spree_core 5.4.0.rc3 → 5.4.0.rc4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: feb2c702a17f0e10532d677c7c6cdb4a4092476ce33966db067ff095e0fd3d51
-  data.tar.gz: 6cfb1613127976496083e9d11d5a073e20c7d94b139d2df2f621e4c18ae52936
+  metadata.gz: 7bc3a50296fda5fe9d3f9cfa5ec4547b44e8dc7c718634f0de73314d55210479
+  data.tar.gz: 74757285458b4d4a322d5cdc0ea550c4fe7e9ca9de25095fba0371b6c1fb1e93
 SHA512:
-  metadata.gz: 8abff3fa43c5226f1eb1c3dd1a5d1bd84fedfd9ef62895da5df6402df1bd9e0fcb68a9fd646790d90ea5efa04292330aeab50e9269d1352a8970c2c8ff362d39
-  data.tar.gz: 2cde221d1575d9d48c633d4aacdc588d775aff1445c0bdc5c895ff82e77444e3a5341d5fc1677d6c5013accd73f182f1e2ea5bb5b9532470d13dae4a7e316061
+  metadata.gz: c9ce63a0797b37332944d4d1df8e60f132c27af526e970fd290f993d03b0d9fbf1fcbb1c2c3b55d37184cc10f72b884c79ec68b42398928cbc490a5b55a982c5
+  data.tar.gz: 14e3357af8ce8cdb75764e15b14759fe4ff37f132a32242b87c269d3137c6f41d11071415be24975c71e4086df5a45b5853840a68dca91ea9541857bd7b18d78

data/app/mailers/spree/webhook_mailer.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Spree
+  class WebhookMailer < BaseMailer
+    def endpoint_disabled(webhook_endpoint)
+      @endpoint = webhook_endpoint
+      @current_store = webhook_endpoint.store
+
+      mail(
+        to: @current_store.new_order_notifications_email.presence || @current_store.mail_from_address,
+        from: from_address,
+        subject: Spree.t('webhook_mailer.endpoint_disabled.subject', endpoint_name: @endpoint.name || @endpoint.url),
+        store_url: @current_store.formatted_url
+      )
+    end
+  end
+end

data/app/models/concerns/spree/product_scopes.rb

@@ -147,8 +147,32 @@ module Spree
           where("#{Classification.table_name}.taxon_id" => taxon.cached_self_and_descendants_ids).distinct
       }
 
-      # Alias for in_taxon — public API name
-      scope :in_category, ->(category) { in_taxon(category) }
+      # Products in a category AND all its descendants.
+      # Accepts a Category record or a prefixed ID string (e.g. 'ctg_xxx').
+      def self.in_category(category_or_id)
+        category = category_or_id.is_a?(String) ? Spree::Taxon.find_by_prefix_id(category_or_id) : category_or_id
+        return none unless category
+
+        in_taxon(category)
+      end
+
+      # Products in ANY of the given categories (OR logic), each including descendants.
+      # Accepts an array of Category records, prefixed ID strings, or a mix.
+      def self.in_categories(*categories_or_ids)
+        categories_or_ids = categories_or_ids.flatten.compact
+        return none if categories_or_ids.empty?
+
+        ids, records = categories_or_ids.partition { |c| c.is_a?(String) }
+        if ids.any?
+          decoded = ids.filter_map { |id| Spree::Taxon.decode_prefixed_id(id) }
+          records += Spree::Taxon.where(id: decoded).to_a if decoded.any?
+        end
+        return none if records.empty?
+
+        taxon_ids = records.flat_map(&:cached_self_and_descendants_ids).uniq
+
+        joins(:classifications).where(Classification.table_name => { taxon_id: taxon_ids }).distinct
+      end
 
       # Deprecated — remove in 6.0. Use in_taxon instead.
       def self.in_taxons(*taxons)
@@ -200,21 +224,31 @@ module Spree
           where(Spree::OptionValue.table_name => { name: value, option_type_id: option_type_id })
       }
 
