Developer Offboarding
Developer Offboarding Guide
Project: Bilko Version: 0.1 Date: 2026-02-23 Author: Ops Architect Status: Draft Reviewers: Alem Bašić
Document History
| Version | Date | Author | Changes |
|---|---|---|---|
| 0.1 | 2026-02-23 | Ops Architect | Initial draft |
Overview
This guide covers the process for offboarding a developer from the Bilko project. Complete all items within 5 business days of the developer's last working day. The offboarding manager is responsible for completing the checklist.
Offboarding manager: Alem Bašić (or designated Tech Lead) Required: All P0 items must be completed on the developer's last day or before
1. Pre-Offboarding (2 Weeks Before Last Day)
Knowledge Transfer
- Developer documents all work-in-progress in GitHub Issues or Mission Control
- Developer reviews open PRs — complete or hand off each one
- Developer documents any undocumented systems or processes they own
- Knowledge transfer sessions scheduled (30 min per significant area)
- Access to any personal accounts used for Bilko work shared or transferred
Codebase Handoff
- All local branches pushed to GitHub (or explicitly discarded)
- All work-in-progress committed or stashed in a handoff branch:
handoff/<name>-<date> - Any local configuration or environment modifications documented
- Developer reviews CLAUDE.md files they may have modified — confirm still accurate
2. Last Day Checklist
P0 — Complete on Last Day
GitHub Access
- All open PRs reviewed: merge, close with explanation, or assign to another developer
- GitHub organization membership removed: GitHub → Organization Settings → Members → Remove
- Repository-specific access revoked (if different from org membership)
Infrastructure Access
- Railway access removed: Railway → Project → Settings → Members → Remove
- Vercel access removed: Vercel → Team Settings → Members → Remove
- Cloudflare access removed (if granted): Cloudflare → Account → Manage account → Members
Secrets and Credentials
- Any personal API tokens/PATs used for Bilko rotated immediately
- Verify developer does not have production secrets stored locally (confirm via discussion)
- If developer had production Railway access: rotate all production secrets:
JWT_SECRET(this invalidates all user sessions — notify users)JWT_REFRESH_SECRETSENDGRID_API_KEY(only if developer had SendGrid access)R2_ACCESS_KEY_ID/R2_SECRET_ACCESS_KEY(only if developer had R2 access)
Communication
- Developer removed from Slack #bilko-dev and #bilko-deploys
- GitHub Issues/PRs reassigned from developer to active team members
3. Post-Offboarding (Within 5 Business Days)
Audit
- Review audit log (Railway logs) for any unusual activity in last 30 days
- Review
LoggedActiontable for developer's user ID (if they had production access) - Verify no unauthorized changes to production configuration
- Review GitHub audit log for developer's last week of activity
Documentation Update
- Developer removed from team roster / org chart
- Any documentation with developer's name as contact updated
- On-call rotation updated if developer was on-call
-
CLAUDE.mdfiles updated if developer was listed as a contact
Knowledge Gap Assessment
- Identify any areas where the developer was the sole owner
- Create GitHub Issues for knowledge gaps that need documentation
- Assign ownership of developer's areas to remaining team members
4. Offboarding Checklist (Per Developer)
Create a copy of this section for each offboarding:
Developer: ___________________ Last working day: YYYY-MM-DD Offboarding manager: ___________________
Access Revocation Log
| System | Access Removed | Date | By |
|---|---|---|---|
| GitHub | [ ] Yes | ||
| Railway | [ ] Yes | ||
| Vercel | [ ] Yes | ||
| Cloudflare | [ ] N/A or [ ] Yes | ||
| Sentry | [ ] N/A or [ ] Yes | ||
| Slack | [ ] Yes | ||
| BetterStack | [ ] N/A or [ ] Yes |
Secret Rotation (if developer had production access)
| Secret | Rotated | Date | Notes |
|---|---|---|---|
| JWT_SECRET | [ ] Yes / [ ] N/A | Users notified: Yes/No | |
| JWT_REFRESH_SECRET | [ ] Yes / [ ] N/A | ||
| Other: _________ | [ ] Yes / [ ] N/A |
Open Work Disposition
| Item | Type | Disposition | Assigned To |
|---|---|---|---|
| PR #XXX | Pull Request | Merged / Closed / Reassigned | |
| Issue #XXX | GitHub Issue | Closed / Reassigned | |
| [Feature X] | WIP | Handoff branch created |
5. Data Retention
Per GDPR Article 17 and Bilko data retention policy:
- Developer's commits remain in git history (normal — cannot be removed without rebasing)
- Developer's user account in
bilko_proddatabase: mark as inactive (do not delete — audit trail) LoggedActionaudit records: retained indefinitely (regulatory requirement)- Personal data of the developer stored in Bilko systems: delete per GDPR right to erasure if requested
Approval
| Role | Name | Date | Signature |
|---|---|---|---|
| Offboarding Manager | |||
| Approver | Alem Bašić |
No comments to display
No comments to display