docs: restore Spanish documents and implement absolute language symmetry across READMEs

Author: beyondnetPeru

MASTER_INDEX.es.md

@@ -8,18 +8,18 @@ Navegacion por fases de la documentacion del Sistema de Gestion de Usuarios (UMS
 
 ### Fase 00 -- Vision de Producto
 
-- [Vision del Producto](./governance/product/product-vision.md)
-- [Contexto de Negocio](./governance/product/business-context.md)
-- [Alcance y Limites](./governance/product/scope.md)
-- [Objetivos (OKRs)](./governance/product/objectives.md)
-- [Interesados](./governance/product/stakeholders.md)
+- [Vision del Producto](./governance/product-es/product-vision.md)
+- [Contexto de Negocio](./governance/product-es/business-context.md)
+- [Alcance y Limites](./governance/product-es/scope.md)
+- [Objetivos (OKRs)](./governance/product-es/objectives.md)
+- [Interesados](./governance/product-es/stakeholders.md)
 
 ### Fase 01 -- Requisitos de Dominio
 
-- [Glosario (Lenguaje Ubicuo)](./governance/requirements/glossary.md)
-- [Modelo de Datos Conceptual](./governance/requirements/conceptual-data-model.md)
-- [Matriz de Permisos](./governance/requirements/permission-matrix-example.md)
-- [Historias Funcionales](./governance/requirements/functional-stories/index.md)
+- [Glosario (Lenguaje Ubicuo)](./governance/requirements-es/glossary.md)
+- [Modelo de Datos Conceptual](./governance/requirements-es/conceptual-data-model.md)
+- [Matriz de Permisos](./governance/requirements-es/permission-matrix-example.md)
+- [Historias Funcionales](./governance/requirements-es/functional-stories/index.md)
 
 ### Fase 02 -- Arquitectura
 

README.es.md

@@ -2,107 +2,39 @@
 
 > **Monolito Modular de alta escala para Gestión de Identidad y Autorización Unificada.**
 >
-> ![Arquitectura](https://img.shields.io/badge/Arquitectura-Monolito_Modular-blue) ![Lenguaje](https://img.shields.io/badge/Lenguaje-.NET_8_/_React-informational) ![Metodología](https://img.shields.io/badge/Metodología-BMAD--METHOD-success)
+> ![Estado](https://img.shields.io/badge/Estado-Activo-success) ![Arch](https://img.shields.io/badge/Arquitectura-Monolito_Modular-blue)
 
 ---
 
-## 🌍 Language / Bilingüe
-- 🇺🇸 [English](./README.md)
-- 🇪🇸 [Español](./README.es.md)
+### 🌍 Selector de Idioma
+- [English](./README.md) | **Español**
 
----
-
-## 🚀 Inicio Rápido
-Para desarrolladores listos para levantar el entorno:
+### 🚀 Inicio Rápido
 ```powershell
-# Entrar al Engine Room
 cd src
-# Iniciar Frontend
 npm install; npx nx run app-web:dev
-# Compilar Backend
-dotnet build ./apps/app-api-dotnet/Ums.sln
 ```
 
 ---
 
-## 🏛️ Arquitectura y Principios
-Construido bajo **Clean Architecture**, **DDD** y patrones **Hexagonales**.
-- **Patrón**: Monolito Modular/Progresivo con Contextos Delimitados estrictos.
-- **Persistencia**: PostgreSQL 16 con Seguridad a Nivel de Fila (RLS).
-- **Seguridad**: OAuth2/OIDC + Grafo de Autorización Multi-tenant.
-
----
-
-## 📍 Hub de Documentación Global
+### 📍 Hub de Conocimiento (Español)
+Explora las capas del proyecto por dominio:
 
