common.status.active": "Active",
"common.status.inactive": "Inactive",
"common.status.pending": "Pending",
"common.status.running": "Running",
"common.status.completed": "Completed",
"common.status.failed": "Failed",
"common.status.canceled": "Canceled",
"common.status.blocked": "Blocked",
"common.severity.critical": "Critical",
"common.severity.high": "High",
"common.severity.medium": "Medium",
"common.severity.low": "Low",
"common.severity.info": "Info",
"common.severity.none": "None",
"common.time.seconds_ago": "{0} seconds ago",
"common.time.minutes_ago": "{0} minutes ago",
"common.time.hours_ago": "{0} hours ago",
"common.time.days_ago": "{0} days ago",
"common.time.just_now": "Just now",
"common.ui.loading": "Loading...",
"common.ui.saving": "Saving...",
"common.ui.deleting": "Deleting...",
"common.ui.submitting": "Submitting...",
"common.ui.no_results": "No results found.",
"common.ui.offline": "You are offline.",
"common.ui.reconnecting": "Reconnecting...",
"common.ui.back_online": "Back online.",
"auth.dpop.proof_lifetime_invalid": "DPoP proof lifetime must be greater than zero.",
"auth.dpop.clock_skew_invalid": "DPoP allowed clock skew must be between 0 seconds and 5 minutes.",
"auth.dpop.replay_window_invalid": "DPoP replay window must be greater than or equal to zero.",
"auth.dpop.algorithm_required": "At least one allowed DPoP algorithm must be configured.",
"auth.dpop.algorithm_empty_after_normalization": "Allowed DPoP algorithms cannot be empty after normalization.",
"auth.dpop.options_required": "DPoP options must be provided.",
"auth.dpop.nonce_ttl_invalid": "Nonce TTL must be greater than zero.",
"auth.dpop.nonce_max_issuance_invalid": "Max issuance per minute must be at least 1.",
"auth.dpop.nonce_store_required": "Dpop.Nonce.Store must be specified.",
"auth.dpop.nonce_store_invalid": "Dpop.Nonce.Store must be either 'memory' or 'redis'.",
"auth.dpop.nonce_redis_required": "Dpop.Nonce.RedisConnectionString must be provided when using the 'redis' store.",
"auth.dpop.nonce_audiences_required": "Dpop.Nonce.RequiredAudiences must include at least one audience.",
"auth.dpop.token_three_segments": "Token must contain three segments.",
"auth.dpop.segment_out_of_range": "Segment index out of range.",
"auth.dpop.header_decode_failed": "Unable to decode header.",
"auth.dpop.header_missing_typ": "DPoP proof missing typ=dpop+jwt header.",
"auth.dpop.header_missing_alg": "DPoP proof missing alg header.",
"auth.dpop.header_unsupported_alg": "Unsupported DPoP algorithm.",
"auth.dpop.header_missing_jwk": "DPoP proof missing jwk header.",
"auth.dpop.header_invalid_jwk": "DPoP proof jwk header is invalid.",
"auth.dpop.payload_decode_failed": "Unable to decode payload.",
"auth.dpop.payload_missing_htm": "DPoP proof missing htm claim.",
"auth.dpop.payload_htm_mismatch": "DPoP htm does not match request method.",
"auth.dpop.payload_missing_htu": "DPoP proof missing htu claim.",
"auth.dpop.payload_htu_mismatch": "DPoP htu does not match request URI.",
"auth.dpop.payload_missing_iat": "DPoP proof missing iat claim.",
"auth.dpop.payload_missing_jti": "DPoP proof missing jti claim.",
"auth.dpop.payload_iat_invalid": "DPoP proof iat claim is not a valid number.",
"auth.dpop.nonce_missing": "DPoP proof missing nonce claim.",
"auth.dpop.nonce_mismatch": "DPoP nonce mismatch.",
"auth.dpop.proof_future": "DPoP proof issued in the future.",
"auth.dpop.proof_expired": "DPoP proof expired.",
"auth.dpop.signature_failed": "DPoP proof signature validation failed.",
"auth.dpop.replay_detected": "DPoP proof already used.",
"config.authority.schema_version_required": "Authority configuration requires a positive schemaVersion.",
"config.authority.issuer_required": "Authority configuration requires an issuer URL.",
"config.authority.issuer_absolute": "Authority issuer must be an absolute URI.",
"config.authority.issuer_https": "Authority issuer must use HTTPS unless running on a loopback interface.",
"config.authority.duplicate_tenant": "Authority configuration contains duplicate tenant identifier '{0}'.",
"config.authority.property_greater_than_zero": "Authority configuration requires {0} to be greater than zero.",
"config.authority.property_max": "Authority configuration requires {0} to be less than or equal to {1}.",
"config.authority.remote_inference_required": "Authority configuration requires at least one advisory AI remote inference profile when remote inference is enabled.",
"config.tenant.id_required": "Each tenant requires an id (slug).",
"config.tenant.id_format": "Tenant id '{0}' must contain only lowercase letters, digits, and hyphen.",
"config.tenant.project_format": "Tenant '{0}' defines project '{1}' which must contain only lowercase letters, digits, and hyphen.",
"config.tenant.role_missing_config": "Tenant '{0}' defines role '{1}' without configuration.",
"config.tenant.role_scope_required": "Tenant '{0}' role '{1}' must specify at least one scope.",
"config.tenant.role_unknown_scope": "Tenant '{0}' role '{1}' references unknown scope '{2}'.",
"config.tenant.role_unsupported_attribute": "Tenant '{0}' role '{1}' defines unsupported attribute '{2}'. Allowed attributes: env, owner, business_tier.",
"config.tenant.delegation_max_tokens": "Tenant '{0}' delegation maxActiveTokens must be greater than zero when specified.",
"config.tenant.remote_inference_disabled": "Tenant remote inference consent cannot be granted when remote inference is disabled.",
"config.tenant.remote_inference_consent_version_length": "Tenant remote inference consentVersion must be {0} characters or fewer.",
"config.tenant.remote_inference_consented_by_length": "Tenant remote inference consentedBy must be {0} characters or fewer.",
"config.tenant.remote_inference_consent_version_required": "Tenant remote inference consent requires consentVersion when consentGranted is true.",
"config.tenant.remote_inference_consented_at_required": "Tenant remote inference consent requires consentedAt when consentGranted is true.",
"config.service_account.id_required": "Delegation service account seeds require an accountId.",
"config.service_account.id_format": "Service account id '{0}' must contain lowercase letters, digits, colon, underscore, or hyphen.",
"config.service_account.tenant_required": "Service account '{0}' requires a tenant assignment.",
"config.service_account.tenant_unknown": "Service account '{0}' references unknown tenant '{1}'.",
"config.service_account.scope_required": "Service account '{0}' must specify at least one allowed scope.",
"config.service_account.unsupported_attribute": "Service account '{0}' defines unsupported attribute '{1}'. Allowed attributes: env, owner, business_tier.",
"config.plugin.assembly_required": "Authority plugin '{0}' must define either assemblyName or assemblyPath.",
"config.plugin.config_file_required": "Authority plugin '{0}' must define a configFile.",
"config.plugin.config_file_missing": "Authority plugin '{0}' specifies configFile '{1}' which does not exist.",
"config.plugin.unknown_capability": "Authority plugin '{0}' declares unknown capability '{1}'. Allowed values: password, mfa, clientProvisioning, bootstrap.",
"config.plugin.descriptor_null": "Authority plugin descriptor '{0}' is null.",
"config.delegation.duplicate_account": "Delegation configuration contains duplicate service account id '{0}'.",
"config.delegation.quota_max_tokens": "Authority delegation configuration requires {0}.MaxActiveTokens to be greater than zero.",
"config.mtls.rotation_grace_negative": "Mtls.RotationGrace must be non-negative.",
"config.mtls.audiences_required": "Mtls.EnforceForAudiences must include at least one audience when enabled.",
"config.mtls.ca_empty": "Mtls.AllowedCertificateAuthorities entries must not be empty.",
"config.mtls.san_types_required": "Mtls.AllowedSanTypes must include at least one entry when enabled.",
"config.mtls.subject_patterns_empty": "Mtls.AllowedSubjectPatterns entries must not be empty.",
"config.mtls.subject_pattern_invalid": "Mtls.AllowedSubjectPatterns entry '{0}' is not a valid regular expression.",
"config.signing.key_id_required": "Authority signing configuration requires signing.activeKeyId.",
"config.signing.key_path_required": "Authority signing configuration requires signing.keyPath.",
"config.signing.jwks_cache_range": "Authority signing configuration requires signing.jwksCacheLifetime to be between 00:00:01 and 01:00:00.",
"config.signing.additional_key_id_required": "Additional signing keys require a keyId.",
"config.signing.additional_key_path_required": "Signing key '{0}' requires a path.",
"config.bootstrap.api_key_required": "Authority bootstrap configuration requires an API key when enabled.",
"config.bootstrap.idp_required": "Authority bootstrap configuration requires a default identity provider name when enabled.",
"config.rate_limit.permit_limit": "Authority rate limiting '{0}' requires permitLimit to be greater than zero.",
"config.rate_limit.queue_limit": "Authority rate limiting '{0}' queueLimit cannot be negative.",
"config.rate_limit.window": "Authority rate limiting '{0}' window must be greater than zero and no more than one hour.",
"config.storage.connection_required": "Authority storage requires a connection string.",
"config.storage.timeout_invalid": "Authority storage command timeout must be greater than zero.",
"config.ack_token.payload_type_required": "notifications.ackTokens.payloadType must be specified when ack tokens are enabled.",
"config.ack_token.default_lifetime_invalid": "notifications.ackTokens.defaultLifetime must be greater than zero.",
"config.ack_token.max_lifetime_invalid": "notifications.ackTokens.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.ack_token.key_id_required": "notifications.ackTokens.activeKeyId must be provided when ack tokens are enabled.",
"config.ack_token.key_path_required": "notifications.ackTokens.keyPath must be provided when ack tokens are enabled.",
"config.ack_token.jwks_cache_range": "notifications.ackTokens.jwksCacheLifetime must be between 00:00:01 and 01:00:00.",
"config.exceptions.null_template": "Authority exception routing template entries must not be null.",
"config.exceptions.duplicate_template": "Authority exception routing template '{0}' is configured more than once.",
"config.exceptions.template_id_required": "Authority exception routing templates require an id.",
"config.exceptions.template_route_required": "Authority exception routing template '{0}' requires authorityRouteId.",
"config.sealed_mode.evidence_path_required": "AirGap.SealedMode.EvidencePath must be provided when enforcement is enabled.",
"config.sealed_mode.max_age_range": "AirGap.SealedMode.MaxEvidenceAge must be between 00:00:01 and 7.00:00:00.",
"config.sealed_mode.cache_lifetime_range": "AirGap.SealedMode.CacheLifetime must be greater than zero and less than or equal to AirGap.SealedMode.MaxEvidenceAge.",
"config.webhook.hosts_required": "notifications.webhooks.allowedHosts must include at least one host when enabled.",
"config.escalation.scope_required": "notifications.escalation.scope must be specified.",
"config.anti_forgery.audience_required": "vulnerabilityExplorer.workflow.antiForgery.audience must be specified when anti-forgery tokens are enabled.",
"config.anti_forgery.default_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.defaultLifetime must be greater than zero.",
"config.anti_forgery.max_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.anti_forgery.max_context_entries": "vulnerabilityExplorer.workflow.antiForgery.maxContextEntries must be non-negative.",
"config.anti_forgery.max_context_value_length": "vulnerabilityExplorer.workflow.antiForgery.maxContextValueLength must be greater than zero.",
"config.attachment.default_lifetime_invalid": "vulnerabilityExplorer.attachments.defaultLifetime must be greater than zero when attachment tokens are enabled.",
"config.attachment.max_lifetime_invalid": "vulnerabilityExplorer.attachments.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.attachment.payload_type_required": "vulnerabilityExplorer.attachments.payloadType must be specified when attachment tokens are enabled.",
"config.attachment.max_metadata_entries": "vulnerabilityExplorer.attachments.maxMetadataEntries must be non-negative.",
"config.attachment.max_metadata_value_length": "vulnerabilityExplorer.attachments.maxMetadataValueLength must be greater than zero.",
"config.api_lifecycle.sunset_after_deprecation": "Legacy auth sunset date must be after the deprecation date.",
"config.api_lifecycle.docs_url_format": "Legacy auth documentation URL must be an absolute HTTP or HTTPS URL.",
"crypto.provider.algorithm_not_supported": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.hash_not_supported": "Hash algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.verify_not_supported": "Verification algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.key_not_registered": "Signing key '{0}' is not registered with provider '{1}'.",
"crypto.provider.key_algorithm_mismatch": "Signing key '{0}' is registered for algorithm '{1}', not '{2}'.",
"crypto.provider.ec_keys_only": "Provider '{0}' only accepts EC signing keys.",
"crypto.provider.no_password_hashing": "Provider '{0}' does not expose password hashing capabilities.",
"crypto.provider.no_content_hashing": "Provider '{0}' does not support content hashing.",
"crypto.provider.no_ephemeral_verification": "Provider '{0}' does not support ephemeral verification.",
"crypto.provider.not_signing_capable": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.es256_only": "Only ES256 signing keys are currently supported by provider '{0}'.",
"crypto.provider.p256_required": "ES256 signing keys must use the NIST P-256 curve.",
"crypto.provider.curve_mismatch": "Signing key curve mismatch. Expected curve '{0}' for algorithm '{1}'.",
"crypto.registry.empty": "At least one crypto provider must be registered.",
"crypto.registry.algorithm_required": "Algorithm identifier is required.",
"crypto.registry.signing_not_supported": "Signing algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.hash_not_supported": "Hash algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.verify_not_supported": "Verification algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.active_profile_required": "Active profile is required.",
"crypto.registry.profile_not_found": "Profile ID '{0}' is not found in the registry.",
"crypto.registry.profile_id_required": "Profile ID cannot be null or empty.",
"crypto.key.algorithm_required": "Algorithm identifier is required.",
"crypto.key.private_scalar_required": "Private key parameters must include the scalar component.",
"crypto.key.verification_only": "This constructor is only for verification-only keys. Set verificationOnly to true.",
"crypto.key.public_xy_required": "Public key parameters must include X and Y coordinates.",
"crypto.key.private_material_required": "Private key material must be provided.",
"crypto.hash.algorithm_unsupported": "Unsupported hash algorithm '{0}'.",
"crypto.hash.purpose_required": "Purpose cannot be null or empty.",
"crypto.hmac.algorithm_unknown": "Unknown HMAC algorithm '{0}'.",
"crypto.hmac.algorithm_unsupported": "Unsupported HMAC algorithm '{0}'.",
"crypto.ecdsa.algorithm_unsupported": "Unsupported ECDSA signing algorithm '{0}'.",
"crypto.ecdsa.curve_unsupported": "Unsupported ECDSA curve mapping for algorithm '{0}'.",
"crypto.digest.required": "Digest is required.",
"crypto.digest.prefix_required": "{0} must start with '{1}'.",
"crypto.digest.algorithm_unsupported": "Unsupported digest algorithm in '{0}'. Only sha256 is supported.",
"crypto.digest.hex_length": "{0} must contain {1} hexadecimal characters.",
"crypto.password.memory_cost_invalid": "Password hashing memory cost must be greater than zero.",
"crypto.password.iterations_invalid": "Password hashing iteration count must be greater than zero.",
"crypto.password.parallelism_invalid": "Password hashing parallelism must be greater than zero.",
"crypto.password.algorithm_mismatch": "{0} only supports the {1} algorithm.",
"crypto.password.pbkdf2_iterations": "PBKDF2 requires a positive iteration count.",
"crypto.gost.not_der": "Signature is not DER encoded.",
"crypto.gost.invalid_der": "Invalid DER structure for GOST signature.",
"crypto.gost.raw_length": "Raw GOST signature must be {0} bytes.",
"crypto.gost.neither_format": "Signature payload is neither DER nor raw GOST format.",
"crypto.gost.coordinate_overflow": "Coordinate exceeds expected length.",
"crypto.profile.unknown_purpose": "Unknown hash purpose '{0}' in profile '{1}'.",
"crypto.compliance.at_least_one_signing": "At least one signing algorithm must be supplied.",
"crypto.compliance.at_least_one_hash": "At least one hash algorithm must be supplied.",
"crypto.ed25519.private_key_size": "Ed25519 private key must be 32 or 64 bytes.",
"crypto.ed25519.public_key_size": "Ed25519 public key must be 32 bytes.",
"crypto.ed25519.no_hashing": "BouncyCastle Ed25519 provider does not expose hashing capabilities.",
"crypto.ed25519.raw_key_required": "Provider '{0}' requires raw Ed25519 private key material.",
"crypto.sm.no_password_hashing": "SM provider does not expose password hashing.",
"crypto.sm.raw_key_required": "SM2 provider requires raw private key bytes (PKCS#8 DER).",
"crypto.sm.unsupported_format": "Unsupported SM2 key format. Expect PEM or PKCS#8 DER.",
"crypto.sm.disabled": "Provider '{0}' is disabled. Set {1}=1 (or disable RequireEnvironmentGate) to enable software SM2/SM3.",
"crypto.di.registry_empty": "Crypto provider registry cannot be empty. Configure at least one provider for RU deployments.",
"crypto.di.ru_openssl_required": "Linux RU baseline requires provider 'ru.openssl.gost' (set STELLAOPS_CRYPTO_ENABLE_RU_OPENSSL=0 to override explicitly).",
"crypto.di.ru_provider_required": "RU Linux baseline is misconfigured: both ru.openssl.gost and ru.pkcs11 are disabled via environment. Enable at least one provider.",
"crypto.di.no_plugins_loaded": "No crypto providers were loaded. Check plugin configuration and manifest.",
"crypto.kms.rotation_via_policy": "{0} rotation must be orchestrated via {1} policies or schedules.",
"crypto.kms.revocation_via_policy": "{0} revocation must be managed through {1} APIs or console.",
"crypto.kms.public_key_missing_x": "Public key missing X coordinate.",
"crypto.kms.public_key_missing_y": "Public key missing Y coordinate.",
"crypto.kms.hash_failed": "Failed to hash payload with SHA-256.",
"crypto.kms.key_not_found": "Key '{0}' does not exist.",
"crypto.kms.key_revoked": "Key '{0}' has been revoked and cannot be rotated.",
"crypto.kms.key_revoked_signing": "Key '{0}' is revoked and cannot be used for signing.",
"crypto.kms.key_version_not_found": "Key version '{0}' does not exist for key '{1}'.",
"crypto.kms.key_no_active_version": "Key '{0}' does not have an active version.",
"crypto.kms.key_version_inactive": "Key version '{0}' is not active. Current state: {1}",
"crypto.kms.key_no_public_material": "Key '{0}' version '{1}' does not have public key material.",
"crypto.kms.algorithm_unsupported": "Algorithm '{0}' is not supported by the file KMS driver.",
"crypto.kms.curve_unsupported": "Curve '{0}' is not supported.",
"crypto.kms.metadata_failed": "Failed to create or load key metadata.",
"crypto.kms.algorithm_mismatch": "Algorithm mismatch. Expected '{0}', received '{1}'.",
"crypto.kms.version_exists": "Key version '{0}' already exists for key '{1}'.",
"crypto.kms.material_not_found": "Key material for version '{0}' was not found.",
"crypto.kms.envelope_deserialize_failed": "Key envelope could not be deserialized.",
"crypto.kms.payload_deserialize_failed": "Key payload could not be deserialized.",
"crypto.kms.pem_empty": "Public key PEM cannot be empty.",
"crypto.kms.no_primary_version": "Crypto key '{0}' does not have an active primary version.",
"crypto.kms.es256_only": "Provider '{0}' only supports ES256 signing keys.",
"crypto.kms.version_metadata_required": "KMS signing keys must include metadata entry 'kms.version'.",
"crypto.kms.missing_public_key": "KMS signing key is missing public key material.",
"crypto.fido2.curve_unsupported": "Unsupported FIDO2 curve OID '{0}'.",
"crypto.fido2.rotation_required": "FIDO2 credential rotation requires new enrolment.",
"crypto.fido2.revocation_relying_party": "FIDO2 credential revocation must be managed in the relying party.",
"crypto.fido2.missing_x": "FIDO2 public key missing X coordinate.",
"crypto.fido2.missing_y": "FIDO2 public key missing Y coordinate.",
"crypto.fido2.authenticator_required": "IFido2Authenticator must be registered to use FIDO2 KMS.",
"crypto.pkcs11.rotation_hsm": "PKCS#11 rotation requires HSM administrative tooling.",
"crypto.pkcs11.revocation_hsm": "PKCS#11 revocation must be handled by HSM policies.",
"crypto.pkcs11.slot_not_found": "Could not resolve PKCS#11 slot.",
"crypto.pkcs11.private_key_not_found": "PKCS#11 private key not found.",
"crypto.pkcs11.public_key_not_found": "PKCS#11 public key not found.",
"crypto.pkcs11.missing_ec_point": "Public key missing EC point.",
"crypto.pkcs11.missing_ec_params": "Public key missing EC parameters.",
"crypto.pkcs11.unsupported_point_format": "Unsupported EC point format.",
"crypto.pkcs11.curve_oid_unsupported": "Unsupported EC curve OID '{0}'.",
"crypto.pkcs11.curve_unsupported": "Unsupported EC curve '{0}'.",
"common.provcache.sbom_hash_required": "SBOM hash cannot be null or empty.",
"common.provcache.fetch_url_absolute": "Lazy fetch base URL must be absolute.",
"common.provcache.fetch_url_no_userinfo": "Lazy fetch base URL must not include user info.",
"common.provcache.fetch_url_host_required": "Lazy fetch base URL must include a host.",
"common.provcache.fetch_url_scheme_invalid": "Lazy fetch base URL scheme '{0}' is not allowed.",
"common.provcache.fetch_url_host_invalid": "Lazy fetch base URL host '{0}' is not allowlisted.",
"common.provcache.no_chunks_provided": "No chunks provided.",
"common.provcache.bundle_deserialize_failed": "Failed to deserialize bundle.",
"common.provcache.signer_not_configured": "Signer is not configured.",
"common.provcache.signing_requested_no_signer": "Signing requested but no signer is configured.",
"common.provcache.cache_entry_not_found": "Cache entry not found for VeriKey: {0}",
"common.provcache.chunk_manifest_not_found": "Chunk manifest not found for proof root: {0}",
"common.provcache.http_timeout_invalid": "Lazy fetch HTTP timeout must be a positive, non-infinite duration.",
"common.provcache.http_base_address_required": "HttpChunkFetcher requires a BaseAddress on the HTTP client.",
"common.provcache.merkle_root_mismatch": "Merkle root mismatch. Expected: {0}, Computed: {1}",
"common.provcache.chunk_verification_failed": "Chunk {0} verification failed. Expected hash: {1}",
"common.provcache.artifact_reference_required": "Artifact reference is required.",
"common.provcache.artifact_digest_required": "Artifact digest is required.",
"common.provcache.decision_digest_required": "DecisionDigest is required.",
"common.provcache.decision_digest_verikey_required": "DecisionDigest.VeriKey is required.",
"common.provcache.digest_empty": "Digest cannot be empty.",
"common.provcache.time_window_required": "Time window cannot be null or empty.",
"common.provcache.vex_hash_required": "VEX hash set hash cannot be null or empty.",
"common.provcache.policy_hash_required": "Policy hash cannot be null or empty.",
"common.provcache.source_hash_required": "Source hash cannot be null or empty.",
"common.provcache.signer_set_hash_required": "Signer set hash cannot be null or empty.",
"common.evidence.toolchain_required": "ToolChain must be set before building index.",
"common.evidence.deserialization_failed": "Failed to deserialize evidence index.",
"common.evidence.verdict_deserialization_failed": "Failed to deserialize verdict.",
"common.evidence.inputs_json_required": "JSON cannot be null or empty.",
"common.evidence.inputs_deserialization_failed": "Failed to deserialize pinned scoring inputs.",
"common.evidence.bundle_alert_id_required": "AlertId is required",
"common.evidence.bundle_artifact_id_required": "ArtifactId is required",
"common.evidence.pdf_export_requires_config": "PDF export requires additional configuration",
"common.evidence.invalid_uri_format": "Invalid evidence URI format: {0}. Expected stella://type/path",
"common.evidence.invalid_uri_missing_path": "Invalid evidence URI format: {0}. Missing path.",
"common.evidence.null_resolver_cannot_resolve": "NullTypeResolver cannot resolve evidence type: {0}",
"common.evidence.schema_resource_not_found": "Schema resource not found: {0}",
"common.evidence.schema_resource_not_available": "Schema resource not available: {0}",
"common.evidence.provenance_deserialize_failed": "Failed to deserialize provenance for evidence {0}",
"common.evidence.bundle_deserialize_failed": "Failed to deserialize verdict bundle",
"common.evidence.delta_verdict_deserialize_failed": "Failed to deserialize delta verdict",
"common.canonicalization.value_empty_after_trim": "Value must not be empty after trimming.",
"common.canonicalization.deserialize_failed": "Failed to deserialize {0}",
"common.canonicalization.datetime_value_null": "DateTimeOffset value is null.",
"common.canonicalization.dict_key_null": "Dictionary key cannot be null.",
"common.audit.replay_token_value_empty": "Token value cannot be empty.",
"common.audit.replay_token_empty": "Token cannot be empty.",
"common.audit.replay_token_format_invalid": "Invalid replay token format: {0}",
"common.audit.replay_token_version_invalid": "Invalid replay token version: {0}",
"common.audit.replay_token_expiration_invalid": "Invalid expiration timestamp in replay token: {0}",
"common.audit.replay_token_duplicate_context_key": "AdditionalContext contains duplicate key after normalization: '{0}'.",
"common.artifact.uri_format_invalid": "Invalid URI format: {0}",
"common.artifact.uri_scheme_not_supported": "URI scheme not supported: {0}",
"common.artifact.file_not_accessible": "File not accessible: {0}",
"common.artifact.file_too_large": "File too large: {0} bytes exceeds 100MB limit",
"common.artifact.uri_not_accessible": "URI not accessible: {0} returned {1}",
"common.artifact.content_too_large": "Content too large: {0} bytes exceeds 100MB limit",
"common.artifact.fetch_failed": "Failed to fetch from {0}: {1}",
"common.delta_verdict.artifact_ref_required": "Artifact reference is required.",
"common.delta_verdict.unsupported_signing_algorithm": "Unsupported signing algorithm: {0}",
"common.delta_verdict.hmac_secret_required": "HMAC signing requires a base64 secret.",
"common.eventing.no_entry_assembly": "No entry assembly found",
"auth.persistence.deserialize_inputs_failed": "Failed to deserialize inputs",
"auth.persistence.deserialize_result_failed": "Failed to deserialize result",
"auth.persistence.revocation_sequence_mismatch": "Revocation export sequence mismatch. Expected {0}, current {1}.",
"auth.persistence.revocation_update_rejected": "Revocation export state update rejected. Expected sequence {0}."
