incremnt 0.1.4 → 0.1.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "incremnt",
-  "version": "0.1.4",
+  "version": "0.1.7",
   "description": "Command-line tool for querying your incremnt strength training data",
   "license": "MIT",
   "type": "module",

package/src/contract.js

@@ -1,9 +1,10 @@
 export const contractVersion = 1;
 
 export const capabilities = {
-  readOnly: true,
+  readOnly: false,
   localSnapshots: true,
   remoteReads: true,
+  remoteWrites: true,
   remoteAuthShell: true,
   remoteBootstrap: true
 };
@@ -82,11 +83,92 @@ export const commandSchema = [
     id: 'records',
     description: 'Personal records',
     options: []
+  },
+  {
+    command: 'goals list',
+    id: 'goals-list',
+    description: 'List strength plans and lift goals',
+    options: []
+  },
+  {
+    command: 'goals show',
+    id: 'goals-show',
+    description: 'Show strength plan goal details',
+    usage: 'goals show --id <plan-id>',
+    options: [
+      { name: 'id', type: 'string', required: true, description: 'Plan ID' }
+    ]
   }
 ];
 
+export const writeCommandSchema = [
+  {
+    command: 'programs propose',
+    id: 'programs-propose',
+    description: 'Submit a program proposal',
+    usage: 'programs propose --file <file>',
+    options: [
+      { name: 'file', type: 'string', required: true, description: 'Path to proposal JSON file' }
+    ]
+  },
+  {
+    command: 'programs proposals',
+    id: 'programs-proposals',
+    description: 'List program proposals',
+    options: [
+      { name: 'status', type: 'string', required: false, description: 'Filter by status (pending, accepted, dismissed)' }
+    ]
+  },
+  {
+    command: 'programs proposal dismiss',
+    id: 'proposal-dismiss',
+    description: 'Dismiss a program proposal',
+    usage: 'programs proposal dismiss --id <id>',
+    options: [
+      { name: 'id', type: 'string', required: true, description: 'Proposal ID' }
+    ]
+  }
+];
+
+export const writeCommands = new Set(writeCommandSchema.map((c) => c.id));
+
+export const proposalSchema = {
+  description: 'JSON structure for programs propose --file. Weights are omitted — iOS calculates from history.',
+  required: ['name', 'equipmentTier', 'days'],
+  properties: {
+    name: { type: 'string', description: 'Program name' },
+    equipmentTier: { type: 'string', enum: ['fullGym', 'benchDumbbells', 'dumbbellsOnly', 'bodyweightOnly'] },
+    trainingWeekdays: { type: 'array', items: { type: 'integer', minimum: 0, maximum: 6 }, description: 'Days of week (0=Sun). Optional.' },
+    rationale: { type: 'string', description: 'Why this program was suggested. Optional.' },
+    days: {
+      type: 'array',
+      minItems: 1,
+      items: {
+        required: ['title', 'exercises'],
+        properties: {
+          title: { type: 'string', description: 'Day name, e.g. "Upper A"' },
+          exercises: {
+            type: 'array',
+            minItems: 1,
+            items: {
+              required: ['name', 'sets', 'reps'],
+              properties: {
+                name: { type: 'string', description: 'Exercise name (use canonical names from records or exercises history)' },
+                muscleGroup: { type: 'string', description: 'e.g. "Chest", "Back". Optional.' },
+                sets: { type: 'integer', minimum: 1 },
+                reps: { type: 'integer', minimum: 1 }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+};
+
 export const officialCommands = [
   ...commandSchema.map((c) => c.usage ?? c.command),
+  ...writeCommandSchema.map((c) => c.usage ?? c.command),
   'status',
   'contract',
   'login',

package/src/format.js

@@ -1,5 +1,5 @@
 import chalk from 'chalk';
-import { commandSchema } from './contract.js';
+import { commandSchema, writeCommandSchema } from './contract.js';
 
 const shortMonths = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'];
 const shortDays = ['Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat'];
@@ -366,6 +366,48 @@ function formatWhyDidThisChange(payload) {
   return lines.join('\n');
 }
 
