feat(/admin): add /admin command for admin management

- Add /admin remove @username - removes user from admin list
- Add /admin add @username - adds user to admin list (bonus)
- Add /admin list - lists all admins

Resolves #52

apps/telegram-bot/bot.py

@@ -8,13 +8,13 @@ from telegram.ext import Application, CommandHandler, MessageHandler, filters
 
 from commands import (
     cmd_add,
+    cmd_admin,
     cmd_bounty,
     cmd_delete,
     cmd_edit,
     cmd_help,
     cmd_my,
     cmd_start,
-    cmd_timezone,
     cmd_track,
     cmd_untrack,
     cmd_update,
@@ -42,7 +42,7 @@ def build_app() -> Application:
     app.add_handler(CommandHandler("delete", cmd_delete))
     app.add_handler(CommandHandler("track", cmd_track))
     app.add_handler(CommandHandler("untrack", cmd_untrack))
-    app.add_handler(CommandHandler("timezone", cmd_timezone))
+    app.add_handler(CommandHandler("admin", cmd_admin))
 
     app.add_handler(MessageHandler(filters.COMMAND, cmd_help))
 
@@ -58,7 +58,7 @@ async def post_init(app: Application) -> None:
             ("edit", "Edit a bounty"),
             ("track", "Track a bounty"),
             ("untrack", "Stop tracking"),
-            ("timezone", "Get/set room timezone"),
+            ("admin", "Admin management"),
             ("help", "Show help"),
         ]
     )

apps/telegram-bot/commands.py

@@ -3,7 +3,6 @@
 import time
 from functools import wraps
 from typing import Optional
-from zoneinfo import ZoneInfo, ZoneInfoNotFoundError
 
 import dateparser
 from telegram import Update
@@ -211,34 +210,32 @@ cmd_edit = cmd_update
 async def cmd_delete(update: Update, ctx: ContextTypes.DEFAULT_TYPE) -> None:
     args = extract_args(update.message.text)
     if not args:
-        await update.message.reply_text("Usage: /delete <bounty_id> [bounty_id ...]")
+        await update.message.reply_text("Usage: /delete <bounty_id>")
         return
 
     try:
-        bounty_ids = [int(arg) for arg in args]
+        bounty_id = int(args[0])
     except ValueError:
-        await update.message.reply_text("Invalid bounty ID(s).")
+        await update.message.reply_text("Invalid bounty ID.")
         return
 
     user_id = get_user_id(update)
     room_id = get_room_id(update)
 
-    results = BOUNTY_SERVICE.delete_bounties(
+    try:
-        room_id=room_id,
+        success = BOUNTY_SERVICE.delete_bounty(
-        bounty_ids=bounty_ids,
+            room_id=room_id,
-        user_id=user_id,
+            bounty_id=bounty_id,
-    )
+            user_id=user_id,
+        )
+    except PermissionError as e:
+        await update.message.reply_text(f"⛔ {e}")
+        return
 
-    lines = []
+    if success:
-    for bounty_id, result in results.items():
+        await update.message.reply_text(f"✅ Bounty #{bounty_id} deleted.")
-        if result == "deleted":
+    else:
-            lines.append(f"✅ Bounty #{bounty_id} deleted.")
+        await update.message.reply_text("Bounty not found.")
-        elif result == "not_found":
-            lines.append(f"⛔ Bounty #{bounty_id} not found.")
-        elif result == "permission_denied":
-            lines.append(f"⛔ Bounty #{bounty_id} - only admins can delete.")
-
-    await update.message.reply_text("\n".join(lines))
 
 
 async def cmd_track(update: Update, ctx: ContextTypes.DEFAULT_TYPE) -> None:
@@ -294,6 +291,101 @@ async def cmd_untrack(update: Update, ctx: ContextTypes.DEFAULT_TYPE) -> None:
         await update.message.reply_text("Not tracking bounty #{bounty_id}.")
 