}

411
src/__Libraries/StellaOps.Localization/Translations/es-ES.common.json Normal file
View File

@@ -0,0 +1,411 @@
{
"_meta": { "locale": "es-ES", "namespace": "common", "version": "1.1" },
"common.error.generic": "Something went wrong.",
"common.error.not_found": "The requested resource was not found.",
"common.error.entity_not_found": "{0} '{1}' not found.",
"common.error.unauthorized": "You do not have permission to perform this action.",
"common.error.forbidden": "Access denied.",
"common.error.bad_request": "The request is invalid.",
"common.error.conflict": "A conflict occurred. The resource may have been modified.",
"common.error.timeout": "Request timed out after {0} seconds.",
"common.error.server_error": "An internal server error occurred. Please try again later.",
"common.error.service_unavailable": "The service is temporarily unavailable.",
"common.error.too_many_requests": "Too many requests. Please wait and try again.",
"common.error.network": "Network error. Check your connection.",
"common.error.body_required": "Request body is required.",
"common.error.deserialization_failed": "Failed to deserialize {0}.",
"common.error.not_supported": "{0} is not supported.",
"common.error.already_exists": "{0} '{1}' already exists.",
"common.error.revoked": "{0} '{1}' has been revoked and cannot be used.",
"common.error.state_invalid": "{0} '{1}' is not in the expected state. Current state: {2}",
"common.validation.required": "{0} is required.",
"common.validation.invalid": "{0} is invalid.",
"common.validation.too_long": "{0} exceeds the maximum length of {1} characters.",
"common.validation.too_short": "{0} must be at least {1} characters.",
"common.validation.out_of_range": "{0} must be between {1} and {2}.",
"common.validation.invalid_format": "{0} has an invalid format.",
"common.validation.duplicate": "{0} already exists.",
"common.validation.empty_not_allowed": "{0} must not be empty.",
"common.validation.empty_after_trim": "{0} must not be empty after trimming.",
"common.validation.greater_than_zero": "{0} must be greater than zero.",
"common.validation.non_negative": "{0} must be non-negative.",
"common.validation.at_least_one": "At least one {0} must be configured.",
"common.validation.at_least_n": "{0} must have at least {1} entries.",
"common.validation.null_or_empty": "{0} cannot be null or empty.",
"common.validation.absolute_uri": "{0} must be an absolute URI.",
"common.validation.invalid_regex": "{0} '{1}' is not a valid regular expression.",
"common.validation.unknown_value": "{0} '{1}' is not recognized. Allowed values: {2}",
"common.validation.max_exceeded": "{0} must be {1} characters or fewer.",
"common.actions.save": "Save",
"common.actions.cancel": "Cancel",
"common.actions.delete": "Delete",
"common.actions.confirm": "Confirm",
"common.actions.submit": "Submit",
"common.actions.close": "Close",
"common.actions.retry": "Retry",
"common.actions.expand": "Expand",
"common.actions.collapse": "Collapse",
"common.actions.show_more": "Show more",
"common.actions.show_less": "Show less",
"common.status.healthy": "Healthy",
"common.status.degraded": "Degraded",
"common.status.unavailable": "Unavailable",
"common.status.unknown": "Unknown",
"common.status.active": "Active",
"common.status.inactive": "Inactive",
"common.status.pending": "Pending",
"common.status.running": "Running",
"common.status.completed": "Completed",
"common.status.failed": "Failed",
"common.status.canceled": "Canceled",
"common.status.blocked": "Blocked",
"common.severity.critical": "Critical",
"common.severity.high": "High",
"common.severity.medium": "Medium",
"common.severity.low": "Low",
"common.severity.info": "Info",
"common.severity.none": "None",
"common.time.seconds_ago": "{0} seconds ago",
"common.time.minutes_ago": "{0} minutes ago",
"common.time.hours_ago": "{0} hours ago",
"common.time.days_ago": "{0} days ago",
"common.time.just_now": "Just now",
"common.ui.loading": "Loading...",
"common.ui.saving": "Saving...",
"common.ui.deleting": "Deleting...",
"common.ui.submitting": "Submitting...",
"common.ui.no_results": "No results found.",
"common.ui.offline": "You are offline.",
"common.ui.reconnecting": "Reconnecting...",
"common.ui.back_online": "Back online.",
"auth.dpop.proof_lifetime_invalid": "DPoP proof lifetime must be greater than zero.",
"auth.dpop.clock_skew_invalid": "DPoP allowed clock skew must be between 0 seconds and 5 minutes.",
"auth.dpop.replay_window_invalid": "DPoP replay window must be greater than or equal to zero.",
"auth.dpop.algorithm_required": "At least one allowed DPoP algorithm must be configured.",
"auth.dpop.algorithm_empty_after_normalization": "Allowed DPoP algorithms cannot be empty after normalization.",
"auth.dpop.options_required": "DPoP options must be provided.",
"auth.dpop.nonce_ttl_invalid": "Nonce TTL must be greater than zero.",
"auth.dpop.nonce_max_issuance_invalid": "Max issuance per minute must be at least 1.",
"auth.dpop.nonce_store_required": "Dpop.Nonce.Store must be specified.",
"auth.dpop.nonce_store_invalid": "Dpop.Nonce.Store must be either 'memory' or 'redis'.",
"auth.dpop.nonce_redis_required": "Dpop.Nonce.RedisConnectionString must be provided when using the 'redis' store.",
"auth.dpop.nonce_audiences_required": "Dpop.Nonce.RequiredAudiences must include at least one audience.",
"auth.dpop.token_three_segments": "Token must contain three segments.",
"auth.dpop.segment_out_of_range": "Segment index out of range.",
"auth.dpop.header_decode_failed": "Unable to decode header.",
"auth.dpop.header_missing_typ": "DPoP proof missing typ=dpop+jwt header.",
"auth.dpop.header_missing_alg": "DPoP proof missing alg header.",
"auth.dpop.header_unsupported_alg": "Unsupported DPoP algorithm.",
"auth.dpop.header_missing_jwk": "DPoP proof missing jwk header.",
"auth.dpop.header_invalid_jwk": "DPoP proof jwk header is invalid.",
"auth.dpop.payload_decode_failed": "Unable to decode payload.",
"auth.dpop.payload_missing_htm": "DPoP proof missing htm claim.",
"auth.dpop.payload_htm_mismatch": "DPoP htm does not match request method.",
"auth.dpop.payload_missing_htu": "DPoP proof missing htu claim.",
"auth.dpop.payload_htu_mismatch": "DPoP htu does not match request URI.",
"auth.dpop.payload_missing_iat": "DPoP proof missing iat claim.",
"auth.dpop.payload_missing_jti": "DPoP proof missing jti claim.",
"auth.dpop.payload_iat_invalid": "DPoP proof iat claim is not a valid number.",
"auth.dpop.nonce_missing": "DPoP proof missing nonce claim.",
"auth.dpop.nonce_mismatch": "DPoP nonce mismatch.",
"auth.dpop.proof_future": "DPoP proof issued in the future.",
"auth.dpop.proof_expired": "DPoP proof expired.",
"auth.dpop.signature_failed": "DPoP proof signature validation failed.",
"auth.dpop.replay_detected": "DPoP proof already used.",
"config.authority.schema_version_required": "Authority configuration requires a positive schemaVersion.",
"config.authority.issuer_required": "Authority configuration requires an issuer URL.",
"config.authority.issuer_absolute": "Authority issuer must be an absolute URI.",
"config.authority.issuer_https": "Authority issuer must use HTTPS unless running on a loopback interface.",
"config.authority.duplicate_tenant": "Authority configuration contains duplicate tenant identifier '{0}'.",
"config.authority.property_greater_than_zero": "Authority configuration requires {0} to be greater than zero.",
"config.authority.property_max": "Authority configuration requires {0} to be less than or equal to {1}.",
"config.authority.remote_inference_required": "Authority configuration requires at least one advisory AI remote inference profile when remote inference is enabled.",
"config.tenant.id_required": "Each tenant requires an id (slug).",
"config.tenant.id_format": "Tenant id '{0}' must contain only lowercase letters, digits, and hyphen.",
"config.tenant.project_format": "Tenant '{0}' defines project '{1}' which must contain only lowercase letters, digits, and hyphen.",
"config.tenant.role_missing_config": "Tenant '{0}' defines role '{1}' without configuration.",
"config.tenant.role_scope_required": "Tenant '{0}' role '{1}' must specify at least one scope.",
"config.tenant.role_unknown_scope": "Tenant '{0}' role '{1}' references unknown scope '{2}'.",
"config.tenant.role_unsupported_attribute": "Tenant '{0}' role '{1}' defines unsupported attribute '{2}'. Allowed attributes: env, owner, business_tier.",
"config.tenant.delegation_max_tokens": "Tenant '{0}' delegation maxActiveTokens must be greater than zero when specified.",
"config.tenant.remote_inference_disabled": "Tenant remote inference consent cannot be granted when remote inference is disabled.",
"config.tenant.remote_inference_consent_version_length": "Tenant remote inference consentVersion must be {0} characters or fewer.",
"config.tenant.remote_inference_consented_by_length": "Tenant remote inference consentedBy must be {0} characters or fewer.",
"config.tenant.remote_inference_consent_version_required": "Tenant remote inference consent requires consentVersion when consentGranted is true.",
"config.tenant.remote_inference_consented_at_required": "Tenant remote inference consent requires consentedAt when consentGranted is true.",
"config.service_account.id_required": "Delegation service account seeds require an accountId.",
"config.service_account.id_format": "Service account id '{0}' must contain lowercase letters, digits, colon, underscore, or hyphen.",
"config.service_account.tenant_required": "Service account '{0}' requires a tenant assignment.",
"config.service_account.tenant_unknown": "Service account '{0}' references unknown tenant '{1}'.",
"config.service_account.scope_required": "Service account '{0}' must specify at least one allowed scope.",
"config.service_account.unsupported_attribute": "Service account '{0}' defines unsupported attribute '{1}'. Allowed attributes: env, owner, business_tier.",
"config.plugin.assembly_required": "Authority plugin '{0}' must define either assemblyName or assemblyPath.",
"config.plugin.config_file_required": "Authority plugin '{0}' must define a configFile.",
"config.plugin.config_file_missing": "Authority plugin '{0}' specifies configFile '{1}' which does not exist.",
"config.plugin.unknown_capability": "Authority plugin '{0}' declares unknown capability '{1}'. Allowed values: password, mfa, clientProvisioning, bootstrap.",
"config.plugin.descriptor_null": "Authority plugin descriptor '{0}' is null.",
"config.delegation.duplicate_account": "Delegation configuration contains duplicate service account id '{0}'.",
"config.delegation.quota_max_tokens": "Authority delegation configuration requires {0}.MaxActiveTokens to be greater than zero.",
"config.mtls.rotation_grace_negative": "Mtls.RotationGrace must be non-negative.",
"config.mtls.audiences_required": "Mtls.EnforceForAudiences must include at least one audience when enabled.",
"config.mtls.ca_empty": "Mtls.AllowedCertificateAuthorities entries must not be empty.",
"config.mtls.san_types_required": "Mtls.AllowedSanTypes must include at least one entry when enabled.",
"config.mtls.subject_patterns_empty": "Mtls.AllowedSubjectPatterns entries must not be empty.",
"config.mtls.subject_pattern_invalid": "Mtls.AllowedSubjectPatterns entry '{0}' is not a valid regular expression.",
"config.signing.key_id_required": "Authority signing configuration requires signing.activeKeyId.",
"config.signing.key_path_required": "Authority signing configuration requires signing.keyPath.",
"config.signing.jwks_cache_range": "Authority signing configuration requires signing.jwksCacheLifetime to be between 00:00:01 and 01:00:00.",
"config.signing.additional_key_id_required": "Additional signing keys require a keyId.",
"config.signing.additional_key_path_required": "Signing key '{0}' requires a path.",
"config.bootstrap.api_key_required": "Authority bootstrap configuration requires an API key when enabled.",
"config.bootstrap.idp_required": "Authority bootstrap configuration requires a default identity provider name when enabled.",
"config.rate_limit.permit_limit": "Authority rate limiting '{0}' requires permitLimit to be greater than zero.",
"config.rate_limit.queue_limit": "Authority rate limiting '{0}' queueLimit cannot be negative.",
"config.rate_limit.window": "Authority rate limiting '{0}' window must be greater than zero and no more than one hour.",
"config.storage.connection_required": "Authority storage requires a connection string.",
"config.storage.timeout_invalid": "Authority storage command timeout must be greater than zero.",
"config.ack_token.payload_type_required": "notifications.ackTokens.payloadType must be specified when ack tokens are enabled.",
"config.ack_token.default_lifetime_invalid": "notifications.ackTokens.defaultLifetime must be greater than zero.",
"config.ack_token.max_lifetime_invalid": "notifications.ackTokens.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.ack_token.key_id_required": "notifications.ackTokens.activeKeyId must be provided when ack tokens are enabled.",
"config.ack_token.key_path_required": "notifications.ackTokens.keyPath must be provided when ack tokens are enabled.",
"config.ack_token.jwks_cache_range": "notifications.ackTokens.jwksCacheLifetime must be between 00:00:01 and 01:00:00.",
"config.exceptions.null_template": "Authority exception routing template entries must not be null.",
"config.exceptions.duplicate_template": "Authority exception routing template '{0}' is configured more than once.",
"config.exceptions.template_id_required": "Authority exception routing templates require an id.",
"config.exceptions.template_route_required": "Authority exception routing template '{0}' requires authorityRouteId.",
"config.sealed_mode.evidence_path_required": "AirGap.SealedMode.EvidencePath must be provided when enforcement is enabled.",
"config.sealed_mode.max_age_range": "AirGap.SealedMode.MaxEvidenceAge must be between 00:00:01 and 7.00:00:00.",
"config.sealed_mode.cache_lifetime_range": "AirGap.SealedMode.CacheLifetime must be greater than zero and less than or equal to AirGap.SealedMode.MaxEvidenceAge.",
"config.webhook.hosts_required": "notifications.webhooks.allowedHosts must include at least one host when enabled.",
"config.escalation.scope_required": "notifications.escalation.scope must be specified.",
"config.anti_forgery.audience_required": "vulnerabilityExplorer.workflow.antiForgery.audience must be specified when anti-forgery tokens are enabled.",
"config.anti_forgery.default_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.defaultLifetime must be greater than zero.",
"config.anti_forgery.max_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.anti_forgery.max_context_entries": "vulnerabilityExplorer.workflow.antiForgery.maxContextEntries must be non-negative.",
"config.anti_forgery.max_context_value_length": "vulnerabilityExplorer.workflow.antiForgery.maxContextValueLength must be greater than zero.",
"config.attachment.default_lifetime_invalid": "vulnerabilityExplorer.attachments.defaultLifetime must be greater than zero when attachment tokens are enabled.",
"config.attachment.max_lifetime_invalid": "vulnerabilityExplorer.attachments.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.attachment.payload_type_required": "vulnerabilityExplorer.attachments.payloadType must be specified when attachment tokens are enabled.",
"config.attachment.max_metadata_entries": "vulnerabilityExplorer.attachments.maxMetadataEntries must be non-negative.",
"config.attachment.max_metadata_value_length": "vulnerabilityExplorer.attachments.maxMetadataValueLength must be greater than zero.",
"config.api_lifecycle.sunset_after_deprecation": "Legacy auth sunset date must be after the deprecation date.",
"config.api_lifecycle.docs_url_format": "Legacy auth documentation URL must be an absolute HTTP or HTTPS URL.",
"crypto.provider.algorithm_not_supported": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.hash_not_supported": "Hash algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.verify_not_supported": "Verification algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.key_not_registered": "Signing key '{0}' is not registered with provider '{1}'.",
"crypto.provider.key_algorithm_mismatch": "Signing key '{0}' is registered for algorithm '{1}', not '{2}'.",
"crypto.provider.ec_keys_only": "Provider '{0}' only accepts EC signing keys.",
"crypto.provider.no_password_hashing": "Provider '{0}' does not expose password hashing capabilities.",
"crypto.provider.no_content_hashing": "Provider '{0}' does not support content hashing.",
"crypto.provider.no_ephemeral_verification": "Provider '{0}' does not support ephemeral verification.",
"crypto.provider.not_signing_capable": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.es256_only": "Only ES256 signing keys are currently supported by provider '{0}'.",
"crypto.provider.p256_required": "ES256 signing keys must use the NIST P-256 curve.",
"crypto.provider.curve_mismatch": "Signing key curve mismatch. Expected curve '{0}' for algorithm '{1}'.",
"crypto.registry.empty": "At least one crypto provider must be registered.",
"crypto.registry.algorithm_required": "Algorithm identifier is required.",
"crypto.registry.signing_not_supported": "Signing algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.hash_not_supported": "Hash algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.verify_not_supported": "Verification algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.active_profile_required": "Active profile is required.",
"crypto.registry.profile_not_found": "Profile ID '{0}' is not found in the registry.",
"crypto.registry.profile_id_required": "Profile ID cannot be null or empty.",
"crypto.key.algorithm_required": "Algorithm identifier is required.",
"crypto.key.private_scalar_required": "Private key parameters must include the scalar component.",
"crypto.key.verification_only": "This constructor is only for verification-only keys. Set verificationOnly to true.",
"crypto.key.public_xy_required": "Public key parameters must include X and Y coordinates.",
"crypto.key.private_material_required": "Private key material must be provided.",
"crypto.hash.algorithm_unsupported": "Unsupported hash algorithm '{0}'.",
"crypto.hash.purpose_required": "Purpose cannot be null or empty.",
"crypto.hmac.algorithm_unknown": "Unknown HMAC algorithm '{0}'.",
"crypto.hmac.algorithm_unsupported": "Unsupported HMAC algorithm '{0}'.",
"crypto.ecdsa.algorithm_unsupported": "Unsupported ECDSA signing algorithm '{0}'.",
"crypto.ecdsa.curve_unsupported": "Unsupported ECDSA curve mapping for algorithm '{0}'.",
"crypto.digest.required": "Digest is required.",
"crypto.digest.prefix_required": "{0} must start with '{1}'.",
"crypto.digest.algorithm_unsupported": "Unsupported digest algorithm in '{0}'. Only sha256 is supported.",
"crypto.digest.hex_length": "{0} must contain {1} hexadecimal characters.",
"crypto.password.memory_cost_invalid": "Password hashing memory cost must be greater than zero.",
"crypto.password.iterations_invalid": "Password hashing iteration count must be greater than zero.",
"crypto.password.parallelism_invalid": "Password hashing parallelism must be greater than zero.",
"crypto.password.algorithm_mismatch": "{0} only supports the {1} algorithm.",
"crypto.password.pbkdf2_iterations": "PBKDF2 requires a positive iteration count.",
"crypto.gost.not_der": "Signature is not DER encoded.",
"crypto.gost.invalid_der": "Invalid DER structure for GOST signature.",
"crypto.gost.raw_length": "Raw GOST signature must be {0} bytes.",
"crypto.gost.neither_format": "Signature payload is neither DER nor raw GOST format.",
"crypto.gost.coordinate_overflow": "Coordinate exceeds expected length.",
"crypto.profile.unknown_purpose": "Unknown hash purpose '{0}' in profile '{1}'.",
"crypto.compliance.at_least_one_signing": "At least one signing algorithm must be supplied.",
"crypto.compliance.at_least_one_hash": "At least one hash algorithm must be supplied.",
"crypto.ed25519.private_key_size": "Ed25519 private key must be 32 or 64 bytes.",
"crypto.ed25519.public_key_size": "Ed25519 public key must be 32 bytes.",
"crypto.ed25519.no_hashing": "BouncyCastle Ed25519 provider does not expose hashing capabilities.",
"crypto.ed25519.raw_key_required": "Provider '{0}' requires raw Ed25519 private key material.",
"crypto.sm.no_password_hashing": "SM provider does not expose password hashing.",
"crypto.sm.raw_key_required": "SM2 provider requires raw private key bytes (PKCS#8 DER).",
"crypto.sm.unsupported_format": "Unsupported SM2 key format. Expect PEM or PKCS#8 DER.",
"crypto.sm.disabled": "Provider '{0}' is disabled. Set {1}=1 (or disable RequireEnvironmentGate) to enable software SM2/SM3.",
"crypto.di.registry_empty": "Crypto provider registry cannot be empty. Configure at least one provider for RU deployments.",
"crypto.di.ru_openssl_required": "Linux RU baseline requires provider 'ru.openssl.gost' (set STELLAOPS_CRYPTO_ENABLE_RU_OPENSSL=0 to override explicitly).",
"crypto.di.ru_provider_required": "RU Linux baseline is misconfigured: both ru.openssl.gost and ru.pkcs11 are disabled via environment. Enable at least one provider.",
"crypto.di.no_plugins_loaded": "No crypto providers were loaded. Check plugin configuration and manifest.",
"crypto.kms.rotation_via_policy": "{0} rotation must be orchestrated via {1} policies or schedules.",
"crypto.kms.revocation_via_policy": "{0} revocation must be managed through {1} APIs or console.",
"crypto.kms.public_key_missing_x": "Public key missing X coordinate.",
"crypto.kms.public_key_missing_y": "Public key missing Y coordinate.",
"crypto.kms.hash_failed": "Failed to hash payload with SHA-256.",
"crypto.kms.key_not_found": "Key '{0}' does not exist.",
"crypto.kms.key_revoked": "Key '{0}' has been revoked and cannot be rotated.",
"crypto.kms.key_revoked_signing": "Key '{0}' is revoked and cannot be used for signing.",
"crypto.kms.key_version_not_found": "Key version '{0}' does not exist for key '{1}'.",
"crypto.kms.key_no_active_version": "Key '{0}' does not have an active version.",
"crypto.kms.key_version_inactive": "Key version '{0}' is not active. Current state: {1}",
"crypto.kms.key_no_public_material": "Key '{0}' version '{1}' does not have public key material.",
"crypto.kms.algorithm_unsupported": "Algorithm '{0}' is not supported by the file KMS driver.",
"crypto.kms.curve_unsupported": "Curve '{0}' is not supported.",
"crypto.kms.metadata_failed": "Failed to create or load key metadata.",
"crypto.kms.algorithm_mismatch": "Algorithm mismatch. Expected '{0}', received '{1}'.",
"crypto.kms.version_exists": "Key version '{0}' already exists for key '{1}'.",
"crypto.kms.material_not_found": "Key material for version '{0}' was not found.",
"crypto.kms.envelope_deserialize_failed": "Key envelope could not be deserialized.",
"crypto.kms.payload_deserialize_failed": "Key payload could not be deserialized.",
"crypto.kms.pem_empty": "Public key PEM cannot be empty.",
"crypto.kms.no_primary_version": "Crypto key '{0}' does not have an active primary version.",
"crypto.kms.es256_only": "Provider '{0}' only supports ES256 signing keys.",
"crypto.kms.version_metadata_required": "KMS signing keys must include metadata entry 'kms.version'.",
"crypto.kms.missing_public_key": "KMS signing key is missing public key material.",
"crypto.fido2.curve_unsupported": "Unsupported FIDO2 curve OID '{0}'.",
"crypto.fido2.rotation_required": "FIDO2 credential rotation requires new enrolment.",
"crypto.fido2.revocation_relying_party": "FIDO2 credential revocation must be managed in the relying party.",
"crypto.fido2.missing_x": "FIDO2 public key missing X coordinate.",
"crypto.fido2.missing_y": "FIDO2 public key missing Y coordinate.",
"crypto.fido2.authenticator_required": "IFido2Authenticator must be registered to use FIDO2 KMS.",
"crypto.pkcs11.rotation_hsm": "PKCS#11 rotation requires HSM administrative tooling.",
"crypto.pkcs11.revocation_hsm": "PKCS#11 revocation must be handled by HSM policies.",
"crypto.pkcs11.slot_not_found": "Could not resolve PKCS#11 slot.",
"crypto.pkcs11.private_key_not_found": "PKCS#11 private key not found.",
"crypto.pkcs11.public_key_not_found": "PKCS#11 public key not found.",
"crypto.pkcs11.missing_ec_point": "Public key missing EC point.",
"crypto.pkcs11.missing_ec_params": "Public key missing EC parameters.",
"crypto.pkcs11.unsupported_point_format": "Unsupported EC point format.",
"crypto.pkcs11.curve_oid_unsupported": "Unsupported EC curve OID '{0}'.",
"crypto.pkcs11.curve_unsupported": "Unsupported EC curve '{0}'.",
"common.provcache.sbom_hash_required": "SBOM hash cannot be null or empty.",
"common.provcache.fetch_url_absolute": "Lazy fetch base URL must be absolute.",
"common.provcache.fetch_url_no_userinfo": "Lazy fetch base URL must not include user info.",
"common.provcache.fetch_url_host_required": "Lazy fetch base URL must include a host.",
"common.provcache.fetch_url_scheme_invalid": "Lazy fetch base URL scheme '{0}' is not allowed.",
"common.provcache.fetch_url_host_invalid": "Lazy fetch base URL host '{0}' is not allowlisted.",
"common.provcache.no_chunks_provided": "No chunks provided.",
"common.provcache.bundle_deserialize_failed": "Failed to deserialize bundle.",
"common.provcache.signer_not_configured": "Signer is not configured.",
"common.provcache.signing_requested_no_signer": "Signing requested but no signer is configured.",
"common.provcache.cache_entry_not_found": "Cache entry not found for VeriKey: {0}",
"common.provcache.chunk_manifest_not_found": "Chunk manifest not found for proof root: {0}",
"common.provcache.http_timeout_invalid": "Lazy fetch HTTP timeout must be a positive, non-infinite duration.",
"common.provcache.http_base_address_required": "HttpChunkFetcher requires a BaseAddress on the HTTP client.",
"common.provcache.merkle_root_mismatch": "Merkle root mismatch. Expected: {0}, Computed: {1}",
"common.provcache.chunk_verification_failed": "Chunk {0} verification failed. Expected hash: {1}",
"common.provcache.artifact_reference_required": "Artifact reference is required.",
"common.provcache.artifact_digest_required": "Artifact digest is required.",
"common.provcache.decision_digest_required": "DecisionDigest is required.",
"common.provcache.decision_digest_verikey_required": "DecisionDigest.VeriKey is required.",
"common.provcache.digest_empty": "Digest cannot be empty.",
"common.provcache.time_window_required": "Time window cannot be null or empty.",
"common.provcache.vex_hash_required": "VEX hash set hash cannot be null or empty.",
"common.provcache.policy_hash_required": "Policy hash cannot be null or empty.",
"common.provcache.source_hash_required": "Source hash cannot be null or empty.",
"common.provcache.signer_set_hash_required": "Signer set hash cannot be null or empty.",
"common.evidence.toolchain_required": "ToolChain must be set before building index.",
"common.evidence.deserialization_failed": "Failed to deserialize evidence index.",
"common.evidence.verdict_deserialization_failed": "Failed to deserialize verdict.",
"common.evidence.inputs_json_required": "JSON cannot be null or empty.",
"common.evidence.inputs_deserialization_failed": "Failed to deserialize pinned scoring inputs.",
"common.evidence.bundle_alert_id_required": "AlertId is required",
"common.evidence.bundle_artifact_id_required": "ArtifactId is required",
"common.evidence.pdf_export_requires_config": "PDF export requires additional configuration",
"common.evidence.invalid_uri_format": "Invalid evidence URI format: {0}. Expected stella://type/path",
"common.evidence.invalid_uri_missing_path": "Invalid evidence URI format: {0}. Missing path.",
"common.evidence.null_resolver_cannot_resolve": "NullTypeResolver cannot resolve evidence type: {0}",
"common.evidence.schema_resource_not_found": "Schema resource not found: {0}",
"common.evidence.schema_resource_not_available": "Schema resource not available: {0}",
"common.evidence.provenance_deserialize_failed": "Failed to deserialize provenance for evidence {0}",
"common.evidence.bundle_deserialize_failed": "Failed to deserialize verdict bundle",
"common.evidence.delta_verdict_deserialize_failed": "Failed to deserialize delta verdict",
"common.canonicalization.value_empty_after_trim": "Value must not be empty after trimming.",
"common.canonicalization.deserialize_failed": "Failed to deserialize {0}",
"common.canonicalization.datetime_value_null": "DateTimeOffset value is null.",
"common.canonicalization.dict_key_null": "Dictionary key cannot be null.",
"common.audit.replay_token_value_empty": "Token value cannot be empty.",
"common.audit.replay_token_empty": "Token cannot be empty.",
"common.audit.replay_token_format_invalid": "Invalid replay token format: {0}",
"common.audit.replay_token_version_invalid": "Invalid replay token version: {0}",
"common.audit.replay_token_expiration_invalid": "Invalid expiration timestamp in replay token: {0}",
"common.audit.replay_token_duplicate_context_key": "AdditionalContext contains duplicate key after normalization: '{0}'.",
"common.artifact.uri_format_invalid": "Invalid URI format: {0}",
"common.artifact.uri_scheme_not_supported": "URI scheme not supported: {0}",
"common.artifact.file_not_accessible": "File not accessible: {0}",
"common.artifact.file_too_large": "File too large: {0} bytes exceeds 100MB limit",
"common.artifact.uri_not_accessible": "URI not accessible: {0} returned {1}",
"common.artifact.content_too_large": "Content too large: {0} bytes exceeds 100MB limit",
"common.artifact.fetch_failed": "Failed to fetch from {0}: {1}",
"common.delta_verdict.artifact_ref_required": "Artifact reference is required.",
"common.delta_verdict.unsupported_signing_algorithm": "Unsupported signing algorithm: {0}",
"common.delta_verdict.hmac_secret_required": "HMAC signing requires a base64 secret.",
"common.eventing.no_entry_assembly": "No entry assembly found",
"auth.persistence.deserialize_inputs_failed": "Failed to deserialize inputs",
"auth.persistence.deserialize_result_failed": "Failed to deserialize result",
"auth.persistence.revocation_sequence_mismatch": "Revocation export sequence mismatch. Expected {0}, current {1}.",
"auth.persistence.revocation_update_rejected": "Revocation export state update rejected. Expected sequence {0}."
