diff --git a/Cargo.lock b/Cargo.lock
index 334589b..694c1df 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2225,6 +2225,7 @@ dependencies = [
  "jsonwebtoken",
  "lettre",
  "mime_guess",
+ "rand 0.8.5",
  "reqwest 0.12.26",
  "serde",
  "serde_json",
diff --git a/roadmap.md b/roadmap.md
index 244b138..056e748 100644
--- a/roadmap.md
+++ b/roadmap.md
@@ -80,9 +80,9 @@
 - [x] **Importación Masiva (Excel)**: Finalizar soporte para Question Bank.
 
 ## Fase 23 - 27: Infraestructura Crítica 📋 (Planificado)
-- [ ] **Integración SMTP**: Password reset, notificaciones transaccionales y de marketing.
-- [ ] **Búsqueda Global Unificada**: Búsqueda full-text y semántica en toda la plataforma.
-- [ ] **Soporte SCORM/xAPI**: Player nativo para contenidos legados.
+- [x] **Integración SMTP**: Password reset, notificaciones transaccionales (inscripción, completitud) y emails de marketing.
+- [x] **Búsqueda Global Unificada**: Endpoint `/search` en LMS (cursos, lecciones, foros, anuncios) con full-text e índices GIN. Barra de búsqueda en navbar del Experience.
+- [x] **Soporte SCORM/xAPI**: Player nativo (iframe) para lecciones `content_type=scorm|xapi` y bloque `scorm`, con tracking de statements xAPI en LMS.
 - [ ] **Accesibilidad WCAG 2.1**: Auditoría y ajustes de contraste/navegación.
 - [ ] **PWA y Soporte Offline**: Service workers para aprendizaje sin conexión.
 
diff --git a/services/lms-service/Cargo.toml b/services/lms-service/Cargo.toml
index 0f72b93..b4ae72d 100644
--- a/services/lms-service/Cargo.toml
+++ b/services/lms-service/Cargo.toml
@@ -31,3 +31,4 @@ aws-config = "1"
 aws-sdk-s3 = "1"
 sha2.workspace = true
 lettre = { version = "0.11", default-features = false, features = ["builder", "smtp-transport", "tokio1", "tokio1-native-tls"] }
+rand = "0.8"
diff --git a/services/lms-service/migrations/20260422000001_password_reset_tokens.sql b/services/lms-service/migrations/20260422000001_password_reset_tokens.sql
new file mode 100644
index 0000000..b275142
--- /dev/null
+++ b/services/lms-service/migrations/20260422000001_password_reset_tokens.sql
@@ -0,0 +1,12 @@
+-- Tokens para recuperación de contraseña
+CREATE TABLE IF NOT EXISTS password_reset_tokens (
+    id          UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    user_id     UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    token       TEXT NOT NULL UNIQUE,
+    expires_at  TIMESTAMPTZ NOT NULL DEFAULT (NOW() + INTERVAL '1 hour'),
+    used_at     TIMESTAMPTZ,
+    created_at  TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_prt_token ON password_reset_tokens(token);
+CREATE INDEX IF NOT EXISTS idx_prt_user_id ON password_reset_tokens(user_id);
diff --git a/services/lms-service/migrations/20260422000002_global_search_indexes.sql b/services/lms-service/migrations/20260422000002_global_search_indexes.sql
new file mode 100644
index 0000000..bb6d82f
--- /dev/null
+++ b/services/lms-service/migrations/20260422000002_global_search_indexes.sql
@@ -0,0 +1,26 @@
+-- Índices para búsqueda global eficiente en cursos, lecciones, hilos y anuncios
+
+-- Cursos: full-text search sobre título y descripción
+CREATE INDEX IF NOT EXISTS idx_courses_search_title
+    ON courses USING gin(to_tsvector('spanish', COALESCE(title, '')));
+
+CREATE INDEX IF NOT EXISTS idx_courses_search_desc
+    ON courses USING gin(to_tsvector('spanish', COALESCE(description, '')));
+
+-- Lecciones: índice sobre título y summary
+CREATE INDEX IF NOT EXISTS idx_lessons_search_title
+    ON lessons USING gin(to_tsvector('spanish', COALESCE(title, '')));
+
+CREATE INDEX IF NOT EXISTS idx_lessons_search_summary
+    ON lessons USING gin(to_tsvector('spanish', COALESCE(summary, '')));
+
+-- Hilos de discusión: índice sobre título
+CREATE INDEX IF NOT EXISTS idx_discussion_threads_search_title
+    ON discussion_threads USING gin(to_tsvector('spanish', COALESCE(title, '')));
+
+-- Anuncios: índice sobre título y content
+CREATE INDEX IF NOT EXISTS idx_course_announcements_search_title
+    ON course_announcements USING gin(to_tsvector('spanish', COALESCE(title, '')));
+
+CREATE INDEX IF NOT EXISTS idx_course_announcements_search_body
+    ON course_announcements USING gin(to_tsvector('spanish', COALESCE(content, '')));
diff --git a/services/lms-service/migrations/20260422000003_xapi_statements.sql b/services/lms-service/migrations/20260422000003_xapi_statements.sql
new file mode 100644
index 0000000..03af90e
--- /dev/null
+++ b/services/lms-service/migrations/20260422000003_xapi_statements.sql
@@ -0,0 +1,19 @@
+-- Registro de eventos xAPI emitidos por contenidos SCORM/xAPI
+CREATE TABLE IF NOT EXISTS xapi_statements (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    organization_id UUID NOT NULL,
+    user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    course_id UUID NOT NULL REFERENCES courses(id) ON DELETE CASCADE,
+    lesson_id UUID NOT NULL REFERENCES lessons(id) ON DELETE CASCADE,
+    verb TEXT NOT NULL,
+    object_id TEXT NOT NULL,
+    score DOUBLE PRECISION,
+    progress DOUBLE PRECISION,
+    completed BOOLEAN,
+    raw_statement JSONB,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_xapi_statements_user ON xapi_statements(user_id, created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_xapi_statements_lesson ON xapi_statements(lesson_id, created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_xapi_statements_org ON xapi_statements(organization_id, created_at DESC);
diff --git a/services/lms-service/src/handlers.rs b/services/lms-service/src/handlers.rs
index 03e9230..1686f72 100644
--- a/services/lms-service/src/handlers.rs
+++ b/services/lms-service/src/handlers.rs
@@ -624,6 +624,37 @@ pub async fn enroll_user(
         )
         .await;
 
+    // Email transaccional de bienvenida (fire-and-forget)
+    {
+        let pool_clone = pool.clone();
+        let org_id = org_ctx.id;
+        tokio::spawn(async move {
+            let user_row = sqlx::query_as::<_, (String, Option<String>)>(
+                "SELECT email, full_name FROM users WHERE id = $1",
+            )
+            .bind(user_id)
+            .fetch_optional(&pool_clone)
+            .await;
+
+            let course_title = sqlx::query_scalar::<_, String>(
+                "SELECT title FROM courses WHERE id = $1",
+            )
+            .bind(course_id)
+            .fetch_optional(&pool_clone)
+            .await
+            .ok()
+            .flatten()
+            .unwrap_or_else(|| "el curso".to_string());
+
+            if let Ok(Some((email, name))) = user_row {
+                let name = name.unwrap_or_else(|| "Estudiante".to_string());
+                crate::handlers_email::send_enrollment_email(
+                    &pool_clone, org_id, &email, &name, &course_title,
+                ).await;
+            }
+        });
+    }
+
     Ok(Json(enrollment))
 }
 
diff --git a/services/lms-service/src/handlers_certificates.rs b/services/lms-service/src/handlers_certificates.rs
index 8717c85..3a4759b 100644
--- a/services/lms-service/src/handlers_certificates.rs
+++ b/services/lms-service/src/handlers_certificates.rs
@@ -546,12 +546,15 @@ async fn issue_certificate_internal(
         )
     })?;
 
+    // Enviar email de completitud (fire-and-forget)
+    _send_completion_email_spawn(pool.clone(), organization_id, user_id, user_name.clone(), course_title.clone());
+
     Ok(Json(CertificateResponse {
         id: issued_cert.get("id"),
         user_id,
         course_id,
-        course_title: course_title,
-        student_name: user_name,
+        course_title: course_title.clone(),
+        student_name: user_name.clone(),