-      # Filters products by option value IDs (prefix IDs like 'optval_xxx')
-      # Accepts an array of option value IDs
-      scope :with_option_value_ids, ->(*ids) {
+      # Filters products by option value IDs (prefix IDs like 'optval_xxx').
+      # Groups values by option type automatically:
+      #   - Within the same option type: OR (Blue OR Red)
+      #   - Across different option types: AND ((Blue OR Red) AND (S OR M))
+      def self.with_option_value_ids(*ids)
         ids = ids.flatten.compact
-        next none if ids.empty?
-
-        # Handle prefixed IDs (optval_xxx) by decoding to actual IDs
-        actual_ids = ids.map do |id|
-          id.to_s.include?('_') ? OptionValue.decode_prefixed_id(id) : id
-        end.compact
-
-        next none if actual_ids.empty?
-
-        joins(variants: :option_values).where(Spree::OptionValue.table_name => { id: actual_ids })
-      }
+        return none if ids.empty?
+
+        actual_ids = ids.map { |id| id.to_s.include?('_') ? OptionValue.decode_prefixed_id(id) : id }.compact
+        return none if actual_ids.empty?
+
+        grouped = OptionValue.where(id: actual_ids).group_by(&:option_type_id)
+        return none if grouped.empty?
+
+        scope = all
+        grouped.each_value do |option_values|
+          ov_ids = option_values.map(&:id)
+          matching_product_ids = Variant.where(deleted_at: nil)
+                                       .joins(:option_value_variants)
+                                       .where(OptionValueVariant.table_name => { option_value_id: ov_ids })
+                                       .select(:product_id)
+          scope = scope.where(id: matching_product_ids)
+        end
+        scope
+      end
 
       # Deprecated — remove in 6.0. Not used internally.
       def self.with(value)

data/app/models/spree/product.rb

@@ -200,7 +200,7 @@ module Spree
     self.whitelisted_ransackable_attributes = %w[description name slug discontinue_on status available_on created_at updated_at]
     self.whitelisted_ransackable_associations = %w[taxons categories stores variants_including_master master variants tags labels
                                                    shipping_category classifications option_types]
-    self.whitelisted_ransackable_scopes = %w[not_discontinued search_by_name in_taxon price_between
+    self.whitelisted_ransackable_scopes = %w[not_discontinued search_by_name in_taxon in_category in_categories price_between
                                              price_lte price_gte
                                              search multi_search in_stock out_of_stock with_option_value_ids
 

data/app/models/spree/search_provider/base.rb

@@ -17,7 +17,7 @@ module Spree
       #
       # @param scope [ActiveRecord::Relation] base scope (store-scoped, visibility-filtered, authorized)
       # @param query [String, nil] text search query
-      # @param filters [Hash] structured filters (price_gte, with_option_value_ids, categories_id_eq, etc.)
+      # @param filters [Hash] structured filters (price_gte, with_option_value_ids, in_category, in_categories, etc.)
       # @param sort [String, nil] sort param (e.g. 'price', '-price', 'best_selling')
       # @param page [Integer] page number
       # @param limit [Integer] results per page

data/app/models/spree/search_provider/database.rb

@@ -14,6 +14,9 @@ module Spree
         # 2. Extract internal params before passing to Ransack
         category = filters.is_a?(Hash) ? filters.delete('_category') || filters.delete(:_category) : nil
 
+        # 2b. Extract option value IDs — handled by scope (OR within type, AND across)
+        option_value_ids = filters.is_a?(Hash) ? filters.delete('with_option_value_ids') || filters.delete(:with_option_value_ids) : nil
+
         # 3. Structured filtering via Ransack
         ransack_filters = sanitize_filters(filters)
         if ransack_filters.present?
@@ -21,8 +24,14 @@ module Spree
           scope = search.result(distinct: true)
         end
 
+        # Save scope before option filters for disjunctive facet counts
+        scope_before_options = scope
+        if option_value_ids.present?
+          scope = scope.with_option_value_ids(Array(option_value_ids))
+        end
+
         # 4. Facets (before sorting to avoid computed column conflicts with count)
-        filter_facets = build_facets(scope, category: category)
+        filter_facets = build_facets(scope, category: category, option_value_ids: Array(option_value_ids), scope_before_options: scope_before_options)
 
         # 5. Total count (before sorting to avoid computed column conflicts with count)
         total = scope.distinct.count
@@ -49,13 +58,15 @@ module Spree
         Pagy::Offset.new(count: count, page: page, limit: limit)
       end
 
-      def build_facets(scope, category: nil)
+      def build_facets(scope, category: nil, option_value_ids: [], scope_before_options: nil)
         return { filters: [], sort_options: available_sort_options, default_sort: 'manual' } unless defined?(Spree::Api::V3::FiltersAggregator)
 
