@yanhaidao/wecom 1.0.1 → 2.0.0

package/README.md

@@ -1,4 +1,4 @@
-# Clawdbot 企业微信（WeCom）Channel 插件
+# OpenClaw 企业微信（WeCom）Channel 插件
 
 维护者：YanHaidao（VX：YanHaidao）
 
@@ -14,9 +14,9 @@
 
 ### 从 npm 安装
 ```bash
-clawdbot plugins install @yanhaidao/wecom
-clawdbot plugins enable wecom
-clawdbot gateway restart
+openclaw plugins install @yanhaidao/wecom
+openclaw plugins enable wecom
+openclaw gateway restart
 ```
 
 
@@ -30,7 +30,9 @@ clawdbot gateway restart
       webhookPath: "/wecom",
       token: "YOUR_TOKEN",
       encodingAESKey: "YOUR_ENCODING_AES_KEY",
-      receiveId: "YOUR_RECEIVE_ID",
+      receiveId: "",
+      // stream 模式第一次回包占位符（默认 "正在思考..."）
+      streamPlaceholderContent: "正在思考...",
       dm: { policy: "pairing" }
     }
   }
@@ -48,7 +50,7 @@ clawdbot gateway restart
 创建机器人时需要填写回调 URL（公网可访问的 HTTPS 地址），例如：`https://example.com/wecom`
 
 3. 记录机器人配置  
-在机器人详情里找到并保存以下信息，后续会写入 Clawdbot 配置：
+在机器人详情里找到并保存以下信息，后续会写入 OpenClaw 配置：
 - Token
 - EncodingAESKey
 - ReceiveId（如果你的机器人/回调配置需要校验的话）
@@ -57,33 +59,33 @@ clawdbot gateway restart
 
 1. 启用插件
 ```bash
-clawdbot plugins enable wecom
+openclaw plugins enable wecom
 ```
 
 2. 配置企业微信机器人（必需）
 ```bash
-clawdbot config set channels.wecom.enabled true
-clawdbot config set channels.wecom.webhookPath "/wecom"
-clawdbot config set channels.wecom.token "YOUR_TOKEN"
-clawdbot config set channels.wecom.encodingAESKey "YOUR_ENCODING_AES_KEY"
-clawdbot config set channels.wecom.receiveId ""
+openclaw config set channels.wecom.enabled true
+openclaw config set channels.wecom.webhookPath "/wecom"
+openclaw config set channels.wecom.token "YOUR_TOKEN"
+openclaw config set channels.wecom.encodingAESKey "YOUR_ENCODING_AES_KEY"
+openclaw config set channels.wecom.receiveId ""
 ```
 
 3. 配置 Gateway（示例）
 ```bash
-clawdbot config set gateway.mode "local"
-clawdbot config set gateway.bind "0.0.0.0"
-clawdbot config set gateway.port 18789
+openclaw config set gateway.mode "local"
+openclaw config set gateway.bind "0.0.0.0"
+openclaw config set gateway.port 18789
 ```
 
