From a53bb099648a3ab54265826356105cc33a803b5a Mon Sep 17 00:00:00 2001
From: InfernoXuaI <1391197588@qq.com>
Date: Wed, 20 May 2026 15:39:02 +0800
Subject: [PATCH] Initial commit

---
 .env.example                |   16 +
 .gitignore                  |   13 +
 LICENSE                     |   21 +
 README.md                   |  287 +++++++
 app.py                      | 1524 +++++++++++++++++++++++++++++++++++
 config.example.yaml         |   47 ++
 requirements.txt            |   10 +
 systemd/tg-watchbot.service |   22 +
 8 files changed, 1940 insertions(+)
 create mode 100644 .env.example
 create mode 100644 .gitignore
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100644 app.py
 create mode 100644 config.example.yaml
 create mode 100644 requirements.txt
 create mode 100644 systemd/tg-watchbot.service

diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..39601e9
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,16 @@
+# tg-watchbot environment
+# Create a bot with @BotFather, then put the token here.
+TELEGRAM_BOT_TOKEN=
+
+# Telegram numeric chat id that receives monitor notifications and user messages.
+ADMIN_CHAT_ID=
+
+LOG_LEVEL=INFO
+
+# Web admin panel. Bind to localhost by default; use a reverse proxy / Cloudflare Tunnel if exposing it.
+WEB_PANEL_ENABLED=true
+WEB_PANEL_HOST=127.0.0.1
+WEB_PANEL_PORT=8765
+WEB_PANEL_USER=admin
+WEB_PANEL_PASSWORD=change-me
+WEB_PANEL_SESSION_SECRET=
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..32f3211
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,13 @@
+.env
+config.yaml
+memory.md
+*.log
+*.sqlite3
+*.sqlite3-*
+__pycache__/
+*.pyc
+.venv/
+venv/
+.pytest_cache/
+.ruff_cache/
+.DS_Store
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..14fac91
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..775a628
--- /dev/null
+++ b/README.md
@@ -0,0 +1,287 @@
+# tg-watchbot
+
+tg-watchbot 是一个轻量级 Python 服务，把 **Telegram 双向客服机器人** 和 **Web/RSS 监控推送** 合在一起：
+
+- 普通用户私聊 Bot，消息会转发给管理员；
+- 管理员可以直接回复、主动发文字/图片、封禁/备注用户；
+- 后台定时监控 RSS 或网页，命中关键词、新条目、价格/库存变化后推送给管理员；
+- 自带一个 Web 管理面板，可配置监控目标、编辑 YAML、查看收件箱和日志。
+
+项目为单文件应用，适合个人服务器、NAT 小鸡、轻量 VPS 直接用 systemd 跑。
+
+## 功能
+
+### Telegram 双向机器人
+
+- 使用官方 Telegram Bot API，不做 userbot/selfbot。
+- `/start` 建立用户和管理员之间的联系。
+- 用户消息先写入 SQLite，再转发给管理员，避免转发失败时丢消息。
+- 管理员可通过“回复转发消息”直接回给原用户。
+- 支持显式命令：
+  - `/reply <user_id> <内容>`：给指定用户发文字；
+  - `/sendpic <user_id> [说明]`：给指定用户发图片；
+  - `/block <user_id>`：封禁用户；
+  - `/unblock <user_id>`：解封用户；
+  - `/note <user_id> <备注>`：给用户加备注；
+  - `/who <user_id>`：查看用户信息；
+  - `/cancel`：取消待发送图片。
+- 普通用户有简单限流，防止刷屏。
+
+### Web/RSS 监控
+
+- 支持两类监控：
+  - `rss`：解析 RSS/Atom 条目；
+  - `web`：用 CSS selector 抓网页条目、标题、链接、价格、库存。
+- 支持触发条件：
+  - 关键词命中；
+  - 新条目；
+  - 价格变化；
+  - 库存变化。
+- 支持论坛 RSS 增强字段：作者、分类、tags、摘要。
+- 支持去重，避免同一条反复推送。
+- 支持屏蔽词、作者、分类过滤（YAML 高级配置）。
+- 默认最低监控间隔为 60 秒。
+
+### Web 管理面板
+
+- 登录页 + HttpOnly session cookie，不使用丑陋的浏览器 Basic Auth。
+- 监控列表、新增、编辑、删除、手动检查、预览。
+- NodeSeek / Linux.do RSS 模板。
+- 批量新增监控。
+- YAML 高级编辑。
+- Bot Token / 管理员 ID / 面板账号配置页。
+- 收件箱页面，可查看用户消息和重试转发。
+- 主动发消息页面 `/send`，发送成功后会在页面显示结果，并给管理员聊天发送确认提醒。
+- 自动清理监控/RSS/网站状态数据；不会删除用户、收件箱、双向对话消息。
+- 日志页面和健康检查 `/health`。
+
+## 借鉴 / 使用的开源库
+
+本项目的业务逻辑为自写，主要使用并参考了以下开源库的公开 API 和常见用法：
+
+- [`aiogram`](https://github.com/aiogram/aiogram)：Telegram Bot API、命令、消息处理、复制/发送消息。
+- [`FastAPI`](https://github.com/fastapi/fastapi)：Web 管理面板、表单、路由、中间件。
+- [`Uvicorn`](https://github.com/encode/uvicorn)：ASGI 服务运行。
+- [`APScheduler`](https://github.com/agronholm/apscheduler)：异步定时监控任务。
+- [`httpx`](https://github.com/encode/httpx)：异步 HTTP 抓取。
+- [`feedparser`](https://github.com/kurtmckee/feedparser)：RSS/Atom 解析。
+- [`Beautiful Soup`](https://www.crummy.com/software/BeautifulSoup/)：HTML 解析和 CSS selector 抽取。
+- [`PyYAML`](https://pyyaml.org/)：`config.yaml` 配置读写。
+- [`python-dotenv`](https://github.com/theskumar/python-dotenv)：读取 `.env`。
+- Python 标准库 `sqlite3`：消息、用户、去重、监控状态持久化。
+
+## 安全 / 脱敏说明
+
+- 仓库不包含真实 `TELEGRAM_BOT_TOKEN`、`ADMIN_CHAT_ID`、面板密码、Session Secret、数据库、日志。
+- 真实配置放在 `.env`，不要提交。
+- `.gitignore` 已忽略 `.env`、SQLite、日志、虚拟环境和缓存。
+- 如果要把面板暴露到公网，建议使用 Cloudflare Access / 反代鉴权，并使用强密码。
+- Bot 只能给“已经主动私聊过 Bot 的用户”发消息，这是 Telegram Bot API 的限制。
+
+## 快速开始
+
+```bash
+git clone <YOUR_REPO_URL> tg-watchbot
+cd tg-watchbot
+python3 -m venv .venv
+./.venv/bin/pip install -U pip
+./.venv/bin/pip install -r requirements.txt
+cp .env.example .env
+cp config.example.yaml config.yaml
+nano .env
+```
+
+至少填写：
+
+```dotenv
+TELEGRAM_BOT_TOKEN=<your_bot_token>
+ADMIN_CHAT_ID=<your_admin_chat_id>
+WEB_PANEL_USER=admin
+WEB_PANEL_PASSWORD=<strong_password>
+```
+
+启动：
+
+```bash
+./.venv/bin/python app.py
+```
+
+打开面板：
+
+```text
+http://127.0.0.1:8765
+```
+
+如果只是先配置面板、还没有 Telegram Token：
+
+```bash
+./.venv/bin/python app.py --panel-only
+```
+
+手动跑一次监控：
+
+```bash
+./.venv/bin/python app.py --run-once
+```
+
+## systemd 部署
+
+推荐部署到 `/opt/tg-watchbot`：
+
+```bash
+sudo useradd --system --no-create-home --shell /usr/sbin/nologin tg-watchbot || true
+sudo mkdir -p /opt/tg-watchbot
+sudo chown -R "$USER:$USER" /opt/tg-watchbot
+
+cd /opt/tg-watchbot
+git clone <YOUR_REPO_URL> .
+python3 -m venv .venv
+./.venv/bin/pip install -U pip
+./.venv/bin/pip install -r requirements.txt
+cp .env.example .env
+cp config.example.yaml config.yaml
+nano .env
+
+sudo chown -R tg-watchbot:tg-watchbot /opt/tg-watchbot
+sudo chmod 600 /opt/tg-watchbot/.env
+sudo cp systemd/tg-watchbot.service /etc/systemd/system/tg-watchbot.service
+sudo systemctl daemon-reload
+sudo systemctl enable --now tg-watchbot
+sudo journalctl -u tg-watchbot -f
+```
+
+健康检查：
+
+```bash
+curl http://127.0.0.1:8765/health
+```
+
+## 配置说明
+
+### `.env`
+
+| 变量 | 说明 |
+|---|---|
+| `TELEGRAM_BOT_TOKEN` | BotFather 创建的 Telegram Bot Token |
+| `ADMIN_CHAT_ID` | 管理员 Telegram 数字 chat id，用于接收用户消息和监控通知 |
+| `LOG_LEVEL` | 日志级别，默认 `INFO` |
+| `WEB_PANEL_ENABLED` | 是否启用 Web 面板，默认 `true` |
+| `WEB_PANEL_HOST` | 面板监听地址，默认 `127.0.0.1` |
+| `WEB_PANEL_PORT` | 面板端口，默认 `8765` |
+| `WEB_PANEL_USER` | 面板用户名 |
+| `WEB_PANEL_PASSWORD` | 面板密码 |
+| `WEB_PANEL_SESSION_SECRET` | Session Secret，留空会自动生成并写回 `.env` |
+
+### `config.yaml`
+
+监控数据自动清理示例：
+
+```yaml
+cleanup:
+  enabled: true
+  interval_minutes: 60              # 每多少分钟执行一次清理
+  monitor_retention_minutes: 1440   # RSS/网站监控状态保留多久
+```
+
+清理范围只包括：
+
+- `monitor_state`：网站/RSS 条目状态、价格/库存状态；
+- `sent_events`：监控推送去重记录。
+
+不会删除：
+
+- `users`；
+- `message_map`；
+- `inbox_messages`；
+- 任何双向对话/客服消息记录。
+
+RSS 示例：
+
+```yaml
+monitors:
+  - name: NodeSeek 新帖
+    type: rss
+    url: https://rss.nodeseek.com/
+    interval_seconds: 60
+    keywords:
+      - VPS
+      - 优惠
+    exclude_keywords:
+      - 出号
+    authors: []
+    categories: []
+    notify_on:
+      keyword_match: true
+      new_item: true
+      price_change: false
+      stock_change: false
+    forum: true
+```
+
+网页示例：
+
+```yaml
+monitors:
+  - name: Example Deals
+    type: web
+    url: https://example.com/deals
+    interval_seconds: 300
+    keywords:
+      - discount
+    selectors:
+      item: article, .deal, li
+      title: h1, h2, h3, a
+      link: a
+      price: .price
+      stock: .stock
+    notify_on:
+      keyword_match: true
+      new_item: true
+      price_change: true
+      stock_change: true
+```
+
+## 管理命令
+
+管理员在 Telegram 里可用：
+
+```text
+/reply <user_id> <内容>
+/sendpic <user_id> [图片说明]
+/block <user_id>
+/unblock <user_id>
+/note <user_id> <备注>
+/who <user_id>
+/cancel
+```
+
+也可以直接“回复 Bot 转发给管理员的用户消息”，Bot 会按映射把回复发回原用户。
+
+## 面板路由
+
+| 路由 | 说明 |
+|---|---|
+| `/` | 监控列表 |
+| `/monitor/new` | 新增监控 |
+| `/monitor/templates` | 论坛模板 |
+| `/monitor/bulk` | 批量新增 |
+| `/monitor/{idx}/preview` | 预览抓取结果，不写入状态、不推送 |
+| `/monitor/{idx}/run` | 手动检查单个监控 |
+| `/run-once` | 手动检查全部监控 |
+| `/yaml` | YAML 高级编辑 |
+| `/settings` | `.env` 设置和监控清理策略 |
+| `/send` | 主动发消息给已私聊过 Bot 的用户 |
+| `/inbox` | 收件箱 |
+| `/logs` | 日志 |
+| `/health` | 健康检查 |
+
+## 注意事项
+
+- Telegram Bot 不能主动私聊陌生人；对方必须先给 Bot 发过 `/start` 或任意消息。
+- 对公网暴露 Web 面板前，务必改默认密码。
+- RSS 监控建议 60 秒起步；网页监控建议更保守，避免对目标站造成压力。
+- 媒体消息当前只保证记录文本/说明和转发状态；转发失败后的媒体补发需要额外做本地附件存储。
+
+## License
+
+MIT
diff --git a/app.py b/app.py
new file mode 100644
index 0000000..66dae04
--- /dev/null
+++ b/app.py
@@ -0,0 +1,1524 @@
+#!/usr/bin/env python3
+"""tg-watchbot: Telegram two-way support bot + web/RSS monitor.