+function formatProposalCreated(payload) {
+  if (!payload) return 'No proposal data.';
+  const lines = [
+    header('PROPOSAL CREATED'),
+    '',
+    keyValue('ID', payload.id),
+    keyValue('Status', payload.status),
+    keyValue('Program', payload.proposal?.name ?? 'Untitled'),
+    keyValue('Days', String(payload.proposal?.days?.length ?? 0))
+  ];
+  return lines.join('\n');
+}
+
+function formatProposalsList(payload) {
+  if (!Array.isArray(payload) || payload.length === 0) {
+    return 'No proposals found.';
+  }
+
+  const statusBadge = (status) => {
+    if (status === 'pending') return chalk.yellow(status);
+    if (status === 'accepted') return chalk.green(status);
+    if (status === 'dismissed') return chalk.dim(status);
+    return status;
+  };
+
+  const lines = [header('PROGRAM PROPOSALS'), ''];
+
+  for (const p of payload) {
+    const name = p.proposal?.name ?? 'Untitled';
+    const days = p.proposal?.days?.length ?? 0;
+    const date = formatShortDate(p.createdAt);
+    lines.push(` ${statusBadge(p.status)}  ${chalk.bold(name)}${dimDot()}${chalk.dim(`${days} days`)}${dimDot()}${chalk.dim(date)}${dimDot()}${chalk.dim(p.id)}`);
+  }
+
+  return lines.join('\n');
+}
+
+function formatProposalDismissed(payload) {
+  if (!payload) return 'Proposal not found.';
+  return ` Proposal ${chalk.bold(payload.id)} dismissed.`;
+}
+
 // --- Main export ---
 
 export function formatHelp() {
@@ -380,6 +422,9 @@ export function formatHelp() {
     header('COMMANDS'),
     ...commandSchema.map((c) => cmd(c.usage ?? c.command, c.description)),
     '',
+    header('WRITE COMMANDS'),
+    ...writeCommandSchema.map((c) => cmd(c.usage ?? c.command, c.description)),
+    '',
     header('AUTH'),
     cmd('login', 'Sign in (opens browser)'),
     cmd('login --base-url <url>', 'Sign in to a specific server'),
@@ -413,7 +458,10 @@ export function formatPretty(command, payload) {
     'program-list': formatProgramList,
     'program-detail': formatProgramDetail,
     'planned-vs-actual': formatPlannedVsActual,
-    'why-did-this-change': formatWhyDidThisChange
+    'why-did-this-change': formatWhyDidThisChange,
+    'programs-propose': formatProposalCreated,
+    'programs-proposals': formatProposalsList,
+    'proposal-dismiss': formatProposalDismissed
   }[command];
 
   return formatter ? formatter(payload) : null;

package/src/lib.js

@@ -1,6 +1,6 @@
 import fs from 'node:fs/promises';
 import { spawn } from 'node:child_process';
-import { capabilities, commandSchema, contractVersion, officialCommands, readCommands } from './contract.js';
+import { capabilities, commandSchema, contractVersion, officialCommands, proposalSchema, readCommands, writeCommands, writeCommandSchema } from './contract.js';
 import {
   bootstrapSessionFromRemoteBaseUrl,
   bootstrapSessionFromRemoteBaseUrlWithDeviceFlow,
@@ -54,12 +54,16 @@ export async function runCli(argv, stdout, stderr) {
   const { command, options } = parseArgs(argv);
   const normalizedCommand = ({
     ...Object.fromEntries(commandSchema.map((c) => [c.command, c.id])),
+    ...Object.fromEntries(writeCommandSchema.map((c) => [c.command, c.id])),
     insights: 'session-insights',
     history: 'exercise-history',
     prs: 'records',
     program: 'program-summary',
     compare: 'planned-vs-actual',
-    explain: 'why-did-this-change'
+    explain: 'why-did-this-change',
+    propose: 'programs-propose',
+    proposals: 'programs-proposals',
+    dismiss: 'proposal-dismiss'
   })[command] ?? command;
 