         Spree::Api::V3::FiltersAggregator.new(
           scope: scope,
           currency: currency,
-          category: category
+          category: category,
+          option_value_ids: option_value_ids,
+          scope_before_options: scope_before_options || scope
         ).call
       end
 

data/app/models/spree/search_provider/meilisearch.rb

@@ -20,9 +20,19 @@ module Spree
       def search_and_filter(scope:, query: nil, filters: {}, sort: nil, page: 1, limit: 25)
         page = [page.to_i, 1].max
         limit = limit.to_i.clamp(1, 100)
+        filters = filters.to_unsafe_h if filters.respond_to?(:to_unsafe_h)
+        filters = (filters || {}).stringify_keys
+
+        # Extract and group option values by option type for proper OR/AND semantics
+        option_value_ids = extract_and_delete(filters, 'with_option_value_ids')
+        grouped_options = group_option_values_by_type(Array(option_value_ids))
+
+        base_conditions = build_filters(filters)
+        option_conditions = build_grouped_option_conditions(grouped_options)
+        all_conditions = base_conditions + option_conditions
 
         search_params = {
-          filter: build_filters(filters),
+          filter: all_conditions,
           facets: facet_attributes,
           sort: build_sort(sort),
           offset: (page - 1) * limit,
@@ -32,7 +42,55 @@ module Spree
         Rails.logger.debug { "[Meilisearch] index=#{index_name} query=#{query.inspect} #{search_params.compact.inspect}" }
 
         begin
-          ms_result = client.index(index_name).search(query.to_s, search_params)
+          if grouped_options.any?
+            # N+1 multi-search: 1 hit query + 1 disjunctive facet query per active option type
+            queries = [{ indexUid: index_name, q: query.to_s, **search_params }]
+            option_type_ids_ordered = grouped_options.keys
+            option_type_ids_ordered.each do |option_type_id|
+              without_this = build_grouped_option_conditions(grouped_options.except(option_type_id))
+              queries << { indexUid: index_name, q: query.to_s, filter: base_conditions + without_this, facets: ['option_value_ids'], limit: 0 }
+            end
+
+            results = client.multi_search(queries)
+            ms_result = results['results'][0]
+
+            # Merge disjunctive counts per option type.
+            # Each disjunctive query excluded one option type's filter.
+            # Use that query's full option_value_ids distribution for that option type's values,
+            # and the main query's distribution for everything else.
+            main_ov_dist = ms_result.dig('facetDistribution', 'option_value_ids') || {}
+
+            # Build a set of prefixed IDs per option type (including unselected values)
+            # by looking up which option type each option value belongs to.
+            all_ov_prefixed_ids = Set.new
+            disjunctive_dists = {}
+            results['results'][1..].each_with_index do |r, idx|
+              dist = r.dig('facetDistribution', 'option_value_ids') || {}
+              disjunctive_dists[option_type_ids_ordered[idx]] = dist
+              all_ov_prefixed_ids.merge(dist.keys)
+            end
+
+            # Resolve which prefixed IDs belong to which option type
+            all_raw_ids = all_ov_prefixed_ids.filter_map { |pid| Spree::OptionValue.decode_prefixed_id(pid) }
+            ov_to_type = Spree::OptionValue.where(id: all_raw_ids).pluck(:id, :option_type_id).to_h
+            prefixed_to_type = all_ov_prefixed_ids.each_with_object({}) do |pid, h|
+              raw = Spree::OptionValue.decode_prefixed_id(pid)
+              h[pid] = ov_to_type[raw] if raw
+            end
+
+            # Start with main query's distribution, overlay disjunctive counts for active option types
+            merged_ov_dist = main_ov_dist.dup
+            disjunctive_dists.each do |option_type_id, dist|
+              dist.each do |pid, count|
+                merged_ov_dist[pid] = count if prefixed_to_type[pid] == option_type_id
+              end
+            end
+
+            facet_distribution = (ms_result['facetDistribution'] || {}).merge('option_value_ids' => merged_ov_dist)
+          else
+            ms_result = client.index(index_name).search(query.to_s, search_params)
+            facet_distribution = ms_result['facetDistribution'] || {}
+          end
         rescue ::Meilisearch::ApiError => e
           Rails.logger.warn { "[Meilisearch] Search failed: #{e.message}. Run `rake spree:search:reindex` to initialize the index." }
           Rails.error.report(e, handled: true, context: { index: index_name, query: query })
@@ -46,20 +104,17 @@ module Spree
         raw_ids = product_prefixed_ids.filter_map { |pid| Spree::Product.decode_prefixed_id(pid) }
 