+
+- Official Telegram Bot API via aiogram (no userbot/selfbot).
+- SQLite state for dedupe, users, admin-message mapping, blocks, notes, monitor state.
+- APScheduler async jobs for monitoring.
+"""
+
+from __future__ import annotations
+
+import argparse
+import asyncio
+import hashlib
+import html
+import logging
+import os
+import re
+import secrets
+import signal
+import sqlite3
+import time
+from contextlib import closing
+from dataclasses import dataclass
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any
+from urllib.parse import urljoin
+
+import feedparser
+import httpx
+import yaml
+from apscheduler.schedulers.asyncio import AsyncIOScheduler
+from bs4 import BeautifulSoup
+from dotenv import load_dotenv
+
+from aiogram import Bot, Dispatcher, F, Router
+from aiogram.enums import ParseMode
+from aiogram.exceptions import TelegramAPIError
+from aiogram.filters import Command, CommandObject
+from aiogram.types import Message
+from aiogram.client.default import DefaultBotProperties
+from fastapi import Depends, FastAPI, Form, HTTPException, Request, Response, status
+from fastapi.responses import HTMLResponse, RedirectResponse, PlainTextResponse
+import uvicorn
+
+BASE_DIR = Path(__file__).resolve().parent
+DB_PATH = BASE_DIR / "tg-watchbot.sqlite3"
+CONFIG_PATH = BASE_DIR / "config.yaml"
+ENV_PATH = BASE_DIR / ".env"
+LOG_PATH = BASE_DIR / "tg-watchbot.log"
+MIN_INTERVAL_SECONDS = 60
+
+DEFAULT_UA = (
+    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 "
+    "(KHTML, like Gecko) Chrome/124.0 Safari/537.36 tg-watchbot/1.0"
+)
+
+logger = logging.getLogger("tg-watchbot")
+router = Router()
+bot: Bot | None = None
+admin_chat_id: int | None = None
+config: dict[str, Any] = {}
+rate_buckets: dict[int, list[float]] = {}
+pending_sendpic: dict[int, dict[str, Any]] = {}
+scheduler_ref: AsyncIOScheduler | None = None
+
+
+def setup_logging(level: str = "INFO") -> None:
+    LOG_PATH.parent.mkdir(parents=True, exist_ok=True)
+    logging.basicConfig(
+        level=getattr(logging, level.upper(), logging.INFO),
+        format="%(asctime)s %(levelname)s %(name)s: %(message)s",
+        handlers=[logging.StreamHandler(), logging.FileHandler(LOG_PATH, encoding="utf-8")],
+    )
+
+
+def load_config() -> dict[str, Any]:
+    if not CONFIG_PATH.exists():
+        raise FileNotFoundError(f"missing config: {CONFIG_PATH}")
+    with CONFIG_PATH.open("r", encoding="utf-8") as f:
+        data = yaml.safe_load(f) or {}
+    return data
+
+
+def monitor_cleanup_settings() -> dict[str, int | bool]:
+    cleanup = (config.get("cleanup") or {}) if isinstance(config, dict) else {}
+    return {
+        "enabled": bool(cleanup.get("enabled", True)),
+        "interval_minutes": max(1, int(cleanup.get("interval_minutes", 60))),
+        "retention_minutes": max(1, int(cleanup.get("monitor_retention_minutes", 1440))),
+    }
+
+
+def db() -> sqlite3.Connection:
+    conn = sqlite3.connect(DB_PATH)
+    conn.row_factory = sqlite3.Row
+    return conn
+
+
+def init_db() -> None:
+    with closing(db()) as conn:
+        conn.executescript(
+            """
+            PRAGMA journal_mode=WAL;
+            CREATE TABLE IF NOT EXISTS users (
+                user_id INTEGER PRIMARY KEY,
+                username TEXT,
+                full_name TEXT,
+                note TEXT DEFAULT '',
+                blocked INTEGER DEFAULT 0,
+                created_at TEXT NOT NULL,
+                updated_at TEXT NOT NULL
+            );
+            CREATE TABLE IF NOT EXISTS message_map (
+                admin_chat_id INTEGER NOT NULL,
+                admin_message_id INTEGER NOT NULL,
+                user_id INTEGER NOT NULL,
+                user_message_id INTEGER,
+                created_at TEXT NOT NULL,
+                PRIMARY KEY (admin_chat_id, admin_message_id)
+            );
+            CREATE TABLE IF NOT EXISTS sent_events (
+                event_key TEXT PRIMARY KEY,
+                monitor_name TEXT NOT NULL,
+                title TEXT,
+                link TEXT,
+                created_at TEXT NOT NULL
+            );
+            CREATE TABLE IF NOT EXISTS monitor_state (
+                monitor_name TEXT NOT NULL,
+                item_key TEXT NOT NULL,
+                price TEXT,
+                stock TEXT,
+                title TEXT,
+                link TEXT,
+                updated_at TEXT NOT NULL,
+                PRIMARY KEY (monitor_name, item_key)
+            );
+            CREATE TABLE IF NOT EXISTS inbox_messages (
+                id INTEGER PRIMARY KEY AUTOINCREMENT,
+                user_id INTEGER NOT NULL,
+                username TEXT,
+                full_name TEXT,
+                user_message_id INTEGER,
+                message_type TEXT,
+                text TEXT,
+                forwarded INTEGER DEFAULT 0,
+                admin_header_message_id INTEGER,
+                admin_copy_message_id INTEGER,
+                created_at TEXT NOT NULL,
+                forwarded_at TEXT,
+                error TEXT
+            );
+            """
+        )
+        conn.commit()
+
+
+def now_iso() -> str:
+    return datetime.now(timezone.utc).astimezone().isoformat(timespec="seconds")
+
+
+def html_escape(text: Any) -> str:
+    return html.escape(str(text or ""), quote=False)
+
+
+def user_display(message: Message) -> tuple[int, str, str | None]:
+    u = message.from_user
+    if not u:
+        return 0, "unknown", None
+    full = " ".join(x for x in [u.first_name, u.last_name] if x).strip() or str(u.id)
+    return u.id, full, u.username
+
+
+def upsert_user(user_id: int, full_name: str, username: str | None) -> None:
+    ts = now_iso()
+    with closing(db()) as conn:
+        conn.execute(
+            """
+            INSERT INTO users(user_id, username, full_name, created_at, updated_at)
+            VALUES(?, ?, ?, ?, ?)
+            ON CONFLICT(user_id) DO UPDATE SET
+                username=excluded.username,
+                full_name=excluded.full_name,
+                updated_at=excluded.updated_at
+            """,
+            (user_id, username, full_name, ts, ts),
+        )
+        conn.commit()
+
+
+def get_user(user_id: int) -> sqlite3.Row | None:
+    with closing(db()) as conn:
+        return conn.execute("SELECT * FROM users WHERE user_id=?", (user_id,)).fetchone()
+
+
+def is_blocked(user_id: int) -> bool:
+    row = get_user(user_id)
+    return bool(row and row["blocked"])
+
+
+def set_block(user_id: int, blocked: bool) -> None:
+    with closing(db()) as conn:
+        conn.execute(
+            "UPDATE users SET blocked=?, updated_at=? WHERE user_id=?",
+            (1 if blocked else 0, now_iso(), user_id),
+        )
+        conn.commit()
+
+
+def set_note(user_id: int, note: str) -> None:
+    with closing(db()) as conn:
+        conn.execute("UPDATE users SET note=?, updated_at=? WHERE user_id=?", (note, now_iso(), user_id))
+        conn.commit()
+
+
+def rate_limited(user_id: int) -> bool:
+    rl = (config.get("bot") or {}).get("rate_limit") or {}
+    window = int(rl.get("window_seconds", 10))
+    max_messages = int(rl.get("max_messages", 3))
+    t = time.time()
+    bucket = [x for x in rate_buckets.get(user_id, []) if t - x <= window]
+    bucket.append(t)
+    rate_buckets[user_id] = bucket
+    return len(bucket) > max_messages
+
+
+def save_message_map(admin_msg: Message, user_id: int, user_message_id: int | None) -> None:
+    with closing(db()) as conn:
+        conn.execute(
+            "INSERT OR REPLACE INTO message_map(admin_chat_id, admin_message_id, user_id, user_message_id, created_at) VALUES(?,?,?,?,?)",
+            (admin_msg.chat.id, admin_msg.message_id, user_id, user_message_id, now_iso()),
+        )
+        conn.commit()
+
+
+
+
+def create_inbox_message(message: Message, user_id: int, full_name: str, username: str | None) -> int:
+    msg_type = "text" if message.text else (message.content_type or "message")
+    text = message.text or message.caption or ""
+    with closing(db()) as conn:
+        cur = conn.execute(
+            """
+            INSERT INTO inbox_messages(user_id, username, full_name, user_message_id, message_type, text, created_at)
+            VALUES(?,?,?,?,?,?,?)
+            """,
+            (user_id, username, full_name, message.message_id, msg_type, text, now_iso()),
+        )
+        conn.commit()
+        return int(cur.lastrowid)
+
+
+def mark_inbox_forwarded(inbox_id: int, header_id: int | None = None, copy_id: int | None = None) -> None:
+    with closing(db()) as conn:
+        conn.execute(
+            "UPDATE inbox_messages SET forwarded=1, admin_header_message_id=?, admin_copy_message_id=?, forwarded_at=?, error=NULL WHERE id=?",
+            (header_id, copy_id, now_iso(), inbox_id),
+        )
+        conn.commit()
+
+
+def mark_inbox_error(inbox_id: int, error: str) -> None:
+    with closing(db()) as conn:
+        conn.execute("UPDATE inbox_messages SET error=? WHERE id=?", (error[:1000], inbox_id))
+        conn.commit()
+
+
+def pending_inbox(limit: int = 50) -> list[sqlite3.Row]:
+    with closing(db()) as conn:
+        return list(conn.execute("SELECT * FROM inbox_messages WHERE forwarded=0 ORDER BY id ASC LIMIT ?", (limit,)).fetchall())
+
+
+def lookup_reply_target(admin_chat: int, admin_message_id: int) -> int | None:
+    with closing(db()) as conn:
+        row = conn.execute(
+            "SELECT user_id FROM message_map WHERE admin_chat_id=? AND admin_message_id=?",
+            (admin_chat, admin_message_id),
+        ).fetchone()
+        return int(row["user_id"]) if row else None
+
+
+def parse_user_id_and_text(args: str | None) -> tuple[int, str]:
+    if not args:
+        raise ValueError("缺少参数")
+    parts = args.strip().split(maxsplit=1)
+    if len(parts) < 2:
+        raise ValueError("格式应为：/reply <user_id> <内容>")
+    return int(parts[0]), parts[1]
+
+
+def parse_user_id(args: str | None) -> int:
+    if not args:
+        raise ValueError("缺少 user_id")
+    return int(args.strip().split()[0])
+
+
+def parse_user_id_and_optional_text(args: str | None) -> tuple[int, str]:
+    if not args:
+        raise ValueError("缺少 user_id")
+    parts = args.strip().split(maxsplit=1)
+    uid = int(parts[0])
+    caption = parts[1] if len(parts) > 1 else ""
+    return uid, caption
+
+
+def describe_sendpic_target(user_id: int) -> str:
+    row = get_user(user_id)
+    if not row:
+        return str(user_id)
+    username = f"@{row['username']}" if row['username'] else ""
+    full_name = row['full_name'] or str(user_id)
+    return f"{full_name} {username}".strip()
+
+
+async def admin_send(text: str) -> None:
+    if not bot or admin_chat_id is None:
+        logger.error("admin_send called before bot/admin init: %s", text)
+        return
+    try:
+        await bot.send_message(admin_chat_id, text, disable_web_page_preview=False)
+    except Exception:
+        logger.exception("failed to send admin notification")
+
+
+def is_admin_chat(message: Message) -> bool:
+    """Dynamic admin-chat filter."""
+    return admin_chat_id is not None and message.chat.id == admin_chat_id
+
+
+def is_admin_action_message(message: Message) -> bool:
+    """Only catch admin messages that are part of an action flow.
+
+    A broad admin-chat handler would swallow ordinary admin messages before the
+    fallback handler. Keep it narrow: reply-to-user and /sendpic photo flow only.