   if (!command || options.help) {
@@ -109,7 +113,9 @@ export async function runCli(argv, stdout, stderr) {
       binary: 'incremnt',
       capabilities,
       officialCommands,
-      schema: commandSchema
+      schema: commandSchema,
+      writeSchema: writeCommandSchema,
+      proposalSchema
     }, null, 2)}\n`);
     return 0;
   }
@@ -263,6 +269,28 @@ export async function runCli(argv, stdout, stderr) {
   const wantJson = options.json || !(stdout.isTTY ?? false);
   const explicitJson = Boolean(options.json);
 
+  if (writeCommands.has(normalizedCommand)) {
+    try {
+      const payload = await transport.executeWriteCommand(normalizedCommand, options);
+      if (wantJson) {
+        stdout.write(`${JSON.stringify(payload, null, 2)}\n`);
+      } else {
+        const pretty = formatPretty(normalizedCommand, payload);
+        stdout.write(`${pretty ?? JSON.stringify(payload, null, 2)}\n`);
+      }
+
+      return 0;
+    } catch (error) {
+      if (explicitJson) {
+        stdout.write(`${JSON.stringify({ error: error.message, code: error.code ?? null }, null, 2)}\n`);
+      } else {
+        stderr.write(`${error.message}\n`);
+      }
+
+      return 1;
+    }
+  }
+
   if (!readCommands.has(normalizedCommand)) {
     const message = `Unknown command: ${command}`;
     if (explicitJson) {

package/src/queries.js

@@ -296,6 +296,57 @@ export function programDetail(snapshot, programId) {
   };
 }
 
+export function goalsList(snapshot) {
+  return (snapshot.strengthPlans ?? []).map(plan => ({
+    planId: plan.id,
+    status: plan.status,
+    strengthLevel: plan.strengthLevel,
+    programId: plan.programId ?? null,
+    startDate: plan.startDate,
+    finishDate: plan.finishDate ?? null,
+    durationWeeks: plan.durationWeeks,
+    goalCount: (plan.liftGoals ?? []).length,
+    goalsWithData: (plan.liftGoals ?? []).filter(g => g.hasLoggedData).length
+  }));
+}
+
+export function goalDetail(snapshot, planId) {
+  const plans = snapshot.strengthPlans ?? [];
+  const plan = planId
+    ? plans.find(p => p.id === planId)
+    : plans.find(p => p.status === 'active') ?? plans[0];
+  if (!plan) return null;
+
+  return {
+    planId: plan.id,
+    status: plan.status,
+    strengthLevel: plan.strengthLevel,
+    programId: plan.programId ?? null,
+    startDate: plan.startDate,
+    finishDate: plan.finishDate ?? null,
+    durationWeeks: plan.durationWeeks,
+    liftGoals: (plan.liftGoals ?? []).map(g => {
+      const range = g.targetE1RM - g.startingE1RM;
+      const gained = g.currentBestE1RM - g.startingE1RM;
+      const progressPct = range > 0 ? Math.round((gained / range) * 100) : null;
+      return {
+        exerciseId: g.exerciseId,
+        exerciseName: g.exerciseDisplayName,
+        startingE1RM: g.startingE1RM,
+        targetE1RM: g.targetE1RM,
+        currentBestE1RM: g.currentBestE1RM,
+        currentBestWeight: g.currentBestWeight,
+        currentBestReps: g.currentBestReps,
+        progressPercent: progressPct,
+        targetLevel: g.targetLevel,
+        hasLoggedData: g.hasLoggedData,
+        lastUpdatedDate: g.lastUpdatedDate ?? null,
+        startingIsEstimated: g.startingE1RMIsEstimated
+      };
+    })
+  };
+}
+
 function requiredOption(options, primaryKey, legacyKey = null) {
   return options[primaryKey] ?? (legacyKey ? options[legacyKey] : undefined);
 }
@@ -385,5 +436,18 @@ export function executeReadCommand(snapshot, normalizedCommand, options = {}) {
     return { ok: true, payload };
   }
 