 4. 重启 Gateway
 ```bash
-clawdbot gateway restart
+openclaw gateway restart
 ```
 
 5. 验证
 ```bash
-clawdbot channels status
+openclaw channels status
 ```
 
 ## 说明
@@ -91,3 +93,21 @@ clawdbot channels status
 - webhook 必须是公网 HTTPS。出于安全考虑，建议只对外暴露 `/wecom` 路径。
 - stream 模式：第一次回包可能是占位符；随后 WeCom 会以 `msgtype=stream` 回调刷新拉取完整内容。
 - 限制：仅支持被动回复，不支持脱离回调的主动发送。
+
+
+
+# 更新日志
+
+## 2026.1.30
+
+### 重大变更
+
+1. **项目更名**：Clawdbot 正式更名为 **OpenClaw**。CLI 命令由 `clawdbot` 变更为 `openclaw`。请更新您的安装脚本和文档引用。
+
+### 企业微信插件改进计划
+
+1. 引用回复纳入上下文：AI 将同时理解你引用的那条消息；文本原文直传，图片/文件/语音等以 `[引用: 类型] URL` 形式提供上下文线索。
+2. `<think>...</think>` 原样透传：不做过滤、转义或重排，确保支持该特性的企业微信客户端可稳定展示思考态 UI。
+3. 流式回复稳定性加固：减少空刷新、超时与“卡住不回”；异常时返回可见错误摘要而非无期限等待。
+4. 交付可验收：围绕入站解析、stream 状态与回包链路增强可观测性，方便客户侧定位问题并验证效果。
+5. 下一阶段（可选）：补齐图片闭环（加密图片解密入模 + 原生 stream `msg_item` 图片回传），实现图文对话体验。

package/index.ts

@@ -1,8 +1,8 @@
 /**
  * Author: YanHaidao
  */
-import type { ClawdbotPluginApi } from "clawdbot/plugin-sdk";
-import { emptyPluginConfigSchema } from "clawdbot/plugin-sdk";
+import type { OpenClawPluginApi } from "openclaw/plugin-sdk";
+import { emptyPluginConfigSchema } from "openclaw/plugin-sdk";
 
 import { handleWecomWebhookRequest } from "./src/monitor.js";
 import { setWecomRuntime } from "./src/runtime.js";
@@ -11,9 +11,9 @@ import { wecomPlugin } from "./src/channel.js";
 const plugin = {
   id: "wecom",
   name: "WeCom",
-  description: "Clawdbot WeCom (WeChat Work) intelligent bot channel plugin",
+  description: "OpenClaw WeCom (WeChat Work) intelligent bot channel plugin",
   configSchema: emptyPluginConfigSchema(),
-  register(api: ClawdbotPluginApi) {
+  register(api: OpenClawPluginApi) {
     setWecomRuntime(api.runtime);
     api.registerChannel({ plugin: wecomPlugin });
     api.registerHttpHandler(handleWecomWebhookRequest);

package/{clawdbot.plugin.json → openclaw.plugin.json}

@@ -7,3 +7,4 @@
     "properties": {}
   }
 }
+

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "@yanhaidao/wecom",
-  "version": "1.0.1",
+  "version": "2.0.0",
   "type": "module",
-  "description": "Clawdbot WeCom (WeChat Work) intelligent bot channel plugin",
+  "description": "OpenClaw WeCom (WeChat Work) intelligent bot channel plugin",
   "author": "YanHaidao (VX: YanHaidao)",
-  "clawdbot": {
+  "openclaw": {
     "extensions": [
       "./index.ts"
     ],
@@ -32,10 +32,10 @@
     }
   },
   "dependencies": {
+    "axios": "^1.13.4",
     "zod": "^4.3.6"
   },
-  "devDependencies": {},
   "peerDependencies": {
-    "clawdbot": ">=2026.1.24"
+    "openclaw": ">=2026.1.26"
   }
-}
+}

package/src/accounts.ts

@@ -1,21 +1,21 @@
-import type { ClawdbotConfig } from "clawdbot/plugin-sdk";
-import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "clawdbot/plugin-sdk";
+import type { OpenClawConfig } from "openclaw/plugin-sdk";
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "openclaw/plugin-sdk";
 
 import type { ResolvedWecomAccount, WecomAccountConfig, WecomConfig } from "./types.js";
 
-function listConfiguredAccountIds(cfg: ClawdbotConfig): string[] {
+function listConfiguredAccountIds(cfg: OpenClawConfig): string[] {
   const accounts = (cfg.channels?.wecom as WecomConfig | undefined)?.accounts;
   if (!accounts || typeof accounts !== "object") return [];
   return Object.keys(accounts).filter(Boolean);
 }
 
