feat(identity): wire UserManagementDelegation into SQL schema, router, and nav (FS-14)

- Add 20260522_sqlserver_identity_delegations.sql with full DDL for
  UserManagementDelegations table (ums_identity schema), CHECK constraints
  for no-self-delegation and valid window, and 4 performance indexes
- Register migration in SqlServerSchemaBootstrapper script order
- Add /delegations lazy route in App.tsx → DelegationDashboardScreen
- Add 'delegations' NavItemId, route, and pathToTab entry in navigation.config
- Add GitMerge icon and delegation nav item to Identity Context module in NavRail
- Add userAccounts + delegationManagement translation keys (ES + EN)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: beyondnetPeru

src/apps/ums.api/Ums.Infrastructure/Persistence/Migrations/20260522_sqlserver_identity_delegations.sql

@@ -0,0 +1,84 @@
+-- ============================================================
+-- Migration: UserManagementDelegations table
+-- Date:      2026-05-22
+-- Context:   Identity BC — FS-14 Delegated Administration
+-- Schema:    ums_identity
+-- ============================================================
+
+IF NOT EXISTS (SELECT 1 FROM sys.schemas WHERE name = 'ums_identity')
+BEGIN
+    EXEC('CREATE SCHEMA [ums_identity]');
+END
+GO
+
+IF OBJECT_ID('[ums_identity].[UserManagementDelegations]', 'U') IS NULL
+BEGIN
+    CREATE TABLE [ums_identity].[UserManagementDelegations]
+    (
+        -- Identity
+        [Id]                 uniqueidentifier NOT NULL,
+        [TenantId]           uniqueidentifier NOT NULL,
+
+        -- Participants
+        [DelegatingAdminId]  uniqueidentifier NOT NULL,
+        [DelegatedAdminId]   uniqueidentifier NOT NULL,
+
+        -- Scope
+        [ScopeTypeId]        int              NOT NULL,
+        [ScopeId]            uniqueidentifier NULL,
+
+        -- Permissions
+        [AllowedActionsJson] nvarchar(500)    NOT NULL,
+
+        -- Validity window
+        [ValidFrom]          datetimeoffset   NOT NULL,
+        [ValidUntil]         datetimeoffset   NOT NULL,
+        [MaxDurationDays]    int              NULL,
+
+        -- Approval
+        [RequiresApproval]   bit              NOT NULL DEFAULT 0,
+        [ApprovalRequestId]  uniqueidentifier NULL,
+
+        -- Lifecycle
+        [StatusId]           int              NOT NULL,
+        [RevokedAt]          datetimeoffset   NULL,
+        [RevokedBy]          uniqueidentifier NULL,
+        [RevocationReason]   nvarchar(500)    NULL,
+
+        -- Audit
+        [CreatedBy]          nvarchar(100)    NOT NULL,
+        [CreatedAtUtc]       datetime2        NOT NULL,
+        [UpdatedBy]          nvarchar(100)    NULL,
+        [UpdatedAtUtc]       datetime2        NULL,
+        [AuditTimeSpan]      nvarchar(100)    NOT NULL,
+
+        CONSTRAINT [PK_UserManagementDelegations] PRIMARY KEY ([Id]),
+
+        -- INV-DEL2: delegating admin cannot delegate to themselves
+        CONSTRAINT [CK_UserManagementDelegations_NoSelfDelegation]
+            CHECK ([DelegatingAdminId] <> [DelegatedAdminId]),
+
+        -- INV-DEL3: validity window must be positive
+        CONSTRAINT [CK_UserManagementDelegations_ValidWindow]
+            CHECK ([ValidUntil] > [ValidFrom])
+    );
+
+    -- Hot-path: find active delegations for a given delegated admin (scope validation)
+    CREATE INDEX [IX_UserManagementDelegations_DelegatedAdminId_Status]
+        ON [ums_identity].[UserManagementDelegations] ([DelegatedAdminId], [StatusId])
+        INCLUDE ([TenantId], [AllowedActionsJson], [ScopeTypeId], [ScopeId], [ValidFrom], [ValidUntil]);
+
+    -- Dashboard: load all delegations a given admin has granted
+    CREATE INDEX [IX_UserManagementDelegations_DelegatingAdminId]
+        ON [ums_identity].[UserManagementDelegations] ([DelegatingAdminId]);
+
+    -- Tenant-scoped listing (admin portal)
+    CREATE INDEX [IX_UserManagementDelegations_TenantId_StatusId]
+        ON [ums_identity].[UserManagementDelegations] ([TenantId], [StatusId]);
+
+    -- Background expiry worker: find active delegations past their ValidUntil
+    CREATE INDEX [IX_UserManagementDelegations_Active_ValidUntil]
+        ON [ums_identity].[UserManagementDelegations] ([StatusId], [ValidUntil])
+        WHERE [StatusId] = 1; -- 1 = Active
+END
+GO