         certificate_html,
         issued_at: issued_cert.get::<chrono::DateTime<chrono::Utc>, _>("issued_at").to_string(),
         verification_code,
@@ -559,6 +562,24 @@ async fn issue_certificate_internal(
     }))
 }
 
+// Importación local para email (evitar ciclos de módulos)
+use crate::handlers_email;
+
+fn _send_completion_email_spawn(pool: PgPool, org_id: Uuid, user_id: Uuid, user_name: String, course_title: String) {
+    tokio::spawn(async move {
+        let email_row = sqlx::query_as::<_, (String,)>(
+            "SELECT email FROM users WHERE id = $1",
+        )
+        .bind(user_id)
+        .fetch_optional(&pool)
+        .await;
+
+        if let Ok(Some((email,))) = email_row {
+            handlers_email::send_completion_email(&pool, org_id, &email, &user_name, &course_title).await;
+        }
+    });
+}
+
 /// Template de certificado por defecto
 fn get_default_certificate_template() -> String {
     r#"<!DOCTYPE html>
diff --git a/services/lms-service/src/handlers_email.rs b/services/lms-service/src/handlers_email.rs
new file mode 100644
index 0000000..5caba9f
--- /dev/null
+++ b/services/lms-service/src/handlers_email.rs
@@ -0,0 +1,406 @@
+use axum::{Json, extract::State, http::StatusCode};
+use bcrypt::{DEFAULT_COST, hash};
+use lettre::message::Mailbox;
+use lettre::transport::smtp::authentication::Credentials;
+use lettre::{AsyncSmtpTransport, AsyncTransport, Message, Tokio1Executor};
+use rand::distributions::Alphanumeric;
+use rand::{Rng, thread_rng};
+use serde::{Deserialize, Serialize};
+use sqlx::PgPool;
+use std::env;
+use uuid::Uuid;
+
+// ─── Helpers SMTP compartidos ─────────────────────────────────────────────────
+
+#[derive(Debug, Clone)]
+pub struct SmtpConfig {
+    pub enabled: bool,
+    pub host: String,
+    pub from: String,
+    pub port: u16,
+    pub starttls: bool,
+    pub username: Option<String>,
+    pub password: Option<String>,
+}
+
+#[derive(Debug, Clone, sqlx::FromRow)]
+struct OrgEmailServiceRow {
+    service_type: String,
+    smtp_enabled: bool,
+    smtp_host: Option<String>,
+    smtp_port: i32,
+    smtp_from: Option<String>,
+    smtp_username: Option<String>,
+    smtp_password: Option<String>,
+    smtp_starttls: bool,
+}
+
+pub async fn load_smtp_config(pool: &PgPool, organization_id: Uuid) -> Option<SmtpConfig> {
+    // Intentar cargar config desde la BD
+    let row = sqlx::query_as::<_, OrgEmailServiceRow>(
+        r#"
+        SELECT service_type, smtp_enabled, smtp_host, smtp_port, smtp_from,
+               smtp_username, smtp_password, smtp_starttls
+        FROM organization_email_services
+        WHERE organization_id = $1
+        ORDER BY is_default DESC, created_at ASC
+        LIMIT 1
+        "#,
+    )
+    .bind(organization_id)
+    .fetch_optional(pool)
+    .await
+    .ok()
+    .flatten();
+
+    if let Some(row) = row {
+        if row.service_type.trim().to_lowercase() == "smtp" {
+            let host = row.smtp_host.unwrap_or_default().trim().to_string();
+            if !host.is_empty() {
+                return Some(SmtpConfig {
+                    enabled: row.smtp_enabled,
+                    host,
+                    from: row.smtp_from.unwrap_or_else(|| "OpenCCB <no-reply@openccb.local>".to_string()),
+                    port: u16::try_from(row.smtp_port).unwrap_or(587),
+                    starttls: row.smtp_starttls,
+                    username: row.smtp_username.filter(|v| !v.trim().is_empty()),
+                    password: row.smtp_password.filter(|v| !v.trim().is_empty()),
+                });
+            }
+        }
+    }
+
+    // Fallback a variables de entorno
+    let host = env::var("SMTP_HOST").ok().filter(|v| !v.trim().is_empty())?;
+    let enabled = env::var("SMTP_ENABLED")
+        .map(|v| matches!(v.trim().to_lowercase().as_str(), "1" | "true" | "yes"))
+        .unwrap_or(false);
+    let from = env::var("SMTP_FROM")
+        .unwrap_or_else(|_| "OpenCCB <no-reply@openccb.local>".to_string());
+    let port = env::var("SMTP_PORT")
+        .ok()
+        .and_then(|v| v.parse::<u16>().ok())
+        .unwrap_or(587);
+    let starttls = env::var("SMTP_STARTTLS")
+        .map(|v| matches!(v.trim().to_lowercase().as_str(), "1" | "true" | "yes"))
+        .unwrap_or(false);
+
+    Some(SmtpConfig {
+        enabled,
+        host,
+        from,
+        port,
+        starttls,
+        username: env::var("SMTP_USERNAME").ok().filter(|v| !v.trim().is_empty()),
+        password: env::var("SMTP_PASSWORD").ok().filter(|v| !v.trim().is_empty()),
+    })
+}
+
+pub fn build_mailer(config: &SmtpConfig) -> Result<AsyncSmtpTransport<Tokio1Executor>, String> {
+    let mut builder = if config.starttls {
+        AsyncSmtpTransport::<Tokio1Executor>::relay(&config.host)
+            .map_err(|e| format!("SMTP relay error: {}", e))?
+            .port(config.port)
+    } else {
+        AsyncSmtpTransport::<Tokio1Executor>::builder_dangerous(&config.host).port(config.port)
+    };
+
+    if let (Some(user), Some(pass)) = (&config.username, &config.password) {
+        builder = builder.credentials(Credentials::new(user.trim().to_string(), pass.trim().to_string()));
+    }
+
+    Ok(builder.build())
+}
+
+pub async fn send_email(
+    config: &SmtpConfig,
+    to_email: &str,
+    to_name: &str,
+    subject: &str,
+    body_html: &str,
+) -> Result<(), String> {
+    if !config.enabled {
+        tracing::debug!("SMTP deshabilitado — email no enviado a {}", to_email);
+        return Ok(());
+    }
+
+    let from: Mailbox = config
+        .from
+        .parse()
+        .map_err(|e| format!("From inválido: {}", e))?;
+
+    let to_str = if to_name.is_empty() {
+        to_email.to_string()
+    } else {
+        format!("{} <{}>", to_name, to_email)
+    };
+    let to: Mailbox = to_str.parse().map_err(|e| format!("To inválido: {}", e))?;
+
+    let email = Message::builder()
+        .from(from)
+        .to(to)
+        .subject(subject)
+        .header(lettre::message::header::ContentType::TEXT_HTML)
+        .body(body_html.to_string())
+        .map_err(|e| format!("Error construyendo email: {}", e))?;
+
+    let mailer = build_mailer(config)?;
+    mailer.send(email).await.map_err(|e| format!("Error enviando email: {}", e))?;
+    Ok(())
+}
+
+// ─── Password Reset ────────────────────────────────────────────────────────────
+
+#[derive(Deserialize)]
+pub struct ForgotPasswordPayload {
+    pub email: String,
+}
+
+#[derive(Deserialize)]
+pub struct ResetPasswordPayload {
+    pub token: String,
+    pub new_password: String,
+}
+
+#[derive(Serialize)]
+pub struct MessageResponse {
+    pub message: String,
+}
+
+#[derive(sqlx::FromRow)]
+struct UserForReset {
+    id: Uuid,
+    email: String,
+    full_name: Option<String>,
+    organization_id: Uuid,
+}
+
+pub async fn forgot_password(
+    State(pool): State<PgPool>,
+    Json(payload): Json<ForgotPasswordPayload>,
+) -> Result<Json<MessageResponse>, (StatusCode, String)> {
+    let email = payload.email.trim().to_lowercase();
+
+    // Buscar usuario (respuesta genérica para no revelar si existe)
+    let user = sqlx::query_as::<_, UserForReset>(
+        "SELECT id, email, full_name, organization_id FROM users WHERE LOWER(email) = $1",
+    )
+    .bind(&email)
+    .fetch_optional(&pool)
+    .await
+    .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
+
+    let Some(user) = user else {
+        // Respuesta genérica — no revelar si el email existe
+        return Ok(Json(MessageResponse {
+            message: "Si el correo existe, recibirás un enlace para restablecer tu contraseña."