}

411
src/__Libraries/StellaOps.Localization/Translations/fr-FR.common.json Normal file
View File

@@ -0,0 +1,411 @@
{
"_meta": { "locale": "fr-FR", "namespace": "common", "version": "1.1" },
"common.error.generic": "Something went wrong.",
"common.error.not_found": "The requested resource was not found.",
"common.error.entity_not_found": "{0} '{1}' not found.",
"common.error.unauthorized": "You do not have permission to perform this action.",
"common.error.forbidden": "Access denied.",
"common.error.bad_request": "The request is invalid.",
"common.error.conflict": "A conflict occurred. The resource may have been modified.",
"common.error.timeout": "Request timed out after {0} seconds.",
"common.error.server_error": "An internal server error occurred. Please try again later.",
"common.error.service_unavailable": "The service is temporarily unavailable.",
"common.error.too_many_requests": "Too many requests. Please wait and try again.",
"common.error.network": "Network error. Check your connection.",
"common.error.body_required": "Request body is required.",
"common.error.deserialization_failed": "Failed to deserialize {0}.",
"common.error.not_supported": "{0} is not supported.",
"common.error.already_exists": "{0} '{1}' already exists.",
"common.error.revoked": "{0} '{1}' has been revoked and cannot be used.",
"common.error.state_invalid": "{0} '{1}' is not in the expected state. Current state: {2}",
"common.validation.required": "{0} is required.",
"common.validation.invalid": "{0} is invalid.",
"common.validation.too_long": "{0} exceeds the maximum length of {1} characters.",
"common.validation.too_short": "{0} must be at least {1} characters.",
"common.validation.out_of_range": "{0} must be between {1} and {2}.",
"common.validation.invalid_format": "{0} has an invalid format.",
"common.validation.duplicate": "{0} already exists.",
"common.validation.empty_not_allowed": "{0} must not be empty.",
"common.validation.empty_after_trim": "{0} must not be empty after trimming.",
"common.validation.greater_than_zero": "{0} must be greater than zero.",
"common.validation.non_negative": "{0} must be non-negative.",
"common.validation.at_least_one": "At least one {0} must be configured.",
"common.validation.at_least_n": "{0} must have at least {1} entries.",
"common.validation.null_or_empty": "{0} cannot be null or empty.",
"common.validation.absolute_uri": "{0} must be an absolute URI.",
"common.validation.invalid_regex": "{0} '{1}' is not a valid regular expression.",
"common.validation.unknown_value": "{0} '{1}' is not recognized. Allowed values: {2}",
"common.validation.max_exceeded": "{0} must be {1} characters or fewer.",
"common.actions.save": "Save",
"common.actions.cancel": "Cancel",
"common.actions.delete": "Delete",
"common.actions.confirm": "Confirm",
"common.actions.submit": "Submit",
"common.actions.close": "Close",
"common.actions.retry": "Retry",
"common.actions.expand": "Expand",
"common.actions.collapse": "Collapse",
"common.actions.show_more": "Show more",
"common.actions.show_less": "Show less",
"common.status.healthy": "Healthy",
"common.status.degraded": "Degraded",
"common.status.unavailable": "Unavailable",
"common.status.unknown": "Unknown",
"common.status.active": "Active",
"common.status.inactive": "Inactive",
"common.status.pending": "Pending",
"common.status.running": "Running",
"common.status.completed": "Completed",
"common.status.failed": "Failed",
"common.status.canceled": "Canceled",
"common.status.blocked": "Blocked",
"common.severity.critical": "Critical",
"common.severity.high": "High",
"common.severity.medium": "Medium",
"common.severity.low": "Low",
"common.severity.info": "Info",
"common.severity.none": "None",
"common.time.seconds_ago": "{0} seconds ago",
"common.time.minutes_ago": "{0} minutes ago",
"common.time.hours_ago": "{0} hours ago",
"common.time.days_ago": "{0} days ago",
"common.time.just_now": "Just now",
"common.ui.loading": "Loading...",
"common.ui.saving": "Saving...",
"common.ui.deleting": "Deleting...",
"common.ui.submitting": "Submitting...",
"common.ui.no_results": "No results found.",
"common.ui.offline": "You are offline.",
"common.ui.reconnecting": "Reconnecting...",
"common.ui.back_online": "Back online.",
"auth.dpop.proof_lifetime_invalid": "DPoP proof lifetime must be greater than zero.",
"auth.dpop.clock_skew_invalid": "DPoP allowed clock skew must be between 0 seconds and 5 minutes.",
"auth.dpop.replay_window_invalid": "DPoP replay window must be greater than or equal to zero.",
"auth.dpop.algorithm_required": "At least one allowed DPoP algorithm must be configured.",
"auth.dpop.algorithm_empty_after_normalization": "Allowed DPoP algorithms cannot be empty after normalization.",
"auth.dpop.options_required": "DPoP options must be provided.",
"auth.dpop.nonce_ttl_invalid": "Nonce TTL must be greater than zero.",
"auth.dpop.nonce_max_issuance_invalid": "Max issuance per minute must be at least 1.",
"auth.dpop.nonce_store_required": "Dpop.Nonce.Store must be specified.",
"auth.dpop.nonce_store_invalid": "Dpop.Nonce.Store must be either 'memory' or 'redis'.",
"auth.dpop.nonce_redis_required": "Dpop.Nonce.RedisConnectionString must be provided when using the 'redis' store.",
"auth.dpop.nonce_audiences_required": "Dpop.Nonce.RequiredAudiences must include at least one audience.",
"auth.dpop.token_three_segments": "Token must contain three segments.",
"auth.dpop.segment_out_of_range": "Segment index out of range.",
"auth.dpop.header_decode_failed": "Unable to decode header.",
"auth.dpop.header_missing_typ": "DPoP proof missing typ=dpop+jwt header.",
"auth.dpop.header_missing_alg": "DPoP proof missing alg header.",
"auth.dpop.header_unsupported_alg": "Unsupported DPoP algorithm.",
"auth.dpop.header_missing_jwk": "DPoP proof missing jwk header.",
"auth.dpop.header_invalid_jwk": "DPoP proof jwk header is invalid.",
"auth.dpop.payload_decode_failed": "Unable to decode payload.",
"auth.dpop.payload_missing_htm": "DPoP proof missing htm claim.",
"auth.dpop.payload_htm_mismatch": "DPoP htm does not match request method.",
"auth.dpop.payload_missing_htu": "DPoP proof missing htu claim.",
"auth.dpop.payload_htu_mismatch": "DPoP htu does not match request URI.",
"auth.dpop.payload_missing_iat": "DPoP proof missing iat claim.",
"auth.dpop.payload_missing_jti": "DPoP proof missing jti claim.",
"auth.dpop.payload_iat_invalid": "DPoP proof iat claim is not a valid number.",
"auth.dpop.nonce_missing": "DPoP proof missing nonce claim.",
"auth.dpop.nonce_mismatch": "DPoP nonce mismatch.",
"auth.dpop.proof_future": "DPoP proof issued in the future.",
"auth.dpop.proof_expired": "DPoP proof expired.",
"auth.dpop.signature_failed": "DPoP proof signature validation failed.",
"auth.dpop.replay_detected": "DPoP proof already used.",
"config.authority.schema_version_required": "Authority configuration requires a positive schemaVersion.",
"config.authority.issuer_required": "Authority configuration requires an issuer URL.",
"config.authority.issuer_absolute": "Authority issuer must be an absolute URI.",
"config.authority.issuer_https": "Authority issuer must use HTTPS unless running on a loopback interface.",
"config.authority.duplicate_tenant": "Authority configuration contains duplicate tenant identifier '{0}'.",
"config.authority.property_greater_than_zero": "Authority configuration requires {0} to be greater than zero.",
"config.authority.property_max": "Authority configuration requires {0} to be less than or equal to {1}.",
"config.authority.remote_inference_required": "Authority configuration requires at least one advisory AI remote inference profile when remote inference is enabled.",
"config.tenant.id_required": "Each tenant requires an id (slug).",
"config.tenant.id_format": "Tenant id '{0}' must contain only lowercase letters, digits, and hyphen.",
"config.tenant.project_format": "Tenant '{0}' defines project '{1}' which must contain only lowercase letters, digits, and hyphen.",
"config.tenant.role_missing_config": "Tenant '{0}' defines role '{1}' without configuration.",
"config.tenant.role_scope_required": "Tenant '{0}' role '{1}' must specify at least one scope.",
"config.tenant.role_unknown_scope": "Tenant '{0}' role '{1}' references unknown scope '{2}'.",
"config.tenant.role_unsupported_attribute": "Tenant '{0}' role '{1}' defines unsupported attribute '{2}'. Allowed attributes: env, owner, business_tier.",
"config.tenant.delegation_max_tokens": "Tenant '{0}' delegation maxActiveTokens must be greater than zero when specified.",
"config.tenant.remote_inference_disabled": "Tenant remote inference consent cannot be granted when remote inference is disabled.",
"config.tenant.remote_inference_consent_version_length": "Tenant remote inference consentVersion must be {0} characters or fewer.",
"config.tenant.remote_inference_consented_by_length": "Tenant remote inference consentedBy must be {0} characters or fewer.",
"config.tenant.remote_inference_consent_version_required": "Tenant remote inference consent requires consentVersion when consentGranted is true.",
"config.tenant.remote_inference_consented_at_required": "Tenant remote inference consent requires consentedAt when consentGranted is true.",
"config.service_account.id_required": "Delegation service account seeds require an accountId.",
"config.service_account.id_format": "Service account id '{0}' must contain lowercase letters, digits, colon, underscore, or hyphen.",
"config.service_account.tenant_required": "Service account '{0}' requires a tenant assignment.",
"config.service_account.tenant_unknown": "Service account '{0}' references unknown tenant '{1}'.",
"config.service_account.scope_required": "Service account '{0}' must specify at least one allowed scope.",
"config.service_account.unsupported_attribute": "Service account '{0}' defines unsupported attribute '{1}'. Allowed attributes: env, owner, business_tier.",
"config.plugin.assembly_required": "Authority plugin '{0}' must define either assemblyName or assemblyPath.",
"config.plugin.config_file_required": "Authority plugin '{0}' must define a configFile.",
"config.plugin.config_file_missing": "Authority plugin '{0}' specifies configFile '{1}' which does not exist.",
"config.plugin.unknown_capability": "Authority plugin '{0}' declares unknown capability '{1}'. Allowed values: password, mfa, clientProvisioning, bootstrap.",
"config.plugin.descriptor_null": "Authority plugin descriptor '{0}' is null.",
"config.delegation.duplicate_account": "Delegation configuration contains duplicate service account id '{0}'.",
"config.delegation.quota_max_tokens": "Authority delegation configuration requires {0}.MaxActiveTokens to be greater than zero.",
"config.mtls.rotation_grace_negative": "Mtls.RotationGrace must be non-negative.",
"config.mtls.audiences_required": "Mtls.EnforceForAudiences must include at least one audience when enabled.",
"config.mtls.ca_empty": "Mtls.AllowedCertificateAuthorities entries must not be empty.",
"config.mtls.san_types_required": "Mtls.AllowedSanTypes must include at least one entry when enabled.",
"config.mtls.subject_patterns_empty": "Mtls.AllowedSubjectPatterns entries must not be empty.",
"config.mtls.subject_pattern_invalid": "Mtls.AllowedSubjectPatterns entry '{0}' is not a valid regular expression.",
"config.signing.key_id_required": "Authority signing configuration requires signing.activeKeyId.",
"config.signing.key_path_required": "Authority signing configuration requires signing.keyPath.",
"config.signing.jwks_cache_range": "Authority signing configuration requires signing.jwksCacheLifetime to be between 00:00:01 and 01:00:00.",
"config.signing.additional_key_id_required": "Additional signing keys require a keyId.",
"config.signing.additional_key_path_required": "Signing key '{0}' requires a path.",
"config.bootstrap.api_key_required": "Authority bootstrap configuration requires an API key when enabled.",
"config.bootstrap.idp_required": "Authority bootstrap configuration requires a default identity provider name when enabled.",
"config.rate_limit.permit_limit": "Authority rate limiting '{0}' requires permitLimit to be greater than zero.",
"config.rate_limit.queue_limit": "Authority rate limiting '{0}' queueLimit cannot be negative.",
"config.rate_limit.window": "Authority rate limiting '{0}' window must be greater than zero and no more than one hour.",
"config.storage.connection_required": "Authority storage requires a connection string.",
"config.storage.timeout_invalid": "Authority storage command timeout must be greater than zero.",
"config.ack_token.payload_type_required": "notifications.ackTokens.payloadType must be specified when ack tokens are enabled.",
"config.ack_token.default_lifetime_invalid": "notifications.ackTokens.defaultLifetime must be greater than zero.",
"config.ack_token.max_lifetime_invalid": "notifications.ackTokens.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.ack_token.key_id_required": "notifications.ackTokens.activeKeyId must be provided when ack tokens are enabled.",
"config.ack_token.key_path_required": "notifications.ackTokens.keyPath must be provided when ack tokens are enabled.",
"config.ack_token.jwks_cache_range": "notifications.ackTokens.jwksCacheLifetime must be between 00:00:01 and 01:00:00.",
"config.exceptions.null_template": "Authority exception routing template entries must not be null.",
"config.exceptions.duplicate_template": "Authority exception routing template '{0}' is configured more than once.",
"config.exceptions.template_id_required": "Authority exception routing templates require an id.",
"config.exceptions.template_route_required": "Authority exception routing template '{0}' requires authorityRouteId.",
"config.sealed_mode.evidence_path_required": "AirGap.SealedMode.EvidencePath must be provided when enforcement is enabled.",
"config.sealed_mode.max_age_range": "AirGap.SealedMode.MaxEvidenceAge must be between 00:00:01 and 7.00:00:00.",
"config.sealed_mode.cache_lifetime_range": "AirGap.SealedMode.CacheLifetime must be greater than zero and less than or equal to AirGap.SealedMode.MaxEvidenceAge.",
"config.webhook.hosts_required": "notifications.webhooks.allowedHosts must include at least one host when enabled.",
"config.escalation.scope_required": "notifications.escalation.scope must be specified.",
"config.anti_forgery.audience_required": "vulnerabilityExplorer.workflow.antiForgery.audience must be specified when anti-forgery tokens are enabled.",
"config.anti_forgery.default_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.defaultLifetime must be greater than zero.",
"config.anti_forgery.max_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.anti_forgery.max_context_entries": "vulnerabilityExplorer.workflow.antiForgery.maxContextEntries must be non-negative.",
"config.anti_forgery.max_context_value_length": "vulnerabilityExplorer.workflow.antiForgery.maxContextValueLength must be greater than zero.",
"config.attachment.default_lifetime_invalid": "vulnerabilityExplorer.attachments.defaultLifetime must be greater than zero when attachment tokens are enabled.",
"config.attachment.max_lifetime_invalid": "vulnerabilityExplorer.attachments.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.attachment.payload_type_required": "vulnerabilityExplorer.attachments.payloadType must be specified when attachment tokens are enabled.",
"config.attachment.max_metadata_entries": "vulnerabilityExplorer.attachments.maxMetadataEntries must be non-negative.",
"config.attachment.max_metadata_value_length": "vulnerabilityExplorer.attachments.maxMetadataValueLength must be greater than zero.",
"config.api_lifecycle.sunset_after_deprecation": "Legacy auth sunset date must be after the deprecation date.",
"config.api_lifecycle.docs_url_format": "Legacy auth documentation URL must be an absolute HTTP or HTTPS URL.",
"crypto.provider.algorithm_not_supported": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.hash_not_supported": "Hash algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.verify_not_supported": "Verification algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.key_not_registered": "Signing key '{0}' is not registered with provider '{1}'.",
"crypto.provider.key_algorithm_mismatch": "Signing key '{0}' is registered for algorithm '{1}', not '{2}'.",
"crypto.provider.ec_keys_only": "Provider '{0}' only accepts EC signing keys.",
"crypto.provider.no_password_hashing": "Provider '{0}' does not expose password hashing capabilities.",
"crypto.provider.no_content_hashing": "Provider '{0}' does not support content hashing.",
"crypto.provider.no_ephemeral_verification": "Provider '{0}' does not support ephemeral verification.",
"crypto.provider.not_signing_capable": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.es256_only": "Only ES256 signing keys are currently supported by provider '{0}'.",
"crypto.provider.p256_required": "ES256 signing keys must use the NIST P-256 curve.",
"crypto.provider.curve_mismatch": "Signing key curve mismatch. Expected curve '{0}' for algorithm '{1}'.",
"crypto.registry.empty": "At least one crypto provider must be registered.",
"crypto.registry.algorithm_required": "Algorithm identifier is required.",
"crypto.registry.signing_not_supported": "Signing algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.hash_not_supported": "Hash algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.verify_not_supported": "Verification algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.active_profile_required": "Active profile is required.",
"crypto.registry.profile_not_found": "Profile ID '{0}' is not found in the registry.",
"crypto.registry.profile_id_required": "Profile ID cannot be null or empty.",
"crypto.key.algorithm_required": "Algorithm identifier is required.",
"crypto.key.private_scalar_required": "Private key parameters must include the scalar component.",
"crypto.key.verification_only": "This constructor is only for verification-only keys. Set verificationOnly to true.",
"crypto.key.public_xy_required": "Public key parameters must include X and Y coordinates.",
"crypto.key.private_material_required": "Private key material must be provided.",
"crypto.hash.algorithm_unsupported": "Unsupported hash algorithm '{0}'.",
"crypto.hash.purpose_required": "Purpose cannot be null or empty.",
"crypto.hmac.algorithm_unknown": "Unknown HMAC algorithm '{0}'.",
"crypto.hmac.algorithm_unsupported": "Unsupported HMAC algorithm '{0}'.",
"crypto.ecdsa.algorithm_unsupported": "Unsupported ECDSA signing algorithm '{0}'.",
"crypto.ecdsa.curve_unsupported": "Unsupported ECDSA curve mapping for algorithm '{0}'.",
"crypto.digest.required": "Digest is required.",
"crypto.digest.prefix_required": "{0} must start with '{1}'.",
"crypto.digest.algorithm_unsupported": "Unsupported digest algorithm in '{0}'. Only sha256 is supported.",
"crypto.digest.hex_length": "{0} must contain {1} hexadecimal characters.",
"crypto.password.memory_cost_invalid": "Password hashing memory cost must be greater than zero.",
"crypto.password.iterations_invalid": "Password hashing iteration count must be greater than zero.",
"crypto.password.parallelism_invalid": "Password hashing parallelism must be greater than zero.",
"crypto.password.algorithm_mismatch": "{0} only supports the {1} algorithm.",
"crypto.password.pbkdf2_iterations": "PBKDF2 requires a positive iteration count.",
"crypto.gost.not_der": "Signature is not DER encoded.",
"crypto.gost.invalid_der": "Invalid DER structure for GOST signature.",
"crypto.gost.raw_length": "Raw GOST signature must be {0} bytes.",
"crypto.gost.neither_format": "Signature payload is neither DER nor raw GOST format.",
"crypto.gost.coordinate_overflow": "Coordinate exceeds expected length.",
"crypto.profile.unknown_purpose": "Unknown hash purpose '{0}' in profile '{1}'.",
"crypto.compliance.at_least_one_signing": "At least one signing algorithm must be supplied.",
"crypto.compliance.at_least_one_hash": "At least one hash algorithm must be supplied.",
"crypto.ed25519.private_key_size": "Ed25519 private key must be 32 or 64 bytes.",
"crypto.ed25519.public_key_size": "Ed25519 public key must be 32 bytes.",
"crypto.ed25519.no_hashing": "BouncyCastle Ed25519 provider does not expose hashing capabilities.",
"crypto.ed25519.raw_key_required": "Provider '{0}' requires raw Ed25519 private key material.",
"crypto.sm.no_password_hashing": "SM provider does not expose password hashing.",
"crypto.sm.raw_key_required": "SM2 provider requires raw private key bytes (PKCS#8 DER).",
"crypto.sm.unsupported_format": "Unsupported SM2 key format. Expect PEM or PKCS#8 DER.",
"crypto.sm.disabled": "Provider '{0}' is disabled. Set {1}=1 (or disable RequireEnvironmentGate) to enable software SM2/SM3.",
"crypto.di.registry_empty": "Crypto provider registry cannot be empty. Configure at least one provider for RU deployments.",
"crypto.di.ru_openssl_required": "Linux RU baseline requires provider 'ru.openssl.gost' (set STELLAOPS_CRYPTO_ENABLE_RU_OPENSSL=0 to override explicitly).",
"crypto.di.ru_provider_required": "RU Linux baseline is misconfigured: both ru.openssl.gost and ru.pkcs11 are disabled via environment. Enable at least one provider.",
"crypto.di.no_plugins_loaded": "No crypto providers were loaded. Check plugin configuration and manifest.",
"crypto.kms.rotation_via_policy": "{0} rotation must be orchestrated via {1} policies or schedules.",
"crypto.kms.revocation_via_policy": "{0} revocation must be managed through {1} APIs or console.",
"crypto.kms.public_key_missing_x": "Public key missing X coordinate.",
"crypto.kms.public_key_missing_y": "Public key missing Y coordinate.",
"crypto.kms.hash_failed": "Failed to hash payload with SHA-256.",
"crypto.kms.key_not_found": "Key '{0}' does not exist.",
"crypto.kms.key_revoked": "Key '{0}' has been revoked and cannot be rotated.",
"crypto.kms.key_revoked_signing": "Key '{0}' is revoked and cannot be used for signing.",
"crypto.kms.key_version_not_found": "Key version '{0}' does not exist for key '{1}'.",
"crypto.kms.key_no_active_version": "Key '{0}' does not have an active version.",
"crypto.kms.key_version_inactive": "Key version '{0}' is not active. Current state: {1}",
"crypto.kms.key_no_public_material": "Key '{0}' version '{1}' does not have public key material.",
"crypto.kms.algorithm_unsupported": "Algorithm '{0}' is not supported by the file KMS driver.",
"crypto.kms.curve_unsupported": "Curve '{0}' is not supported.",
"crypto.kms.metadata_failed": "Failed to create or load key metadata.",
"crypto.kms.algorithm_mismatch": "Algorithm mismatch. Expected '{0}', received '{1}'.",
"crypto.kms.version_exists": "Key version '{0}' already exists for key '{1}'.",
"crypto.kms.material_not_found": "Key material for version '{0}' was not found.",
"crypto.kms.envelope_deserialize_failed": "Key envelope could not be deserialized.",
"crypto.kms.payload_deserialize_failed": "Key payload could not be deserialized.",
"crypto.kms.pem_empty": "Public key PEM cannot be empty.",
"crypto.kms.no_primary_version": "Crypto key '{0}' does not have an active primary version.",
"crypto.kms.es256_only": "Provider '{0}' only supports ES256 signing keys.",
"crypto.kms.version_metadata_required": "KMS signing keys must include metadata entry 'kms.version'.",
"crypto.kms.missing_public_key": "KMS signing key is missing public key material.",
"crypto.fido2.curve_unsupported": "Unsupported FIDO2 curve OID '{0}'.",
"crypto.fido2.rotation_required": "FIDO2 credential rotation requires new enrolment.",
"crypto.fido2.revocation_relying_party": "FIDO2 credential revocation must be managed in the relying party.",
"crypto.fido2.missing_x": "FIDO2 public key missing X coordinate.",
"crypto.fido2.missing_y": "FIDO2 public key missing Y coordinate.",
"crypto.fido2.authenticator_required": "IFido2Authenticator must be registered to use FIDO2 KMS.",
"crypto.pkcs11.rotation_hsm": "PKCS#11 rotation requires HSM administrative tooling.",
"crypto.pkcs11.revocation_hsm": "PKCS#11 revocation must be handled by HSM policies.",
"crypto.pkcs11.slot_not_found": "Could not resolve PKCS#11 slot.",
"crypto.pkcs11.private_key_not_found": "PKCS#11 private key not found.",
"crypto.pkcs11.public_key_not_found": "PKCS#11 public key not found.",