+    """
+    if not is_admin_chat(message):
+        return False
+    if pending_sendpic.get(message.chat.id):
+        return True
+    return bool(message.reply_to_message and message.text)
+
+
+@router.message(Command("start"))
+async def start(message: Message) -> None:
+    uid, full, username = user_display(message)
+    if not uid:
+        return
+    upsert_user(uid, full, username)
+    if is_blocked(uid):
+        await message.answer("你当前无法发送消息。")
+        return
+    await message.answer("已连接客服/管理员。你发来的消息会转交给管理员，请直接输入内容。")
+
+
+async def send_text_to_user_from_admin(message: Message, args: str | None, command_name: str) -> None:
+    if message.chat.id != admin_chat_id:
+        return
+    try:
+        uid, text = parse_user_id_and_text(args)
+        if not get_user(uid):
+            await message.reply(f"错误：找不到用户 {uid}。对方需要先私聊 Bot 或 /start，Telegram Bot 才能主动发送。")
+            return
+        if is_blocked(uid):
+            await message.reply(f"错误：用户 {uid} 已被封禁，先 /unblock {uid}")
+            return
+        if not bot:
+            await message.reply("错误：Bot 尚未初始化")
+            return
+        sent = await bot.send_message(uid, text)  # type: ignore[union-attr]
+        await message.reply(f"{command_name} 成功：已发送给用户 {uid}，message_id={sent.message_id}")
+    except Exception as e:
+        logger.exception("/%s failed", command_name)
+        await message.reply(f"/{command_name} 失败：{e}\n用法：/{command_name} <user_id> <内容>")
+
+
+@router.message(Command("reply"))
+async def cmd_reply(message: Message, command: CommandObject) -> None:
+    await send_text_to_user_from_admin(message, command.args, "reply")
+
+
+@router.message(Command("send"))
+async def cmd_send(message: Message, command: CommandObject) -> None:
+    await send_text_to_user_from_admin(message, command.args, "send")
+
+
+@router.message(Command("sendpic"))
+async def cmd_sendpic(message: Message, command: CommandObject) -> None:
+    if message.chat.id != admin_chat_id:
+        return
+    try:
+        uid, caption = parse_user_id_and_optional_text(command.args)
+        if not get_user(uid):
+            await message.reply(f"错误：找不到用户 {uid}，对方需要先 /start 机器人")
+            return
+        if is_blocked(uid):
+            await message.reply(f"错误：用户 {uid} 已被封禁，先 /unblock {uid}")
+            return
+        pending_sendpic[message.chat.id] = {"target": uid, "caption": caption, "created_at": time.time()}
+        suffix = f"\n说明文字：{caption}" if caption else ""
+        await message.reply(
+            f"请发送需要转发给 {uid}（{html_escape(describe_sendpic_target(uid))}）的图片。{suffix}\n"
+            "2 分钟内发送一张图片即可；发送 /cancel 取消。"
+        )
+    except Exception as e:
+        logger.exception("/sendpic failed")
+        await message.reply(f"/sendpic 失败：{e}\n用法：/sendpic 用户ID [可选图片说明]")
+
+
+@router.message(Command("cancel"))
+async def cmd_cancel(message: Message) -> None:
+    if message.chat.id == admin_chat_id and pending_sendpic.pop(message.chat.id, None):
+        await message.reply("已取消待发送图片。")
+
+
+@router.message(Command("block"))
+async def cmd_block(message: Message, command: CommandObject) -> None:
+    if message.chat.id != admin_chat_id:
+        return
+    try:
+        uid = parse_user_id(command.args)
+        if not get_user(uid):
+            await message.reply(f"错误：找不到用户 {uid}")
+            return
+        set_block(uid, True)
+        await message.reply(f"已封禁用户 {uid}")
+    except Exception as e:
+        logger.exception("/block failed")
+        await message.reply(f"/block 失败：{e}")
+
+
+@router.message(Command("unblock"))
+async def cmd_unblock(message: Message, command: CommandObject) -> None:
+    if message.chat.id != admin_chat_id:
+        return
+    try:
+        uid = parse_user_id(command.args)
+        if not get_user(uid):
+            await message.reply(f"错误：找不到用户 {uid}")
+            return
+        set_block(uid, False)
+        await message.reply(f"已解封用户 {uid}")
+    except Exception as e:
+        logger.exception("/unblock failed")
+        await message.reply(f"/unblock 失败：{e}")
+
+
+@router.message(Command("note"))
+async def cmd_note(message: Message, command: CommandObject) -> None:
+    if message.chat.id != admin_chat_id:
+        return
+    try:
+        uid, note = parse_user_id_and_text(command.args)
+        if not get_user(uid):
+            await message.reply(f"错误：找不到用户 {uid}")
+            return
+        set_note(uid, note)
+        await message.reply(f"已更新用户 {uid} 备注")
+    except Exception as e:
+        logger.exception("/note failed")
+        await message.reply(f"/note 失败：{e}")
+
+
+@router.message(Command("who"))
+async def cmd_who(message: Message, command: CommandObject) -> None:
+    if message.chat.id != admin_chat_id:
+        return
+    try:
+        uid = parse_user_id(command.args)
+        row = get_user(uid)
+        if not row:
+            await message.reply(f"错误：找不到用户 {uid}")
+            return
+        await message.reply(
+            "用户信息\n"
+            f"user_id: {row['user_id']}\n"
+            f"username: @{row['username']}\n"
+            f"full_name: {row['full_name']}\n"
+            f"blocked: {bool(row['blocked'])}\n"
+            f"note: {row['note'] or ''}\n"
+            f"created_at: {row['created_at']}\n"
+            f"updated_at: {row['updated_at']}"
+        )
+    except Exception as e:
+        logger.exception("/who failed")
+        await message.reply(f"/who 失败：{e}")
+
+
+@router.message(is_admin_action_message)
+async def admin_reply_by_message(message: Message) -> None:
+    # Pending /sendpic flow: after /sendpic <uid>, the next admin photo is copied to target.
+    pending = pending_sendpic.get(message.chat.id)
+    if pending:
+        if time.time() - float(pending.get("created_at", 0)) > 120:
+            pending_sendpic.pop(message.chat.id, None)
+            await message.reply("发送图片超时，已取消。请重新使用 /sendpic 用户ID。")
+            return
+        if message.photo:
+            target = int(pending["target"])
+            caption = (message.caption or pending.get("caption") or "")[:1024]
+            try:
+                if is_blocked(target):
+                    pending_sendpic.pop(message.chat.id, None)
+                    await message.reply(f"错误：用户 {target} 已被封禁，先 /unblock {target}")
+                    return
+                await bot.send_photo(target, message.photo[-1].file_id, caption=caption or None)  # type: ignore[union-attr]
+                pending_sendpic.pop(message.chat.id, None)
+                await message.reply(f"已发送图片给用户 {target}")
+            except TelegramAPIError as e:
+                logger.exception("/sendpic photo forwarding failed")
+                await message.reply(f"图片发送失败：{e}")
+            return
+        if message.text and message.text.startswith("/"):
+            return
+        await message.reply("请发送一张图片；或发送 /cancel 取消。")
+        return
+
+    # Admin replies to forwarded/copy notification in admin chat.
+    if not message.reply_to_message or not message.text:
+        return
+    target = lookup_reply_target(message.chat.id, message.reply_to_message.message_id)
+    if not target:
+        return
+    try:
+        if is_blocked(target):
+            await message.reply(f"错误：用户 {target} 已被封禁，先 /unblock {target}")
+            return
+        sent = await bot.send_message(target, message.text)  # type: ignore[union-attr]
+        await message.reply(f"已发送给用户 {target}，message_id={sent.message_id}")
+    except TelegramAPIError as e:
+        logger.exception("admin reply forwarding failed")
+        await message.reply(f"发送失败：{e}")
+
+
+@router.message(is_admin_chat)
+async def admin_plain_message(message: Message) -> None:
+    # Do not silently swallow ordinary admin messages.
+    if message.text and not message.text.startswith("/"):
+        await message.reply(
+            "管理员普通消息不会自动转发。请使用：\n"
+            "/send <user_id> <内容>\n"
+            "/reply <user_id> <内容>\n"
+            "或在收件箱里回复某条用户消息；也可以打开面板的「主动发消息」。"
+        )
+
+
+@router.message()
+async def user_message(message: Message) -> None:
+    # Only relay private user chats to admin.
+    logger.info("incoming message chat_id=%s chat_type=%s from_user=%s content_type=%s text=%r", message.chat.id, message.chat.type, getattr(message.from_user, 'id', None), message.content_type, (message.text or '')[:80])
+    if message.chat.id == admin_chat_id:
+        logger.info("incoming message is admin plain message; ignored by user relay")
+        return
+    if message.chat.type != "private":
+        logger.info("incoming message ignored because chat_type is not private: %s", message.chat.type)
+        return
+    uid, full, username = user_display(message)
+    if not uid:
+        return
+    upsert_user(uid, full, username)
+    if is_blocked(uid):
+        await message.answer("你当前无法发送消息。")
+        return
+    if rate_limited(uid):
+        await message.answer("发送太快了，请稍后再试。")
+        return
+    inbox_id = create_inbox_message(message, uid, full, username)
+    user_row = get_user(uid)
+    note = user_row["note"] if user_row and "note" in user_row.keys() else ""
+    header = (
+        f"[用户消息 #{inbox_id}]\n"
+        f"user_id: <code>{uid}</code>\n"
+        f"name: {html_escape(full)}\n"
+        f"username: @{html_escape(username or '')}\n"
+        f"note: {html_escape(note)}\n"
+        f"time: {html_escape(now_iso())}"
+    )
+    try:
+        sent = await bot.send_message(admin_chat_id, header)  # type: ignore[union-attr]
+        save_message_map(sent, uid, message.message_id)
+        copied = await message.copy_to(admin_chat_id, reply_to_message_id=sent.message_id)  # type: ignore[arg-type]
+        save_message_map(copied, uid, message.message_id)
+        mark_inbox_forwarded(inbox_id, sent.message_id, copied.message_id)
+        await message.answer("已转交管理员。")
+    except Exception as e:
+        mark_inbox_error(inbox_id, repr(e))
+        logger.exception("failed to relay user message, saved inbox_id=%s", inbox_id)
+        await message.answer("已收到留言，但转发管理员暂时失败；系统会稍后自动重试。")
+
+
+@dataclass
+class MonitorItem:
+    key: str
+    title: str
+    link: str
+    text: str
+    price: str | None = None
+    stock: str | None = None
+    author: str | None = None
+    published: str | None = None
+    category: str | None = None
+
+
+def stable_key(*parts: str) -> str:
+    raw = "|".join(parts)
+    return hashlib.sha256(raw.encode("utf-8", errors="ignore")).hexdigest()
+
+
+def extract_price(text: str) -> str | None:
+    m = re.search(r"(?:¥|￥|\$|USD|CNY)?\s*\d+(?:[.,]\d{1,2})?", text, re.I)
+    return m.group(0).strip() if m else None
+
+
+def keyword_hits(text: str, keywords: list[str]) -> list[str]:
+    low = text.lower()
+    return [k for k in keywords if k and k.lower() in low]
+
+
+def item_blocked(item: MonitorItem, monitor: dict[str, Any]) -> tuple[bool, str]:
+    text = f"{item.title} {item.text} {item.author or ''} {item.category or ''}"
+    exclude_hits = keyword_hits(text, monitor.get("exclude_keywords") or [])
+    if exclude_hits:
+        return True, "屏蔽词 " + ", ".join(exclude_hits)
+    authors = [a.lower() for a in (monitor.get("authors") or []) if a]
+    if authors and (item.author or "").lower() not in authors:
+        return True, "作者不匹配"
+    categories = [c.lower() for c in (monitor.get("categories") or []) if c]
+    if categories and not any(c in (item.category or "").lower() for c in categories):
+        return True, "分类不匹配"
+    return False, ""
+
+
+async def fetch_url(client: httpx.AsyncClient, url: str) -> str:
+    resp = await client.get(url, follow_redirects=True)
+    resp.raise_for_status()
+    return resp.text
+
+
+def parse_web_items(monitor: dict[str, Any], body: str) -> list[MonitorItem]:
+    selectors = monitor.get("selectors") or {}
+    item_sel = selectors.get("item") or "article, .thread, .post, li"
+    title_sel = selectors.get("title") or "h1, h2, h3, a"
+    link_sel = selectors.get("link") or "a"
+    price_sel = selectors.get("price")
+    stock_sel = selectors.get("stock")
+    soup = BeautifulSoup(body, "html.parser")
+    nodes = soup.select(item_sel)[:100]
+    if not nodes:
+        nodes = [soup]
+    items: list[MonitorItem] = []
+    for node in nodes:
+        title_node = node.select_one(title_sel) if title_sel else None
+        link_node = node.select_one(link_sel) if link_sel else None
+        title = (title_node.get_text(" ", strip=True) if title_node else node.get_text(" ", strip=True)[:120]).strip()
+        href = link_node.get("href") if link_node else ""
+        link = urljoin(monitor.get("url", ""), href) if href else monitor.get("url", "")
+        text = node.get_text(" ", strip=True)
+        price = None
+        stock = None
+        if price_sel and (p := node.select_one(price_sel)):
+            price = p.get_text(" ", strip=True)
+        else:
+            price = extract_price(text)
+        if stock_sel and (s := node.select_one(stock_sel)):
+            stock = s.get_text(" ", strip=True)
+        for hint in ["有货", "无货", "缺货", "in stock", "out of stock", "sold out", "available"]:
+            if hint.lower() in text.lower():
+                stock = hint
+                break
+        if title or text:
+            key = stable_key(link, title or text[:80])
+            items.append(MonitorItem(key=key, title=title or "(no title)", link=link, text=text, price=price, stock=stock))
+    return items
+
+
+def canonical_forum_key(link: str, entry_id: str = "") -> str:
+    """Return a stable topic/post key that survives title edits and RSS updated ids."""