+                .to_string(),
+        }));
+    };
+
+    // Generar token seguro de 48 caracteres
+    let token: String = thread_rng()
+        .sample_iter(&Alphanumeric)
+        .take(48)
+        .map(char::from)
+        .collect();
+
+    // Invalidar tokens anteriores del mismo usuario
+    sqlx::query("UPDATE password_reset_tokens SET used_at = NOW() WHERE user_id = $1 AND used_at IS NULL")
+        .bind(user.id)
+        .execute(&pool)
+        .await
+        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
+
+    // Insertar nuevo token (expira en 1 hora)
+    sqlx::query(
+        "INSERT INTO password_reset_tokens (user_id, token, expires_at) VALUES ($1, $2, NOW() + INTERVAL '1 hour')",
+    )
+    .bind(user.id)
+    .bind(&token)
+    .execute(&pool)
+    .await
+    .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
+
+    // Intentar enviar email (fire-and-forget en caso de error SMTP)
+    let base_url = env::var("EXPERIENCE_URL").unwrap_or_else(|_| "https://openccb.local".to_string());
+    let reset_url = format!("{}/reset-password?token={}", base_url, token);
+    let full_name = user.full_name.as_deref().unwrap_or("Estudiante");
+
+    let body = format!(
+        r#"<!DOCTYPE html>
+<html>
+<head><meta charset="utf-8"></head>
+<body style="font-family:Arial,sans-serif;max-width:600px;margin:0 auto;padding:20px">
+  <h2>Restablecer contraseña</h2>
+  <p>Hola {full_name},</p>
+  <p>Recibimos una solicitud para restablecer la contraseña de tu cuenta.</p>
+  <p style="text-align:center;margin:30px 0">
+    <a href="{reset_url}"
+       style="background:#4f46e5;color:#fff;padding:12px 24px;text-decoration:none;border-radius:6px;display:inline-block">
+      Restablecer contraseña
+    </a>
+  </p>
+  <p>Este enlace expira en <strong>1 hora</strong>.</p>
+  <p>Si no solicitaste esto, ignora este mensaje.</p>
+  <hr style="border:none;border-top:1px solid #eee;margin:30px 0">
+  <p style="color:#888;font-size:12px">OpenCCB — Plataforma de Aprendizaje</p>
+</body>
+</html>"#,
+        full_name = full_name,
+        reset_url = reset_url
+    );
+
+    if let Some(smtp) = load_smtp_config(&pool, user.organization_id).await {
+        if let Err(e) = send_email(&smtp, &user.email, full_name, "Restablecer contraseña", &body).await {
+            tracing::warn!("No se pudo enviar email de reset a {}: {}", user.email, e);
+        }
+    }
+
+    Ok(Json(MessageResponse {
+        message: "Si el correo existe, recibirás un enlace para restablecer tu contraseña.".to_string(),
+    }))
+}
+
+pub async fn reset_password(
+    State(pool): State<PgPool>,
+    Json(payload): Json<ResetPasswordPayload>,
+) -> Result<Json<MessageResponse>, (StatusCode, String)> {
+    let token = payload.token.trim().to_string();
+
+    if token.is_empty() || payload.new_password.len() < 8 {
+        return Err((
+            StatusCode::BAD_REQUEST,
+            "Token o contraseña inválidos (mínimo 8 caracteres)".to_string(),
+        ));
+    }
+
+    // Buscar token válido
+    let row = sqlx::query_as::<_, (Uuid,)>(
+        r#"SELECT user_id FROM password_reset_tokens
+           WHERE token = $1 AND used_at IS NULL AND expires_at > NOW()"#,
+    )
+    .bind(&token)
+    .fetch_optional(&pool)
+    .await
+    .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
+
+    let Some((user_id,)) = row else {
+        return Err((
+            StatusCode::BAD_REQUEST,
+            "Token inválido o expirado".to_string(),
+        ));
+    };
+
+    // Hashear nueva contraseña
+    let password_hash = hash(&payload.new_password, DEFAULT_COST).map_err(|_| {
+        (StatusCode::INTERNAL_SERVER_ERROR, "Error al procesar contraseña".to_string())
+    })?;
+
+    // Actualizar contraseña
+    sqlx::query("UPDATE users SET password_hash = $1, updated_at = NOW() WHERE id = $2")
+        .bind(&password_hash)
+        .bind(user_id)
+        .execute(&pool)
+        .await
+        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
+
+    // Marcar token como usado
+    sqlx::query("UPDATE password_reset_tokens SET used_at = NOW() WHERE token = $1")
+        .bind(&token)
+        .execute(&pool)
+        .await
+        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
+
+    Ok(Json(MessageResponse {
+        message: "Contraseña actualizada correctamente. Ya puedes iniciar sesión.".to_string(),
+    }))
+}
+
+// ─── Emails transaccionales ────────────────────────────────────────────────────
+
+/// Envía email de bienvenida al inscribirse en un curso.
+/// Fire-and-forget (los errores se loguean, no bloquean la respuesta).
+pub async fn send_enrollment_email(
+    pool: &PgPool,
+    organization_id: Uuid,
+    user_email: &str,
+    user_name: &str,
+    course_title: &str,
+) {
+    let Some(smtp) = load_smtp_config(pool, organization_id).await else {
+        return;
+    };
+
+    let base_url = env::var("EXPERIENCE_URL").unwrap_or_else(|_| "https://openccb.local".to_string());
+    let body = format!(
+        r#"<!DOCTYPE html>
+<html>
+<head><meta charset="utf-8"></head>
+<body style="font-family:Arial,sans-serif;max-width:600px;margin:0 auto;padding:20px">
+  <h2>¡Te has inscrito exitosamente!</h2>
+  <p>Hola {user_name},</p>
+  <p>Tu inscripción en <strong>{course_title}</strong> ha sido confirmada.</p>
+  <p style="text-align:center;margin:30px 0">
+    <a href="{base_url}/courses"
+       style="background:#4f46e5;color:#fff;padding:12px 24px;text-decoration:none;border-radius:6px;display:inline-block">
+      Ir a mis cursos
+    </a>
+  </p>
+  <p>¡Mucho éxito en tu aprendizaje!</p>
+  <hr style="border:none;border-top:1px solid #eee;margin:30px 0">
+  <p style="color:#888;font-size:12px">OpenCCB — Plataforma de Aprendizaje</p>
+</body>
+</html>"#,
+        user_name = user_name,
+        course_title = course_title,
+        base_url = base_url
+    );
+
+    if let Err(e) = send_email(&smtp, user_email, user_name, &format!("Inscripción confirmada: {}", course_title), &body).await {
+        tracing::warn!("Email de inscripción no enviado a {}: {}", user_email, e);
+    }
+}
+
+/// Envía email de felicitación al completar un curso.