+  if (normalizedCommand === 'goals-list') {
+    return { ok: true, payload: goalsList(snapshot) };
+  }
+
+  if (normalizedCommand === 'goals-show') {
+    const planId = requiredOption(options, 'id');
+    const payload = goalDetail(snapshot, planId ?? null);
+    if (!payload) {
+      return { ok: false, error: planId ? `Plan not found: ${planId}` : 'No strength plans found' };
+    }
+    return { ok: true, payload };
+  }
+
   return { ok: false, error: `Unknown read command: ${normalizedCommand}` };
 }

package/src/remote.js

@@ -1,3 +1,4 @@
+import fs from 'node:fs/promises';
 import { readSnapshot } from './local.js';
 import { executeReadCommand } from './queries.js';
 import { resolveServiceUrl } from './service-url.js';
@@ -27,8 +28,11 @@ const remoteCommandHandlers = {
   records: executeRemoteRead,
   'program-list': executeRemoteRead,
   'program-summary': executeRemoteRead,
+  'program-detail': executeRemoteRead,
   'planned-vs-actual': executeRemoteRead,
-  'why-did-this-change': executeRemoteRead
+  'why-did-this-change': executeRemoteRead,
+  'goals-list': executeRemoteRead,
+  'goals-show': executeRemoteRead
 };
 
 async function executeRemoteRead(options, sessionState, normalizedCommand) {
@@ -105,6 +109,8 @@ function endpointForCommand(baseUrl, normalizedCommand, options) {
       return resolveServiceUrl(baseUrl, '/cli/programs');
     case 'program-summary':
       return resolveServiceUrl(baseUrl, '/cli/programs/current');
+    case 'program-detail':
+      return resolveServiceUrl(baseUrl, options.id ? `/cli/programs/${options.id}` : '/cli/programs/active');
     case 'exercise-history': {
       const historyUrl = resolveServiceUrl(baseUrl, '/cli/exercises/history');
       historyUrl.searchParams.set('name', options.name ?? options.exercise);
@@ -129,6 +135,105 @@ function resourceNotFoundMessage(normalizedCommand, options) {
   return 'Requested resource was not found.';
 }
 