"crypto.pkcs11.missing_ec_point": "Public key missing EC point.",
"crypto.pkcs11.missing_ec_params": "Public key missing EC parameters.",
"crypto.pkcs11.unsupported_point_format": "Unsupported EC point format.",
"crypto.pkcs11.curve_oid_unsupported": "Unsupported EC curve OID '{0}'.",
"crypto.pkcs11.curve_unsupported": "Unsupported EC curve '{0}'.",
"common.provcache.sbom_hash_required": "SBOM hash cannot be null or empty.",
"common.provcache.fetch_url_absolute": "Lazy fetch base URL must be absolute.",
"common.provcache.fetch_url_no_userinfo": "Lazy fetch base URL must not include user info.",
"common.provcache.fetch_url_host_required": "Lazy fetch base URL must include a host.",
"common.provcache.fetch_url_scheme_invalid": "Lazy fetch base URL scheme '{0}' is not allowed.",
"common.provcache.fetch_url_host_invalid": "Lazy fetch base URL host '{0}' is not allowlisted.",
"common.provcache.no_chunks_provided": "No chunks provided.",
"common.provcache.bundle_deserialize_failed": "Failed to deserialize bundle.",
"common.provcache.signer_not_configured": "Signer is not configured.",
"common.provcache.signing_requested_no_signer": "Signing requested but no signer is configured.",
"common.provcache.cache_entry_not_found": "Cache entry not found for VeriKey: {0}",
"common.provcache.chunk_manifest_not_found": "Chunk manifest not found for proof root: {0}",
"common.provcache.http_timeout_invalid": "Lazy fetch HTTP timeout must be a positive, non-infinite duration.",
"common.provcache.http_base_address_required": "HttpChunkFetcher requires a BaseAddress on the HTTP client.",
"common.provcache.merkle_root_mismatch": "Merkle root mismatch. Expected: {0}, Computed: {1}",
"common.provcache.chunk_verification_failed": "Chunk {0} verification failed. Expected hash: {1}",
"common.provcache.artifact_reference_required": "Artifact reference is required.",
"common.provcache.artifact_digest_required": "Artifact digest is required.",
"common.provcache.decision_digest_required": "DecisionDigest is required.",
"common.provcache.decision_digest_verikey_required": "DecisionDigest.VeriKey is required.",
"common.provcache.digest_empty": "Digest cannot be empty.",
"common.provcache.time_window_required": "Time window cannot be null or empty.",
"common.provcache.vex_hash_required": "VEX hash set hash cannot be null or empty.",
"common.provcache.policy_hash_required": "Policy hash cannot be null or empty.",
"common.provcache.source_hash_required": "Source hash cannot be null or empty.",
"common.provcache.signer_set_hash_required": "Signer set hash cannot be null or empty.",
"common.evidence.toolchain_required": "ToolChain must be set before building index.",
"common.evidence.deserialization_failed": "Failed to deserialize evidence index.",
"common.evidence.verdict_deserialization_failed": "Failed to deserialize verdict.",
"common.evidence.inputs_json_required": "JSON cannot be null or empty.",
"common.evidence.inputs_deserialization_failed": "Failed to deserialize pinned scoring inputs.",
"common.evidence.bundle_alert_id_required": "AlertId is required",
"common.evidence.bundle_artifact_id_required": "ArtifactId is required",
"common.evidence.pdf_export_requires_config": "PDF export requires additional configuration",
"common.evidence.invalid_uri_format": "Invalid evidence URI format: {0}. Expected stella://type/path",
"common.evidence.invalid_uri_missing_path": "Invalid evidence URI format: {0}. Missing path.",
"common.evidence.null_resolver_cannot_resolve": "NullTypeResolver cannot resolve evidence type: {0}",
"common.evidence.schema_resource_not_found": "Schema resource not found: {0}",
"common.evidence.schema_resource_not_available": "Schema resource not available: {0}",
"common.evidence.provenance_deserialize_failed": "Failed to deserialize provenance for evidence {0}",
"common.evidence.bundle_deserialize_failed": "Failed to deserialize verdict bundle",
"common.evidence.delta_verdict_deserialize_failed": "Failed to deserialize delta verdict",
"common.canonicalization.value_empty_after_trim": "Value must not be empty after trimming.",
"common.canonicalization.deserialize_failed": "Failed to deserialize {0}",
"common.canonicalization.datetime_value_null": "DateTimeOffset value is null.",
"common.canonicalization.dict_key_null": "Dictionary key cannot be null.",
"common.audit.replay_token_value_empty": "Token value cannot be empty.",
"common.audit.replay_token_empty": "Token cannot be empty.",
"common.audit.replay_token_format_invalid": "Invalid replay token format: {0}",
"common.audit.replay_token_version_invalid": "Invalid replay token version: {0}",
"common.audit.replay_token_expiration_invalid": "Invalid expiration timestamp in replay token: {0}",
"common.audit.replay_token_duplicate_context_key": "AdditionalContext contains duplicate key after normalization: '{0}'.",
"common.artifact.uri_format_invalid": "Invalid URI format: {0}",
"common.artifact.uri_scheme_not_supported": "URI scheme not supported: {0}",
"common.artifact.file_not_accessible": "File not accessible: {0}",
"common.artifact.file_too_large": "File too large: {0} bytes exceeds 100MB limit",
"common.artifact.uri_not_accessible": "URI not accessible: {0} returned {1}",
"common.artifact.content_too_large": "Content too large: {0} bytes exceeds 100MB limit",
"common.artifact.fetch_failed": "Failed to fetch from {0}: {1}",
"common.delta_verdict.artifact_ref_required": "Artifact reference is required.",
"common.delta_verdict.unsupported_signing_algorithm": "Unsupported signing algorithm: {0}",
"common.delta_verdict.hmac_secret_required": "HMAC signing requires a base64 secret.",
"common.eventing.no_entry_assembly": "No entry assembly found",
"auth.persistence.deserialize_inputs_failed": "Failed to deserialize inputs",
"auth.persistence.deserialize_result_failed": "Failed to deserialize result",
"auth.persistence.revocation_sequence_mismatch": "Revocation export sequence mismatch. Expected {0}, current {1}.",
"auth.persistence.revocation_update_rejected": "Revocation export state update rejected. Expected sequence {0}."
}

411
src/__Libraries/StellaOps.Localization/Translations/ru-RU.common.json Normal file
View File

@@ -0,0 +1,411 @@
{
"_meta": { "locale": "ru-RU", "namespace": "common", "version": "1.1" },
"common.error.generic": "Something went wrong.",
"common.error.not_found": "The requested resource was not found.",
"common.error.entity_not_found": "{0} '{1}' not found.",
"common.error.unauthorized": "You do not have permission to perform this action.",
"common.error.forbidden": "Access denied.",
"common.error.bad_request": "The request is invalid.",
"common.error.conflict": "A conflict occurred. The resource may have been modified.",
"common.error.timeout": "Request timed out after {0} seconds.",
"common.error.server_error": "An internal server error occurred. Please try again later.",
"common.error.service_unavailable": "The service is temporarily unavailable.",
"common.error.too_many_requests": "Too many requests. Please wait and try again.",
"common.error.network": "Network error. Check your connection.",
"common.error.body_required": "Request body is required.",
"common.error.deserialization_failed": "Failed to deserialize {0}.",
"common.error.not_supported": "{0} is not supported.",
"common.error.already_exists": "{0} '{1}' already exists.",
"common.error.revoked": "{0} '{1}' has been revoked and cannot be used.",
"common.error.state_invalid": "{0} '{1}' is not in the expected state. Current state: {2}",
"common.validation.required": "{0} is required.",
"common.validation.invalid": "{0} is invalid.",
"common.validation.too_long": "{0} exceeds the maximum length of {1} characters.",
"common.validation.too_short": "{0} must be at least {1} characters.",
"common.validation.out_of_range": "{0} must be between {1} and {2}.",
"common.validation.invalid_format": "{0} has an invalid format.",
"common.validation.duplicate": "{0} already exists.",
"common.validation.empty_not_allowed": "{0} must not be empty.",
"common.validation.empty_after_trim": "{0} must not be empty after trimming.",
"common.validation.greater_than_zero": "{0} must be greater than zero.",
"common.validation.non_negative": "{0} must be non-negative.",
"common.validation.at_least_one": "At least one {0} must be configured.",
"common.validation.at_least_n": "{0} must have at least {1} entries.",
"common.validation.null_or_empty": "{0} cannot be null or empty.",
"common.validation.absolute_uri": "{0} must be an absolute URI.",
"common.validation.invalid_regex": "{0} '{1}' is not a valid regular expression.",
"common.validation.unknown_value": "{0} '{1}' is not recognized. Allowed values: {2}",
"common.validation.max_exceeded": "{0} must be {1} characters or fewer.",
"common.actions.save": "Save",
"common.actions.cancel": "Cancel",
"common.actions.delete": "Delete",
"common.actions.confirm": "Confirm",
"common.actions.submit": "Submit",
"common.actions.close": "Close",
"common.actions.retry": "Retry",
"common.actions.expand": "Expand",
"common.actions.collapse": "Collapse",
"common.actions.show_more": "Show more",
"common.actions.show_less": "Show less",
"common.status.healthy": "Healthy",
"common.status.degraded": "Degraded",
"common.status.unavailable": "Unavailable",
"common.status.unknown": "Unknown",
"common.status.active": "Active",
"common.status.inactive": "Inactive",
"common.status.pending": "Pending",
"common.status.running": "Running",
"common.status.completed": "Completed",
"common.status.failed": "Failed",
"common.status.canceled": "Canceled",
"common.status.blocked": "Blocked",
"common.severity.critical": "Critical",
"common.severity.high": "High",
"common.severity.medium": "Medium",
"common.severity.low": "Low",
"common.severity.info": "Info",
"common.severity.none": "None",
"common.time.seconds_ago": "{0} seconds ago",
"common.time.minutes_ago": "{0} minutes ago",
"common.time.hours_ago": "{0} hours ago",
"common.time.days_ago": "{0} days ago",
"common.time.just_now": "Just now",
"common.ui.loading": "Loading...",
"common.ui.saving": "Saving...",
"common.ui.deleting": "Deleting...",
"common.ui.submitting": "Submitting...",
"common.ui.no_results": "No results found.",
"common.ui.offline": "You are offline.",
"common.ui.reconnecting": "Reconnecting...",
"common.ui.back_online": "Back online.",
"auth.dpop.proof_lifetime_invalid": "DPoP proof lifetime must be greater than zero.",
"auth.dpop.clock_skew_invalid": "DPoP allowed clock skew must be between 0 seconds and 5 minutes.",
"auth.dpop.replay_window_invalid": "DPoP replay window must be greater than or equal to zero.",
"auth.dpop.algorithm_required": "At least one allowed DPoP algorithm must be configured.",
"auth.dpop.algorithm_empty_after_normalization": "Allowed DPoP algorithms cannot be empty after normalization.",
"auth.dpop.options_required": "DPoP options must be provided.",
"auth.dpop.nonce_ttl_invalid": "Nonce TTL must be greater than zero.",
"auth.dpop.nonce_max_issuance_invalid": "Max issuance per minute must be at least 1.",
"auth.dpop.nonce_store_required": "Dpop.Nonce.Store must be specified.",
"auth.dpop.nonce_store_invalid": "Dpop.Nonce.Store must be either 'memory' or 'redis'.",
"auth.dpop.nonce_redis_required": "Dpop.Nonce.RedisConnectionString must be provided when using the 'redis' store.",
"auth.dpop.nonce_audiences_required": "Dpop.Nonce.RequiredAudiences must include at least one audience.",
"auth.dpop.token_three_segments": "Token must contain three segments.",
"auth.dpop.segment_out_of_range": "Segment index out of range.",
"auth.dpop.header_decode_failed": "Unable to decode header.",
"auth.dpop.header_missing_typ": "DPoP proof missing typ=dpop+jwt header.",
"auth.dpop.header_missing_alg": "DPoP proof missing alg header.",
"auth.dpop.header_unsupported_alg": "Unsupported DPoP algorithm.",
"auth.dpop.header_missing_jwk": "DPoP proof missing jwk header.",
"auth.dpop.header_invalid_jwk": "DPoP proof jwk header is invalid.",
"auth.dpop.payload_decode_failed": "Unable to decode payload.",
"auth.dpop.payload_missing_htm": "DPoP proof missing htm claim.",
"auth.dpop.payload_htm_mismatch": "DPoP htm does not match request method.",
"auth.dpop.payload_missing_htu": "DPoP proof missing htu claim.",
"auth.dpop.payload_htu_mismatch": "DPoP htu does not match request URI.",
"auth.dpop.payload_missing_iat": "DPoP proof missing iat claim.",
"auth.dpop.payload_missing_jti": "DPoP proof missing jti claim.",
"auth.dpop.payload_iat_invalid": "DPoP proof iat claim is not a valid number.",
"auth.dpop.nonce_missing": "DPoP proof missing nonce claim.",
"auth.dpop.nonce_mismatch": "DPoP nonce mismatch.",
"auth.dpop.proof_future": "DPoP proof issued in the future.",
"auth.dpop.proof_expired": "DPoP proof expired.",
"auth.dpop.signature_failed": "DPoP proof signature validation failed.",
"auth.dpop.replay_detected": "DPoP proof already used.",
"config.authority.schema_version_required": "Authority configuration requires a positive schemaVersion.",
"config.authority.issuer_required": "Authority configuration requires an issuer URL.",
"config.authority.issuer_absolute": "Authority issuer must be an absolute URI.",
"config.authority.issuer_https": "Authority issuer must use HTTPS unless running on a loopback interface.",
"config.authority.duplicate_tenant": "Authority configuration contains duplicate tenant identifier '{0}'.",
"config.authority.property_greater_than_zero": "Authority configuration requires {0} to be greater than zero.",
"config.authority.property_max": "Authority configuration requires {0} to be less than or equal to {1}.",
"config.authority.remote_inference_required": "Authority configuration requires at least one advisory AI remote inference profile when remote inference is enabled.",
"config.tenant.id_required": "Each tenant requires an id (slug).",
"config.tenant.id_format": "Tenant id '{0}' must contain only lowercase letters, digits, and hyphen.",
"config.tenant.project_format": "Tenant '{0}' defines project '{1}' which must contain only lowercase letters, digits, and hyphen.",
"config.tenant.role_missing_config": "Tenant '{0}' defines role '{1}' without configuration.",
"config.tenant.role_scope_required": "Tenant '{0}' role '{1}' must specify at least one scope.",
"config.tenant.role_unknown_scope": "Tenant '{0}' role '{1}' references unknown scope '{2}'.",
"config.tenant.role_unsupported_attribute": "Tenant '{0}' role '{1}' defines unsupported attribute '{2}'. Allowed attributes: env, owner, business_tier.",
"config.tenant.delegation_max_tokens": "Tenant '{0}' delegation maxActiveTokens must be greater than zero when specified.",
"config.tenant.remote_inference_disabled": "Tenant remote inference consent cannot be granted when remote inference is disabled.",
"config.tenant.remote_inference_consent_version_length": "Tenant remote inference consentVersion must be {0} characters or fewer.",
"config.tenant.remote_inference_consented_by_length": "Tenant remote inference consentedBy must be {0} characters or fewer.",
"config.tenant.remote_inference_consent_version_required": "Tenant remote inference consent requires consentVersion when consentGranted is true.",
"config.tenant.remote_inference_consented_at_required": "Tenant remote inference consent requires consentedAt when consentGranted is true.",
"config.service_account.id_required": "Delegation service account seeds require an accountId.",
"config.service_account.id_format": "Service account id '{0}' must contain lowercase letters, digits, colon, underscore, or hyphen.",
"config.service_account.tenant_required": "Service account '{0}' requires a tenant assignment.",
"config.service_account.tenant_unknown": "Service account '{0}' references unknown tenant '{1}'.",
"config.service_account.scope_required": "Service account '{0}' must specify at least one allowed scope.",
"config.service_account.unsupported_attribute": "Service account '{0}' defines unsupported attribute '{1}'. Allowed attributes: env, owner, business_tier.",
"config.plugin.assembly_required": "Authority plugin '{0}' must define either assemblyName or assemblyPath.",
"config.plugin.config_file_required": "Authority plugin '{0}' must define a configFile.",
"config.plugin.config_file_missing": "Authority plugin '{0}' specifies configFile '{1}' which does not exist.",
"config.plugin.unknown_capability": "Authority plugin '{0}' declares unknown capability '{1}'. Allowed values: password, mfa, clientProvisioning, bootstrap.",
"config.plugin.descriptor_null": "Authority plugin descriptor '{0}' is null.",
"config.delegation.duplicate_account": "Delegation configuration contains duplicate service account id '{0}'.",
"config.delegation.quota_max_tokens": "Authority delegation configuration requires {0}.MaxActiveTokens to be greater than zero.",
"config.mtls.rotation_grace_negative": "Mtls.RotationGrace must be non-negative.",
"config.mtls.audiences_required": "Mtls.EnforceForAudiences must include at least one audience when enabled.",
"config.mtls.ca_empty": "Mtls.AllowedCertificateAuthorities entries must not be empty.",
"config.mtls.san_types_required": "Mtls.AllowedSanTypes must include at least one entry when enabled.",
"config.mtls.subject_patterns_empty": "Mtls.AllowedSubjectPatterns entries must not be empty.",
"config.mtls.subject_pattern_invalid": "Mtls.AllowedSubjectPatterns entry '{0}' is not a valid regular expression.",
"config.signing.key_id_required": "Authority signing configuration requires signing.activeKeyId.",
"config.signing.key_path_required": "Authority signing configuration requires signing.keyPath.",
"config.signing.jwks_cache_range": "Authority signing configuration requires signing.jwksCacheLifetime to be between 00:00:01 and 01:00:00.",
"config.signing.additional_key_id_required": "Additional signing keys require a keyId.",
"config.signing.additional_key_path_required": "Signing key '{0}' requires a path.",
"config.bootstrap.api_key_required": "Authority bootstrap configuration requires an API key when enabled.",
"config.bootstrap.idp_required": "Authority bootstrap configuration requires a default identity provider name when enabled.",
"config.rate_limit.permit_limit": "Authority rate limiting '{0}' requires permitLimit to be greater than zero.",
"config.rate_limit.queue_limit": "Authority rate limiting '{0}' queueLimit cannot be negative.",
"config.rate_limit.window": "Authority rate limiting '{0}' window must be greater than zero and no more than one hour.",
"config.storage.connection_required": "Authority storage requires a connection string.",
"config.storage.timeout_invalid": "Authority storage command timeout must be greater than zero.",
"config.ack_token.payload_type_required": "notifications.ackTokens.payloadType must be specified when ack tokens are enabled.",
"config.ack_token.default_lifetime_invalid": "notifications.ackTokens.defaultLifetime must be greater than zero.",
"config.ack_token.max_lifetime_invalid": "notifications.ackTokens.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.ack_token.key_id_required": "notifications.ackTokens.activeKeyId must be provided when ack tokens are enabled.",
"config.ack_token.key_path_required": "notifications.ackTokens.keyPath must be provided when ack tokens are enabled.",
"config.ack_token.jwks_cache_range": "notifications.ackTokens.jwksCacheLifetime must be between 00:00:01 and 01:00:00.",
"config.exceptions.null_template": "Authority exception routing template entries must not be null.",
"config.exceptions.duplicate_template": "Authority exception routing template '{0}' is configured more than once.",
"config.exceptions.template_id_required": "Authority exception routing templates require an id.",
"config.exceptions.template_route_required": "Authority exception routing template '{0}' requires authorityRouteId.",
"config.sealed_mode.evidence_path_required": "AirGap.SealedMode.EvidencePath must be provided when enforcement is enabled.",
"config.sealed_mode.max_age_range": "AirGap.SealedMode.MaxEvidenceAge must be between 00:00:01 and 7.00:00:00.",
"config.sealed_mode.cache_lifetime_range": "AirGap.SealedMode.CacheLifetime must be greater than zero and less than or equal to AirGap.SealedMode.MaxEvidenceAge.",
"config.webhook.hosts_required": "notifications.webhooks.allowedHosts must include at least one host when enabled.",
"config.escalation.scope_required": "notifications.escalation.scope must be specified.",
"config.anti_forgery.audience_required": "vulnerabilityExplorer.workflow.antiForgery.audience must be specified when anti-forgery tokens are enabled.",
"config.anti_forgery.default_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.defaultLifetime must be greater than zero.",
"config.anti_forgery.max_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.anti_forgery.max_context_entries": "vulnerabilityExplorer.workflow.antiForgery.maxContextEntries must be non-negative.",
"config.anti_forgery.max_context_value_length": "vulnerabilityExplorer.workflow.antiForgery.maxContextValueLength must be greater than zero.",
"config.attachment.default_lifetime_invalid": "vulnerabilityExplorer.attachments.defaultLifetime must be greater than zero when attachment tokens are enabled.",
"config.attachment.max_lifetime_invalid": "vulnerabilityExplorer.attachments.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.attachment.payload_type_required": "vulnerabilityExplorer.attachments.payloadType must be specified when attachment tokens are enabled.",
"config.attachment.max_metadata_entries": "vulnerabilityExplorer.attachments.maxMetadataEntries must be non-negative.",
"config.attachment.max_metadata_value_length": "vulnerabilityExplorer.attachments.maxMetadataValueLength must be greater than zero.",
"config.api_lifecycle.sunset_after_deprecation": "Legacy auth sunset date must be after the deprecation date.",
"config.api_lifecycle.docs_url_format": "Legacy auth documentation URL must be an absolute HTTP or HTTPS URL.",
"crypto.provider.algorithm_not_supported": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.hash_not_supported": "Hash algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.verify_not_supported": "Verification algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.key_not_registered": "Signing key '{0}' is not registered with provider '{1}'.",
"crypto.provider.key_algorithm_mismatch": "Signing key '{0}' is registered for algorithm '{1}', not '{2}'.",
"crypto.provider.ec_keys_only": "Provider '{0}' only accepts EC signing keys.",
"crypto.provider.no_password_hashing": "Provider '{0}' does not expose password hashing capabilities.",
"crypto.provider.no_content_hashing": "Provider '{0}' does not support content hashing.",
"crypto.provider.no_ephemeral_verification": "Provider '{0}' does not support ephemeral verification.",
"crypto.provider.not_signing_capable": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.es256_only": "Only ES256 signing keys are currently supported by provider '{0}'.",
"crypto.provider.p256_required": "ES256 signing keys must use the NIST P-256 curve.",
"crypto.provider.curve_mismatch": "Signing key curve mismatch. Expected curve '{0}' for algorithm '{1}'.",
"crypto.registry.empty": "At least one crypto provider must be registered.",
"crypto.registry.algorithm_required": "Algorithm identifier is required.",
"crypto.registry.signing_not_supported": "Signing algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.hash_not_supported": "Hash algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.verify_not_supported": "Verification algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.active_profile_required": "Active profile is required.",
"crypto.registry.profile_not_found": "Profile ID '{0}' is not found in the registry.",
"crypto.registry.profile_id_required": "Profile ID cannot be null or empty.",
"crypto.key.algorithm_required": "Algorithm identifier is required.",
"crypto.key.private_scalar_required": "Private key parameters must include the scalar component.",
"crypto.key.verification_only": "This constructor is only for verification-only keys. Set verificationOnly to true.",
"crypto.key.public_xy_required": "Public key parameters must include X and Y coordinates.",
"crypto.key.private_material_required": "Private key material must be provided.",