+pub async fn send_completion_email(
+    pool: &PgPool,
+    organization_id: Uuid,
+    user_email: &str,
+    user_name: &str,
+    course_title: &str,
+) {
+    let Some(smtp) = load_smtp_config(pool, organization_id).await else {
+        return;
+    };
+
+    let base_url = env::var("EXPERIENCE_URL").unwrap_or_else(|_| "https://openccb.local".to_string());
+    let body = format!(
+        r#"<!DOCTYPE html>
+<html>
+<head><meta charset="utf-8"></head>
+<body style="font-family:Arial,sans-serif;max-width:600px;margin:0 auto;padding:20px">
+  <h2>🎉 ¡Felicitaciones, completaste el curso!</h2>
+  <p>Hola {user_name},</p>
+  <p>Has completado exitosamente <strong>{course_title}</strong>.</p>
+  <p>Puedes descargar tu certificado desde la plataforma.</p>
+  <p style="text-align:center;margin:30px 0">
+    <a href="{base_url}/courses"
+       style="background:#16a34a;color:#fff;padding:12px 24px;text-decoration:none;border-radius:6px;display:inline-block">
+      Ver mis certificados
+    </a>
+  </p>
+  <p>Sigue aprendiendo — ¡el conocimiento no tiene límites!</p>
+  <hr style="border:none;border-top:1px solid #eee;margin:30px 0">
+  <p style="color:#888;font-size:12px">OpenCCB — Plataforma de Aprendizaje</p>
+</body>
+</html>"#,
+        user_name = user_name,
+        course_title = course_title,
+        base_url = base_url
+    );
+
+    if let Err(e) = send_email(&smtp, user_email, user_name, &format!("¡Completaste: {}!", course_title), &body).await {
+        tracing::warn!("Email de completitud no enviado a {}: {}", user_email, e);
+    }
+}
diff --git a/services/lms-service/src/handlers_scorm.rs b/services/lms-service/src/handlers_scorm.rs
new file mode 100644
index 0000000..de1bbf7
--- /dev/null
+++ b/services/lms-service/src/handlers_scorm.rs
@@ -0,0 +1,83 @@
+use axum::{
+    Json,
+    extract::State,
+    http::StatusCode,
+};
+use common::auth::Claims;
+use common::middleware::Org;
+use serde::{Deserialize, Serialize};
+use serde_json::Value;
+use sqlx::PgPool;
+use uuid::Uuid;
+
+#[derive(Debug, Deserialize)]
+pub struct XapiStatementPayload {
+    pub course_id: Uuid,
+    pub lesson_id: Uuid,
+    pub verb: String,
+    pub object_id: String,
+    pub score: Option<f64>,
+    pub progress: Option<f64>,
+    pub completed: Option<bool>,
+    pub raw_statement: Option<Value>,
+}
+
+#[derive(Debug, Serialize)]
+pub struct XapiStatementResponse {
+    pub id: Uuid,
+    pub message: String,
+}
+
+pub async fn track_xapi_statement(
+    Org(org_ctx): Org,
+    claims: Claims,
+    State(pool): State<PgPool>,
+    Json(payload): Json<XapiStatementPayload>,
+) -> Result<Json<XapiStatementResponse>, (StatusCode, String)> {
+    if payload.verb.trim().is_empty() || payload.object_id.trim().is_empty() {
+        return Err((
+            StatusCode::BAD_REQUEST,
+            "verb y object_id son requeridos".to_string(),
+        ));
+    }
+
+    let statement_id = Uuid::new_v4();
+
+    sqlx::query(
+        r#"
+        INSERT INTO xapi_statements (
+            id,
+            organization_id,
+            user_id,
+            course_id,
+            lesson_id,
+            verb,
+            object_id,
+            score,
+            progress,
+            completed,
+            raw_statement
+        )
+        VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11)
+        "#,
+    )
+    .bind(statement_id)
+    .bind(org_ctx.id)
+    .bind(claims.sub)
+    .bind(payload.course_id)
+    .bind(payload.lesson_id)
+    .bind(payload.verb.trim())
+    .bind(payload.object_id.trim())
+    .bind(payload.score)
+    .bind(payload.progress)
+    .bind(payload.completed)
+    .bind(payload.raw_statement)
+    .execute(&pool)
+    .await
+    .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
+
+    Ok(Json(XapiStatementResponse {
+        id: statement_id,
+        message: "xAPI statement registrado".to_string(),
+    }))
+}
diff --git a/services/lms-service/src/handlers_search.rs b/services/lms-service/src/handlers_search.rs
new file mode 100644
index 0000000..a692780
--- /dev/null
+++ b/services/lms-service/src/handlers_search.rs
@@ -0,0 +1,204 @@
+use axum::{Json, extract::{Query, State}, http::StatusCode};
+use common::auth::Claims;
+use common::middleware::Org;
+use serde::{Deserialize, Serialize};
+use sqlx::PgPool;
+use uuid::Uuid;
+
+#[derive(Deserialize)]
+pub struct GlobalSearchQuery {
+    pub q: String,
+    pub limit: Option<i64>,
+}
+
+#[derive(Serialize)]
+pub struct SearchResultItem {
+    pub id: Uuid,
+    pub kind: String,       // "course", "lesson", "discussion", "announcement"
+    pub title: String,
+    pub snippet: Option<String>,
+    pub url: String,        // ruta relativa para el frontend
+    pub course_id: Option<Uuid>,
+    pub course_title: Option<String>,
+}
+
+#[derive(Serialize)]
+pub struct GlobalSearchResponse {
+    pub query: String,
+    pub total: usize,
+    pub results: Vec<SearchResultItem>,
+}
+
+pub async fn global_search(
+    Org(org_ctx): Org,
+    _claims: Claims,
+    State(pool): State<PgPool>,
+    Query(params): Query<GlobalSearchQuery>,
+) -> Result<Json<GlobalSearchResponse>, (StatusCode, String)> {
+    let q = params.q.trim().to_string();
+    if q.is_empty() {
+        return Ok(Json(GlobalSearchResponse {
+            query: q,
+            total: 0,
+            results: vec![],
+        }));
+    }
+
+    let limit = params.limit.unwrap_or(20).min(50);
+    let org_id = org_ctx.id;
+    let like_q = format!("%{}%", q.to_lowercase());
+
+    let mut results: Vec<SearchResultItem> = Vec::new();
+
+    // ── 1. Cursos ──────────────────────────────────────────────────────────────
+    let courses = sqlx::query_as::<_, (Uuid, String, Option<String>)>(
+        r#"
+        SELECT id, title, description
+        FROM courses
+        WHERE organization_id = $1
+          AND (LOWER(title) LIKE $2 OR LOWER(COALESCE(description,'')) LIKE $2)
+        ORDER BY title
+        LIMIT $3
+        "#,
+    )
+    .bind(org_id)
+    .bind(&like_q)
+    .bind(limit)
+    .fetch_all(&pool)
+    .await
+    .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
+
+    for (id, title, description) in courses {
+        let snippet = description.map(|d| truncate(&d, 150));
+        results.push(SearchResultItem {
+            id,
+            kind: "course".to_string(),
+            title: title.clone(),
+            snippet,
+            url: format!("/courses/{}", id),
+            course_id: Some(id),
+            course_title: Some(title),
+        });
+    }
+
+    // ── 2. Lecciones ───────────────────────────────────────────────────────────
+    let lessons = sqlx::query_as::<_, (Uuid, String, Option<String>, Uuid, String)>(
+        r#"
+        SELECT l.id, l.title, l.summary, c.id AS course_id, c.title AS course_title
+        FROM lessons l
+        JOIN modules m ON l.module_id = m.id
+        JOIN courses c ON m.course_id = c.id
+        WHERE l.organization_id = $1
+          AND (LOWER(l.title) LIKE $2 OR LOWER(COALESCE(l.summary,'')) LIKE $2)
+        ORDER BY l.title
+        LIMIT $3
+        "#,
+    )
+    .bind(org_id)
+    .bind(&like_q)
+    .bind(limit)
+    .fetch_all(&pool)
+    .await
+    .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
+
+    for (id, title, summary, course_id, course_title) in lessons {
+        let snippet = summary.map(|s| truncate(&s, 150));
+        results.push(SearchResultItem {
+            id,
+            kind: "lesson".to_string(),
+            title,
+            snippet,
+            url: format!("/courses/{}/lessons/{}", course_id, id),
+            course_id: Some(course_id),
+            course_title: Some(course_title),
+        });
+    }
+
+    // ── 3. Hilos de discusión ──────────────────────────────────────────────────
+    let threads = sqlx::query_as::<_, (Uuid, String, Option<String>, Uuid, String)>(
+        r#"
+                SELECT t.id, t.title, t.content AS body, c.id AS course_id, c.title AS course_title
+        FROM discussion_threads t
+        JOIN courses c ON t.course_id = c.id
+        WHERE t.organization_id = $1
+                    AND (LOWER(t.title) LIKE $2 OR LOWER(COALESCE(t.content,'')) LIKE $2)
+        ORDER BY t.created_at DESC
+        LIMIT $3
+        "#,
+    )
+    .bind(org_id)
+    .bind(&like_q)
+    .bind(limit)
+    .fetch_all(&pool)
+    .await
+    .unwrap_or_default();   // silenciamos si la tabla no tiene columna "body"
+
+    for (id, title, body, course_id, course_title) in threads {
+        let snippet = body.map(|b| truncate(&b, 150));
+        results.push(SearchResultItem {
+            id,
+            kind: "discussion".to_string(),
+            title,
+            snippet,
+            url: format!("/courses/{}/discussions/{}", course_id, id),
+            course_id: Some(course_id),
+            course_title: Some(course_title),
+        });
+    }
+
+    // ── 4. Anuncios ────────────────────────────────────────────────────────────
+    let announcements = sqlx::query_as::<_, (Uuid, String, String, Uuid, String)>(
+        r#"
+                SELECT a.id, a.title, a.content, c.id AS course_id, c.title AS course_title
