Merge upstream/main: add typing indicator and exclamation escaping docs

AGENTS.md

@@ -283,3 +283,19 @@ JSON5 format with Zod validation:
 - Web relay health logs show heartbeat intervals and reconnect policy
 - Use `warelay status --json` to inspect recent Twilio traffic
 - Session state in `~/.warelay/sessions.json` for Claude session debugging
+
+## Exclamation Mark Escaping Workaround
+The Claude Code Bash tool escapes `!` to `\!` in command arguments. When using `warelay send` with messages containing exclamation marks, use heredoc syntax:
+
+```bash
+# WRONG - will send "Hello\!" with backslash
+warelay send --provider web --to "+1234" --message 'Hello!'
+
+# CORRECT - use heredoc to avoid escaping
+warelay send --provider web --to "+1234" --message "$(cat <<'EOF'
+Hello!
+EOF
+)"
+```
+
+This is a Claude Code quirk, not a warelay bug.

CHANGELOG.md

@@ -11,6 +11,7 @@
 
 ### Changes
 - **IPC server for relay:** The web relay now starts a Unix socket server at `~/.warelay/relay.sock`. Commands like `warelay send --provider web` automatically connect via IPC when the relay is running, falling back to direct connection otherwise.
+- **Typing indicator after IPC send:** After sending a message via IPC (e.g., `warelay send`), the relay now automatically shows the typing indicator ("composing") to signal that more messages may be coming.
 - **Auto-recovery from stuck WhatsApp sessions:** Added watchdog timer that detects when WhatsApp event emitter stops firing (e.g., after Bad MAC decryption errors) and automatically restarts the connection after 30 minutes of no message activity. Heartbeat logging now includes `minutesSinceLastMessage` and warns when >30 minutes without messages. The 30-minute timeout is intentionally longer than typical `heartbeatMinutes` configs to avoid false positives.
 - **Early allowFrom filtering:** Unauthorized senders are now blocked in `inbound.ts` BEFORE encryption/decryption attempts, preventing Bad MAC errors from corrupting session state. Previously, messages from unauthorized senders would trigger decryption failures that could silently kill the event emitter.
 - **Test isolation improvements:** Mock `loadConfig()` in all test files to prevent loading real user config (with emojis/prefixes) during tests. Default test config now has no prefixes/timestamps for cleaner assertions.

CLAUDE.md

@@ -0,0 +1 @@
+AGENTS.md

src/web/auto-reply.ts

@@ -702,7 +702,7 @@ export async function monitorWebProvider(
 
     // Start IPC server so `warelay send` can use this connection
     // instead of creating a new one (which would corrupt Signal session)
-    if ("sendMessage" in listener) {
+    if ("sendMessage" in listener && "sendComposingTo" in listener) {
       startIpcServer(async (to, message, mediaUrl) => {
         let mediaBuffer: Buffer | undefined;
         let mediaType: string | undefined;
@@ -721,6 +721,12 @@ export async function monitorWebProvider(
           }
         }
         logInfo(`📤 IPC send to ${to}: ${message.substring(0, 50)}...`, runtime);
+        // Show typing indicator after send so user knows more may be coming
+        try {
+          await listener.sendComposingTo(to);
+        } catch {
+          // Ignore typing indicator errors - not critical
+        }
         return result;
       });
     }

src/web/inbound.ts

@@ -257,6 +257,14 @@ export async function monitorWebInbox(options: {
       const result = await sock.sendMessage(jid, payload);
       return { messageId: result?.key?.id ?? "unknown" };
     },
+    /**
+     * Send typing indicator ("composing") to a chat.
+     * Used after IPC send to show more messages are coming.
+     */
+    sendComposingTo: async (to: string): Promise<void> => {
+      const jid = `${to.replace(/^\+/, "")}@s.whatsapp.net`;
+      await sock.sendPresenceUpdate("composing", jid);
+    },
   } as const;
 }