"crypto.hash.algorithm_unsupported": "Unsupported hash algorithm '{0}'.",
"crypto.hash.purpose_required": "Purpose cannot be null or empty.",
"crypto.hmac.algorithm_unknown": "Unknown HMAC algorithm '{0}'.",
"crypto.hmac.algorithm_unsupported": "Unsupported HMAC algorithm '{0}'.",
"crypto.ecdsa.algorithm_unsupported": "Unsupported ECDSA signing algorithm '{0}'.",
"crypto.ecdsa.curve_unsupported": "Unsupported ECDSA curve mapping for algorithm '{0}'.",
"crypto.digest.required": "Digest is required.",
"crypto.digest.prefix_required": "{0} must start with '{1}'.",
"crypto.digest.algorithm_unsupported": "Unsupported digest algorithm in '{0}'. Only sha256 is supported.",
"crypto.digest.hex_length": "{0} must contain {1} hexadecimal characters.",
"crypto.password.memory_cost_invalid": "Password hashing memory cost must be greater than zero.",
"crypto.password.iterations_invalid": "Password hashing iteration count must be greater than zero.",
"crypto.password.parallelism_invalid": "Password hashing parallelism must be greater than zero.",
"crypto.password.algorithm_mismatch": "{0} only supports the {1} algorithm.",
"crypto.password.pbkdf2_iterations": "PBKDF2 requires a positive iteration count.",
"crypto.gost.not_der": "Signature is not DER encoded.",
"crypto.gost.invalid_der": "Invalid DER structure for GOST signature.",
"crypto.gost.raw_length": "Raw GOST signature must be {0} bytes.",
"crypto.gost.neither_format": "Signature payload is neither DER nor raw GOST format.",
"crypto.gost.coordinate_overflow": "Coordinate exceeds expected length.",
"crypto.profile.unknown_purpose": "Unknown hash purpose '{0}' in profile '{1}'.",
"crypto.compliance.at_least_one_signing": "At least one signing algorithm must be supplied.",
"crypto.compliance.at_least_one_hash": "At least one hash algorithm must be supplied.",
"crypto.ed25519.private_key_size": "Ed25519 private key must be 32 or 64 bytes.",
"crypto.ed25519.public_key_size": "Ed25519 public key must be 32 bytes.",
"crypto.ed25519.no_hashing": "BouncyCastle Ed25519 provider does not expose hashing capabilities.",
"crypto.ed25519.raw_key_required": "Provider '{0}' requires raw Ed25519 private key material.",
"crypto.sm.no_password_hashing": "SM provider does not expose password hashing.",
"crypto.sm.raw_key_required": "SM2 provider requires raw private key bytes (PKCS#8 DER).",
"crypto.sm.unsupported_format": "Unsupported SM2 key format. Expect PEM or PKCS#8 DER.",
"crypto.sm.disabled": "Provider '{0}' is disabled. Set {1}=1 (or disable RequireEnvironmentGate) to enable software SM2/SM3.",
"crypto.di.registry_empty": "Crypto provider registry cannot be empty. Configure at least one provider for RU deployments.",
"crypto.di.ru_openssl_required": "Linux RU baseline requires provider 'ru.openssl.gost' (set STELLAOPS_CRYPTO_ENABLE_RU_OPENSSL=0 to override explicitly).",
"crypto.di.ru_provider_required": "RU Linux baseline is misconfigured: both ru.openssl.gost and ru.pkcs11 are disabled via environment. Enable at least one provider.",
"crypto.di.no_plugins_loaded": "No crypto providers were loaded. Check plugin configuration and manifest.",
"crypto.kms.rotation_via_policy": "{0} rotation must be orchestrated via {1} policies or schedules.",
"crypto.kms.revocation_via_policy": "{0} revocation must be managed through {1} APIs or console.",
"crypto.kms.public_key_missing_x": "Public key missing X coordinate.",
"crypto.kms.public_key_missing_y": "Public key missing Y coordinate.",
"crypto.kms.hash_failed": "Failed to hash payload with SHA-256.",
"crypto.kms.key_not_found": "Key '{0}' does not exist.",
"crypto.kms.key_revoked": "Key '{0}' has been revoked and cannot be rotated.",
"crypto.kms.key_revoked_signing": "Key '{0}' is revoked and cannot be used for signing.",
"crypto.kms.key_version_not_found": "Key version '{0}' does not exist for key '{1}'.",
"crypto.kms.key_no_active_version": "Key '{0}' does not have an active version.",
"crypto.kms.key_version_inactive": "Key version '{0}' is not active. Current state: {1}",
"crypto.kms.key_no_public_material": "Key '{0}' version '{1}' does not have public key material.",
"crypto.kms.algorithm_unsupported": "Algorithm '{0}' is not supported by the file KMS driver.",
"crypto.kms.curve_unsupported": "Curve '{0}' is not supported.",
"crypto.kms.metadata_failed": "Failed to create or load key metadata.",
"crypto.kms.algorithm_mismatch": "Algorithm mismatch. Expected '{0}', received '{1}'.",
"crypto.kms.version_exists": "Key version '{0}' already exists for key '{1}'.",
"crypto.kms.material_not_found": "Key material for version '{0}' was not found.",
"crypto.kms.envelope_deserialize_failed": "Key envelope could not be deserialized.",
"crypto.kms.payload_deserialize_failed": "Key payload could not be deserialized.",
"crypto.kms.pem_empty": "Public key PEM cannot be empty.",
"crypto.kms.no_primary_version": "Crypto key '{0}' does not have an active primary version.",
"crypto.kms.es256_only": "Provider '{0}' only supports ES256 signing keys.",
"crypto.kms.version_metadata_required": "KMS signing keys must include metadata entry 'kms.version'.",
"crypto.kms.missing_public_key": "KMS signing key is missing public key material.",
"crypto.fido2.curve_unsupported": "Unsupported FIDO2 curve OID '{0}'.",
"crypto.fido2.rotation_required": "FIDO2 credential rotation requires new enrolment.",
"crypto.fido2.revocation_relying_party": "FIDO2 credential revocation must be managed in the relying party.",
"crypto.fido2.missing_x": "FIDO2 public key missing X coordinate.",
"crypto.fido2.missing_y": "FIDO2 public key missing Y coordinate.",
"crypto.fido2.authenticator_required": "IFido2Authenticator must be registered to use FIDO2 KMS.",
"crypto.pkcs11.rotation_hsm": "PKCS#11 rotation requires HSM administrative tooling.",
"crypto.pkcs11.revocation_hsm": "PKCS#11 revocation must be handled by HSM policies.",
"crypto.pkcs11.slot_not_found": "Could not resolve PKCS#11 slot.",
"crypto.pkcs11.private_key_not_found": "PKCS#11 private key not found.",
"crypto.pkcs11.public_key_not_found": "PKCS#11 public key not found.",
"crypto.pkcs11.missing_ec_point": "Public key missing EC point.",
"crypto.pkcs11.missing_ec_params": "Public key missing EC parameters.",
"crypto.pkcs11.unsupported_point_format": "Unsupported EC point format.",
"crypto.pkcs11.curve_oid_unsupported": "Unsupported EC curve OID '{0}'.",
"crypto.pkcs11.curve_unsupported": "Unsupported EC curve '{0}'.",
"common.provcache.sbom_hash_required": "SBOM hash cannot be null or empty.",
"common.provcache.fetch_url_absolute": "Lazy fetch base URL must be absolute.",
"common.provcache.fetch_url_no_userinfo": "Lazy fetch base URL must not include user info.",
"common.provcache.fetch_url_host_required": "Lazy fetch base URL must include a host.",
"common.provcache.fetch_url_scheme_invalid": "Lazy fetch base URL scheme '{0}' is not allowed.",
"common.provcache.fetch_url_host_invalid": "Lazy fetch base URL host '{0}' is not allowlisted.",
"common.provcache.no_chunks_provided": "No chunks provided.",
"common.provcache.bundle_deserialize_failed": "Failed to deserialize bundle.",
"common.provcache.signer_not_configured": "Signer is not configured.",
"common.provcache.signing_requested_no_signer": "Signing requested but no signer is configured.",
"common.provcache.cache_entry_not_found": "Cache entry not found for VeriKey: {0}",
"common.provcache.chunk_manifest_not_found": "Chunk manifest not found for proof root: {0}",
"common.provcache.http_timeout_invalid": "Lazy fetch HTTP timeout must be a positive, non-infinite duration.",
"common.provcache.http_base_address_required": "HttpChunkFetcher requires a BaseAddress on the HTTP client.",
"common.provcache.merkle_root_mismatch": "Merkle root mismatch. Expected: {0}, Computed: {1}",
"common.provcache.chunk_verification_failed": "Chunk {0} verification failed. Expected hash: {1}",
"common.provcache.artifact_reference_required": "Artifact reference is required.",
"common.provcache.artifact_digest_required": "Artifact digest is required.",
"common.provcache.decision_digest_required": "DecisionDigest is required.",
"common.provcache.decision_digest_verikey_required": "DecisionDigest.VeriKey is required.",
"common.provcache.digest_empty": "Digest cannot be empty.",
"common.provcache.time_window_required": "Time window cannot be null or empty.",
"common.provcache.vex_hash_required": "VEX hash set hash cannot be null or empty.",
"common.provcache.policy_hash_required": "Policy hash cannot be null or empty.",
"common.provcache.source_hash_required": "Source hash cannot be null or empty.",
"common.provcache.signer_set_hash_required": "Signer set hash cannot be null or empty.",
"common.evidence.toolchain_required": "ToolChain must be set before building index.",
"common.evidence.deserialization_failed": "Failed to deserialize evidence index.",
"common.evidence.verdict_deserialization_failed": "Failed to deserialize verdict.",
"common.evidence.inputs_json_required": "JSON cannot be null or empty.",
"common.evidence.inputs_deserialization_failed": "Failed to deserialize pinned scoring inputs.",
"common.evidence.bundle_alert_id_required": "AlertId is required",
"common.evidence.bundle_artifact_id_required": "ArtifactId is required",
"common.evidence.pdf_export_requires_config": "PDF export requires additional configuration",
"common.evidence.invalid_uri_format": "Invalid evidence URI format: {0}. Expected stella://type/path",
"common.evidence.invalid_uri_missing_path": "Invalid evidence URI format: {0}. Missing path.",
"common.evidence.null_resolver_cannot_resolve": "NullTypeResolver cannot resolve evidence type: {0}",
"common.evidence.schema_resource_not_found": "Schema resource not found: {0}",
"common.evidence.schema_resource_not_available": "Schema resource not available: {0}",
"common.evidence.provenance_deserialize_failed": "Failed to deserialize provenance for evidence {0}",
"common.evidence.bundle_deserialize_failed": "Failed to deserialize verdict bundle",
"common.evidence.delta_verdict_deserialize_failed": "Failed to deserialize delta verdict",
"common.canonicalization.value_empty_after_trim": "Value must not be empty after trimming.",
"common.canonicalization.deserialize_failed": "Failed to deserialize {0}",
"common.canonicalization.datetime_value_null": "DateTimeOffset value is null.",
"common.canonicalization.dict_key_null": "Dictionary key cannot be null.",
"common.audit.replay_token_value_empty": "Token value cannot be empty.",
"common.audit.replay_token_empty": "Token cannot be empty.",
"common.audit.replay_token_format_invalid": "Invalid replay token format: {0}",
"common.audit.replay_token_version_invalid": "Invalid replay token version: {0}",
"common.audit.replay_token_expiration_invalid": "Invalid expiration timestamp in replay token: {0}",
"common.audit.replay_token_duplicate_context_key": "AdditionalContext contains duplicate key after normalization: '{0}'.",
"common.artifact.uri_format_invalid": "Invalid URI format: {0}",
"common.artifact.uri_scheme_not_supported": "URI scheme not supported: {0}",
"common.artifact.file_not_accessible": "File not accessible: {0}",
"common.artifact.file_too_large": "File too large: {0} bytes exceeds 100MB limit",
"common.artifact.uri_not_accessible": "URI not accessible: {0} returned {1}",
"common.artifact.content_too_large": "Content too large: {0} bytes exceeds 100MB limit",
"common.artifact.fetch_failed": "Failed to fetch from {0}: {1}",
"common.delta_verdict.artifact_ref_required": "Artifact reference is required.",
"common.delta_verdict.unsupported_signing_algorithm": "Unsupported signing algorithm: {0}",
"common.delta_verdict.hmac_secret_required": "HMAC signing requires a base64 secret.",
"common.eventing.no_entry_assembly": "No entry assembly found",
"auth.persistence.deserialize_inputs_failed": "Failed to deserialize inputs",
"auth.persistence.deserialize_result_failed": "Failed to deserialize result",
"auth.persistence.revocation_sequence_mismatch": "Revocation export sequence mismatch. Expected {0}, current {1}.",
"auth.persistence.revocation_update_rejected": "Revocation export state update rejected. Expected sequence {0}."
}

411
src/__Libraries/StellaOps.Localization/Translations/uk-UA.common.json Normal file
View File

@@ -0,0 +1,411 @@
{
"_meta": { "locale": "uk-UA", "namespace": "common", "version": "1.1" },
"common.error.generic": "Something went wrong.",
"common.error.not_found": "The requested resource was not found.",
"common.error.entity_not_found": "{0} '{1}' not found.",
"common.error.unauthorized": "You do not have permission to perform this action.",
"common.error.forbidden": "Access denied.",
"common.error.bad_request": "The request is invalid.",
"common.error.conflict": "A conflict occurred. The resource may have been modified.",
"common.error.timeout": "Request timed out after {0} seconds.",
"common.error.server_error": "An internal server error occurred. Please try again later.",
"common.error.service_unavailable": "The service is temporarily unavailable.",
"common.error.too_many_requests": "Too many requests. Please wait and try again.",
"common.error.network": "Network error. Check your connection.",
"common.error.body_required": "Request body is required.",
"common.error.deserialization_failed": "Failed to deserialize {0}.",
"common.error.not_supported": "{0} is not supported.",
"common.error.already_exists": "{0} '{1}' already exists.",
"common.error.revoked": "{0} '{1}' has been revoked and cannot be used.",
"common.error.state_invalid": "{0} '{1}' is not in the expected state. Current state: {2}",
"common.validation.required": "{0} is required.",
"common.validation.invalid": "{0} is invalid.",
"common.validation.too_long": "{0} exceeds the maximum length of {1} characters.",
"common.validation.too_short": "{0} must be at least {1} characters.",
"common.validation.out_of_range": "{0} must be between {1} and {2}.",
"common.validation.invalid_format": "{0} has an invalid format.",
"common.validation.duplicate": "{0} already exists.",
"common.validation.empty_not_allowed": "{0} must not be empty.",
"common.validation.empty_after_trim": "{0} must not be empty after trimming.",
"common.validation.greater_than_zero": "{0} must be greater than zero.",
"common.validation.non_negative": "{0} must be non-negative.",
"common.validation.at_least_one": "At least one {0} must be configured.",
"common.validation.at_least_n": "{0} must have at least {1} entries.",
"common.validation.null_or_empty": "{0} cannot be null or empty.",
"common.validation.absolute_uri": "{0} must be an absolute URI.",
"common.validation.invalid_regex": "{0} '{1}' is not a valid regular expression.",
"common.validation.unknown_value": "{0} '{1}' is not recognized. Allowed values: {2}",
"common.validation.max_exceeded": "{0} must be {1} characters or fewer.",
"common.actions.save": "Save",
"common.actions.cancel": "Cancel",
"common.actions.delete": "Delete",
"common.actions.confirm": "Confirm",
"common.actions.submit": "Submit",
"common.actions.close": "Close",
"common.actions.retry": "Retry",
"common.actions.expand": "Expand",
"common.actions.collapse": "Collapse",
"common.actions.show_more": "Show more",
"common.actions.show_less": "Show less",
"common.status.healthy": "Healthy",
"common.status.degraded": "Degraded",
"common.status.unavailable": "Unavailable",
"common.status.unknown": "Unknown",
"common.status.active": "Active",
"common.status.inactive": "Inactive",
"common.status.pending": "Pending",
"common.status.running": "Running",
"common.status.completed": "Completed",
"common.status.failed": "Failed",
"common.status.canceled": "Canceled",
"common.status.blocked": "Blocked",
"common.severity.critical": "Critical",
"common.severity.high": "High",
"common.severity.medium": "Medium",
"common.severity.low": "Low",
"common.severity.info": "Info",
"common.severity.none": "None",
"common.time.seconds_ago": "{0} seconds ago",
"common.time.minutes_ago": "{0} minutes ago",
"common.time.hours_ago": "{0} hours ago",
"common.time.days_ago": "{0} days ago",
"common.time.just_now": "Just now",
"common.ui.loading": "Loading...",
"common.ui.saving": "Saving...",
"common.ui.deleting": "Deleting...",
"common.ui.submitting": "Submitting...",
"common.ui.no_results": "No results found.",
"common.ui.offline": "You are offline.",
"common.ui.reconnecting": "Reconnecting...",
"common.ui.back_online": "Back online.",
"auth.dpop.proof_lifetime_invalid": "DPoP proof lifetime must be greater than zero.",
"auth.dpop.clock_skew_invalid": "DPoP allowed clock skew must be between 0 seconds and 5 minutes.",
"auth.dpop.replay_window_invalid": "DPoP replay window must be greater than or equal to zero.",
"auth.dpop.algorithm_required": "At least one allowed DPoP algorithm must be configured.",
"auth.dpop.algorithm_empty_after_normalization": "Allowed DPoP algorithms cannot be empty after normalization.",
"auth.dpop.options_required": "DPoP options must be provided.",
"auth.dpop.nonce_ttl_invalid": "Nonce TTL must be greater than zero.",
"auth.dpop.nonce_max_issuance_invalid": "Max issuance per minute must be at least 1.",
"auth.dpop.nonce_store_required": "Dpop.Nonce.Store must be specified.",
"auth.dpop.nonce_store_invalid": "Dpop.Nonce.Store must be either 'memory' or 'redis'.",
"auth.dpop.nonce_redis_required": "Dpop.Nonce.RedisConnectionString must be provided when using the 'redis' store.",
"auth.dpop.nonce_audiences_required": "Dpop.Nonce.RequiredAudiences must include at least one audience.",
"auth.dpop.token_three_segments": "Token must contain three segments.",
"auth.dpop.segment_out_of_range": "Segment index out of range.",
"auth.dpop.header_decode_failed": "Unable to decode header.",
"auth.dpop.header_missing_typ": "DPoP proof missing typ=dpop+jwt header.",
"auth.dpop.header_missing_alg": "DPoP proof missing alg header.",
"auth.dpop.header_unsupported_alg": "Unsupported DPoP algorithm.",
"auth.dpop.header_missing_jwk": "DPoP proof missing jwk header.",
"auth.dpop.header_invalid_jwk": "DPoP proof jwk header is invalid.",
"auth.dpop.payload_decode_failed": "Unable to decode payload.",
"auth.dpop.payload_missing_htm": "DPoP proof missing htm claim.",
"auth.dpop.payload_htm_mismatch": "DPoP htm does not match request method.",
"auth.dpop.payload_missing_htu": "DPoP proof missing htu claim.",
"auth.dpop.payload_htu_mismatch": "DPoP htu does not match request URI.",
"auth.dpop.payload_missing_iat": "DPoP proof missing iat claim.",
"auth.dpop.payload_missing_jti": "DPoP proof missing jti claim.",
"auth.dpop.payload_iat_invalid": "DPoP proof iat claim is not a valid number.",
"auth.dpop.nonce_missing": "DPoP proof missing nonce claim.",
"auth.dpop.nonce_mismatch": "DPoP nonce mismatch.",
"auth.dpop.proof_future": "DPoP proof issued in the future.",
"auth.dpop.proof_expired": "DPoP proof expired.",
"auth.dpop.signature_failed": "DPoP proof signature validation failed.",
"auth.dpop.replay_detected": "DPoP proof already used.",
"config.authority.schema_version_required": "Authority configuration requires a positive schemaVersion.",
"config.authority.issuer_required": "Authority configuration requires an issuer URL.",
"config.authority.issuer_absolute": "Authority issuer must be an absolute URI.",
"config.authority.issuer_https": "Authority issuer must use HTTPS unless running on a loopback interface.",
"config.authority.duplicate_tenant": "Authority configuration contains duplicate tenant identifier '{0}'.",
"config.authority.property_greater_than_zero": "Authority configuration requires {0} to be greater than zero.",
"config.authority.property_max": "Authority configuration requires {0} to be less than or equal to {1}.",
"config.authority.remote_inference_required": "Authority configuration requires at least one advisory AI remote inference profile when remote inference is enabled.",
"config.tenant.id_required": "Each tenant requires an id (slug).",
"config.tenant.id_format": "Tenant id '{0}' must contain only lowercase letters, digits, and hyphen.",
"config.tenant.project_format": "Tenant '{0}' defines project '{1}' which must contain only lowercase letters, digits, and hyphen.",
"config.tenant.role_missing_config": "Tenant '{0}' defines role '{1}' without configuration.",
"config.tenant.role_scope_required": "Tenant '{0}' role '{1}' must specify at least one scope.",
"config.tenant.role_unknown_scope": "Tenant '{0}' role '{1}' references unknown scope '{2}'.",
"config.tenant.role_unsupported_attribute": "Tenant '{0}' role '{1}' defines unsupported attribute '{2}'. Allowed attributes: env, owner, business_tier.",
"config.tenant.delegation_max_tokens": "Tenant '{0}' delegation maxActiveTokens must be greater than zero when specified.",
"config.tenant.remote_inference_disabled": "Tenant remote inference consent cannot be granted when remote inference is disabled.",
"config.tenant.remote_inference_consent_version_length": "Tenant remote inference consentVersion must be {0} characters or fewer.",
"config.tenant.remote_inference_consented_by_length": "Tenant remote inference consentedBy must be {0} characters or fewer.",
"config.tenant.remote_inference_consent_version_required": "Tenant remote inference consent requires consentVersion when consentGranted is true.",
"config.tenant.remote_inference_consented_at_required": "Tenant remote inference consent requires consentedAt when consentGranted is true.",
"config.service_account.id_required": "Delegation service account seeds require an accountId.",
"config.service_account.id_format": "Service account id '{0}' must contain lowercase letters, digits, colon, underscore, or hyphen.",
"config.service_account.tenant_required": "Service account '{0}' requires a tenant assignment.",
"config.service_account.tenant_unknown": "Service account '{0}' references unknown tenant '{1}'.",
"config.service_account.scope_required": "Service account '{0}' must specify at least one allowed scope.",
"config.service_account.unsupported_attribute": "Service account '{0}' defines unsupported attribute '{1}'. Allowed attributes: env, owner, business_tier.",
"config.plugin.assembly_required": "Authority plugin '{0}' must define either assemblyName or assemblyPath.",
"config.plugin.config_file_required": "Authority plugin '{0}' must define a configFile.",
"config.plugin.config_file_missing": "Authority plugin '{0}' specifies configFile '{1}' which does not exist.",
"config.plugin.unknown_capability": "Authority plugin '{0}' declares unknown capability '{1}'. Allowed values: password, mfa, clientProvisioning, bootstrap.",
"config.plugin.descriptor_null": "Authority plugin descriptor '{0}' is null.",
"config.delegation.duplicate_account": "Delegation configuration contains duplicate service account id '{0}'.",
"config.delegation.quota_max_tokens": "Authority delegation configuration requires {0}.MaxActiveTokens to be greater than zero.",
"config.mtls.rotation_grace_negative": "Mtls.RotationGrace must be non-negative.",
"config.mtls.audiences_required": "Mtls.EnforceForAudiences must include at least one audience when enabled.",
"config.mtls.ca_empty": "Mtls.AllowedCertificateAuthorities entries must not be empty.",
"config.mtls.san_types_required": "Mtls.AllowedSanTypes must include at least one entry when enabled.",
"config.mtls.subject_patterns_empty": "Mtls.AllowedSubjectPatterns entries must not be empty.",
"config.mtls.subject_pattern_invalid": "Mtls.AllowedSubjectPatterns entry '{0}' is not a valid regular expression.",
"config.signing.key_id_required": "Authority signing configuration requires signing.activeKeyId.",
"config.signing.key_path_required": "Authority signing configuration requires signing.keyPath.",
"config.signing.jwks_cache_range": "Authority signing configuration requires signing.jwksCacheLifetime to be between 00:00:01 and 01:00:00.",
"config.signing.additional_key_id_required": "Additional signing keys require a keyId.",
"config.signing.additional_key_path_required": "Signing key '{0}' requires a path.",
"config.bootstrap.api_key_required": "Authority bootstrap configuration requires an API key when enabled.",
"config.bootstrap.idp_required": "Authority bootstrap configuration requires a default identity provider name when enabled.",
"config.rate_limit.permit_limit": "Authority rate limiting '{0}' requires permitLimit to be greater than zero.",