+        FROM course_announcements a
+        JOIN courses c ON a.course_id = c.id
+        WHERE a.organization_id = $1
+                    AND (LOWER(a.title) LIKE $2 OR LOWER(a.content) LIKE $2)
+        ORDER BY a.created_at DESC
+        LIMIT $3
+        "#,
+    )
+    .bind(org_id)
+    .bind(&like_q)
+    .bind(limit)
+    .fetch_all(&pool)
+    .await
+    .unwrap_or_default();
+
+    for (id, title, body, course_id, course_title) in announcements {
+        results.push(SearchResultItem {
+            id,
+            kind: "announcement".to_string(),
+            title,
+            snippet: Some(truncate(&body, 150)),
+            url: format!("/courses/{}", course_id),
+            course_id: Some(course_id),
+            course_title: Some(course_title),
+        });
+    }
+
+    // Ordenar: primero cursos, luego agrupados por relevancia textual básica
+    results.sort_by(|a, b| {
+        let a_exact = a.title.to_lowercase().contains(&q.to_lowercase()) as u8;
+        let b_exact = b.title.to_lowercase().contains(&q.to_lowercase()) as u8;
+        b_exact.cmp(&a_exact).then(a.kind.cmp(&b.kind))
+    });
+
+    results.truncate(limit as usize);
+    let total = results.len();
+
+    Ok(Json(GlobalSearchResponse {
+        query: q,
+        total,
+        results,
+    }))
+}
+
+fn truncate(s: &str, max_chars: usize) -> String {
+    if s.chars().count() <= max_chars {
+        s.to_string()
+    } else {
+        let t: String = s.chars().take(max_chars).collect();
+        format!("{}...", t.trim_end())
+    }
+}
diff --git a/services/lms-service/src/main.rs b/services/lms-service/src/main.rs
index 083987b..8816a0c 100644
--- a/services/lms-service/src/main.rs
+++ b/services/lms-service/src/main.rs
@@ -1,6 +1,9 @@
 mod db_util;
 mod handlers;
 mod handlers_announcements;
+mod handlers_email;
+mod handlers_scorm;
+mod handlers_search;
 mod handlers_cohorts;
 mod handlers_discussions;
 mod handlers_notes;
@@ -386,6 +389,10 @@ async fn main() {
         .route("/ingest", post(handlers::ingest_course))
         .route("/auth/register", post(handlers::register))
         .route("/auth/login", post(handlers::login))
+        .route("/auth/forgot-password", post(handlers_email::forgot_password))
+        .route("/auth/reset-password", post(handlers_email::reset_password))
+        .route("/xapi/statements", post(handlers_scorm::track_xapi_statement))
+        .route("/search", get(handlers_search::global_search))
         .route(
             "/payments/mercadopago/webhook",
             post(handlers_payments::mercadopago_webhook),
diff --git a/web/experience/src/app/auth/forgot-password/page.tsx b/web/experience/src/app/auth/forgot-password/page.tsx
new file mode 100644
index 0000000..fccf061
--- /dev/null
+++ b/web/experience/src/app/auth/forgot-password/page.tsx
@@ -0,0 +1,94 @@
+"use client";
+
+import React, { useState } from "react";
+import { lmsApi } from "@/lib/api";
+import { GraduationCap, Mail, ArrowLeft, CheckCircle } from "lucide-react";
+
+export default function ForgotPasswordPage() {
+    const [email, setEmail] = useState("");
+    const [loading, setLoading] = useState(false);
+    const [sent, setSent] = useState(false);
+    const [error, setError] = useState("");
+
+    const handleSubmit = async (e: React.FormEvent) => {
+        e.preventDefault();
+        setError("");
+        setLoading(true);
+        try {
+            await lmsApi.forgotPassword(email.trim().toLowerCase());
+            setSent(true);
+        } catch {
+            setError("Ocurrió un error. Intenta nuevamente.");
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    return (
+        <div className="min-h-screen bg-slate-50 dark:bg-gradient-to-br dark:from-slate-950 dark:via-indigo-950 dark:to-slate-950 flex items-center justify-center p-4 transition-colors">
+            <div className="w-full max-w-md animate-in fade-in zoom-in duration-500">
+                <div className="text-center mb-8">
+                    <div className="inline-flex items-center justify-center w-16 h-16 bg-indigo-600 rounded-2xl mb-4 shadow-lg shadow-indigo-600/30">
+                        <GraduationCap className="w-8 h-8 text-white" />
+                    </div>
+                    <h1 className="text-2xl font-black text-slate-900 dark:text-white mb-2">Recuperar contraseña</h1>
+                    <p className="text-slate-500 dark:text-indigo-200/60 text-sm">
+                        Ingresa tu correo y te enviaremos un enlace de restablecimiento.
+                    </p>
+                </div>
+
+                <div className="bg-white dark:bg-white/5 backdrop-blur-xl border border-slate-200 dark:border-white/10 shadow-xl rounded-3xl p-8">
+                    {sent ? (
+                        <div className="text-center py-4">
+                            <CheckCircle className="w-12 h-12 text-green-500 mx-auto mb-4" />
+                            <p className="text-slate-700 dark:text-slate-300 font-medium">
+                                Si el correo existe en nuestro sistema, recibirás un enlace para restablecer tu contraseña.
+                            </p>
+                            <p className="text-slate-400 text-sm mt-2">Revisa tu bandeja de entrada o spam.</p>
+                        </div>
+                    ) : (
+                        <form onSubmit={handleSubmit} className="space-y-4">
+                            <div className="space-y-1">
+                                <label className="text-xs font-bold text-slate-500 dark:text-gray-400 uppercase tracking-wider">
+                                    Correo Electrónico
+                                </label>
+                                <div className="relative">
+                                    <Mail className="absolute left-3 top-1/2 -translate-y-1/2 w-4 h-4 text-slate-400" />
+                                    <input
+                                        required
+                                        type="email"
+                                        value={email}
+                                        onChange={e => setEmail(e.target.value)}
+                                        className="w-full bg-slate-50 dark:bg-slate-900/50 border border-slate-200 dark:border-white/10 rounded-xl py-3 pl-10 pr-4 text-slate-900 dark:text-white text-sm focus:border-indigo-500 focus:outline-none transition-colors"
+                                        placeholder="nombre@correo.com"
+                                    />
+                                </div>
+                            </div>
+
+                            {error && (
+                                <div className="bg-red-50 dark:bg-red-500/10 border border-red-200 dark:border-red-500/20 text-red-600 dark:text-red-300 text-xs p-3 rounded-lg font-medium">
+                                    {error}
+                                </div>
+                            )}
+
+                            <button
+                                disabled={loading}
+                                type="submit"
+                                className="w-full bg-indigo-600 hover:bg-indigo-700 text-white font-bold py-3 rounded-xl transition-all shadow-lg shadow-indigo-600/20 disabled:opacity-50"
+                            >
+                                {loading ? "Enviando..." : "Enviar enlace"}
+                            </button>
+                        </form>
+                    )}
+
+                    <div className="mt-6 text-center">
+                        <a href="/auth/login" className="inline-flex items-center gap-1 text-xs text-indigo-600 dark:text-indigo-400 hover:underline font-medium">
+                            <ArrowLeft className="w-3 h-3" />
+                            Volver al inicio de sesión
+                        </a>
+                    </div>
+                </div>
+            </div>
+        </div>
+    );
+}
diff --git a/web/experience/src/app/auth/login/page.tsx b/web/experience/src/app/auth/login/page.tsx
index 2c1ba87..2ec9280 100644
--- a/web/experience/src/app/auth/login/page.tsx
+++ b/web/experience/src/app/auth/login/page.tsx
@@ -109,6 +109,13 @@ export default function ExperienceLoginPage() {
                                     <Lock className="absolute left-3 top-1/2 -translate-y-1/2 w-4 h-4 text-slate-400 dark:text-gray-500" />
                                     <input required type="password" value={password} onChange={e => setPassword(e.target.value)} className="w-full bg-slate-50 dark:bg-slate-900/50 border border-slate-200 dark:border-white/10 rounded-xl py-3 pl-10 pr-4 text-slate-900 dark:text-white text-sm focus:border-indigo-500 focus:outline-none transition-colors" placeholder="••••••••" />
                                 </div>
+                                {isLogin && (
+                                    <div className="text-right pt-1">
+                                        <a href="/auth/forgot-password" className="text-xs text-indigo-600 dark:text-indigo-400 hover:underline font-medium">
+                                            ¿Olvidaste tu contraseña?