         # Intersect with AR scope for security/visibility.
-        # Since we filter by store/status/currency/discontinue_on in Meilisearch,
-        # the AR scope is a safety net — it should not filter anything out.
         products = if raw_ids.any?
                      scope.where(id: raw_ids).reorder(nil)
                    else
                      scope.none
                    end
 
-        # Build Pagy object from Meilisearch response (passive mode)
         pagy = build_pagy(ms_result, page, limit)
 
         SearchResult.new(
           products: products,
-          filters: build_facet_response(ms_result['facetDistribution'] || {}),
+          filters: build_facet_response(facet_distribution),
           sort_options: available_sort_options.map { |id| { id: id } },
           default_sort: 'manual',
           total_count: ms_result['estimatedTotalHits'] || 0,
@@ -198,11 +253,42 @@ module Spree
           'in_stock = true' if value.to_s != '0'
         when 'out_of_stock'
           'in_stock = false' if value.to_s != '0'
-        when 'categories_id_eq'
+        when 'in_category'
           "category_ids = '#{sanitize_prefixed_id(value)}'" if valid_prefixed_id?(value)
+        when 'in_categories'
+          parts = Array(value).filter_map { |id| "category_ids = '#{sanitize_prefixed_id(id)}'" if valid_prefixed_id?(id) }
+          parts.length > 1 ? "(#{parts.join(' OR ')})" : parts.first
         when 'with_option_value_ids'
-          Array(value).filter_map { |ov| "option_value_ids = '#{sanitize_prefixed_id(ov)}'" if valid_prefixed_id?(ov) }
+          # Handled by grouped option conditions in search_and_filter — skip here
+          nil
+        end
+      end
+
+      # Group prefixed option value IDs by option type (single DB query).
+      # Returns { option_type_id => ['optval_abc', 'optval_def'], ... }
+      def group_option_values_by_type(prefixed_ids)
+        prefixed_ids = prefixed_ids.flatten.compact.select { |id| valid_prefixed_id?(id) }
+        return {} if prefixed_ids.empty?
+
+        raw_ids = prefixed_ids.filter_map { |id| Spree::OptionValue.decode_prefixed_id(id) }
+        Spree::OptionValue.where(id: raw_ids).group_by(&:option_type_id).transform_values { |ovs| ovs.map(&:prefixed_id) }
+      end
+
+      # Build Meilisearch filter conditions from grouped option values.
+      # OR within each option type, AND across option types.
+      def build_grouped_option_conditions(grouped)
+        grouped.map do |_, prefixed_ids|
+          parts = prefixed_ids.map { |id| "option_value_ids = '#{sanitize_prefixed_id(id)}'" }
+          parts.length > 1 ? "(#{parts.join(' OR ')})" : parts.first
+        end
+      end
+
+      def extract_and_delete(hash, *keys)
+        keys.each do |key|
+          value = hash.delete(key) || hash.delete(key.to_sym)
+          return value if value.present?
         end
+        nil
       end
 
       # Sort param to Meilisearch sort syntax.

data/app/models/spree/webhook_delivery.rb

@@ -42,21 +42,47 @@ module Spree
       delivered_at.nil?
     end
 
-    # Mark delivery as completed with HTTP response
+    # Mark delivery as completed with HTTP response.
+    # Triggers auto-disable check on the endpoint after failures.
     #
     # @param response_code [Integer] HTTP response code
     # @param execution_time [Integer] time in milliseconds
     # @param response_body [String] response body from the webhook endpoint
     def complete!(response_code: nil, execution_time:, error_type: nil, request_errors: nil, response_body: nil)
+      is_success = response_code.present? && response_code.to_s.start_with?('2')
+
       update!(
         response_code: response_code,
         execution_time: execution_time,
         error_type: error_type,
         request_errors: request_errors,
         response_body: response_body,
-        success: response_code.present? && response_code.to_s.start_with?('2'),
+        success: is_success,
         delivered_at: Time.current
       )
+
+      webhook_endpoint.check_auto_disable! unless is_success
+    end
+
+    # Create a new delivery with the same payload and queue it.
+    # Used to retry failed deliveries manually.
+    #
+    # @return [Spree::WebhookDelivery] the new delivery
+    def redeliver!
+      new_delivery = webhook_endpoint.webhook_deliveries.create!(
+        event_name: event_name,
+        event_id: nil, # new delivery, not a duplicate
+        payload: payload
+      )
+
+      new_delivery.queue_for_delivery!
+      new_delivery
+    end
+
+    # Queue this delivery for processing.
+    # Resolves the job class dynamically since it lives in the api gem.
+    def queue_for_delivery!
+      'Spree::WebhookDeliveryJob'.constantize.perform_later(id)
     end
   end
 end

