Back to projects

TK AI Interviewer

Real-time voice AI interview platform

A candidate opens a web link, talks to a Gemini-powered AI interviewer live, and afterward gets an auto-generated evaluation report — while HR gets visibility into the whole process, from invite to recording.

Next.jsTypeScriptFastAPIGoogle ADKGemini Live APIWebSocketSQLiteJWTCloudflare R2Resend
  1. 01

    HR creates a session

    Via a login-protected HR panel, filling in candidate name/email, role, company, and optional custom questions. This sends the candidate a personalized invite link with a unique token.

  2. 02

    Candidate joins

    Opens /interview/[token], goes through a preflight check (mic, AudioWorklet, connectivity), sees a briefing screen (role/company/duration/consent), then starts.

  3. 03

    Live conversation

    Audio streams bidirectionally over WebSocket to a FastAPI backend, which forwards it to Google ADK (Gemini gemini-2.0-flash-live-001) as a live "Agent" with an end_interview tool the model can call to wrap up.

  4. 04

    Report generation

    Once the interview ends, gemini-2.5-flash-lite generates a structured Markdown evaluation report, streamed to the browser and emailed to HR.

  5. 05

    Recording

    The session is optionally recorded (camera+mic, falling back to audio-only or skipping if denied) and uploaded to Cloudflare R2 for later playback from the HR dashboard.

  • Backend (backend/, FastAPI, port 8080): streaming_service.py (ADK integration), report_service.py (report generation), database.py (SQLite, no external DB), auth_service.py (JWT for HR), storage_service.py (R2 uploads), email_service.py (Resend).
  • Frontend (frontend/, Next.js 16 + React 19 + TypeScript + Tailwind v4): HR panel/dashboard, candidate interview flow, soundHandler.ts/recorder.ts for AudioWorklet-based mic capture, playback, and recording.

Everything is in-memory or SQLite — no heavyweight DB. State is token-based rather than session-cookie-based for candidates, and HR auth is JWT-based with an API-key fallback.

Security hardening (CORS, CSP headers, rate limiting, audit logging) was added in a later pass on top of the original MVP, rather than designed in from day one.