-export function listWecomAccountIds(cfg: ClawdbotConfig): string[] {
+export function listWecomAccountIds(cfg: OpenClawConfig): string[] {
   const ids = listConfiguredAccountIds(cfg);
   if (ids.length === 0) return [DEFAULT_ACCOUNT_ID];
   return ids.sort((a, b) => a.localeCompare(b));
 }
 
-export function resolveDefaultWecomAccountId(cfg: ClawdbotConfig): string {
+export function resolveDefaultWecomAccountId(cfg: OpenClawConfig): string {
   const wecomConfig = cfg.channels?.wecom as WecomConfig | undefined;
   if (wecomConfig?.defaultAccount?.trim()) return wecomConfig.defaultAccount.trim();
   const ids = listWecomAccountIds(cfg);
@@ -24,7 +24,7 @@ export function resolveDefaultWecomAccountId(cfg: ClawdbotConfig): string {
 }
 
 function resolveAccountConfig(
-  cfg: ClawdbotConfig,
+  cfg: OpenClawConfig,
   accountId: string,
 ): WecomAccountConfig | undefined {
   const accounts = (cfg.channels?.wecom as WecomConfig | undefined)?.accounts;
@@ -32,7 +32,7 @@ function resolveAccountConfig(
   return accounts[accountId] as WecomAccountConfig | undefined;
 }
 
-function mergeWecomAccountConfig(cfg: ClawdbotConfig, accountId: string): WecomAccountConfig {
+function mergeWecomAccountConfig(cfg: OpenClawConfig, accountId: string): WecomAccountConfig {
   const raw = (cfg.channels?.wecom ?? {}) as WecomConfig;
   const { accounts: _ignored, defaultAccount: _ignored2, ...base } = raw;
   const account = resolveAccountConfig(cfg, accountId) ?? {};
@@ -40,7 +40,7 @@ function mergeWecomAccountConfig(cfg: ClawdbotConfig, accountId: string): WecomA
 }
 
 export function resolveWecomAccount(params: {
-  cfg: ClawdbotConfig;
+  cfg: OpenClawConfig;
   accountId?: string | null;
 }): ResolvedWecomAccount {
   const accountId = normalizeAccountId(params.accountId);
@@ -65,9 +65,8 @@ export function resolveWecomAccount(params: {
   };
 }
 
-export function listEnabledWecomAccounts(cfg: ClawdbotConfig): ResolvedWecomAccount[] {
+export function listEnabledWecomAccounts(cfg: OpenClawConfig): ResolvedWecomAccount[] {
   return listWecomAccountIds(cfg)
     .map((accountId) => resolveWecomAccount({ cfg, accountId }))
     .filter((account) => account.enabled);
 }
-

package/src/channel.ts

@@ -1,15 +1,15 @@
 import type {
   ChannelAccountSnapshot,
   ChannelPlugin,
-  ClawdbotConfig,
-} from "clawdbot/plugin-sdk";
+  OpenClawConfig,
+} from "openclaw/plugin-sdk";
 import {
   buildChannelConfigSchema,
   DEFAULT_ACCOUNT_ID,
   deleteAccountFromConfigSection,
   formatPairingApproveHint,
   setAccountEnabledInConfigSection,
-} from "clawdbot/plugin-sdk";
+} from "openclaw/plugin-sdk";
 
