Developer Offboarding

Developer Offboarding Guide 
 
 Project: Bilko
 Version: 0.1
 Date: 2026-02-23
 Author: Ops Architect
 Status: Draft
 Reviewers: Alem Bašić 
 
 Document History 
 
 
 
 Version 
 Date 
 Author 
 Changes 
 
 
 
 
 0.1 
 2026-02-23 
 Ops Architect 
 Initial draft 
 
 
 
 
 Overview 
 This guide covers the process for offboarding a developer from the Bilko project. Complete all items within 5 business days of the developer's last working day. The offboarding manager is responsible for completing the checklist. 
 Offboarding manager: Alem Bašić (or designated Tech Lead)
 Required: All P0 items must be completed on the developer's last day or before 
 
 1. Pre-Offboarding (2 Weeks Before Last Day) 
 Knowledge Transfer 
 
 Developer documents all work-in-progress in GitHub Issues or Mission Control 
 Developer reviews open PRs — complete or hand off each one 
 Developer documents any undocumented systems or processes they own 
 Knowledge transfer sessions scheduled (30 min per significant area) 
 Access to any personal accounts used for Bilko work shared or transferred 
 
 Codebase Handoff 
 
 All local branches pushed to GitHub (or explicitly discarded) 
 All work-in-progress committed or stashed in a handoff branch: handoff/<name>-<date> 
 Any local configuration or environment modifications documented 
 Developer reviews CLAUDE.md files they may have modified — confirm still accurate 
 
 
 2. Last Day Checklist 
 P0 — Complete on Last Day 
 GitHub Access 
 
 All open PRs reviewed: merge, close with explanation, or assign to another developer 
 GitHub organization membership removed: GitHub → Organization Settings → Members → Remove 
 Repository-specific access revoked (if different from org membership) 
 
 Infrastructure Access 
 
 Railway access removed: Railway → Project → Settings → Members → Remove 
 Vercel access removed: Vercel → Team Settings → Members → Remove 
 Cloudflare access removed (if granted): Cloudflare → Account → Manage account → Members 
 
 Secrets and Credentials 
 
 Any personal API tokens/PATs used for Bilko rotated immediately 
 Verify developer does not have production secrets stored locally (confirm via discussion) 
 If developer had production Railway access: rotate all production secrets:
 
 JWT_SECRET (this invalidates all user sessions — notify users) 
 JWT_REFRESH_SECRET 
 SENDGRID_API_KEY (only if developer had SendGrid access) 
 R2_ACCESS_KEY_ID / R2_SECRET_ACCESS_KEY (only if developer had R2 access) 
 
 
 
 Communication 
 
 Developer removed from Slack #bilko-dev and #bilko-deploys 
 GitHub Issues/PRs reassigned from developer to active team members 
 
 
 3. Post-Offboarding (Within 5 Business Days) 
 Audit 
 
 Review audit log (Railway logs) for any unusual activity in last 30 days 
 Review LoggedAction table for developer's user ID (if they had production access) 
 Verify no unauthorized changes to production configuration 
 Review GitHub audit log for developer's last week of activity 
 
 Documentation Update 
 
 Developer removed from team roster / org chart 
 Any documentation with developer's name as contact updated 
 On-call rotation updated if developer was on-call 
 CLAUDE.md files updated if developer was listed as a contact 
 
 Knowledge Gap Assessment 
 
 Identify any areas where the developer was the sole owner 
 Create GitHub Issues for knowledge gaps that need documentation 
 Assign ownership of developer's areas to remaining team members 
 
 
 4. Offboarding Checklist (Per Developer) 
 Create a copy of this section for each offboarding: 
 Developer: ___________________
 Last working day: YYYY-MM-DD
 Offboarding manager: ___________________ 
 Access Revocation Log 
 
 
 
 System 
 Access Removed 
 Date 
 By 
 
 
 
 
 GitHub 
 [ ] Yes 
 
 
 
 
 Railway 
 [ ] Yes 
 
 
 
 
 Vercel 
 [ ] Yes 
 
 
 
 
 Cloudflare 
 [ ] N/A or [ ] Yes 
 
 
 
 
 Sentry 
 [ ] N/A or [ ] Yes 
 
 
 
 
 Slack 
 [ ] Yes 
 
 
 
 
 BetterStack 
 [ ] N/A or [ ] Yes 
 
 
 
 
 
 Secret Rotation (if developer had production access) 
 
 
 
 Secret 
 Rotated 
 Date 
 Notes 
 
 
 
 
 JWT_SECRET 
 [ ] Yes / [ ] N/A 
 
 Users notified: Yes/No 
 
 
 JWT_REFRESH_SECRET 
 [ ] Yes / [ ] N/A 
 
 
 
 
 Other: _________ 
 [ ] Yes / [ ] N/A 
 
 
 
 
 
 Open Work Disposition 
 
 
 
 Item 
 Type 
 Disposition 
 Assigned To 
 
 
 
 
 PR #XXX 
 Pull Request 
 Merged / Closed / Reassigned 
 
 
 
 Issue #XXX 
 GitHub Issue 
 Closed / Reassigned 
 
 
 
 [Feature X] 
 WIP 
 Handoff branch created 
 
 
 
 
 
 5. Data Retention 
 Per GDPR Article 17 and Bilko data retention policy: 
 
 Developer's commits remain in git history (normal — cannot be removed without rebasing) 
 Developer's user account in bilko_prod database: mark as inactive (do not delete — audit trail) 
 LoggedAction audit records: retained indefinitely (regulatory requirement) 
 Personal data of the developer stored in Bilko systems: delete per GDPR right to erasure if requested 
 
 
 Approval 
 
 
 
 Role 
 Name 
 Date 
 Signature 
 
 
 
 
 Offboarding Manager 
 
 
 
 
 
 Approver 
 Alem Bašić