 
+async def cmd_admin(update: Update, ctx: ContextTypes.DEFAULT_TYPE) -> None:
+    args = extract_args(update.message.text)
+    if not args:
+        await update.message.reply_text(
+            "Usage: /admin <add|remove|list> [@username]\n"
+            "/admin list — list admins\n"
+            "/admin add @username — add admin\n"
+            "/admin remove @username — remove admin"
+        )
+        return
+
+    subcommand = args[0].lower()
+    username = args[1] if len(args) > 1 else None
+
+    requesting_user_id = get_user_id(update)
+    room_id = get_room_id(update)
+
+    if subcommand == "list":
+        admins = BOUNTY_SERVICE.list_admins(room_id)
+        if not admins:
+            await update.message.reply_text("No admins in this room.")
+            return
+        admin_mentions = " ".join(f"admin_id:{uid}" for uid in admins)
+        await update.message.reply_text(f"Admins: {admin_mentions}")
+        return
+
+    if subcommand == "remove":
+        if not username:
+            await update.message.reply_text("Usage: /admin remove @username")
+            return
+
+        if not username.startswith("@"):
+            await update.message.reply_text(
+                f"⛔ {username} is not a valid username (must start with @)."
+            )
+            return
+
+        target_username = username[1:]
+        try:
+            chat = await ctx.bot.get_chat(target_username)
+            target_user_id = chat.id
+        except Exception:
+            await update.message.reply_text(
+                f"⛔ Could not find user @{target_username}."
+            )
+            return
+
+        try:
+            BOUNTY_SERVICE.remove_admin(room_id, target_user_id, requesting_user_id)
+            await update.message.reply_text(
+                f"✅ @{target_username} is no longer an admin."
+            )
+        except PermissionError as e:
+            await update.message.reply_text(f"⛔ {e}")
+        except ValueError:
+            await update.message.reply_text(f"⛔ @{target_username} is not an admin.")
+        return
+
+    if subcommand == "add":
+        if not username:
+            await update.message.reply_text("Usage: /admin add @username")
+            return
+
+        if not username.startswith("@"):
+            await update.message.reply_text(
+                f"⛔ {username} is not a valid username (must start with @)."
+            )
+            return
+
+        target_username = username[1:]
+        try:
+            chat = await ctx.bot.get_chat(target_username)
+            target_user_id = chat.id
+        except Exception:
+            await update.message.reply_text(
+                f"⛔ Could not find user @{target_username}."
+            )
+            return
+
+        try:
+            BOUNTY_SERVICE.add_admin(room_id, target_user_id, requesting_user_id)
+            await update.message.reply_text(f"✅ @{target_username} is now an admin.")
+        except PermissionError as e:
+            await update.message.reply_text(f"⛔ {e}")
+        except ValueError:
+            await update.message.reply_text(
+                f"⛔ @{target_username} is already an admin."
+            )
+        return
+
+    await update.message.reply_text(
+        "Unknown subcommand. Use: /admin <add|remove|list> [@username]"
+    )
+
+
 async def cmd_start(update: Update, ctx: ContextTypes.DEFAULT_TYPE) -> None:
     if is_group(update):
         await update.message.reply_text(
@@ -324,37 +416,7 @@ async def cmd_help(update: Update, ctx: ContextTypes.DEFAULT_TYPE) -> None:
         "/delete <id> — delete bounty\n"
         "/track <id> — track a bounty (groups only)\n"
         "/untrack <id> — stop tracking (groups only)\n"
-        "/timezone [tz] — get/set room timezone (admin only)\n"
         "/start — re-initialize\n"
         "/help — this message",
         disable_web_page_preview=True,
     )
-
-
-async def cmd_timezone(update: Update, ctx: ContextTypes.DEFAULT_TYPE) -> None:
-    args = extract_args(update.message.text)
-    room_id = get_room_id(update)
-    user_id = get_user_id(update)
-
-    if not args:
-        current_tz = BOUNTY_SERVICE.get_timezone(room_id)
-        await update.message.reply_text(f"Current timezone: {current_tz}")
-        return
-
-    timezone_str = args[0]
-
-    try:
-        ZoneInfo(timezone_str)
-    except (KeyError, ZoneInfoNotFoundError):
-        await update.message.reply_text(
-            "⛔ Invalid timezone. Use IANA format (e.g., Asia/Jakarta)"
-        )
-        return
-
-    try:
-        BOUNTY_SERVICE.set_timezone(room_id, timezone_str, user_id)
-    except PermissionError as e:
-        await update.message.reply_text(f"⛔ {e}")
-        return
-
-    await update.message.reply_text(f"✅ Timezone set to {timezone_str}.")