 import { listWecomAccountIds, resolveDefaultWecomAccountId, resolveWecomAccount } from "./accounts.js";
 import { WecomConfigSchema } from "./config-schema.js";
@@ -49,12 +49,12 @@ export const wecomPlugin: ChannelPlugin<ResolvedWecomAccount> = {
   reload: { configPrefixes: ["channels.wecom"] },
   configSchema: buildChannelConfigSchema(WecomConfigSchema),
   config: {
-    listAccountIds: (cfg) => listWecomAccountIds(cfg as ClawdbotConfig),
-    resolveAccount: (cfg, accountId) => resolveWecomAccount({ cfg: cfg as ClawdbotConfig, accountId }),
-    defaultAccountId: (cfg) => resolveDefaultWecomAccountId(cfg as ClawdbotConfig),
+    listAccountIds: (cfg) => listWecomAccountIds(cfg as OpenClawConfig),
+    resolveAccount: (cfg, accountId) => resolveWecomAccount({ cfg: cfg as OpenClawConfig, accountId }),
+    defaultAccountId: (cfg) => resolveDefaultWecomAccountId(cfg as OpenClawConfig),
     setAccountEnabled: ({ cfg, accountId, enabled }) =>
       setAccountEnabledInConfigSection({
-        cfg: cfg as ClawdbotConfig,
+        cfg: cfg as OpenClawConfig,
         sectionKey: "wecom",
         accountId,
         enabled,
@@ -62,9 +62,9 @@ export const wecomPlugin: ChannelPlugin<ResolvedWecomAccount> = {
       }),
     deleteAccount: ({ cfg, accountId }) =>
       deleteAccountFromConfigSection({
-        cfg: cfg as ClawdbotConfig,
+        cfg: cfg as OpenClawConfig,
         sectionKey: "wecom",
-        clearBaseFields: ["name", "webhookPath", "token", "encodingAESKey", "receiveId", "welcomeText"],
+        clearBaseFields: ["name", "webhookPath", "token", "encodingAESKey", "receiveId", "streamPlaceholderContent", "welcomeText"],
         accountId,
       }),
     isConfigured: (account) => account.configured,
@@ -76,7 +76,7 @@ export const wecomPlugin: ChannelPlugin<ResolvedWecomAccount> = {
       webhookPath: account.config.webhookPath ?? "/wecom",
     }),
     resolveAllowFrom: ({ cfg, accountId }) => {
-      const account = resolveWecomAccount({ cfg: cfg as ClawdbotConfig, accountId });
+      const account = resolveWecomAccount({ cfg: cfg as OpenClawConfig, accountId });
       return (account.config.dm?.allowFrom ?? []).map((entry) => String(entry));
     },
     formatAllowFrom: ({ allowFrom }) =>
@@ -88,7 +88,7 @@ export const wecomPlugin: ChannelPlugin<ResolvedWecomAccount> = {
   security: {
     resolveDmPolicy: ({ cfg, accountId, account }) => {
       const resolvedAccountId = accountId ?? account.accountId ?? DEFAULT_ACCOUNT_ID;
-      const useAccountPath = Boolean((cfg as ClawdbotConfig).channels?.wecom?.accounts?.[resolvedAccountId]);
+      const useAccountPath = Boolean((cfg as OpenClawConfig).channels?.wecom?.accounts?.[resolvedAccountId]);
       const basePath = useAccountPath ? `channels.wecom.accounts.${resolvedAccountId}.` : "channels.wecom.";
       return {
         policy: account.config.dm?.policy ?? "pairing",
@@ -174,7 +174,7 @@ export const wecomPlugin: ChannelPlugin<ResolvedWecomAccount> = {
       const path = (account.config.webhookPath ?? "/wecom").trim();
       const unregister = registerWecomWebhookTarget({
         account,
-        config: ctx.cfg as ClawdbotConfig,
+        config: ctx.cfg as OpenClawConfig,
         runtime: ctx.runtime,
         // The HTTP handler resolves the active PluginRuntime via getWecomRuntime().
         // The stored target only needs to be decrypt/verify-capable.

package/src/config-schema.ts

@@ -19,6 +19,8 @@ export const WecomConfigSchema = z.object({
   encodingAESKey: z.string().optional(),
   receiveId: z.string().optional(),
 
+  streamPlaceholderContent: z.string().optional(),
+
   welcomeText: z.string().optional(),
   dm: dmSchema,
 
