Architecture Overview

SchoolPalm follows a modular and layered architecture that separates presentation, business logic, and data storage while supporting dynamic module resolution — enabling new modules to be plugged in or customized without modifying the core system.

Core Layers

Frontend Layer (Presentation):
- Built using Inertia.js, Quasar, and Tailwind CSS.
- Provides seamless Single Page Application (SPA) navigation.
- Responsive design optimized for PWA, mobile, and desktop.
- Real-time updates using Laravel Echo and WebSockets.
Application Layer (Backend Logic):
- Powered by Laravel with dynamic module registration.
- Each module (e.g., Academics, Finance, Hostels, Certificates, AI) is independent yet interconnected.
- Handles authentication, role management, tenancy, and AI communication.
- Provides RESTful APIs for third-party integrations.
Data Layer (Persistence & Storage):
- Per-tenant database architecture with full isolation.
- Supports MySQL/PostgreSQL for relational data and Redis for caching.
- Centralized file storage with optional integration to cloud services (AWS S3, DigitalOcean Spaces, etc.).

    flowchart TD
    subgraph Frontend["Frontend Layer (Presentation)"]
        A[Inertia.js + Quasar SPA]
        B[PWA / Mobile / Desktop]
        C[Real-time updates via WebSockets]
    end

    subgraph Application["Application Layer (Backend Logic)"]
        D[Laravel Core]
        E[Dynamic Module Registration]
        F[Auth / Roles / Tenancy]
        G[RESTful APIs]
    end

    subgraph Data["Data Layer (Persistence & Storage)"]
        H[(Tenant DBs: MySQL/PostgreSQL)]
        I[(Redis Cache)]
        J[Cloud Storage: S3 / DO Spaces]
    end

    Frontend <--> Application
    Application <--> Data

Multi-Tenant Architecture

SchoolPalm uses a subdomain-based, isolated database tenancy model, where each tenant operates independently under a shared application codebase.

Tenant Identification: Subdomain mapping (e.g., emmahigh.schoolpalm.com).
Data Isolation: Each tenant has a dedicated database ensuring privacy and security.
Automatic Tenant Provisioning: Institutions can register and get deployed instantly.
Dynamic Configuration: Branding, theme, and domain settings load per tenant at runtime.

In addition, a single tenant account can manage multiple schools or institution branches.
A tenant creates one primary account and can then add multiple schools, campuses, or branches under that tenant, each operating independently while sharing centralized administration, billing, and configuration where required.

This architecture allows hundreds of institutions to share the same infrastructure efficiently, while maintaining strong isolation and easy scalability.

    flowchart LR
    User[User Request] --> Router[Subdomain Router]
    Router -->|emmahigh.schoolpalm.com| TenantA[Tenant A DB]
    Router -->|sunnydale.schoolpalm.com| TenantB[Tenant B DB]
    Router -->|newton.schoolpalm.com| TenantC[Tenant C DB]

    subgraph SingleTenantAccount["Single Tenant Account (e.g., 'EMMA High Group')"]
        TA[Primary Account] --> School1[School 1: Emma High]
        TA --> School2[School 2: Emma Junior]
        TA --> School3[School 3: Emma Online]
    end

    School1 -.-> TenantA
    School2 -.-> TenantB
    School3 -.-> TenantC

Security-First Design

Security is a core pillar of SchoolPalm.

Authentication and Access Control

Multi-Factor Authentication (2FA)
Role-Based Access Control (RBAC) with fine-grained permissions
Device and session validation
Token-based authentication using Laravel Sanctum

Security Enforcement

Rate limiting and brute-force attack protection
Account lockout and verification policies
Secure password hashing and credential lifecycle management

Monitoring and Accountability

Comprehensive activity logging for logins, data changes, and financial actions
Full audit trails for compliance and investigations
Suspicious activity detection and alerting

Data Protection

HTTPS (TLS encryption)
Encrypted sensitive fields (AES-256)
Automated backups and disaster recovery procedures
Alignment with regional data protection regulations and GDPR-inspired standards

    flowchart TD
    UserRequest[User Request] --> HTTPS[TLS Encryption]
    HTTPS --> Auth[Authentication]
    
    subgraph Auth["Authentication & Access"]
        MFA[Multi-Factor Authentication]
        RBAC[Role-Based Access Control]
        Tokens[Sanctum Token Validation]
    end

    Auth --> Enforcement[Rate Limiting / Brute‑Force Protection]
    Enforcement --> DataEnc[Encrypted Fields AES-256]
    DataEnc --> Logging[Activity Logging & Audit Trails]
    Logging --> Backup[Automated Backups & Disaster Recovery]

Role-Based Portals

The platform offers dedicated, role-specific portals to meet the unique needs of every stakeholder within an educational ecosystem.

Portal	Purpose
Admin Portal	Oversee school operations, manage users, configure modules, and access analytics.
Teacher Portal	Manage classes, assignments, grading, and student performance.
Student Portal	View schedules, grades, assignments, and communicate with teachers.
Parent/Guardian Portal	Track student progress, fees, and receive notifications.
Staff Portal	Handle administrative and non-teaching roles such as bursars, registrars, and hostel wardens.