"config.rate_limit.queue_limit": "Authority rate limiting '{0}' queueLimit cannot be negative.",
"config.rate_limit.window": "Authority rate limiting '{0}' window must be greater than zero and no more than one hour.",
"config.storage.connection_required": "Authority storage requires a connection string.",
"config.storage.timeout_invalid": "Authority storage command timeout must be greater than zero.",
"config.ack_token.payload_type_required": "notifications.ackTokens.payloadType must be specified when ack tokens are enabled.",
"config.ack_token.default_lifetime_invalid": "notifications.ackTokens.defaultLifetime must be greater than zero.",
"config.ack_token.max_lifetime_invalid": "notifications.ackTokens.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.ack_token.key_id_required": "notifications.ackTokens.activeKeyId must be provided when ack tokens are enabled.",
"config.ack_token.key_path_required": "notifications.ackTokens.keyPath must be provided when ack tokens are enabled.",
"config.ack_token.jwks_cache_range": "notifications.ackTokens.jwksCacheLifetime must be between 00:00:01 and 01:00:00.",
"config.exceptions.null_template": "Authority exception routing template entries must not be null.",
"config.exceptions.duplicate_template": "Authority exception routing template '{0}' is configured more than once.",
"config.exceptions.template_id_required": "Authority exception routing templates require an id.",
"config.exceptions.template_route_required": "Authority exception routing template '{0}' requires authorityRouteId.",
"config.sealed_mode.evidence_path_required": "AirGap.SealedMode.EvidencePath must be provided when enforcement is enabled.",
"config.sealed_mode.max_age_range": "AirGap.SealedMode.MaxEvidenceAge must be between 00:00:01 and 7.00:00:00.",
"config.sealed_mode.cache_lifetime_range": "AirGap.SealedMode.CacheLifetime must be greater than zero and less than or equal to AirGap.SealedMode.MaxEvidenceAge.",
"config.webhook.hosts_required": "notifications.webhooks.allowedHosts must include at least one host when enabled.",
"config.escalation.scope_required": "notifications.escalation.scope must be specified.",
"config.anti_forgery.audience_required": "vulnerabilityExplorer.workflow.antiForgery.audience must be specified when anti-forgery tokens are enabled.",
"config.anti_forgery.default_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.defaultLifetime must be greater than zero.",
"config.anti_forgery.max_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.anti_forgery.max_context_entries": "vulnerabilityExplorer.workflow.antiForgery.maxContextEntries must be non-negative.",
"config.anti_forgery.max_context_value_length": "vulnerabilityExplorer.workflow.antiForgery.maxContextValueLength must be greater than zero.",
"config.attachment.default_lifetime_invalid": "vulnerabilityExplorer.attachments.defaultLifetime must be greater than zero when attachment tokens are enabled.",
"config.attachment.max_lifetime_invalid": "vulnerabilityExplorer.attachments.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.attachment.payload_type_required": "vulnerabilityExplorer.attachments.payloadType must be specified when attachment tokens are enabled.",
"config.attachment.max_metadata_entries": "vulnerabilityExplorer.attachments.maxMetadataEntries must be non-negative.",
"config.attachment.max_metadata_value_length": "vulnerabilityExplorer.attachments.maxMetadataValueLength must be greater than zero.",
"config.api_lifecycle.sunset_after_deprecation": "Legacy auth sunset date must be after the deprecation date.",
"config.api_lifecycle.docs_url_format": "Legacy auth documentation URL must be an absolute HTTP or HTTPS URL.",
"crypto.provider.algorithm_not_supported": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.hash_not_supported": "Hash algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.verify_not_supported": "Verification algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.key_not_registered": "Signing key '{0}' is not registered with provider '{1}'.",
"crypto.provider.key_algorithm_mismatch": "Signing key '{0}' is registered for algorithm '{1}', not '{2}'.",
"crypto.provider.ec_keys_only": "Provider '{0}' only accepts EC signing keys.",
"crypto.provider.no_password_hashing": "Provider '{0}' does not expose password hashing capabilities.",
"crypto.provider.no_content_hashing": "Provider '{0}' does not support content hashing.",
"crypto.provider.no_ephemeral_verification": "Provider '{0}' does not support ephemeral verification.",
"crypto.provider.not_signing_capable": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.es256_only": "Only ES256 signing keys are currently supported by provider '{0}'.",
"crypto.provider.p256_required": "ES256 signing keys must use the NIST P-256 curve.",
"crypto.provider.curve_mismatch": "Signing key curve mismatch. Expected curve '{0}' for algorithm '{1}'.",
"crypto.registry.empty": "At least one crypto provider must be registered.",
"crypto.registry.algorithm_required": "Algorithm identifier is required.",
"crypto.registry.signing_not_supported": "Signing algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.hash_not_supported": "Hash algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.verify_not_supported": "Verification algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.active_profile_required": "Active profile is required.",
"crypto.registry.profile_not_found": "Profile ID '{0}' is not found in the registry.",
"crypto.registry.profile_id_required": "Profile ID cannot be null or empty.",
"crypto.key.algorithm_required": "Algorithm identifier is required.",
"crypto.key.private_scalar_required": "Private key parameters must include the scalar component.",
"crypto.key.verification_only": "This constructor is only for verification-only keys. Set verificationOnly to true.",
"crypto.key.public_xy_required": "Public key parameters must include X and Y coordinates.",
"crypto.key.private_material_required": "Private key material must be provided.",
"crypto.hash.algorithm_unsupported": "Unsupported hash algorithm '{0}'.",
"crypto.hash.purpose_required": "Purpose cannot be null or empty.",
"crypto.hmac.algorithm_unknown": "Unknown HMAC algorithm '{0}'.",
"crypto.hmac.algorithm_unsupported": "Unsupported HMAC algorithm '{0}'.",
"crypto.ecdsa.algorithm_unsupported": "Unsupported ECDSA signing algorithm '{0}'.",
"crypto.ecdsa.curve_unsupported": "Unsupported ECDSA curve mapping for algorithm '{0}'.",
"crypto.digest.required": "Digest is required.",
"crypto.digest.prefix_required": "{0} must start with '{1}'.",
"crypto.digest.algorithm_unsupported": "Unsupported digest algorithm in '{0}'. Only sha256 is supported.",
"crypto.digest.hex_length": "{0} must contain {1} hexadecimal characters.",
"crypto.password.memory_cost_invalid": "Password hashing memory cost must be greater than zero.",
"crypto.password.iterations_invalid": "Password hashing iteration count must be greater than zero.",
"crypto.password.parallelism_invalid": "Password hashing parallelism must be greater than zero.",
"crypto.password.algorithm_mismatch": "{0} only supports the {1} algorithm.",
"crypto.password.pbkdf2_iterations": "PBKDF2 requires a positive iteration count.",
"crypto.gost.not_der": "Signature is not DER encoded.",
"crypto.gost.invalid_der": "Invalid DER structure for GOST signature.",
"crypto.gost.raw_length": "Raw GOST signature must be {0} bytes.",
"crypto.gost.neither_format": "Signature payload is neither DER nor raw GOST format.",
"crypto.gost.coordinate_overflow": "Coordinate exceeds expected length.",
"crypto.profile.unknown_purpose": "Unknown hash purpose '{0}' in profile '{1}'.",
"crypto.compliance.at_least_one_signing": "At least one signing algorithm must be supplied.",
"crypto.compliance.at_least_one_hash": "At least one hash algorithm must be supplied.",
"crypto.ed25519.private_key_size": "Ed25519 private key must be 32 or 64 bytes.",
"crypto.ed25519.public_key_size": "Ed25519 public key must be 32 bytes.",
"crypto.ed25519.no_hashing": "BouncyCastle Ed25519 provider does not expose hashing capabilities.",
"crypto.ed25519.raw_key_required": "Provider '{0}' requires raw Ed25519 private key material.",
"crypto.sm.no_password_hashing": "SM provider does not expose password hashing.",
"crypto.sm.raw_key_required": "SM2 provider requires raw private key bytes (PKCS#8 DER).",
"crypto.sm.unsupported_format": "Unsupported SM2 key format. Expect PEM or PKCS#8 DER.",
"crypto.sm.disabled": "Provider '{0}' is disabled. Set {1}=1 (or disable RequireEnvironmentGate) to enable software SM2/SM3.",
"crypto.di.registry_empty": "Crypto provider registry cannot be empty. Configure at least one provider for RU deployments.",
"crypto.di.ru_openssl_required": "Linux RU baseline requires provider 'ru.openssl.gost' (set STELLAOPS_CRYPTO_ENABLE_RU_OPENSSL=0 to override explicitly).",
"crypto.di.ru_provider_required": "RU Linux baseline is misconfigured: both ru.openssl.gost and ru.pkcs11 are disabled via environment. Enable at least one provider.",
"crypto.di.no_plugins_loaded": "No crypto providers were loaded. Check plugin configuration and manifest.",
"crypto.kms.rotation_via_policy": "{0} rotation must be orchestrated via {1} policies or schedules.",
"crypto.kms.revocation_via_policy": "{0} revocation must be managed through {1} APIs or console.",
"crypto.kms.public_key_missing_x": "Public key missing X coordinate.",
"crypto.kms.public_key_missing_y": "Public key missing Y coordinate.",
"crypto.kms.hash_failed": "Failed to hash payload with SHA-256.",
"crypto.kms.key_not_found": "Key '{0}' does not exist.",
"crypto.kms.key_revoked": "Key '{0}' has been revoked and cannot be rotated.",
"crypto.kms.key_revoked_signing": "Key '{0}' is revoked and cannot be used for signing.",
"crypto.kms.key_version_not_found": "Key version '{0}' does not exist for key '{1}'.",
"crypto.kms.key_no_active_version": "Key '{0}' does not have an active version.",
"crypto.kms.key_version_inactive": "Key version '{0}' is not active. Current state: {1}",
"crypto.kms.key_no_public_material": "Key '{0}' version '{1}' does not have public key material.",
"crypto.kms.algorithm_unsupported": "Algorithm '{0}' is not supported by the file KMS driver.",
"crypto.kms.curve_unsupported": "Curve '{0}' is not supported.",
"crypto.kms.metadata_failed": "Failed to create or load key metadata.",
"crypto.kms.algorithm_mismatch": "Algorithm mismatch. Expected '{0}', received '{1}'.",
"crypto.kms.version_exists": "Key version '{0}' already exists for key '{1}'.",
"crypto.kms.material_not_found": "Key material for version '{0}' was not found.",
"crypto.kms.envelope_deserialize_failed": "Key envelope could not be deserialized.",
"crypto.kms.payload_deserialize_failed": "Key payload could not be deserialized.",
"crypto.kms.pem_empty": "Public key PEM cannot be empty.",
"crypto.kms.no_primary_version": "Crypto key '{0}' does not have an active primary version.",
"crypto.kms.es256_only": "Provider '{0}' only supports ES256 signing keys.",
"crypto.kms.version_metadata_required": "KMS signing keys must include metadata entry 'kms.version'.",
"crypto.kms.missing_public_key": "KMS signing key is missing public key material.",
"crypto.fido2.curve_unsupported": "Unsupported FIDO2 curve OID '{0}'.",
"crypto.fido2.rotation_required": "FIDO2 credential rotation requires new enrolment.",
"crypto.fido2.revocation_relying_party": "FIDO2 credential revocation must be managed in the relying party.",
"crypto.fido2.missing_x": "FIDO2 public key missing X coordinate.",
"crypto.fido2.missing_y": "FIDO2 public key missing Y coordinate.",
"crypto.fido2.authenticator_required": "IFido2Authenticator must be registered to use FIDO2 KMS.",
"crypto.pkcs11.rotation_hsm": "PKCS#11 rotation requires HSM administrative tooling.",
"crypto.pkcs11.revocation_hsm": "PKCS#11 revocation must be handled by HSM policies.",
"crypto.pkcs11.slot_not_found": "Could not resolve PKCS#11 slot.",
"crypto.pkcs11.private_key_not_found": "PKCS#11 private key not found.",
"crypto.pkcs11.public_key_not_found": "PKCS#11 public key not found.",
"crypto.pkcs11.missing_ec_point": "Public key missing EC point.",
"crypto.pkcs11.missing_ec_params": "Public key missing EC parameters.",
"crypto.pkcs11.unsupported_point_format": "Unsupported EC point format.",
"crypto.pkcs11.curve_oid_unsupported": "Unsupported EC curve OID '{0}'.",
"crypto.pkcs11.curve_unsupported": "Unsupported EC curve '{0}'.",
"common.provcache.sbom_hash_required": "SBOM hash cannot be null or empty.",
"common.provcache.fetch_url_absolute": "Lazy fetch base URL must be absolute.",
"common.provcache.fetch_url_no_userinfo": "Lazy fetch base URL must not include user info.",
"common.provcache.fetch_url_host_required": "Lazy fetch base URL must include a host.",
"common.provcache.fetch_url_scheme_invalid": "Lazy fetch base URL scheme '{0}' is not allowed.",
"common.provcache.fetch_url_host_invalid": "Lazy fetch base URL host '{0}' is not allowlisted.",
"common.provcache.no_chunks_provided": "No chunks provided.",
"common.provcache.bundle_deserialize_failed": "Failed to deserialize bundle.",
"common.provcache.signer_not_configured": "Signer is not configured.",
"common.provcache.signing_requested_no_signer": "Signing requested but no signer is configured.",
"common.provcache.cache_entry_not_found": "Cache entry not found for VeriKey: {0}",
"common.provcache.chunk_manifest_not_found": "Chunk manifest not found for proof root: {0}",
"common.provcache.http_timeout_invalid": "Lazy fetch HTTP timeout must be a positive, non-infinite duration.",
"common.provcache.http_base_address_required": "HttpChunkFetcher requires a BaseAddress on the HTTP client.",
"common.provcache.merkle_root_mismatch": "Merkle root mismatch. Expected: {0}, Computed: {1}",
"common.provcache.chunk_verification_failed": "Chunk {0} verification failed. Expected hash: {1}",
"common.provcache.artifact_reference_required": "Artifact reference is required.",
"common.provcache.artifact_digest_required": "Artifact digest is required.",
"common.provcache.decision_digest_required": "DecisionDigest is required.",
"common.provcache.decision_digest_verikey_required": "DecisionDigest.VeriKey is required.",
"common.provcache.digest_empty": "Digest cannot be empty.",
"common.provcache.time_window_required": "Time window cannot be null or empty.",
"common.provcache.vex_hash_required": "VEX hash set hash cannot be null or empty.",
"common.provcache.policy_hash_required": "Policy hash cannot be null or empty.",
"common.provcache.source_hash_required": "Source hash cannot be null or empty.",
"common.provcache.signer_set_hash_required": "Signer set hash cannot be null or empty.",
"common.evidence.toolchain_required": "ToolChain must be set before building index.",
"common.evidence.deserialization_failed": "Failed to deserialize evidence index.",
"common.evidence.verdict_deserialization_failed": "Failed to deserialize verdict.",
"common.evidence.inputs_json_required": "JSON cannot be null or empty.",
"common.evidence.inputs_deserialization_failed": "Failed to deserialize pinned scoring inputs.",
"common.evidence.bundle_alert_id_required": "AlertId is required",
"common.evidence.bundle_artifact_id_required": "ArtifactId is required",
"common.evidence.pdf_export_requires_config": "PDF export requires additional configuration",
"common.evidence.invalid_uri_format": "Invalid evidence URI format: {0}. Expected stella://type/path",
"common.evidence.invalid_uri_missing_path": "Invalid evidence URI format: {0}. Missing path.",
"common.evidence.null_resolver_cannot_resolve": "NullTypeResolver cannot resolve evidence type: {0}",
"common.evidence.schema_resource_not_found": "Schema resource not found: {0}",
"common.evidence.schema_resource_not_available": "Schema resource not available: {0}",
"common.evidence.provenance_deserialize_failed": "Failed to deserialize provenance for evidence {0}",
"common.evidence.bundle_deserialize_failed": "Failed to deserialize verdict bundle",
"common.evidence.delta_verdict_deserialize_failed": "Failed to deserialize delta verdict",
"common.canonicalization.value_empty_after_trim": "Value must not be empty after trimming.",
"common.canonicalization.deserialize_failed": "Failed to deserialize {0}",
"common.canonicalization.datetime_value_null": "DateTimeOffset value is null.",
"common.canonicalization.dict_key_null": "Dictionary key cannot be null.",
"common.audit.replay_token_value_empty": "Token value cannot be empty.",
"common.audit.replay_token_empty": "Token cannot be empty.",
"common.audit.replay_token_format_invalid": "Invalid replay token format: {0}",
"common.audit.replay_token_version_invalid": "Invalid replay token version: {0}",
"common.audit.replay_token_expiration_invalid": "Invalid expiration timestamp in replay token: {0}",
"common.audit.replay_token_duplicate_context_key": "AdditionalContext contains duplicate key after normalization: '{0}'.",
"common.artifact.uri_format_invalid": "Invalid URI format: {0}",
"common.artifact.uri_scheme_not_supported": "URI scheme not supported: {0}",
"common.artifact.file_not_accessible": "File not accessible: {0}",
"common.artifact.file_too_large": "File too large: {0} bytes exceeds 100MB limit",
"common.artifact.uri_not_accessible": "URI not accessible: {0} returned {1}",
"common.artifact.content_too_large": "Content too large: {0} bytes exceeds 100MB limit",
"common.artifact.fetch_failed": "Failed to fetch from {0}: {1}",
"common.delta_verdict.artifact_ref_required": "Artifact reference is required.",
"common.delta_verdict.unsupported_signing_algorithm": "Unsupported signing algorithm: {0}",
"common.delta_verdict.hmac_secret_required": "HMAC signing requires a base64 secret.",
"common.eventing.no_entry_assembly": "No entry assembly found",
"auth.persistence.deserialize_inputs_failed": "Failed to deserialize inputs",
"auth.persistence.deserialize_result_failed": "Failed to deserialize result",
"auth.persistence.revocation_sequence_mismatch": "Revocation export sequence mismatch. Expected {0}, current {1}.",
"auth.persistence.revocation_update_rejected": "Revocation export state update rejected. Expected sequence {0}."
}

411
src/__Libraries/StellaOps.Localization/Translations/zh-CN.common.json Normal file
View File

@@ -0,0 +1,411 @@
{
"_meta": { "locale": "zh-CN", "namespace": "common", "version": "1.1" },
"common.error.generic": "Something went wrong.",
"common.error.not_found": "The requested resource was not found.",
"common.error.entity_not_found": "{0} '{1}' not found.",
"common.error.unauthorized": "You do not have permission to perform this action.",
"common.error.forbidden": "Access denied.",
"common.error.bad_request": "The request is invalid.",
"common.error.conflict": "A conflict occurred. The resource may have been modified.",
"common.error.timeout": "Request timed out after {0} seconds.",
"common.error.server_error": "An internal server error occurred. Please try again later.",
"common.error.service_unavailable": "The service is temporarily unavailable.",
"common.error.too_many_requests": "Too many requests. Please wait and try again.",
"common.error.network": "Network error. Check your connection.",
"common.error.body_required": "Request body is required.",
"common.error.deserialization_failed": "Failed to deserialize {0}.",
"common.error.not_supported": "{0} is not supported.",
"common.error.already_exists": "{0} '{1}' already exists.",
"common.error.revoked": "{0} '{1}' has been revoked and cannot be used.",
"common.error.state_invalid": "{0} '{1}' is not in the expected state. Current state: {2}",
"common.validation.required": "{0} is required.",
"common.validation.invalid": "{0} is invalid.",
"common.validation.too_long": "{0} exceeds the maximum length of {1} characters.",
"common.validation.too_short": "{0} must be at least {1} characters.",
"common.validation.out_of_range": "{0} must be between {1} and {2}.",
"common.validation.invalid_format": "{0} has an invalid format.",
"common.validation.duplicate": "{0} already exists.",
"common.validation.empty_not_allowed": "{0} must not be empty.",
"common.validation.empty_after_trim": "{0} must not be empty after trimming.",
"common.validation.greater_than_zero": "{0} must be greater than zero.",
"common.validation.non_negative": "{0} must be non-negative.",
"common.validation.at_least_one": "At least one {0} must be configured.",
"common.validation.at_least_n": "{0} must have at least {1} entries.",
"common.validation.null_or_empty": "{0} cannot be null or empty.",
"common.validation.absolute_uri": "{0} must be an absolute URI.",
"common.validation.invalid_regex": "{0} '{1}' is not a valid regular expression.",
"common.validation.unknown_value": "{0} '{1}' is not recognized. Allowed values: {2}",
"common.validation.max_exceeded": "{0} must be {1} characters or fewer.",
"common.actions.save": "Save",
"common.actions.cancel": "Cancel",
"common.actions.delete": "Delete",
"common.actions.confirm": "Confirm",
"common.actions.submit": "Submit",
"common.actions.close": "Close",
"common.actions.retry": "Retry",
"common.actions.expand": "Expand",
"common.actions.collapse": "Collapse",
"common.actions.show_more": "Show more",
"common.actions.show_less": "Show less",
"common.status.healthy": "Healthy",
"common.status.degraded": "Degraded",
"common.status.unavailable": "Unavailable",
"common.status.unknown": "Unknown",
"common.status.active": "Active",
"common.status.inactive": "Inactive",
"common.status.pending": "Pending",
"common.status.running": "Running",
"common.status.completed": "Completed",
"common.status.failed": "Failed",
"common.status.canceled": "Canceled",
"common.status.blocked": "Blocked",
"common.severity.critical": "Critical",
"common.severity.high": "High",
"common.severity.medium": "Medium",
"common.severity.low": "Low",
"common.severity.info": "Info",
"common.severity.none": "None",
"common.time.seconds_ago": "{0} seconds ago",
"common.time.minutes_ago": "{0} minutes ago",
"common.time.hours_ago": "{0} hours ago",
"common.time.days_ago": "{0} days ago",
"common.time.just_now": "Just now",
"common.ui.loading": "Loading...",
"common.ui.saving": "Saving...",
"common.ui.deleting": "Deleting...",
"common.ui.submitting": "Submitting...",
"common.ui.no_results": "No results found.",
"common.ui.offline": "You are offline.",
"common.ui.reconnecting": "Reconnecting...",
"common.ui.back_online": "Back online.",
"auth.dpop.proof_lifetime_invalid": "DPoP proof lifetime must be greater than zero.",
"auth.dpop.clock_skew_invalid": "DPoP allowed clock skew must be between 0 seconds and 5 minutes.",
"auth.dpop.replay_window_invalid": "DPoP replay window must be greater than or equal to zero.",
"auth.dpop.algorithm_required": "At least one allowed DPoP algorithm must be configured.",
"auth.dpop.algorithm_empty_after_normalization": "Allowed DPoP algorithms cannot be empty after normalization.",
"auth.dpop.options_required": "DPoP options must be provided.",
"auth.dpop.nonce_ttl_invalid": "Nonce TTL must be greater than zero.",
"auth.dpop.nonce_max_issuance_invalid": "Max issuance per minute must be at least 1.",
"auth.dpop.nonce_store_required": "Dpop.Nonce.Store must be specified.",
"auth.dpop.nonce_store_invalid": "Dpop.Nonce.Store must be either 'memory' or 'redis'.",
"auth.dpop.nonce_redis_required": "Dpop.Nonce.RedisConnectionString must be provided when using the 'redis' store.",
"auth.dpop.nonce_audiences_required": "Dpop.Nonce.RequiredAudiences must include at least one audience.",
"auth.dpop.token_three_segments": "Token must contain three segments.",
"auth.dpop.segment_out_of_range": "Segment index out of range.",
"auth.dpop.header_decode_failed": "Unable to decode header.",
"auth.dpop.header_missing_typ": "DPoP proof missing typ=dpop+jwt header.",
"auth.dpop.header_missing_alg": "DPoP proof missing alg header.",
"auth.dpop.header_unsupported_alg": "Unsupported DPoP algorithm.",
"auth.dpop.header_missing_jwk": "DPoP proof missing jwk header.",
"auth.dpop.header_invalid_jwk": "DPoP proof jwk header is invalid.",
"auth.dpop.payload_decode_failed": "Unable to decode payload.",
"auth.dpop.payload_missing_htm": "DPoP proof missing htm claim.",
"auth.dpop.payload_htm_mismatch": "DPoP htm does not match request method.",
