#2780: feat(channels): Add WeChat Official Account support via Bridge

**Description:** This PR introduces a new extension `@haiyanfengli-llc/webhook-server` that adds support for **WeChat Official Accounts** (Weixin Service/Subscription Accounts). It works by exposing a webhook server that interfaces with a self-hosted [WeChat Bridge](https://github.com/NannaOlympicBroadcast/clawdbot-wechat-plugin), allowing Clawdbot to send and receive messages from WeChat users. **Key Changes:** - Added `extensions/wechat` with the plugin implementation. - Implemented `fastify` server for efficient webhook handling. - Added full documentation in [`PLUGIN_USAGE.md`](extensions/wechat/PLUGIN_USAGE.md). **AI/Vibe-Coded:** - [x] **AI-Assisted**: Yes (Google Antigravity) - [x] **Degree of Testing**: Lightly tested (Verified with local WeChat Bridge and test account) - [x] **Understanding**: Confirmed (I understand how the webhook/bridge architecture works) **Related Links:** - [Companion Bridge Repository](https://github.com/NannaOlympicBroadcast/clawdbot-wechat-plugin) <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR adds a new `extensions/wechat` package that registers a WeChat channel plugin and an HTTP webhook handler, then routes inbound webhook messages into the existing channel reply pipeline and posts responses back to a Bridge callback URL. Key concerns are around webhook hardening and correctness of configuration/routing defaults: the new handler reads request bodies without any size limit and does not authenticate requests, and the fallback route/config paths appear inconsistent (`plugins.entries.webhook-server` vs `channels.wechat`). These issues could lead to the server being remotely driven by anyone who can reach it, memory exhaustion from large requests, and misrouting to the default agent even when configured. <h3>Confidence Score: 2/5</h3> - This PR has significant security and reliability risks if the webhook endpoint is exposed beyond a trusted network. - The core integration approach matches existing channel patterns, but the webhook handler lacks request authentication and enforces no request size limit, which can enable unauthorized triggering of agent actions and memory exhaustion. There are also config/ID mismatches that can cause misrouting or confusing configuration. - extensions/wechat/src/index.ts; extensions/wechat/clawdbot.plugin.json <!-- greptile_other_comments_section --> <!-- /greptile_comment -->