src/apps/ums.api/Ums.Infrastructure/Persistence/SqlServerSchemaBootstrapper.cs

@@ -11,6 +11,7 @@ public static partial class SqlServerSchemaBootstrapper
         "20260521_sqlserver_platform_outbox.sql",
         "20260521_sqlserver_identity_aggregates.sql",
         "20260521_sqlserver_authorization_profiles.sql",
+        "20260522_sqlserver_identity_delegations.sql",
     ];
 
     public static async Task InitializeAsync(UmsPlatformDbContext dbContext, CancellationToken cancellationToken = default)

src/apps/ums.web-app/src/App.tsx

@@ -7,6 +7,7 @@ import { useThemeStore } from './application/stores/theme.store';
 
 const TenantDashboardScreen = lazy(() => import('./presentation/identity/tenant/screens/TenantDashboardScreen'));
 const UserAccountDashboardScreen = lazy(() => import('./presentation/identity/user-account/screens/UserAccountDashboardScreen'));
+const DelegationDashboardScreen = lazy(() => import('./presentation/identity/delegation/screens/DelegationDashboardScreen'));
 const ProfileScreen = lazy(() => import('./presentation/identity/profile/screens/ProfileScreen'));
 const LoginScreen = lazy(() => import('./presentation/identity/profile/screens/LoginScreen'));
 
@@ -25,12 +26,13 @@ export default function App() {
           <MainLayout>
             <Suspense fallback={<RouteLoader />}>
               <Routes>
-                <Route path="/"         element={<Navigate to="/tenants" replace />} />
-                <Route path="/tenants"   element={<TenantDashboardScreen />} />
-                <Route path="/users"     element={<UserAccountDashboardScreen />} />
-                <Route path="/profile"   element={<ProfileScreen />} />
-                <Route path="/login"     element={<LoginScreen />} />
-                <Route path="*"          element={<Navigate to="/tenants" replace />} />
+                <Route path="/"             element={<Navigate to="/tenants" replace />} />
+                <Route path="/tenants"      element={<TenantDashboardScreen />} />
+                <Route path="/users"        element={<UserAccountDashboardScreen />} />
+                <Route path="/delegations"  element={<DelegationDashboardScreen />} />
+                <Route path="/profile"      element={<ProfileScreen />} />
+                <Route path="/login"        element={<LoginScreen />} />
+                <Route path="*"             element={<Navigate to="/tenants" replace />} />
               </Routes>
             </Suspense>
           </MainLayout>

src/apps/ums.web-app/src/application/i18n/namespaces/identity.translations.ts

@@ -4,6 +4,8 @@ export const identityTranslations = {
     identityContext: 'Contexto de Identidad',
     tenant: 'Tenant',
     tenants: 'Tenants',
+    userAccounts: 'Cuentas de Usuario',
+    delegationManagement: 'Delegaciones',
     systemDiagnostics: 'Diagnóstico del Sistema',
     profileStats: 'Estadísticas de Perfil',
     developerSession: 'Sesión de Desarrollador',
@@ -161,6 +163,8 @@ export const identityTranslations = {
     identityContext: 'Identity Context',
     tenant: 'Tenant',
     tenants: 'Tenants',
+    userAccounts: 'User Accounts',
+    delegationManagement: 'Delegations',
     systemDiagnostics: 'System Diagnostics',
     profileStats: 'Profile Statistics',
     developerSession: 'Developer Session',