"auth.dpop.payload_missing_htu": "DPoP proof missing htu claim.",
"auth.dpop.payload_htu_mismatch": "DPoP htu does not match request URI.",
"auth.dpop.payload_missing_iat": "DPoP proof missing iat claim.",
"auth.dpop.payload_missing_jti": "DPoP proof missing jti claim.",
"auth.dpop.payload_iat_invalid": "DPoP proof iat claim is not a valid number.",
"auth.dpop.nonce_missing": "DPoP proof missing nonce claim.",
"auth.dpop.nonce_mismatch": "DPoP nonce mismatch.",
"auth.dpop.proof_future": "DPoP proof issued in the future.",
"auth.dpop.proof_expired": "DPoP proof expired.",
"auth.dpop.signature_failed": "DPoP proof signature validation failed.",
"auth.dpop.replay_detected": "DPoP proof already used.",
"config.authority.schema_version_required": "Authority configuration requires a positive schemaVersion.",
"config.authority.issuer_required": "Authority configuration requires an issuer URL.",
"config.authority.issuer_absolute": "Authority issuer must be an absolute URI.",
"config.authority.issuer_https": "Authority issuer must use HTTPS unless running on a loopback interface.",
"config.authority.duplicate_tenant": "Authority configuration contains duplicate tenant identifier '{0}'.",
"config.authority.property_greater_than_zero": "Authority configuration requires {0} to be greater than zero.",
"config.authority.property_max": "Authority configuration requires {0} to be less than or equal to {1}.",
"config.authority.remote_inference_required": "Authority configuration requires at least one advisory AI remote inference profile when remote inference is enabled.",
"config.tenant.id_required": "Each tenant requires an id (slug).",
"config.tenant.id_format": "Tenant id '{0}' must contain only lowercase letters, digits, and hyphen.",
"config.tenant.project_format": "Tenant '{0}' defines project '{1}' which must contain only lowercase letters, digits, and hyphen.",
"config.tenant.role_missing_config": "Tenant '{0}' defines role '{1}' without configuration.",
"config.tenant.role_scope_required": "Tenant '{0}' role '{1}' must specify at least one scope.",
"config.tenant.role_unknown_scope": "Tenant '{0}' role '{1}' references unknown scope '{2}'.",
"config.tenant.role_unsupported_attribute": "Tenant '{0}' role '{1}' defines unsupported attribute '{2}'. Allowed attributes: env, owner, business_tier.",
"config.tenant.delegation_max_tokens": "Tenant '{0}' delegation maxActiveTokens must be greater than zero when specified.",
"config.tenant.remote_inference_disabled": "Tenant remote inference consent cannot be granted when remote inference is disabled.",
"config.tenant.remote_inference_consent_version_length": "Tenant remote inference consentVersion must be {0} characters or fewer.",
"config.tenant.remote_inference_consented_by_length": "Tenant remote inference consentedBy must be {0} characters or fewer.",
"config.tenant.remote_inference_consent_version_required": "Tenant remote inference consent requires consentVersion when consentGranted is true.",
"config.tenant.remote_inference_consented_at_required": "Tenant remote inference consent requires consentedAt when consentGranted is true.",
"config.service_account.id_required": "Delegation service account seeds require an accountId.",
"config.service_account.id_format": "Service account id '{0}' must contain lowercase letters, digits, colon, underscore, or hyphen.",
"config.service_account.tenant_required": "Service account '{0}' requires a tenant assignment.",
"config.service_account.tenant_unknown": "Service account '{0}' references unknown tenant '{1}'.",
"config.service_account.scope_required": "Service account '{0}' must specify at least one allowed scope.",
"config.service_account.unsupported_attribute": "Service account '{0}' defines unsupported attribute '{1}'. Allowed attributes: env, owner, business_tier.",
"config.plugin.assembly_required": "Authority plugin '{0}' must define either assemblyName or assemblyPath.",
"config.plugin.config_file_required": "Authority plugin '{0}' must define a configFile.",
"config.plugin.config_file_missing": "Authority plugin '{0}' specifies configFile '{1}' which does not exist.",
"config.plugin.unknown_capability": "Authority plugin '{0}' declares unknown capability '{1}'. Allowed values: password, mfa, clientProvisioning, bootstrap.",
"config.plugin.descriptor_null": "Authority plugin descriptor '{0}' is null.",
"config.delegation.duplicate_account": "Delegation configuration contains duplicate service account id '{0}'.",
"config.delegation.quota_max_tokens": "Authority delegation configuration requires {0}.MaxActiveTokens to be greater than zero.",
"config.mtls.rotation_grace_negative": "Mtls.RotationGrace must be non-negative.",
"config.mtls.audiences_required": "Mtls.EnforceForAudiences must include at least one audience when enabled.",
"config.mtls.ca_empty": "Mtls.AllowedCertificateAuthorities entries must not be empty.",
"config.mtls.san_types_required": "Mtls.AllowedSanTypes must include at least one entry when enabled.",
"config.mtls.subject_patterns_empty": "Mtls.AllowedSubjectPatterns entries must not be empty.",
"config.mtls.subject_pattern_invalid": "Mtls.AllowedSubjectPatterns entry '{0}' is not a valid regular expression.",
"config.signing.key_id_required": "Authority signing configuration requires signing.activeKeyId.",
"config.signing.key_path_required": "Authority signing configuration requires signing.keyPath.",
"config.signing.jwks_cache_range": "Authority signing configuration requires signing.jwksCacheLifetime to be between 00:00:01 and 01:00:00.",
"config.signing.additional_key_id_required": "Additional signing keys require a keyId.",
"config.signing.additional_key_path_required": "Signing key '{0}' requires a path.",
"config.bootstrap.api_key_required": "Authority bootstrap configuration requires an API key when enabled.",
"config.bootstrap.idp_required": "Authority bootstrap configuration requires a default identity provider name when enabled.",
"config.rate_limit.permit_limit": "Authority rate limiting '{0}' requires permitLimit to be greater than zero.",
"config.rate_limit.queue_limit": "Authority rate limiting '{0}' queueLimit cannot be negative.",
"config.rate_limit.window": "Authority rate limiting '{0}' window must be greater than zero and no more than one hour.",
"config.storage.connection_required": "Authority storage requires a connection string.",
"config.storage.timeout_invalid": "Authority storage command timeout must be greater than zero.",
"config.ack_token.payload_type_required": "notifications.ackTokens.payloadType must be specified when ack tokens are enabled.",
"config.ack_token.default_lifetime_invalid": "notifications.ackTokens.defaultLifetime must be greater than zero.",
"config.ack_token.max_lifetime_invalid": "notifications.ackTokens.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.ack_token.key_id_required": "notifications.ackTokens.activeKeyId must be provided when ack tokens are enabled.",
"config.ack_token.key_path_required": "notifications.ackTokens.keyPath must be provided when ack tokens are enabled.",
"config.ack_token.jwks_cache_range": "notifications.ackTokens.jwksCacheLifetime must be between 00:00:01 and 01:00:00.",
"config.exceptions.null_template": "Authority exception routing template entries must not be null.",
"config.exceptions.duplicate_template": "Authority exception routing template '{0}' is configured more than once.",
"config.exceptions.template_id_required": "Authority exception routing templates require an id.",
"config.exceptions.template_route_required": "Authority exception routing template '{0}' requires authorityRouteId.",
"config.sealed_mode.evidence_path_required": "AirGap.SealedMode.EvidencePath must be provided when enforcement is enabled.",
"config.sealed_mode.max_age_range": "AirGap.SealedMode.MaxEvidenceAge must be between 00:00:01 and 7.00:00:00.",
"config.sealed_mode.cache_lifetime_range": "AirGap.SealedMode.CacheLifetime must be greater than zero and less than or equal to AirGap.SealedMode.MaxEvidenceAge.",
"config.webhook.hosts_required": "notifications.webhooks.allowedHosts must include at least one host when enabled.",
"config.escalation.scope_required": "notifications.escalation.scope must be specified.",
"config.anti_forgery.audience_required": "vulnerabilityExplorer.workflow.antiForgery.audience must be specified when anti-forgery tokens are enabled.",
"config.anti_forgery.default_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.defaultLifetime must be greater than zero.",
"config.anti_forgery.max_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.anti_forgery.max_context_entries": "vulnerabilityExplorer.workflow.antiForgery.maxContextEntries must be non-negative.",
"config.anti_forgery.max_context_value_length": "vulnerabilityExplorer.workflow.antiForgery.maxContextValueLength must be greater than zero.",
"config.attachment.default_lifetime_invalid": "vulnerabilityExplorer.attachments.defaultLifetime must be greater than zero when attachment tokens are enabled.",
"config.attachment.max_lifetime_invalid": "vulnerabilityExplorer.attachments.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.attachment.payload_type_required": "vulnerabilityExplorer.attachments.payloadType must be specified when attachment tokens are enabled.",
"config.attachment.max_metadata_entries": "vulnerabilityExplorer.attachments.maxMetadataEntries must be non-negative.",
"config.attachment.max_metadata_value_length": "vulnerabilityExplorer.attachments.maxMetadataValueLength must be greater than zero.",
"config.api_lifecycle.sunset_after_deprecation": "Legacy auth sunset date must be after the deprecation date.",
"config.api_lifecycle.docs_url_format": "Legacy auth documentation URL must be an absolute HTTP or HTTPS URL.",
"crypto.provider.algorithm_not_supported": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.hash_not_supported": "Hash algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.verify_not_supported": "Verification algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.key_not_registered": "Signing key '{0}' is not registered with provider '{1}'.",
"crypto.provider.key_algorithm_mismatch": "Signing key '{0}' is registered for algorithm '{1}', not '{2}'.",
"crypto.provider.ec_keys_only": "Provider '{0}' only accepts EC signing keys.",
"crypto.provider.no_password_hashing": "Provider '{0}' does not expose password hashing capabilities.",
"crypto.provider.no_content_hashing": "Provider '{0}' does not support content hashing.",
"crypto.provider.no_ephemeral_verification": "Provider '{0}' does not support ephemeral verification.",
"crypto.provider.not_signing_capable": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.es256_only": "Only ES256 signing keys are currently supported by provider '{0}'.",
"crypto.provider.p256_required": "ES256 signing keys must use the NIST P-256 curve.",
"crypto.provider.curve_mismatch": "Signing key curve mismatch. Expected curve '{0}' for algorithm '{1}'.",
"crypto.registry.empty": "At least one crypto provider must be registered.",
"crypto.registry.algorithm_required": "Algorithm identifier is required.",
"crypto.registry.signing_not_supported": "Signing algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.hash_not_supported": "Hash algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.verify_not_supported": "Verification algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.active_profile_required": "Active profile is required.",
"crypto.registry.profile_not_found": "Profile ID '{0}' is not found in the registry.",
"crypto.registry.profile_id_required": "Profile ID cannot be null or empty.",
"crypto.key.algorithm_required": "Algorithm identifier is required.",
"crypto.key.private_scalar_required": "Private key parameters must include the scalar component.",
"crypto.key.verification_only": "This constructor is only for verification-only keys. Set verificationOnly to true.",
"crypto.key.public_xy_required": "Public key parameters must include X and Y coordinates.",
"crypto.key.private_material_required": "Private key material must be provided.",
"crypto.hash.algorithm_unsupported": "Unsupported hash algorithm '{0}'.",
"crypto.hash.purpose_required": "Purpose cannot be null or empty.",
"crypto.hmac.algorithm_unknown": "Unknown HMAC algorithm '{0}'.",
"crypto.hmac.algorithm_unsupported": "Unsupported HMAC algorithm '{0}'.",
"crypto.ecdsa.algorithm_unsupported": "Unsupported ECDSA signing algorithm '{0}'.",
"crypto.ecdsa.curve_unsupported": "Unsupported ECDSA curve mapping for algorithm '{0}'.",
"crypto.digest.required": "Digest is required.",
"crypto.digest.prefix_required": "{0} must start with '{1}'.",
"crypto.digest.algorithm_unsupported": "Unsupported digest algorithm in '{0}'. Only sha256 is supported.",
"crypto.digest.hex_length": "{0} must contain {1} hexadecimal characters.",
"crypto.password.memory_cost_invalid": "Password hashing memory cost must be greater than zero.",
"crypto.password.iterations_invalid": "Password hashing iteration count must be greater than zero.",
"crypto.password.parallelism_invalid": "Password hashing parallelism must be greater than zero.",
"crypto.password.algorithm_mismatch": "{0} only supports the {1} algorithm.",
"crypto.password.pbkdf2_iterations": "PBKDF2 requires a positive iteration count.",
"crypto.gost.not_der": "Signature is not DER encoded.",
"crypto.gost.invalid_der": "Invalid DER structure for GOST signature.",
"crypto.gost.raw_length": "Raw GOST signature must be {0} bytes.",
"crypto.gost.neither_format": "Signature payload is neither DER nor raw GOST format.",
"crypto.gost.coordinate_overflow": "Coordinate exceeds expected length.",
"crypto.profile.unknown_purpose": "Unknown hash purpose '{0}' in profile '{1}'.",
"crypto.compliance.at_least_one_signing": "At least one signing algorithm must be supplied.",
"crypto.compliance.at_least_one_hash": "At least one hash algorithm must be supplied.",
"crypto.ed25519.private_key_size": "Ed25519 private key must be 32 or 64 bytes.",
"crypto.ed25519.public_key_size": "Ed25519 public key must be 32 bytes.",
"crypto.ed25519.no_hashing": "BouncyCastle Ed25519 provider does not expose hashing capabilities.",
"crypto.ed25519.raw_key_required": "Provider '{0}' requires raw Ed25519 private key material.",
"crypto.sm.no_password_hashing": "SM provider does not expose password hashing.",
"crypto.sm.raw_key_required": "SM2 provider requires raw private key bytes (PKCS#8 DER).",
"crypto.sm.unsupported_format": "Unsupported SM2 key format. Expect PEM or PKCS#8 DER.",
"crypto.sm.disabled": "Provider '{0}' is disabled. Set {1}=1 (or disable RequireEnvironmentGate) to enable software SM2/SM3.",
"crypto.di.registry_empty": "Crypto provider registry cannot be empty. Configure at least one provider for RU deployments.",
"crypto.di.ru_openssl_required": "Linux RU baseline requires provider 'ru.openssl.gost' (set STELLAOPS_CRYPTO_ENABLE_RU_OPENSSL=0 to override explicitly).",
"crypto.di.ru_provider_required": "RU Linux baseline is misconfigured: both ru.openssl.gost and ru.pkcs11 are disabled via environment. Enable at least one provider.",
"crypto.di.no_plugins_loaded": "No crypto providers were loaded. Check plugin configuration and manifest.",
"crypto.kms.rotation_via_policy": "{0} rotation must be orchestrated via {1} policies or schedules.",
"crypto.kms.revocation_via_policy": "{0} revocation must be managed through {1} APIs or console.",
"crypto.kms.public_key_missing_x": "Public key missing X coordinate.",
"crypto.kms.public_key_missing_y": "Public key missing Y coordinate.",
"crypto.kms.hash_failed": "Failed to hash payload with SHA-256.",
"crypto.kms.key_not_found": "Key '{0}' does not exist.",
"crypto.kms.key_revoked": "Key '{0}' has been revoked and cannot be rotated.",
"crypto.kms.key_revoked_signing": "Key '{0}' is revoked and cannot be used for signing.",
"crypto.kms.key_version_not_found": "Key version '{0}' does not exist for key '{1}'.",
"crypto.kms.key_no_active_version": "Key '{0}' does not have an active version.",
"crypto.kms.key_version_inactive": "Key version '{0}' is not active. Current state: {1}",
"crypto.kms.key_no_public_material": "Key '{0}' version '{1}' does not have public key material.",
"crypto.kms.algorithm_unsupported": "Algorithm '{0}' is not supported by the file KMS driver.",
"crypto.kms.curve_unsupported": "Curve '{0}' is not supported.",
"crypto.kms.metadata_failed": "Failed to create or load key metadata.",
"crypto.kms.algorithm_mismatch": "Algorithm mismatch. Expected '{0}', received '{1}'.",
"crypto.kms.version_exists": "Key version '{0}' already exists for key '{1}'.",
"crypto.kms.material_not_found": "Key material for version '{0}' was not found.",
"crypto.kms.envelope_deserialize_failed": "Key envelope could not be deserialized.",
"crypto.kms.payload_deserialize_failed": "Key payload could not be deserialized.",
"crypto.kms.pem_empty": "Public key PEM cannot be empty.",
"crypto.kms.no_primary_version": "Crypto key '{0}' does not have an active primary version.",
"crypto.kms.es256_only": "Provider '{0}' only supports ES256 signing keys.",
"crypto.kms.version_metadata_required": "KMS signing keys must include metadata entry 'kms.version'.",
"crypto.kms.missing_public_key": "KMS signing key is missing public key material.",
"crypto.fido2.curve_unsupported": "Unsupported FIDO2 curve OID '{0}'.",
"crypto.fido2.rotation_required": "FIDO2 credential rotation requires new enrolment.",
"crypto.fido2.revocation_relying_party": "FIDO2 credential revocation must be managed in the relying party.",
"crypto.fido2.missing_x": "FIDO2 public key missing X coordinate.",
"crypto.fido2.missing_y": "FIDO2 public key missing Y coordinate.",
"crypto.fido2.authenticator_required": "IFido2Authenticator must be registered to use FIDO2 KMS.",
"crypto.pkcs11.rotation_hsm": "PKCS#11 rotation requires HSM administrative tooling.",
"crypto.pkcs11.revocation_hsm": "PKCS#11 revocation must be handled by HSM policies.",
"crypto.pkcs11.slot_not_found": "Could not resolve PKCS#11 slot.",
"crypto.pkcs11.private_key_not_found": "PKCS#11 private key not found.",
"crypto.pkcs11.public_key_not_found": "PKCS#11 public key not found.",
"crypto.pkcs11.missing_ec_point": "Public key missing EC point.",
"crypto.pkcs11.missing_ec_params": "Public key missing EC parameters.",
"crypto.pkcs11.unsupported_point_format": "Unsupported EC point format.",
"crypto.pkcs11.curve_oid_unsupported": "Unsupported EC curve OID '{0}'.",
"crypto.pkcs11.curve_unsupported": "Unsupported EC curve '{0}'.",
"common.provcache.sbom_hash_required": "SBOM hash cannot be null or empty.",
"common.provcache.fetch_url_absolute": "Lazy fetch base URL must be absolute.",
"common.provcache.fetch_url_no_userinfo": "Lazy fetch base URL must not include user info.",
"common.provcache.fetch_url_host_required": "Lazy fetch base URL must include a host.",
"common.provcache.fetch_url_scheme_invalid": "Lazy fetch base URL scheme '{0}' is not allowed.",
"common.provcache.fetch_url_host_invalid": "Lazy fetch base URL host '{0}' is not allowlisted.",
"common.provcache.no_chunks_provided": "No chunks provided.",
"common.provcache.bundle_deserialize_failed": "Failed to deserialize bundle.",
"common.provcache.signer_not_configured": "Signer is not configured.",
"common.provcache.signing_requested_no_signer": "Signing requested but no signer is configured.",
"common.provcache.cache_entry_not_found": "Cache entry not found for VeriKey: {0}",
"common.provcache.chunk_manifest_not_found": "Chunk manifest not found for proof root: {0}",
"common.provcache.http_timeout_invalid": "Lazy fetch HTTP timeout must be a positive, non-infinite duration.",
"common.provcache.http_base_address_required": "HttpChunkFetcher requires a BaseAddress on the HTTP client.",
"common.provcache.merkle_root_mismatch": "Merkle root mismatch. Expected: {0}, Computed: {1}",
"common.provcache.chunk_verification_failed": "Chunk {0} verification failed. Expected hash: {1}",
"common.provcache.artifact_reference_required": "Artifact reference is required.",
"common.provcache.artifact_digest_required": "Artifact digest is required.",
"common.provcache.decision_digest_required": "DecisionDigest is required.",
"common.provcache.decision_digest_verikey_required": "DecisionDigest.VeriKey is required.",
"common.provcache.digest_empty": "Digest cannot be empty.",
"common.provcache.time_window_required": "Time window cannot be null or empty.",
"common.provcache.vex_hash_required": "VEX hash set hash cannot be null or empty.",
"common.provcache.policy_hash_required": "Policy hash cannot be null or empty.",
"common.provcache.source_hash_required": "Source hash cannot be null or empty.",
"common.provcache.signer_set_hash_required": "Signer set hash cannot be null or empty.",
"common.evidence.toolchain_required": "ToolChain must be set before building index.",
"common.evidence.deserialization_failed": "Failed to deserialize evidence index.",
"common.evidence.verdict_deserialization_failed": "Failed to deserialize verdict.",
"common.evidence.inputs_json_required": "JSON cannot be null or empty.",
"common.evidence.inputs_deserialization_failed": "Failed to deserialize pinned scoring inputs.",
"common.evidence.bundle_alert_id_required": "AlertId is required",
"common.evidence.bundle_artifact_id_required": "ArtifactId is required",
"common.evidence.pdf_export_requires_config": "PDF export requires additional configuration",
"common.evidence.invalid_uri_format": "Invalid evidence URI format: {0}. Expected stella://type/path",
"common.evidence.invalid_uri_missing_path": "Invalid evidence URI format: {0}. Missing path.",
"common.evidence.null_resolver_cannot_resolve": "NullTypeResolver cannot resolve evidence type: {0}",
"common.evidence.schema_resource_not_found": "Schema resource not found: {0}",
"common.evidence.schema_resource_not_available": "Schema resource not available: {0}",
"common.evidence.provenance_deserialize_failed": "Failed to deserialize provenance for evidence {0}",
"common.evidence.bundle_deserialize_failed": "Failed to deserialize verdict bundle",
"common.evidence.delta_verdict_deserialize_failed": "Failed to deserialize delta verdict",
"common.canonicalization.value_empty_after_trim": "Value must not be empty after trimming.",
"common.canonicalization.deserialize_failed": "Failed to deserialize {0}",
"common.canonicalization.datetime_value_null": "DateTimeOffset value is null.",
"common.canonicalization.dict_key_null": "Dictionary key cannot be null.",
"common.audit.replay_token_value_empty": "Token value cannot be empty.",
"common.audit.replay_token_empty": "Token cannot be empty.",
"common.audit.replay_token_format_invalid": "Invalid replay token format: {0}",
"common.audit.replay_token_version_invalid": "Invalid replay token version: {0}",
"common.audit.replay_token_expiration_invalid": "Invalid expiration timestamp in replay token: {0}",
"common.audit.replay_token_duplicate_context_key": "AdditionalContext contains duplicate key after normalization: '{0}'.",
"common.artifact.uri_format_invalid": "Invalid URI format: {0}",
"common.artifact.uri_scheme_not_supported": "URI scheme not supported: {0}",
"common.artifact.file_not_accessible": "File not accessible: {0}",
"common.artifact.file_too_large": "File too large: {0} bytes exceeds 100MB limit",
"common.artifact.uri_not_accessible": "URI not accessible: {0} returned {1}",
"common.artifact.content_too_large": "Content too large: {0} bytes exceeds 100MB limit",
"common.artifact.fetch_failed": "Failed to fetch from {0}: {1}",
"common.delta_verdict.artifact_ref_required": "Artifact reference is required.",
"common.delta_verdict.unsupported_signing_algorithm": "Unsupported signing algorithm: {0}",
"common.delta_verdict.hmac_secret_required": "HMAC signing requires a base64 secret.",
"common.eventing.no_entry_assembly": "No entry assembly found",
"auth.persistence.deserialize_inputs_failed": "Failed to deserialize inputs",
"auth.persistence.deserialize_result_failed": "Failed to deserialize result",
"auth.persistence.revocation_sequence_mismatch": "Revocation export sequence mismatch. Expected {0}, current {1}.",
"auth.persistence.revocation_update_rejected": "Revocation export state update rejected. Expected sequence {0}."
