Summary of work done

• Investigated the 2026-05-23 infra pulse report that showed 303 5xx responses and degraded observability because Cloudflare and Sentry OAuth were unavailable.
• Pulled live Cloudways Flexible origin logs for app 6360875 on server 1615235.
• Confirmed the main 500 source was /wp-json/sal/v1/callrail-webhook, not a generic site outage.
• Found matching PHP errors: Salesforce config missing required keys and Salesforce auth failed for CallRail webhook calls.
• Found the config file existed but was mode 600, which prevented PHP from reading it.
• Found WPCode cache permission warnings because the cache path was not group-writable for the PHP runtime group.

Repair applied

• Changed wp-content/mu-plugins/sal-private/sal-form-fixes-config.php from mode 600 to 640.
• Changed wp-content/uploads/wpcode and wp-content/uploads/wpcode/cache to mode 775.
• Changed direct files under wp-content/uploads/wpcode/cache to mode 664.
• No WordPress content, Salesforce records, CallRail payloads, DNS records, Cloudflare rules, or Sentry settings were changed.

Rollback

• Server backup packet: /home/master/codex-backups/infra-pulse-permission-repair-20260523-234344.
• Includes perms-before.txt, perms-after.txt, and a copy of sal-form-fixes-config.php.

QA performed

• WordPress context now sees all required Salesforce config keys.
• sal_get_sf_token() returned a Salesforce token and instance URL from WordPress context.
• WPCode cache write/delete test passed.
• Recent backend error tail no longer contained the three checked signatures: Salesforce missing config, WPCode cache permission denied, or chmod operation not permitted.