@@ -30,6 +32,7 @@ export const WecomConfigSchema = z.object({
     token: z.string().optional(),
     encodingAESKey: z.string().optional(),
     receiveId: z.string().optional(),
+    streamPlaceholderContent: z.string().optional(),
     welcomeText: z.string().optional(),
     dm: dmSchema,
   })).optional(),

package/src/crypto.ts

@@ -1,6 +1,6 @@
 import crypto from "node:crypto";
 
-function decodeEncodingAESKey(encodingAESKey: string): Buffer {
+export function decodeEncodingAESKey(encodingAESKey: string): Buffer {
   const trimmed = encodingAESKey.trim();
   if (!trimmed) throw new Error("encodingAESKey missing");
   const withPadding = trimmed.endsWith("=") ? trimmed : `${trimmed}=`;
@@ -13,7 +13,7 @@ function decodeEncodingAESKey(encodingAESKey: string): Buffer {
 
 // WeCom uses PKCS#7 padding with a block size of 32 bytes (not AES's 16-byte block).
 // This is compatible with AES-CBC as 32 is a multiple of 16, but it requires manual padding/unpadding.
-const WECOM_PKCS7_BLOCK_SIZE = 32;
+export const WECOM_PKCS7_BLOCK_SIZE = 32;
 
 function pkcs7Pad(buf: Buffer, blockSize: number): Buffer {
   const mod = buf.length % blockSize;
@@ -22,7 +22,7 @@ function pkcs7Pad(buf: Buffer, blockSize: number): Buffer {
   return Buffer.concat([buf, Buffer.alloc(pad, padByte[0]!)]);
 }
 
-function pkcs7Unpad(buf: Buffer, blockSize: number): Buffer {
+export function pkcs7Unpad(buf: Buffer, blockSize: number): Buffer {
   if (buf.length === 0) throw new Error("invalid pkcs7 payload");
   const pad = buf[buf.length - 1]!;
   if (pad < 1 || pad > blockSize) {

package/src/media.test.ts

@@ -0,0 +1,49 @@
+import { describe, it, expect, vi } from "vitest";
+import { decryptWecomMedia } from "./media.js";
+import { WECOM_PKCS7_BLOCK_SIZE } from "./crypto.js";
+import axios from "axios";
+import crypto from "node:crypto";
+
+vi.mock("axios");
+
+function pkcs7Pad(buf: Buffer, blockSize: number): Buffer {
+    const mod = buf.length % blockSize;
+    const pad = mod === 0 ? blockSize : blockSize - mod;
+    const padByte = Buffer.from([pad]);
+    return Buffer.concat([buf, Buffer.alloc(pad, padByte[0]!)]);
+}
+
+describe("decryptWecomMedia", () => {
+    it("should download and decrypt media successfully", async () => {
+        // 1. Setup Key and Data
+        const aesKeyBase64 = "jWmYm7qr5nMoCAstdRmNjt3p7vsH8HkK+qiJqQ0aaaa="; // 32 bytes when decoded + padding
+        const aesKey = Buffer.from(aesKeyBase64 + "=", "base64");
+        const iv = aesKey.subarray(0, 16);
+
+        const originalData = Buffer.from("Hello WeCom Image Data", "utf8");
+
+        // 2. Encrypt manually (AES-256-CBC + PKCS7)
+        const padded = pkcs7Pad(originalData, WECOM_PKCS7_BLOCK_SIZE);
+        const cipher = crypto.createCipheriv("aes-256-cbc", aesKey, iv);
+        cipher.setAutoPadding(false);
+        const encrypted = Buffer.concat([cipher.update(padded), cipher.final()]);
+
+        // 3. Mock Axios
+        (axios.get as any).mockResolvedValue({
+            data: encrypted,
+        });
+
+        // 4. Test
+        const decrypted = await decryptWecomMedia("http://mock.url/image", aesKeyBase64);
+
+        // 5. Assert
+        expect(decrypted.toString("utf8")).toBe("Hello WeCom Image Data");
+        expect(axios.get).toHaveBeenCalledWith("http://mock.url/image", expect.objectContaining({
+            responseType: "arraybuffer"
+        }));
+    });
+
+    it("should fail if key is invalid", async () => {
+        await expect(decryptWecomMedia("http://url", "invalid-key")).rejects.toThrow();
+    });
+});

