diff --git a/src/api/SIGCM2.Domain/Entities/Usuario.cs b/src/api/SIGCM2.Domain/Entities/Usuario.cs
new file mode 100644
index 0000000..83ae7d2
--- /dev/null
+++ b/src/api/SIGCM2.Domain/Entities/Usuario.cs
@@ -0,0 +1,36 @@
+namespace SIGCM2.Domain.Entities;
+
+public sealed class Usuario
+{
+ public int Id { get; }
+ public string Username { get; }
+ public string PasswordHash { get; }
+ public string Nombre { get; }
+ public string Apellido { get; }
+ public string? Email { get; }
+ public string Rol { get; }
+ public string PermisosJson { get; }
+ public bool Activo { get; }
+
+ public Usuario(
+ int id,
+ string username,
+ string passwordHash,
+ string nombre,
+ string apellido,
+ string? email,
+ string rol,
+ string permisosJson,
+ bool activo)
+ {
+ Id = id;
+ Username = username;
+ PasswordHash = passwordHash;
+ Nombre = nombre;
+ Apellido = apellido;
+ Email = email;
+ Rol = rol;
+ PermisosJson = permisosJson;
+ Activo = activo;
+ }
+}
diff --git a/src/api/SIGCM2.Domain/Exceptions/InvalidCredentialsException.cs b/src/api/SIGCM2.Domain/Exceptions/InvalidCredentialsException.cs
new file mode 100644
index 0000000..bd6da4d
--- /dev/null
+++ b/src/api/SIGCM2.Domain/Exceptions/InvalidCredentialsException.cs
@@ -0,0 +1,11 @@
+namespace SIGCM2.Domain.Exceptions;
+
+///
+/// Thrown when login credentials are invalid (user not found, wrong password, or inactive).
+/// Deliberately vague to prevent user enumeration.
+///
+public sealed class InvalidCredentialsException : Exception
+{
+ public InvalidCredentialsException()
+ : base("Credenciales inválidas") { }
+}
diff --git a/src/api/SIGCM2.Domain/SIGCM2.Domain.csproj b/src/api/SIGCM2.Domain/SIGCM2.Domain.csproj
new file mode 100644
index 0000000..e1a4a1d
--- /dev/null
+++ b/src/api/SIGCM2.Domain/SIGCM2.Domain.csproj
@@ -0,0 +1,10 @@
+
+
+
+ net10.0
+ enable
+ enable
+ SIGCM2.Domain
+
+
+