feat(gateway): add WeCom (Enterprise WeChat) platform support

Adds WeCom as a gateway platform adapter using the AI Bot WebSocket
gateway for real-time bidirectional communication. No public endpoint
or new pip dependencies needed (uses existing aiohttp + httpx).

Features:
- WebSocket persistent connection with auto-reconnect (exponential backoff)
- DM and group messaging with configurable access policies
- Media upload/download with AES decryption for encrypted attachments
- Markdown rendering, quote context preservation
- Proactive + passive reply message modes
- Chunked media upload pipeline (512KB chunks)

Cherry-picked from PR #1898 by EvilRan with:
- Moved to current main (PR was 300 commits behind)
- Skipped base.py regressions (reply_to additions are good but belong
  in a separate PR since they affect all platforms)
- Fixed test assertions to match current base class send() signature
  (reply_to=None kwarg now explicit)
- All 16 integration points added surgically to current main
- No new pip dependencies (aiohttp + httpx already installed)

Fixes #1898

website/docs/user-guide/messaging/index.md

@@ -6,7 +6,7 @@ description: "Chat with Hermes from Telegram, Discord, Slack, WhatsApp, Signal,
 
 # Messaging Gateway
 
-Chat with Hermes from Telegram, Discord, Slack, WhatsApp, Signal, SMS, Email, Home Assistant, Mattermost, Matrix, DingTalk, Feishu/Lark, or your browser. The gateway is a single background process that connects to all your configured platforms, handles sessions, runs cron jobs, and delivers voice messages.
+Chat with Hermes from Telegram, Discord, Slack, WhatsApp, Signal, SMS, Email, Home Assistant, Mattermost, Matrix, DingTalk, Feishu/Lark, WeCom, or your browser. The gateway is a single background process that connects to all your configured platforms, handles sessions, runs cron jobs, and delivers voice messages.
 
 For the full voice feature set — including CLI microphone mode, spoken replies in messaging, and Discord voice-channel conversations — see [Voice Mode](/docs/user-guide/features/voice-mode) and [Use Voice Mode with Hermes](/docs/guides/use-voice-mode-with-hermes).
 
@@ -28,6 +28,7 @@ flowchart TB
             mx[Matrix]
             dt[DingTalk]
     fs[Feishu/Lark]
+    wc[WeCom]
             api["API Server<br/>(OpenAI-compatible)"]
             wh[Webhooks]
         end
@@ -330,6 +331,7 @@ Each platform has its own toolset:
 | Matrix | `hermes-matrix` | Full tools including terminal |
 | DingTalk | `hermes-dingtalk` | Full tools including terminal |
 | Feishu/Lark | `hermes-feishu` | Full tools including terminal |
+| WeCom | `hermes-wecom` | Full tools including terminal |
 | API Server | `hermes` (default) | Full tools including terminal |
 | Webhooks | `hermes-webhook` | Full tools including terminal |
 
@@ -347,5 +349,6 @@ Each platform has its own toolset:
 - [Matrix Setup](matrix.md)
 - [DingTalk Setup](dingtalk.md)
 - [Feishu/Lark Setup](feishu.md)
+- [WeCom Setup](wecom.md)
 - [Open WebUI + API Server](open-webui.md)
 - [Webhooks](webhooks.md)

website/docs/user-guide/messaging/wecom.md

@@ -0,0 +1,86 @@
+---
+sidebar_position: 14
+title: "WeCom (Enterprise WeChat)"
+description: "Connect Hermes Agent to WeCom via the AI Bot WebSocket gateway"
+---
+
+# WeCom (Enterprise WeChat)
+
+Connect Hermes to [WeCom](https://work.weixin.qq.com/) (企业微信), Tencent's enterprise messaging platform. The adapter uses WeCom's AI Bot WebSocket gateway for real-time bidirectional communication — no public endpoint or webhook needed.
+
+## Prerequisites
+
+- A WeCom organization account
+- An AI Bot created in the WeCom Admin Console
+- The Bot ID and Secret from the bot's credentials page
+
+## Setup
+
+### 1. Create an AI Bot
+
+1. Log in to the [WeCom Admin Console](https://work.weixin.qq.com/wework_admin/frame)
+2. Navigate to **Applications** → **Create Application** → **AI Bot**
+3. Configure the bot name and description
+4. Copy the **Bot ID** and **Secret** from the credentials page
+
+### 2. Configure Hermes
+
+Run the interactive setup:
+
+```bash
+hermes gateway setup
+```
+
+Select **WeCom** and enter your Bot ID and Secret.
+
+Or set environment variables in `~/.hermes/.env`:
+
+```bash
+WECOM_BOT_ID=your-bot-id
+WECOM_SECRET=your-secret
+
+# Optional: restrict access
+WECOM_ALLOWED_USERS=user_id_1,user_id_2
+
+# Optional: home channel for cron/notifications
+WECOM_HOME_CHANNEL=chat_id
+```
+
+### 3. Start the gateway
+
+```bash
+hermes gateway start
+```
+
+## Features
+
+- **WebSocket transport** — persistent connection, no public endpoint needed
+- **DM and group messaging** — configurable access policies
+- **Media support** — images, files, voice, video upload and download
+- **AES-encrypted media** — automatic decryption for inbound attachments
+- **Quote context** — preserves reply threading
+- **Markdown rendering** — rich text responses
+- **Auto-reconnect** — exponential backoff on connection drops
+
+## Configuration Options
+
+Set these in `config.yaml` under `platforms.wecom.extra`:
+
+| Key | Default | Description |
+|-----|---------|-------------|
+| `bot_id` | — | WeCom AI Bot ID (required) |
+| `secret` | — | WeCom AI Bot Secret (required) |
+| `websocket_url` | `wss://openws.work.weixin.qq.com` | WebSocket gateway URL |
+| `dm_policy` | `open` | DM access: `open`, `allowlist`, `disabled`, `pairing` |
+| `group_policy` | `open` | Group access: `open`, `allowlist`, `disabled` |
+| `allow_from` | `[]` | User IDs allowed for DMs (when dm_policy=allowlist) |
+| `group_allow_from` | `[]` | Group IDs allowed (when group_policy=allowlist) |
+
+## Troubleshooting
+
+| Problem | Fix |
+|---------|-----|
+| "WECOM_BOT_ID and WECOM_SECRET are required" | Set both env vars or configure in setup wizard |
+| "invalid secret (errcode=40013)" | Verify the secret matches your bot's credentials |
+| "Timed out waiting for subscribe acknowledgement" | Check network connectivity to `openws.work.weixin.qq.com` |
+| Bot doesn't respond in groups | Check `group_policy` setting and group allowlist |