+    target = link or entry_id
+    patterns = [
+        r"nodeseek\.com/post-(\d+)",
+        r"linux\.do/t/(?:[^/]+/)?(\d+)",
+        r"/t/(?:[^/]+/)?(\d+)",
+    ]
+    for value in [target, entry_id, link]:
+        for pattern in patterns:
+            m = re.search(pattern, value or "", re.I)
+            if m:
+                return m.group(1)
+    return stable_key(link or entry_id)
+
+
+def parse_rss_items(monitor: dict[str, Any], body: str) -> list[MonitorItem]:
+    feed = feedparser.parse(body)
+    items: list[MonitorItem] = []
+    for e in feed.entries[:100]:
+        title = getattr(e, "title", "(no title)")
+        link = getattr(e, "link", monitor.get("url", ""))
+        summary = getattr(e, "summary", "")
+        content = " ".join([c.get("value", "") for c in getattr(e, "content", []) if isinstance(c, dict)])
+        published = getattr(e, "published", "") or getattr(e, "updated", "")
+        author = getattr(e, "author", "") or getattr(e, "dc_creator", "")
+        category = ""
+        tags = getattr(e, "tags", None) or []
+        if tags:
+            category = ", ".join([t.get("term", "") for t in tags if isinstance(t, dict) and t.get("term")])
+        entry_id = getattr(e, "id", "") or getattr(e, "guid", "")
+        key = canonical_forum_key(link, entry_id) if (monitor.get("forum") or monitor.get("type") == "rss") else stable_key(entry_id, link, title)
+        items.append(MonitorItem(key=key, title=title, link=link, text=f"{title} {summary} {content} {published} {author} {category}", author=author, published=published, category=category))
+    return items
+
+
+def should_notify_and_update(monitor: dict[str, Any], item: MonitorItem, hits: list[str]) -> list[str]:
+    name = monitor["name"]
+    notify_on = monitor.get("notify_on") or {}
+    reasons: list[str] = []
+    with closing(db()) as conn:
+        prev = conn.execute(
+            "SELECT * FROM monitor_state WHERE monitor_name=? AND item_key=?",
+            (name, item.key),
+        ).fetchone()
+        is_forum = bool(monitor.get("forum") or monitor.get("type") == "rss")
+        if is_forum:
+            # 论坛/RSS 帖子只在首次出现并命中时通知一次。
+            # 后续 RSS 因回复/编辑把同一链接重新排到前面时，只更新状态，不再重复推送。
+            if prev is None:
+                if notify_on.get("new_item", False):
+                    reasons.append("新条目")
+                if notify_on.get("keyword_match", True) and hits:
+                    reasons.append("关键词 " + ", ".join(hits))
+        else:
+            if prev is None:
+                if notify_on.get("new_item", False):
+                    reasons.append("新条目")
+            else:
+                if notify_on.get("price_change", False) and (item.price or "") != (prev["price"] or ""):
+                    reasons.append(f"价格变化 {prev['price'] or '-'} -> {item.price or '-'}")
+                if notify_on.get("stock_change", False) and (item.stock or "") != (prev["stock"] or ""):
+                    reasons.append(f"库存变化 {prev['stock'] or '-'} -> {item.stock or '-'}")
+            if notify_on.get("keyword_match", True) and hits:
+                reasons.append("关键词 " + ", ".join(hits))
+        conn.execute(
+            """
+            INSERT INTO monitor_state(monitor_name, item_key, price, stock, title, link, updated_at)
+            VALUES(?,?,?,?,?,?,?)
+            ON CONFLICT(monitor_name, item_key) DO UPDATE SET
+                price=excluded.price, stock=excluded.stock, title=excluded.title,
+                link=excluded.link, updated_at=excluded.updated_at
+            """,
+            (name, item.key, item.price, item.stock, item.title, item.link, now_iso()),
+        )
+        conn.commit()
+    return reasons
+
+
+def event_not_sent(event_key: str, monitor_name: str, title: str, link: str) -> bool:
+    with closing(db()) as conn:
+        try:
+            conn.execute(
+                "INSERT INTO sent_events(event_key, monitor_name, title, link, created_at) VALUES(?,?,?,?,?)",
+                (event_key, monitor_name, title, link, now_iso()),
+            )
+            conn.commit()
+            return True
+        except sqlite3.IntegrityError:
+            return False
+
+
+async def run_monitor(monitor: dict[str, Any]) -> int:
+    name = monitor.get("name", "unnamed")
+    mtype = monitor.get("type", "web")
+    url = monitor.get("url")
+    if not url:
+        logger.error("monitor %s missing url", name)
+        return 0
+    keywords = monitor.get("keywords") or []
+    timeout = int((config.get("http") or {}).get("timeout_seconds", 20))
+    ua = (config.get("http") or {}).get("user_agent") or DEFAULT_UA
+    headers = {"User-Agent": ua, "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"}
+    sent_count = 0
+    try:
+        async with httpx.AsyncClient(timeout=timeout, headers=headers) as client:
+            body = await fetch_url(client, url)
+        items = parse_rss_items(monitor, body) if mtype == "rss" else parse_web_items(monitor, body)
+        for item in items:
+            blocked, block_reason = item_blocked(item, monitor)
+            if blocked:
+                logger.debug("monitor %s skipped item %s: %s", name, item.title, block_reason)
+                continue
+            hits = keyword_hits(f"{item.title} {item.text}", keywords)
+            # If keywords are configured and keyword_match is enabled, do not push unrelated new posts.
+            notify_on = monitor.get("notify_on") or {}
+            if keywords and notify_on.get("keyword_match", True) and not hits and not (notify_on.get("price_change") or notify_on.get("stock_change")):
+                should_notify_and_update(monitor, item, [])  # still remember state to avoid later old flood
+                continue
+            reasons = should_notify_and_update(monitor, item, hits)
+            if not reasons:
+                continue
+            # 论坛/RSS 以帖子本身作为事件键；不要把“命中原因/检查时间/编辑变化”放进去，避免同一帖重复发。
+            is_forum = monitor.get("forum") or mtype == "rss"
+            event_key = stable_key(name, item.key) if is_forum else stable_key(name, item.key, "|".join(reasons), item.price or "", item.stock or "")
+            if not event_not_sent(event_key, name, item.title, item.link):
+                continue
+            if is_forum:
+                text = (
+                    f"[新帖命中] {html_escape(name)}\n"
+                    f"标题：{html_escape(item.title)}\n"
+                    f"作者：{html_escape(item.author or '-')}\n"
+                    f"分类：{html_escape(item.category or '-')}\n"
+                    f"链接：{html_escape(item.link)}\n"
+                    f"命中：{html_escape('; '.join(reasons))}\n"
+                    f"发布时间：{html_escape(item.published or '-')}\n"
+                    f"检查时间：{html_escape(now_iso())}"
+                )
+            else:
+                text = (
+                    f"[库存/关键词命中] {html_escape(name)}\n"
+                    f"标题：{html_escape(item.title)}\n"
+                    f"链接：{html_escape(item.link)}\n"
+                    f"命中：{html_escape('; '.join(reasons))}\n"
+                    f"价格：{html_escape(item.price or '-')}\n"
+                    f"库存：{html_escape(item.stock or '-')}\n"
+                    f"时间：{html_escape(now_iso())}"
+                )
+            await admin_send(text)
+            sent_count += 1
+    except Exception:
+        logger.exception("monitor failed: %s %s", name, url)
+    return sent_count
+
+
+
+def cleanup_monitor_data(retention_minutes: int) -> tuple[int, int]:
+    """Delete only website/RSS monitor state older than retention.
+
+    Keeps two-way conversation tables intact: users, message_map, inbox_messages.
+    """
+    cutoff_ts = time.time() - max(1, int(retention_minutes)) * 60
+    cutoff = datetime.fromtimestamp(cutoff_ts, timezone.utc).astimezone().isoformat(timespec="seconds")
+    with closing(db()) as conn:
+        cur1 = conn.execute("DELETE FROM monitor_state WHERE updated_at < ?", (cutoff,))
+        cur2 = conn.execute("DELETE FROM sent_events WHERE created_at < ?", (cutoff,))
+        conn.commit()
+        return int(cur1.rowcount or 0), int(cur2.rowcount or 0)
+
+
+async def cleanup_monitor_loop() -> None:
+    while True:
+        settings = monitor_cleanup_settings()
+        await asyncio.sleep(int(settings["interval_minutes"]) * 60)
+        if not settings["enabled"]:
+            continue
+        try:
+            state_n, sent_n = cleanup_monitor_data(int(settings["retention_minutes"]))
+            logger.info(
+                "monitor cleanup done retention=%smin deleted monitor_state=%s sent_events=%s",
+                settings["retention_minutes"], state_n, sent_n,
+            )
+        except Exception:
+            logger.exception("monitor cleanup failed")
+
+
+
+async def flush_pending_inbox() -> None:
+    if not bot or admin_chat_id is None:
+        return
+    rows = pending_inbox(50)
+    if not rows:
+        return
+    logger.info("flushing pending inbox messages: %d", len(rows))
+    for row in rows:
+        try:
+            text = (
+                f"[补发用户消息 #{row['id']}]\n"
+                f"user_id: <code>{row['user_id']}</code>\n"
+                f"name: {html_escape(row['full_name'])}\n"
+                f"username: @{html_escape(row['username'] or '')}\n"
+                f"原消息ID: {row['user_message_id']}\n"
+                f"类型: {html_escape(row['message_type'])}\n"
+                f"时间: {html_escape(row['created_at'])}\n\n"
+                f"内容：{html_escape(row['text'] or '(非文本/媒体消息，原始媒体无法补发，仅保留记录)')}"
+            )
+            sent = await bot.send_message(admin_chat_id, text)
+            save_message_map(sent, int(row['user_id']), int(row['user_message_id']) if row['user_message_id'] else None)
+            mark_inbox_forwarded(int(row['id']), sent.message_id, None)
+        except Exception as e:
+            mark_inbox_error(int(row['id']), repr(e))
+            logger.exception("failed to flush inbox message id=%s", row['id'])
+
+
+async def flush_pending_loop() -> None:
+    while True:
+        try:
+            await flush_pending_inbox()
+        except Exception:
+            logger.exception("flush_pending_loop failed")
+        await asyncio.sleep(60)
+
+
+async def run_all_monitors_once() -> None:
+    monitors = config.get("monitors") or []
+    logger.info("manual/all monitor run start, count=%d", len(monitors))
+    total = 0
+    for m in monitors:
+        total += await run_monitor(m)
+    logger.info("manual/all monitor run done, notifications=%d", total)
+
+
+def schedule_monitors(scheduler: AsyncIOScheduler) -> None:
+    for idx, m in enumerate(config.get("monitors") or []):
+        name = m.get("name", "unnamed")
+        requested = int(m.get("interval_seconds", MIN_INTERVAL_SECONDS))
+        interval = max(requested, MIN_INTERVAL_SECONDS)
+        if requested < MIN_INTERVAL_SECONDS:
+            logger.warning("monitor %s interval %s raised to %s", name, requested, interval)
+        # Use index+hash, not just name: duplicate names should not crash saving/reloading.
