Busbar · a muselab product · in active development
GitHub as a headless delivery platform for Salesforce.
Busbar puts a complete development-to-delivery system inside your own GitHub repositories, so you own the entire infrastructure, without ever storing Salesforce credentials in GitHub to manage, rotate, or lose. The Composable Delivery Model, productized.
01 · The problem
Today, delivering from GitHub means handing over your org's keys.
To run Salesforce delivery from GitHub today, you store long-lived Salesforce credentials in GitHub: a connected-app secret, a username and password, or a refresh token sitting in CI. Now you own the overhead of managing and rotating them, and the risk that one leaked token or one compromised repository hands an attacker your production org.
It works, but it parks your most sensitive credentials in the place most exposed to your whole team and every workflow. That is the trade most teams quietly accept to get delivery on GitHub. Busbar removes the trade.
02 · What it makes possible
Own your entire delivery system, inside GitHub.
Once your org's credentials aren't the thing standing between you and GitHub, the real work begins: a complete development-to-delivery system that lives in your repositories. Provisioning, configuration, data, integration wiring, and release, all as composable automation you version, review, and own.
It is Busbar's expression of the Composable Delivery Model: features built once as modules, combined into compositions, with GitHub as the single source of truth. No Salesforce credentials ever live there to manage or lose.
03 · The platform
One secure connection expands the org's boundary.
One managed package, one secure connection, three layers. The hard part of composable delivery was never the infrastructure. It was the UX. By keeping automation native to GitHub, anyone who can build a Flow, an agent, or an MCP server can reach it.
Headless interface
Invocable actions that meet users where they work: Salesforce Flow, Agentforce, Slack, custom apps, MCP servers, and AI clients like Claude and Codex.
Composable automation
Modular recipes in GitHub: reusable Actions workflows plus metadata and data bundles, versioned, reviewed, and composable across projects.
Secure connection
The foundation. Your org and GitHub, connected so no Salesforce credentials ever live in GitHub. This is the connection that expands the org's boundary.
Easy enough for the accidental admin, powerful enough for complex enterprise architecture, and safe for everyone in between.
How the trust works
No Salesforce credentials in GitHub. Ever.
Inbound, GitHub Actions proves its identity with a short-lived token that Busbar verifies in your org against GitHub's public keys, so there is no inbound secret to store. Outbound, GitHub can't accept that kind of login, so Busbar uses your org's own GitHub App, with its key held behind Busbar's managed Apex inside your Salesforce org, never in GitHub.
The result is what matters: nothing long-lived for an attacker to lift from a repository, and no Salesforce credentials for your team to rotate or lose.
See it in action
Connect and manage repositories.
Fork the base sidecar, connect your org
Stand up a primary sidecar by forking Busbar's curated base repo. Name it, hit create, and Busbar wires the secure connection to your Salesforce org — no credentials in GitHub. Every connected repository shows up in the list, managed and ready.

Sidecar confirms it's ready
Once connected, the sidecar surfaces its status and next steps: set the org URL variable, run Collect Org Context, then approve the initial trust request on the Trust surface. The connection is live.

Trust posture
Review and adapt trust policies.
Denied requests surface immediately
When an untrusted workflow calls your org, Busbar blocks it and fires a Salesforce notification instantly. You see exactly which repo, workflow, and branch made the request — before anything runs.

Approve once, trust applied automatically
The Trust inbox shows the full request context — repository, workflow, branch, environment, and exactly what a least-privilege rule would cover. Approve it and Busbar publishes the rule. No record editing, no repeat approvals for the same workflow.

Every rule, explicit and auditable
Busbar recommends guardrails that block GitHub's most dangerous triggers org-wide — one click to publish. Active trust policies then show exactly what's allowed and denied: every condition, scope, and priority, generated from real approvals.


This is what you'll run in week one of a pilot. Become a design partner or book a walkthrough.
You own it
The easy path, not a cage.
The automation Busbar orchestrates is standard GitHub Actions in your own repositories. You own it outright: if you ever stop using Busbar, your recipes still run on GitHub alone. Busbar is the layer that keeps the connection safe and, by turning any workflow into an invocable action, surfaces it in Flow, Agentforce, or Slack.
How to start
Ways to start.
You don't need a pilot to work with us. Start where it fits and step up when it pays off — everything we build is yours, in your own GitHub, no lock-in.
Advisory — $5k/quarter
A senior delivery expert on call. Architecture reviews and priority answers, no scheduling.
Blueprint — from $5k
A focused review of your GitHub delivery and a prioritized roadmap you can run.
Design partner — a 3-month pilot
A pilot scoped to your delivery, automated through Busbar and GitHub Actions. We'll share pricing in a conversation.
Design partners wanted
Shape Busbar on real work. Low risk by design.
We're taking on a small number of paid design partners. We take a slice of delivery you do by hand today, automate it through Busbar and GitHub Actions, and leave you with composable recipes you reuse on every engagement after. You get a live repository and a trained team, not a slide deck.
We set it up
The managed package, your GitHub App, and the secure connection are set up and supported by us.
Small upfront commitment
Only the Design phase is committed at kickoff. Build and Enablement are authorized at a week-3 go/no-go, against the scope you agreed in Design.
You own the output
Recipes and repository are yours, transferable, and run on GitHub with or without Busbar. Zero lock-in.
Your rate is locked
Design-partner pricing holds for the full contract plus one renewal, so a longer commitment is rewarded with certainty.
An accessible entry point
Not ready for a pilot? Start smaller with Advisory or a Blueprint, both from $5k, and step up when it pays off.
The shape, a three-month pilot
Design
Weeks 1-3
Lock the first recipes, map the metadata, and choose where automation surfaces.
Build
Weeks 4-9
Turn the work you do by hand into declarative recipes, wired through Busbar.
Enablement
Weeks 10-12
Train your team to run, adapt, and author recipes so the capability outlasts the pilot.
A live repository that stands up real orgs, plus a team trained to extend it.
Design-partner pilots are scoped to your delivery, so we'll share pricing in a conversation. Not ready for a pilot? Start with a Blueprint from $5k or Advisory from $5k/quarter.
Where Busbar came from
The delivery model behind 50,000+ orgs, rebuilt to be open.
Busbar grew out of running releases at Salesforce.org, the delivery model that shipped nonprofit and education packages to more than 50,000 orgs, distilled into CumulusCI and now rebuilt to be composable and open. It exists so the automation behind a platform's delivery doesn't stay locked inside one org, so any team delivering on Salesforce can reach it.
Put the model to work.
Let's scope a pilot and turn your by-hand delivery into composable recipes, a proof of concept you can point to this quarter.