docs: implement DDD design construction portal and add detailed domain model documentation for all system contexts.

Author: beyondnetPeru

README.es.md

@@ -40,6 +40,7 @@ npm install; npx nx run app-web:dev
 | **Entrega del Proyecto** | [Backlog del Proyecto](./docs/governance/project-es/index.md) | Épicas MVP, historias de usuario y diseño funcional de módulos core. |
 | **Requerimientos** | [Índice de Requerimientos](./docs/governance/requirements-es/index.md) | Historias funcionales, glosario de negocio y modelo de datos conceptual. |
 | **Arquitectura** | [Portal de Arquitectura](./docs/architecture/index.es.md) | Diseño ER de base de datos, mapas de entidades y visores interactivos. |
+| **Construccion** | [Portal de Construccion](./docs/governance/construction/index.md) | Diseño DDD de la capa de dominio (bounded contexts, agregados, eventos, comandos). |
 
 ---
 

README.md

@@ -40,6 +40,7 @@ npm install; npx nx run app-web:dev
 | **Project Delivery** | [Project Backlog](./docs/governance/project/index.md) | MVP epics, user stories, and functional design of core modules. |
 | **Requirements** | [Requirements Index](./docs/governance/requirements/index.md) | Functional stories, business glossary, and conceptual data model. |
 | **Architecture** | [Architecture Portal](./docs/architecture/index.md) | Database ER design, entity maps, and interactive viewers. |
+| **Construction** | [Construction Portal](./docs/governance/construction/index.md) | DDD domain layer design (bounded contexts, aggregates, events, commands). |
 
 ---
 

docs/MASTER_INDEX.es.md

@@ -34,3 +34,21 @@ Especificaciones de Ingeniería y Ciclo de Vida del Producto para el User Manage
 - [Diseño de Base de Datos ER](./architecture/blueprints-es/database-design-er.md)
 - [Formatos de Exportación ER](./architecture/blueprints-es/er-export-formats.md)
 - [Portal de Arquitectura](./architecture/index.es.md)
+
+### Fase 04 -- Construccion y Diseño de Dominio
+
+- [Portal de Construccion](./governance/construction/index.md)
+- [Portal DDD](./governance/construction/ddd-design/index.md)
+- [Mapa de Bounded Contexts](./governance/construction/ddd-design/01-bounded-context-map.md)
+- [Lenguaje Ubicuo](./governance/construction/ddd-design/02-ubiquitous-language.md)
+- [Contexto Identity](./governance/construction/ddd-design/03-identity-context.md)
+- [Contexto Authorization](./governance/construction/ddd-design/04-authorization-context.md)
+- [Contexto Configuration](./governance/construction/ddd-design/05-configuration-context.md)
+- [Contexto Audit](./governance/construction/ddd-design/06-audit-context.md)
+- [Contexto Approvals](./governance/construction/ddd-design/07-approvals-context.md)
+- [Contexto IGA](./governance/construction/ddd-design/08-iga-context.md)
+- [Contexto Compliance](./governance/construction/ddd-design/09-compliance-context.md)
+- [Flujos Cross-Contexto](./governance/construction/ddd-design/10-cross-context-flows.md)
+- [Primitivas DDD](./governance/construction/ddd-design/11-ddd-primitives.md)
+- [Decisiones de Diseno y Vacios](./governance/construction/ddd-design/12-design-decisions.md)
+- [Viewer Interactivo DDD](./governance/construction/ddd-design/interactive-ddd-viewer.html)

docs/MASTER_INDEX.md

@@ -36,3 +36,21 @@ Product Lifecycle and Engineering Specifications for the User Management System
 - [Interactive ER Viewer](./architecture/blueprints/interactive-er-viewer.html)
 - [Service Entity Map](./architecture/blueprints/service-entity-map.md)
 - [Architecture Portal](./architecture/index.md)
+
+### Phase 04 -- Construction & Domain Design
+
+- [Construction Portal](./governance/construction/index.md)
+- [DDD Design Portal](./governance/construction/ddd-design/index.md)
+- [Bounded Context Map](./governance/construction/ddd-design/01-bounded-context-map.md)
+- [Ubiquitous Language](./governance/construction/ddd-design/02-ubiquitous-language.md)
+- [Identity Context](./governance/construction/ddd-design/03-identity-context.md)
+- [Authorization Context](./governance/construction/ddd-design/04-authorization-context.md)
+- [Configuration Context](./governance/construction/ddd-design/05-configuration-context.md)
+- [Audit Context](./governance/construction/ddd-design/06-audit-context.md)
+- [Approvals Context](./governance/construction/ddd-design/07-approvals-context.md)
+- [IGA Context](./governance/construction/ddd-design/08-iga-context.md)
+- [Compliance Context](./governance/construction/ddd-design/09-compliance-context.md)
+- [Cross-Context Flows](./governance/construction/ddd-design/10-cross-context-flows.md)
+- [DDD Primitives](./governance/construction/ddd-design/11-ddd-primitives.md)
+- [Design Decisions & Gaps](./governance/construction/ddd-design/12-design-decisions.md)
+- [Interactive DDD Viewer](./governance/construction/ddd-design/interactive-ddd-viewer.html)

docs/architecture/index.es.md

@@ -11,6 +11,10 @@ Planos detallados de ingeniería centrados en:
 - **[Diseño de Base de Datos ER](./blueprints-es/database-design-er.md)**: El modelo entidad-relación de referencia.
 - **[Formatos de Exportación ER](./blueprints-es/er-export-formats.md)**: Exportaciones SQL, Mermaid e imágenes del esquema.
 
+### Relacionado — Diseño de Capa de Dominio
+- **[Portal DDD](../governance/construction/ddd-design/index.md)**: Bounded contexts, agregados, value objects, comandos, eventos y maquinas de estado para el producto completo.
+- **[Viewer Interactivo DDD](../governance/construction/ddd-design/interactive-ddd-viewer.html)**: Herramienta en el navegador para explorar el mapa de contextos, maquinas de estado y flujos cross-contexto.
+
 ---
 
 **[Volver al Índice Maestro](../MASTER_INDEX.es.md)** | **[Volver al README Raíz](../../README.es.md)**

docs/architecture/index.md

@@ -13,6 +13,10 @@ Detailed engineering blueprints focusing on:
 - **[Interactive ER Viewer](./blueprints/interactive-er-viewer.html)**: Browser-based tool to explore the database structure.
 - **[Service Entity Map](./blueprints/service-entity-map.md)**: Logical mapping between system services and database entities.
 
+### Related — Domain Layer Design
+- **[DDD Design Portal](../governance/construction/ddd-design/index.md)**: Bounded contexts, aggregates, value objects, commands, events, and state machines for the complete product.
+- **[Interactive DDD Viewer](../governance/construction/ddd-design/interactive-ddd-viewer.html)**: Browser-based tool to explore bounded context map, state machines, and cross-context flows.
+
 ---
 
 **[Back to Master Index](../MASTER_INDEX.md)** | **[Back to Root README](../../README.md)**

docs/governance/construction/ddd-design/01-bounded-context-map.md

@@ -0,0 +1,125 @@
+# Bounded Context Map
+
+**Tipo:** DDD — Mapa de Contextos  
+**Version:** 2.0 | **Fecha:** 2026-05-15 | **Estado:** Propuesto  
+**Alcance:** Producto completo — FS-01 a FS-16  
+
+> **Visualizacion interactiva:** [interactive-ddd-viewer.html](./interactive-ddd-viewer.html) — seccion "Bounded Context Map"
+
+---
+
+## Diagrama de Contextos
+
+<details>
+<summary>Ver codigo Mermaid (referencia)</summary>
+
+```mermaid
+graph TD
+    subgraph Core["Nucleo del Producto"]
+        A["BC-A: Identity\nums_identity\n.NET 8"]
+        B["BC-B: Authorization\nums_authz\n.NET 8"]
+    end
+
+    subgraph Supporting["Soporte Operacional"]
+        C["BC-C: Configuration\nums_config\n.NET 8"]
+        F["BC-F: Approvals\nums_approval\n.NET 8"]
+        H["BC-H: IGA\nums_iga\n.NET 8"]
+        I["BC-I: Compliance\nums_compliance\n.NET 8"]
+    end
+
+    subgraph Generic["Genericos"]
+        D["BC-D: Audit\nums_audit\n.NET 8"]
+        G["BC-G: Cache\nRedis\nInfrastructura"]
+        E["BC-E: Console PAP\nReact SPA\nSin entidades propias"]
+    end
+
+    A -->|"Customer-Supplier\nUser + Org + Branch claims"| B
+    A -->|"Customer-Supplier\nTenant scope keys"| C
+    A -->|"Customer-Supplier\nUserRegisteredEvent"| F
+    A -->|"Customer-Supplier\nUserRegisteredEvent"| H
+    A -->|"Customer-Supplier\nUserRegisteredEvent"| I
+    A -->|"Conformist\nevents"| D
+
+    C -->|"Customer-Supplier\nIdP config al gateway"| A
+    B -->|"Read-Aside\nauth_graph cache"| G
+    C -->|"Read-Aside\ncfg + flags cache"| G
+    B -->|"Conformist\nevents"| D
+    C -->|"Conformist\nevents"| D
+
+    H -->|"Customer-Supplier\nPromotionApprovedEvent"| B
+    H -->|"Customer-Supplier\npromocion requiere workflow"| F
+    H -->|"Conformist\nevents"| D
+
+    I -->|"Customer-Supplier\nDocumentExpiredEvent BLOCK"| A
+    I -->|"Customer-Supplier\nvalidacion doc"| F
+    I -->|"Conformist\nevents"| D
+
+    F -->|"Customer-Supplier\nprovisioning B2B"| A
+    F -->|"Customer-Supplier\nasignacion Profile post-aprobacion"| B
+    F -->|"Conformist\nevents"| D
+
+    E -->|"Customer-Supplier\nREST APIs"| A
+    E -->|"Customer-Supplier\nREST APIs"| B
+    E -->|"Customer-Supplier\nREST APIs"| C
+    E -->|"Customer-Supplier\nREST APIs"| F
+```
+
+</details>
+
+---
+
+## Catalogo de Contextos
+
+| Codigo | Nombre | Schema SQL | Clasificacion | FS |
+|--------|--------|-----------|---------------|-----|
+| BC-A | Identity | `ums_identity` | Core | FS-01, FS-03, FS-08, FS-09 |
+| BC-B | Authorization | `ums_authz` | Core | FS-02, FS-04, FS-05, FS-06, FS-07 |
+| BC-C | Configuration | `ums_config` | Supporting | FS-08, FS-09, FS-13 |
+| BC-D | Audit | `ums_audit` | Generic | Todos |
+| BC-E | Console PAP | React SPA | Generic | Todos (UI) |
+| BC-F | Approvals | `ums_approval` | Supporting | FS-10, FS-11, FS-12 |
+| BC-G | Cache | Redis | Generic | BC-B, BC-C |
+| BC-H | IGA | `ums_iga` | Supporting | FS-12, FS-14 |
+| BC-I | Compliance | `ums_compliance` | Supporting | FS-11, FS-15, FS-16 |
+
+---
+
+## Tabla de Relaciones
+
+| Upstream | Downstream | Patron | Contrato |
+|----------|-----------|--------|----------|
+| Identity | Authorization | Customer-Supplier | User/Org/Branch claims via eventos o API |
+| Identity | Configuration | Customer-Supplier | Tenant scope keys para aislamiento de config |
+| Identity | Approvals | Customer-Supplier | Registro de usuario externo desencadena workflow |
+| Identity | IGA | Customer-Supplier | `UserRegisteredEvent` para inicializar tracking |
+| Identity | Compliance | Customer-Supplier | `UserRegisteredEvent` para inicializar documentos |
+| Configuration | Identity | Customer-Supplier | IdP config provista al Auth Gateway para routing |
+| Authorization | Cache | Shared Kernel `ICachePort` | Read-aside; invalidacion en mutaciones |
+| Configuration | Cache | Shared Kernel `IConfigCachePort` | Read-aside cfg + flags; TTL 60-900s |
+| IGA | Authorization | Customer-Supplier | `PromotionApprovedEvent` actualiza Profile |
+| IGA | Approvals | Customer-Supplier | Promocion requiere ApprovalRequest |
+| Compliance | Identity | Customer-Supplier | `DocumentExpiredEvent` ejecuta BLOCK_ACCESS |
+| Compliance | Approvals | Customer-Supplier | Validacion documental abre workflow |
+| Approvals | Identity | Customer-Supplier | `ApprovalResolvedEvent` activa UserAccount (ONBOARDING) |
+| Approvals | Authorization | Customer-Supplier | `ApprovalResolvedEvent` asigna Profile (PROFILE_ASSIGNMENT) |
+| Todos | Audit | Conformist | Eventos inmutables appendeados al ledger |
+| Console | Todos | Customer-Supplier | REST versionado; tratado como consumidor externo |
+
+---
+
+## Anti-Corruption Layers
+
+| Frontera | Mecanismo | Motivo |
+|---------|-----------|--------|
+| Authorization — IdP externo | `IAuthenticationPort` Strategy Pattern | Evita acoplamiento con SDK de Zitadel/Okta |
+| Configuration — Feature Flag Providers | `IFeatureFlagPort` Strategy Pattern | Evita LaunchDarkly/Unleash en dominio |
+| Configuration — Secret Vault | `ISecretStorePort` Strategy Pattern | Evita AWS Secrets Manager / HashiCorp en dominio |
+| Authorization — Redis | `ICachePort` | Evita cliente Redis en capa de dominio |
+| Configuration — Redis | `IConfigCachePort` | Namespace separado de auth_graph |
+| Compliance — Notificaciones | `INotificationPort` Strategy Pattern | Evita SDK SMTP/Twilio en dominio |
+| Compliance — Almacenamiento | `IDocumentStoragePort` Strategy Pattern | Evita SDK MinIO/S3 en dominio |
+| Authorization — Event Bus | `IEventBusPort` | Evita Kafka/RabbitMQ en use cases |
+
+---
+
+**[Indice DDD](./index.md)** | **[Siguiente: Lenguaje Ubicuo](./02-ubiquitous-language.md)**