+        job_key = stable_key(str(idx), name, m.get("url", ""))[:16]
+        scheduler.add_job(run_monitor, "interval", seconds=interval, args=[m], id=f"monitor:{idx}:{job_key}", max_instances=1, coalesce=True, replace_existing=True, next_run_time=datetime.now(timezone.utc))
+        logger.info("scheduled monitor %s every %ss", name, interval)
+
+
+
+# -----------------------------
+# Web admin panel
+# -----------------------------
+
+def panel_enabled() -> bool:
+    return os.getenv("WEB_PANEL_ENABLED", "true").lower() not in {"0", "false", "no", "off"}
+
+
+def session_secret() -> str:
+    secret = os.getenv("WEB_PANEL_SESSION_SECRET", "").strip()
+    if not secret:
+        secret = secrets.token_urlsafe(32)
+        vals = env_values()
+        vals["WEB_PANEL_SESSION_SECRET"] = secret
+        write_env_values(vals)
+    return secret
+
+
+def session_token(username: str) -> str:
+    raw = f"{username}|{session_secret()}"
+    return hashlib.sha256(raw.encode()).hexdigest()
+
+
+def is_logged_in(request: Request) -> bool:
+    username = os.getenv("WEB_PANEL_USER", "admin")
+    token = request.cookies.get("tg_watchbot_session", "")
+    return bool(token) and secrets.compare_digest(token, session_token(username))
+
+
+def panel_auth(request: Request) -> str:
+    # Actual redirect is handled by middleware; dependencies cannot reliably return redirects.
+    return os.getenv("WEB_PANEL_USER", "admin")
+
+
+def login_page(error: str = "") -> str:
+    err = f"<div class='login-error'>{html_escape(error)}</div>" if error else ""
+    return f"""<!doctype html><html lang=zh-CN><head><meta charset=utf-8><meta name=viewport content='width=device-width,initial-scale=1'>
+<title>登录 · tg-watchbot</title>
+<style>
+:root{{color-scheme:light}}*{{box-sizing:border-box}}body{{margin:0;min-height:100vh;font-family:Inter,ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;background:radial-gradient(circle at 18% 10%,#bfdbfe88,transparent 30%),radial-gradient(circle at 82% 12%,#bbf7d088,transparent 26%),linear-gradient(135deg,#f8fbff,#eef6ff 48%,#f7fee7);color:#172033;display:grid;place-items:center;padding:22px}}
+.login-card{{width:min(430px,100%);padding:34px;border:1px solid #dbeafe;border-radius:28px;background:rgba(255,255,255,.86);box-shadow:0 24px 70px #93c5fd44;backdrop-filter:blur(18px)}}
+.logo{{width:58px;height:58px;border-radius:18px;background:linear-gradient(135deg,#60a5fa,#86efac);display:grid;place-items:center;font-weight:900;color:#0f172a;font-size:26px;box-shadow:0 12px 32px #60a5fa55;margin-bottom:18px}}
+h1{{margin:0 0 8px;font-size:28px;color:#0f172a}}p{{margin:0 0 24px;color:#64748b;line-height:1.6}}label{{display:block;margin:14px 0 7px;color:#475569;font-size:14px}}input{{width:100%;border:1px solid #cbd5e1;border-radius:14px;background:#ffffff;color:#0f172a;padding:13px 14px;font-size:15px;outline:none}}input:focus{{border-color:#60a5fa;box-shadow:0 0 0 4px #bfdbfe88}}button{{width:100%;margin-top:22px;border:0;border-radius:14px;padding:13px 16px;background:linear-gradient(135deg,#3b82f6,#22c55e);color:white;font-weight:800;font-size:15px;cursor:pointer;box-shadow:0 14px 36px #60a5fa55}}button:hover{{filter:brightness(1.04)}}.login-error{{background:#fef2f2;border:1px solid #fecaca;color:#991b1b;padding:10px 12px;border-radius:12px;margin-bottom:16px}}.foot{{margin-top:18px;color:#94a3b8;font-size:13px;text-align:center}}
+</style></head><body><main class=login-card><div class=logo>⚡</div><h1>tg-watchbot</h1><p>登录后管理 Telegram 机器人、关键词监控、库存/价格提醒。</p>{err}<form method=post action=/login><label>用户名</label><input name=username autocomplete=username autofocus><label>密码</label><input name=password type=password autocomplete=current-password><button type=submit>登录面板</button></form><div class=foot>your-domain.example · Cloudflare Tunnel</div></main></body></html>"""
+
+
+def env_values() -> dict[str, str]:
+    load_dotenv(ENV_PATH, override=True)
+    return {
+        "TELEGRAM_BOT_TOKEN": os.getenv("TELEGRAM_BOT_TOKEN", ""),
+        "ADMIN_CHAT_ID": os.getenv("ADMIN_CHAT_ID", ""),
+        "LOG_LEVEL": os.getenv("LOG_LEVEL", "INFO"),
+        "WEB_PANEL_ENABLED": os.getenv("WEB_PANEL_ENABLED", "true"),
+        "WEB_PANEL_HOST": os.getenv("WEB_PANEL_HOST", "127.0.0.1"),
+        "WEB_PANEL_PORT": os.getenv("WEB_PANEL_PORT", "8765"),
+        "WEB_PANEL_USER": os.getenv("WEB_PANEL_USER", "admin"),
+        "WEB_PANEL_PASSWORD": os.getenv("WEB_PANEL_PASSWORD", "admin"),
+        "WEB_PANEL_SESSION_SECRET": os.getenv("WEB_PANEL_SESSION_SECRET", ""),
+    }
+
+
+def write_env_values(values: dict[str, str]) -> None:
+    lines = [
+        "# tg-watchbot environment",
+        f"TELEGRAM_BOT_TOKEN={values.get('TELEGRAM_BOT_TOKEN','')}",
+        f"ADMIN_CHAT_ID={values.get('ADMIN_CHAT_ID','')}",
+        f"LOG_LEVEL={values.get('LOG_LEVEL','INFO')}",
+        "",
+        "# Web 管理面板；默认只监听本机，建议用 SSH 隧道或反代再暴露",
+        f"WEB_PANEL_ENABLED={values.get('WEB_PANEL_ENABLED','true')}",
+        f"WEB_PANEL_HOST={values.get('WEB_PANEL_HOST','127.0.0.1')}",
+        f"WEB_PANEL_PORT={values.get('WEB_PANEL_PORT','8765')}",
+        f"WEB_PANEL_USER={values.get('WEB_PANEL_USER','admin')}",
+        f"WEB_PANEL_PASSWORD={values.get('WEB_PANEL_PASSWORD','admin')}",
+        f"WEB_PANEL_SESSION_SECRET={values.get('WEB_PANEL_SESSION_SECRET','')}",
+        "",
+    ]
+    ENV_PATH.write_text("\n".join(lines), encoding="utf-8")
+    ENV_PATH.chmod(0o600)
+    load_dotenv(ENV_PATH, override=True)
+
+
+def cfg_load_fresh() -> dict[str, Any]:
+    return load_config()
+
+
+def cfg_save(new_cfg: dict[str, Any]) -> None:
+    if not isinstance(new_cfg, dict):
+        raise ValueError("配置根节点必须是对象")
+    monitors = new_cfg.setdefault("monitors", [])
+    if not isinstance(monitors, list):
+        raise ValueError("monitors 必须是列表")
+    for m in monitors:
+        if not isinstance(m, dict):
+            raise ValueError("每个 monitor 必须是对象")
+        if int(m.get("interval_seconds", MIN_INTERVAL_SECONDS)) < MIN_INTERVAL_SECONDS:
+            m["interval_seconds"] = MIN_INTERVAL_SECONDS
+    CONFIG_PATH.write_text(yaml.safe_dump(new_cfg, allow_unicode=True, sort_keys=False), encoding="utf-8")
+    global config
+    config = new_cfg
+    reload_scheduler_jobs()
+
+
+def reload_scheduler_jobs() -> None:
+    if scheduler_ref:
+        for job in list(scheduler_ref.get_jobs()):
+            if job.id.startswith("monitor:"):
+                scheduler_ref.remove_job(job.id)
+        schedule_monitors(scheduler_ref)
+
+
+def parse_lines(text: str) -> list[str]:
+    return [x.strip() for x in (text or "").splitlines() if x.strip()]
+
+
+def monitor_from_form(
+    original_index: int | None,
+    name: str,
+    mtype: str,
+    url: str,
+    interval_seconds: int,
+    keywords: str,
+    item_selector: str,
+    title_selector: str,
+    link_selector: str,
+    price_selector: str,
+    stock_selector: str,
+    keyword_match: bool,
+    new_item: bool,
+    price_change: bool,
+    stock_change: bool,
+) -> dict[str, Any]:
+    m: dict[str, Any] = {
+        "name": name.strip(),
+        "type": mtype,
+        "url": url.strip(),
+        "interval_seconds": max(int(interval_seconds or MIN_INTERVAL_SECONDS), MIN_INTERVAL_SECONDS),
+        "keywords": parse_lines(keywords),
+        "notify_on": {
+            "keyword_match": keyword_match,
+            "new_item": new_item,
+            "price_change": price_change,
+            "stock_change": stock_change,
+        },
+    }
+    if mtype == "rss":
+        m["forum"] = True
+    if mtype == "web":
+        selectors = {
+            "item": item_selector.strip() or "article, .thread, .post, li",
+            "title": title_selector.strip() or "h1, h2, h3, a",
+            "link": link_selector.strip() or "a",
+        }
+        if price_selector.strip():
+            selectors["price"] = price_selector.strip()
+        if stock_selector.strip():
+            selectors["stock"] = stock_selector.strip()
+        m["selectors"] = selectors
+    if not m["name"] or not m["url"]:
+        raise ValueError("名称和 URL 必填")
+    return m
+
+
+def layout(title: str, body: str) -> str:
+    return f"""<!doctype html><html lang=zh-CN><head><meta charset=utf-8><meta name=viewport content='width=device-width,initial-scale=1'>
+<title>{html_escape(title)} · tg-watchbot</title>
+<style>
+*{{box-sizing:border-box}}body{{font-family:Inter,ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;background:radial-gradient(circle at 12% -8%,#dbeafe,transparent 30%),radial-gradient(circle at 88% -4%,#dcfce7,transparent 26%),linear-gradient(180deg,#f8fbff,#f3f7fb);color:#172033;margin:0}}
+a{{color:#2563eb;text-decoration:none}}a:hover{{color:#1d4ed8}} .shell{{display:grid;grid-template-columns:260px 1fr;min-height:100vh}}aside{{border-right:1px solid #e2e8f0;background:rgba(255,255,255,.78);backdrop-filter:blur(16px);padding:22px;position:sticky;top:0;height:100vh;box-shadow:8px 0 30px #dbeafe55}}main{{padding:30px;min-width:0}}.brand{{display:flex;gap:12px;align-items:center;margin-bottom:24px}}.mark{{width:42px;height:42px;border-radius:14px;background:linear-gradient(135deg,#60a5fa,#86efac);display:grid;place-items:center;color:#0f172a;font-weight:900;box-shadow:0 12px 28px #bfdbfe}}.brand b{{font-size:18px;color:#0f172a}}.brand small{{display:block;color:#64748b;margin-top:2px}}nav{{display:grid;gap:8px}}nav a{{padding:11px 12px;border-radius:12px;color:#475569;border:1px solid transparent;font-weight:650}}nav a:hover{{background:#eff6ff;border-color:#bfdbfe;color:#1d4ed8}}.top{{display:flex;justify-content:space-between;align-items:center;gap:12px;margin-bottom:18px}}.top h1{{margin:0;font-size:28px;color:#0f172a}}.logout{{color:#dc2626}}.btn{{background:#ffffff;color:#334155;padding:8px 12px;border-radius:10px;border:1px solid #cbd5e1;display:inline-block;cursor:pointer;box-shadow:0 4px 14px #e2e8f066}}.btn:hover{{background:#f8fafc}}.btn.primary{{background:linear-gradient(135deg,#3b82f6,#22c55e);border-color:#60a5fa;color:white}}.btn.danger{{background:#fef2f2;border-color:#fecaca;color:#b91c1c}}.btn.ok{{background:#ecfdf5;border-color:#bbf7d0;color:#15803d}}
+.card{{background:rgba(255,255,255,.88);border:1px solid #e2e8f0;border-radius:20px;padding:18px;margin:14px 0;box-shadow:0 16px 45px #dbeafe66}}.grid{{display:grid;grid-template-columns:repeat(auto-fit,minmax(260px,1fr));gap:14px}}
+input,select,textarea{{width:100%;box-sizing:border-box;background:#ffffff;color:#0f172a;border:1px solid #cbd5e1;border-radius:12px;padding:11px;outline:none}}input:focus,select:focus,textarea:focus{{border-color:#60a5fa;box-shadow:0 0 0 4px #bfdbfe88}}textarea{{min-height:120px;font-family:ui-monospace,Consolas,monospace}} label{{display:block;margin:10px 0 5px;color:#475569;font-weight:650}}
