feat: implement /timezone command to get/set room timezone

- Add cmd_timezone handler for /timezone command
- Validate timezone using IANA format (zoneinfo.ZoneInfo)
- Use existing BountyService.get_timezone and set_timezone methods
- Admin-only permission via service layer
- Update help text and bot command list
- Fixes #53

apps/telegram-bot/bot.py

@@ -14,6 +14,7 @@ from commands import (
     cmd_help,
     cmd_my,
     cmd_start,
+    cmd_timezone,
     cmd_track,
     cmd_untrack,
     cmd_update,
@@ -41,6 +42,7 @@ def build_app() -> Application:
     app.add_handler(CommandHandler("delete", cmd_delete))
     app.add_handler(CommandHandler("track", cmd_track))
     app.add_handler(CommandHandler("untrack", cmd_untrack))
+    app.add_handler(CommandHandler("timezone", cmd_timezone))
 
     app.add_handler(MessageHandler(filters.COMMAND, cmd_help))
 
@@ -56,6 +58,7 @@ async def post_init(app: Application) -> None:
             ("edit", "Edit a bounty"),
             ("track", "Track a bounty"),
             ("untrack", "Stop tracking"),
+            ("timezone", "Get/set room timezone"),
             ("help", "Show help"),
         ]
     )

apps/telegram-bot/commands.py

@@ -3,6 +3,7 @@
 import time
 from functools import wraps
 from typing import Optional
+from zoneinfo import ZoneInfo, ZoneInfoNotFoundError
 
 import dateparser
 from telegram import Update
@@ -210,32 +211,34 @@ cmd_edit = cmd_update
 async def cmd_delete(update: Update, ctx: ContextTypes.DEFAULT_TYPE) -> None:
     args = extract_args(update.message.text)
     if not args:
-        await update.message.reply_text("Usage: /delete <bounty_id>")
+        await update.message.reply_text("Usage: /delete <bounty_id> [bounty_id ...]")
         return
 
     try:
-        bounty_id = int(args[0])
+        bounty_ids = [int(arg) for arg in args]
     except ValueError:
-        await update.message.reply_text("Invalid bounty ID.")
+        await update.message.reply_text("Invalid bounty ID(s).")
         return
 
     user_id = get_user_id(update)
     room_id = get_room_id(update)
 
-    try:
+    results = BOUNTY_SERVICE.delete_bounties(
-        success = BOUNTY_SERVICE.delete_bounty(
+        room_id=room_id,
-            room_id=room_id,
+        bounty_ids=bounty_ids,
-            bounty_id=bounty_id,
+        user_id=user_id,
-            user_id=user_id,
+    )
-        )
-    except PermissionError as e:
-        await update.message.reply_text(f"⛔ {e}")
-        return
 
-    if success:
+    lines = []
-        await update.message.reply_text(f"✅ Bounty #{bounty_id} deleted.")
+    for bounty_id, result in results.items():
-    else:
+        if result == "deleted":
-        await update.message.reply_text("Bounty not found.")
+            lines.append(f"✅ Bounty #{bounty_id} deleted.")
+        elif result == "not_found":
+            lines.append(f"⛔ Bounty #{bounty_id} not found.")
+        elif result == "permission_denied":
+            lines.append(f"⛔ Bounty #{bounty_id} - only admins can delete.")
+
+    await update.message.reply_text("\n".join(lines))
 
 
 async def cmd_track(update: Update, ctx: ContextTypes.DEFAULT_TYPE) -> None:
@@ -321,7 +324,37 @@ async def cmd_help(update: Update, ctx: ContextTypes.DEFAULT_TYPE) -> None:
         "/delete <id> — delete bounty\n"
         "/track <id> — track a bounty (groups only)\n"
         "/untrack <id> — stop tracking (groups only)\n"
+        "/timezone [tz] — get/set room timezone (admin only)\n"
         "/start — re-initialize\n"
         "/help — this message",
         disable_web_page_preview=True,
     )
+
+
+async def cmd_timezone(update: Update, ctx: ContextTypes.DEFAULT_TYPE) -> None:
+    args = extract_args(update.message.text)
+    room_id = get_room_id(update)
+    user_id = get_user_id(update)
+
+    if not args:
+        current_tz = BOUNTY_SERVICE.get_timezone(room_id)
+        await update.message.reply_text(f"Current timezone: {current_tz}")
+        return
+
+    timezone_str = args[0]
+
+    try:
+        ZoneInfo(timezone_str)
+    except (KeyError, ZoneInfoNotFoundError):
+        await update.message.reply_text(
+            "⛔ Invalid timezone. Use IANA format (e.g., Asia/Jakarta)"
+        )
+        return
+
+    try:
+        BOUNTY_SERVICE.set_timezone(room_id, timezone_str, user_id)
+    except PermissionError as e:
+        await update.message.reply_text(f"⛔ {e}")
+        return
+
+    await update.message.reply_text(f"✅ Timezone set to {timezone_str}.")

