diff --git a/src/api/SIGCM2.Application/Auth/Logout/LogoutCommand.cs b/src/api/SIGCM2.Application/Auth/Logout/LogoutCommand.cs
new file mode 100644
index 0000000..cb05772
--- /dev/null
+++ b/src/api/SIGCM2.Application/Auth/Logout/LogoutCommand.cs
@@ -0,0 +1,3 @@
+namespace SIGCM2.Application.Auth.Logout;
+
+public sealed record LogoutCommand(int UsuarioId);
diff --git a/src/api/SIGCM2.Application/Auth/Logout/LogoutCommandHandler.cs b/src/api/SIGCM2.Application/Auth/Logout/LogoutCommandHandler.cs
new file mode 100644
index 0000000..9103a08
--- /dev/null
+++ b/src/api/SIGCM2.Application/Auth/Logout/LogoutCommandHandler.cs
@@ -0,0 +1,22 @@
+using SIGCM2.Application.Abstractions;
+using SIGCM2.Application.Abstractions.Persistence;
+
+namespace SIGCM2.Application.Auth.Logout;
+
+public sealed class LogoutCommandHandler : ICommandHandler<LogoutCommand, LogoutResponseDto>
+{
+    private readonly IRefreshTokenRepository _refreshRepo;
+
+    public LogoutCommandHandler(IRefreshTokenRepository refreshRepo)
+    {
+        _refreshRepo = refreshRepo;
+    }
+
+    public async Task<LogoutResponseDto> Handle(LogoutCommand command)
+    {
+        // Revoke all active tokens for the user across all families.
+        // Idempotent: 0 rows affected is not an error.
+        await _refreshRepo.RevokeAllActiveForUserAsync(command.UsuarioId, DateTime.UtcNow);
+        return new LogoutResponseDto(true, "Sesión cerrada correctamente");
+    }
+}
diff --git a/src/api/SIGCM2.Application/Auth/Logout/LogoutResponseDto.cs b/src/api/SIGCM2.Application/Auth/Logout/LogoutResponseDto.cs
new file mode 100644
index 0000000..023f3dc
--- /dev/null
+++ b/src/api/SIGCM2.Application/Auth/Logout/LogoutResponseDto.cs
@@ -0,0 +1,3 @@
+namespace SIGCM2.Application.Auth.Logout;
+
+public sealed record LogoutResponseDto(bool Success, string Mensaje);