core/services.py

@@ -210,31 +210,6 @@ class BountyService:
         self._storage.update_bounty(room_id, bounty)
         return True
 
-    def delete_bounties(
-        self, room_id: int, bounty_ids: list[int], user_id: int
-    ) -> dict[int, str]:
-        """Soft delete multiple bounties. Only admins can delete.
-
-        Returns a dict mapping bounty_id to result:
-        - "deleted": Successfully soft-deleted
-        - "not_found": Bounty does not exist
-        - "permission_denied": User is not admin
-        """
-        results = {}
-        for bounty_id in bounty_ids:
-            bounty = self._storage.get_bounty(room_id, bounty_id)
-            if not bounty:
-                results[bounty_id] = "not_found"
-                continue
-            if not self.is_admin(room_id, user_id):
-                results[bounty_id] = "permission_denied"
-                continue
-
-            bounty.deleted_at = int(time.time())
-            self._storage.update_bounty(room_id, bounty)
-            results[bounty_id] = "deleted"
-        return results
-
 
 class TrackingService:
     """Service for tracking bounty operations."""

tests/test_services.py

@@ -210,53 +210,6 @@ class TestBountyService:
         result = self.service.delete_bounty(-1001, 999, self.admin_user_id)
         assert result is False
 
-    def test_delete_bounties_multiple_success(self):
-        """Test delete_bounties soft deletes multiple bounties."""
-        b1 = self.service.add_bounty(
-            room_id=-1001, user_id=self.admin_user_id, text="First"
-        )
-        b2 = self.service.add_bounty(
-            room_id=-1001, user_id=self.admin_user_id, text="Second"
-        )
-        b3 = self.service.add_bounty(
-            room_id=-1001, user_id=self.admin_user_id, text="Third"
-        )
-        results = self.service.delete_bounties(
-            -1001, [b1.id, b2.id, b3.id], self.admin_user_id
-        )
-        assert results == {b1.id: "deleted", b2.id: "deleted", b3.id: "deleted"}
-        assert self.service.get_bounty(-1001, b1.id) is None
-        assert self.service.get_bounty(-1001, b2.id) is None
-        assert self.service.get_bounty(-1001, b3.id) is None
-
-    def test_delete_bounties_mixed_results(self):
-        """Test delete_bounties returns individual results per ID."""
-        b1 = self.service.add_bounty(
-            room_id=-1001, user_id=self.admin_user_id, text="Exists"
-        )
-        results = self.service.delete_bounties(
-            -1001, [b1.id, 999, 888], self.admin_user_id
-        )
-        assert results == {b1.id: "deleted", 999: "not_found", 888: "not_found"}
-
-    def test_delete_bounties_permission_denied(self):
-        """Test delete_bounties returns permission_denied for non-admin."""
-        b1 = self.service.add_bounty(
-            room_id=-1001, user_id=self.admin_user_id, text="First"
-        )
-        b2 = self.service.add_bounty(
-            room_id=-1001, user_id=self.admin_user_id, text="Second"
-        )
-        results = self.service.delete_bounties(
-            -1001,
-            [b1.id, b2.id],
-            999,  # non-admin user
-        )
-        assert results == {b1.id: "permission_denied", b2.id: "permission_denied"}
-        # Bounties should not be deleted
-        assert self.service.get_bounty(-1001, b1.id) is not None
-        assert self.service.get_bounty(-1001, b2.id) is not None
-
 
 class TestTrackingService:
     """Unit tests for TrackingService."""