data/app/models/spree/webhook_endpoint.rb

@@ -19,12 +19,18 @@ module Spree
     validates :store, :url, presence: true
     validates :url, format: { with: URI::DEFAULT_PARSER.make_regexp(%w[http https]), message: :invalid_url }
     validates :active, inclusion: { in: [true, false] }
-    validate :url_must_not_resolve_to_private_ip, if: -> { url.present? && url_changed? }
+    validate :url_must_not_resolve_to_private_ip, if: -> { !Rails.env.development? && url.present? && url_changed? }
 
     before_create :generate_secret_key
 
+    self.whitelisted_ransackable_attributes = %w[name url active]
+
     scope :active, -> { where(active: true) }
     scope :inactive, -> { where(active: false) }
+    scope :enabled, -> { active.where(disabled_at: nil) }
+
+    # Number of consecutive failed deliveries before auto-disabling
+    AUTO_DISABLE_THRESHOLD = 15
 
     # Check if this endpoint is subscribed to a specific event
     #
@@ -52,6 +58,70 @@ module Spree
       subscriptions
     end
 
+    # Send a test/ping webhook to verify the endpoint is reachable.
+    # Creates a delivery record and queues it for delivery.
+    #
+    # @return [Spree::WebhookDelivery]
+    def send_test!
+      delivery = webhook_deliveries.create!(
+        event_name: 'webhook.test',
+        payload: {
+          id: SecureRandom.uuid,
+          name: 'webhook.test',
+          created_at: Time.current.iso8601,
+          data: { message: 'This is a test webhook from Spree.' },
+          metadata: { spree_version: Spree.version }
+        }
+      )
+
+      delivery.queue_for_delivery!
+      delivery
+    end
+
+    # Disable this endpoint due to repeated failures.
+    # Sends a notification email to the store staff.
+    #
+    # @param reason [String]
+    # @param notify [Boolean] whether to send an email notification (default: true)
+    def disable!(reason: 'Automatically disabled after repeated delivery failures', notify: true)
+      update!(active: false, disabled_reason: reason, disabled_at: Time.current)
+      Spree::WebhookMailer.endpoint_disabled(self).deliver_later if notify
+    end
+
+    # Re-enable a previously disabled endpoint.
+    def enable!
+      update!(active: true, disabled_reason: nil, disabled_at: nil)
+    end
+
+    # Check if the endpoint was auto-disabled
+    #
+    # @return [Boolean]
+    def auto_disabled?
+      disabled_at.present?
+    end
+
+    # Check if auto-disable threshold has been reached
+    # and disable if so.
+    def check_auto_disable!
+      return if auto_disabled?
+
+      consecutive_failures = webhook_deliveries
+        .where(success: false)
+        .where.not(delivered_at: nil)
+        .order(delivered_at: :desc)
+        .limit(AUTO_DISABLE_THRESHOLD)
+
+      return if consecutive_failures.count < AUTO_DISABLE_THRESHOLD
+
+      # Verify they're all failures (no successes interspersed)
+      last_success = webhook_deliveries.successful.order(delivered_at: :desc).pick(:delivered_at)
+      oldest_failure = consecutive_failures.last&.delivered_at
+
+      if last_success.nil? || (oldest_failure && oldest_failure > last_success)
+        disable!
+      end
+    end
+
     private
 
     def generate_secret_key

data/app/presenters/spree/search_provider/product_presenter.rb

@@ -55,7 +55,7 @@ module Spree
           in_stock: product.in_stock?,
           store_ids: cached_store_ids,
           discontinue_on: product.discontinue_on&.to_i || 0,
-          category_ids: product.taxons.map(&:prefixed_id),
+          category_ids: category_ids_with_ancestors,
           category_names: product.taxons.map { |t| translated(t, :name, fallback_locale) },
           option_type_ids: product.option_types.map(&:prefixed_id),
           option_type_names: product.option_types.map { |ot| translated(ot, :presentation, fallback_locale) },
@@ -103,6 +103,14 @@ module Spree
         @compare_at_cache[currency]
       end
 