package/src/media.ts

@@ -0,0 +1,37 @@
+import crypto from "node:crypto";
+import axios from "axios";
+import { decodeEncodingAESKey, pkcs7Unpad, WECOM_PKCS7_BLOCK_SIZE } from "./crypto.js";
+
+/**
+ * Download and decrypt WeCom media file (e.g. image).
+ * 
+ * WeCom media files are AES-256-CBC encrypted with the same EncodingAESKey.
+ * The IV is the first 16 bytes of the AES Key.
+ * The content is PKCS#7 padded.
+ */
+export async function decryptWecomMedia(url: string, encodingAESKey: string): Promise<Buffer> {
+    // 1. Download encrypted content
+    const response = await axios.get(url, {
+        responseType: "arraybuffer", // Important: get raw buffer
+        timeout: 15000,
+    });
+    const encryptedData = Buffer.from(response.data);
+
+    // 2. Prepare Key and IV
+    const aesKey = decodeEncodingAESKey(encodingAESKey);
+    const iv = aesKey.subarray(0, 16);
+
+    // 3. Decrypt
+    const decipher = crypto.createDecipheriv("aes-256-cbc", aesKey, iv);
+    decipher.setAutoPadding(false); // We handle padding manually
+    const decryptedPadded = Buffer.concat([
+        decipher.update(encryptedData),
+        decipher.final(),
+    ]);
+
+    // 4. Unpad
+    // Note: Unlike msg bodies, usually removing PKCS#7 padding is enough for media files.
+    // The Python SDK logic: pad_len = decrypted_data[-1]; decrypted_data = decrypted_data[:-pad_len]
+    // Our pkcs7Unpad function does exactly this + validation.
+    return pkcs7Unpad(decryptedPadded, WECOM_PKCS7_BLOCK_SIZE);
+}