+                                        </a>
+                                    </div>
+                                )}
                             </div>
 
                             {error && <div className="bg-red-50 dark:bg-red-500/10 border border-red-200 dark:border-red-500/20 text-red-600 dark:text-red-300 text-xs p-3 rounded-lg font-medium">{error}</div>}
diff --git a/web/experience/src/app/auth/reset-password/page.tsx b/web/experience/src/app/auth/reset-password/page.tsx
new file mode 100644
index 0000000..dbc7767
--- /dev/null
+++ b/web/experience/src/app/auth/reset-password/page.tsx
@@ -0,0 +1,131 @@
+"use client";
+
+import React, { useState, Suspense } from "react";
+import { useRouter, useSearchParams } from "next/navigation";
+import { lmsApi } from "@/lib/api";
+import { GraduationCap, Lock, CheckCircle } from "lucide-react";
+
+function ResetPasswordForm() {
+    const router = useRouter();
+    const searchParams = useSearchParams();
+    const token = searchParams.get("token") ?? "";
+
+    const [password, setPassword] = useState("");
+    const [confirm, setConfirm] = useState("");
+    const [loading, setLoading] = useState(false);
+    const [success, setSuccess] = useState(false);
+    const [error, setError] = useState("");
+
+    const handleSubmit = async (e: React.FormEvent) => {
+        e.preventDefault();
+        setError("");
+        if (password.length < 8) {
+            setError("La contraseña debe tener al menos 8 caracteres.");
+            return;
+        }
+        if (password !== confirm) {
+            setError("Las contraseñas no coinciden.");
+            return;
+        }
+        if (!token) {
+            setError("Token inválido o ausente.");
+            return;
+        }
+        setLoading(true);
+        try {
+            await lmsApi.resetPassword(token, password);
+            setSuccess(true);
+            setTimeout(() => router.push("/auth/login"), 3000);
+        } catch {
+            setError("El enlace es inválido o ha expirado. Solicita uno nuevo.");
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    return (
+        <div className="min-h-screen bg-slate-50 dark:bg-gradient-to-br dark:from-slate-950 dark:via-indigo-950 dark:to-slate-950 flex items-center justify-center p-4 transition-colors">
+            <div className="w-full max-w-md animate-in fade-in zoom-in duration-500">
+                <div className="text-center mb-8">
+                    <div className="inline-flex items-center justify-center w-16 h-16 bg-indigo-600 rounded-2xl mb-4 shadow-lg shadow-indigo-600/30">
+                        <GraduationCap className="w-8 h-8 text-white" />
+                    </div>
+                    <h1 className="text-2xl font-black text-slate-900 dark:text-white mb-2">Nueva contraseña</h1>
+                    <p className="text-slate-500 dark:text-indigo-200/60 text-sm">
+                        Elige una contraseña segura de al menos 8 caracteres.
+                    </p>
+                </div>
+
+                <div className="bg-white dark:bg-white/5 backdrop-blur-xl border border-slate-200 dark:border-white/10 shadow-xl rounded-3xl p-8">
+                    {success ? (
+                        <div className="text-center py-4">
+                            <CheckCircle className="w-12 h-12 text-green-500 mx-auto mb-4" />
+                            <p className="text-slate-700 dark:text-slate-300 font-medium">
+                                ¡Contraseña actualizada correctamente!
+                            </p>
+                            <p className="text-slate-400 text-sm mt-2">Redirigiendo al inicio de sesión...</p>
+                        </div>
+                    ) : (
+                        <form onSubmit={handleSubmit} className="space-y-4">
+                            <div className="space-y-1">
+                                <label className="text-xs font-bold text-slate-500 dark:text-gray-400 uppercase tracking-wider">
+                                    Nueva Contraseña
+                                </label>
+                                <div className="relative">
+                                    <Lock className="absolute left-3 top-1/2 -translate-y-1/2 w-4 h-4 text-slate-400" />
+                                    <input
+                                        required
+                                        type="password"
+                                        value={password}
+                                        onChange={e => setPassword(e.target.value)}
+                                        className="w-full bg-slate-50 dark:bg-slate-900/50 border border-slate-200 dark:border-white/10 rounded-xl py-3 pl-10 pr-4 text-slate-900 dark:text-white text-sm focus:border-indigo-500 focus:outline-none transition-colors"
+                                        placeholder="••••••••"
+                                    />
+                                </div>
+                            </div>
+
+                            <div className="space-y-1">
+                                <label className="text-xs font-bold text-slate-500 dark:text-gray-400 uppercase tracking-wider">
+                                    Confirmar Contraseña
+                                </label>
+                                <div className="relative">
+                                    <Lock className="absolute left-3 top-1/2 -translate-y-1/2 w-4 h-4 text-slate-400" />
+                                    <input
+                                        required
+                                        type="password"
+                                        value={confirm}
+                                        onChange={e => setConfirm(e.target.value)}
+                                        className="w-full bg-slate-50 dark:bg-slate-900/50 border border-slate-200 dark:border-white/10 rounded-xl py-3 pl-10 pr-4 text-slate-900 dark:text-white text-sm focus:border-indigo-500 focus:outline-none transition-colors"
+                                        placeholder="••••••••"
+                                    />
+                                </div>
+                            </div>
+
+                            {error && (
+                                <div className="bg-red-50 dark:bg-red-500/10 border border-red-200 dark:border-red-500/20 text-red-600 dark:text-red-300 text-xs p-3 rounded-lg font-medium">
+                                    {error}
+                                </div>
+                            )}
+
+                            <button
+                                disabled={loading}
+                                type="submit"
+                                className="w-full bg-indigo-600 hover:bg-indigo-700 text-white font-bold py-3 rounded-xl transition-all shadow-lg shadow-indigo-600/20 disabled:opacity-50"
+                            >
+                                {loading ? "Guardando..." : "Guardar nueva contraseña"}
+                            </button>
+                        </form>
+                    )}
+                </div>
+            </div>
+        </div>
+    );
+}
+
+export default function ResetPasswordPage() {
+    return (
+        <Suspense>
+            <ResetPasswordForm />
+        </Suspense>
+    );
+}
diff --git a/web/experience/src/app/courses/[id]/lessons/[lessonId]/page.tsx b/web/experience/src/app/courses/[id]/lessons/[lessonId]/page.tsx
index cd801f1..93f95dd 100644
--- a/web/experience/src/app/courses/[id]/lessons/[lessonId]/page.tsx
+++ b/web/experience/src/app/courses/[id]/lessons/[lessonId]/page.tsx
@@ -21,6 +21,7 @@ import AudioResponsePlayer from "@/components/blocks/AudioResponsePlayer";
 import RolePlayingPlayer from "@/components/blocks/RolePlayingPlayer";
 import PeerReviewPlayer from "@/components/blocks/PeerReviewPlayer";
 import MermaidViewer from "@/components/blocks/MermaidViewer";
+import ScormPlayer from "@/components/blocks/ScormPlayer";
 import InteractiveTranscript from "@/components/InteractiveTranscript";
 import AITutor from "@/components/AITutor";
 import LessonLockedView from "@/components/LessonLockedView";
@@ -507,6 +508,15 @@ export default function LessonPlayerPage({ params }: { params: { id: string, les
                                                         );