-| Dominio | Descripción | Contenido |
-| :--- | :--- | :--- |
-| [⚖️ **Gobernanza**](./governance/) | Estrategia de Negocio y Producto | Visión, Roadmap, Requisitos (Fases 00, 01, 05). |
-| [🏗️ **Arquitectura**](./architecture/) | Planos Técnicos | ADRs, Modelos C4, Estándares de Ingeniería (Fases 02, 03, 04). |
-| [🛠️ **Infraestructura**](./infrastructure/) | Plataforma e IaC | Docker, Kong Gateway, configs de Kubernetes. |
-| [🚀 **Operaciones**](./operations/) | Monitoreo y SRE | Observabilidad (OTel/Tempo), Grafana Dashboards, SQL init. |
-| [🎓 **Conocimiento**](./knowledge/) | Centro de Aprendizaje | POCs, Guías de Onboarding, Investigación de referencia. |
-| [💻 **Código Fuente**](./src/) | Implementación | Código Fuente del Producto (`apps/` y `libs/`). |
+- [⚖️ **Gobernanza**](./governance/product-es/) — Visión, Roadmap y Alcance del Producto.
+- [🏗️ **Arquitectura**](./architecture/adrs-es/) — ADRs, Planos y Espec. de Ingeniería.
+- [🛠️ **Infraestructura**](./infrastructure/) — Configuración de Docker, Kong y K8s.
+- [🚀 **Operaciones**](./operations/) — Observabilidad, Monitoreo y SRE.
+- [💻 **Código Fuente**](./src/) — La Implementación (Apps y Libs).
 
 ---
 
-## 👥 Lectura Recomendada por Rol
-Selecciona tu perfil para una ruta de onboarding personalizada:
-
-<details>
-<summary><b>📦 Product Owner / Negocio</b></summary>
-
-1. [Visión del Producto](./governance/product/product-vision.md)
-2. [Contexto de Negocio y Solución](./governance/product/business-context.md)
-3. [Historias Funcionales](./governance/requirements/functional-stories/)
-4. [Roadmap del Producto](./governance/roadmap/versioning-and-audit-strategy.md)
-</details>
-
-<details>
-<summary><b>🏗️ Arquitecto de Software</b></summary>
-
-1. [Espec. de Arquitectura (Modelos C4)](./architecture/blueprints-es/architecture-spec.md)
-2. [Registro de ADRs](./architecture/adrs-es/)
-3. [Stack Tecnológico](./architecture/blueprints-es/stack.md)
-4. [Mapa de Contextos](./architecture/blueprints-es/bounded-context-map.md)
-</details>
-
-<details>
-<summary><b>⚙️ Desarrollador Backend</b></summary>
-
-1. [Estándares de Ingeniería](./architecture/artifacts-es/engineering-standards.md)
-2. [Código Fuente Backend](./src/apps/app-api-dotnet/)
-3. [Habilitadores Técnicos](./architecture/blueprints-es/technical-enablers/)
-4. [Plan de Migración .NET](./architecture/blueprints-es/dotnet-migration-and-tech-stack-plan.md)
-</details>
-
-<details>
-<summary><b>💻 Desarrollador Frontend</b></summary>
-
-1. [Código Fuente Frontend](./src/apps/app-web/)
-2. [Alcance del Producto (Web Console)](./architecture/artifacts-es/ums-web-console-product-scope.md)
-3. [Estándares de Ingeniería](./architecture/artifacts-es/engineering-standards.md)
-</details>
-
-<details>
-<summary><b>☁️ DevOps / SRE</b></summary>
-
-1. [Configuración de Infraestructura](./infrastructure/)
-2. [Estrategia de Observabilidad](./architecture/artifacts-es/observability-strategy.md)
-3. [Activos Operacionales](./operations/)
-4. [Guía de Configuración de Kong](./architecture/artifacts-es/kong-plugins-configuration-guide.md)
-</details>
-
-<details>
-<summary><b>🛡️ Seguridad / QA</b></summary>
-
-1. [Espec. IAM Empresarial](./architecture/artifacts-es/enterprise-iam-ums-specification.md)
-2. [Plan de Contract Testing](./architecture/artifacts-es/contract-testing-plan.md)
-3. [Espec. MFA y Seguridad](./architecture/artifacts-es/mfa-passwordless-security-spec.md)
-4. [Gobernanza Multi-Tenant](./architecture/artifacts-es/enterprise-multitenant-governance-report.md)
-</details>
+### 👥 Lectura Recomendada por Rol
+| Rol | Ruta Recomendada |
+| :--- | :--- |
+| **Product Owner** | [Visión](./governance/product-es/product-vision.md) → [Contexto](./governance/product-es/business-context.md) → [Roadmap](./governance/roadmap/) |
+| **Arquitecto** | [Planos](./architecture/blueprints-es/architecture-spec.md) → [ADRs](./architecture/adrs-es/) → [Stack](./architecture/blueprints-es/stack.md) |
+| **Desarrollador** | [Estándares](./architecture/artifacts-es/engineering-standards.md) → [Código](./src/) → [Planos](./architecture/blueprints-es/architecture-spec.md) |
+| **DevOps / QA** | [Infra](./infrastructure/) → [Ops](./operations/) → [Espec. IAM](./architecture/artifacts-es/enterprise-iam-ums-specification.md) |
 
