Plate II · Built

Oxbridge Assessments

Test thousands. Trust every result.

A remote-proctored hiring platform: candidates sit multi-part proctored assessments; recruiters review scored, integrity-flagged results — engineered for a ~5,000-candidate pipeline.

Next.js 15 (Turbopack) · Prisma 6 · PostgreSQL · NextAuth v5

11
Data models
34
API endpoints
5
Assessment types
~5,000
Target funnel
Overview

High-volume hiring funnels have a trust problem: you can test thousands of candidates cheaply, but the moment a test is remote, you have to catch outside help without a human watching every screen. Oxbridge is built to do both at once.

It's a complete platform — candidate assessment flow, admin marking and question-bank management, and a recruiter portal — sitting on 11 data models and 34 API endpoints. It was engineered to process a roughly 5,000-candidate pipeline, and it's launching.

The system in motion

Animated architecture breakdown — nodes and data paths resolve in sequence.

Full architecture blueprint
Oxbridge Assessments detailed architecture blueprint
Candidate journey — five assessment types feed a deterministic scorer while proctoring signals raise integrity flags in parallel. · open full-size ↗
The stack — and what each part does
Next.js 15 (Turbopack)App-router frontend + API routes in one deployable
Prisma 6Type-safe ORM over the 11-model schema
PostgreSQLRelational store for candidates, attempts, questions, scores
NextAuth v5Role-separated auth for candidates, admins and recruiters
AES-256-GCMEncryption of candidate PII at rest
Under the hood

The assessment engine

Candidates move through a five-part battery — reading, writing, speaking, multiple-choice and scenario. Each type has its own capture and marking path; admins manage the question bank through full CRUD and mark the open-ended sections.

Proctoring integrity

Because nobody is physically invigilating, integrity is inferred from signals gathered during the sitting:

  • Tab-switch and focus-loss events — did the candidate leave the test?
  • Keystroke-pattern analysis — does typing behaviour suggest pasted or dictated help?
  • Webcam capture — periodic frames tied to the attempt.

Deterministic scoring

Every closed-form answer runs through a deterministic scoring engine: the same answers always yield the same score. That's not a detail — hiring decisions have to be defensible and auditable, and non-determinism would make a disputed result impossible to defend.

Security posture

Candidate PII is encrypted at rest with AES-256-GCM; credentials are bcrypt-hashed; endpoints are rate-limited. The threat model treats candidate data as sensitive and the scoring pipeline as something that must resist tampering.

Decisions worth defending
Why deterministic scoring?
Hiring decisions have to be defensible. Deterministic scoring means the same answers always produce the same score — reproducible, auditable, and defensible if a result is challenged.
JWT vs session auth — why JWT?
Stateless auth scales without a session store; the tradeoff is you can't trivially revoke before expiry, which you manage with short token lifetimes and role separation.

Proof. Built and launching — 11 models, 34 endpoints, full proctoring + scoring, engineered for a ~5,000-candidate pipeline.