src/apps/ums.web-app/src/presentation/shared/layouts/NavRail.tsx

@@ -1,7 +1,7 @@
 import React, { useState, useMemo } from 'react';
 import { useNavigate, useLocation } from 'react-router-dom';
 import { useI18n } from '@app/i18n/use-i18n';
-import { Building2, User, LogOut, ChevronRight, ChevronDown, ShieldCheck, Cpu, Users } from 'lucide-react';
+import { Building2, User, LogOut, ChevronRight, ChevronDown, ShieldCheck, Cpu, Users, GitMerge } from 'lucide-react';
 import { NAV_ROUTES, pathToTab, NAV_MODULES } from './navigation.config';
 import type { NavModule } from './navigation.config';
 
@@ -21,7 +21,7 @@ export const NavRail: React.FC<NavRailProps> = ({ collapsed }) => {
   const activeTab = pathToTab(location.pathname);
 
   const modules: NavModule[] = useMemo(() => NAV_MODULES({
-    ShieldCheck, Building2, Users, Cpu, User, LogOut,
+    ShieldCheck, Building2, Users, GitMerge, Cpu, User, LogOut,
     primaryColorClass: 'text-m3-primary',
     indigoColorClass: 'text-indigo-400',
     t,

src/apps/ums.web-app/src/presentation/shared/layouts/navigation.config.tsx

@@ -7,7 +7,7 @@
  */
 import React from 'react';
 
-export type NavItemId = 'tenants' | 'users' | 'profile' | 'login';
+export type NavItemId = 'tenants' | 'users' | 'delegations' | 'profile' | 'login';
 
 export interface NavItem {
   id: NavItemId;
@@ -25,13 +25,15 @@ export interface NavModule {
 export const NAV_ROUTES: Record<NavItemId, string> = {
   tenants: '/tenants',
   users: '/users',
+  delegations: '/delegations',
   profile: '/profile',
   login: '/login',
 };
 
 export const pathToTab = (pathname: string): NavItemId => {
   if (pathname.startsWith('/tenants')) return 'tenants';
   if (pathname.startsWith('/users')) return 'users';
+  if (pathname.startsWith('/delegations')) return 'delegations';
   if (pathname.startsWith('/profile')) return 'profile';
   if (pathname.startsWith('/login')) return 'login';
   return 'tenants';
@@ -41,6 +43,7 @@ interface NavModulesFactoryDeps {
   ShieldCheck: React.ComponentType<{ className?: string }>;
   Building2: React.ComponentType<{ className?: string }>;
   Users: React.ComponentType<{ className?: string }>;
+  GitMerge: React.ComponentType<{ className?: string }>;
   Cpu: React.ComponentType<{ className?: string }>;
   User: React.ComponentType<{ className?: string }>;
   LogOut: React.ComponentType<{ className?: string }>;
@@ -55,8 +58,9 @@ export const NAV_MODULES = (deps: NavModulesFactoryDeps): NavModule[] => [
     nameKey: 'identityContext',
     icon: <deps.ShieldCheck className={`w-5 h-5 ${deps.primaryColorClass}`} />,
     members: [
-      { id: 'tenants', nameKey: 'tenant', icon: <deps.Building2 className="w-4 h-4" /> },
-      { id: 'users', nameKey: 'userAccounts', icon: <deps.Users className="w-4 h-4" /> },
+      { id: 'tenants',     nameKey: 'tenant',              icon: <deps.Building2 className="w-4 h-4" /> },
+      { id: 'users',       nameKey: 'userAccounts',        icon: <deps.Users className="w-4 h-4" /> },
+      { id: 'delegations', nameKey: 'delegationManagement', icon: <deps.GitMerge className="w-4 h-4" /> },
     ],
   },
   {