 ---
-
-## 🤝 Contribuir
-Por favor lee el [**Indice Maestro**](./MASTER_INDEX.es.md) y las [**Reglas de Agentes**](./AGENTS.md) antes de realizar cambios. Este proyecto sigue el **BMAD-METHOD** para desarrollo dirigido por especificaciones.
+*Para navegación profunda, visita el [**Índice Maestro**](./MASTER_INDEX.es.md).*

README.md

@@ -2,107 +2,39 @@
 
 > **High-scale Modular Monolith for Unified Identity & Authorization.**
 >
-> ![Architecture](https://img.shields.io/badge/Architecture-Modular_Monolith-blue) ![Language](https://img.shields.io/badge/Language-.NET_8_/_React-informational) ![Methodology](https://img.shields.io/badge/Methodology-BMAD--METHOD-success)
+> ![Status](https://img.shields.io/badge/Status-Active-success) ![Arch](https://img.shields.io/badge/Architecture-Modular_Monolith-blue)
 
 ---
 
-## 🌍 Language / Bilingüe
-- 🇺🇸 [English](./README.md)
-- 🇪🇸 [Español](./README.es.md)
+### 🌍 Language Selector
+- **English** | [Español](./README.es.md)
 
----
-
-## 🚀 Quick Start
-For developers ready to spin up the environment:
+### 🚀 Quick Start
 ```powershell
-# Enter the Engine Room
 cd src
-# Start Frontend
 npm install; npx nx run app-web:dev
-# Build Backend
-dotnet build ./apps/app-api-dotnet/Ums.sln
 ```
 
 ---
 
-## 🏛️ Architecture & Principles
-Built on **Clean Architecture**, **DDD**, and **Hexagonal** patterns.
-- **Pattern**: Progressive/Modular Monolith with strict Bounded Contexts.
-- **Persistence**: PostgreSQL 16 with Row-Level Security (RLS).
-- **Security**: OAuth2/OIDC + Multi-tenant Authorization Graph.
-
----
-
-## 📍 Global Documentation Hub
+### 📍 Knowledge Hub (English)
+Explore the project layers by domain:
 
-| Domain | Description | Content |
-| :--- | :--- | :--- |
-| [⚖️ **Governance**](./governance/) | Business & Product Strategy | Vision, Roadmap, Requirements (Phases 00, 01, 05). |
-| [🏗️ **Architecture**](./architecture/) | Technical Blueprint | ADRs, C4 Models, Engineering Standards (Phases 02, 03, 04). |
-| [🛠️ **Infrastructure**](./infrastructure/) | Platform & IaC | Docker, Kong Gateway, Kubernetes configs. |
-| [🚀 **Operations**](./operations/) | Monitoring & SRE | Observability (OTel/Tempo), Grafana Dashboards, SQL init. |
-| [🎓 **Knowledge**](./knowledge/) | Learning Center | POCs, Onboarding guides, Reference research. |
-| [💻 **Source Code**](./src/) | Implementation | Product Source (`apps/` and `libs/`). |
+- [⚖️ **Governance**](./governance/) — Vision, Roadmap, and Product Scope.
+- [🏗️ **Architecture**](./architecture/) — ADRs, Blueprints, and Engineering Specs.
+- [🛠️ **Infrastructure**](./infrastructure/) — Docker, Kong, and K8s configuration.
+- [🚀 **Operations**](./operations/) — Observability, Monitoring, and SRE.
+- [💻 **Source Code**](./src/) — The Implementation (Apps & Libs).
 