+      # Include ancestor category IDs so filtering by a parent category
+      # matches products classified under its descendants.
+      def category_ids_with_ancestors
+        @category_ids_with_ancestors ||= product.taxons.flat_map { |t|
+          t.self_and_ancestors.map(&:prefixed_id)
+        }.uniq
+      end
+
       # Memoized — avoids N+1 when called per document
       def cached_store_ids
         @cached_store_ids ||= product.store_ids.map(&:to_s)

data/app/views/spree/webhook_mailer/endpoint_disabled.html.erb

@@ -0,0 +1,26 @@
+<h1><%= Spree.t('webhook_mailer.endpoint_disabled.heading') %></h1>
+
+<p><%= Spree.t('webhook_mailer.endpoint_disabled.message', endpoint_name: @endpoint.name || @endpoint.url) %></p>
+
+<table role="presentation" style="width: 100%; border-collapse: collapse; margin: 20px 0;">
+  <tr>
+    <td style="padding: 8px 0; color: #6b7280;"><strong><%= Spree.t('webhook_mailer.endpoint_disabled.url_label') %></strong></td>
+    <td style="padding: 8px 0;"><%= @endpoint.url %></td>
+  </tr>
+  <% if @endpoint.name.present? %>
+  <tr>
+    <td style="padding: 8px 0; color: #6b7280;"><strong><%= Spree.t('webhook_mailer.endpoint_disabled.name_label') %></strong></td>
+    <td style="padding: 8px 0;"><%= @endpoint.name %></td>
+  </tr>
+  <% end %>
+  <tr>
+    <td style="padding: 8px 0; color: #6b7280;"><strong><%= Spree.t('webhook_mailer.endpoint_disabled.reason_label') %></strong></td>
+    <td style="padding: 8px 0;"><%= @endpoint.disabled_reason %></td>
+  </tr>
+  <tr>
+    <td style="padding: 8px 0; color: #6b7280;"><strong><%= Spree.t('webhook_mailer.endpoint_disabled.disabled_at_label') %></strong></td>
+    <td style="padding: 8px 0;"><%= @endpoint.disabled_at&.strftime('%Y-%m-%d %H:%M %Z') %></td>
+  </tr>
+</table>
+
+<p><%= Spree.t('webhook_mailer.endpoint_disabled.instructions') %></p>

data/app/views/spree/webhook_mailer/endpoint_disabled.text.erb

@@ -0,0 +1,10 @@
+<%= Spree.t('webhook_mailer.endpoint_disabled.heading') %>
+
+<%= Spree.t('webhook_mailer.endpoint_disabled.message', endpoint_name: @endpoint.name || @endpoint.url) %>
+
+URL: <%= @endpoint.url %>
+<% if @endpoint.name.present? %>Name: <%= @endpoint.name %><% end %>
+Reason: <%= @endpoint.disabled_reason %>
+Disabled at: <%= @endpoint.disabled_at&.strftime('%Y-%m-%d %H:%M %Z') %>
+
+<%= Spree.t('webhook_mailer.endpoint_disabled.instructions') %>

data/config/locales/en.yml

@@ -2480,6 +2480,16 @@ en:
     we_are_busy_updating_page: We're busy updating this page.
     we_will_be_back: We will be back.
     webhook_endpoints: Webhook Endpoints
+    webhook_mailer:
+      endpoint_disabled:
+        disabled_at_label: Disabled at
+        heading: Webhook Endpoint Disabled
+        instructions: Please check the endpoint URL and service, then re-enable it in Settings → Developers → Webhooks.
+        message: The webhook endpoint "%{endpoint_name}" has been automatically disabled after repeated delivery failures.
+        name_label: Name
+        reason_label: Reason
+        subject: 'Webhook endpoint disabled: %{endpoint_name}'
+        url_label: URL
     webhooks: Webhooks
     weight: Weight
     weight_unit: Weight unit