+const remoteWriteCommandHandlers = {
+  'programs-propose': async (options, sessionState) => {
+    const baseUrl = sessionState.session?.transport?.baseUrl;
+    if (!baseUrl) throw notImplementedError();
+
+    const filePath = options.file;
+    if (!filePath) {
+      const error = new Error('--file is required for programs propose.');
+      error.code = 'MISSING_OPTION';
+      throw error;
+    }
+
+    const raw = await fs.readFile(filePath, 'utf8');
+    const proposal = JSON.parse(raw);
+
+    const endpoint = resolveServiceUrl(baseUrl, '/cli/programs/proposals');
+    const response = await fetch(endpoint, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        Authorization: `Bearer ${sessionState.session?.auth?.accessToken ?? ''}`
+      },
+      body: JSON.stringify(proposal)
+    });
+
+    if (response.status === 401 || response.status === 403) throw authenticationFailedError();
+    if (!response.ok) {
+      const payload = await response.json().catch(() => null);
+      const error = new Error(payload?.error ?? `Unexpected error (HTTP ${response.status}).`);
+      error.code = 'REMOTE_HTTP_ERROR';
+      throw error;
+    }
+
+    return response.json();
+  },
+
+  'programs-proposals': async (options, sessionState) => {
+    const baseUrl = sessionState.session?.transport?.baseUrl;
+    if (!baseUrl) throw notImplementedError();
+
+    const endpoint = resolveServiceUrl(baseUrl, '/cli/programs/proposals');
+    if (options.status) {
+      endpoint.searchParams.set('status', options.status);
+    }
+
+    const response = await fetch(endpoint, {
+      headers: {
+        Authorization: `Bearer ${sessionState.session?.auth?.accessToken ?? ''}`
+      }
+    });
+
+    if (response.status === 401 || response.status === 403) throw authenticationFailedError();
+    if (!response.ok) {
+      const payload = await response.json().catch(() => null);
+      const error = new Error(payload?.error ?? `Unexpected error (HTTP ${response.status}).`);
+      error.code = 'REMOTE_HTTP_ERROR';
+      throw error;
+    }
+
+    return response.json();
+  },
+
+  'proposal-dismiss': async (options, sessionState) => {
+    const baseUrl = sessionState.session?.transport?.baseUrl;
+    if (!baseUrl) throw notImplementedError();
+
+    if (!options.id) {
+      const error = new Error('--id is required for proposal dismiss.');
+      error.code = 'MISSING_OPTION';
+      throw error;
+    }
+
+    const endpoint = resolveServiceUrl(baseUrl, `/cli/programs/proposals/${options.id}`);
+    const response = await fetch(endpoint, {
+      method: 'PATCH',
+      headers: {
+        'Content-Type': 'application/json',
+        Authorization: `Bearer ${sessionState.session?.auth?.accessToken ?? ''}`
+      },
+      body: JSON.stringify({ status: 'dismissed' })
+    });
+
+    if (response.status === 401 || response.status === 403) throw authenticationFailedError();
+    if (response.status === 404) {
+      const error = new Error(`Proposal not found: ${options.id}`);
+      error.code = 'REMOTE_NOT_FOUND';
+      throw error;
+    }
+    if (!response.ok) {
+      const payload = await response.json().catch(() => null);
+      const error = new Error(payload?.error ?? `Unexpected error (HTTP ${response.status}).`);
+      error.code = 'REMOTE_HTTP_ERROR';
+      throw error;
+    }
+
+    return response.json();
+  }
+};
+
 export function createRemoteTransport(sessionState, transportOptions = {}) {
   return {
     kind: 'remote',
@@ -156,6 +261,20 @@ export function createRemoteTransport(sessionState, transportOptions = {}) {
       }
 
       return handler(options, sessionState, normalizedCommand);
+    },
+    async executeWriteCommand(normalizedCommand, options = {}) {
+      if (transportOptions.expired) {
+        throw expiredSessionError();
+      }
+
+      const handler = remoteWriteCommandHandlers[normalizedCommand];
+      if (!handler) {
+        const error = new Error(`Unknown remote write command: ${normalizedCommand}`);
+        error.code = 'UNKNOWN_REMOTE_COMMAND';
+        throw error;
+      }
+
+      return handler(options, sessionState);
     }
   };
 }

package/src/sync-service.js

@@ -16,7 +16,9 @@ const DEFAULT_RATE_LIMIT_RULES = {
   'web-auth-start': 20,
   'web-auth-callback': 20,
   'session-login': 60,
-  'session-refresh': 30
+  'session-refresh': 30,
+  'proposals': 30,
+  'proposal-update': 30
 };
 
 function json(response, statusCode, payload) {
@@ -208,10 +210,23 @@ function routeRequest(url) {
     return { command: 'program-list', options: {} };
   }
 
+  if (pathname === '/cli/programs/proposals') {
+    return { command: 'proposals', options: { status: url.searchParams.get('status') ?? undefined } };
+  }
+
+  const proposalUpdateMatch = pathname.match(/^\/cli\/programs\/proposals\/([^/]+)$/);
+  if (proposalUpdateMatch) {
+    return { command: 'proposal-update', options: { id: proposalUpdateMatch[1] } };
+  }
+
   if (pathname === '/cli/programs/current') {
     return { command: 'program-summary', options: {} };
   }
 
+  if (pathname === '/cli/programs/active') {
+    return { command: 'program-detail', options: {} };
+  }
+
   const programShowMatch = pathname.match(/^\/cli\/programs\/([^/]+)$/);
   if (programShowMatch) {
     return { command: 'program-detail', options: { id: programShowMatch[1] } };
@@ -230,6 +245,15 @@ function routeRequest(url) {
     return { command: 'records', options: {} };
   }
 
+  if (pathname === '/cli/goals') {
+    return { command: 'goals-list', options: {} };
+  }
+
+  const goalsShowMatch = pathname.match(/^\/cli\/goals\/([^/]+)$/);
+  if (goalsShowMatch) {
+    return { command: 'goals-show', options: { id: decodeURIComponent(goalsShowMatch[1]) } };
+  }
+
   const compareMatch = pathname.match(/^\/cli\/sessions\/([^/]+)\/compare$/);
   if (compareMatch) {
     return {
@@ -519,6 +543,55 @@ function escapeHtml(value) {
     .replaceAll("'", ''');
 }
 
+const VALID_EQUIPMENT_TIERS = ['fullGym', 'benchDumbbells', 'dumbbellsOnly', 'bodyweightOnly'];
+
+function validateProposal(proposal) {
+  if (!proposal || typeof proposal !== 'object') {
+    return 'Proposal must be a JSON object.';
+  }
+  if (typeof proposal.name !== 'string' || !proposal.name.trim()) {
+    return 'Proposal name is required.';
+  }
+  if (!VALID_EQUIPMENT_TIERS.includes(proposal.equipmentTier)) {
+    return `equipmentTier must be one of: ${VALID_EQUIPMENT_TIERS.join(', ')}`;
+  }
+  if (proposal.trainingWeekdays !== undefined) {
+    if (!Array.isArray(proposal.trainingWeekdays) || proposal.trainingWeekdays.length === 0) {
+      return 'trainingWeekdays must be a non-empty array of integers 0-6.';
+    }
+    for (const d of proposal.trainingWeekdays) {
+      if (!Number.isInteger(d) || d < 0 || d > 6) {
+        return 'trainingWeekdays values must be integers 0-6.';
+      }
+    }
+  }
+  if (!Array.isArray(proposal.days) || proposal.days.length === 0) {
+    return 'Proposal must have at least one day.';
+  }
+  for (let i = 0; i < proposal.days.length; i++) {
+    const day = proposal.days[i];
+    if (typeof day.title !== 'string' || !day.title.trim()) {
+      return `Day ${i + 1}: title is required.`;
+    }
+    if (!Array.isArray(day.exercises) || day.exercises.length === 0) {
+      return `Day ${i + 1}: must have at least one exercise.`;
+    }
+    for (let j = 0; j < day.exercises.length; j++) {
+      const ex = day.exercises[j];
+      if (typeof ex.name !== 'string' || !ex.name.trim()) {
+        return `Day ${i + 1}, exercise ${j + 1}: name is required.`;
+      }
+      if (typeof ex.sets !== 'number' || ex.sets < 1) {
+        return `Day ${i + 1}, exercise ${j + 1}: sets must be >= 1.`;
+      }
+      if (typeof ex.reps !== 'number' || ex.reps < 1) {
+        return `Day ${i + 1}, exercise ${j + 1}: reps must be >= 1.`;
+      }
+    }
+  }
+  return null;
+}
+
 export function syncServiceContractPayload({
   auth = {
     tokenBootstrap: true,
@@ -587,7 +660,10 @@ export function createSyncServiceRequestHandler({
   refreshSession,
   allowManualDeviceApproval = false,
   rateLimitConfig = null,
-  corsOrigins = []
+  corsOrigins = [],
+  createProposalForAccount = null,
+  listProposalsForAccount = null,
+  updateProposalForAccount = null
 }) {
   const rateLimiter = createRateLimiter(rateLimitConfig ?? {});
 
@@ -603,7 +679,7 @@ export function createSyncServiceRequestHandler({
       if (corsAllowed) {
         response.setHeader('Access-Control-Allow-Origin', origin);
         response.setHeader('Access-Control-Allow-Headers', 'Authorization, Content-Type');
-        response.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, OPTIONS');
+        response.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, OPTIONS');
       }
 
       if (request.method === 'OPTIONS') {
@@ -1223,6 +1299,112 @@ export function createSyncServiceRequestHandler({
       const readAuthenticator = authenticateReadToken ?? authenticateToken;
       const writeAuthenticator = authenticateWriteToken ?? authenticateToken;
 
+      if (route.command === 'proposals') {
+        if (request.method === 'POST') {
+          if (!createProposalForAccount) {
+            methodNotAllowed(response, 'Proposal creation is not enabled for this service mode.');
+            return;
+          }
+
+          const proposalAccount = writeAuthenticator
+            ? await writeAuthenticator(requestToken)
+            : requestToken === token
+              ? { id: 'remote-user', email: null }
+              : null;
+          if (!proposalAccount) {
+            unauthorized(response, request);
+            return;
+          }
+
+          try {
+            const body = await readJsonBody(request);
+            const validationError = validateProposal(body);
+            if (validationError) {
+              badRequest(response, validationError);
+              return;
+            }
+
+            const result = await createProposalForAccount(proposalAccount, {
+              source: body.source ?? {},
+              proposal: body
+            });
+            json(response, 201, result);
+            return;
+          } catch (error) {
+            badRequest(response, error.message);
+            return;
+          }
+        }
+
+        if (request.method === 'GET') {
+          if (!listProposalsForAccount) {
+            methodNotAllowed(response, 'Proposal listing is not enabled for this service mode.');
+            return;
+          }
+
+          const listAccount = readAuthenticator
+            ? await readAuthenticator(requestToken)
+            : requestToken === token
+              ? { id: 'remote-user', email: null }
+              : null;
+          if (!listAccount) {
+            unauthorized(response, request);
+            return;
+          }
+
+          const proposals = await listProposalsForAccount(listAccount, {
+            status: route.options.status
+          });
+          json(response, 200, proposals);
+          return;
+        }
+
+        methodNotAllowed(response, 'Use GET or POST for /cli/programs/proposals.');
+        return;
+      }
+
+      if (route.command === 'proposal-update') {
+        if (request.method !== 'PATCH') {
+          methodNotAllowed(response, 'Use PATCH for /cli/programs/proposals/:id.');
+          return;
+        }
+
+        if (!updateProposalForAccount) {
+          methodNotAllowed(response, 'Proposal updates are not enabled for this service mode.');
+          return;
+        }
+
+        const proposalAccount = writeAuthenticator
+          ? await writeAuthenticator(requestToken)
+          : requestToken === token
+            ? { id: 'remote-user', email: null }
+            : null;
+        if (!proposalAccount) {
+          unauthorized(response, request);
+          return;
+        }
+
+        try {
+          const body = await readJsonBody(request);
+          if (body.status !== 'accepted' && body.status !== 'dismissed') {
+            badRequest(response, 'status must be "accepted" or "dismissed".');
+            return;
+          }
+
+          const result = await updateProposalForAccount(proposalAccount, route.options.id, body.status);
+          if (!result) {
+            notFound(response, 'Proposal not found.');
+            return;
+          }
+
+          json(response, 200, result);
+          return;
+        } catch (error) {
+          badRequest(response, error.message);
+          return;
+        }
+      }
+
       if (route.command === 'contract') {
         const account = readAuthenticator
           ? await readAuthenticator(requestToken)

package/src/transport.js

@@ -32,6 +32,11 @@ function createLocalTransport(snapshotSource) {
       }
 
       return result.payload;
+    },
+    async executeWriteCommand() {
+      const error = new Error('Write commands require a remote session. Run incremnt login first.');
+      error.code = 'WRITE_REQUIRES_REMOTE';
+      throw error;
     }
   };
 }