 ---
 
-## 👥 Recommended Reading by Role
-Select your profile for a tailored onboarding path:
-
-<details>
-<summary><b>📦 Product Owner / Business</b></summary>
-
-1. [Product Vision](./governance/product/product-vision.md)
-2. [Business Context & Solution](./governance/product/business-context.md)
-3. [Functional Stories](./governance/requirements/functional-stories/)
-4. [Product Roadmap](./governance/roadmap/versioning-and-audit-strategy.md)
-</details>
-
-<details>
-<summary><b>🏗️ Software Architect</b></summary>
-
-1. [Architecture Spec (C4 Models)](./architecture/blueprints/architecture-spec.md)
-2. [ADR Registry](./architecture/adrs/)
-3. [Technology Stack](./architecture/blueprints/stack.md)
-4. [Context Map](./architecture/blueprints/bounded-context-map.md)
-</details>
-
-<details>
-<summary><b>⚙️ Backend Developer</b></summary>
-
-1. [Engineering Standards](./architecture/artifacts/engineering-standards.md)
-2. [Backend Source Code](./src/apps/app-api-dotnet/)
-3. [Technical Enablers](./architecture/blueprints/technical-enablers/)
-4. [.NET Migration Plan](./architecture/blueprints/dotnet-migration-and-tech-stack-plan.md)
-</details>
-
-<details>
-<summary><b>💻 Frontend Developer</b></summary>
-
-1. [Frontend Source Code](./src/apps/app-web/)
-2. [Web Console Product Scope](./architecture/artifacts/ums-web-console-product-scope.md)
-3. [Engineering Standards](./architecture/artifacts/engineering-standards.md)
-</details>
-
-<details>
-<summary><b>☁️ DevOps / SRE</b></summary>
-
-1. [Infrastructure Setup](./infrastructure/)
-2. [Observability Strategy](./architecture/artifacts/observability-strategy.md)
-3. [Operational Assets](./operations/)
-4. [Kong Gateway Config](./architecture/artifacts/kong-plugins-configuration-guide.md)
-</details>
-
-<details>
-<summary><b>🛡️ Security / QA</b></summary>
-
-1. [Enterprise IAM Spec](./architecture/artifacts/enterprise-iam-ums-specification.md)
-2. [Contract Testing Plan](./architecture/artifacts/contract-testing-plan.md)
-3. [MFA & Security Spec](./architecture/artifacts/mfa-passwordless-security-spec.md)
-4. [Multi-Tenant Governance](./architecture/artifacts/enterprise-multitenant-governance-report.md)
-</details>
+### 👥 Recommended Reading by Role
+| Role | Recommended Path |
+| :--- | :--- |
+| **Product Owner** | [Vision](./governance/product/product-vision.md) → [Context](./governance/product/business-context.md) → [Roadmap](./governance/roadmap/) |
+| **Architect** | [Specs](./architecture/blueprints/architecture-spec.md) → [ADRs](./architecture/adrs/) → [Stack](./architecture/blueprints/stack.md) |
+| **Developer** | [Standards](./architecture/artifacts/engineering-standards.md) → [Source](./src/) → [Specs](./architecture/blueprints/architecture-spec.md) |
+| **DevOps / QA** | [Infra](./infrastructure/) → [Ops](./operations/) → [IAM Spec](./architecture/artifacts/enterprise-iam-ums-specification.md) |
 
 ---
-
-## 🤝 Contributing
-Please read the [**Master Index**](./MASTER_INDEX.md) and the [**Agent Rules**](./AGENTS.md) before making any changes. This project follows the **BMAD-METHOD** for spec-driven development.
+*For deep-dive navigation, visit the [**Master Index**](./MASTER_INDEX.md).*

governance/product-es/business-context.md

@@ -0,0 +1,57 @@
+> ?? **Nota de Arquitectura:** Este documento se encuentra actualmente en su versi�n original (Ingl�s) y est� programado para traducci�n oficial en la hoja de ruta.
+
+# 💼 Business Context - User Management System (UMS)
+
+## 1. Problem Statement
+Historically, corporate software ecosystems suffer from fragmented identity and access governance. Each system (TMS, WMS, CRM) manages its own local database of users, password hashes, and authorization roles. This results in:
+- **Severe Security Vulnerabilities**: Fragmented password databases increase the attack surface and make password policy enforcement impossible.
+- **High Administrative Overhead**: Employees must be manually onboarded and offboarded across multiple applications, leading to "orphan accounts" with active access.
+- **Lack of Central Auditability**: Tracking "who did what" and "who has access to what" across multiple isolated databases is practically impossible, violating regulatory compliance.
+- **Inefficient Multi-Tenancy**: B2B clients cannot self-manage their organizations, causing continuous support ticket overhead for the primary software vendor.
+
+---
+
+## 2. Proposed Solution
+UMS resolves these issues by serving as an **abstract, sovereign Authorization & Identity Gateway** for any downstream client system or integrated enterprise suite.
+
+```mermaid
+graph TD
+    User["Multi-Tenant User (Client Staff)"] -->|1. Request Login / Action| App["Downstream Client Application"]
+    
+    %% AUTHENTICATION CORNER (Optional & Pluggable)
+    App -->|2. Delegate Auth & Query Config| UMS["UMS Sovereign Authorization Kernel"]
+    UMS -.->|IAuthenticationPort_Pluggable| IdP_Providers["Identity Providers (Internal bcrypt / Zitadel / Azure AD / Okta)"]
+    UMS -.->|IFeatureFlagPort_Pluggable| FF_Providers["Feature Flag Engines (Internal PostgreSQL-Redis / LaunchDarkly / Unleash)"]
+    
+    %% RESOLUTION & PERSISTENCE CORNER
+    UMS -->|3. Read context-aware overrides| DB["PostgreSQL 16 (RLS Isolated)"]
+    DB -->|4. Resolve dynamic rules| UMS
+    
+    %% RESPONSE CORNER
+    UMS -->|5. Cache effective payload| Cache["Redis Cache (cfg, flags, auth_graph)"]
+    UMS -->|6. Unified API Payload| App
+```
+
+UMS separates **Authentication**, **Authorization**, and **Dynamic Configuration**:
+1.  **Authentication (Identity)**: Treated as an abstract, pluggable service layer. UMS validates "who" the user is using secure, federated Single Sign-On (SSO), SAML, OIDC, WebAuthn (Passkeys), or an internal credentials database, dynamically routing to external Identity Providers (such as Zitadel, AWS Cognito, Microsoft Entra ID, Okta, or Keycloak) on a per-tenant basis without impacting business logic.
+2.  **Authorization (Permissions)**: Controlled centrally by UMS. UMS stores the definitions of client systems, modules, menus, permission graphs, roles, and profiles, injecting authorization tokens and dynamic modules and menus into downstream applications on demand.
+3.  **Dynamic Configuration & Feature Flags**: UMS governs the runtime behavior of downstream systems via a hierarchical multi-tenant configuration model and an extensible feature flag framework (LaunchDarkly, Unleash, Internal), enabling zero-deployment behavioral shifts and progressive rollouts.
+
+---
+
+## 3. Executive Business Rationale
+Standardizing access under UMS provides three massive business benefits:
+- **Zero Ticket Onboarding**: Clients self-manage their administrative scopes through delegable profiles and tenant-specific settings.
+- **Zero-Deployment Agility**: Real-time feature flags and dynamic hierarchical configuration overrides (Tenant > System > Org > Environment) allow immediate business adjustments without code releases.
+- **Compliance Ready**: Immutable business audit logs (CDC/Subscribers) track all critical permission mutations and configuration state changes, making the system instantly ready for SOC 2 and ISO 27001 certifications.
+- **Enterprise-Grade Security**: Passwordless cryptography completely eliminates brute-force vectors and credentials theft.
+
+---
+
+## 4. Reference Operational Model
+To illustrate the real-world operational execution of UMS, our specifications utilize the **Business Analyst** scenario as the primary reference model. This role represents high-concurrency B2B access to the *Route Planner* under the context of specific tenants (e.g., *Logistics Corp*) and localized branches (e.g., *Callao Terminal, Peru*). 
+
+The detailed architectural specs, sequence diagrams, and dynamic API contracts for this reference model are fully detailed in **[enterprise-iam-ums-specification.md](../04-artifacts/enterprise-iam-ums-specification.md)**.
+
+
+