Skip to main content
← Back to Projects

QueryQuarry

Live

A double-blind escrow marketplace for talent — recruiters' AIs query a consent-based candidate graph over MCP

Live Site ↗

Overview

QueryQuarry inverts hiring. Instead of candidates firing applications into the void and recruiters drowning in AI-generated resumes, candidates upload a resume once and join a structured, consent-based talent graph that recruiters query directly from their own AI assistant — Claude, ChatGPT, or any MCP-compatible client. No applications, no scraped data, no job boards.

The defining architectural bet is that the product isn't an app at all — it's a Model Context Protocol (MCP) server. The recruiter's AI is the intelligence; QueryQuarry is the corpus. The second bet is privacy as the moat: it's a double-blind escrow marketplace where a candidate's identity is revealed only on mutual consent. I designed and built the platform end-to-end as founder and sole developer.

My Role

  • Product & Architecture

    Designed the entire system: the MCP-as-interface model, the double-blind escrow contact flow, the consent and metering rules, and the data model (people vs. queryable resume units).

  • MCP Server

    Hand-rolled the recruiter-facing MCP server — JSON-RPC over Streamable HTTP with two auth paths (Stytch Connected-Apps OAuth and revocable API keys) and a tool catalog for searching, evaluating, and contacting candidates — all security enforced in the app layer (auth → subscription → rate limit → consent gate).

  • Full-Stack Build

    Built the whole Next.js 16 server-first application — candidate side (AI resume parsing, profile/resume management, an Opportunities inbox) and recruiter side (onboarding, key management, tiered usage) on Supabase PostgreSQL with row-level security.

  • Privacy & Security Engineering

    Implemented the consent model in the data layer: column-level grants so candidates can only ever write their own consent fields, local asymmetric-JWT verification, a server-side deanonymization guard, and Cloudflare Turnstile on public AI-spending endpoints.

Tech Stack

Frontend

  • Next.js 16
  • React 19
  • TypeScript
  • Tailwind CSS 4

Data & Auth

  • Supabase PostgreSQL
  • Row Level Security
  • Column-Level Grants
  • Stytch Connected Apps

AI & Protocol

  • Model Context Protocol
  • Anthropic Claude
  • Vercel AI Gateway

Infrastructure

  • Vercel
  • Resend
  • Cloudflare

The MCP Interface

Rather than building yet another recruiter dashboard, the product is an MCP server that a recruiter connects to their existing AI. They ask for candidates the way they'd ask a colleague — “senior React engineer, remote, open to contract” — and their AI runs the search, evaluates results, and reaches out, all conversationally.

Hand-Rolled JSON-RPC

The server is a from-scratch JSON-RPC implementation over Streamable HTTP, with a tool catalog covering search, deep evaluation, contact requests, watchlists, and corpus stats. It runs with an RLS-bypassing service key, so every security control — authentication, subscription status, rate limiting, and consent — is enforced explicitly in the app layer.

Dual Authentication

Recruiters connect via OAuth (Stytch Connected Apps, verified locally against the JWKS with no round-trip) or via scoped, revocable API keys for custom integrations.

Robust Matching

Skills, seniority, employment type, and work-location are stored as canonical slugs, and recruiter queries are normalized to them — so “React” matches “React 19” and free-text variants resolve, closing an entire class of silent-miss bugs.

The Double-Blind Escrow Model

Identity is the last thing exchanged, and only by mutual consent. A search returns anonymous match cards (no name, no contact). A deeper evaluation stays pseudonymous. To connect, a recruiter spends a metered “contact,” identifies themselves, and the candidate is notified — and if interested, they reach out, quoting a code both sides can confirm as the legitimate match.

Consent Enforced in the Database

Candidates can read and write only their own response fields (accept/decline/star); column-level grants make it impossible — even via a crafted API call — to forge or alter the recruiter's side of an offer.

Server-Side Deanonymization Guard

Before consent, a candidate's name and contact patterns are scrubbed from any free text a recruiter sees, so identity can't leak through resume prose.

Anti-Abuse by Design

Separate reveal and contact limits, a per-pair guard (one active offer, cooldowns, blocks), and a brokered first-touch that needs no inbox — keeping the corpus opt-in and spam-free.

Key Features Built

  • MCP server with a full tool catalog (search, evaluate, request/track contact, watchlist, corpus stats, subscription)
  • Double-blind escrow contact flow with one-time confirmation code
  • Identity-last reveal with a server-side deanonymization guard
  • AI resume parsing into structured, searchable profiles
  • Slug-based skill/match taxonomy with query normalization (versioned-skill matching)
  • Multi-select match filters: employment type, seniority, work authorization, relocation
  • Candidate Opportunities inbox: tabs, server-side search, infinite scroll, starred filter, undo/block/report
  • Pre-account resume draft that survives the sign-in round-trip (sessionStorage)
  • Tiered usage metering with a per-pair anti-harassment guard (Stripe checkout in progress)
  • Cloudflare Turnstile bot protection on public, AI-spending endpoints
  • Full SEO/AEO: metadata, JSON-LD (Organization, WebSite, FAQ, TechArticle), robots, sitemap, llms.txt
  • Self-documenting docs with copy-as-markdown, plus Resend transactional email

Links & Resources

Source code is private — this is an active commercial platform

View Live Site ↗← All Projects