docs/governance/construction/ddd-design/02-ubiquitous-language.md

@@ -0,0 +1,61 @@
+# Lenguaje Ubicuo
+
+**Tipo:** DDD — Ubiquitous Language  
+**Version:** 2.0 | **Fecha:** 2026-05-15 | **Estado:** Propuesto  
+**Alcance:** Producto completo — FS-01 a FS-16  
+
+Terminos canonicos que todos los artefactos de codigo, documentacion y conversacion deben respetar. Cualquier termino fuera de esta tabla debe ser propuesto y aprobado antes de usarse en el codigo.
+
+---
+
+## Glosario de Dominio
+
+| Termino de Negocio | Clase de Dominio | Contexto | FS |
+|-------------------|-----------------|----------|----|
+| Organizacion / Tenant | `Tenant` | Identity | FS-03 |
+| Sede | `Branch` | Identity | FS-03 |
+| Usuario | `UserAccount` | Identity | FS-01, FS-03, FS-09, FS-10 |
+| Sistema / Aplicacion | `SystemSuite` | Authorization | FS-04 |
+| Modulo | `FunctionalModule` | Authorization | FS-04 |
+| Menu (submodulo) | `FunctionalSubmodule` | Authorization | FS-04 |
+| Opcion | `FunctionalOption` | Authorization | FS-04 |
+| Accion | `Action` | Authorization | FS-02, FS-04 |
+| Rol | `Role` | Authorization | FS-02, FS-05 |
+| Plantilla de Autorizacion | `PermissionTemplate` | Authorization | FS-02, FS-05, FS-06 |
+| Perfil | `Profile` | Authorization | FS-05, FS-06, FS-07 |
+| Permiso Efectivo | `ProfilePermission` | Authorization | FS-05, FS-07 |
+| Regla de Asignacion Auto | `TemplateAssignmentRule` | Authorization | FS-06 |
+| Grafo de Autorizacion | `CompiledPolicyGraph` (runtime VO) | Authorization | FS-07 |
+| Config de Proveedor de Identidad | `IdpConfiguration` | Configuration | FS-01, FS-03, FS-08 |
+| Parametro de Configuracion | `AppConfiguration` | Configuration | FS-08, FS-13 |
+| Indicador de Funcionalidad | `FeatureFlag` | Configuration | FS-08, FS-13 |
+| Solicitud de Aprobacion | `ApprovalRequest` | Approvals | FS-10, FS-12 |
+| Flujo de Aprobacion | `ApprovalWorkflow` | Approvals | FS-10, FS-12 |
+| Proceso de Promocion | `UserPromotionProcess` | IGA | FS-12 |
+| Criterio de Promocion | `RolePromotionCriteria` | IGA | FS-12 |
+| Delegacion de Administracion | `UserManagementDelegation` | IGA | FS-14 |
+| Documento del Usuario | `UserDocument` | Compliance | FS-11, FS-15, FS-16 |
+| Tipo de Documento | `DocumentType` | Compliance | FS-11, FS-15, FS-16 |
+| Regla de Notificacion | `NotificationRule` | Compliance | FS-15 |
+| Politica de Enforcement | `AccessEnforcementPolicy` | Compliance | FS-16 |
+
+---
+
+## Estados Canonicos por Agregado
+
+| Agregado | Estados |
+|---------|---------|
+| `UserAccount` | `PENDING` / `ACTIVE` / `BLOCKED` |
+| `PermissionTemplate` | `DRAFT` / `PUBLISHED` / `DEPRECATED` |
+| `AppConfiguration` | `DRAFT` / `PUBLISHED` / `ARCHIVED` |
+| `ApprovalRequest` | `PENDING` / `APPROVED` / `REJECTED` / `CANCELLED` / `EXPIRED` |
+| `UserPromotionProcess` | `EVALUATING` / `CRITERIA_MET` / `PENDING_APPROVAL` / `PROMOTED` |
+| `UserDocument` | `PENDING_REVIEW` / `VALID` / `EXPIRED` / `REJECTED` |
+| `Tenant` | `ACTIVE` / `SUSPENDED` / `ARCHIVED` |
+| `SystemSuite` | `DRAFT` / `PUBLISHED` / `RETIRED` |
+| `IdpConfiguration` | `DRAFT` / `ACTIVE` / `INACTIVE` |
+| `UserManagementDelegation` | `ACTIVE` / `REVOKED` / `EXPIRED` |
+
+---
+
+**[Anterior: Bounded Context Map](./01-bounded-context-map.md)** | **[Indice DDD](./index.md)** | **[Siguiente: Identity Context](./03-identity-context.md)**