core/services.py

@@ -210,6 +210,31 @@ class BountyService:
         self._storage.update_bounty(room_id, bounty)
         return True
 
+    def delete_bounties(
+        self, room_id: int, bounty_ids: list[int], user_id: int
+    ) -> dict[int, str]:
+        """Soft delete multiple bounties. Only admins can delete.
+
+        Returns a dict mapping bounty_id to result:
+        - "deleted": Successfully soft-deleted
+        - "not_found": Bounty does not exist
+        - "permission_denied": User is not admin
+        """
+        results = {}
+        for bounty_id in bounty_ids:
+            bounty = self._storage.get_bounty(room_id, bounty_id)
+            if not bounty:
+                results[bounty_id] = "not_found"
+                continue
+            if not self.is_admin(room_id, user_id):
+                results[bounty_id] = "permission_denied"
+                continue
+
+            bounty.deleted_at = int(time.time())
+            self._storage.update_bounty(room_id, bounty)
+            results[bounty_id] = "deleted"
+        return results
+
 
 class TrackingService:
     """Service for tracking bounty operations."""

tests/test_services.py

@@ -210,6 +210,53 @@ class TestBountyService:
         result = self.service.delete_bounty(-1001, 999, self.admin_user_id)
         assert result is False
 
+    def test_delete_bounties_multiple_success(self):
+        """Test delete_bounties soft deletes multiple bounties."""
+        b1 = self.service.add_bounty(
+            room_id=-1001, user_id=self.admin_user_id, text="First"
+        )
+        b2 = self.service.add_bounty(
+            room_id=-1001, user_id=self.admin_user_id, text="Second"
+        )
+        b3 = self.service.add_bounty(
+            room_id=-1001, user_id=self.admin_user_id, text="Third"
+        )
+        results = self.service.delete_bounties(
+            -1001, [b1.id, b2.id, b3.id], self.admin_user_id
+        )
+        assert results == {b1.id: "deleted", b2.id: "deleted", b3.id: "deleted"}
+        assert self.service.get_bounty(-1001, b1.id) is None
+        assert self.service.get_bounty(-1001, b2.id) is None
+        assert self.service.get_bounty(-1001, b3.id) is None
+
+    def test_delete_bounties_mixed_results(self):
+        """Test delete_bounties returns individual results per ID."""
+        b1 = self.service.add_bounty(
+            room_id=-1001, user_id=self.admin_user_id, text="Exists"
+        )
+        results = self.service.delete_bounties(
+            -1001, [b1.id, 999, 888], self.admin_user_id
+        )
+        assert results == {b1.id: "deleted", 999: "not_found", 888: "not_found"}
+
+    def test_delete_bounties_permission_denied(self):
+        """Test delete_bounties returns permission_denied for non-admin."""
+        b1 = self.service.add_bounty(
+            room_id=-1001, user_id=self.admin_user_id, text="First"
+        )
+        b2 = self.service.add_bounty(
+            room_id=-1001, user_id=self.admin_user_id, text="Second"
+        )
+        results = self.service.delete_bounties(
+            -1001,
+            [b1.id, b2.id],
+            999,  # non-admin user
+        )
+        assert results == {b1.id: "permission_denied", b2.id: "permission_denied"}
+        # Bounties should not be deleted
+        assert self.service.get_bounty(-1001, b1.id) is not None
+        assert self.service.get_bounty(-1001, b2.id) is not None
+
 
 class TestTrackingService:
     """Unit tests for TrackingService."""