Merge pull request 'fix: add sort and limit to /my command (#94 )' (#95 ) from fix/my-sort-limit into main

fix: add sort and limit to /my command for consistency with /bounty
- Add same sort_key logic as /bounty (due date first, then created_at) - Add default limit of 5 with "Showing X of Y" message - Add "all" flag to show expired bounties - Add delete button for consistency with /bounty Fixes #94
2026-04-09 16:20:19 +02:00 · 2026-04-09 14:08:57 +00:00 · 2026-04-09 13:17:01 +02:00 · 2026-04-09 11:08:46 +00:00 · 2026-04-09 13:06:36 +02:00 · 2026-04-09 10:50:50 +00:00
28 changed files with 4647 additions and 564 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -5,27 +5,42 @@
 ```bash
 git clone https://git.fbrns.co/shoko/jigaido.git
 cd jigaido
+
+# Create virtual environment
 python -m venv venv
 source venv/bin/activate
-pip install -r requirements.txt
+
+# Install dependencies
+pip install -r apps/telegram-bot/requirements.txt
+
+# Run tests
+pytest

 # Run bot
-export JIGAIDO_BOT_TOKEN="test:token"
-python bot.py
+export JIGAIDO_BOT_TOKEN="your_bot_token"
+python -m apps.telegram-bot.bot
 ```

+## Architecture
+
+JIGAIDO follows hexagonal architecture:
+
+- **Core** (`core/`): Pure domain logic - models, ports (interfaces), and services
+- **Adapters** (`adapters/`): Infrastructure implementations - storage adapters
+- **Apps** (`apps/`): CLI applications - Telegram bot
+
 ## Code Style

- Python (no strict formatter enforced yet)
+- Python 3.10+ with type hints
 - Async/await for Telegram handlers
- Type hints where obvious
 - Docstrings for public functions
+- Follow existing code patterns

 ## Pull Request Workflow

 1. Branch from `main`
 2. Make changes
-3. Test locally
+3. Test locally with `pytest`
 4. Open PR with description of what changed and why
 5. Someone reviews and merges

--- a/README.md
+++ b/README.md
@@ -22,14 +22,33 @@ A bounty tracking platform. Currently ships with a Telegram bot for managing and

 ```
 jigaido/
+├── core/                    # Domain layer (pure Python, no external deps)
+│   ├── models.py            # Domain dataclasses (Bounty, Tracking)
+│   ├── ports.py             # Port interfaces
+│   └── services.py          # Domain services
+├── adapters/                # Infrastructure adapters
+│   └── storage/
+│       └── json_file.py     # JSON file storage implementation
 ├── apps/
-│   └── telegram-bot/   ← first app (Python)
-│       ├── bot.py
-│       ├── commands.py
-│       ├── cron.py
-│       ├── db.py
-│       └── requirements.txt
-└── SPEC.md             ← full design specification
+│   └── telegram-bot/        # Telegram bot CLI application
+│       ├── bot.py            # Bot entry point
+│       └── commands.py       # Command handlers
+├── tests/                   # Unit tests
+├── config.py               # Configuration management
+└── SPEC.md                 # Full design specification
+```
+
+## Quick Start
+
+```bash
+# Install dependencies
+pip install -r apps/telegram-bot/requirements.txt
+
+# Set bot token
+export JIGAIDO_BOT_TOKEN="your_bot_token"
+
+# Run bot
+python -m apps.telegram-bot.bot
 ```

 ## License
--- a/SPEC.md
+++ b/SPEC.md
@@ -8,7 +8,7 @@

 JIGAIDO is a Telegram bot that lets groups and individuals track bounties — tasks, obligations, and deadlines — with optional due dates and personal tracking.

- **Group mode**: Each Telegram group has its own bounty list. Anyone can add bounties. Only creator can edit/delete.
+- **Group mode**: Each Telegram group has its own bounty list. Admins can add/edit/delete bounties. Anyone can track.
 - **DM mode**: Personal bounty list. Anyone can manage their own bounties.
 - **Tracking**: Users can track any bounty (group or personal) to their tracking list.
 - **Due dates**: Free-form text (`"april 15"`, `"in 3 days"`, `"tomorrow"`) parsed at add time, stored as Unix timestamp. If unparseable, stored as `NULL`.
@@ -20,7 +20,7 @@ JIGAIDO is a Telegram bot that lets groups and individuals track bounties — ta

 ### Stack
 - **Bot**: `python-telegram-bot` (pure Python, no C extensions)
- **Storage**: Per-group JSON files (zero-setup, no DB server)
+- **Storage**: Per-group JSON files via `adapters/storage/json_file.py`
 - **Date parsing**: `dateparser`
 - **Runtime**: Python 3.10+
 - **Deployment**: Any $5 VPS with Python 3.10+
@@ -28,19 +28,40 @@ JIGAIDO is a Telegram bot that lets groups and individuals track bounties — ta
 ### Directory Structure

 ```
-~/.jigaido/                          # Data root (~/.jigaido/)
-├── {group_id}/
-│   ├── group.json                  # Group bounties
-│   └── {user_id}.json              # User tracking within this group
-└── {user_id}/
-    └── user.json                    # User's personal bounties (DM mode)
+jigaido/
+├── core/                    # Domain layer
+│   ├── models.py            # Domain dataclasses (Bounty, Tracking)
+│   ├── ports.py             # Port interfaces (abstract base classes)
+│   └── services.py          # Domain services (BountyService, TrackingService)
+├── adapters/                # Infrastructure adapters
+│   └── storage/
+│       └── json_file.py     # JSON file storage implementation
+├── apps/
+│   └── telegram-bot/        # Telegram bot CLI application
+│       ├── bot.py            # Bot entry point
+│       └── commands.py       # Command handlers
+├── config.py               # Configuration management
+└── tests/                  # Unit tests
 ```

-**Note:** Data directory is at `~/.jigaido/` (home directory), NOT inside the repository or app directory.
+### Hexagonal Architecture

-### Storage Design
+- **Core** (`core/`): Pure domain logic, no external dependencies
+  - `models.py`: Domain dataclasses
+  - `ports.py`: Abstract interfaces for storage
+  - `services.py`: Business logic

-**File: `data/{group_id}/group.json`**
+- **Adapters** (`adapters/`): Implementations of ports
+  - `storage/json_file.py`: JSON file-based storage
+
+- **Apps** (`apps/`): CLI applications
+  - `telegram-bot/`: Telegram bot interface
+
+### Data Storage
+
+Data is stored at `~/.jigaido/` (home directory), NOT inside the repository.
+
+**File: `~/.jigaido/{group_id}/group.json`**

 ```json
 {
@@ -58,7 +79,7 @@ JIGAIDO is a Telegram bot that lets groups and individuals track bounties — ta
 }
 ```

-**File: `data/{group_id}/{user_id}.json`**
+**File: `~/.jigaido/{group_id}/{user_id}.json`**

 ```json
 {
@@ -68,7 +89,7 @@ JIGAIDO is a Telegram bot that lets groups and individuals track bounties — ta
 }
 ```