Each portal is designed with customized dashboards, permissions, and access levels — powered by Role-Based Access Control (RBAC).

    flowchart TD
    User[User Login] --> RoleCheck{Role Detection}
    RoleCheck -->|Admin| AdminPortal[Admin Portal: Oversee operations, analytics]
    RoleCheck -->|Teacher| TeacherPortal[Teacher Portal: Classes, grading]
    RoleCheck -->|Student| StudentPortal[Student Portal: Schedules, grades]
    RoleCheck -->|Parent| ParentPortal[Parent Portal: Track progress, fees]
    RoleCheck -->|Staff| StaffPortal[Staff Portal: Bursar, registrar, warden]

    AdminPortal --> RBAC[RBAC enforced at every endpoint]
    TeacherPortal --> RBAC
    StudentPortal --> RBAC
    ParentPortal --> RBAC
    StaffPortal --> RBAC

Key System Modules

SchoolPalm’s backend dynamically loads and manages modular components, enabling easy customization or extension of the platform.

Module	Functionality Overview
Academics	Class, subject, exam, grading, and report card management.
Admissions	Student registration, verification, and onboarding.
Finance	Fees setup, invoices, payments, and accounting reports.
Hostels	Room allocation, occupancy tracking, and facility management.
Certificate Designer	Drag-and-drop certificate design with QR verification.
AI Engine	Predictive analytics, chatbot assistant, and performance insights.
Communication	Bulk SMS, email, and in-app notifications.
Attendance	Smart attendance tracking using barcodes or biometrics.
Reporting	Data visualization, analytics dashboards, and exports.

Modules can be dynamically activated or deactivated per tenant, ensuring flexibility and performance optimization.

Modular System

SchoolPalm functions as a School Management Framework.

Developer Ecosystem

Developers can author secure modules and plugins
Modules follow defined contracts and security policies
Plugins can be published to the SchoolPalm Marketplace
One-click installation and updates per institution
Versioning, permissions, and compatibility enforced by the core system

    flowchart TD
    Developer[Developer] -->|Authors secure module| Marketplace[SchoolPalm Marketplace]
    Marketplace -->|One-click install| TenantEnv[Tenant Environment]
    TenantEnv --> Core[Core System]
    Core -->|Enforces contracts & permissions| Module[Installed Module]
    Module -->|Version updates| Core

AI-Powered Intelligence Layer

The AI layer transforms SchoolPalm from a management tool into an intelligent academic ecosystem.

Predictive Analytics: Identifies at-risk students and forecasts performance trends.
Smart Notifications: Automated alerts for absences, fee dues, and academic milestones.
Chatbot Assistant: Natural-language support for staff, students, and parents.
Timetable Optimization: AI-driven conflict-free timetable generation.
Anomaly Detection: Flags irregularities in grading, payments, or attendance.

AI models are hosted as independent microservices communicating with Laravel through REST APIs or WebSocket streams.

    flowchart LR
    subgraph Laravel[Laravel Core]
        Events[System Events]
        API[REST Endpoints]
        WS[WebSocket Streams]
    end

    subgraph Microservices[AI Microservices]
        Predict[Predictive Analytics]
        Chatbot[Chatbot Assistant]
        Optimize[Timetable Optimizer]
        Anomaly[Anomaly Detection]
    end

    Events -->|Triggers| Microservices
    Microservices -->|Insights / Alerts| API
    API --> Laravel
    WS <--> Microservices

Reseller and Partner Enablement

SchoolPalm is reseller-ready by design.

Resellers can create and manage subscription plans
Onboard and manage multiple institutions
Apply pricing, branding, and commission models
Support white-label and co-branded deployments

Ideal for IT firms, education consultants, and EdTech partners.

API and Integration Layer

SchoolPalm is API-first, supporting seamless communication with other platforms.

RESTful APIs for external integrations (LMS, Payments, ERP, etc.)
Webhook Support for event-based triggers (e.g., payments, attendance).
OAuth2 / Token Authentication using Laravel Sanctum.
Third-Party Integrations:
- SMS & Email: EgoSMS, Twilio, Mailgun.
- Payments: Paystack, Flutterwave, Stripe.
- Cloud Storage: AWS, DigitalOcean, or Google Cloud.
- LMS Integration: Moodle, Google Classroom, or custom e-learning modules.

Deployment and Scalability

Deployment Options:
- SaaS (Cloud-hosted with subdomains per school)
- On-premise for single-institution deployment
- Hybrid model with cloud data backup
Performance Features:
- Redis caching, optimized queries, and queued jobs for background processing.
- Scales horizontally across multiple servers.
- Supports Docker-based containerization and CI/CD automation.
Cloud Integration:
- Compatible with AWS, DigitalOcean, or cPanel hosting.
- Auto-scaling and load balancing for high traffic.
- CDN integration for fast content delivery.

Multi-Platform Delivery

SchoolPalm is accessible on any device, ensuring a consistent and unified experience across platforms:

Web Application: Full-featured browser-based access.
Progressive Web App (PWA): Installable on mobile or desktop with offline capabilities.
Mobile App: Native-like experience built using Quasar and Capacitor.
Desktop App: Packaged using Electron for Windows/macOS deployment.

    flowchart TD
    Options[Deployment Options] --> SaaS[SaaS: Cloud-hosted subdomains]
    Options --> OnPrem[On-premise: Single institution]
    Options --> Hybrid[Hybrid: Cloud backups]

    SaaS --> Scaling[Horizontal Scaling]
    OnPrem --> Scaling
    Hybrid --> Scaling

    Scaling --> Cache[Redis Caching]
    Scaling --> Queue[Queued Jobs]
    Scaling --> Docker[Docker Containers + CI/CD]
    Scaling --> CDN[CDN for fast content]

Conclusion

SchoolPalm stands as a scalable, modular, and intelligent school management solution designed for the future of education.
It unifies AI-driven insights, multi-tenant infrastructure, dynamic module extensibility, and multi-platform delivery — empowering schools from Nursery to University to operate efficiently and intelligently in the digital era.