package/src/monitor.active.test.ts

@@ -0,0 +1,137 @@
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import { sendActiveMessage, handleWecomWebhookRequest, registerWecomWebhookTarget } from "./monitor.js";
+import * as cryptoHelpers from "./crypto.js";
+import * as runtime from "./runtime.js";
+import axios from "axios";
+import { IncomingMessage, ServerResponse } from "node:http";
+import { Socket } from "node:net";
+import * as crypto from "node:crypto";
+
+vi.mock("axios");
+
+// Helpers
+function createMockRequest(bodyObj: any): IncomingMessage {
+    const socket = new Socket();
+    const req = new IncomingMessage(socket);
+    req.method = "POST";
+    req.url = "/wecom?timestamp=123&nonce=456&signature=789";
+    req.push(JSON.stringify(bodyObj));
+    req.push(null);
+    return req;
+}
+
+function createMockResponse(): ServerResponse {
+    const req = new IncomingMessage(new Socket());
+    const res = new ServerResponse(req);
+    res.end = vi.fn() as any;
+    res.setHeader = vi.fn();
+    (res as any).statusCode = 200;
+    return res;
+}
+
+describe("Monitor Active Features", () => {
+    let capturedDeliver: ((payload: { text: string }) => Promise<void>) | undefined;
+    let mockCore: any;
+    // Valid 32-byte AES Key (Base64 encoded)
+    const validKey = "jWmYm7qr5nMoCAstdRmNjt3p7vsH8HkK+qiJqQ0aaaa=";
+
+    beforeEach(() => {
+        capturedDeliver = undefined;
+        vi.restoreAllMocks();
+
+        // Spy on crypto.randomBytes (default export in monitor.ts usage)
+        vi.spyOn(crypto.default, "randomBytes").mockImplementation((size) => {
+            return Buffer.alloc(size, 0x11);
+        });
+
+        // Mock Crypto Helpers
+        // Wespy on verifyWecomSignature to always pass
+        vi.spyOn(cryptoHelpers, "verifyWecomSignature").mockReturnValue(true);
+
+        // We spy on decryptWecomEncrypted to return our mock plaintext
+        // Note: For this to work despite direct import in monitor.ts, we rely on Vitest's
+        // module mocking capabilities or the fact that * exports might be live bindings.
+        // If this fails, we will know.
+        vi.spyOn(cryptoHelpers, "decryptWecomEncrypted").mockImplementation((opts) => {
+            return JSON.stringify({
+                msgid: "test-msg-id",
+                msgtype: "text",
+                text: { content: "hello" },
+                response_url: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test-key"
+            });
+        });
+
+        mockCore = {
+            channel: {
+                text: {
+                    resolveMarkdownTableMode: () => "off",
+                    convertMarkdownTables: (t: string) => t.replace(/\|/g, "-")
+                },
+                reply: {
+                    finalizeInboundContext: (c: any) => c,
+                    resolveEnvelopeFormatOptions: () => ({}),
+                    formatAgentEnvelope: () => "",
+                    dispatchReplyWithBufferedBlockDispatcher: async (opts: any) => {
+                        capturedDeliver = opts.dispatcherOptions.deliver;
+                        return;
+                    }
+                },
+                routing: { resolveAgentRoute: () => ({ agentId: "1", sessionKey: "1", accountId: "1" }) },
+                session: {
+                    resolveStorePath: () => "",
+                    readSessionUpdatedAt: () => 0,
+                    recordInboundSession: vi.fn()
+                }
+            },
+            logging: { shouldLogVerbose: () => false }
+        };
+
+        vi.spyOn(runtime, "getWecomRuntime").mockReturnValue(mockCore);
+
+        registerWecomWebhookTarget({
+            account: { accountId: "1", enabled: true, configured: true, token: "T", encodingAESKey: validKey, receiveId: "R", config: {} as any },
+            config: {} as any,
+            runtime: { log: () => { } },
+            core: mockCore,
+            path: "/wecom"
+        });
+    });
+
+    it("should protect <think> tags from table conversion", async () => {
+        const req = createMockRequest({ encrypt: "mock-encrypt" });
+        const res = createMockResponse();
+        await handleWecomWebhookRequest(req, res);
+
+        expect(capturedDeliver).toBeDefined();
+
+        const payload = { text: "Out | side\n<think>Inside | Think</think>" };
+        const convertSpy = vi.spyOn(mockCore.channel.text, "convertMarkdownTables");
+
+        await capturedDeliver!(payload);
+
+        const calledArg = convertSpy.mock.calls[0][0];
+        expect(calledArg).toContain("__THINK_PLACEHOLDER_0__");
+        expect(calledArg).not.toContain("<think>");
+    });
+
+    it("should store response_url and allow active message sending", async () => {
+        const req = createMockRequest({ encrypt: "mock-encrypt" });
+        const res = createMockResponse();
+
+        // We use a real key but mocked randomBytes.
+        // However, `handleWecomWebhookRequest` calls `buildEncryptedJsonReply` -> `encryptWecomPlaintext`.
+        // `encryptWecomPlaintext` uses the key. Since it's valid, it should work fine.
+        // We don't verify the OUTPUT of handleWecomWebhookRequest, just that it runs and sets up state.
+
+        await handleWecomWebhookRequest(req, res);
+
+        const streamId = Buffer.alloc(16, 0x11).toString("hex");
+
+        await sendActiveMessage(streamId, "Active Hello");
+
+        expect(axios.post).toHaveBeenCalledWith(
+            "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test-key",
+            { msgtype: "text", text: { content: "Active Hello" } }
+        );
+    });
+});