                                                     case 'mermaid':
                                                         return <MermaidViewer block={block} />;
+                                                    case 'scorm':
+                                                        return (
+                                                            <ScormPlayer
+                                                                lessonId={params.lessonId}
+                                                                courseId={params.id}
+                                                                title={block.title || lesson.title}
+                                                                launchUrl={block.launch_url || block.url || lesson.content_url || ""}
+                                                            />
+                                                        );
                                                     default:
                                                         return <div className="p-4 bg-black/5 dark:bg-white/5 border border-black/10 dark:border-white/10 rounded-xl text-xs font-bold text-gray-600 dark:text-gray-500 uppercase tracking-widest">Tipo de Bloque Desconocido: {block.type}</div>;
                                                 }
@@ -521,17 +531,26 @@ export default function LessonPlayerPage({ params }: { params: { id: string, les
                                     </div>
                                 ) : (lesson.content_url) ? (
                                     <div className="animate-in fade-in slide-in-from-bottom-6 duration-700 delay-100">
-                                        <MediaPlayer
-                                            id="main-media-fallback"
-                                            lessonId={params.lessonId}
-                                            title={lesson.title}
-                                            url={lesson.content_url}
-                                            media_type={(lesson.content_type as any) || 'video'}
-                                            onTimeUpdate={setCurrentTime}
-                                            initialPlayCount={0}
-                                            isGraded={lesson.is_graded}
-                                            hasTranscription={!!lesson.transcription}
-                                        />
+                                        {lesson.content_type === 'scorm' || lesson.content_type === 'xapi' ? (
+                                            <ScormPlayer
+                                                lessonId={params.lessonId}
+                                                courseId={params.id}
+                                                title={lesson.title}
+                                                launchUrl={lesson.content_url}
+                                            />
+                                        ) : (
+                                            <MediaPlayer
+                                                id="main-media-fallback"
+                                                lessonId={params.lessonId}
+                                                title={lesson.title}
+                                                url={lesson.content_url}
+                                                media_type={(lesson.content_type as any) || 'video'}
+                                                onTimeUpdate={setCurrentTime}
+                                                initialPlayCount={0}
+                                                isGraded={lesson.is_graded}
+                                                hasTranscription={!!lesson.transcription}
+                                            />
+                                        )}
                                     </div>
                                 ) : (
                                     <div className="py-20 text-center glass-card border-dashed border-black/10 dark:border-white/10">
diff --git a/web/experience/src/components/AppHeader.tsx b/web/experience/src/components/AppHeader.tsx
index 96e9e23..32e6061 100644
--- a/web/experience/src/components/AppHeader.tsx
+++ b/web/experience/src/components/AppHeader.tsx
@@ -5,20 +5,74 @@ import Image from "next/image";
 import { useBranding } from "@/context/BrandingContext";
 import { useAuth } from "@/context/AuthContext";
 import { useTranslation } from "@/context/I18nContext";
-import { LogOut, Globe, Menu, X, Sun, Moon } from "lucide-react";
+import { LogOut, Globe, Menu, X, Sun, Moon, Search } from "lucide-react";
 import NotificationCenter from "./NotificationCenter";
-import { useState } from "react";
+import { useState, useRef, useEffect, useCallback } from "react";
 import { useTheme } from "@/context/ThemeContext";
+import { useRouter } from "next/navigation";
 
-import { getImageUrl } from "@/lib/api";
+import { getImageUrl, lmsApi } from "@/lib/api";
 
 export default function AppHeader() {
     const { t, language, setLanguage } = useTranslation();
     const { branding } = useBranding();
     const { user, logout } = useAuth();
     const { theme, toggleTheme } = useTheme();
+    const router = useRouter();
     const [isMenuOpen, setIsMenuOpen] = useState(false);
 
+    // ── Búsqueda global ──
+    const [searchQuery, setSearchQuery] = useState("");
+    const [searchOpen, setSearchOpen] = useState(false);
+    const [searchResults, setSearchResults] = useState<Array<{ id: string; kind: string; title: string; snippet?: string; url: string; course_title?: string }>>([]);
+    const [searchLoading, setSearchLoading] = useState(false);
+    const searchRef = useRef<HTMLDivElement>(null);
+    const searchTimer = useRef<ReturnType<typeof setTimeout> | null>(null);
+
+    const runSearch = useCallback(async (q: string) => {
+        if (!q.trim() || q.length < 2) { setSearchResults([]); return; }
+        setSearchLoading(true);
+        try {
+            const res = await lmsApi.globalSearch(q);
+            setSearchResults(res.results ?? []);
+        } catch {
+            setSearchResults([]);
+        } finally {
+            setSearchLoading(false);
+        }
+    }, []);
+
+    useEffect(() => {
+        if (searchTimer.current) clearTimeout(searchTimer.current);
+        searchTimer.current = setTimeout(() => runSearch(searchQuery), 350);
+        return () => { if (searchTimer.current) clearTimeout(searchTimer.current); };
+    }, [searchQuery, runSearch]);
+
+    // Cerrar al hacer click fuera
+    useEffect(() => {
+        function handleClick(e: MouseEvent) {
+            if (searchRef.current && !searchRef.current.contains(e.target as Node)) {
+                setSearchOpen(false);
+            }
+        }
+        document.addEventListener("mousedown", handleClick);
+        return () => document.removeEventListener("mousedown", handleClick);
+    }, []);
+
+    function handleSearchSelect(url: string) {
+        setSearchOpen(false);
+        setSearchQuery("");
+        setSearchResults([]);
+        router.push(url);
+    }
+
+    const kindLabel: Record<string, string> = {
+        course: "Curso",
+        lesson: "Lección",
+        discussion: "Foro",
+        announcement: "Anuncio",
+    };
+
     // Use platform_name if available, otherwise name, otherwise default
     const platformName = branding?.platform_name || branding?.name || 'Academia';
 
@@ -46,6 +100,56 @@ export default function AppHeader() {
             </Link>
 
             <div className="flex items-center gap-4">
+                {/* Búsqueda global */}
+                {user && (
+                    <div ref={searchRef} className="relative hidden md:block">
+                        <div className="relative">
+                            <Search className="absolute left-3 top-1/2 -translate-y-1/2 w-4 h-4 text-gray-400 pointer-events-none" />
+                            <input
+                                type="text"
+                                value={searchQuery}
+                                onChange={e => { setSearchQuery(e.target.value); setSearchOpen(true); }}
+                                onFocus={() => setSearchOpen(true)}
+                                placeholder="Buscar cursos, lecciones..."
