Skip to main content

System overview

System Student is split into two independent SvelteKit applications that share a single Supabase project as their database and storage backend.

monty-app

The student, teacher, and tutor-facing application (package name: montero). Handles learning, class management, activities, messaging, and the Montero AI tutor.

monty-panel

The administrator control panel (package name: monty). Handles platform-wide configuration, user management, class oversight, and system logs.
Both apps authenticate with the same JWT secret (SECRET_KEY) and use the same Supabase service role key to access shared tables.

monty-app route structure

The app uses SvelteKit’s filesystem-based routing. Routes are organized around user roles. 
src/routes/
├── (landing)/               # Public marketing pages
│   ├── +page.svelte         # Home / landing page
│   ├── terminos/            # Terms of service
│   └── privacidad/          # Privacy policy
├── auth/
│   └── [role]/              # Dynamic login for alumno, maestro, tutor
│       ├── registro/        # Registration forms (role-aware)
│       ├── recuperar/       # Password recovery
│       └── restablecer/     # Password reset
├── confirmar/               # Email confirmation handler
├── app/
│   ├── alumno/              # Student dashboard & features
│   │   ├── (promo)/
│   │   │   ├── clases/      # Class list and individual class view
│   │   │   ├── aprender/    # Learning section
│   │   │   └── cuenta/      # Student account management
│   │   └── montero/         # Montero AI tutor chat interface
│   ├── maestro/             # Teacher dashboard & features
│   │   └── (promo)/
│   │       ├── clases/
│   │       │   └── [id_class]/
│   │       │       ├── actividades/  # Activity management
│   │       │       ├── alumnos/      # Student roster & approval
│   │       │       ├── mensajes/     # In-class messaging
│   │       │       └── contencion/   # Containment situations
│   │       ├── montero/     # Teacher AI tools
│   │       │   ├── [type_tool]/     # Individual AI tool pages
│   │       │   └── chat/            # Teacher chat with Montero
│   │       └── cuenta/      # Teacher account management
│   └── tutor/               # Tutor dashboard & features
│       └── (promo)/
│           ├── hijos/       # Child (student) management
│           └── cuenta/      # Tutor account management
└── api/
    ├── student/             # Student-facing API endpoints
    ├── teacher/             # Teacher-facing API endpoints
    ├── tutor/               # Tutor-facing API endpoints
    └── main/                # Shared/general API endpoints

monty-panel route structure

src/routes/
├── +page.svelte             # Admin login
├── panel/
│   ├── +page.svelte         # Dashboard overview
│   ├── clases/              # Class management
│   ├── usuarios/            # User management (all roles)
│   ├── sistema/             # System monitoring and logs
│   ├── configuracion/       # Platform-wide configuration
│   └── cuenta/              # Admin account settings
└── api/
    ├── admin/               # Admin-specific API endpoints
    └── main/                # Shared API endpoints

Data model

All persistent data lives in a single Supabase (PostgreSQL) project. The following tables are defined in src/lib/types/types.ts:
TableDescription
usersStudent accounts — name, email, password hash, points, profile photo, date of birth
teachersTeacher accounts — includes teacher ID for identity verification
tutorsTutor accounts — linked to one or more student records via the hijos relationship
adminsAdministrator accounts — access to monty-panel only
classesClass definitions — name, description, photo, teacher association, enrolment code
chat_historyMontero AI conversation records — per-student chat threads, message history, daily usage counters
configPlatform-wide configuration values managed from the admin panel
viewsVisitor and page-view tracking
logsSystem event logs — actions, errors, and audit trail entries

Authentication flow

System Student uses a custom JWT-based session system backed by bcrypt password hashing. There is no Supabase Auth — authentication is fully managed by the apps. 
1. User submits credentials at /auth/[role]
2. Server validates email/password against the role-specific table
3. On success, a signed JWT is written to the `u_token` cookie
4. hooks.server.ts intercepts every request:
   - Verifies the JWT with verifyToken()
   - Attaches the decoded user to event.locals.user
   - Redirects unauthenticated users away from /app/* to /
   - Redirects authenticated users away from /auth/* to /app/[role]
   - Enforces role isolation: /app/alumno is only accessible to role=user,
     /app/maestro to role=teacher, /app/tutor to role=tutor
The JWT payload carries the user’s id, name, last_name, email, phone, dob, photo, and role. The role value stored in the token is the internal name (user, teacher, tutor), which is converted to the URL segment (alumno, maestro, tutor) via getRoleConverted().

Server-side utilities

Shared server utilities live in monty-app/src/lib/server/:
FilePurpose
auth.server.tsverifyToken() — validates the u_token JWT cookie
log.server.jsWrites structured entries to the logs table
prompts.server.jsBuilds AI prompt templates for Montero (student and teacher modes)
registerVisitors.server.tsTracks visitor sessions in the views table
sendEmailNotifications.server.jsSends transactional emails (invitations, confirmations) via Nodemailer / Resend
sendNotifications.server.jsIn-app notification dispatch

Technology stack

LayerTechnology
Frontend frameworkSvelteKit 2 + Svelte 5
StylingTailwind CSS 4 + DaisyUI 5
Database / storageSupabase (PostgreSQL + Storage)
AuthenticationCustom JWT (jsonwebtoken) + bcrypt
AI tutorGroq SDK + OpenAI SDK
ChartsChart.js 4 + chartjs-plugin-datalabels
EmailNodemailer + Resend
PDF exportjsPDF + html2pdf.js
QR codesqrcode
Build toolVite 6