+small,.muted{{color:#64748b;line-height:1.6}} table{{width:100%;border-collapse:separate;border-spacing:0}} td,th{{border-bottom:1px solid #e2e8f0;padding:11px;text-align:left;vertical-align:top}} th{{color:#64748b;font-size:13px;background:#f8fafc}}.badge{{padding:3px 9px;border-radius:999px;background:#eef2ff;color:#3730a3}} .msg{{padding:12px;border-radius:12px;background:#ecfdf5;border:1px solid #bbf7d0;color:#166534;margin:10px 0}}pre{{white-space:pre-wrap;background:#f8fafc;color:#334155;padding:12px;border-radius:12px;border:1px solid #e2e8f0;max-height:420px;overflow:auto}}
+@media(max-width:800px){{.shell{{grid-template-columns:1fr}}aside{{position:relative;height:auto}}main{{padding:18px}}}}
+</style></head><body><div class=shell><aside><div class=brand><div class=mark>⚡</div><div><b>tg-watchbot</b><small>Telegram 自动化</small></div></div><nav><a href='/'>监控面板</a><a href='/inbox'>收件箱</a><a href='/send'>主动发消息</a><a href='/monitor/new'>新增监控</a><a href='/settings'>Bot / 面板设置</a><a href='/yaml'>YAML 高级编辑</a><a href='/logs'>运行日志</a><a href='/run-once'>手动检查</a><a href='/restart' onclick='return confirm("确定重启机器人服务？")'>重启机器人</a><a class=logout href='/logout'>退出登录</a></nav></aside><main><div class=top><h1>{html_escape(title)}</h1><span class=badge>WatchBot Panel</span></div>
+{body}</main></div></body></html>"""
+
+
+def monitor_form_html(m: dict[str, Any] | None = None, idx: int | None = None) -> str:
+    m = m or {"type": "web", "interval_seconds": 60, "notify_on": {"keyword_match": True, "new_item": True, "price_change": True, "stock_change": True}, "selectors": {}}
+    selectors = m.get("selectors") or {}
+    no = m.get("notify_on") or {}
+    keywords = "\n".join(m.get("keywords") or [])
+    action = "/monitor/save" if idx is not None else "/monitor/create"
+    hidden = f"<input type=hidden name=original_index value='{idx}'>" if idx is not None else ""
+    def checked(k: str) -> str:
+        return "checked" if no.get(k, False) else ""
+    return f"""<form method=post action='{action}' class=card>{hidden}
+<div class=grid><div><label>名称</label><input name=name value='{html_escape(m.get('name',''))}' required></div>
+<div><label>类型</label><select name=mtype><option value=web {'selected' if m.get('type')=='web' else ''}>Web 网页</option><option value=rss {'selected' if m.get('type')=='rss' else ''}>RSS</option></select></div>
+<div><label>URL</label><input name=url value='{html_escape(m.get('url',''))}' required></div>
+<div><label>间隔秒数（最低 60）</label><input name=interval_seconds type=number min=60 value='{html_escape(m.get('interval_seconds',60))}'></div></div>
+<label>关键词（一行一个）</label><textarea name=keywords>{html_escape(keywords)}</textarea>
+<h3>Web 选择器（RSS 可忽略）</h3><div class=grid>
+<div><label>条目选择器</label><input name=item_selector value='{html_escape(selectors.get('item','article, .thread, .post, li'))}'></div>
+<div><label>标题选择器</label><input name=title_selector value='{html_escape(selectors.get('title','h1, h2, h3, a'))}'></div>
+<div><label>链接选择器</label><input name=link_selector value='{html_escape(selectors.get('link','a'))}'></div>
+<div><label>价格选择器</label><input name=price_selector value='{html_escape(selectors.get('price',''))}'></div>
+<div><label>库存选择器</label><input name=stock_selector value='{html_escape(selectors.get('stock',''))}'></div></div>
+<h3>提醒条件</h3>
+<label><input style='width:auto' type=checkbox name=keyword_match {checked('keyword_match')}> 关键词命中</label>
+<label><input style='width:auto' type=checkbox name=new_item {checked('new_item')}> 新条目</label>
+<label><input style='width:auto' type=checkbox name=price_change {checked('price_change')}> 价格变化</label>
+<label><input style='width:auto' type=checkbox name=stock_change {checked('stock_change')}> 库存变化</label>
+<p><button class='btn primary' type=submit>保存</button> <a class=btn href='/'>取消</a></p></form>"""
+
+
+def create_panel_app() -> FastAPI:
+    app = FastAPI(title="tg-watchbot Panel")
+
+    @app.middleware("http")
+    async def require_login_middleware(request: Request, call_next):
+        public_paths = {"/login", "/health", "/favicon.ico"}
+        if request.url.path in public_paths or is_logged_in(request):
+            return await call_next(request)
+        return RedirectResponse("/login", status_code=303)
+
+    @app.get("/login", response_class=HTMLResponse)
+    async def login_get(request: Request):
+        if is_logged_in(request):
+            return RedirectResponse("/", status_code=303)
+        return HTMLResponse(login_page())
+
+    @app.post("/login")
+    async def login_post(username: str = Form(""), password: str = Form("")):
+        expected_user = os.getenv("WEB_PANEL_USER", "admin")
+        expected_pass = os.getenv("WEB_PANEL_PASSWORD", "admin")
+        if secrets.compare_digest(username, expected_user) and secrets.compare_digest(password, expected_pass):
+            resp = RedirectResponse("/", status_code=303)
+            resp.set_cookie("tg_watchbot_session", session_token(expected_user), httponly=True, secure=True, samesite="lax", max_age=60 * 60 * 24 * 14)
+            return resp
+        return HTMLResponse(login_page("用户名或密码错误"), status_code=401)
+
+    @app.get("/logout")
+    async def logout() -> RedirectResponse:
+        resp = RedirectResponse("/login", status_code=303)
+        resp.delete_cookie("tg_watchbot_session")
+        return resp
+
+    @app.get("/", response_class=HTMLResponse)
+    async def index(_: str = Depends(panel_auth)) -> str:
+        cfg = cfg_load_fresh()
+        rows = []
+        for i, m in enumerate(cfg.get("monitors") or []):
+            rows.append(f"""<tr><td><span class=badge>{html_escape(m.get('type','web'))}</span></td><td><b>{html_escape(m.get('name',''))}</b><br><small>{html_escape(m.get('url',''))}</small></td><td>{html_escape(m.get('interval_seconds',60))}s</td><td>{html_escape(', '.join(m.get('keywords') or []))}</td><td><a class=btn href='/monitor/{i}/edit'>编辑</a> <a class='btn ok' href='/monitor/{i}/preview'>预览</a> <a class='btn ok' href='/monitor/{i}/run'>检查</a> <a class='btn danger' href='/monitor/{i}/delete' onclick='return confirm("确定删除？")'>删除</a></td></tr>""")
+        body = f"""<div class=card><div style='display:flex;justify-content:space-between;gap:12px;align-items:center;flex-wrap:wrap'><div><h2 style='margin:0 0 6px'>监控目标</h2><p class=muted style='margin:0'>当前 {len(cfg.get('monitors') or [])} 个；不限制数量，可继续新增。保存后自动重载定时任务。</p></div><div><a class='btn primary' href='/monitor/templates'>论坛模板</a> <a class='btn primary' href='/monitor/new'>+ 新增监控</a> <a class='btn ok' href='/monitor/bulk'>批量新增</a></div></div><table style='margin-top:16px'><tr><th>类型</th><th>目标</th><th>间隔</th><th>关键词</th><th>操作</th></tr>""" + "".join(rows) + "</table></div>"
+        return layout("监控", body)
+
+    @app.get("/monitor/new", response_class=HTMLResponse)
+    async def new_monitor(_: str = Depends(panel_auth)) -> str:
+        return layout("新增监控", "<div class=card><p class=muted>这里是新增单个监控。要一次加多个网站，用左侧/首页的「批量新增」。</p></div>" + monitor_form_html())
+
+    @app.get("/monitor/templates", response_class=HTMLResponse)
+    async def monitor_templates(_: str = Depends(panel_auth)) -> str:
+        body = """<div class=card><h2>论坛监控模板</h2><p class=muted>NodeSeek / Linux.do 建议用 RSS，不抓网页 HTML，抗 Cloudflare 更稳。</p><div class=grid><a class='btn primary' href='/monitor/template/nodeseek'>NodeSeek 新帖</a><a class='btn primary' href='/monitor/template/linuxdo'>Linux.do 最新</a><a class='btn primary' href='/monitor/template/linuxdo-resource'>Linux.do 资源荟萃</a></div></div>"""
+        return layout("监控模板", body)
+
+    @app.get("/monitor/template/{kind}", response_class=HTMLResponse)
+    async def monitor_template(kind: str, _: str = Depends(panel_auth)) -> str:
+        templates = {
+            "nodeseek": {"name": "NodeSeek 新帖", "type": "rss", "url": "https://rss.nodeseek.com/", "interval_seconds": 60, "keywords": ["NAT", "优惠", "补货", "VPS", "免费"], "forum": True, "notify_on": {"keyword_match": True, "new_item": True, "price_change": False, "stock_change": False}},
+            "linuxdo": {"name": "Linux.do 最新", "type": "rss", "url": "https://linux.do/latest.rss", "interval_seconds": 60, "keywords": ["Claude", "Codex", "API", "VPS", "NAT"], "forum": True, "notify_on": {"keyword_match": True, "new_item": True, "price_change": False, "stock_change": False}},
+            "linuxdo-resource": {"name": "Linux.do 资源荟萃", "type": "rss", "url": "https://linux.do/c/resource/14.rss", "interval_seconds": 60, "keywords": ["免费", "开源", "API", "Claude"], "forum": True, "notify_on": {"keyword_match": True, "new_item": True, "price_change": False, "stock_change": False}},
+        }
+        m = templates.get(kind)
+        if not m:
+            raise HTTPException(404, "template not found")
+        return layout("使用模板新增", "<div class=card><p class=muted>这是预设模板，保存即可加入监控；也可以先调整关键词。</p></div>" + monitor_form_html(m))
+
+    @app.get("/monitor/bulk", response_class=HTMLResponse)
+    async def bulk_monitor(_: str = Depends(panel_auth)) -> str:
+        sample = """NodeSeek|https://www.nodeseek.com/|免费鸡,优惠码,NAT
+Linux.do|https://linux.do|公益,codex,claude
+HostLoc|https://hostloc.com|VPS,补货,优惠"""
+        body = f"""<div class=card><h2>批量新增监控</h2><p class=muted>一行一个网站，格式：<code>名称|URL|关键词1,关键词2,关键词3</code>。保存后会追加到现有列表，不会覆盖原有监控。</p><form method=post action='/monitor/bulk'><label>批量列表</label><textarea name=items style='min-height:260px' placeholder='{html_escape(sample)}'></textarea><div class=grid><div><label>类型</label><select name=mtype><option value=web>Web 网页</option><option value=rss>RSS</option></select></div><div><label>间隔秒数（最低 60）</label><input name=interval_seconds type=number min=60 value=60></div></div><h3>默认提醒条件</h3><label><input style='width:auto' type=checkbox name=keyword_match checked> 关键词命中</label><label><input style='width:auto' type=checkbox name=new_item checked> 新条目</label><label><input style='width:auto' type=checkbox name=price_change> 价格变化</label><label><input style='width:auto' type=checkbox name=stock_change> 库存变化</label><p><button class='btn primary' type=submit>批量添加</button> <a class=btn href='/'>取消</a></p></form></div>"""
+        return layout("批量新增", body)
+
+    @app.post("/monitor/bulk")
+    async def bulk_monitor_save(_: str = Depends(panel_auth), items: str = Form(""), mtype: str = Form("web"), interval_seconds: int = Form(300), keyword_match: str | None = Form(None), new_item: str | None = Form(None), price_change: str | None = Form(None), stock_change: str | None = Form(None)):
+        cfg = cfg_load_fresh()
+        monitors = cfg.setdefault("monitors", [])
+        added = 0
+        errors = []
+        for line_no, raw in enumerate(items.splitlines(), 1):
+            line = raw.strip()
+            if not line or line.startswith('#'):
+                continue
+            parts = [x.strip() for x in line.split('|')]
+            if len(parts) < 2:
+                errors.append(f"第 {line_no} 行格式错误：{html_escape(line)}")
+                continue
+            name, url = parts[0], parts[1]
+            keywords = parts[2] if len(parts) >= 3 else ""
+            try:
+                monitors.append(monitor_from_form(None, name, mtype, url, interval_seconds, keywords.replace(',', '\n'), "article, .thread, .post, li", "h1, h2, h3, a", "a", "", "", bool(keyword_match), bool(new_item), bool(price_change), bool(stock_change)))
+                added += 1
+            except Exception as e:
+                errors.append(f"第 {line_no} 行失败：{html_escape(e)}")
+        try:
+            cfg_save(cfg)
+        except Exception as e:
+            logger.exception("bulk save failed")
+            return HTMLResponse(layout("批量新增失败", f"<div class=card><pre>{html_escape(e)}</pre></div>"), status_code=500)
+        if errors:
+            return HTMLResponse(layout("批量新增完成", f"<div class=msg>已新增 {added} 个，部分行有问题：</div><div class=card><pre>{'<br>'.join(errors)}</pre></div><p><a class=btn href='/'>返回</a></p>"))
+        return RedirectResponse("/", status_code=303)
+
+    @app.get("/monitor/{idx}/edit", response_class=HTMLResponse)
+    async def edit_monitor(idx: int, _: str = Depends(panel_auth)) -> str:
+        monitors = cfg_load_fresh().get("monitors") or []
+        if idx < 0 or idx >= len(monitors):
+            raise HTTPException(404, "monitor not found")
+        return layout("编辑监控", "<h2>编辑监控</h2>" + monitor_form_html(monitors[idx], idx))
+
+    async def save_form_common(
+        original_index: int | None,
+        name: str,
+        mtype: str,
+        url: str,
+        interval_seconds: int,
+        keywords: str,
+        item_selector: str,
+        title_selector: str,
+        link_selector: str,
+        price_selector: str,
+        stock_selector: str,
+        keyword_match: str | None,
+        new_item: str | None,
+        price_change: str | None,
+        stock_change: str | None,
+    ) -> RedirectResponse:
+        cfg = cfg_load_fresh()
+        monitors = cfg.setdefault("monitors", [])
+        m = monitor_from_form(original_index, name, mtype, url, interval_seconds, keywords, item_selector, title_selector, link_selector, price_selector, stock_selector, bool(keyword_match), bool(new_item), bool(price_change), bool(stock_change))
+        if original_index is None:
+            monitors.append(m)
+        else:
+            monitors[original_index] = m
+        try:
+            cfg_save(cfg)
+        except Exception as e:
+            logger.exception("save monitor failed")
+            return HTMLResponse(layout("保存失败", f"<div class=card><h2>保存失败</h2><pre>{html_escape(e)}</pre></div><p><a class=btn href='/'>返回</a></p>"), status_code=500)
+        return RedirectResponse("/", status_code=303)
+
+    @app.post("/monitor/create")
+    async def create_monitor(_: str = Depends(panel_auth), name: str = Form(...), mtype: str = Form(...), url: str = Form(...), interval_seconds: int = Form(300), keywords: str = Form(""), item_selector: str = Form(""), title_selector: str = Form(""), link_selector: str = Form(""), price_selector: str = Form(""), stock_selector: str = Form(""), keyword_match: str | None = Form(None), new_item: str | None = Form(None), price_change: str | None = Form(None), stock_change: str | None = Form(None)) -> RedirectResponse:
+        return await save_form_common(None, name, mtype, url, interval_seconds, keywords, item_selector, title_selector, link_selector, price_selector, stock_selector, keyword_match, new_item, price_change, stock_change)
+
+    @app.post("/monitor/save")
+    async def save_monitor(_: str = Depends(panel_auth), original_index: int = Form(...), name: str = Form(...), mtype: str = Form(...), url: str = Form(...), interval_seconds: int = Form(300), keywords: str = Form(""), item_selector: str = Form(""), title_selector: str = Form(""), link_selector: str = Form(""), price_selector: str = Form(""), stock_selector: str = Form(""), keyword_match: str | None = Form(None), new_item: str | None = Form(None), price_change: str | None = Form(None), stock_change: str | None = Form(None)) -> RedirectResponse:
+        return await save_form_common(original_index, name, mtype, url, interval_seconds, keywords, item_selector, title_selector, link_selector, price_selector, stock_selector, keyword_match, new_item, price_change, stock_change)
+
+    @app.get("/monitor/{idx}/delete")
+    async def delete_monitor(idx: int, _: str = Depends(panel_auth)) -> RedirectResponse:
+        cfg = cfg_load_fresh(); monitors = cfg.get("monitors") or []
+        if 0 <= idx < len(monitors):
+            monitors.pop(idx); cfg_save(cfg)
+        return RedirectResponse("/", status_code=303)
+
+
+    @app.get("/monitor/{idx}/preview", response_class=HTMLResponse)
+    async def monitor_preview(idx: int, _: str = Depends(panel_auth)) -> str:
+        cfg = cfg_load_fresh(); monitors = cfg.get("monitors") or []
+        if idx < 0 or idx >= len(monitors):
+            raise HTTPException(404, "monitor not found")
+        m = monitors[idx]
+        timeout = int((cfg.get("http") or {}).get("timeout_seconds", 20))
+        ua = (cfg.get("http") or {}).get("user_agent") or DEFAULT_UA
+        headers = {"User-Agent": ua}
+        try:
+            async with httpx.AsyncClient(timeout=timeout, headers=headers) as client:
+                body = await fetch_url(client, m.get("url"))
+            items = parse_rss_items(m, body) if m.get("type") == "rss" else parse_web_items(m, body)
+            rows=[]
+            for it in items[:15]:
+                blocked, br = item_blocked(it, m)
+                hits = keyword_hits(f"{it.title} {it.text}", m.get("keywords") or [])
+                rows.append(f"""<tr><td>{html_escape(it.title)}<br><small>{html_escape(it.link)}</small></td><td>{html_escape(it.author or '-')}</td><td>{html_escape(it.category or '-')}</td><td>{html_escape(', '.join(hits) or '-')}</td><td>{'跳过: '+html_escape(br) if blocked else '可推送/记录'}</td></tr>""")
+            body_html = "<div class=card><h2>抓取预览</h2><p class=muted>只预览最近 15 条，不写入去重状态、不推送。</p><table><tr><th>标题/链接</th><th>作者</th><th>分类</th><th>命中</th><th>状态</th></tr>" + "".join(rows) + "</table></div>"
+            return layout("抓取预览", body_html)
+        except Exception as e:
+            return HTMLResponse(layout("抓取预览失败", f"<div class=card><pre>{html_escape(e)}</pre></div>"), status_code=500)
+
+    @app.get("/monitor/{idx}/run", response_class=HTMLResponse)
+    async def run_monitor_now(idx: int, _: str = Depends(panel_auth)) -> str:
+        cfg = cfg_load_fresh(); monitors = cfg.get("monitors") or []
+        if idx < 0 or idx >= len(monitors):
+            raise HTTPException(404, "monitor not found")
+        count = await run_monitor(monitors[idx])
+        return layout("检查完成", f"<div class=msg>已手动检查：{html_escape(monitors[idx].get('name'))}，推送 {count} 条。</div><p><a class=btn href='/'>返回</a></p>")
+
+    @app.get("/run-once", response_class=HTMLResponse)
+    async def run_once_page(_: str = Depends(panel_auth)) -> str:
+        await run_all_monitors_once()
+        return layout("手动检查完成", "<div class=msg>已执行全部监控检查。具体结果看日志/Telegram 推送。</div><p><a class=btn href='/'>返回</a></p>")
+
+    @app.get("/yaml", response_class=HTMLResponse)
+    async def yaml_edit(_: str = Depends(panel_auth)) -> str:
+        text = CONFIG_PATH.read_text(encoding="utf-8")
+        return layout("YAML 高级编辑", f"<h2>YAML 高级编辑</h2><form method=post><textarea name=content style='min-height:520px'>{html_escape(text)}</textarea><p><button class='btn primary' type=submit>保存 YAML</button></p></form>")
+
+    @app.post("/yaml", response_class=HTMLResponse)
+    async def yaml_save(_: str = Depends(panel_auth), content: str = Form(...)) -> str:
+        try:
+            data = yaml.safe_load(content) or {}
+            cfg_save(data)
+            return layout("已保存", "<div class=msg>YAML 已保存并重载。</div><p><a class=btn href='/'>返回</a></p>")
+        except Exception as e:
+            return layout("保存失败", f"<div class=card><h2>保存失败</h2><pre>{html_escape(e)}</pre></div><p><a class=btn href='/yaml'>返回</a></p>")
+
+    @app.get("/settings", response_class=HTMLResponse)
+    async def settings(_: str = Depends(panel_auth)) -> str:
+        v = env_values()
+        cleanup = (cfg_load_fresh().get("cleanup") or {})
+        body = f"""<h2>Bot / 面板设置</h2><div class=card><form method=post>
+<label>Telegram Bot Token</label><input name=TELEGRAM_BOT_TOKEN value='{html_escape(v['TELEGRAM_BOT_TOKEN'])}' placeholder='123456:ABC...'>
+<label>管理员 ADMIN_CHAT_ID</label><input name=ADMIN_CHAT_ID value='{html_escape(v['ADMIN_CHAT_ID'])}'>
+<div class=grid><div><label>日志级别</label><input name=LOG_LEVEL value='{html_escape(v['LOG_LEVEL'])}'></div><div><label>面板监听地址</label><input name=WEB_PANEL_HOST value='{html_escape(v['WEB_PANEL_HOST'])}'></div><div><label>面板端口</label><input name=WEB_PANEL_PORT value='{html_escape(v['WEB_PANEL_PORT'])}'></div><div><label>面板用户</label><input name=WEB_PANEL_USER value='{html_escape(v['WEB_PANEL_USER'])}'></div><div><label>面板密码</label><input name=WEB_PANEL_PASSWORD value='{html_escape(v['WEB_PANEL_PASSWORD'])}'></div></div>
+<h3>监控数据自动清理</h3><p class=muted>只清理 RSS/网站监控状态和去重记录，不删除用户、收件箱、双向对话消息。</p><div class=grid><div><label>清理间隔（分钟）</label><input name=CLEANUP_INTERVAL_MINUTES type=number min=1 value='{html_escape(cleanup.get("interval_minutes", 60))}'></div><div><label>保留监控数据（分钟）</label><input name=CLEANUP_RETENTION_MINUTES type=number min=1 value='{html_escape(cleanup.get("monitor_retention_minutes", 1440))}'></div></div>
+<input type=hidden name=WEB_PANEL_ENABLED value='true'><p><button class='btn primary' type=submit>保存 .env / 清理设置</button></p><small>改 Token、chat_id 或面板监听端口后建议重启服务：sudo systemctl restart tg-watchbot</small></form></div>"""
+        return layout("设置", body)
+
+    @app.post("/settings", response_class=HTMLResponse)
+    async def settings_save(_: str = Depends(panel_auth), TELEGRAM_BOT_TOKEN: str = Form(""), ADMIN_CHAT_ID: str = Form(""), LOG_LEVEL: str = Form("INFO"), WEB_PANEL_ENABLED: str = Form("true"), WEB_PANEL_HOST: str = Form("127.0.0.1"), WEB_PANEL_PORT: str = Form("8765"), WEB_PANEL_USER: str = Form("admin"), WEB_PANEL_PASSWORD: str = Form("admin"), CLEANUP_INTERVAL_MINUTES: int = Form(60), CLEANUP_RETENTION_MINUTES: int = Form(1440)) -> str:
+        write_env_values(locals() | {"WEB_PANEL_ENABLED": WEB_PANEL_ENABLED})
+        cfg = cfg_load_fresh()
+        cfg["cleanup"] = {
+            "enabled": True,
+            "interval_minutes": max(1, int(CLEANUP_INTERVAL_MINUTES)),
+            "monitor_retention_minutes": max(1, int(CLEANUP_RETENTION_MINUTES)),
+        }
+        cfg_save(cfg)
+        return layout("已保存", "<div class=msg>.env 和监控清理设置已保存。Token/chat_id 需重启服务后生效。</div><p><a class=btn href='/settings'>返回</a></p>")
+
+
+    @app.get("/send", response_class=HTMLResponse)
+    async def send_page(_: str = Depends(panel_auth)) -> str:
+        with closing(db()) as conn:
+            users = conn.execute(
+                "SELECT user_id, username, full_name, blocked, note, updated_at FROM users ORDER BY updated_at DESC LIMIT 200"
+            ).fetchall()