-**File: `data/{user_id}/user.json`**
+**File: `~/.jigaido/{user_id}/user.json`**

 ```json
 {
@@ -87,10 +108,10 @@ JIGAIDO is a Telegram bot that lets groups and individuals track bounties — ta

 **Key design decisions:**

-1. **Group-isolated storage** — Each group has its own directory. No cross-group access.
-2. **Bounty IDs are sequential per group.json** — Not global. Each group's file has its own ID counter.
-3. **Atomic writes** — Uses `tempfile` + `rename` for safe writes.
-4. **No reminders in v1** — Dropped for simplicity.
+1. **Hexagonal architecture** — Core domain is isolated from infrastructure
+2. **Group-isolated storage** — Each group has its own directory. No cross-group access.
+3. **Bounty IDs are sequential per group.json** — Not global. Each group's file has its own ID counter.
+4. **Atomic writes** — Uses `tempfile` + `rename` for safe writes.

 ---
 ## Commands
@@ -101,9 +122,9 @@ JIGAIDO is a Telegram bot that lets groups and individuals track bounties — ta
 |---|---|---|
 | `/bounty` | anyone | List all bounties in this group |
 | `/my` | anyone | List bounties tracked by you in this group |
-| `/add <text> [link] [due date]` | anyone | Add a new bounty to the group |
-| `/update <bounty_id> [text] [link] [due_date]` | creator only | Update an existing bounty |
-| `/delete <bounty_id>` | creator only | Delete a bounty |
+| `/add <text> [link] [due date]` | admin only | Add a new bounty to the group |
+| `/edit <bounty_id> [text] [link] [due_date]` | admin only | Edit an existing bounty |
+| `/delete <bounty_id>` | admin only | Delete a bounty |
 | `/track <bounty_id>` | anyone | Track a group bounty |
 | `/untrack <bounty_id>` | anyone | Stop tracking a bounty |

@@ -114,7 +135,7 @@ JIGAIDO is a Telegram bot that lets groups and individuals track bounties — ta
 | `/bounty` | List all your personal bounties |
 | `/my` | List all your personal bounties |
 | `/add <text> [link] [due date]` | Add a personal bounty |
-| `/update <bounty_id> [text] [link] [due_date]` | Update a personal bounty |
+| `/edit <bounty_id> [text] [link] [due_date]` | Edit a personal bounty |
 | `/delete <bounty_id>` | Delete a personal bounty |
 | `/track <bounty_id>` | Track a personal bounty |

@@ -149,7 +170,7 @@ Stored as Unix timestamp. User-facing display can be localized/converted to any
 ## Error Handling

 - Unknown command → help text with available commands
- `/update`/`/delete` by non-creator → "⛔ Only the creator can edit/delete this bounty."
+- `/add`/`/edit`/`/delete` by non-admin → "⛔ Only admins can add/edit/delete bounties."
 - `/track` already tracked → "Already tracking" (idempotent)
 - `/untrack` not tracked → "Not tracking" (idempotent)
 - Bounty not found → "Bounty not found"
--- a/adapters/init.py
+++ b/adapters/init.py
@@ -0,0 +1,5 @@
+"""Storage adapters for JIGAIDO."""
+
+from adapters.storage.json_file import JsonFileRoomStorage, JsonFileTrackingStorage
+
+__all__ = ["JsonFileRoomStorage", "JsonFileTrackingStorage"]
--- a/adapters/storage/init.py
+++ b/adapters/storage/init.py
@@ -0,0 +1,5 @@
+"""Storage adapters for JIGAIDO."""
+
+from adapters.storage.json_file import JsonFileRoomStorage, JsonFileTrackingStorage
+
+__all__ = ["JsonFileRoomStorage", "JsonFileTrackingStorage"]
--- a/adapters/storage/json_file.py
+++ b/adapters/storage/json_file.py
@@ -0,0 +1,268 @@
+"""JSON file storage adapter for JIGAIDO.
+
+Implements RoomStorage and TrackingStorage ports using JSON file persistence.
+Data stored at:
+- Rooms: ~/.jigaido/data/room/<room_id>.json
+- Tracking: ~/.jigaido/data/tracking/<room_id>_<user_id>.json
+"""
+
+import json
+import os
+import tempfile
+from pathlib import Path
+
+from core.models import Bounty, Category, RoomData, TrackingData, TrackedBounty
+
+
+class JsonFileRoomStorage:
+    """RoomStorage implementation using JSON files.
+
+    Stores room data at ~/.jigaido/data/room/<room_id>.json
+    """
+
+    def __init__(self, data_dir: Path | None = None):
+        if data_dir is None:
+            data_dir = Path.home() / ".jigaido" / "data" / "room"
+        self._data_dir = data_dir
+        self._data_dir.mkdir(parents=True, exist_ok=True)
+
+    def _get_file_path(self, room_id: int) -> Path:
+        return self._data_dir / f"{room_id}.json"
+
+    def _atomic_write(self, path: Path, data: dict) -> None:
+        """Write data atomically using tempfile + rename."""
+        with tempfile.NamedTemporaryFile(
+            mode="w", dir=self._data_dir, delete=False
+        ) as tmp:
+            json.dump(data, tmp, indent=2)
+            tmp_path = tmp.name
+        os.rename(tmp_path, path)
+
+    def load(self, room_id: int) -> RoomData | None:
+        """Load room data from JSON file. Returns None if not found."""
+        file_path = self._get_file_path(room_id)
+        if not file_path.exists():
+            return None
+
+        with open(file_path, "r") as f:
+            data = json.load(f)
+
+        bounties = [
+            Bounty(
+                id=b["id"],
+                text=b.get("text"),
+                link=b.get("link"),
+                due_date_ts=b.get("due_date_ts"),
+                created_at=b["created_at"],
+                created_by_user_id=b["created_by_user_id"],
+                deleted_at=b.get("deleted_at"),
+                created_by_username=b.get("created_by_username"),
+                category_ids=b.get("category_ids", []),
+            )
+            for b in data.get("bounties", [])
+        ]
+
+        categories = [
+            Category(
+                id=c["id"],
+                name=c["name"],
+                created_at=c["created_at"],
+                deleted_at=c.get("deleted_at"),
+            )
+            for c in data.get("categories", [])
+        ]
+
+        return RoomData(
+            room_id=data["room_id"],
+            bounties=bounties,
+            next_id=data["next_id"],
+            timezone=data.get("timezone"),
+            admin_usernames=data.get("admin_usernames", []),
+            categories=categories,
+        )
+
+    def save(self, room_data: RoomData) -> None:
+        """Save room data to JSON file."""
+        data = {
+            "room_id": room_data.room_id,
+            "next_id": room_data.next_id,
+            "timezone": room_data.timezone,
+            "admin_usernames": room_data.admin_usernames or [],
+            "categories": [
+                {
+                    "id": c.id,
+                    "name": c.name,
+                    "created_at": c.created_at,
+                    "deleted_at": c.deleted_at,
+                }
+                for c in room_data.categories
+            ],
+            "bounties": [
+                {
+                    "id": b.id,
+                    "text": b.text,
+                    "link": b.link,
+                    "due_date_ts": b.due_date_ts,
+                    "created_at": b.created_at,
+                    "created_by_user_id": b.created_by_user_id,
+                    "deleted_at": b.deleted_at,
+                    "created_by_username": b.created_by_username,
+                    "category_ids": b.category_ids,
+                }
+                for b in room_data.bounties
+            ],
+        }
+
+        self._atomic_write(self._get_file_path(room_data.room_id), data)
+
+    def add_bounty(self, room_id: int, bounty: Bounty) -> None:
+        """Add a bounty to a room, creating the room if necessary."""
+        room_data = self.load(room_id)
+        if room_data is None:
+            room_data = RoomData(room_id=room_id, bounties=[], next_id=1)
+
+        room_data.bounties.append(bounty)
+        if bounty.id >= room_data.next_id:
+            room_data.next_id = bounty.id + 1
+
+        self.save(room_data)
+
+    def update_bounty(self, room_id: int, bounty: Bounty) -> None:
+        """Update an existing bounty in a room."""
+        room_data = self.load(room_id)
+        if room_data is None:
+            return
+
+        for i, b in enumerate(room_data.bounties):
+            if b.id == bounty.id:
+                room_data.bounties[i] = bounty
+                break
+
+        self.save(room_data)
+
+    def get_bounty(self, room_id: int, bounty_id: int) -> Bounty | None:
+        """Get a specific bounty from a room by ID."""
+        room_data = self.load(room_id)
+        if room_data is None:
+            return None
+
+        for b in room_data.bounties:
+            if b.id == bounty_id:
+                return b
+
+        return None
+
+    def list_bounties(self, room_id: int) -> list[Bounty]:
+        """List all non-deleted bounties in a room.
+
+        This is the default method for normal queries - soft-deleted bounties
+        are excluded from results.
+        """
+        room_data = self.load(room_id)
+        if room_data is None:
+            return []
+        return [b for b in room_data.bounties if b.deleted_at is None]
+
+    def list_all_bounties(
+        self, room_id: int, include_deleted: bool = True
+    ) -> list[Bounty]:
+        """List all bounties including or excluding soft-deleted.
+
+        Args:
+            room_id: The room ID
+            include_deleted: If True, return all bounties including soft-deleted.
+                           If False, return only non-deleted bounties.
+                           Defaults to True for /recover functionality.
+        """
+        room_data = self.load(room_id)
+        if room_data is None:
+            return []
+        if include_deleted:
+            return room_data.bounties
+        return [b for b in room_data.bounties if b.deleted_at is None]
+
+
+class JsonFileTrackingStorage:
+    """TrackingStorage implementation using JSON files.
+
+    Stores tracking data at ~/.jigaido/data/tracking/<room_id>_<user_id>.json
+    """
+
+    def __init__(self, tracking_dir: Path | None = None):
+        if tracking_dir is None:
+            tracking_dir = Path.home() / ".jigaido" / "data" / "tracking"
+        self._tracking_dir = tracking_dir
+        self._tracking_dir.mkdir(parents=True, exist_ok=True)
+
+    def _get_file_path(self, room_id: int, user_id: int) -> Path:
+        return self._tracking_dir / f"{room_id}_{user_id}.json"
+
+    def _atomic_write(self, path: Path, data: dict) -> None:
+        """Write data atomically using tempfile + rename."""
+        with tempfile.NamedTemporaryFile(
+            mode="w", dir=self._tracking_dir, delete=False
+        ) as tmp:
+            json.dump(data, tmp, indent=2)
+            tmp_path = tmp.name
+        os.rename(tmp_path, path)
+
+    def load(self, room_id: int, user_id: int) -> TrackingData | None:
+        """Load tracking data from JSON file. Returns None if not found."""
+        file_path = self._get_file_path(room_id, user_id)
+        if not file_path.exists():
+            return None
+
+        with open(file_path, "r") as f:
+            data = json.load(f)
+
+        tracked = [
+            TrackedBounty(
+                bounty_id=t["bounty_id"],
+                created_at=t["created_at"],
+            )
+            for t in data.get("tracked", [])
+        ]
+
+        return TrackingData(
+            room_id=data["room_id"],
+            user_id=data["user_id"],
+            tracked=tracked,
+        )
+
+    def save(self, tracking_data: TrackingData) -> None:
+        """Save tracking data."""
+        data = {
+            "room_id": tracking_data.room_id,
+            "user_id": tracking_data.user_id,
+            "tracked": [
+                {
+                    "bounty_id": t.bounty_id,
+                    "created_at": t.created_at,
+                }
+                for t in tracking_data.tracked
+            ],
+        }
+
+        self._atomic_write(
+            self._get_file_path(tracking_data.room_id, tracking_data.user_id), data
+        )
+
+    def track_bounty(self, room_id: int, user_id: int, tracked: TrackedBounty) -> None:
+        """Add a bounty to a user's tracking list, creating the tracking entry if needed."""
+        tracking_data = self.load(room_id, user_id)
+        if tracking_data is None:
+            tracking_data = TrackingData(room_id=room_id, user_id=user_id, tracked=[])
+
+        tracking_data.tracked.append(tracked)
+        self.save(tracking_data)
+
+    def untrack_bounty(self, room_id: int, user_id: int, bounty_id: int) -> None:
+        """Remove a bounty from a user's tracking list."""
+        tracking_data = self.load(room_id, user_id)
+        if tracking_data is None:
+            return
+
+        tracking_data.tracked = [
+            t for t in tracking_data.tracked if t.bounty_id != bounty_id
+        ]
+        self.save(tracking_data)
--- a/apps/telegram-bot/bot.py
+++ b/apps/telegram-bot/bot.py
@@ -1,18 +1,34 @@
 """JIGAIDO Telegram bot entrypoint."""

 import logging
-import os
 import sys

-from telegram import Update
+sys.path.insert(0, "/home/shoko/repositories/jigaido")
+
 from telegram.ext import (
    Application,
    CommandHandler,
-    MessageHandler,
-    filters,
+    CallbackQueryHandler,
 )

-import commands
+from commands import (
+    cmd_add,
+    cmd_admin,
+    cmd_bounty,
+    cmd_category,
+    cmd_delete,
+    cmd_delete_message,
+    cmd_edit,
+    cmd_help,
+    cmd_my,
+    cmd_recover,
+    cmd_show,
+    cmd_start,
+    cmd_timezone,
+    cmd_track,
+    cmd_untrack,
+    cmd_update,
+)

 logging.basicConfig(
    format="%(asctime)s %(levelname)s %(name)s: %(message)s",
@@ -20,23 +36,37 @@ logging.basicConfig(
 )
 log = logging.getLogger(__name__)

-BOT_TOKEN = os.environ.get("JIGAIDO_BOT_TOKEN", "")
+from config import config  # noqa: E402
+
+BOT_TOKEN = config.bot_token or ""
+
+
+async def error_handler(update, context):
+    log.error(f"Error: {context.error}")


 def build_app() -> Application:
    app = Application.builder().token(BOT_TOKEN).build()

-    app.add_handler(CommandHandler("start", commands.cmd_start))
-    app.add_handler(CommandHandler("help", commands.cmd_help))
-    app.add_handler(CommandHandler("bounty", commands.cmd_bounty))
-    app.add_handler(CommandHandler("my", commands.cmd_my))
-    app.add_handler(CommandHandler("add", commands.cmd_add))
-    app.add_handler(CommandHandler("update", commands.cmd_update))
-    app.add_handler(CommandHandler("delete", commands.cmd_delete))
-    app.add_handler(CommandHandler("track", commands.cmd_track))
-    app.add_handler(CommandHandler("untrack", commands.cmd_untrack))
+    app.add_handler(CommandHandler("start", cmd_start))
+    app.add_handler(CommandHandler("help", cmd_help))
+    app.add_handler(CommandHandler("bounty", cmd_bounty))
+    app.add_handler(CommandHandler("my", cmd_my))
+    app.add_handler(CommandHandler("add", cmd_add))
+    app.add_handler(CommandHandler("edit", cmd_edit))
+    app.add_handler(CommandHandler("update", cmd_update))
+    app.add_handler(CommandHandler("delete", cmd_delete))
+    app.add_handler(CommandHandler("track", cmd_track))
+    app.add_handler(CommandHandler("untrack", cmd_untrack))
+    app.add_handler(CommandHandler("show", cmd_show))
+    app.add_handler(CommandHandler("timezone", cmd_timezone))
+    app.add_handler(CommandHandler("admin", cmd_admin))
+    app.add_handler(CommandHandler("recover", cmd_recover))
+    app.add_handler(CommandHandler("category", cmd_category))

-    app.add_handler(MessageHandler(filters.COMMAND, commands.cmd_help))
+    app.add_handler(CallbackQueryHandler(cmd_delete_message))
+
+    app.add_error_handler(error_handler)

    return app

@@ -47,14 +77,22 @@ async def post_init(app: Application) -> None:
            ("bounty", "List bounties"),
            ("my", "Your tracked bounties"),
            ("add", "Add a bounty"),
+            ("edit", "Edit a bounty"),
            ("track", "Track a bounty"),
            ("untrack", "Stop tracking"),
+            ("show", "Show bounty details"),
+            ("timezone", "Get/set room timezone"),
+            ("admin", "Manage admins"),
+            ("recover", "Recover deleted bounties"),
+            ("category", "Manage categories"),
            ("help", "Show help"),
        ]
    )


 def main() -> None:
+    import asyncio
+
    if not BOT_TOKEN:
        log.error("JIGAIDO_BOT_TOKEN environment variable not set.")
        sys.exit(1)
@@ -63,6 +101,11 @@ def main() -> None:
    app.post_init = post_init

    log.info("JIGAIDO starting...")
+    # Python 3.14 compatibility: ensure event loop exists
+    try:
+        asyncio.get_event_loop()
+    except RuntimeError:
+        asyncio.set_event_loop(asyncio.new_event_loop())
    app.run_polling(drop_pending_updates=True)


--- a/apps/telegram-bot/commands.py
+++ b/apps/telegram-bot/commands.py
--- a/apps/telegram-bot/requirements-dev.txt
+++ b/apps/telegram-bot/requirements-dev.txt
@@ -1,4 +0,0 @@
-python-telegram-bot==21.6
-dateparser==1.2.0
-pytest==8.3.5
-pytest-asyncio==0.25.2
--- a/apps/telegram-bot/run_bot.py
+++ b/apps/telegram-bot/run_bot.py
@@ -0,0 +1,28 @@
+#!/usr/bin/env python3
+import asyncio
+import os
+import sys
+
+# Run from the telegram-bot directory so local imports work
+os.chdir("/home/shoko/repositories/jigaido/apps/telegram-bot")
+sys.path.insert(0, "/home/shoko/repositories/jigaido")
+
+# Import main from the local bot module
+import bot as bot_module  # noqa: E402
+
+if __name__ == "__main__":
+    if not bot_module.BOT_TOKEN:
+        bot_module.log.error("JIGAIDO_BOT_TOKEN environment variable not set.")
+        sys.exit(1)
+
+    app = bot_module.build_app()
+    app.post_init = bot_module.post_init
+    bot_module.log.info("JIGAIDO starting...")
+
+    # PTB v20+ app.run_polling() is async - use asyncio.get_event_loop() + run_until_complete
+    loop = asyncio.new_event_loop()
+    asyncio.set_event_loop(loop)
+    try:
+        loop.run_until_complete(app.run_polling(drop_pending_updates=True))
+    finally:
+        loop.close()
--- a/apps/telegram-bot/storage.py
+++ b/apps/telegram-bot/storage.py
@@ -1,216 +0,0 @@
-"""Per-group JSON file storage for JIGAIDO."""
-
-import json
-import os
-import tempfile
-from pathlib import Path
-from typing import Optional
-
-DATA_DIR = Path.home() / ".jigaido"
-
-
-def _ensure_dirs() -> None:
-    DATA_DIR.mkdir(parents=True, exist_ok=True)
-
-
-def _group_dir(group_id: int) -> Path:
-    return DATA_DIR / str(group_id)
-
-
-def _user_personal_dir(user_id: int) -> Path:
-    return DATA_DIR / str(user_id)
-
-
-def _group_file(group_id: int) -> Path:
-    return _group_dir(group_id) / "group.json"
-
-
-def _user_tracking_file(group_id: int, user_id: int) -> Path:
-    return _group_dir(group_id) / f"{user_id}.json"
-
-
-def _user_personal_file(user_id: int) -> Path:
-    return _user_personal_dir(user_id) / "user.json"
-
-
-def _atomic_write(path: Path, data: dict) -> None:
-    path.parent.mkdir(parents=True, exist_ok=True)
-    with tempfile.NamedTemporaryFile(mode="w", dir=path.parent, delete=False) as tmp:
-        json.dump(data, tmp, indent=2)
-        tmp_path = tmp.name
-    os.rename(tmp_path, path)
-
-
-def load_group_bounties(group_id: int) -> dict:
-    _ensure_dirs()
-    path = _group_file(group_id)
-    if not path.exists():
-        return {"bounties": [], "next_id": 1}
-    with open(path) as f:
-        return json.load(f)
-
-
-def save_group_bounties(group_id: int, data: dict) -> None:
-    _atomic_write(_group_file(group_id), data)
-
-
-def add_group_bounty(
-    group_id: int,
-    created_by_user_id: int,
-    text: Optional[str],
-    link: Optional[str],
-    due_date_ts: Optional[int],
-) -> dict:
-    data = load_group_bounties(group_id)
-    bounty = {
-        "id": data["next_id"],
-        "created_by_user_id": created_by_user_id,
-        "text": text,
-        "link": link,
-        "due_date_ts": due_date_ts,
-        "created_at": int(os.path.getctime(_group_file(group_id)))
-        if _group_file(group_id).exists()
-        else 0,
-    }
-    data["bounties"].append(bounty)
-    data["next_id"] += 1
-    save_group_bounties(group_id, data)
-    return bounty
-
-
-def update_group_bounty(
-    group_id: int,
-    bounty_id: int,
-    text: Optional[str],
-    link: Optional[str],
-    due_date_ts: Optional[int],
-) -> bool:
-    data = load_group_bounties(group_id)
-    for bounty in data["bounties"]:
-        if bounty["id"] == bounty_id:
-            if text is not None:
-                bounty["text"] = text
-            if link is not None:
-                bounty["link"] = link
-            if due_date_ts is not None:
-                bounty["due_date_ts"] = due_date_ts
-            save_group_bounties(group_id, data)
-            return True
-    return False
-
-
-def delete_group_bounty(group_id: int, bounty_id: int) -> bool:
-    data = load_group_bounties(group_id)
-    for i, bounty in enumerate(data["bounties"]):
-        if bounty["id"] == bounty_id:
-            data["bounties"].pop(i)
-            save_group_bounties(group_id, data)
-            return True
-    return False
-
-
-def get_group_bounty(group_id: int, bounty_id: int) -> Optional[dict]:
-    data = load_group_bounties(group_id)
-    for bounty in data["bounties"]:
-        if bounty["id"] == bounty_id:
-            return bounty
-    return None
-
-
-def load_user_tracking(group_id: int, user_id: int) -> dict:
-    path = _user_tracking_file(group_id, user_id)
-    if not path.exists():
-        return {"tracked": []}
-    with open(path) as f:
-        return json.load(f)
-
-
-def save_user_tracking(group_id: int, user_id: int, data: dict) -> None:
-    _atomic_write(_user_tracking_file(group_id, user_id), data)
-
-
-def track_bounty(group_id: int, user_id: int, bounty_id: int) -> bool:
-    data = load_user_tracking(group_id, user_id)
-    if any(t["bounty_id"] == bounty_id for t in data["tracked"]):
-        return False
-    data["tracked"].append({"bounty_id": bounty_id})
-    save_user_tracking(group_id, user_id, data)
-    return True
-
-
-def untrack_bounty(group_id: int, user_id: int, bounty_id: int) -> bool:
-    data = load_user_tracking(group_id, user_id)
-    for i, t in enumerate(data["tracked"]):
-        if t["bounty_id"] == bounty_id:
-            data["tracked"].pop(i)
-            save_user_tracking(group_id, user_id, data)
-            return True
-    return False
-
-
-def load_user_personal(user_id: int) -> dict:
-    path = _user_personal_file(user_id)
-    if not path.exists():
-        return {"bounties": [], "next_id": 1}
-    with open(path) as f:
-        return json.load(f)
-
-
-def save_user_personal(user_id: int, data: dict) -> None:
-    _atomic_write(_user_personal_file(user_id), data)
-
-
-def add_personal_bounty(
-    user_id: int, text: Optional[str], link: Optional[str], due_date_ts: Optional[int]
-) -> dict:
-    data = load_user_personal(user_id)
-    bounty = {
-        "id": data["next_id"],
-        "text": text,
-        "link": link,
-        "due_date_ts": due_date_ts,
-        "created_at": 0,
-    }
-    data["bounties"].append(bounty)
-    data["next_id"] += 1
-    save_user_personal(user_id, data)
-    return bounty
-
-
-def update_personal_bounty(
-    user_id: int,
-    bounty_id: int,
-    text: Optional[str],
-    link: Optional[str],
-    due_date_ts: Optional[int],
-) -> bool:
-    data = load_user_personal(user_id)
-    for bounty in data["bounties"]:
-        if bounty["id"] == bounty_id:
-            if text is not None:
-                bounty["text"] = text
-            if link is not None:
-                bounty["link"] = link
-            if due_date_ts is not None:
-                bounty["due_date_ts"] = due_date_ts
-            save_user_personal(user_id, data)
-            return True
-    return False
-
-
-def delete_personal_bounty(user_id: int, bounty_id: int) -> bool:
-    data = load_user_personal(user_id)
-    for i, bounty in enumerate(data["bounties"]):
-        if bounty["id"] == bounty_id:
-            data["bounties"].pop(i)
-            save_user_personal(user_id, data)
-            return True
-    return False
-
-
-def get_personal_bounty(user_id: int, bounty_id: int) -> Optional[dict]:
-    data = load_user_personal(user_id)
-    for bounty in data["bounties"]:
-        if bounty["id"] == bounty_id:
-            return bounty
-    return None
--- a/apps/telegram-bot/tests/conftest.py
+++ b/apps/telegram-bot/tests/conftest.py
@@ -1,27 +1,8 @@
 """Pytest fixtures for telegram-bot tests."""

 import sys
-import tempfile
 from pathlib import Path

-import pytest

-# Add the app directory to path so `import db` works when running pytest
+# Add the app directory to path so imports work when running pytest
 sys.path.insert(0, str(Path(__file__).parent.parent))
-
-
-@pytest.fixture(autouse=True)
-def fresh_db(monkeypatch):
-    """Replace DB_PATH with a temp file before any test runs."""
-    import db as _db
-
-    tmp = tempfile.NamedTemporaryFile(suffix=".db", delete=False)
-    tmp_path = Path(tmp.name)
-    tmp.close()
-
-    monkeypatch.setattr(_db, "DB_PATH", tmp_path)
-    _db.init_db()
-
-    yield tmp_path
-
-    tmp_path.unlink(missing_ok=True)
--- a/apps/telegram-bot/tests/test_commands.py
+++ b/apps/telegram-bot/tests/test_commands.py
@@ -1,11 +1,33 @@
-"""Tests for commands.py — parsing and formatting functions only."""
+"""Tests for commands.py — parsing, formatting, and command handlers."""

 import time
-from unittest.mock import MagicMock
+from unittest.mock import MagicMock, patch, AsyncMock

 import pytest

-from commands import extract_args, parse_args, format_bounty
+from telegram import Update, Message, User, Chat
+from telegram.ext import ContextTypes
+
+from commands import (
+    extract_args,
+    parse_args,
+    format_bounty,
+    cmd_bounty,
+    cmd_my,
+    cmd_add,
+    cmd_update,
+    cmd_delete,
+    cmd_track,
+    cmd_untrack,
+    cmd_start,
+    cmd_help,
+    is_group,
+    get_group_id,
+    get_user_id,
+    get_room_id,
+    BOUNTY_SERVICE,
+    TRACKING_SERVICE,
+)


 class TestExtractArgs:
@@ -30,75 +52,97 @@ class TestExtractArgs:

 class TestParseArgs:
    def test_text_only(self):
-        text, link, due = parse_args(["hello", "world"])
+        text, link, due, _, _ = parse_args(["hello", "world"])
        assert text == "hello world"
        assert link is None
        assert due is None

    def test_link_extracted(self):
-        text, link, due = parse_args(["hello", "https://example.com"])
+        text, link, due, _, _ = parse_args(["hello", "https://example.com"])
        # "hello" is non-link non-date → becomes text; only the URL becomes link
        assert text == "hello"
        assert link == "https://example.com"
        assert due is None

    def test_text_and_link(self):
-        text, link, due = parse_args(["hello", "world", "https://example.com"])
+        text, link, due, _, _ = parse_args(["hello", "world", "https://example.com"])
        assert text == "hello world"
        assert link == "https://example.com"

    def test_due_date_parsed(self):
-        text, link, due = parse_args(["hello", "tomorrow"])
+        text, link, due, _, _ = parse_args(["hello", "tomorrow"])
        assert text == "hello"
        assert due is not None
        # Should be some time in the future
        assert due > int(time.time())

    def test_all_three(self):
-        text, link, due = parse_args(["hello", "https://example.com", "tomorrow"])
+        text, link, due, _, _ = parse_args(["hello", "https://example.com", "tomorrow"])
        assert text == "hello"
        assert link == "https://example.com"
        assert due is not None

    def test_http_and_https_both_detected(self):
-        _, link1, _ = parse_args(["http://example.com"])
-        _, link2, _ = parse_args(["https://example.com"])
+        _, link1, _, _, _ = parse_args(["http://example.com"])
+        _, link2, _, _, _ = parse_args(["https://example.com"])
        assert link1 == "http://example.com"
        assert link2 == "https://example.com"

    def test_non_url_non_date_becomes_text(self):
-        text, link, due = parse_args(["fix", "the", "bug"])
+        text, link, due, _, _ = parse_args(["fix", "the", "bug"])
        assert text == "fix the bug"
        assert link is None
        assert due is None

    def test_multiple_links_first_only(self):
-        _, link, _ = parse_args(["text", "https://first.com", "https://second.com"])
+        _, link, _, _, _ = parse_args(["text", "https://first.com", "https://second.com"])
        assert link == "https://first.com"

    def test_due_date_after_link(self):
-        text, link, due = parse_args(["task", "https://example.com", "in 5 days"])
+        text, link, due, _, _ = parse_args(["task", "https://example.com", "in 5 days"])
        assert text == "task"
        assert link == "https://example.com"
        assert due is not None

    def test_empty_args(self):
-        text, link, due = parse_args([])
+        text, link, due, _, _ = parse_args([])
        assert text is None
        assert link is None
        assert due is None

    def test_date_parser_failure_returns_none(self):
        # "asdfjkl" is not parseable → goes to text
-        text, link, due = parse_args(["hello", "asdfjkl"])
+        text, link, due, _, _ = parse_args(["hello", "asdfjkl"])
        assert text == "hello asdfjkl"
        assert due is None

    def test_link_takes_first_match(self):
        # Even if it's not a valid URL, starts with https://
-        _, link, _ = parse_args(["skip", "https://not-real.but-still-a-link"])
+        _, link, _, _, _ = parse_args(["skip", "https://not-real.but-still-a-link"])
        assert link == "https://not-real.but-still-a-link"

+    def test_url_without_scheme_normalized_to_https(self):
+        """URLs without scheme should get https:// prefix."""
+        _, link, _, _, _ = parse_args(["github.com/user/repo"])
+        assert link == "https://github.com/user/repo"
+
+    def test_url_without_scheme_github_normalized(self):
+        text, link, _, _, _ = parse_args(["Fix bug", "github.com/owner/repo"])
+        assert text == "Fix bug"
+        assert link == "https://github.com/owner/repo"
+
+    def test_url_with_explicit_https_unchanged(self):
+        _, link, _, _, _ = parse_args(["task", "https://example.com/page"])
+        assert link == "https://example.com/page"
+
+    def test_url_with_http_unchanged(self):
+        _, link, _, _, _ = parse_args(["task", "http://example.com/page"])
+        assert link == "http://example.com/page"
+
+    def test_url_link_flag_without_scheme_normalized(self):
+        _, link, _, _, _ = parse_args(["-link", "example.com/path"])
+        assert link == "https://example.com/path"
+

 class TestFormatBounty:
    def _row(
@@ -110,13 +154,11 @@ class TestFormatBounty:
        created_by_user_id=123456,
    ):
        row = MagicMock()
-        row.__getitem__ = lambda s, k: {
-            "id": id,
-            "text": text,
-            "link": link,
-            "due_date_ts": due_date_ts,
-            "created_by_user_id": created_by_user_id,
-        }[k]
+        row.id = id
+        row.text = text
+        row.link = link
+        row.due_date_ts = due_date_ts
+        row.created_by_user_id = created_by_user_id
        return row

    def test_shows_id(self):
@@ -168,3 +210,377 @@ class TestFormatBounty:
        b = self._row(created_by_user_id=999)
        out = format_bounty(b)
        assert "999" in out
+
+
+def create_mock_update(
+    user_id=123,
+    chat_id=-456,
+    chat_type="group",
+    message_text="/bounty",
+):
+    """Create a mock Telegram Update with common values."""
+    user = MagicMock(spec=User)
+    user.id = user_id
+
+    chat = MagicMock(spec=Chat)
+    chat.id = chat_id
+    chat.type = chat_type
+
+    message = MagicMock(spec=Message)
+    message.text = message_text
+    message.reply_text = AsyncMock()
+    message.user = user
+
+    update = MagicMock(spec=Update)
+    update.effective_user = user
+    update.effective_chat = chat
+    update.message = message
+
+    return update
+
+
+class TestHelperFunctions:
+    """Test helper functions."""
+
+    def test_is_group_true(self):
+        update = create_mock_update(chat_type="group")
+        assert is_group(update) is True
+
+    def test_is_group_false_for_private(self):
+        update = create_mock_update(chat_type="private")
+        assert is_group(update) is False
+
+    def test_get_group_id(self):
+        update = create_mock_update(chat_id=-789)
+        assert get_group_id(update) == -789
+
+    def test_get_user_id(self):
+        update = create_mock_update(user_id=999)
+        assert get_user_id(update) == 999
+
+    def test_get_room_id_group(self):
+        update = create_mock_update(chat_id=-456, chat_type="group", user_id=123)
+        assert get_room_id(update) == -456
+
+    def test_get_room_id_private(self):
+        update = create_mock_update(chat_id=123, chat_type="private", user_id=123)
+        assert get_room_id(update) == 123
+
+
+class TestCmdBounty:
+    """Test cmd_bounty command."""
+
+    @pytest.mark.asyncio
+    async def test_lists_bounties(self):
+        update = create_mock_update()
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        mock_bounty = MagicMock()
+        mock_bounty.id = 1
+        mock_bounty.text = "Test"
+        mock_bounty.link = None
+        mock_bounty.due_date_ts = None
+        mock_bounty.created_by_user_id = 123
+
+        with patch.object(
+            BOUNTY_SERVICE, "list_bounties", return_value=[mock_bounty]
+        ) as mock_list:
+            await cmd_bounty(update, ctx)
+            mock_list.assert_called_once_with(-456)
+            update.message.reply_text.assert_called_once()
+            call_args = update.message.reply_text.call_args[0][0]
+            assert "[#1]" in call_args
+            assert "Test" in call_args
+
+    @pytest.mark.asyncio
+    async def test_no_bounties(self):
+        update = create_mock_update()
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        with patch.object(BOUNTY_SERVICE, "list_bounties", return_value=[]):
+            await cmd_bounty(update, ctx)
+            update.message.reply_text.assert_called_once_with("No bounties yet.")
+
+
+class TestCmdMy:
+    """Test cmd_my command."""
+
+    @pytest.mark.asyncio
+    async def test_in_group_shows_tracked(self):
+        update = create_mock_update(chat_type="group")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        mock_bounty = MagicMock()
+        mock_bounty.id = 1
+        mock_bounty.text = "Tracked"
+        mock_bounty.link = None
+        mock_bounty.due_date_ts = None
+        mock_bounty.created_by_user_id = 123
+
+        with patch.object(
+            TRACKING_SERVICE, "get_tracked_bounties", return_value=[mock_bounty]
+        ) as mock_track:
+            await cmd_my(update, ctx)
+            mock_track.assert_called_once_with(-456, 123)
+            update.message.reply_text.assert_called_once()
+
+    @pytest.mark.asyncio
+    async def test_in_private_shows_personal(self):
+        update = create_mock_update(chat_type="private", chat_id=123)
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        mock_bounty = MagicMock()
+        mock_bounty.id = 2
+        mock_bounty.text = "Personal"
+        mock_bounty.link = None
+        mock_bounty.due_date_ts = None
+        mock_bounty.created_by_user_id = 123
+
+        with patch.object(
+            BOUNTY_SERVICE, "list_bounties", return_value=[mock_bounty]
+        ) as mock_list:
+            await cmd_my(update, ctx)
+            mock_list.assert_called_once_with(123)
+            update.message.reply_text.assert_called_once()
+
+    @pytest.mark.asyncio
+    async def test_no_bounties_tracked(self):
+        update = create_mock_update(chat_type="group")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        with patch.object(TRACKING_SERVICE, "get_tracked_bounties", return_value=[]):
+            await cmd_my(update, ctx)
+            update.message.reply_text.assert_called_once_with(
+                "You are not tracking any bounties."
+            )
+
+
+class TestCmdAdd:
+    """Test cmd_add command."""
+
+    @pytest.mark.asyncio
+    async def test_add_bounty_success(self):
+        update = create_mock_update(message_text="/add Fix the bug")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        mock_bounty = MagicMock()
+        mock_bounty.id = 42
+
+        with patch.object(
+            BOUNTY_SERVICE, "add_bounty", return_value=mock_bounty
+        ) as mock_add:
+            await cmd_add(update, ctx)
+            mock_add.assert_called_once()
+            call_kwargs = mock_add.call_args[1]
+            assert call_kwargs["room_id"] == -456
+            assert call_kwargs["user_id"] == 123
+            assert call_kwargs["text"] == "Fix the bug"
+            update.message.reply_text.assert_called_once()
+            assert "✅" in update.message.reply_text.call_args[0][0]
+
+    @pytest.mark.asyncio
+    async def test_add_without_args(self):
+        update = create_mock_update(message_text="/add")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        await cmd_add(update, ctx)
+        update.message.reply_text.assert_called_once()
+        assert "Usage" in update.message.reply_text.call_args[0][0]
+
+    @pytest.mark.asyncio
+    async def test_add_needs_text_or_link(self):
+        update = create_mock_update(message_text="/add")
+
+        _, link, _ = parse_args([])
+        if not "test" and not link:
+            await update.message.reply_text("A bounty needs at least text or a link.")
+            update.message.reply_text.assert_called_once()
+
+
+class TestCmdUpdate:
+    """Test cmd_update command."""
+
+    @pytest.mark.asyncio
+    async def test_update_bounty_success(self):
+        update = create_mock_update(message_text="/update 1 New text")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        with patch.object(
+            BOUNTY_SERVICE, "update_bounty", return_value=True
+        ) as mock_update:
+            await cmd_update(update, ctx)
+            mock_update.assert_called_once()
+            call_kwargs = mock_update.call_args[1]
+            assert call_kwargs["room_id"] == -456
+            assert call_kwargs["bounty_id"] == 1
+            assert call_kwargs["text"] == "New text"
+            update.message.reply_text.assert_called_once()
+            assert "✅" in update.message.reply_text.call_args[0][0]
+
+    @pytest.mark.asyncio
+    async def test_update_without_args(self):
+        update = create_mock_update(message_text="/update")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        await cmd_update(update, ctx)
+        update.message.reply_text.assert_called_once()
+        assert "Usage" in update.message.reply_text.call_args[0][0]
+
+    @pytest.mark.asyncio
+    async def test_update_invalid_id(self):
+        update = create_mock_update(message_text="/update abc")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        await cmd_update(update, ctx)
+        update.message.reply_text.assert_called_once_with("Invalid bounty ID.")
+
+    @pytest.mark.asyncio
+    async def test_update_permission_denied(self):
+        update = create_mock_update(message_text="/update 1 new text")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        with patch.object(
+            BOUNTY_SERVICE,
+            "update_bounty",
+            side_effect=PermissionError("Not your bounty"),
+        ):
+            await cmd_update(update, ctx)
+            update.message.reply_text.assert_called_once()
+            assert "⛔" in update.message.reply_text.call_args[0][0]
+
+
+class TestCmdDelete:
+    """Test cmd_delete command."""
+
+    @pytest.mark.asyncio
+    async def test_delete_bounty_success(self):
+        update = create_mock_update(message_text="/delete 1")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        with patch.object(
+            BOUNTY_SERVICE, "delete_bounty", return_value=True
+        ) as mock_delete:
+            await cmd_delete(update, ctx)
+            mock_delete.assert_called_once_with(room_id=-456, bounty_id=1, user_id=123)
+            update.message.reply_text.assert_called_once()
+            assert "✅" in update.message.reply_text.call_args[0][0]
+
+    @pytest.mark.asyncio
+    async def test_delete_without_args(self):
+        update = create_mock_update(message_text="/delete")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        await cmd_delete(update, ctx)
+        update.message.reply_text.assert_called_once()
+        assert "Usage" in update.message.reply_text.call_args[0][0]
+
+    @pytest.mark.asyncio
+    async def test_delete_invalid_id(self):
+        update = create_mock_update(message_text="/delete abc")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        await cmd_delete(update, ctx)
+        update.message.reply_text.assert_called_once_with("Invalid bounty ID.")
+
+
+class TestCmdTrack:
+    """Test cmd_track command."""
+
+    @pytest.mark.asyncio
+    async def test_track_in_group(self):
+        update = create_mock_update(chat_type="group", message_text="/track 1")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        with patch.object(
+            TRACKING_SERVICE, "track_bounty", return_value=True
+        ) as mock_track:
+            await cmd_track(update, ctx)
+            mock_track.assert_called_once_with(-456, 123, 1)
+            update.message.reply_text.assert_called_once()
+            assert "✅" in update.message.reply_text.call_args[0][0]
+
+    @pytest.mark.asyncio
+    async def test_track_not_in_group(self):
+        update = create_mock_update(chat_type="private", message_text="/track 1")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        await cmd_track(update, ctx)
+        update.message.reply_text.assert_called_once()
+        assert "⛔" in update.message.reply_text.call_args[0][0]
+
+    @pytest.mark.asyncio
+    async def test_track_without_args(self):
+        update = create_mock_update(chat_type="group", message_text="/track")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        await cmd_track(update, ctx)
+        update.message.reply_text.assert_called_once()
+        assert "Usage" in update.message.reply_text.call_args[0][0]
+
+
+class TestCmdUntrack:
+    """Test cmd_untrack command."""
+
+    @pytest.mark.asyncio
+    async def test_untrack_in_group(self):
+        update = create_mock_update(chat_type="group", message_text="/untrack 1")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        with patch.object(
+            TRACKING_SERVICE, "untrack_bounty", return_value=True
+        ) as mock_untrack:
+            await cmd_untrack(update, ctx)
+            mock_untrack.assert_called_once_with(-456, 123, 1)
+            update.message.reply_text.assert_called_once()
+            assert "✅" in update.message.reply_text.call_args[0][0]
+
+    @pytest.mark.asyncio
+    async def test_untrack_not_in_group(self):
+        update = create_mock_update(chat_type="private", message_text="/untrack 1")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        await cmd_untrack(update, ctx)
+        update.message.reply_text.assert_called_once()
+        assert "⛔" in update.message.reply_text.call_args[0][0]
+
+
+class TestCmdStart:
+    """Test cmd_start command."""
+
+    @pytest.mark.asyncio
+    async def test_start_in_group(self):
+        update = create_mock_update(chat_type="group")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        await cmd_start(update, ctx)
+        update.message.reply_text.assert_called_once()
+        text = update.message.reply_text.call_args[0][0]
+        assert "👻" in text
+        assert "/bounty" in text
+
+    @pytest.mark.asyncio
+    async def test_start_in_private(self):
+        update = create_mock_update(chat_type="private")
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        await cmd_start(update, ctx)
+        update.message.reply_text.assert_called_once()
+        text = update.message.reply_text.call_args[0][0]
+        assert "👻" in text
+        assert "/my" in text
+
+
+class TestCmdHelp:
+    """Test cmd_help command."""
+
+    @pytest.mark.asyncio
+    async def test_help_shows_commands(self):
+        update = create_mock_update()
+        ctx = MagicMock(spec=ContextTypes.DEFAULT_TYPE)
+
+        await cmd_help(update, ctx)
+        update.message.reply_text.assert_called_once()
+        text = update.message.reply_text.call_args[0][0]
+        assert "/bounty" in text
+        assert "/add" in text
+        assert "/help" in text
--- a/apps/telegram-bot/init.py
+++ b/apps/telegram-bot/init.py
--- a/cli/main.py
+++ b/cli/main.py
@@ -0,0 +1,250 @@
+"""JIGAIDO CLI - Command line interface for bounty tracking."""
+
+import argparse
+import sys
+
+import dateparser
+
+from adapters.storage.json_file import JsonFileRoomStorage, JsonFileTrackingStorage
+from config import Config
+from core.services import BountyService, TrackingService
+
+
+def parse_due_date(due_str: str | None) -> int | None:
+    """Parse due date string to Unix timestamp."""
+    if not due_str:
+        return None
+    parsed = dateparser.parse(due_str)
+    if parsed:
+        return int(parsed.timestamp())
+    return None
+
+
+def create_services():
+    """Create service instances with storage."""
+    config = Config()
+    config.ensure_data_dir()
+    room_storage = JsonFileRoomStorage(config.data_dir / "room")
+    tracking_storage = JsonFileTrackingStorage(config.data_dir / "tracking")
+    bounty_service = BountyService(room_storage)
+    tracking_service = TrackingService(tracking_storage, room_storage)
+    return bounty_service, tracking_service
+
+
+def cmd_add(args):
+    """Add a new bounty."""
+    bounty_service, _ = create_services()
+    due_ts = parse_due_date(args.due)
+    bounty = bounty_service.add_bounty(
+        room_id=args.group_id or args.user_id,
+        user_id=args.user_id or 0,
+        text=args.text,
+        link=args.link,
+        due_date_ts=due_ts,
+    )
+    print(f"Added bounty #{bounty.id}")
+
+
+def cmd_list(args):
+    """List all bounties in a room."""
+    bounty_service, _ = create_services()
+    bounties = bounty_service.list_bounties(room_id=args.group_id or args.user_id)
+    if not bounties:
+        print("No bounties")
+        return
+    for b in bounties:
+        due_str = (
+            f", due: {dateparser.parse(str(b.due_date_ts)).strftime('%Y-%m-%d')}"
+            if b.due_date_ts
+            else ""
+        )
+        link_str = f", link: {b.link}" if b.link else ""
+        print(f"#{b.id}: {b.text or '(no text)'}{link_str}{due_str}")
+
+
+def cmd_my(args):
+    """List tracked bounties for a user."""
+    _, tracking_service = create_services()
+    room_id = args.group_id or args.user_id
+    tracked = tracking_service.get_tracked_bounties(
+        room_id=room_id, user_id=args.user_id
+    )
+    if not tracked:
+        print("Not tracking any bounties")
+        return
+    for b in tracked:
+        due_str = (
+            f", due: {dateparser.parse(str(b.due_date_ts)).strftime('%Y-%m-%d')}"
+            if b.due_date_ts
+            else ""
+        )
+        link_str = f", link: {b.link}" if b.link else ""
+        print(f"#{b.id}: {b.text or '(no text)'}{link_str}{due_str}")
+
+
+def cmd_update(args):
+    """Update a bounty."""
+    bounty_service, _ = create_services()
+    due_ts = parse_due_date(args.due)
+    try:
+        success = bounty_service.update_bounty(
+            room_id=args.group_id or args.user_id,
+            bounty_id=args.bounty_id,
+            user_id=args.user_id or 0,
+            text=args.text,
+            link=args.link,
+            due_date_ts=due_ts,
+            clear_link=args.clear_link,
+            clear_due=args.clear_due,
+        )
+        if success:
+            print(f"Updated bounty #{args.bounty_id}")
+        else:
+            print(f"Bounty #{args.bounty_id} not found", file=sys.stderr)
+            sys.exit(1)
+    except PermissionError as e:
+        print(f"Error: {e}", file=sys.stderr)
+        sys.exit(1)
+
+
+def cmd_delete(args):
+    """Delete a bounty."""
+    bounty_service, _ = create_services()
+    try:
+        success = bounty_service.delete_bounty(
+            room_id=args.group_id or args.user_id,
+            bounty_id=args.bounty_id,
+            user_id=args.user_id or 0,
+        )
+        if success:
+            print(f"Deleted bounty #{args.bounty_id}")
+        else:
+            print(f"Bounty #{args.bounty_id} not found", file=sys.stderr)
+            sys.exit(1)
+    except PermissionError as e:
+        print(f"Error: {e}", file=sys.stderr)
+        sys.exit(1)
+
+
+def cmd_track(args):
+    """Track a bounty."""
+    _, tracking_service = create_services()
+    try:
+        success = tracking_service.track_bounty(
+            room_id=args.group_id,
+            user_id=args.user_id,
+            bounty_id=args.bounty_id,
+        )
+        if success:
+            print(f"Tracking bounty #{args.bounty_id}")
+        else:
+            print(f"Already tracking bounty #{args.bounty_id}")
+    except ValueError as e:
+        print(f"Error: {e}", file=sys.stderr)
+        sys.exit(1)
+
+
+def cmd_untrack(args):
+    """Untrack a bounty."""
+    _, tracking_service = create_services()
+    success = tracking_service.untrack_bounty(
+        room_id=args.group_id,
+        user_id=args.user_id,
+        bounty_id=args.bounty_id,
+    )
+    if success:
+        print(f"Untracked bounty #{args.bounty_id}")
+    else:
+        print(f"Not tracking bounty #{args.bounty_id}", file=sys.stderr)
+        sys.exit(1)
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        prog="jigaido-cli", description="JIGAIDO bounty tracker CLI"
+    )
+    subparsers = parser.add_subparsers(dest="command", help="Commands")
+
+    parser_add = subparsers.add_parser("add", help="Add a new bounty")
+    parser_add.add_argument("text", help="Bounty description")
+    parser_add.add_argument("--link", help="Optional link")
+    parser_add.add_argument(
+        "--due", help="Optional due date (e.g., 'tomorrow', 'in 3 days')"
+    )
+
+    parser_list = subparsers.add_parser("list", help="List all bounties")
+
+    parser_my = subparsers.add_parser("my", help="List tracked bounties")
+
+    parser_update = subparsers.add_parser("update", help="Update a bounty")
+    parser_update.add_argument("bounty_id", type=int, help="Bounty ID to update")
+    parser_update.add_argument("text", nargs="?", help="New description")
+    parser_update.add_argument("--link", help="New link")
+    parser_update.add_argument("--due", help="New due date")
+    parser_update.add_argument("--clear-link", action="store_true", help="Clear link")
+    parser_update.add_argument(
+        "--clear-due", action="store_true", help="Clear due date"
+    )
+
+    parser_delete = subparsers.add_parser("delete", help="Delete a bounty")
+    parser_delete.add_argument("bounty_id", type=int, help="Bounty ID to delete")
+
+    parser_track = subparsers.add_parser("track", help="Track a bounty")
+    parser_track.add_argument("bounty_id", type=int, help="Bounty ID to track")
+
+    parser_untrack = subparsers.add_parser("untrack", help="Untrack a bounty")
+    parser_untrack.add_argument("bounty_id", type=int, help="Bounty ID to untrack")
+
+    for sp in [
+        parser_add,
+        parser_list,
+        parser_my,
+        parser_update,
+        parser_delete,
+        parser_track,
+        parser_untrack,
+    ]:
+        sp.add_argument(
+            "--group-id", type=int, help="Group context (use group room ID)"
+        )
+        sp.add_argument(
+            "--user-id", type=int, help="User context (use Telegram user ID)"
+        )
+
+    args = parser.parse_args()
+
+    if not args.command:
+        parser.print_help()
+        sys.exit(1)
+
+    if not args.group_id and not args.user_id:
+        print("Error: either --group-id or --user-id is required", file=sys.stderr)
+        sys.exit(1)
+
+    if args.command in ("add", "list", "my", "update", "delete"):
+        if not (args.group_id or args.user_id):
+            print("Error: --group-id or --user-id required", file=sys.stderr)
+            sys.exit(1)
+        if args.command == "add" and not args.text:
+            print("Error: text is required for add", file=sys.stderr)
+            sys.exit(1)
+
+    command_map = {
+        "add": cmd_add,
+        "list": cmd_list,
+        "my": cmd_my,
+        "update": cmd_update,
+        "delete": cmd_delete,
+        "track": cmd_track,
+        "untrack": cmd_untrack,
+    }
+
+    if args.command in command_map:
+        command_map[args.command](args)
+    else:
+        print(f"Unknown command: {args.command}", file=sys.stderr)
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()
--- a/config.py
+++ b/config.py
@@ -13,7 +13,21 @@ class Config:

    def __init__(self):
        self.data_dir: Path = self._resolve_data_dir()
-        self.bot_token: Optional[str] = os.environ.get("JIGAIDO_BOT_TOKEN")
+        self.bot_token: Optional[str] = self._resolve_bot_token()
+
+    def _resolve_bot_token(self) -> Optional[str]:
+        env_token = os.environ.get("JIGAIDO_BOT_TOKEN")
+        if env_token:
+            return env_token
+
+        config_file = Path("~/.jigaido/config.json").expanduser()
+        if config_file.exists():
+            with open(config_file) as f:
+                config_data = json.load(f)
+                if "JIGAIDO_BOT_TOKEN" in config_data:
+                    return config_data["JIGAIDO_BOT_TOKEN"]
+
+        return None

    def _resolve_data_dir(self) -> Path:
        env_dir = os.environ.get("JIGAIDO_DATA_DIR")
@@ -35,3 +49,6 @@ class Config:


 config = Config()
+
+
+config = Config()
--- a/core/models.py
+++ b/core/models.py
@@ -1,6 +1,20 @@
 """Domain dataclasses for JIGAIDO bounty tracker."""

-from dataclasses import dataclass
+from dataclasses import dataclass, field
+
+
+@dataclass
+class Category:
+    """A category for organizing bounties in a room.
+
+    Categories are per-room and support soft delete.
+    The id (slug) must be lowercase alphabetic only (e.g., "bug", "feature").
+    """
+
+    id: str  # slug: lowercase alphabetic only, e.g., "bug", "feature"
+    name: str  # display name: e.g., "Bug", "Feature"
+    created_at: int
+    deleted_at: int | None = None  # soft delete


@dataclass
@@ -9,6 +23,11 @@ class Bounty:

    The created_by_user_id field always refers to the user who created the bounty.
    It does NOT indicate whether the bounty is a group or personal bounty.
+
+    The deleted_at field indicates soft-delete: None means not deleted,
+    a value means deleted at that Unix timestamp.
+
+    The category_ids field lists category slugs associated with this bounty.
    """

    id: int
@@ -17,6 +36,9 @@ class Bounty:
    due_date_ts: int | None
    created_at: int
    created_by_user_id: int
+    deleted_at: int | None = None
+    created_by_username: str | None = None
+    category_ids: list[str] = field(default_factory=list)


@dataclass
@@ -37,11 +59,24 @@ class RoomData:

    The room_id can be negative for Telegram groups or positive for DMs.
    The next_id field is used to generate unique bounty IDs within this room.
+
+    The timezone field stores the room's timezone (e.g., "Asia/Jakarta"), default UTC+0.
+    The admin_usernames field lists usernames who have admin privileges in this room.
+    The categories field contains all categories for organizing bounties in this room.
    """

    room_id: int
    bounties: list[Bounty]
    next_id: int
+    timezone: str | None = None
+    admin_usernames: list[str] | None = None
+    categories: list[Category] = field(default_factory=list)
+
+    def __post_init__(self):
+        if self.admin_usernames is None:
+            self.admin_usernames = []
+        if self.categories is None:
+            self.categories = []


@dataclass
--- a/core/ports.py
+++ b/core/ports.py
@@ -32,14 +32,29 @@ class RoomStorage(Protocol):
        """Update an existing bounty in a room."""
        ...

-    def delete_bounty(self, room_id: int, bounty_id: int) -> None:
-        """Delete a bounty from a room."""
-        ...
-
    def get_bounty(self, room_id: int, bounty_id: int) -> Bounty | None:
        """Get a specific bounty from a room by ID."""
        ...

+    def list_bounties(self, room_id: int) -> list[Bounty]:
+        """List all non-deleted bounties in a room.
+
+        Soft-deleted bounties (where deleted_at is not None) are excluded.
+        """
+        ...
+
+    def list_all_bounties(
+        self, room_id: int, include_deleted: bool = True
+    ) -> list[Bounty]:
+        """List all bounties including or excluding soft-deleted.
+
+        Args:
+            room_id: The room ID
+            include_deleted: If True, return all bounties including soft-deleted.
+                           If False, return only non-deleted bounties.
+        """
+        ...
+

@runtime_checkable
 class TrackingStorage(Protocol):
--- a/core/services.py
+++ b/core/services.py
@@ -3,7 +3,7 @@
 import time
 from typing import Optional

-from core.models import Bounty, RoomData, TrackedBounty, TrackingData
+from core.models import Bounty, Category, RoomData, TrackedBounty, TrackingData
 from core.ports import RoomStorage, TrackingStorage


@@ -15,20 +15,136 @@ class BountyService:
    - Positive room_id: DM/personal context (user's Telegram ID)

    This service handles both group and personal bounties through room_id.
+
+    Permissions:
+    - /add, /edit, /delete: admin only
+    - /admin, /admin add, /admin remove: admin only
+    - /bounty, /show, /track, /untrack, /my: everyone
    """

    def __init__(self, storage: RoomStorage):
        self._storage = storage

+    def is_admin(self, room_id: int, username: str | None) -> bool:
+        """Check if user is admin in a room by username."""
+        if not username:
+            return False
+        room_data = self._storage.load(room_id)
+        if room_data is None:
+            return False
+        return username in (room_data.admin_usernames or [])
+
+    def add_admin(
+        self, room_id: int, username: str, requesting_username: str | None
+    ) -> None:
+        """Add an admin to a room. Requires admin permission, or self-promotion if first admin."""
+        room_data = self._storage.load(room_id)
+
+        has_no_admins = room_data is None or not room_data.admin_usernames
+        is_self_promotion = requesting_username == username
+
+        if not self.is_admin(room_id, requesting_username):
+            if not (has_no_admins and is_self_promotion):
+                raise PermissionError("Only admins can add admins.")
+
+        if room_data is None:
+            room_data = RoomData(
+                room_id=room_id, bounties=[], next_id=1, admin_usernames=[]
+            )
+
+        admin_usernames = room_data.admin_usernames
+        if admin_usernames is None:
+            admin_usernames = []
+            room_data.admin_usernames = []
+
+        if username in admin_usernames:
+            raise ValueError(f"@{username} is already an admin.")
+
+        admin_usernames.append(username)
+        self._storage.save(room_data)
+
+    def remove_admin(
+        self, room_id: int, username: str, requesting_username: str | None
+    ) -> None:
+        """Remove an admin from a room. Requires admin permission."""
+        if not self.is_admin(room_id, requesting_username):
+            raise PermissionError("Only admins can remove admins.")
+
+        room_data = self._storage.load(room_id)
+        if room_data is None or not (room_data.admin_usernames or []):
+            raise ValueError(f"@{username} is not an admin.")
+
+        if username not in (room_data.admin_usernames or []):
+            raise ValueError(f"@{username} is not an admin.")
+
+        (room_data.admin_usernames or []).remove(username)
+        self._storage.save(room_data)
+
+    def list_admins(self, room_id: int) -> list[str]:
+        """List all admin usernames in a room."""
+        room_data = self._storage.load(room_id)
+        if room_data is None:
+            return []
+        return list(room_data.admin_usernames or [])
+
+    def set_timezone(
+        self, room_id: int, timezone: str, requesting_username: str | None
+    ) -> None:
+        """Set the timezone for a room. Requires admin permission."""
+        if not self.is_admin(room_id, requesting_username):
+            raise PermissionError("Only admins can set timezone.")
+
+        room_data = self._storage.load(room_id)
+        if room_data is None:
+            room_data = RoomData(
+                room_id=room_id, bounties=[], next_id=1, admin_usernames=[]
+            )
+
+        room_data.timezone = timezone
+        self._storage.save(room_data)
+
+    def get_timezone(self, room_id: int) -> str:
+        """Get the timezone for a room. Returns UTC+0 if not set."""
+        room_data = self._storage.load(room_id)
+        if room_data is None:
+            return "UTC+0"
+        return room_data.timezone or "UTC+0"
+
+    def check_link_unique(
+        self, room_id: int, link: str | None, exclude_bounty_id: int | None = None
+    ) -> bool:
+        """Check if a link is unique within a room (not used by another bounty)."""
+        if not link:
+            return True
+
+        room_data = self._storage.load(room_id)
+        if room_data is None:
+            return True
+
+        for bounty in room_data.bounties:
+            if bounty.deleted_at is not None:
+                continue
+            if bounty.link == link and bounty.id != exclude_bounty_id:
+                return False
+        return True
+
    def add_bounty(
        self,
        room_id: int,
        user_id: int,
+        username: str | None,
        text: Optional[str] = None,
        link: Optional[str] = None,
        due_date_ts: Optional[int] = None,
+        created_by_username: Optional[str] = None,
    ) -> Bounty:
-        """Add a new bounty to the room."""
+        """Add a new bounty to the room. Requires admin permission."""
+        if not self.is_admin(room_id, username):
+            raise PermissionError("Only admins can add bounties.")
+
+        if not self.check_link_unique(room_id, link):
+            raise ValueError("A bounty with this link already exists in this room.")
+
        room_data = self._storage.load(room_id)
        if room_data is None:
            room_data = RoomData(room_id=room_id, bounties=[], next_id=1)
@@ -38,6 +154,7 @@ class BountyService:
        bounty = Bounty(
            id=room_data.next_id,
            created_by_user_id=user_id,
+            created_by_username=created_by_username,
            text=text,
            link=link,
            due_date_ts=due_date_ts,
@@ -47,33 +164,81 @@ class BountyService:
        return bounty

    def list_bounties(self, room_id: int) -> list[Bounty]:
-        """List all bounties in a room."""
-        room_data = self._storage.load(room_id)
-        if room_data is None:
-            return []
-        return room_data.bounties
+        """List all non-deleted bounties in a room."""
+        return self._storage.list_bounties(room_id)
+
+    def list_deleted_bounties(self, room_id: int) -> list[Bounty]:
+        """List all soft-deleted bounties in a room. For /recover functionality."""
+        all_bounties = self._storage.list_all_bounties(room_id, include_deleted=True)
+        return [b for b in all_bounties if b.deleted_at is not None]
+
+    def get_deleted_bounty(self, room_id: int, bounty_id: int) -> Bounty | None:
+        """Get a specific soft-deleted bounty by ID."""
+        all_bounties = self._storage.list_all_bounties(room_id, include_deleted=True)
+        for b in all_bounties:
+            if b.id == bounty_id and b.deleted_at is not None:
+                return b
+        return None
+
+    def recover_bounty(self, room_id: int, bounty_id: int, username: str | None) -> str:
+        """Recover a soft-deleted bounty. Admin only.
+
+        Returns: 'recovered', 'not_found', 'not_deleted', 'permission_denied'
+        """
+        if not self.is_admin(room_id, username):
+            return "permission_denied"
+
+        bounty = self.get_deleted_bounty(room_id, bounty_id)
+        if not bounty:
+            return "not_found"
+        if bounty.deleted_at is None:
+            return "not_deleted"
+
+        bounty.deleted_at = None
+        self._storage.update_bounty(room_id, bounty)
+        return "recovered"
+
+    def recover_bounties(
+        self, room_id: int, bounty_ids: list[int], username: str | None
+    ) -> dict[int, str]:
+        """Recover multiple soft-deleted bounties. Admin only.
+
+        Returns dict of bounty_id -> result ('recovered', 'not_found', 'not_deleted', 'permission_denied')
+        """
+        results = {}
+        for bounty_id in bounty_ids:
+            results[bounty_id] = self.recover_bounty(room_id, bounty_id, username)
+        return results

    def get_bounty(self, room_id: int, bounty_id: int) -> Bounty | None:
-        """Get a specific bounty by ID."""
-        return self._storage.get_bounty(room_id, bounty_id)
+        """Get a specific bounty by ID. Excludes soft-deleted bounties."""
+        bounty = self._storage.get_bounty(room_id, bounty_id)
+        if bounty and bounty.deleted_at is not None:
+            return None
+        return bounty

    def update_bounty(
        self,
        room_id: int,
        bounty_id: int,
-        user_id: int,
+        username: str | None,
        text: Optional[str] = None,
        link: Optional[str] = None,
        due_date_ts: Optional[int] = None,
        clear_link: bool = False,
        clear_due: bool = False,
    ) -> bool:
-        """Update a bounty. Only creator can update."""
+        """Update a bounty. Only admins can update."""
        bounty = self._storage.get_bounty(room_id, bounty_id)
        if not bounty:
            return False
-        if bounty.created_by_user_id != user_id:
-            raise PermissionError("Only the creator can edit this bounty.")
+        if not self.is_admin(room_id, username):
+            raise PermissionError("Only admins can edit bounties.")
+
+        if link and not self.check_link_unique(
+            room_id, link, exclude_bounty_id=bounty_id
+        ):
+            raise ValueError("A bounty with this link already exists in this room.")

        updated = Bounty(
            id=bounty.id,
@@ -84,19 +249,272 @@ class BountyService:
            if clear_due
            else (due_date_ts if due_date_ts is not None else bounty.due_date_ts),
            created_at=bounty.created_at,
+            deleted_at=bounty.deleted_at,
+            created_by_username=bounty.created_by_username,
        )
        self._storage.update_bounty(room_id, updated)
        return True

-    def delete_bounty(self, room_id: int, bounty_id: int, user_id: int) -> bool:
-        """Delete a bounty. Only creator can delete."""
+    def delete_bounty(self, room_id: int, bounty_id: int, username: str | None) -> bool:
+        """Soft delete a bounty. Only admins can delete."""
        bounty = self._storage.get_bounty(room_id, bounty_id)
        if not bounty:
            return False
-        if bounty.created_by_user_id != user_id:
-            raise PermissionError("Only the creator can delete this bounty.")
+        if not self.is_admin(room_id, username):
+            raise PermissionError("Only admins can delete bounties.")

-        self._storage.delete_bounty(room_id, bounty_id)
+        bounty.deleted_at = int(time.time())
+        self._storage.update_bounty(room_id, bounty)
+        return True
+
+    def delete_bounties(
+        self, room_id: int, bounty_ids: list[int], username: str | None
+    ) -> dict[int, str]:
+        """Soft delete multiple bounties. Returns dict of bounty_id -> result.
+
+        Results can be: 'deleted', 'not_found', 'permission_denied'
+        """
+        results = {}
+        for bounty_id in bounty_ids:
+            bounty = self._storage.get_bounty(room_id, bounty_id)
+            if not bounty:
+                results[bounty_id] = "not_found"
+                continue
+            if not self.is_admin(room_id, username):
+                results[bounty_id] = "permission_denied"
+                continue
+
+            bounty.deleted_at = int(time.time())
+            self._storage.update_bounty(room_id, bounty)
+            results[bounty_id] = "deleted"
+        return results
+
+    # --- Category Management ---
+
+    def add_category(
+        self,
+        room_id: int,
+        slug: str,
+        name: str,
+        username: str | None,
+    ) -> Category:
+        """Create a new category. Admin only.
+
+        Args:
+            room_id: Room identifier
+            slug: Category ID (lowercase alphabetic, e.g., "bug")
+            name: Display name (e.g., "Bug Report")
+            username: Requesting admin's username
+
+        Returns:
+            Created Category
+
+        Raises:
+            PermissionError: If not admin
+            ValueError: If slug already exists or invalid
+        """
+        if not self.is_admin(room_id, username):
+            raise PermissionError("Only admins can add categories.")
+
+        # Validate slug format (lowercase alphabetic only)
+        if not slug or not slug.isalpha() or not slug.islower():
+            raise ValueError(
+                "Category slug must be lowercase alphabetic only (e.g., 'bug', 'feature')."
+            )
+
+        room_data = self._storage.load(room_id)
+        if room_data is None:
+            room_data = RoomData(
+                room_id=room_id, bounties=[], next_id=1, admin_usernames=[], categories=[]
+            )
+
+        # Check for duplicate slug
+        for cat in room_data.categories:
+            if cat.id == slug and cat.deleted_at is None:
+                raise ValueError(f"Category '{slug}' already exists.")
+
+        category = Category(
+            id=slug,
+            name=name,
+            created_at=int(time.time()),
+            deleted_at=None,
+        )
+        room_data.categories.append(category)
+        self._storage.save(room_data)
+        return category
+
+    def delete_category(
+        self,
+        room_id: int,
+        slug: str,
+        username: str | None,
+    ) -> bool:
+        """Soft delete a category. Admin only.
+
+        Args:
+            room_id: Room identifier
+            slug: Category slug to delete
+            username: Requesting admin's username
+
+        Returns:
+            True if deleted, False if not found
+        """
+        if not self.is_admin(room_id, username):
+            raise PermissionError("Only admins can delete categories.")
+
+        room_data = self._storage.load(room_id)
+        if room_data is None:
+            return False
+
+        for cat in room_data.categories:
+            if cat.id == slug and cat.deleted_at is None:
+                cat.deleted_at = int(time.time())
+                self._storage.save(room_data)
+                return True
+        return False
+
+    def list_categories(self, room_id: int) -> list[Category]:
+        """List active categories (excludes soft-deleted).
+
+        Args:
+            room_id: Room identifier
+
+        Returns:
+            List of active categories
+        """
+        room_data = self._storage.load(room_id)
+        if room_data is None:
+            return []
+        return [c for c in room_data.categories if c.deleted_at is None]
+
+    def get_category(self, room_id: int, slug: str) -> Category | None:
+        """Get a category by slug (excludes soft-deleted).
+
+        Args:
+            room_id: Room identifier
+            slug: Category slug
+
+        Returns:
+            Category or None if not found
+        """
+        room_data = self._storage.load(room_id)
+        if room_data is None:
+            return None
+        for cat in room_data.categories:
+            if cat.id == slug and cat.deleted_at is None:
+                return cat
+        return None
+
+    def _validate_category_exists(self, room_id: int, slug: str) -> None:
+        """Validate that a category exists (and is not deleted). Raises ValueError if not found."""
+        if not self.get_category(room_id, slug):
+            raise ValueError(f"Category '{slug}' not found.")
+
+    def add_category_to_bounty(
+        self,
+        room_id: int,
+        bounty_id: int,
+        category_slug: str,
+        username: str | None,
+    ) -> bool:
+        """Add category to a bounty. Admin only.
+
+        Args:
+            room_id: Room identifier
+            bounty_id: Bounty ID
+            category_slug: Category slug to add
+            username: Requesting admin's username
+
+        Returns:
+            True if newly added, False if already exists
+
+        Raises:
+            PermissionError: If not admin
+            ValueError: If bounty or category not found
+        """
+        if not self.is_admin(room_id, username):
+            raise PermissionError("Only admins can manage bounty categories.")
+
+        bounty = self.get_bounty(room_id, bounty_id)
+        if not bounty:
+            raise ValueError("Bounty not found.")
+
+        self._validate_category_exists(room_id, category_slug)
+
+        if category_slug in bounty.category_ids:
+            return False  # Already exists
+
+        bounty.category_ids.append(category_slug)
+        self._storage.update_bounty(room_id, bounty)
+        return True
+
+    def remove_category_from_bounty(
+        self,
+        room_id: int,
+        bounty_id: int,
+        category_slug: str,
+        username: str | None,
+    ) -> bool:
+        """Remove category from a bounty. Admin only.
+
+        Args:
+            room_id: Room identifier
+            bounty_id: Bounty ID
+            category_slug: Category slug to remove
+            username: Requesting admin's username
+
+        Returns:
+            True if removed, False if not found
+        """
+        if not self.is_admin(room_id, username):
+            raise PermissionError("Only admins can manage bounty categories.")
+
+        bounty = self.get_bounty(room_id, bounty_id)
+        if not bounty:
+            raise ValueError("Bounty not found.")
+
+        if category_slug not in bounty.category_ids:
+            return False
+
+        bounty.category_ids.remove(category_slug)
+        self._storage.update_bounty(room_id, bounty)
+        return True
+
+    def update_bounty_categories(
+        self,
+        room_id: int,
+        bounty_id: int,
+        category_slugs: list[str],
+        username: str | None,
+    ) -> bool:
+        """Replace all categories on a bounty. Admin only.
+
+        Args:
+            room_id: Room identifier
+            bounty_id: Bounty ID
+            category_slugs: New list of category slugs
+            username: Requesting admin's username
+
+        Returns:
+            True if updated
+
+        Raises:
+            PermissionError: If not admin
+            ValueError: If bounty or any category not found
+        """
+        if not self.is_admin(room_id, username):
+            raise PermissionError("Only admins can manage bounty categories.")
+
+        bounty = self.get_bounty(room_id, bounty_id)
+        if not bounty:
+            raise ValueError("Bounty not found.")
+
+        # Validate all categories exist
+        for slug in category_slugs:
+            self._validate_category_exists(room_id, slug)
+
+        bounty.category_ids = category_slugs
+        self._storage.update_bounty(room_id, bounty)
        return True


@@ -147,7 +565,7 @@ class TrackingService:
        if room_data is None:
            return []

-        bounty_map = {b.id: b for b in room_data.bounties}
+        bounty_map = {b.id: b for b in room_data.bounties if b.deleted_at is None}
        return [
            bounty_map[t.bounty_id]
            for t in tracking_data.tracked
--- a/docs/AUDIT_AND_SPEC.md
+++ b/docs/AUDIT_AND_SPEC.md
@@ -0,0 +1,544 @@
+# JIGAIDO Audit & Feature Specification
+
+> Document created: 2026-04-09
+> Purpose: Repository audit findings and category feature specification
+
+---
+
+# Part I: Repository Audit
+
+## 1.1 Current Architecture
+
+JIGAIDO follows **hexagonal architecture** with clear separation:
+
+```
+jigaido/
+├── core/                          # Domain layer (pure Python, no deps)
+│   ├── models.py                 # Domain dataclasses
+│   ├── ports.py                  # Storage interfaces
+│   └── services.py               # Business logic
+├── adapters/
+│   └── storage/
+│       └── json_file.py          # JSON file persistence
+├── apps/
+│   └── telegram-bot/
+│       ├── bot.py                # Bot entrypoint
+│       └── commands.py           # Command handlers
+├── tests/                        # Unit tests (98 tests passing)
+├── config.py                     # Configuration
+├── SPEC.md                       # Original design spec
+└── README.md                     # Overview
+```
+
+## 1.2 Features Implemented
+
+| Feature | Status | Location |
+|---------|--------|----------|
+| Group bounty management | ✅ Done | `BountyService` |
+| Personal DM bounties | ✅ Done | Same service, different room_id |
+| Admin management | ✅ Done | `add_admin`, `remove_admin`, `list_admins` |
+| Soft delete (recoverable) | ✅ Done | `delete_bounty`, `recover_bounty` |
+| Due date with timezone | ✅ Done | `dateparser` + `ZoneInfo` |
+| Link deduplication | ✅ Done | `check_link_unique` |
+| Tracking/untracking | ✅ Done | `TrackingService` |
+| `/track` in groups only | ✅ Done | Command handler |
+| Expired bounty filtering | ✅ Done | 24h cutoff logic |
+| Timezone per room | ✅ Done | `set_timezone`, `get_timezone` |
+
+## 1.3 Bugs & Issues Found
+
+### Bug 1: Admin Promotion Logic Edge Case
+**Location**: `core/services.py` - `add_admin()`
+
+**Issue**: The first admin can self-promote, but if the Telegram group creator joins later, they won't be recognized as admin since they're not in `admin_usernames`.
+
+**Code**:
+```python
+# core/services.py:44-49
+has_no_admins = room_data is None or not room_data.admin_usernames
+is_self_promotion = requesting_username == username
+
+if not self.is_admin(room_id, requesting_username):
+    if not (has_no_admins and is_self_promotion):
+        raise PermissionError("Only admins can add admins.")
+```
+
+**Recommendation**: Document this behavior or enhance to auto-detect Telegram group creator.
+
+---
+
+### Bug 2: Hard Delete Method in Storage
+**Location**: `adapters/storage/json_file.py:113-119`
+
+**Issue**: `delete_bounty()` in storage does hard delete, while `BountyService.delete_bounty()` does soft delete. The storage method is unused but confusing.
+
+**Code**:
+```python
+def delete_bounty(self, room_id: int, bounty_id: int) -> None:
+    """Delete a bounty from a room."""
+    room_data = self.load(room_id)
+    if room_data is None:
+        return
+    room_data.bounties = [b for b in room_data.bounties if b.id != bounty_id]
+    self.save(room_data)
+```
+
+**Recommendation**: Remove or mark as deprecated.
+
+---
+
+### Issue 3: Spec vs Code Inconsistency
+**Location**: `SPEC.md` vs `commands.py`
+
+**Issue**: SPEC.md says anyone can `/add` in groups, but code requires admin.
+
+| Command | SPEC.md | Code |
+|---------|---------|------|
+| `/add` | anyone | admin only |
+| `/edit` | creator only | admin only |
+| `/delete` | creator only | admin only |
+
+**Recommendation**: Update SPEC.md to reflect actual implementation.
+
+---
+
+### Issue 4: No Input Sanitization
+**Location**: `commands.py` - `parse_args()`
+
+**Issue**: Links without proper scheme (e.g., `github.com/user/repo`) are accepted as-is.
+
+**Recommendation**: Consider normalizing URL scheme or validating format.
+
+---
+
+### Issue 5: No Rate Limiting
+**Location**: `/add` command
+
+**Issue**: No limit on:
+- Number of bounties per room
+- Text length
+- Request rate
+
+**Recommendation**: Add rate limiting for production use.
+
+---
+
+## 1.4 Test Status
+
+```bash
+$ PYTHONPATH=. python -m pytest tests/
+======================== 98 passed, 1 warning ========================
+```
+
+**Note**: Tests require `PYTHONPATH=.` to run. Consider adding `pytest.ini` or `pyproject.toml`.
+
+---
+
+# Part II: Category Feature Specification
+
+## 2.1 Overview
+
+Add category support to JIGAIDO to allow filtering and organizing bounties.
+
+**Goals**:
+- Admin-only category management (create, delete)
+- Multiple categories per bounty (no duplicates)
+- Filter bounties by category
+- Show categories on `/show` command
+- Backward compatibility (existing bounties work without categories)
+
+## 2.2 Data Model
+
+### Category
+```python
+@dataclass
+class Category:
+    """A category for organizing bounties in a room."""
+    id: str           # slug: lowercase alphabetic only, e.g., "bug", "feature"
+    name: str         # display name: e.g., "Bug", "Feature"
+    created_at: int
+    deleted_at: int | None = None  # soft delete
+```
+
+**Constraints**:
+- `id` (slug): lowercase alphabetic only, no symbols, e.g., `^[a-z]+$`
+- `name`: human-readable display
+- Unique within room (slug must be unique)
+- Soft delete preserves data
+
+### Bounty (Modified)
+```python
+@dataclass
+class Bounty:
+    # ... existing fields ...
+    id: int
+    text: str | None
+    link: str | None
+    due_date_ts: int | None
+    created_at: int
+    created_by_user_id: int
+    deleted_at: int | None = None
+    created_by_username: str | None = None
+    category_ids: list[str] = field(default_factory=list)  # NEW
+```
+
+### RoomData (Modified)
+```python
+@dataclass
+class RoomData:
+    room_id: int
+    bounties: list[Bounty]
+    next_id: int
+    timezone: str | None = None
+    admin_usernames: list[str] | None = None
+    categories: list[Category] = field(default_factory=list)  # NEW
+```
+
+## 2.3 Category Scope
+
+- **Per room**: Same as bounties, each room (group/DM) has independent categories
+- **Admin only**: Only admins can create/delete categories
+- **User access**: Regular users can only filter by category
+
+## 2.4 Service Layer API
+
+All methods require admin permission unless specified otherwise.
+
+### Category Management
+
+```python
+class BountyService:
+    # ... existing methods ...
+
+    # --- Category Management ---
+
+    def add_category(
+        self,
+        room_id: int,
+        slug: str,
+        name: str,
+        username: str | None
+    ) -> Category:
+        """Create a new category. Admin only.
+
+        Args:
+            room_id: Room identifier
+            slug: Category ID (lowercase alphabetic, e.g., "bug")
+            name: Display name (e.g., "Bug Report")
+            username: Requesting admin's username
+
+        Returns:
+            Created Category
+
+        Raises:
+            PermissionError: If not admin
+            ValueError: If slug already exists or invalid
+        """
+        ...
+
+    def delete_category(
+        self,
+        room_id: int,
+        slug: str,
+        username: str | None
+    ) -> bool:
+        """Soft delete a category. Admin only.
+
+        Args:
+            room_id: Room identifier
+            slug: Category slug to delete
+            username: Requesting admin's username
+
+        Returns:
+            True if deleted, False if not found
+        """
+        ...
+
+    def list_categories(self, room_id: int) -> list[Category]:
+        """List active categories (excludes soft-deleted).
+
+        Args:
+            room_id: Room identifier
+
+        Returns:
+            List of active categories
+        """
+        ...
+
+    def get_category(self, room_id: int, slug: str) -> Category | None:
+        """Get a category by slug (excludes soft-deleted).
+
+        Args:
+            room_id: Room identifier
+            slug: Category slug
+
+        Returns:
+            Category or None if not found
+        """
+        ...
+```
+
+### Category-to-Bounty Association
+
+```python
+    def add_category_to_bounty(
+        self,
+        room_id: int,
+        bounty_id: int,
+        category_slug: str,
+        username: str | None
+    ) -> bool:
+        """Add category to a bounty. Admin only.
+
+        Args:
+            room_id: Room identifier
+            bounty_id: Bounty ID
+            category_slug: Category slug to add
+            username: Requesting admin's username
+
+        Returns:
+            True if newly added, False if already exists
+
+        Raises:
+            PermissionError: If not admin
+            ValueError: If bounty or category not found
+        """
+        ...
+
+    def remove_category_from_bounty(
+        self,
+        room_id: int,
+        bounty_id: int,
+        category_slug: str,
+        username: str | None
+    ) -> bool:
+        """Remove category from a bounty. Admin only.
+
+        Args:
+            room_id: Room identifier
+            bounty_id: Bounty ID
+            category_slug: Category slug to remove
+            username: Requesting admin's username
+
+        Returns:
+            True if removed, False if not found
+        """
+        ...
+
+    def update_bounty_categories(
+        self,
+        room_id: int,
+        bounty_id: int,
+        category_slugs: list[str],
+        username: str | None
+    ) -> bool:
+        """Replace all categories on a bounty. Admin only.
+
+        Args:
+            room_id: Room identifier
+            bounty_id: Bounty ID
+            category_slugs: New list of category slugs
+            username: Requesting admin's username
+
+        Returns:
+            True if updated
+
+        Raises:
+            PermissionError: If not admin
+            ValueError: If bounty or any category not found
+        """
+        ...
+```
+
+### Bounty Listing with Category Filter
+
+```python
+    def list_bounties(
+        self,
+        room_id: int,
+        category_slugs: list[str] | None = None,
+        include_expired: bool = False
+    ) -> list[Bounty]:
+        """List bounties with optional category filtering.
+
+        Args:
+            room_id: Room identifier
+            category_slugs: If provided, filter by ANY of these categories (OR)
+            include_expired: If True, include bounties past due date
+
+        Returns:
+            List of non-deleted bounties, sorted by due date
+        """
+        ...
+```
+
+## 2.5 Filtering Logic
+
+- **Single category**: `/bounty -c bug` → bounties with "bug"
+- **Multiple categories (OR)**: `/bounty -c bug,feature` → bounties with "bug" OR "feature"
+- **No filter**: `/bounty` → all bounties (current behavior)
+
+## 2.6 Command Syntax
+
+### Category Management
+```
+/category                      - list categories
+/category add <slug> <name>    - create category (admin)
+/category delete <slug>        - soft delete category (admin)
+```
+
+### Bounty with Category
+```
+/add <text> [link] [date] -cat <slug>     - add with category
+/add <text> [link] [date] -cat <slug1>,<slug2> - add with multiple categories
+
+/update <id> -cat <slug>        - add category to bounty
+/update <id> -cat <slug1>,<slug2> - set categories (replace all)
+/update <id> -cat -             - clear all categories
+/update <id> -remove-cat <slug> - remove specific category
+```
+
+### Bounty Listing with Filter
+```
+/bounty                        - all bounties (current)
+/bounty -c <slug>              - filter by category
+/bounty -c <slug1>,<slug2>    - filter by multiple categories (OR)
+/bounty all                    - show expired (current)
+/bounty all -c <slug>          - show expired + filter by category
+```
+
+### Show Bounty
+```
+/show <id>                     - show bounty details with categories
+```
+
+## 2.7 Display Format
+
+### `/category` output
+```
+Categories:
+- bug → Bug Report
+- feature → Feature Request
+- docs → Documentation
+```
+
+### `/show <id>` output (with categories)
+```
+[#1] Fix login bug
+🔗 https://github.com/...
+📅 15 April 2026 14:30 (Asia/Jakarta)
+📂 Categories: bug | feature
+👤 @username
+📌 Created: 2026-04-01 10:00
+```
+
+### `/bounty -c bug` output
+```
+Filtering with 🐛 bug category:
+Showing 3 of 10 bounties:
+[#5] ...
+[#1] ...
+[#3] ...
+```
+
+### `/bounty -c bug,feature` output
+```
+Filtering with 🐛 bug, ✨ feature categories:
+Showing 5 of 10 bounties:
+[#5] ...
+[#1] ...
+```
+
+## 2.8 Edge Cases
+
+| Scenario | Behavior |
+|----------|----------|
+| Delete category | Soft delete - existing bounties keep category in data, but filter won't find it |
+| Filter by deleted category | Show "No bounties with this category" or error |
+| Add duplicate category to bounty | No-op, return False |
+| Add invalid slug (uppercase/symbols) | Reject with validation error |
+| Category slug conflict | Reject with "Category already exists" |
+| Bounty without categories | `category_ids = []` (backward compatible) |
+
+## 2.9 Test Cases to Add
+
+```python
+# Category Management
+def test_add_category_requires_admin():
+def test_add_category_duplicate_slug_fails():
+def test_add_category_invalid_slug_fails():
+def test_add_category_valid():
+def test_delete_category_soft_deletes():
+def test_deleted_category_not_listed():
+def test_deleted_category_still_in_bounty_data():
+def test_list_categories_empty():
+def test_list_categories_returns_active():
+def test_get_category_not_found():
+def test_get_category_deleted_returns_none():
+
+# Category-to-Bounty
+def test_add_category_to_bounty():
+def test_add_duplicate_category_to_bounty_noop():
+def test_add_category_to_bounty_invalid_category():
+def test_remove_category_from_bounty():
+def test_remove_category_not_on_bounty_returns_false():
+def test_update_bounty_categories_replace_all():
+def test_update_bounty_categories_validates():
+
+# Bounty Listing with Filter
+def test_list_bounties_filter_by_single_category():
+def test_list_bounties_filter_by_multiple_categories_or():
+def test_list_bounties_no_category_returns_all():
+def test_list_bounties_category_excludes_deleted_bounties():
+```
+
+---
+
+# Part III: Implementation Checklist
+
+## Models Layer
+- [ ] Add `Category` dataclass to `core/models.py`
+- [ ] Add `category_ids` field to `Bounty` dataclass
+- [ ] Add `categories` field to `RoomData` dataclass
+
+## Storage Layer
+- [ ] Update `JsonFileRoomStorage.load()` to deserialize categories
+- [ ] Update `JsonFileRoomStorage.save()` to serialize categories
+
+## Service Layer
+- [ ] Implement `add_category()`
+- [ ] Implement `delete_category()`
+- [ ] Implement `list_categories()`
+- [ ] Implement `get_category()`
+- [ ] Implement `add_category_to_bounty()`
+- [ ] Implement `remove_category_from_bounty()`
+- [ ] Implement `update_bounty_categories()`
+- [ ] Update `list_bounties()` to support category filter
+
+## Command Layer
+- [ ] Add `/category` command handler
+- [ ] Add `-cat` flag parsing to `/add`
+- [ ] Add `-cat` and `-remove-cat` flags to `/update`
+- [ ] Add `-c` flag to `/bounty` for category filter
+- [ ] Update `/show` to display categories
+
+## Tests
+- [ ] Add category management tests
+- [ ] Add category-to-bounty tests
+- [ ] Add category filter tests
+
+## Documentation
+- [ ] Update README.md with category feature
+- [ ] Update command help text
+
+---
+
+# Part IV: Open Questions
+
+1. **Category icon/emoji**: Should categories have optional emoji? (Not in initial spec, can add later)
+2. **Category reactivation**: Should soft-deleted categories be reactable? (Not in initial spec)
+3. **Bulk category operations**: Should we support `/category add bulk`? (Not in initial spec)
+
+---
+
+*End of Audit & Specification Document*
--- a/pytest.ini
+++ b/pytest.ini
@@ -0,0 +1,4 @@
+[pytest]
+testpaths = tests
+pythonpath = .
+asyncio_default_fixture_loop_scope = function
--- a/tests/init.py
+++ b/tests/init.py
--- a/tests/test_cli.py
+++ b/tests/test_cli.py
@@ -0,0 +1,375 @@
+"""Tests for cli/main.py — CLI commands with mocked dependencies."""
+
+import pytest
+from unittest.mock import patch, MagicMock
+from io import StringIO
+
+from core.models import Bounty
+from core.ports import RoomStorage, TrackingStorage
+
+
+class MockRoomStorage(RoomStorage):
+    """Mock RoomStorage for testing."""
+
+    def __init__(self):
+        self._rooms: dict[int, dict] = {}
+
+    def load(self, room_id: int) -> dict | None:
+        return self._rooms.get(room_id)
+
+    def save(self, room_data: dict) -> None:
+        self._rooms[room_data["room_id"]] = room_data
+
+    def add_bounty(self, room_id: int, bounty: Bounty) -> None:
+        if room_id not in self._rooms:
+            self._rooms[room_id] = {"room_id": room_id, "bounties": [], "next_id": 1}
+        self._rooms[room_id]["bounties"].append(bounty)
+
+    def update_bounty(self, room_id: int, bounty: Bounty) -> None:
+        if room_id in self._rooms:
+            for i, b in enumerate(self._rooms[room_id]["bounties"]):
+                if b.id == bounty.id:
+                    self._rooms[room_id]["bounties"][i] = bounty
+                    break
+
+    def delete_bounty(self, room_id: int, bounty_id: int) -> None:
+        if room_id in self._rooms:
+            self._rooms[room_id]["bounties"] = [
+                b for b in self._rooms[room_id]["bounties"] if b.id != bounty_id
+            ]
+
+    def get_bounty(self, room_id: int, bounty_id: int) -> Bounty | None:
+        if room_id in self._rooms:
+            for b in self._rooms[room_id]["bounties"]:
+                if b.id == bounty_id:
+                    return b
+        return None
+
+
+class MockTrackingStorage(TrackingStorage):
+    """Mock TrackingStorage for testing."""
+
+    def __init__(self):
+        self._tracking: dict[int, dict] = {}
+
+    def load(self, user_id: int) -> dict | None:
+        return self._tracking.get(user_id)
+
+    def save(self, tracking_data: dict) -> None:
+        self._tracking[tracking_data["user_id"]] = tracking_data
+
+    def track_bounty(self, user_id: int, bounty_id: int, room_id: int) -> bool:
+        if user_id not in self._tracking:
+            self._tracking[user_id] = {"user_id": user_id, "bounty_ids": []}
+        if bounty_id not in self._tracking[user_id]["bounty_ids"]:
+            self._tracking[user_id]["bounty_ids"].append(bounty_id)
+            return True
+        return False
+
+    def untrack_bounty(self, user_id: int, bounty_id: int) -> bool:
+        if user_id in self._tracking:
+            if bounty_id in self._tracking[user_id]["bounty_ids"]:
+                self._tracking[user_id]["bounty_ids"].remove(bounty_id)
+                return True
+        return False
+
+    def get_tracked_bounty_ids(self, user_id: int) -> list[int]:
+        if user_id in self._tracking:
+            return self._tracking[user_id]["bounty_ids"]
+        return []
+
+
+@pytest.fixture
+def mock_services():
+    """Create mock services for CLI testing."""
+    room_storage = MockRoomStorage()
+    tracking_storage = MockTrackingStorage()
+    return room_storage, tracking_storage
+
+
+class TestCLIParsing:
+    """Test CLI argument parsing through main()."""
+
+    def test_add_command_requires_text(self):
+        """Test that 'add' command requires text argument."""
+        from cli.main import main
+
+        with patch("sys.argv", ["jigaido-cli", "add", "--group-id=-1001"]):
+            with patch("cli.main.create_services"):
+                with patch("sys.stderr", new=StringIO()) as stderr:
+                    with pytest.raises(SystemExit):
+                        main()
+                    assert "arguments are required: text" in stderr.getvalue()
+
+    def test_list_command(self):
+        """Test 'list' command parsing."""
+        from cli.main import main
+
+        with patch("sys.argv", ["jigaido-cli", "list", "--group-id=-1001"]):
+            with patch("cli.main.create_services") as mock_create:
+                mock_create.return_value = (MagicMock(), MagicMock())
+                mock_bounty_service = MagicMock()
+                mock_bounty_service.list_bounties.return_value = []
+                mock_create.return_value = (mock_bounty_service, MagicMock())
+
+                with patch("sys.stdout", new=StringIO()) as stdout:
+                    main()
+                    assert "No bounties" in stdout.getvalue()
+
+    def test_my_command(self):
+        """Test 'my' command parsing."""
+        from cli.main import main
+
+        with patch(
+            "sys.argv", ["jigaido-cli", "my", "--group-id=-1001", "--user-id=123"]
+        ):
+            with patch("cli.main.create_services") as mock_create:
+                mock_tracking_service = MagicMock()
+                mock_tracking_service.get_tracked_bounties.return_value = []
+                mock_create.return_value = (MagicMock(), mock_tracking_service)
+
+                with patch("sys.stdout", new=StringIO()) as stdout:
+                    main()
+                    assert "Not tracking any bounties" in stdout.getvalue()
+
+    def test_update_command(self):
+        """Test 'update' command parsing."""
+        from cli.main import main
+
+        with patch(
+            "sys.argv", ["jigaido-cli", "update", "1", "--group-id=-1001", "new text"]
+        ):
+            with patch("cli.main.create_services") as mock_create:
+                mock_bounty_service = MagicMock()
+                mock_bounty_service.update_bounty.return_value = True
+                mock_create.return_value = (mock_bounty_service, MagicMock())
+
+                with patch("sys.stdout", new=StringIO()) as stdout:
+                    main()
+                    assert "Updated bounty #1" in stdout.getvalue()
+
+    def test_delete_command(self):
+        """Test 'delete' command parsing."""
+        from cli.main import main
+
+        with patch("sys.argv", ["jigaido-cli", "delete", "1", "--group-id=-1001"]):
+            with patch("cli.main.create_services") as mock_create:
+                mock_bounty_service = MagicMock()
+                mock_bounty_service.delete_bounty.return_value = True
+                mock_create.return_value = (mock_bounty_service, MagicMock())
+
+                with patch("sys.stdout", new=StringIO()) as stdout:
+                    main()
+                    assert "Deleted bounty #1" in stdout.getvalue()
+
+    def test_track_command(self):
+        """Test 'track' command parsing."""
+        from cli.main import main
+
+        with patch(
+            "sys.argv",
+            ["jigaido-cli", "track", "1", "--group-id=-1001", "--user-id=123"],
+        ):
+            with patch("cli.main.create_services") as mock_create:
+                mock_tracking_service = MagicMock()
+                mock_tracking_service.track_bounty.return_value = True
+                mock_create.return_value = (MagicMock(), mock_tracking_service)
+
+                with patch("sys.stdout", new=StringIO()) as stdout:
+                    main()
+                    assert "Tracking bounty #1" in stdout.getvalue()
+
+    def test_untrack_command(self):
+        """Test 'untrack' command parsing."""
+        from cli.main import main
+
+        with patch(
+            "sys.argv",
+            ["jigaido-cli", "untrack", "1", "--group-id=-1001", "--user-id=123"],
+        ):
+            with patch("cli.main.create_services") as mock_create:
+                mock_tracking_service = MagicMock()
+                mock_tracking_service.untrack_bounty.return_value = True
+                mock_create.return_value = (MagicMock(), mock_tracking_service)
+
+                with patch("sys.stdout", new=StringIO()) as stdout:
+                    main()
+                    assert "Untracked bounty #1" in stdout.getvalue()
+
+
+class TestCLIValidation:
+    """Test CLI input validation."""
+
+    def test_requires_group_id_or_user_id(self):
+        """Test that commands require either --group-id or --user-id."""
+        from cli.main import main
+
+        with patch("sys.argv", ["jigaido-cli", "add", "some text"]):
+            with patch("sys.stderr", new=StringIO()) as stderr:
+                with pytest.raises(SystemExit):
+                    main()
+                assert "group-id or --user-id is required" in stderr.getvalue()
+
+    def test_unknown_command(self):
+        """Test handling of unknown commands."""
+        from cli.main import main
+
+        with patch("sys.argv", ["jigaido-cli", "unknown_cmd", "--group-id=-1001"]):
+            with patch("sys.stderr", new=StringIO()) as stderr:
+                with pytest.raises(SystemExit):
+                    main()
+                assert "invalid choice" in stderr.getvalue()
+
+    def test_update_clear_link_flag(self):
+        """Test update with --clear-link flag."""
+        from cli.main import main
+
+        with patch(
+            "sys.argv",
+            ["jigaido-cli", "update", "1", "--clear-link", "--group-id=-1001"],
+        ):
+            with patch("cli.main.create_services") as mock_create:
+                mock_bounty_service = MagicMock()
+                mock_bounty_service.update_bounty.return_value = True
+                mock_create.return_value = (mock_bounty_service, MagicMock())
+
+                main()
+                mock_bounty_service.update_bounty.assert_called_once()
+                call_kwargs = mock_bounty_service.update_bounty.call_args
+                assert call_kwargs.kwargs.get("clear_link") is True
+
+    def test_update_clear_due_flag(self):
+        """Test update with --clear-due flag."""
+        from cli.main import main
+
+        with patch(
+            "sys.argv",
+            ["jigaido-cli", "update", "1", "--clear-due", "--group-id=-1001"],
+        ):
+            with patch("cli.main.create_services") as mock_create:
+                mock_bounty_service = MagicMock()
+                mock_bounty_service.update_bounty.return_value = True
+                mock_create.return_value = (mock_bounty_service, MagicMock())
+
+                main()
+                mock_bounty_service.update_bounty.assert_called_once()
+                call_kwargs = mock_bounty_service.update_bounty.call_args
+                assert call_kwargs.kwargs.get("clear_due") is True
+
+
+class TestCLIOutput:
+    """Test CLI output formatting."""
+
+    def test_list_shows_bounties(self):
+        """Test that 'list' shows bounty details correctly."""
+        from cli.main import main
+
+        mock_bounty = MagicMock()
+        mock_bounty.id = 1
+        mock_bounty.text = "Fix bug"
+        mock_bounty.link = "https://github.com/issue/1"
+        mock_bounty.due_date_ts = None
+
+        with patch("sys.argv", ["jigaido-cli", "list", "--group-id=-1001"]):
+            with patch("cli.main.create_services") as mock_create:
+                mock_bounty_service = MagicMock()
+                mock_bounty_service.list_bounties.return_value = [mock_bounty]
+                mock_create.return_value = (mock_bounty_service, MagicMock())
+
+                with patch("sys.stdout", new=StringIO()) as stdout:
+                    main()
+                    output = stdout.getvalue()
+                    assert "#1:" in output
+                    assert "Fix bug" in output
+                    assert "https://github.com/issue/1" in output
+
+    def test_list_empty(self):
+        """Test that 'list' shows 'No bounties' when empty."""
+        from cli.main import main
+
+        with patch("sys.argv", ["jigaido-cli", "list", "--group-id=-1001"]):
+            with patch("cli.main.create_services") as mock_create:
+                mock_bounty_service = MagicMock()
+                mock_bounty_service.list_bounties.return_value = []
+                mock_create.return_value = (mock_bounty_service, MagicMock())
+
+                with patch("sys.stdout", new=StringIO()) as stdout:
+                    main()
+                    assert "No bounties" in stdout.getvalue()
+
+    def test_add_output(self):
+        """Test that 'add' outputs the new bounty ID."""
+        from cli.main import main
+
+        mock_bounty = MagicMock()
+        mock_bounty.id = 42
+
+        with patch("sys.argv", ["jigaido-cli", "add", "New task", "--group-id=-1001"]):
+            with patch("cli.main.create_services") as mock_create:
+                mock_bounty_service = MagicMock()
+                mock_bounty_service.add_bounty.return_value = mock_bounty
+                mock_create.return_value = (mock_bounty_service, MagicMock())
+
+                with patch("sys.stdout", new=StringIO()) as stdout:
+                    main()
+                    assert "Added bounty #42" in stdout.getvalue()
+
+
+class TestCLIErrorHandling:
+    """Test CLI error handling."""
+
+    def test_delete_nonexistent_bounty(self):
+        """Test deleting a non-existent bounty."""
+        from cli.main import main
+
+        with patch("sys.argv", ["jigaido-cli", "delete", "999", "--group-id=-1001"]):
+            with patch("cli.main.create_services") as mock_create:
+                mock_bounty_service = MagicMock()
+                mock_bounty_service.delete_bounty.return_value = False
+                mock_create.return_value = (mock_bounty_service, MagicMock())
+
+                with patch("sys.stderr", new=StringIO()) as stderr:
+                    with pytest.raises(SystemExit):
+                        main()
+                    assert "not found" in stderr.getvalue()
+
+    def test_update_permission_error(self):
+        """Test update with permission error."""
+        from cli.main import main
+
+        with patch(
+            "sys.argv",
+            ["jigaido-cli", "update", "1", "new text", "--group-id=-1001"],
+        ):
+            with patch("cli.main.create_services") as mock_create:
+                mock_bounty_service = MagicMock()
+                mock_bounty_service.update_bounty.side_effect = PermissionError(
+                    "Not owner"
+                )
+                mock_create.return_value = (mock_bounty_service, MagicMock())
+
+                with patch("sys.stderr", new=StringIO()) as stderr:
+                    with pytest.raises(SystemExit):
+                        main()
+                    assert "Not owner" in stderr.getvalue()
+
+    def test_track_already_tracking(self):
+        """Test tracking a bounty that's already tracked."""
+        from cli.main import main
+
+        with patch(
+            "sys.argv",
+            ["jigaido-cli", "track", "1", "--group-id=-1001", "--user-id=123"],
+        ):
+            with patch("cli.main.create_services") as mock_create:
+                mock_tracking_service = MagicMock()
+                mock_tracking_service.track_bounty.return_value = False
+                mock_create.return_value = (MagicMock(), mock_tracking_service)
+
+                with patch("sys.stdout", new=StringIO()) as stdout:
+                    main()
+                    assert "Already tracking" in stdout.getvalue()
+
+
+if __name__ == "__main__":
+    pytest.main([__file__, "-v"])
--- a/tests/test_config.py
+++ b/tests/test_config.py
@@ -2,11 +2,9 @@

 import json
 import os
-import tempfile
 from pathlib import Path
 from unittest.mock import patch

-import pytest

 from config import Config, DEFAULT_DATA_DIR

@@ -47,11 +45,28 @@ class TestConfigDataDir:
            assert cfg.bot_token == "test_token_123"

    def test_bot_token_none_when_not_set(self):
-        """Test that bot_token is None when JIGAIDO_BOT_TOKEN not set."""
+        """Test that bot_token is None when JIGAIDO_BOT_TOKEN not set and no config file."""
        with patch.dict(os.environ, {}, clear=True):
+            with patch("pathlib.Path.exists", return_value=False):
                cfg = Config()
                assert cfg.bot_token is None

+    def test_bot_token_from_config_file(self):
+        """Test that bot_token is read from config file when env var not set."""
+        config_dir = Path.home() / ".jigaido"
+        config_file = config_dir / "config.json"
+        with patch.dict(os.environ, {}, clear=True):
+            with patch("pathlib.Path.expanduser", return_value=config_file):
+                with patch("pathlib.Path.exists", return_value=True):
+                    with patch("builtins.open", create=True) as mock_open:
+                        mock_open.return_value.__enter__ = lambda s: s
+                        mock_open.return_value.__exit__ = lambda *a: None
+                        mock_open.return_value.read = lambda: (
+                            '{"JIGAIDO_BOT_TOKEN": "config_token"}'
+                        )
+                        cfg = Config()
+                        assert cfg.bot_token == "config_token"
+

 class TestConfigEnsureDataDir:
    def test_ensure_data_dir_creates_directory(self, tmp_path):
--- a/tests/test_json_file.py
+++ b/tests/test_json_file.py
@@ -0,0 +1,258 @@
+"""Tests for adapters/storage/json_file.py — JSON file storage adapter."""
+
+import json
+import tempfile
+from pathlib import Path
+
+
+from adapters.storage.json_file import JsonFileRoomStorage, JsonFileTrackingStorage
+from core.models import Bounty, RoomData, TrackingData, TrackedBounty
+
+
+class TestJsonFileRoomStorage:
+    """Unit tests for JsonFileRoomStorage."""
+
+    def setup_method(self):
+        """Set up a temporary directory for each test."""
+        self.temp_dir = tempfile.mkdtemp()
+        self.storage = JsonFileRoomStorage(data_dir=Path(self.temp_dir))
+
+    def teardown_method(self):
+        """Clean up temporary directory after each test."""
+        import shutil
+
+        shutil.rmtree(self.temp_dir, ignore_errors=True)
+
+    def _create_bounty(
+        self,
+        id=1,
+        text="Test bounty",
+        link=None,
+        due_date_ts=None,
+        created_at=0,
+        created_by_user_id=123,
+    ):
+        """Helper to create a Bounty."""
+        return Bounty(
+            id=id,
+            text=text,
+            link=link,
+            due_date_ts=due_date_ts,
+            created_at=created_at,
+            created_by_user_id=created_by_user_id,
+        )
+
+    def test_load_returns_none_for_nonexistent_room(self):
+        """Test that load returns None for a room that doesn't exist."""
+        result = self.storage.load(-1001)
+        assert result is None
+
+    def test_save_and_load_room(self):
+        """Test that save and load work correctly."""
+        room = RoomData(room_id=-1001, bounties=[], next_id=1)
+        self.storage.save(room)
+
+        loaded = self.storage.load(-1001)
+        assert loaded is not None
+        assert loaded.room_id == -1001
+        assert loaded.bounties == []
+        assert loaded.next_id == 1
+
+    def test_add_bounty_creates_room(self):
+        """Test that add_bounty creates a room if it doesn't exist."""
+        bounty = self._create_bounty()
+        self.storage.add_bounty(-1001, bounty)
+
+        loaded = self.storage.load(-1001)
+        assert loaded is not None
+        assert len(loaded.bounties) == 1
+        assert loaded.bounties[0].text == "Test bounty"
+
+    def test_add_bounty_increments_next_id(self):
+        """Test that add_bounty properly handles next_id."""
+        bounty1 = self._create_bounty(id=1)
+        bounty2 = self._create_bounty(id=2)
+
+        self.storage.add_bounty(-1001, bounty1)
+        self.storage.add_bounty(-1001, bounty2)
+
+        loaded = self.storage.load(-1001)
+        assert loaded.next_id == 3  # Should be max id + 1
+
+    def test_update_bounty(self):
+        """Test that update_bounty correctly updates a bounty."""
+        bounty = self._create_bounty(id=1, text="Original")
+        self.storage.add_bounty(-1001, bounty)
+
+        updated = self._create_bounty(id=1, text="Updated")
+        self.storage.update_bounty(-1001, updated)
+
+        loaded = self.storage.load(-1001)
+        assert loaded.bounties[0].text == "Updated"
+
+    def test_update_bounty_nonexistent_room(self):
+        """Test that update_bounty does nothing for nonexistent room."""
+        updated = self._create_bounty(id=1, text="Updated")
+        self.storage.update_bounty(-1001, updated)  # Should not raise
+
+        assert self.storage.load(-1001) is None
+
+    def test_get_bounty_found(self):
+        """Test that get_bounty returns the bounty when found."""
+        bounty = self._create_bounty(id=1)
+        self.storage.add_bounty(-1001, bounty)
+
+        result = self.storage.get_bounty(-1001, 1)
+        assert result is not None
+        assert result.text == "Test bounty"
+
+    def test_get_bounty_not_found(self):
+        """Test that get_bounty returns None when not found."""
+        result = self.storage.get_bounty(-1001, 999)
+        assert result is None
+
+    def test_file_path_format(self):
+        """Test that room data is stored in correct location."""
+        room = RoomData(room_id=-1001, bounties=[], next_id=1)
+        self.storage.save(room)
+
+        expected_path = Path(self.temp_dir) / "-1001.json"
+        assert expected_path.exists()
+
+    def test_atomic_write(self):
+        """Test that data is written atomically."""
+        room = RoomData(room_id=-1001, bounties=[], next_id=1)
+        self.storage.save(room)
+
+        # Check that the file is valid JSON
+        file_path = Path(self.temp_dir) / "-1001.json"
+        with open(file_path) as f:
+            data = json.load(f)
+        assert data["room_id"] == -1001
+
+
+class TestJsonFileTrackingStorage:
+    """Unit tests for JsonFileTrackingStorage."""
+
+    def setup_method(self):
+        """Set up a temporary directory for each test."""
+        self.temp_dir = tempfile.mkdtemp()
+        self.storage = JsonFileTrackingStorage(tracking_dir=Path(self.temp_dir))
+
+    def teardown_method(self):
+        """Clean up temporary directory after each test."""
+        import shutil
+
+        shutil.rmtree(self.temp_dir, ignore_errors=True)
+
+    def _create_tracked(self, bounty_id=1, created_at=0):
+        """Helper to create a TrackedBounty."""
+        return TrackedBounty(bounty_id=bounty_id, created_at=created_at)
+
+    def test_load_returns_none_for_nonexistent_tracking(self):
+        """Test that load returns None when no tracking exists."""
+        result = self.storage.load(-1001, 123456)
+        assert result is None
+
+    def test_save_and_load_tracking(self):
+        """Test that save and load work correctly."""
+        tracking = TrackingData(room_id=-1001, user_id=123456, tracked=[])
+        self.storage.save(tracking)
+
+        loaded = self.storage.load(-1001, 123456)
+        assert loaded is not None
+        assert loaded.room_id == -1001
+        assert loaded.user_id == 123456
+
+    def test_track_bounty(self):
+        """Test that track_bounty adds a bounty to tracking."""
+        tracked = self._create_tracked(bounty_id=5)
+        self.storage.track_bounty(-1001, 123456, tracked)
+
+        loaded = self.storage.load(-1001, 123456)
+        assert loaded is not None
+        assert len(loaded.tracked) == 1
+        assert loaded.tracked[0].bounty_id == 5
+
+    def test_untrack_bounty(self):
+        """Test that untrack_bounty removes a bounty from tracking."""
+        tracked = self._create_tracked(bounty_id=5)
+        self.storage.track_bounty(-1001, 123456, tracked)
+        self.storage.untrack_bounty(-1001, 123456, 5)
+
+        loaded = self.storage.load(-1001, 123456)
+        assert loaded is not None
+        assert len(loaded.tracked) == 0
+
+    def test_untrack_bounty_nonexistent(self):
+        """Test that untrack_bounty handles nonexistent tracking gracefully."""
+        self.storage.untrack_bounty(-1001, 123456, 999)  # Should not raise
+
+    def test_file_path_format(self):
+        """Test that tracking data is stored in correct location."""
+        tracked = self._create_tracked(bounty_id=5)
+        self.storage.track_bounty(-1001, 123456, tracked)
+
+        expected_path = Path(self.temp_dir) / "-1001_123456.json"
+        assert expected_path.exists()
+
+    def test_multiple_tracked_bounties(self):
+        """Test tracking multiple bounties."""
+        self.storage.track_bounty(-1001, 123456, self._create_tracked(bounty_id=1))
+        self.storage.track_bounty(-1001, 123456, self._create_tracked(bounty_id=2))
+        self.storage.track_bounty(-1001, 123456, self._create_tracked(bounty_id=3))
+
+        loaded = self.storage.load(-1001, 123456)
+        assert len(loaded.tracked) == 3
+
+    def test_different_users_independent_tracking(self):
+        """Test that different users have independent tracking."""
+        self.storage.track_bounty(-1001, 111, self._create_tracked(bounty_id=1))
+        self.storage.track_bounty(-1001, 222, self._create_tracked(bounty_id=1))
+
+        loaded_111 = self.storage.load(-1001, 111)
+        loaded_222 = self.storage.load(-1001, 222)
+
+        assert len(loaded_111.tracked) == 1
+        assert len(loaded_222.tracked) == 1
+
+
+class TestDuplicateTrackingBehavior:
+    """Test that duplicate tracking is handled correctly.
+
+    Note: The deduplication logic is in the TrackingService layer,
+    not in the adapter. This test verifies the adapter behavior
+    when the same bounty is tracked multiple times (which would only
+    happen if the service layer has a bug).
+    """
+
+    def setup_method(self):
+        """Set up a temporary directory for each test."""
+        self.temp_dir = tempfile.mkdtemp()
+        self.storage = JsonFileTrackingStorage(tracking_dir=Path(self.temp_dir))
+
+    def teardown_method(self):
+        """Clean up temporary directory after each test."""
+        import shutil
+
+        shutil.rmtree(self.temp_dir, ignore_errors=True)
+
+    def test_adapter_allows_duplicate_tracking(self):
+        """The adapter does NOT prevent duplicate tracking.
+
+        This is by design - deduplication should be handled by
+        TrackingService.track_bounty(), not the storage adapter.
+        """
+        # Add same bounty twice via adapter (bypassing service)
+        self.storage.track_bounty(
+            -1001, 123456, TrackedBounty(bounty_id=5, created_at=0)
+        )
+        self.storage.track_bounty(
+            -1001, 123456, TrackedBounty(bounty_id=5, created_at=0)
+        )
+
+        loaded = self.storage.load(-1001, 123456)
+        # Adapter allows duplicates - service should prevent them
+        assert len(loaded.tracked) == 2
+        assert loaded.tracked[0].bounty_id == 5
+        assert loaded.tracked[1].bounty_id == 5
--- a/tests/test_models.py
+++ b/tests/test_models.py
@@ -1,8 +1,6 @@
 """Tests for core/models.py — domain dataclasses."""

-import time

-import pytest

 from core.models import (
    Bounty,
@@ -28,6 +26,22 @@ class TestBounty:
        assert b.due_date_ts == 1735689600
        assert b.created_at == 1735603200
        assert b.created_by_user_id == 123
+        assert b.deleted_at is None
+        assert b.created_by_username is None
+
+    def test_bounty_with_new_fields(self):
+        b = Bounty(
+            id=1,
+            text="Fix the bug",
+            link="https://github.com/example/repo/issues/1",
+            due_date_ts=1735689600,
+            created_at=1735603200,
+            created_by_user_id=123,
+            deleted_at=1736200000,
+            created_by_username="johndoe",
+        )
+        assert b.deleted_at == 1736200000
+        assert b.created_by_username == "johndoe"

    def test_bounty_optional_fields_can_be_none(self):
        b = Bounty(
@@ -41,6 +55,8 @@ class TestBounty:
        assert b.text is None
        assert b.link is None
        assert b.due_date_ts is None
+        assert b.deleted_at is None
+        assert b.created_by_username is None

    def test_bounty_comparison_equal(self):
        b1 = Bounty(
@@ -103,6 +119,8 @@ class TestRoomData:
        assert rd.room_id == -1001
        assert rd.bounties == []
        assert rd.next_id == 1
+        assert rd.timezone is None
+        assert rd.admin_usernames == []

    def test_create_dm_room_data(self):
        rd = RoomData(
@@ -113,6 +131,8 @@ class TestRoomData:
        assert rd.room_id == 123456
        assert rd.bounties == []
        assert rd.next_id == 1
+        assert rd.timezone is None
+        assert rd.admin_usernames == []

    def test_room_data_with_bounties(self):
        b = Bounty(
@@ -128,6 +148,25 @@ class TestRoomData:
        assert rd.bounties[0].text == "Task"
        assert rd.bounties[0].created_by_user_id == 123

+    def test_room_data_with_new_fields(self):
+        rd = RoomData(
+            room_id=-1001,
+            bounties=[],
+            next_id=1,
+            timezone="Asia/Jakarta",
+            admin_usernames=["alice", "bob"],
+        )
+        assert rd.timezone == "Asia/Jakarta"
+        assert rd.admin_usernames == ["alice", "bob"]
+
+    def test_room_data_admin_usernames_defaults_to_empty_list(self):
+        rd = RoomData(
+            room_id=-1001,
+            bounties=[],
+            next_id=1,
+        )
+        assert rd.admin_usernames == []
+

 class TestTrackingData:
    def test_create_tracking_data(self):
--- a/tests/test_ports.py
+++ b/tests/test_ports.py
@@ -1,6 +1,5 @@
 """Tests for core/ports.py — storage interfaces."""

-import pytest

 from core.models import Bounty, RoomData, TrackingData, TrackedBounty
 from core.ports import RoomStorage, TrackingStorage
@@ -35,12 +34,6 @@ class SimpleRoomStorage:
                    self._rooms[room_id].bounties[i] = bounty
                    break

-    def delete_bounty(self, room_id: int, bounty_id: int) -> None:
-        if room_id in self._rooms:
-            self._rooms[room_id].bounties = [
-                b for b in self._rooms[room_id].bounties if b.id != bounty_id
-            ]
-
    def get_bounty(self, room_id: int, bounty_id: int) -> Bounty | None:
        if room_id in self._rooms:
            for b in self._rooms[room_id].bounties:
@@ -48,6 +41,20 @@ class SimpleRoomStorage:
                    return b
        return None

+    def list_bounties(self, room_id: int) -> list[Bounty]:
+        if room_id not in self._rooms:
+            return []
+        return [b for b in self._rooms[room_id].bounties if b.deleted_at is None]
+
+    def list_all_bounties(
+        self, room_id: int, include_deleted: bool = True
+    ) -> list[Bounty]:
+        if room_id not in self._rooms:
+            return []
+        if include_deleted:
+            return self._rooms[room_id].bounties
+        return [b for b in self._rooms[room_id].bounties if b.deleted_at is None]
+

 class SimpleTrackingStorage:
    """Minimal mock without ensure_tracking - tests if track_bounty works without it.
@@ -106,12 +113,6 @@ class MockRoomStorage:
                    self._rooms[room_id].bounties[i] = bounty
                    break

-    def delete_bounty(self, room_id: int, bounty_id: int) -> None:
-        if room_id in self._rooms:
-            self._rooms[room_id].bounties = [
-                b for b in self._rooms[room_id].bounties if b.id != bounty_id
-            ]
-
    def get_bounty(self, room_id: int, bounty_id: int) -> Bounty | None:
        if room_id in self._rooms:
            for b in self._rooms[room_id].bounties:
@@ -119,6 +120,20 @@ class MockRoomStorage:
                    return b
        return None

+    def list_bounties(self, room_id: int) -> list[Bounty]:
+        if room_id not in self._rooms:
+            return []
+        return [b for b in self._rooms[room_id].bounties if b.deleted_at is None]
+
+    def list_all_bounties(
+        self, room_id: int, include_deleted: bool = True
+    ) -> list[Bounty]:
+        if room_id not in self._rooms:
+            return []
+        if include_deleted:
+            return self._rooms[room_id].bounties
+        return [b for b in self._rooms[room_id].bounties if b.deleted_at is None]
+

 class MockTrackingStorage:
    """Mock implementation of TrackingStorage for testing."""
@@ -215,19 +230,6 @@ class TestRoomStorage:
        assert result is not None
        assert result.text == "Updated"

-    def test_delete_bounty(self):
-        storage = MockRoomStorage()
-        bounty = Bounty(
-            id=1,
-            text="Test",
-            link=None,
-            due_date_ts=None,
-            created_at=0,
-            created_by_user_id=123,
-        )
-        storage.add_bounty(-1001, bounty)
-        storage.delete_bounty(-1001, 1)
-        assert storage.get_bounty(-1001, 1) is None


 class TestTrackingStorage:
--- a/tests/test_services.py
+++ b/tests/test_services.py
@@ -1,9 +1,8 @@
 """Tests for core/services.py — business logic services."""

 import pytest
-from unittest.mock import MagicMock

-from core.models import Bounty, RoomData, TrackingData, TrackedBounty
+from core.models import RoomData
 from core.services import BountyService, TrackingService
 from tests.test_ports import MockRoomStorage, MockTrackingStorage

@@ -15,14 +14,30 @@ class TestBountyService:
        """Set up fresh storage and service for each test."""
        self.storage = MockRoomStorage()
        self.service = BountyService(self.storage)
+        self.admin_username = "admin"
+        self._make_admin(-1001, self.admin_username)
+
+    def _make_admin(self, room_id: int, username: str):
+        """Helper to set up a room with an admin user."""
+        room_data = self.storage.load(room_id)
+        if room_data is None:
+            room_data = RoomData(
+                room_id=room_id, bounties=[], next_id=0, admin_usernames=[]
+            )
+        if username not in (room_data.admin_usernames or []):
+            room_data.admin_usernames = room_data.admin_usernames or []
+            room_data.admin_usernames.append(username)
+        self.storage.save(room_data)

    def test_add_bounty_creates_room_if_not_exists(self):
        """Test that add_bounty creates a new room if it doesn't exist."""
        bounty = self.service.add_bounty(
            room_id=-1001,
            user_id=123,
+            username=self.admin_username,
            text="Fix bug",
            link="https://github.com/issue/1",
+            created_by_username=self.admin_username,
        )
        assert bounty.id == 1
        assert bounty.text == "Fix bug"
@@ -34,14 +49,27 @@ class TestBountyService:

    def test_add_bounty_increments_id(self):
        """Test that add_bounty increments bounty ID for each new bounty."""
-        b1 = self.service.add_bounty(room_id=-1001, user_id=123, text="First")
-        b2 = self.service.add_bounty(room_id=-1001, user_id=123, text="Second")
-        b3 = self.service.add_bounty(room_id=-1001, user_id=123, text="Third")
+        b1 = self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="First"
+        )
+        b2 = self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="Second"
+        )
+        b3 = self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="Third"
+        )

        assert b1.id == 1
        assert b2.id == 2
        assert b3.id == 3

+    def test_add_bounty_requires_admin(self):
+        """Test that add_bounty raises PermissionError when non-admin tries to add."""
+        with pytest.raises(PermissionError, match="Only admins can add bounties"):
+            self.service.add_bounty(
+                room_id=-1001, user_id=999, username="nonadmin", text="Not admin"
+            )
+
    def test_list_bounties_empty_room(self):
        """Test list_bounties returns empty list for non-existent room."""
        bounties = self.service.list_bounties(-1001)
@@ -49,9 +77,17 @@ class TestBountyService:

    def test_list_bounties_returns_all_bounties(self):
        """Test list_bounties returns all bounties in a room."""
-        self.service.add_bounty(room_id=-1001, user_id=123, text="First")
-        self.service.add_bounty(room_id=-1001, user_id=123, text="Second")
-        self.service.add_bounty(room_id=-999, user_id=123, text="Other room")
+        self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="First"
+        )
+        self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="Second"
+        )
+        # Add bounty to different room to verify isolation
+        self._make_admin(-999, "otheradmin")
+        self.service.add_bounty(
+            room_id=-999, user_id=456, username="otheradmin", text="Other room"
+        )

        bounties = self.service.list_bounties(-1001)
        assert len(bounties) == 2
@@ -59,7 +95,9 @@ class TestBountyService:

    def test_get_bounty_found(self):
        """Test get_bounty returns bounty when it exists."""
-        created = self.service.add_bounty(room_id=-1001, user_id=123, text="Test")
+        created = self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="Test"
+        )
        found = self.service.get_bounty(-1001, created.id)
        assert found is not None
        assert found.text == "Test"
@@ -71,31 +109,37 @@ class TestBountyService:

    def test_get_bounty_wrong_room(self):
        """Test get_bounty returns None when bounty is in different room."""
-        self.service.add_bounty(room_id=-1001, user_id=123, text="Test")
+        self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="Test"
+        )
        found = self.service.get_bounty(-999, 1)  # room -999 doesn't have bounty 1
        assert found is None

    def test_update_bounty_success(self):
-        """Test update_bounty succeeds when creator updates their bounty."""
-        bounty = self.service.add_bounty(room_id=-1001, user_id=123, text="Original")
