I'm not going to waste time give you the introduction. If you don't know who Jimmy is, I suggest you check my post history.
So, the lad striked again. You might remember the app he tried to vibe code. The other day he tried to have me put it in the server I have set up when I tried to explain it wouldn't do what he thought he would.
Copilot basically gave him a one page HTML that saved data in cache and it was major thousand line slop that I could barely make sense of. Today he insisted I set it up once more. Today he asked again. I warned him that I was already doing my own version. He got pissed and said he had already told about it to the bosses and this was HIS idea and HE was doing this one. I shrugged. The way I saw it, if he actually managed to do a better job, more power to him, we would've earn it, and some humbling wouldn't hurt me either. I'd still finish my own version, though I didn't told him that. I actually finished the first working version today though it needs some polishing and admin interfaces (I can still set permissions directly on the database). I'd still give him a fair chance.
"OK, how did you set up the database then"
"Never mind that, it's working. Just do it"
"Dude, I need to know what you used to make sure the server is supporting it"
(obviously, he has no clue, he can't even read the code...at this level of slop neither can I)
"Uh...it's...uh...it's in...PHP"
"Database? Dude...is it like...SQL?"
"Yeah, that's it"
(me, knowing he has no clue how to set up an SQL database, and assuming it was working at home) "You sure...maybe it's SQLite? In a single file?"
"Yeah, that's it"
I shrugged and said sure, I'll do it. He hands me over a USB pen. At this point, I don't even care. I'll just throw the code in ChatGPT to have a clue on what it does. So I sit in my computer and open the USB pen. Of course, it's a HTML file again (probably some JS there) and the thing is so huge even ChatGPT can't make sense of it. This, I expected.
This is what I didn't expect...
In the middle of the files there's a saved webpage. The name of the webpage? https://dev-server.spirinolas.com/ (not the real name, obviously). This lazy POS found my Laravel version open in the browser of the computer (not my work laptop, that is always locked) and tried to save it to steal my code. Of course, nothing of value was there. But the fact he actually tried it...I saw red.
I called him and confronted him. First he denied it. When I confronted him with the facts he got pissed and started gaslighting me.
"That file was already on the computer, I know nothing about it"
"It was already saved on the computer? Who saved it then"
"I have no idea. It was already there. When I got here it was wide open"
It's a browser with a webpage...top secret indeed. The actual code is in VSCode and isn't even stored on my work laptop. I use SSH to access it on my home server.
"Then explain to me how it was on your USB pen?"
As he got stuck against the wall and couldn't gaslight me anymore he lost his cool. He said I left it open because I know nothing about security and I'm a fucking idiot. The moment he insulted me I stopped the conversation immediately. I told him he had no right to insult me and we were DONE. I removed the USB and gave it back to him and told him to figure it out, I was not helping him.
Now I'm actually considering talking with the bosses about this. I know they like him but this was serious. He was trying to steal my work and pass it as his own though he's too stupid to realize how out of his depth he is.
You should have kept the USB as evidence, or copied the evidence of attempted theft off of it. You're unlikely to be able to prove it again now if you let him leave with it, and you just let him know one more thing to try and hide.
Anyway...
You can probably find a way to word the type of stuff you've posted here in a less technical and more detached manner, which would help. Focus on facts, and if you have to make statements that appear to be a matter of judgement, ensure you have a way to back it up with evidence that is explainable in management speak.
If you have email evidence of his bad tone with you, use that. If it's not present in writing, considering it sounds like he speaks incredibly rudely to you face to face, I would look into the recording laws where you're at.
If you have friends at work who have sent you emails, texts, or IMs along the lines of "he's badmouthing you again", hold onto those.
Unless your bosses are absolutely braindead, "it's his fault for not securing it" will go over like a sack of bricks.
"That was not available outside of our internal network, and what you actually managed to grab does not pose any risk."
Companies can't survive with a culture of "theft of other employee's work is fair game".
Start keeping a journal of all your interactions with him. Neutral, positive, and negative. Time, date, and one to three short dispassionate sentences. KEEP THIS SECRET FROM HIM AT ALL FUCKING COSTS
Met to deploy his solution for X. Did not deliver a a working solution. Could not answer basic questions about what was provided. Contained files from my solution despite refusing my assistance.
Remember: dispassionate, high level as possible, and straight facts. As if this will be read in court (because it could be).
You could backfill with previous interactions, but I would label those as such and probably keep those separate.
Emphasize the difference in experience and tenure. Your repeated attempts to collaborate, include, teach, etc with him contrasted with his responses (refusal, belittling your experience, claiming your ideas as his own to other employees and management). His refusal to accept any work begun by you as up to task.
This is far too wordy and not dispassionate enough, but here's some spitballed first draft type stuff
My repeated attempts to collaborate and teach him have only resulted in him presenting discussed ideas as entirely his own, refusal to accept any work in progress that I began even as a base for collaboration, and repeated insults as he regularly insists my experience is worth less than his beginner efforts over the course of a single afternoon with technology and systems entirely new to him.
I could chalk this up to friction, except that in many instances, he has refused a complete solution already built and tested by me in favor of using company time to attempt to build them himself from scratch. While I have always been open to alternative solutions, and I actively look for opportunities to give him space to improve and demonstrate his skills, I must question if it is best use of company resources to duplicate this work as the regular practice as he makes of it.
This has all come to a head recently when he has attempted, and failed, to steal my work as his own during our recent project of [blah]. Despite repeated attempts made on my end to collaborate with him and make this a group effort, he had insisted that he would work on his own and do a better job than me. I've been fully supportive of his work on this project, and prepared to roll out his solution to the company, but I also prepared my own solution as a backup.
On [date] we had a meeting at [time] for him to provide me his work so I could upload it to [place] for company use. He provided me a thumb drive, and when I began asking standard questions to ensure we had what he needed to support his solution, he was unable to give me direct answers.
Against my better judgement, I decided to move ahead and try to get this information from the files he provided me. It was at that point that I discovered [evidence he attempted to take your work on the project].
It was his USB. I couldn't keep it. But of course I copied it, I thought that was a given.
It wasn't even anything. It was my development version running on a browser with placeholder data. The app is my property (sure of it, not getting into details) and was running on my own personal home server (and there's a good chance it will stay that way). There was nothing there to hide, no sensitive data. He's so stupid he actually thought it was anything important and that he could even get anything useful by saving it to his USB. It's quite funny if you don't take it too seriously.
Will do. But I don't think he's asking anything else after I put my foot down. Maybe I'll follow u/Optional advice and set him a sandbox to fuck around. When do you think I should show that journal to our boss? What's the line he needs to cross?