+        options = []
+        for u in users:
+            blocked = "（已封禁）" if u["blocked"] else ""
+            username = f"@{u['username']}" if u["username"] else ""
+            label = f"{u['full_name'] or u['user_id']} {username} · {u['user_id']} {blocked}"
+            options.append(f"<option value='{u['user_id']}'>{html_escape(label)}</option>")
+        body = f"""<div class=card><h2>主动发消息</h2><p class=muted>只能发送给已经私聊过 Bot 的用户；这是 Telegram Bot API 限制。</p><form method=post action='/send'>
+<label>选择用户</label><select name=user_id>{''.join(options)}</select>
+<label>或手动输入 user_id</label><input name=manual_user_id placeholder='例如 123456789'>
+<label>消息内容</label><textarea name=text style='min-height:180px' required></textarea>
+<p><button class='btn primary' type=submit>发送消息</button> <a class=btn href='/inbox'>查看收件箱</a></p></form></div>"""
+        return layout("主动发消息", body)
+
+    @app.post("/send", response_class=HTMLResponse)
+    async def send_save(_: str = Depends(panel_auth), user_id: str = Form(""), manual_user_id: str = Form(""), text: str = Form("")) -> str:
+        raw_uid = (manual_user_id or user_id or "").strip()
+        if not raw_uid:
+            return layout("发送失败", "<div class=card><pre>缺少 user_id</pre></div><p><a class=btn href='/send'>返回</a></p>")
+        if not text.strip():
+            return layout("发送失败", "<div class=card><pre>消息内容不能为空</pre></div><p><a class=btn href='/send'>返回</a></p>")
+        try:
+            uid = int(raw_uid)
+            if not get_user(uid):
+                return layout("发送失败", f"<div class=card><pre>找不到用户 {uid}，对方需要先私聊 Bot。</pre></div><p><a class=btn href='/send'>返回</a></p>")
+            if is_blocked(uid):
+                return layout("发送失败", f"<div class=card><pre>用户 {uid} 已被封禁，请先 /unblock。</pre></div><p><a class=btn href='/send'>返回</a></p>")
+            if not bot:
+                return layout("发送失败", "<div class=card><pre>Bot 尚未初始化；请确认服务以正常模式运行，而不是 --panel-only。</pre></div><p><a class=btn href='/send'>返回</a></p>")
+            sent = await bot.send_message(uid, text.strip())
+            logger.info("panel sent message to user_id=%s message_id=%s", uid, sent.message_id)
+            await admin_send(f"[主动发送成功]\nuser_id: <code>{uid}</code>\nmessage_id: {sent.message_id}\n时间：{html_escape(now_iso())}")
+            return layout("发送成功", f"<div class=msg>已发送给用户 {uid}，message_id={sent.message_id}。Bot 也已给管理员发送确认提醒。</div><p><a class=btn href='/send'>继续发送</a> <a class=btn href='/inbox'>收件箱</a></p>")
+        except TelegramAPIError as e:
+            logger.exception("panel send failed")
+            return layout("发送失败", f"<div class=card><pre>{html_escape(e)}</pre></div><p><a class=btn href='/send'>返回</a></p>")
+        except Exception as e:
+            logger.exception("panel send failed")
+            return layout("发送失败", f"<div class=card><pre>{html_escape(e)}</pre></div><p><a class=btn href='/send'>返回</a></p>")
+
+    @app.get("/inbox", response_class=HTMLResponse)
+    async def inbox_page(_: str = Depends(panel_auth)) -> str:
+        with closing(db()) as conn:
+            rows = conn.execute("SELECT * FROM inbox_messages ORDER BY id DESC LIMIT 200").fetchall()
+        trs = []
+        for r in rows:
+            status_txt = "已转发" if r["forwarded"] else "未转发"
+            status_cls = "ok" if r["forwarded"] else "danger"
+            content = html_escape(r["text"] or "(非文本/媒体消息)")
+            trs.append(f"""<tr><td>#{r['id']}<br><span class='badge {status_cls}'>{status_txt}</span></td><td><b>{html_escape(r['full_name'])}</b><br><small>{r['user_id']} @{html_escape(r['username'] or '')}</small></td><td>{html_escape(r['message_type'])}<br><small>{html_escape(r['created_at'])}</small></td><td>{content}<br><small style='color:#fca5a5'>{html_escape(r['error'] or '')}</small></td><td><a class=btn href='/inbox/{r['id']}/retry'>重试转发</a></td></tr>""")
+        body = "<div class=card><h2>收件箱</h2><p class=muted>用户消息会先写入 SQLite，再转发给管理员；转发失败的消息可以在这里重试。</p><table><tr><th>ID/状态</th><th>用户</th><th>类型/时间</th><th>内容/错误</th><th>操作</th></tr>" + "".join(trs) + "</table></div>"
+        return layout("收件箱", body)
+
+    @app.get("/inbox/{msg_id}/retry")
+    async def retry_inbox(msg_id: int, _: str = Depends(panel_auth)) -> RedirectResponse:
+        with closing(db()) as conn:
+            conn.execute("UPDATE inbox_messages SET forwarded=0, error=NULL WHERE id=?", (msg_id,))
+            conn.commit()
+        await flush_pending_inbox()
+        return RedirectResponse("/inbox", status_code=303)
+
+    @app.get("/restart", response_class=HTMLResponse)
+    async def restart_page(_: str = Depends(panel_auth)) -> str:
+        body = """<div class=card><h2>重启机器人</h2><p class=muted>用于修改 Token、管理员 ID、面板设置等需要重启生效的配置。</p><form method=post action='/restart'><button class='btn danger' type=submit>确认重启 tg-watchbot</button></form></div>"""
+        return layout("重启机器人", body)
+
+    @app.post("/restart")
+    async def restart_post(_: str = Depends(panel_auth)) -> HTMLResponse:
+        async def delayed_restart():
+            await asyncio.sleep(1.0)
+            # Exit with failure so systemd Restart=on-failure brings the service back up.
+            os._exit(1)
+        asyncio.create_task(delayed_restart())
+        return HTMLResponse(layout("正在重启", "<div class=msg>已发送重启命令，约 5-10 秒后刷新页面。</div><p><a class=btn href='/'>返回首页</a></p>"))
+
+    @app.get("/logs", response_class=HTMLResponse)
+    async def logs(_: str = Depends(panel_auth)) -> str:
+        text = LOG_PATH.read_text(encoding="utf-8", errors="replace")[-20000:] if LOG_PATH.exists() else "暂无日志"
+        return layout("日志", f"<h2>最近应用日志</h2><pre>{html_escape(text)}</pre>")
+
+    @app.get("/health", response_class=PlainTextResponse)
+    async def health() -> str:
+        return "ok"
+
+    return app
+
+
+async def start_panel_server() -> uvicorn.Server | None:
+    if not panel_enabled():
+        logger.info("web panel disabled")
+        return None
+    host = os.getenv("WEB_PANEL_HOST", "127.0.0.1")
+    port = int(os.getenv("WEB_PANEL_PORT", "8765"))
+    server = uvicorn.Server(uvicorn.Config(create_panel_app(), host=host, port=port, log_level="info"))
+    asyncio.create_task(server.serve())
+    logger.info("web panel listening on http://%s:%s", host, port)
+    return server
+
+def validate_env() -> tuple[str, int]:
+    load_dotenv(ENV_PATH)
+    token = os.getenv("TELEGRAM_BOT_TOKEN", "").strip()
+    admin = os.getenv("ADMIN_CHAT_ID", "").strip()
+    if not token:
+        raise RuntimeError(f"TELEGRAM_BOT_TOKEN is missing in {ENV_PATH}")
+    if not admin:
+        raise RuntimeError(f"ADMIN_CHAT_ID is missing in {ENV_PATH}")
+    return token, int(admin)
+
+
+async def main_async(run_once: bool = False, panel_only: bool = False) -> None:
+    global bot, admin_chat_id, config, scheduler_ref
+    load_dotenv(ENV_PATH, override=True)
+    config = load_config()
+    setup_logging(os.getenv("LOG_LEVEL", "INFO"))
+    init_db()
+    if panel_only:
+        await start_panel_server()
+        logger.info("panel-only mode start")
+        while True:
+            await asyncio.sleep(3600)
+    if run_once:
+        # If .env is filled, send notifications during manual test; otherwise just log.
+        try:
+            token, admin_chat_id = validate_env()
+            bot = Bot(token=token, default=DefaultBotProperties(parse_mode=ParseMode.HTML))
+        except Exception as e:
+            logger.warning("run-once without Telegram notification: %s", e)
+        await run_all_monitors_once()
+        if bot:
+            await bot.session.close()
+        return
+    token, admin_chat_id = validate_env()
+    bot = Bot(token=token, default=DefaultBotProperties(parse_mode=ParseMode.HTML))
+    dp = Dispatcher()
+    dp.include_router(router)
+    scheduler = AsyncIOScheduler(timezone="Asia/Shanghai")
+    scheduler_ref = scheduler
+    schedule_monitors(scheduler)
+    scheduler.start()
+    await start_panel_server()
+    asyncio.create_task(flush_pending_loop())
+    asyncio.create_task(cleanup_monitor_loop())
+    await admin_send(f"tg-watchbot 已启动\n时间：{now_iso()}")
+    logger.info("bot polling start")
+    await dp.start_polling(bot, allowed_updates=dp.resolve_used_update_types())
+
+
+def main() -> None:
+    parser = argparse.ArgumentParser()
+    parser.add_argument("--run-once", action="store_true", help="run all monitors once and exit; does not need Telegram token unless notification is sent")
+    parser.add_argument("--panel-only", action="store_true", help="start only the web admin panel, useful before Telegram token is configured")
+    args = parser.parse_args()
+    try:
+        asyncio.run(main_async(run_once=args.run_once, panel_only=args.panel_only))
+    except KeyboardInterrupt:
+        pass
+    except Exception:
+        logger.exception("fatal error")
+        raise
+
+
+if __name__ == "__main__":
+    main()
diff --git a/config.example.yaml b/config.example.yaml
new file mode 100644
index 0000000..7e75443
--- /dev/null
+++ b/config.example.yaml
@@ -0,0 +1,47 @@
+http:
+  timeout_seconds: 20
+  user_agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)
+    Chrome/124.0 Safari/537.36 tg-watchbot/1.0
+bot:
+  rate_limit:
+    window_seconds: 10
+    max_messages: 3
+monitors:
+- name: NodeSeek 新帖
+  type: rss
+  url: https://rss.nodeseek.com/
+  interval_seconds: 60
+  keywords:
+  - VPS
+  - 优惠
+  - 免费
+  exclude_keywords: []
+  authors: []
+  categories: []
+  notify_on:
+    keyword_match: true
+    new_item: true
+    price_change: false
+    stock_change: false
+  forum: true
+- name: Linux.do 最新
+  type: rss
+  url: https://linux.do/latest.rss
+  interval_seconds: 60
+  keywords:
+  - API
+  - 教程
+  - 开源
+  exclude_keywords: []
+  authors: []
+  categories: []
+  notify_on:
+    keyword_match: true
+    new_item: true
+    price_change: false
+    stock_change: false
+  forum: true
+cleanup:
+  enabled: true
+  interval_minutes: 60
+  monitor_retention_minutes: 1440
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..17855f9
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,10 @@
+aiogram==3.22.0
+APScheduler==3.11.1
+beautifulsoup4==4.14.3
+fastapi==0.136.1
+feedparser==6.0.12
+httpx==0.28.1
+python-dotenv==1.2.1
+python-multipart==0.0.20
+PyYAML==6.0.3
+uvicorn[standard]==0.38.0
diff --git a/systemd/tg-watchbot.service b/systemd/tg-watchbot.service
new file mode 100644
index 0000000..2cb70fe
--- /dev/null
+++ b/systemd/tg-watchbot.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=tg-watchbot
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+WorkingDirectory=/opt/tg-watchbot
+EnvironmentFile=/opt/tg-watchbot/.env
+ExecStart=/opt/tg-watchbot/.venv/bin/python /opt/tg-watchbot/app.py
+Restart=on-failure
+RestartSec=10
+User=tg-watchbot
+Group=tg-watchbot
+UMask=0077
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=full
+ReadWritePaths=/opt/tg-watchbot
+
+[Install]
+WantedBy=multi-user.target