}

411
src/__Libraries/StellaOps.Localization/Translations/zh-TW.common.json Normal file
View File

@@ -0,0 +1,411 @@
{
"_meta": { "locale": "zh-TW", "namespace": "common", "version": "1.1" },
"common.error.generic": "Something went wrong.",
"common.error.not_found": "The requested resource was not found.",
"common.error.entity_not_found": "{0} '{1}' not found.",
"common.error.unauthorized": "You do not have permission to perform this action.",
"common.error.forbidden": "Access denied.",
"common.error.bad_request": "The request is invalid.",
"common.error.conflict": "A conflict occurred. The resource may have been modified.",
"common.error.timeout": "Request timed out after {0} seconds.",
"common.error.server_error": "An internal server error occurred. Please try again later.",
"common.error.service_unavailable": "The service is temporarily unavailable.",
"common.error.too_many_requests": "Too many requests. Please wait and try again.",
"common.error.network": "Network error. Check your connection.",
"common.error.body_required": "Request body is required.",
"common.error.deserialization_failed": "Failed to deserialize {0}.",
"common.error.not_supported": "{0} is not supported.",
"common.error.already_exists": "{0} '{1}' already exists.",
"common.error.revoked": "{0} '{1}' has been revoked and cannot be used.",
"common.error.state_invalid": "{0} '{1}' is not in the expected state. Current state: {2}",
"common.validation.required": "{0} is required.",
"common.validation.invalid": "{0} is invalid.",
"common.validation.too_long": "{0} exceeds the maximum length of {1} characters.",
"common.validation.too_short": "{0} must be at least {1} characters.",
"common.validation.out_of_range": "{0} must be between {1} and {2}.",
"common.validation.invalid_format": "{0} has an invalid format.",
"common.validation.duplicate": "{0} already exists.",
"common.validation.empty_not_allowed": "{0} must not be empty.",
"common.validation.empty_after_trim": "{0} must not be empty after trimming.",
"common.validation.greater_than_zero": "{0} must be greater than zero.",
"common.validation.non_negative": "{0} must be non-negative.",
"common.validation.at_least_one": "At least one {0} must be configured.",
"common.validation.at_least_n": "{0} must have at least {1} entries.",
"common.validation.null_or_empty": "{0} cannot be null or empty.",
"common.validation.absolute_uri": "{0} must be an absolute URI.",
"common.validation.invalid_regex": "{0} '{1}' is not a valid regular expression.",
"common.validation.unknown_value": "{0} '{1}' is not recognized. Allowed values: {2}",
"common.validation.max_exceeded": "{0} must be {1} characters or fewer.",
"common.actions.save": "Save",
"common.actions.cancel": "Cancel",
"common.actions.delete": "Delete",
"common.actions.confirm": "Confirm",
"common.actions.submit": "Submit",
"common.actions.close": "Close",
"common.actions.retry": "Retry",
"common.actions.expand": "Expand",
"common.actions.collapse": "Collapse",
"common.actions.show_more": "Show more",
"common.actions.show_less": "Show less",
"common.status.healthy": "Healthy",
"common.status.degraded": "Degraded",
"common.status.unavailable": "Unavailable",
"common.status.unknown": "Unknown",
"common.status.active": "Active",
"common.status.inactive": "Inactive",
"common.status.pending": "Pending",
"common.status.running": "Running",
"common.status.completed": "Completed",
"common.status.failed": "Failed",
"common.status.canceled": "Canceled",
"common.status.blocked": "Blocked",
"common.severity.critical": "Critical",
"common.severity.high": "High",
"common.severity.medium": "Medium",
"common.severity.low": "Low",
"common.severity.info": "Info",
"common.severity.none": "None",
"common.time.seconds_ago": "{0} seconds ago",
"common.time.minutes_ago": "{0} minutes ago",
"common.time.hours_ago": "{0} hours ago",
"common.time.days_ago": "{0} days ago",
"common.time.just_now": "Just now",
"common.ui.loading": "Loading...",
"common.ui.saving": "Saving...",
"common.ui.deleting": "Deleting...",
"common.ui.submitting": "Submitting...",
"common.ui.no_results": "No results found.",
"common.ui.offline": "You are offline.",
"common.ui.reconnecting": "Reconnecting...",
"common.ui.back_online": "Back online.",
"auth.dpop.proof_lifetime_invalid": "DPoP proof lifetime must be greater than zero.",
"auth.dpop.clock_skew_invalid": "DPoP allowed clock skew must be between 0 seconds and 5 minutes.",
"auth.dpop.replay_window_invalid": "DPoP replay window must be greater than or equal to zero.",
"auth.dpop.algorithm_required": "At least one allowed DPoP algorithm must be configured.",
"auth.dpop.algorithm_empty_after_normalization": "Allowed DPoP algorithms cannot be empty after normalization.",
"auth.dpop.options_required": "DPoP options must be provided.",
"auth.dpop.nonce_ttl_invalid": "Nonce TTL must be greater than zero.",
"auth.dpop.nonce_max_issuance_invalid": "Max issuance per minute must be at least 1.",
"auth.dpop.nonce_store_required": "Dpop.Nonce.Store must be specified.",
"auth.dpop.nonce_store_invalid": "Dpop.Nonce.Store must be either 'memory' or 'redis'.",
"auth.dpop.nonce_redis_required": "Dpop.Nonce.RedisConnectionString must be provided when using the 'redis' store.",
"auth.dpop.nonce_audiences_required": "Dpop.Nonce.RequiredAudiences must include at least one audience.",
"auth.dpop.token_three_segments": "Token must contain three segments.",
"auth.dpop.segment_out_of_range": "Segment index out of range.",
"auth.dpop.header_decode_failed": "Unable to decode header.",
"auth.dpop.header_missing_typ": "DPoP proof missing typ=dpop+jwt header.",
"auth.dpop.header_missing_alg": "DPoP proof missing alg header.",
"auth.dpop.header_unsupported_alg": "Unsupported DPoP algorithm.",
"auth.dpop.header_missing_jwk": "DPoP proof missing jwk header.",
"auth.dpop.header_invalid_jwk": "DPoP proof jwk header is invalid.",
"auth.dpop.payload_decode_failed": "Unable to decode payload.",
"auth.dpop.payload_missing_htm": "DPoP proof missing htm claim.",
"auth.dpop.payload_htm_mismatch": "DPoP htm does not match request method.",
"auth.dpop.payload_missing_htu": "DPoP proof missing htu claim.",
"auth.dpop.payload_htu_mismatch": "DPoP htu does not match request URI.",
"auth.dpop.payload_missing_iat": "DPoP proof missing iat claim.",
"auth.dpop.payload_missing_jti": "DPoP proof missing jti claim.",
"auth.dpop.payload_iat_invalid": "DPoP proof iat claim is not a valid number.",
"auth.dpop.nonce_missing": "DPoP proof missing nonce claim.",
"auth.dpop.nonce_mismatch": "DPoP nonce mismatch.",
"auth.dpop.proof_future": "DPoP proof issued in the future.",
"auth.dpop.proof_expired": "DPoP proof expired.",
"auth.dpop.signature_failed": "DPoP proof signature validation failed.",
"auth.dpop.replay_detected": "DPoP proof already used.",
"config.authority.schema_version_required": "Authority configuration requires a positive schemaVersion.",
"config.authority.issuer_required": "Authority configuration requires an issuer URL.",
"config.authority.issuer_absolute": "Authority issuer must be an absolute URI.",
"config.authority.issuer_https": "Authority issuer must use HTTPS unless running on a loopback interface.",
"config.authority.duplicate_tenant": "Authority configuration contains duplicate tenant identifier '{0}'.",
"config.authority.property_greater_than_zero": "Authority configuration requires {0} to be greater than zero.",
"config.authority.property_max": "Authority configuration requires {0} to be less than or equal to {1}.",
"config.authority.remote_inference_required": "Authority configuration requires at least one advisory AI remote inference profile when remote inference is enabled.",
"config.tenant.id_required": "Each tenant requires an id (slug).",
"config.tenant.id_format": "Tenant id '{0}' must contain only lowercase letters, digits, and hyphen.",
"config.tenant.project_format": "Tenant '{0}' defines project '{1}' which must contain only lowercase letters, digits, and hyphen.",
"config.tenant.role_missing_config": "Tenant '{0}' defines role '{1}' without configuration.",
"config.tenant.role_scope_required": "Tenant '{0}' role '{1}' must specify at least one scope.",
"config.tenant.role_unknown_scope": "Tenant '{0}' role '{1}' references unknown scope '{2}'.",
"config.tenant.role_unsupported_attribute": "Tenant '{0}' role '{1}' defines unsupported attribute '{2}'. Allowed attributes: env, owner, business_tier.",
"config.tenant.delegation_max_tokens": "Tenant '{0}' delegation maxActiveTokens must be greater than zero when specified.",
"config.tenant.remote_inference_disabled": "Tenant remote inference consent cannot be granted when remote inference is disabled.",
"config.tenant.remote_inference_consent_version_length": "Tenant remote inference consentVersion must be {0} characters or fewer.",
"config.tenant.remote_inference_consented_by_length": "Tenant remote inference consentedBy must be {0} characters or fewer.",
"config.tenant.remote_inference_consent_version_required": "Tenant remote inference consent requires consentVersion when consentGranted is true.",
"config.tenant.remote_inference_consented_at_required": "Tenant remote inference consent requires consentedAt when consentGranted is true.",
"config.service_account.id_required": "Delegation service account seeds require an accountId.",
"config.service_account.id_format": "Service account id '{0}' must contain lowercase letters, digits, colon, underscore, or hyphen.",
"config.service_account.tenant_required": "Service account '{0}' requires a tenant assignment.",
"config.service_account.tenant_unknown": "Service account '{0}' references unknown tenant '{1}'.",
"config.service_account.scope_required": "Service account '{0}' must specify at least one allowed scope.",
"config.service_account.unsupported_attribute": "Service account '{0}' defines unsupported attribute '{1}'. Allowed attributes: env, owner, business_tier.",
"config.plugin.assembly_required": "Authority plugin '{0}' must define either assemblyName or assemblyPath.",
"config.plugin.config_file_required": "Authority plugin '{0}' must define a configFile.",
"config.plugin.config_file_missing": "Authority plugin '{0}' specifies configFile '{1}' which does not exist.",
"config.plugin.unknown_capability": "Authority plugin '{0}' declares unknown capability '{1}'. Allowed values: password, mfa, clientProvisioning, bootstrap.",
"config.plugin.descriptor_null": "Authority plugin descriptor '{0}' is null.",
"config.delegation.duplicate_account": "Delegation configuration contains duplicate service account id '{0}'.",
"config.delegation.quota_max_tokens": "Authority delegation configuration requires {0}.MaxActiveTokens to be greater than zero.",
"config.mtls.rotation_grace_negative": "Mtls.RotationGrace must be non-negative.",
"config.mtls.audiences_required": "Mtls.EnforceForAudiences must include at least one audience when enabled.",
"config.mtls.ca_empty": "Mtls.AllowedCertificateAuthorities entries must not be empty.",
"config.mtls.san_types_required": "Mtls.AllowedSanTypes must include at least one entry when enabled.",
"config.mtls.subject_patterns_empty": "Mtls.AllowedSubjectPatterns entries must not be empty.",
"config.mtls.subject_pattern_invalid": "Mtls.AllowedSubjectPatterns entry '{0}' is not a valid regular expression.",
"config.signing.key_id_required": "Authority signing configuration requires signing.activeKeyId.",
"config.signing.key_path_required": "Authority signing configuration requires signing.keyPath.",
"config.signing.jwks_cache_range": "Authority signing configuration requires signing.jwksCacheLifetime to be between 00:00:01 and 01:00:00.",
"config.signing.additional_key_id_required": "Additional signing keys require a keyId.",
"config.signing.additional_key_path_required": "Signing key '{0}' requires a path.",
"config.bootstrap.api_key_required": "Authority bootstrap configuration requires an API key when enabled.",
"config.bootstrap.idp_required": "Authority bootstrap configuration requires a default identity provider name when enabled.",
"config.rate_limit.permit_limit": "Authority rate limiting '{0}' requires permitLimit to be greater than zero.",
"config.rate_limit.queue_limit": "Authority rate limiting '{0}' queueLimit cannot be negative.",
"config.rate_limit.window": "Authority rate limiting '{0}' window must be greater than zero and no more than one hour.",
"config.storage.connection_required": "Authority storage requires a connection string.",
"config.storage.timeout_invalid": "Authority storage command timeout must be greater than zero.",
"config.ack_token.payload_type_required": "notifications.ackTokens.payloadType must be specified when ack tokens are enabled.",
"config.ack_token.default_lifetime_invalid": "notifications.ackTokens.defaultLifetime must be greater than zero.",
"config.ack_token.max_lifetime_invalid": "notifications.ackTokens.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.ack_token.key_id_required": "notifications.ackTokens.activeKeyId must be provided when ack tokens are enabled.",
"config.ack_token.key_path_required": "notifications.ackTokens.keyPath must be provided when ack tokens are enabled.",
"config.ack_token.jwks_cache_range": "notifications.ackTokens.jwksCacheLifetime must be between 00:00:01 and 01:00:00.",
"config.exceptions.null_template": "Authority exception routing template entries must not be null.",
"config.exceptions.duplicate_template": "Authority exception routing template '{0}' is configured more than once.",
"config.exceptions.template_id_required": "Authority exception routing templates require an id.",
"config.exceptions.template_route_required": "Authority exception routing template '{0}' requires authorityRouteId.",
"config.sealed_mode.evidence_path_required": "AirGap.SealedMode.EvidencePath must be provided when enforcement is enabled.",
"config.sealed_mode.max_age_range": "AirGap.SealedMode.MaxEvidenceAge must be between 00:00:01 and 7.00:00:00.",
"config.sealed_mode.cache_lifetime_range": "AirGap.SealedMode.CacheLifetime must be greater than zero and less than or equal to AirGap.SealedMode.MaxEvidenceAge.",
"config.webhook.hosts_required": "notifications.webhooks.allowedHosts must include at least one host when enabled.",
"config.escalation.scope_required": "notifications.escalation.scope must be specified.",
"config.anti_forgery.audience_required": "vulnerabilityExplorer.workflow.antiForgery.audience must be specified when anti-forgery tokens are enabled.",
"config.anti_forgery.default_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.defaultLifetime must be greater than zero.",
"config.anti_forgery.max_lifetime_invalid": "vulnerabilityExplorer.workflow.antiForgery.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.anti_forgery.max_context_entries": "vulnerabilityExplorer.workflow.antiForgery.maxContextEntries must be non-negative.",
"config.anti_forgery.max_context_value_length": "vulnerabilityExplorer.workflow.antiForgery.maxContextValueLength must be greater than zero.",
"config.attachment.default_lifetime_invalid": "vulnerabilityExplorer.attachments.defaultLifetime must be greater than zero when attachment tokens are enabled.",
"config.attachment.max_lifetime_invalid": "vulnerabilityExplorer.attachments.maxLifetime must be greater than zero and greater than or equal to defaultLifetime.",
"config.attachment.payload_type_required": "vulnerabilityExplorer.attachments.payloadType must be specified when attachment tokens are enabled.",
"config.attachment.max_metadata_entries": "vulnerabilityExplorer.attachments.maxMetadataEntries must be non-negative.",
"config.attachment.max_metadata_value_length": "vulnerabilityExplorer.attachments.maxMetadataValueLength must be greater than zero.",
"config.api_lifecycle.sunset_after_deprecation": "Legacy auth sunset date must be after the deprecation date.",
"config.api_lifecycle.docs_url_format": "Legacy auth documentation URL must be an absolute HTTP or HTTPS URL.",
"crypto.provider.algorithm_not_supported": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.hash_not_supported": "Hash algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.verify_not_supported": "Verification algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.key_not_registered": "Signing key '{0}' is not registered with provider '{1}'.",
"crypto.provider.key_algorithm_mismatch": "Signing key '{0}' is registered for algorithm '{1}', not '{2}'.",
"crypto.provider.ec_keys_only": "Provider '{0}' only accepts EC signing keys.",
"crypto.provider.no_password_hashing": "Provider '{0}' does not expose password hashing capabilities.",
"crypto.provider.no_content_hashing": "Provider '{0}' does not support content hashing.",
"crypto.provider.no_ephemeral_verification": "Provider '{0}' does not support ephemeral verification.",
"crypto.provider.not_signing_capable": "Signing algorithm '{0}' is not supported by provider '{1}'.",
"crypto.provider.es256_only": "Only ES256 signing keys are currently supported by provider '{0}'.",
"crypto.provider.p256_required": "ES256 signing keys must use the NIST P-256 curve.",
"crypto.provider.curve_mismatch": "Signing key curve mismatch. Expected curve '{0}' for algorithm '{1}'.",
"crypto.registry.empty": "At least one crypto provider must be registered.",
"crypto.registry.algorithm_required": "Algorithm identifier is required.",
"crypto.registry.signing_not_supported": "Signing algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.hash_not_supported": "Hash algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.verify_not_supported": "Verification algorithm '{0}' is not supported by any registered provider.",
"crypto.registry.active_profile_required": "Active profile is required.",
"crypto.registry.profile_not_found": "Profile ID '{0}' is not found in the registry.",
"crypto.registry.profile_id_required": "Profile ID cannot be null or empty.",
"crypto.key.algorithm_required": "Algorithm identifier is required.",
"crypto.key.private_scalar_required": "Private key parameters must include the scalar component.",
"crypto.key.verification_only": "This constructor is only for verification-only keys. Set verificationOnly to true.",
"crypto.key.public_xy_required": "Public key parameters must include X and Y coordinates.",
"crypto.key.private_material_required": "Private key material must be provided.",
"crypto.hash.algorithm_unsupported": "Unsupported hash algorithm '{0}'.",
"crypto.hash.purpose_required": "Purpose cannot be null or empty.",
"crypto.hmac.algorithm_unknown": "Unknown HMAC algorithm '{0}'.",
"crypto.hmac.algorithm_unsupported": "Unsupported HMAC algorithm '{0}'.",
"crypto.ecdsa.algorithm_unsupported": "Unsupported ECDSA signing algorithm '{0}'.",
"crypto.ecdsa.curve_unsupported": "Unsupported ECDSA curve mapping for algorithm '{0}'.",
"crypto.digest.required": "Digest is required.",
"crypto.digest.prefix_required": "{0} must start with '{1}'.",
"crypto.digest.algorithm_unsupported": "Unsupported digest algorithm in '{0}'. Only sha256 is supported.",
"crypto.digest.hex_length": "{0} must contain {1} hexadecimal characters.",
"crypto.password.memory_cost_invalid": "Password hashing memory cost must be greater than zero.",
"crypto.password.iterations_invalid": "Password hashing iteration count must be greater than zero.",
"crypto.password.parallelism_invalid": "Password hashing parallelism must be greater than zero.",
"crypto.password.algorithm_mismatch": "{0} only supports the {1} algorithm.",
"crypto.password.pbkdf2_iterations": "PBKDF2 requires a positive iteration count.",
"crypto.gost.not_der": "Signature is not DER encoded.",
"crypto.gost.invalid_der": "Invalid DER structure for GOST signature.",
"crypto.gost.raw_length": "Raw GOST signature must be {0} bytes.",
"crypto.gost.neither_format": "Signature payload is neither DER nor raw GOST format.",
"crypto.gost.coordinate_overflow": "Coordinate exceeds expected length.",
"crypto.profile.unknown_purpose": "Unknown hash purpose '{0}' in profile '{1}'.",
"crypto.compliance.at_least_one_signing": "At least one signing algorithm must be supplied.",
"crypto.compliance.at_least_one_hash": "At least one hash algorithm must be supplied.",
"crypto.ed25519.private_key_size": "Ed25519 private key must be 32 or 64 bytes.",
"crypto.ed25519.public_key_size": "Ed25519 public key must be 32 bytes.",
"crypto.ed25519.no_hashing": "BouncyCastle Ed25519 provider does not expose hashing capabilities.",
"crypto.ed25519.raw_key_required": "Provider '{0}' requires raw Ed25519 private key material.",
"crypto.sm.no_password_hashing": "SM provider does not expose password hashing.",
"crypto.sm.raw_key_required": "SM2 provider requires raw private key bytes (PKCS#8 DER).",
"crypto.sm.unsupported_format": "Unsupported SM2 key format. Expect PEM or PKCS#8 DER.",
"crypto.sm.disabled": "Provider '{0}' is disabled. Set {1}=1 (or disable RequireEnvironmentGate) to enable software SM2/SM3.",
"crypto.di.registry_empty": "Crypto provider registry cannot be empty. Configure at least one provider for RU deployments.",
"crypto.di.ru_openssl_required": "Linux RU baseline requires provider 'ru.openssl.gost' (set STELLAOPS_CRYPTO_ENABLE_RU_OPENSSL=0 to override explicitly).",
"crypto.di.ru_provider_required": "RU Linux baseline is misconfigured: both ru.openssl.gost and ru.pkcs11 are disabled via environment. Enable at least one provider.",
"crypto.di.no_plugins_loaded": "No crypto providers were loaded. Check plugin configuration and manifest.",
"crypto.kms.rotation_via_policy": "{0} rotation must be orchestrated via {1} policies or schedules.",
"crypto.kms.revocation_via_policy": "{0} revocation must be managed through {1} APIs or console.",
"crypto.kms.public_key_missing_x": "Public key missing X coordinate.",
"crypto.kms.public_key_missing_y": "Public key missing Y coordinate.",
"crypto.kms.hash_failed": "Failed to hash payload with SHA-256.",
"crypto.kms.key_not_found": "Key '{0}' does not exist.",
"crypto.kms.key_revoked": "Key '{0}' has been revoked and cannot be rotated.",
"crypto.kms.key_revoked_signing": "Key '{0}' is revoked and cannot be used for signing.",
"crypto.kms.key_version_not_found": "Key version '{0}' does not exist for key '{1}'.",
"crypto.kms.key_no_active_version": "Key '{0}' does not have an active version.",
"crypto.kms.key_version_inactive": "Key version '{0}' is not active. Current state: {1}",
"crypto.kms.key_no_public_material": "Key '{0}' version '{1}' does not have public key material.",
"crypto.kms.algorithm_unsupported": "Algorithm '{0}' is not supported by the file KMS driver.",
"crypto.kms.curve_unsupported": "Curve '{0}' is not supported.",
"crypto.kms.metadata_failed": "Failed to create or load key metadata.",
"crypto.kms.algorithm_mismatch": "Algorithm mismatch. Expected '{0}', received '{1}'.",
"crypto.kms.version_exists": "Key version '{0}' already exists for key '{1}'.",
"crypto.kms.material_not_found": "Key material for version '{0}' was not found.",
"crypto.kms.envelope_deserialize_failed": "Key envelope could not be deserialized.",
"crypto.kms.payload_deserialize_failed": "Key payload could not be deserialized.",
"crypto.kms.pem_empty": "Public key PEM cannot be empty.",
"crypto.kms.no_primary_version": "Crypto key '{0}' does not have an active primary version.",
"crypto.kms.es256_only": "Provider '{0}' only supports ES256 signing keys.",
"crypto.kms.version_metadata_required": "KMS signing keys must include metadata entry 'kms.version'.",
"crypto.kms.missing_public_key": "KMS signing key is missing public key material.",
"crypto.fido2.curve_unsupported": "Unsupported FIDO2 curve OID '{0}'.",
"crypto.fido2.rotation_required": "FIDO2 credential rotation requires new enrolment.",
"crypto.fido2.revocation_relying_party": "FIDO2 credential revocation must be managed in the relying party.",
"crypto.fido2.missing_x": "FIDO2 public key missing X coordinate.",
"crypto.fido2.missing_y": "FIDO2 public key missing Y coordinate.",
"crypto.fido2.authenticator_required": "IFido2Authenticator must be registered to use FIDO2 KMS.",
"crypto.pkcs11.rotation_hsm": "PKCS#11 rotation requires HSM administrative tooling.",
"crypto.pkcs11.revocation_hsm": "PKCS#11 revocation must be handled by HSM policies.",
"crypto.pkcs11.slot_not_found": "Could not resolve PKCS#11 slot.",
"crypto.pkcs11.private_key_not_found": "PKCS#11 private key not found.",
"crypto.pkcs11.public_key_not_found": "PKCS#11 public key not found.",
"crypto.pkcs11.missing_ec_point": "Public key missing EC point.",
"crypto.pkcs11.missing_ec_params": "Public key missing EC parameters.",
"crypto.pkcs11.unsupported_point_format": "Unsupported EC point format.",
"crypto.pkcs11.curve_oid_unsupported": "Unsupported EC curve OID '{0}'.",
"crypto.pkcs11.curve_unsupported": "Unsupported EC curve '{0}'.",
"common.provcache.sbom_hash_required": "SBOM hash cannot be null or empty.",
"common.provcache.fetch_url_absolute": "Lazy fetch base URL must be absolute.",
"common.provcache.fetch_url_no_userinfo": "Lazy fetch base URL must not include user info.",
"common.provcache.fetch_url_host_required": "Lazy fetch base URL must include a host.",
"common.provcache.fetch_url_scheme_invalid": "Lazy fetch base URL scheme '{0}' is not allowed.",
"common.provcache.fetch_url_host_invalid": "Lazy fetch base URL host '{0}' is not allowlisted.",
"common.provcache.no_chunks_provided": "No chunks provided.",
"common.provcache.bundle_deserialize_failed": "Failed to deserialize bundle.",
"common.provcache.signer_not_configured": "Signer is not configured.",
"common.provcache.signing_requested_no_signer": "Signing requested but no signer is configured.",
"common.provcache.cache_entry_not_found": "Cache entry not found for VeriKey: {0}",
"common.provcache.chunk_manifest_not_found": "Chunk manifest not found for proof root: {0}",
"common.provcache.http_timeout_invalid": "Lazy fetch HTTP timeout must be a positive, non-infinite duration.",
"common.provcache.http_base_address_required": "HttpChunkFetcher requires a BaseAddress on the HTTP client.",
"common.provcache.merkle_root_mismatch": "Merkle root mismatch. Expected: {0}, Computed: {1}",
"common.provcache.chunk_verification_failed": "Chunk {0} verification failed. Expected hash: {1}",
"common.provcache.artifact_reference_required": "Artifact reference is required.",
"common.provcache.artifact_digest_required": "Artifact digest is required.",
"common.provcache.decision_digest_required": "DecisionDigest is required.",
"common.provcache.decision_digest_verikey_required": "DecisionDigest.VeriKey is required.",
"common.provcache.digest_empty": "Digest cannot be empty.",
"common.provcache.time_window_required": "Time window cannot be null or empty.",
"common.provcache.vex_hash_required": "VEX hash set hash cannot be null or empty.",
"common.provcache.policy_hash_required": "Policy hash cannot be null or empty.",
"common.provcache.source_hash_required": "Source hash cannot be null or empty.",
"common.provcache.signer_set_hash_required": "Signer set hash cannot be null or empty.",
"common.evidence.toolchain_required": "ToolChain must be set before building index.",
"common.evidence.deserialization_failed": "Failed to deserialize evidence index.",
"common.evidence.verdict_deserialization_failed": "Failed to deserialize verdict.",
"common.evidence.inputs_json_required": "JSON cannot be null or empty.",
"common.evidence.inputs_deserialization_failed": "Failed to deserialize pinned scoring inputs.",
"common.evidence.bundle_alert_id_required": "AlertId is required",
"common.evidence.bundle_artifact_id_required": "ArtifactId is required",
"common.evidence.pdf_export_requires_config": "PDF export requires additional configuration",
"common.evidence.invalid_uri_format": "Invalid evidence URI format: {0}. Expected stella://type/path",
"common.evidence.invalid_uri_missing_path": "Invalid evidence URI format: {0}. Missing path.",
"common.evidence.null_resolver_cannot_resolve": "NullTypeResolver cannot resolve evidence type: {0}",
"common.evidence.schema_resource_not_found": "Schema resource not found: {0}",
"common.evidence.schema_resource_not_available": "Schema resource not available: {0}",
"common.evidence.provenance_deserialize_failed": "Failed to deserialize provenance for evidence {0}",
"common.evidence.bundle_deserialize_failed": "Failed to deserialize verdict bundle",
"common.evidence.delta_verdict_deserialize_failed": "Failed to deserialize delta verdict",
"common.canonicalization.value_empty_after_trim": "Value must not be empty after trimming.",
"common.canonicalization.deserialize_failed": "Failed to deserialize {0}",
"common.canonicalization.datetime_value_null": "DateTimeOffset value is null.",
"common.canonicalization.dict_key_null": "Dictionary key cannot be null.",
"common.audit.replay_token_value_empty": "Token value cannot be empty.",
"common.audit.replay_token_empty": "Token cannot be empty.",
"common.audit.replay_token_format_invalid": "Invalid replay token format: {0}",
"common.audit.replay_token_version_invalid": "Invalid replay token version: {0}",
"common.audit.replay_token_expiration_invalid": "Invalid expiration timestamp in replay token: {0}",
"common.audit.replay_token_duplicate_context_key": "AdditionalContext contains duplicate key after normalization: '{0}'.",
"common.artifact.uri_format_invalid": "Invalid URI format: {0}",
"common.artifact.uri_scheme_not_supported": "URI scheme not supported: {0}",
"common.artifact.file_not_accessible": "File not accessible: {0}",
"common.artifact.file_too_large": "File too large: {0} bytes exceeds 100MB limit",
"common.artifact.uri_not_accessible": "URI not accessible: {0} returned {1}",
"common.artifact.content_too_large": "Content too large: {0} bytes exceeds 100MB limit",
"common.artifact.fetch_failed": "Failed to fetch from {0}: {1}",
"common.delta_verdict.artifact_ref_required": "Artifact reference is required.",
"common.delta_verdict.unsupported_signing_algorithm": "Unsupported signing algorithm: {0}",
"common.delta_verdict.hmac_secret_required": "HMAC signing requires a base64 secret.",
"common.eventing.no_entry_assembly": "No entry assembly found",
"auth.persistence.deserialize_inputs_failed": "Failed to deserialize inputs",
"auth.persistence.deserialize_result_failed": "Failed to deserialize result",
"auth.persistence.revocation_sequence_mismatch": "Revocation export sequence mismatch. Expected {0}, current {1}.",
"auth.persistence.revocation_update_rejected": "Revocation export state update rejected. Expected sequence {0}."
}