Build With Busbar

What you can build.

Proven on Salesforce + GitHub first, then extensible to any platform. Each use case is a different combination of the same standard components — same Rack architecture, different modules.

Use Case

Salesforce + GitHub DevOps

The next generation of CumulusCI — from the original architect

Built by the founder of CumulusCI, which shipped to 200,000+ Salesforce deployments. Same powerful automation patterns — deploy metadata, run tests, load data — rebuilt on Rust with zero-trust credentials. The customer sees the exact adapted plan before approving. Every deployment produces a verifiable frame.

rack: sf-devops

sf-authsf-restsf-metadatasf-bulkgh-actionsaudit-log

The Flow

1Kantext composes the deployment plan from .kant files + target org state

2Collect phase reads org metadata; Check phase adapts the plan

3Customer reviews and approves the concrete, adapted sequence

4Modules execute in WASM sandbox — sf-auth resolves credentials via host function

5Audit frame seals every step: what changed, who approved, what the org looked like before and after

Result

ISV customers never share admin credentials. Accidental admins get safety guardrails. Enterprises get tamper-proof deployment records.

Use Case

AI Agent Governance Platform

Every agent call through one trusted bus

Your agents call 20 different APIs. Today you give them tokens and pray. With Busbar, every MCP tool invocation flows through the gateway. Cedar policies enforce least-privilege per agent, per action, per resource. The immutable audit trail means compliance isn't a retrofit — it's built in.

rack: agent-governance

mcp-gatewaycedar-authaudit-logpolicy-evaljinja-tmpl

The Flow

1Agent writes a Jinja2 template to compose a multi-step workflow

2Cedar evaluates each tool call against the agent's identity and context

3Gateway routes authorized calls to MCP servers — credentials resolved from vault

4Every step sealed as an immutable audit frame in Kantext

5Unapproved calls blocked before they execute — not after

Result

Complete observability and control over agent behavior. Provable audit trail for every action. Zero credential exposure.

Use Case

Multi-Cloud Orchestration

Same Rack, different clouds

Compose cross-cloud workflows with Jinja2 templates. The Rack doesn't care which cloud you're targeting — swap aws-lambda for gcp-run and the orchestration stays the same. Kantext tracks state across all providers in a single, content-addressed context.

rack: cloud-ops

aws-lambdagcp-runazure-funcjinja-tmplcedar-authkantext-state

The Flow

1Jinja2 template defines a deployment across AWS, GCP, and Azure

2Each cloud module handles provider-specific API calls through the gateway

3Cedar policies enforce per-cloud authorization boundaries

4Kantext maintains a unified state frame across all three providers

5Drift detection: compare intended state frame vs actual state on next compose

Result

One Rack definition. Three clouds. Unified state. Drift detection for free because Kantext is content-addressed.

Use Case

Enterprise Data Pipeline

Full provenance from generation to destination

Generate test data with Snowfakery MCP, validate against schema policies, load via Bulk API, and track every record from generation to destination. The audit chain proves exactly what data went where and when.

rack: data-pipeline

snowfakerysf-bulkdb-connectdata-validateaudit-log

The Flow

1Snowfakery MCP module generates realistic test data from recipes

2Policy module validates data against schema and business rules

3sf-bulk module loads data via Salesforce Bulk API 2.0

4Kantext frames capture the complete data lineage

5Any data quality issue is traceable back to the exact recipe and generation run

Result

Full data lineage. Schema validation at every boundary. Reproducible test environments. Provenance chain from generation to org.

Use Case

Regulatory Compliance Automation

Prove it, don't just log it

Traditional compliance means mutable logs and hope. Busbar's immutable audit chain is cryptographic proof. Every action, every authorization decision, every state change — sealed in content-addressed frames that can't be tampered with after the fact.

rack: compliance

policy-evalcedar-authaudit-logjinja-tmplreport-gen

The Flow

1Cedar policies encode regulatory requirements as authorization rules

2Every system action produces an audit frame with full provenance

3Frames are Blake3 sealed — modify one byte and the chain invalidates

4Jinja2 templates generate compliance reports from the audit chain

5Auditors verify the chain independently — no trust in the reporter required

Result

Compliance that's architecturally guaranteed, not operationally hoped for. Tamper-evident proof chain. Self-verifying audit reports.

Use Case

Managed Package Delivery

Ship to customer orgs without touching their keys

The ISV dream: install your managed package into customer orgs with zero credential sharing. The customer approves a concrete, adapted plan — not a black box. Execution happens in their environment. Every step is auditable.

rack: pkg-delivery

sf-authsf-metadataconsent-flowpolicy-evalaudit-log

The Flow

1ISV publishes a .kant deployment plan with their package

2Customer's Busbar instance runs Collect: reads their org state

3Check phase adapts the plan to their specific configuration

4Customer reviews the concrete sequence and approves

5Execution happens locally — credentials never leave the customer's environment

Result

ISVs ship faster. Customers maintain control. The trifecta: works for the ISV, the enterprise, and the nonprofit's accidental admin.

What would you build?

These are starting points. The modular architecture means any combination of modules in any Rack is possible.

Let's Design Your Rack