+                                className="w-56 lg:w-72 bg-black/5 dark:bg-white/5 border border-black/10 dark:border-white/10 rounded-xl py-2 pl-9 pr-3 text-sm text-slate-700 dark:text-white placeholder-gray-400 focus:outline-none focus:border-blue-500/50 transition-all"
+                            />
+                        </div>
+                        {searchOpen && searchQuery.length >= 2 && (
+                            <div className="absolute top-full mt-2 left-0 w-80 lg:w-96 bg-white dark:bg-slate-900 border border-black/10 dark:border-white/10 rounded-2xl shadow-2xl z-[200] overflow-hidden">
+                                {searchLoading ? (
+                                    <div className="p-4 text-sm text-gray-400 text-center">Buscando...</div>
+                                ) : searchResults.length === 0 ? (
+                                    <div className="p-4 text-sm text-gray-400 text-center">Sin resultados para &quot;{searchQuery}&quot;</div>
+                                ) : (
+                                    <ul className="max-h-80 overflow-y-auto divide-y divide-black/5 dark:divide-white/5">
+                                        {searchResults.map(r => (
+                                            <li key={`${r.kind}-${r.id}`}>
+                                                <button
+                                                    onClick={() => handleSearchSelect(r.url)}
+                                                    className="w-full px-4 py-3 text-left hover:bg-blue-50 dark:hover:bg-white/5 transition-colors flex flex-col gap-0.5"
+                                                >
+                                                    <div className="flex items-center gap-2">
+                                                        <span className="text-[10px] font-bold uppercase tracking-wider text-blue-600 dark:text-blue-400 bg-blue-50 dark:bg-blue-500/10 px-1.5 py-0.5 rounded">
+                                                            {kindLabel[r.kind] ?? r.kind}
+                                                        </span>
+                                                        <span className="text-sm font-semibold text-slate-800 dark:text-white truncate">{r.title}</span>
+                                                    </div>
+                                                    {r.snippet && (
+                                                        <p className="text-xs text-gray-400 truncate pl-0.5">{r.snippet}</p>
+                                                    )}
+                                                    {r.course_title && r.kind !== 'course' && (
+                                                        <p className="text-xs text-gray-500 truncate pl-0.5">en {r.course_title}</p>
+                                                    )}
+                                                </button>
+                                            </li>
+                                        ))}
+                                    </ul>
+                                )}
+                            </div>
+                        )}
+                    </div>
+                )}
+
                 {user && (
                     <nav className="hidden md:flex items-center gap-8 mr-4" aria-label="Navegación principal">
                         <Link href="/" className="flex items-center gap-2 text-base font-black uppercase tracking-wider transition-colors text-slate-700 dark:text-gray-200 hover:text-gray-900 dark:hover:text-white">
diff --git a/web/experience/src/components/blocks/ScormPlayer.tsx b/web/experience/src/components/blocks/ScormPlayer.tsx
new file mode 100644
index 0000000..544c94a
--- /dev/null
+++ b/web/experience/src/components/blocks/ScormPlayer.tsx
@@ -0,0 +1,130 @@
+"use client";
+
+import { useEffect, useMemo, useState } from "react";
+import { lmsApi } from "@/lib/api";
+
+type Props = {
+    lessonId: string;
+    courseId: string;
+    title: string;
+    launchUrl: string;
+};
+
+export default function ScormPlayer({ lessonId, courseId, title, launchUrl }: Props) {
+    const [status, setStatus] = useState<string>("Iniciando contenido SCORM...");
+
+    const safeLaunchUrl = useMemo(() => {
+        // Permitimos rutas relativas (proxy local) o URLs absolutas http/https
+        if (!launchUrl) return "";
+        if (launchUrl.startsWith("/")) return launchUrl;
+        if (launchUrl.startsWith("http://") || launchUrl.startsWith("https://")) return launchUrl;
+        return "";
+    }, [launchUrl]);
+
+    useEffect(() => {
+        const onMessage = async (event: MessageEvent) => {
+            const data = event.data;
+            if (!data || typeof data !== "object") return;
+
+            const maybeVerb =
+                data.verb ||
+                data?.statement?.verb?.id ||
+                data?.event ||
+                data?.type;
+
+            const maybeObjectId =
+                data.object_id ||
+                data?.statement?.object?.id ||
+                data?.objectId ||
+                lessonId;
+
+            // Filtramos ruido y sólo procesamos eventos potencialmente xAPI/SCORM
+            if (!maybeVerb) return;
+
+            const normalizedVerb = String(maybeVerb).toLowerCase();
+            const looksRelevant =
+                normalizedVerb.includes("xapi") ||
+                normalizedVerb.includes("scorm") ||
+                normalizedVerb.includes("completed") ||
+                normalizedVerb.includes("passed") ||
+                normalizedVerb.includes("progress") ||
+                normalizedVerb.includes("initialized") ||
+                normalizedVerb.includes("terminated") ||
+                normalizedVerb.includes("launched");
+
+            if (!looksRelevant) return;
+
+            const score =
+                typeof data?.result?.score?.scaled === "number"
+                    ? Number(data.result.score.scaled) * 100
+                    : typeof data?.score === "number"
+                      ? Number(data.score)
+                      : undefined;
+
+            const progress =
+                typeof data?.progress === "number"
+                    ? Number(data.progress)
+                    : typeof data?.result?.extensions?.progress === "number"
+                      ? Number(data.result.extensions.progress)
+                      : undefined;
+
+            const completed =
+                data?.completed === true ||
+                data?.result?.completion === true ||
+                normalizedVerb.includes("completed") ||
+                normalizedVerb.includes("passed");
+
+            try {
+                await lmsApi.trackXapiStatement({
+                    course_id: courseId,
+                    lesson_id: lessonId,
+                    verb: String(maybeVerb),
+                    object_id: String(maybeObjectId),
+                    score,
+                    progress,
+                    completed,
+                    raw_statement: data,
+                });
+
+                if (completed) {
+                    setStatus("Contenido completado. Progreso registrado.");
+                } else if (typeof progress === "number") {
+                    setStatus(`Progreso SCORM: ${Math.round(progress)}%`);
+                } else {
+                    setStatus("Actividad SCORM en curso...");
+                }
+            } catch {
+                setStatus("No se pudo registrar un evento xAPI.");
+            }
+        };
+
+        window.addEventListener("message", onMessage);
+        return () => window.removeEventListener("message", onMessage);
+    }, [courseId, lessonId]);
+
+    if (!safeLaunchUrl) {
+        return (
+            <div className="p-6 rounded-2xl border border-red-200 dark:border-red-900/40 bg-red-50 dark:bg-red-900/10 text-red-700 dark:text-red-300">
+                No hay una URL SCORM válida para esta lección.
+            </div>
+        );
+    }
+
+    return (
+        <section className="space-y-3">
+            <div className="flex items-center justify-between">
+                <h3 className="text-sm font-black uppercase tracking-wider text-slate-700 dark:text-slate-200">SCORM/xAPI Player</h3>
+                <span className="text-xs text-slate-500 dark:text-slate-400">{status}</span>
+            </div>
+
+            <div className="rounded-2xl overflow-hidden border border-black/10 dark:border-white/10 bg-black/5 dark:bg-black/30">
+                <iframe
+                    title={title || "SCORM content"}
+                    src={safeLaunchUrl}
+                    className="w-full h-[72vh] bg-white"
+                    allow="fullscreen"
+                />
+            </div>
+        </section>
+    );
+}
diff --git a/web/experience/src/lib/api.ts b/web/experience/src/lib/api.ts
index fb059ed..ccb3924 100644
--- a/web/experience/src/lib/api.ts
+++ b/web/experience/src/lib/api.ts
@@ -224,9 +224,22 @@ export interface Block {
     initial_code?: string;
     solution?: string;
     test_cases?: { description: string; expected: string }[];
+    // SCORM/xAPI fields
+    launch_url?: string;
     metadata?: any;
 }
 
+export interface TrackXapiPayload {
+    course_id: string;
+    lesson_id: string;
+    verb: string;
+    object_id: string;
+    score?: number;
+    progress?: number;
+    completed?: boolean;
+    raw_statement?: unknown;
+}
+
 export interface CourseInstructor {
     id: string;
     course_id: string;
@@ -607,6 +620,31 @@ export const lmsApi = {
         });
     },
 
+    async forgotPassword(email: string): Promise<{ message: string }> {
+        return apiFetch('/auth/forgot-password', {
+            method: 'POST',
+            body: JSON.stringify({ email })
+        });
+    },
+
+    async resetPassword(token: string, new_password: string): Promise<{ message: string }> {
+        return apiFetch('/auth/reset-password', {
+            method: 'POST',
+            body: JSON.stringify({ token, new_password })
+        });
+    },
+
+    async globalSearch(q: string, limit = 20): Promise<{ query: string; total: number; results: Array<{ id: string; kind: string; title: string; snippet?: string; url: string; course_id?: string; course_title?: string }> }> {
+        return apiFetch(`/search?q=${encodeURIComponent(q)}&limit=${limit}`);
+    },
+
+    async trackXapiStatement(payload: TrackXapiPayload): Promise<{ id: string; message: string }> {
+        return apiFetch('/xapi/statements', {
+            method: 'POST',
+            body: JSON.stringify(payload)
+        });
+    },
+
     async getMe(): Promise<User> {
         return apiFetch('/auth/me', {}, false);
     },