+        """Test update_bounty succeeds when admin updates their bounty."""
+        bounty = self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="Original"
+        )
        result = self.service.update_bounty(
            room_id=-1001,
            bounty_id=bounty.id,
-            user_id=123,
+            username=self.admin_username,
            text="Updated",
        )
        assert result is True
        updated = self.service.get_bounty(-1001, bounty.id)
        assert updated.text == "Updated"

-    def test_update_bounty_not_creator_raises_permission_error(self):
-        """Test update_bounty raises PermissionError when non-creator tries to update."""
-        bounty = self.service.add_bounty(room_id=-1001, user_id=123, text="Original")
-        with pytest.raises(PermissionError, match="Only the creator can edit"):
+    def test_update_bounty_not_admin_raises_permission_error(self):
+        """Test update_bounty raises PermissionError when non-admin tries to update."""
+        bounty = self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="Original"
+        )
+        with pytest.raises(PermissionError, match="Only admins can edit bounties"):
            self.service.update_bounty(
                room_id=-1001,
                bounty_id=bounty.id,
-                user_id=999,  # different user
+                username="nonadmin",  # different user, not admin
                text="Hacked",
            )

@@ -104,7 +148,7 @@ class TestBountyService:
        result = self.service.update_bounty(
            room_id=-1001,
            bounty_id=999,
-            user_id=123,
+            username=self.admin_username,
            text="Updated",
        )
        assert result is False
@@ -114,13 +158,14 @@ class TestBountyService:
        bounty = self.service.add_bounty(
            room_id=-1001,
            user_id=123,
+            username=self.admin_username,
            text="Original",
            link="https://original.link",
        )
        self.service.update_bounty(
            room_id=-1001,
            bounty_id=bounty.id,
-            user_id=123,
+            username=self.admin_username,
            text="Updated only text",
        )
        updated = self.service.get_bounty(-1001, bounty.id)
@@ -132,36 +177,86 @@ class TestBountyService:
        bounty = self.service.add_bounty(
            room_id=-1001,
            user_id=123,
+            username=self.admin_username,
            text="Test",
            link="https://original.link",
        )
        self.service.update_bounty(
            room_id=-1001,
            bounty_id=bounty.id,
-            user_id=123,
+            username=self.admin_username,
            clear_link=True,
        )
        updated = self.service.get_bounty(-1001, bounty.id)
        assert updated.link is None

    def test_delete_bounty_success(self):
-        """Test delete_bounty succeeds when creator deletes their bounty."""
-        bounty = self.service.add_bounty(room_id=-1001, user_id=123, text="To delete")
-        result = self.service.delete_bounty(-1001, bounty.id, 123)
+        """Test delete_bounty soft deletes when admin deletes their bounty."""
+        bounty = self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="To delete"
+        )
+        result = self.service.delete_bounty(-1001, bounty.id, self.admin_username)
        assert result is True
+        # Soft delete - bounty should not be found via get_bounty
        assert self.service.get_bounty(-1001, bounty.id) is None
+        # But still exists in list_deleted_bounties
+        deleted = self.service.list_deleted_bounties(-1001)
+        assert len(deleted) == 1
+        assert deleted[0].id == bounty.id

-    def test_delete_bounty_not_creator_raises_permission_error(self):
-        """Test delete_bounty raises PermissionError when non-creator tries to delete."""
-        bounty = self.service.add_bounty(room_id=-1001, user_id=123, text="To delete")
-        with pytest.raises(PermissionError, match="Only the creator can delete"):
-            self.service.delete_bounty(-1001, bounty.id, 999)  # different user
+    def test_delete_bounty_not_admin_raises_permission_error(self):
+        """Test delete_bounty raises PermissionError when non-admin tries to delete."""
+        bounty = self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="To delete"
+        )
+        with pytest.raises(PermissionError, match="Only admins can delete bounties"):
+            self.service.delete_bounty(-1001, bounty.id, "nonadmin")

    def test_delete_bounty_not_found(self):
        """Test delete_bounty returns False when bounty doesn't exist."""
-        result = self.service.delete_bounty(-1001, 999, 123)
+        result = self.service.delete_bounty(-1001, 999, self.admin_username)
        assert result is False

+    def test_delete_bounties_multi_id_success(self):
+        """Test delete_bounties returns individual results for multiple bounties."""
+        bounty1 = self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="To delete 1"
+        )
+        bounty2 = self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="To delete 2"
+        )
+        results = self.service.delete_bounties(
+            -1001, [bounty1.id, bounty2.id], self.admin_username
+        )
+        assert results == {bounty1.id: "deleted", bounty2.id: "deleted"}
+        # Verify both are soft deleted
+        assert self.service.get_bounty(-1001, bounty1.id) is None
+        assert self.service.get_bounty(-1001, bounty2.id) is None
+
+    def test_delete_bounties_mixed_results(self):
+        """Test delete_bounties returns not_found for non-existent bounties."""
+        bounty = self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="To delete"
+        )
+        results = self.service.delete_bounties(
+            -1001, [bounty.id, 999, 888], self.admin_username
+        )
+        assert results == {bounty.id: "deleted", 999: "not_found", 888: "not_found"}
+
+    def test_delete_bounties_permission_denied(self):
+        """Test delete_bounties returns permission_denied for non-admin users."""
+        bounty = self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text="To delete"
+        )
+        results = self.service.delete_bounties(
+            -1001,
+            [bounty.id],
+            "nonadmin",  # non-admin user
+        )
+        assert results == {bounty.id: "permission_denied"}
+        # Verify bounty was NOT deleted
+        assert self.service.get_bounty(-1001, bounty.id) is not None
+

 class TestTrackingService:
    """Unit tests for TrackingService."""
@@ -171,11 +266,31 @@ class TestTrackingService:
        self.room_storage = MockRoomStorage()
        self.tracking_storage = MockTrackingStorage()
        self.service = TrackingService(self.tracking_storage, self.room_storage)
+        self.admin_username = "admin"
+        self._make_admin(-1001, self.admin_username)

-    def _add_bounty(self, room_id=-1001, user_id=123, text="Test bounty"):
+    def _make_admin(self, room_id: int, username: str):
+        """Helper to set up a room with an admin user."""
+        room_data = self.room_storage.load(room_id)
+        if room_data is None:
+            room_data = RoomData(
+                room_id=room_id, bounties=[], next_id=0, admin_usernames=[]
+            )
+        if username not in (room_data.admin_usernames or []):
+            room_data.admin_usernames = room_data.admin_usernames or []
+            room_data.admin_usernames.append(username)
+        self.room_storage.save(room_data)
+
+    def _add_bounty(self, room_id=-1001, username="admin", text="Test bounty"):
        """Helper to add a bounty for tracking tests."""
+        if self.room_storage.load(room_id) is None or username not in (
+            self.room_storage.load(room_id).admin_usernames or []
+        ):
+            self._make_admin(room_id, username)
        bounty_service = BountyService(self.room_storage)
-        return bounty_service.add_bounty(room_id=room_id, user_id=user_id, text=text)
+        return bounty_service.add_bounty(
+            room_id=room_id, user_id=123, username=username, text=text
+        )

    def test_track_bounty_success(self):
        """Test track_bounty successfully tracks a bounty."""
@@ -263,11 +378,13 @@ class TestTrackingService:
    def test_get_tracked_bounties_ignores_deleted_bounties(self):
        """Test get_tracked_bounties ignores bounties that were deleted."""
        bounty_service = BountyService(self.room_storage)
-        bounty = bounty_service.add_bounty(room_id=-1001, user_id=123, text="To delete")
+        bounty = bounty_service.add_bounty(
+            room_id=-1001, user_id=123, username="admin", text="To delete"
+        )
        self.service.track_bounty(-1001, 123456, bounty.id)

        # Delete the bounty
-        bounty_service.delete_bounty(-1001, bounty.id, 123)
+        bounty_service.delete_bounty(-1001, bounty.id, "admin")

        tracked = self.service.get_tracked_bounties(-1001, 123456)
        assert len(tracked) == 0  # deleted bounty not returned
@@ -287,3 +404,283 @@ class TestTrackingService:
        assert len(tracked_room2) == 1
        assert tracked_room1[0].text == "Room 1"
        assert tracked_room2[0].text == "Room 2"
+
+
+class TestCategoryService:
+    """Unit tests for category management."""
+
+    def setup_method(self):
+        """Set up fresh storage and service for each test."""
+        self.storage = MockRoomStorage()
+        self.service = BountyService(self.storage)
+        self.admin_username = "admin"
+        self._make_admin(-1001, self.admin_username)
+
+    def _make_admin(self, room_id: int, username: str):
+        """Helper to set up a room with an admin user."""
+        room_data = self.storage.load(room_id)
+        if room_data is None:
+            room_data = RoomData(
+                room_id=room_id, bounties=[], next_id=0, admin_usernames=[]
+            )
+        if username not in (room_data.admin_usernames or []):
+            room_data.admin_usernames = room_data.admin_usernames or []
+            room_data.admin_usernames.append(username)
+        self.storage.save(room_data)
+
+    def _add_bounty(self, text="Test bounty"):
+        """Helper to add a bounty for category tests."""
+        return self.service.add_bounty(
+            room_id=-1001, user_id=123, username=self.admin_username, text=text
+        )
+
+    # Category Management Tests
+
+    def test_add_category_requires_admin(self):
+        """Test that add_category raises PermissionError for non-admin."""
+        with pytest.raises(PermissionError, match="Only admins can add categories"):
+            self.service.add_category(-1001, "bug", "Bug Report", "nonadmin")
+
+    def test_add_category_duplicate_slug_fails(self):
+        """Test that adding a duplicate category slug raises ValueError."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+        with pytest.raises(ValueError, match="already exists"):
+            self.service.add_category(-1001, "bug", "Bug Report 2", self.admin_username)
+
+    def test_add_category_invalid_slug_fails_uppercase(self):
+        """Test that uppercase slug raises ValueError."""
+        with pytest.raises(ValueError, match="lowercase alphabetic only"):
+            self.service.add_category(-1001, "Bug", "Bug Report", self.admin_username)
+
+    def test_add_category_invalid_slug_fails_with_numbers(self):
+        """Test that slug with numbers raises ValueError."""
+        with pytest.raises(ValueError, match="lowercase alphabetic only"):
+            self.service.add_category(-1001, "bug1", "Bug 1", self.admin_username)
+
+    def test_add_category_invalid_slug_fails_with_symbols(self):
+        """Test that slug with symbols raises ValueError."""
+        with pytest.raises(ValueError, match="lowercase alphabetic only"):
+            self.service.add_category(-1001, "bug-fix", "Bug Fix", self.admin_username)
+
+    def test_add_category_invalid_slug_fails_empty(self):
+        """Test that empty slug raises ValueError."""
+        with pytest.raises(ValueError, match="lowercase alphabetic only"):
+            self.service.add_category(-1001, "", "Empty", self.admin_username)
+
+    def test_add_category_valid(self):
+        """Test that valid category can be created."""
+        category = self.service.add_category(
+            -1001, "bug", "Bug Report", self.admin_username
+        )
+        assert category.id == "bug"
+        assert category.name == "Bug Report"
+        assert category.created_at > 0
+        assert category.deleted_at is None
+
+    def test_delete_category_soft_deletes(self):
+        """Test that delete_category performs soft delete."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+        result = self.service.delete_category(-1001, "bug", self.admin_username)
+        assert result is True
+
+        # Category should not be found via get_category
+        assert self.service.get_category(-1001, "bug") is None
+
+        # But should still be in raw room data (soft delete)
+        room_data = self.storage.load(-1001)
+        for cat in room_data.categories:
+            if cat.id == "bug":
+                assert cat.deleted_at is not None
+                return
+        assert False, "Category should still exist in storage"
+
+    def test_deleted_category_not_listed(self):
+        """Test that list_categories excludes soft-deleted categories."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+        self.service.delete_category(-1001, "bug", self.admin_username)
+
+        categories = self.service.list_categories(-1001)
+        assert len(categories) == 0
+        assert not any(cat.id == "bug" for cat in categories)
+
+    def test_list_categories_empty(self):
+        """Test that list_categories returns empty list for room with no categories."""
+        categories = self.service.list_categories(-1001)
+        assert categories == []
+
+    def test_list_categories_returns_active(self):
+        """Test that list_categories returns only active categories."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+        self.service.add_category(-1001, "feature", "Feature Request", self.admin_username)
+        self.service.add_category(-1001, "docs", "Documentation", self.admin_username)
+        self.service.delete_category(-1001, "bug", self.admin_username)
+
+        categories = self.service.list_categories(-1001)
+        assert len(categories) == 2
+        category_ids = [c.id for c in categories]
+        assert "feature" in category_ids
+        assert "docs" in category_ids
+        assert "bug" not in category_ids
+
+    def test_get_category_not_found(self):
+        """Test that get_category returns None for non-existent category."""
+        category = self.service.get_category(-1001, "nonexistent")
+        assert category is None
+
+    def test_get_category_deleted_returns_none(self):
+        """Test that get_category returns None for soft-deleted category."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+        self.service.delete_category(-1001, "bug", self.admin_username)
+
+        category = self.service.get_category(-1001, "bug")
+        assert category is None
+
+    def test_add_category_requires_admin_non_existent_room(self):
+        """Test that add_category works for non-existent room (creates it)."""
+        self._make_admin(-9999, self.admin_username)
+        category = self.service.add_category(
+            -9999, "bug", "Bug Report", self.admin_username
+        )
+        assert category.id == "bug"
+
+    # Category-to-Bounty Association Tests
+
+    def test_add_category_to_bounty(self):
+        """Test adding category to a bounty."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+        bounty = self._add_bounty()
+
+        result = self.service.add_category_to_bounty(
+            -1001, bounty.id, "bug", self.admin_username
+        )
+        assert result is True
+
+        updated_bounty = self.service.get_bounty(-1001, bounty.id)
+        assert "bug" in updated_bounty.category_ids
+
+    def test_add_duplicate_category_to_bounty_noop(self):
+        """Test that adding duplicate category returns False."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+        bounty = self._add_bounty()
+
+        self.service.add_category_to_bounty(-1001, bounty.id, "bug", self.admin_username)
+        result = self.service.add_category_to_bounty(
+            -1001, bounty.id, "bug", self.admin_username
+        )
+        assert result is False
+
+    def test_add_category_to_bounty_invalid_bounty(self):
+        """Test that adding category to non-existent bounty raises ValueError."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+
+        with pytest.raises(ValueError, match="Bounty not found"):
+            self.service.add_category_to_bounty(-1001, 999, "bug", self.admin_username)
+
+    def test_add_category_to_bounty_invalid_category(self):
+        """Test that adding non-existent category raises ValueError."""
+        bounty = self._add_bounty()
+
+        with pytest.raises(ValueError, match="not found"):
+            self.service.add_category_to_bounty(
+                -1001, bounty.id, "nonexistent", self.admin_username
+            )
+
+    def test_remove_category_from_bounty(self):
+        """Test removing category from a bounty."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+        bounty = self._add_bounty()
+        self.service.add_category_to_bounty(-1001, bounty.id, "bug", self.admin_username)
+
+        result = self.service.remove_category_from_bounty(
+            -1001, bounty.id, "bug", self.admin_username
+        )
+        assert result is True
+
+        updated_bounty = self.service.get_bounty(-1001, bounty.id)
+        assert "bug" not in updated_bounty.category_ids
+
+    def test_remove_category_not_on_bounty_returns_false(self):
+        """Test that removing category not on bounty returns False."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+        bounty = self._add_bounty()
+
+        result = self.service.remove_category_from_bounty(
+            -1001, bounty.id, "bug", self.admin_username
+        )
+        assert result is False
+
+    def test_update_bounty_categories_replace_all(self):
+        """Test that update_bounty_categories replaces all categories."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+        self.service.add_category(-1001, "feature", "Feature Request", self.admin_username)
+        self.service.add_category(-1001, "docs", "Documentation", self.admin_username)
+        bounty = self._add_bounty()
+
+        # Add initial categories
+        self.service.add_category_to_bounty(-1001, bounty.id, "bug", self.admin_username)
+
+        # Replace with different categories
+        self.service.update_bounty_categories(
+            -1001, bounty.id, ["feature", "docs"], self.admin_username
+        )
+
+        updated_bounty = self.service.get_bounty(-1001, bounty.id)
+        assert updated_bounty.category_ids == ["feature", "docs"]
+
+    def test_update_bounty_categories_clear_all(self):
+        """Test that update_bounty_categories can clear all categories."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+        bounty = self._add_bounty()
+        self.service.add_category_to_bounty(-1001, bounty.id, "bug", self.admin_username)
+
+        self.service.update_bounty_categories(-1001, bounty.id, [], self.admin_username)
+
+        updated_bounty = self.service.get_bounty(-1001, bounty.id)
+        assert updated_bounty.category_ids == []
+
+    def test_update_bounty_categories_validates(self):
+        """Test that update_bounty_categories validates all slugs."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+        bounty = self._add_bounty()
+
+        with pytest.raises(ValueError, match="not found"):
+            self.service.update_bounty_categories(
+                -1001, bounty.id, ["bug", "nonexistent"], self.admin_username
+            )
+
+    def test_add_category_to_bounty_requires_admin(self):
+        """Test that adding category to bounty requires admin."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+        bounty = self._add_bounty()
+
+        with pytest.raises(PermissionError, match="Only admins"):
+            self.service.add_category_to_bounty(
+                -1001, bounty.id, "bug", "nonadmin"
+            )
+
+    def test_remove_category_from_bounty_requires_admin(self):
+        """Test that removing category from bounty requires admin."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+        bounty = self._add_bounty()
+        self.service.add_category_to_bounty(-1001, bounty.id, "bug", self.admin_username)
+
+        with pytest.raises(PermissionError, match="Only admins"):
+            self.service.remove_category_from_bounty(
+                -1001, bounty.id, "bug", "nonadmin"
+            )
+
+    def test_update_bounty_categories_requires_admin(self):
+        """Test that updating bounty categories requires admin."""
+        bounty = self._add_bounty()
+
+        with pytest.raises(PermissionError, match="Only admins"):
+            self.service.update_bounty_categories(
+                -1001, bounty.id, ["bug"], "nonadmin"
+            )
+
+    def test_delete_category_requires_admin(self):
+        """Test that deleting category requires admin."""
+        self.service.add_category(-1001, "bug", "Bug Report", self.admin_username)
+
+        with pytest.raises(PermissionError, match="Only admins"):
+            self.service.delete_category(-1001, "bug", "nonadmin")