data/db/migrate/20260326000001_improve_spree_webhooks.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class ImproveSpreeWebhooks < ActiveRecord::Migration[7.2]
+  def change
+    # Endpoint name + auto-disable tracking
+    add_column :spree_webhook_endpoints, :name, :string
+    add_column :spree_webhook_endpoints, :disabled_reason, :string
+    add_column :spree_webhook_endpoints, :disabled_at, :datetime
+
+    # Event ID for delivery deduplication
+    add_column :spree_webhook_deliveries, :event_id, :string
+    add_index :spree_webhook_deliveries, [:webhook_endpoint_id, :event_id],
+              unique: true,
+              where: 'event_id IS NOT NULL',
+              name: 'index_spree_webhook_deliveries_on_endpoint_and_event'
+  end
+end

data/lib/spree/core/version.rb

@@ -1,5 +1,5 @@
 module Spree
-  VERSION = '5.4.0.rc3'.freeze
+  VERSION = '5.4.0.rc4'.freeze
 
   def self.version
     VERSION

data/lib/spree/permitted_attributes.rb

@@ -319,7 +319,7 @@ module Spree
       }
     ]
 
-    @@webhook_endpoint_attributes = [:url, :secret, :active, subscriptions: []]
+    @@webhook_endpoint_attributes = [:name, :url, :secret, :active, subscriptions: []]
 
     @@wishlist_attributes = [:name, :is_default, :is_private]
 

data/lib/spree/testing_support/factories/webhook_endpoint_factory.rb

@@ -3,6 +3,7 @@
 FactoryBot.define do
   factory :webhook_endpoint, class: Spree::WebhookEndpoint do
     store
+    sequence(:name) { |n| "Endpoint #{n}" }
     sequence(:url) { |n| "https://example.com/webhooks/#{n}" }
     active { true }
     subscriptions { [] }
@@ -18,5 +19,11 @@ FactoryBot.define do
     trait :all_events do
       subscriptions { ['*'] }
     end
+
+    trait :auto_disabled do
+      active { false }
+      disabled_at { Time.current }
+      disabled_reason { 'Automatically disabled after repeated delivery failures' }
+    end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spree_core
 version: !ruby/object:Gem::Version
-  version: 5.4.0.rc3
+  version: 5.4.0.rc4
 platform: ruby
 authors:
 - Sean Schofield
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-03-25 00:00:00.000000000 Z
+date: 2026-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: i18n-tasks
@@ -869,6 +869,7 @@ files:
 - app/mailers/spree/export_mailer.rb
 - app/mailers/spree/invitation_mailer.rb
 - app/mailers/spree/report_mailer.rb
+- app/mailers/spree/webhook_mailer.rb
 - app/models/acts_as_taggable_on/tag_decorator.rb
 - app/models/concerns/spree/adjustment_source.rb
 - app/models/concerns/spree/admin_user_methods.rb
@@ -1336,6 +1337,8 @@ files:
 - app/views/spree/shared/_mailer_line_item.html.erb
 - app/views/spree/shared/_mailer_logo.html.erb
 - app/views/spree/shared/_payment.html.erb
+- app/views/spree/webhook_mailer/endpoint_disabled.html.erb
+- app/views/spree/webhook_mailer/endpoint_disabled.text.erb
 - config/brakeman.ignore
 - config/i18n-tasks.yml
 - config/importmap.rb
@@ -1474,6 +1477,7 @@ files:
 - db/migrate/20260315100000_add_product_media_support.rb
 - db/migrate/20260317000000_create_spree_refresh_tokens.rb
 - db/migrate/20260323000000_create_spree_price_histories.rb
+- db/migrate/20260326000001_improve_spree_webhooks.rb
 - db/sample_data/customers.csv
 - db/sample_data/metafield_definitions.rb
 - db/sample_data/orders.rb
@@ -1699,9 +1703,9 @@ licenses:
 - BSD-3-Clause
 metadata:
   bug_tracker_uri: https://github.com/spree/spree/issues
-  changelog_uri: https://github.com/spree/spree/releases/tag/v5.4.0.rc3
+  changelog_uri: https://github.com/spree/spree/releases/tag/v5.4.0.rc4
   documentation_uri: https://docs.spreecommerce.org/
-  source_code_uri: https://github.com/spree/spree/tree/v5.4.0.rc3
+  source_code_uri: https://github.com/spree/spree/tree/v5.4.0.rc4
 post_install_message:
 rdoc_options: []
 require_paths: