From 640d0b9c7bb914decb6effa0523eaf891d77d1c0 Mon Sep 17 00:00:00 2001
From: Julianemeka <julianemeka07@gmail.com>
Date: Thu, 4 Jun 2026 02:43:37 +0000
Subject: [PATCH] feat: implement cooperative multi-meter management (#351)

---
 .../src/app/api/__tests__/regression.test.ts  |  49 +++--
 apps/web/src/app/api/cooperative/me/route.ts  |  19 ++
 .../src/app/api/cooperative/stats/route.ts    |  42 ++++
 .../src/app/api/governance/[id]/vote/route.ts |  51 +++++
 apps/web/src/app/api/governance/route.ts      |  85 +++++++++
 apps/web/src/app/api/meters/route.test.ts     |  36 +++-
 apps/web/src/app/api/meters/route.ts          |  27 ++-
 apps/web/src/app/certificates/page.tsx        |   1 +
 apps/web/src/app/dashboard/page.tsx           |   2 +-
 apps/web/src/app/governance/page.tsx          | 179 +++++++++++-------
 apps/web/src/app/meters/page.tsx              |  27 +--
 apps/web/src/app/settings/page.tsx            |  64 +++++--
 apps/web/src/lib/auth.ts                      |  13 +-
 apps/web/src/lib/database.types.ts            |  26 ++-
 .../20260603000000_cooperative_accounts.sql   |  83 ++++++++
 15 files changed, 566 insertions(+), 138 deletions(-)
 create mode 100644 apps/web/src/app/api/cooperative/me/route.ts
 create mode 100644 apps/web/src/app/api/cooperative/stats/route.ts
 create mode 100644 apps/web/src/app/api/governance/[id]/vote/route.ts
 create mode 100644 apps/web/src/app/api/governance/route.ts
 create mode 100644 supabase/migrations/20260603000000_cooperative_accounts.sql

diff --git a/apps/web/src/app/api/__tests__/regression.test.ts b/apps/web/src/app/api/__tests__/regression.test.ts
index f94171c..302b857 100644
--- a/apps/web/src/app/api/__tests__/regression.test.ts
+++ b/apps/web/src/app/api/__tests__/regression.test.ts
@@ -27,7 +27,7 @@ vi.mock('@/lib/cache', () => ({
   checkRateLimit: vi.fn().mockResolvedValue({ allowed: true }),
 }))
 vi.mock('@/lib/auth', () => ({
-  requireAuth: vi.fn().mockResolvedValue({ user: { id: 'user-1' } }),
+  requireAuth: vi.fn().mockResolvedValue({ user: { id: 'user-1' }, cooperativeId: 'coop-1' }),
   isAuthError: vi.fn().mockReturnValue(false),
 }))
 vi.mock('@/lib/webhooks', () => ({
@@ -41,10 +41,12 @@ import { createServiceClient } from '@/lib/supabase'
 import { POST as postReading } from '@/app/api/readings/route'
 import { POST as postMeter } from '@/app/api/meters/route'
 import { mintCertificates } from '@/lib/stellar'
+import { requireAuth } from '@/lib/auth'
 
 // ── Helpers ───────────────────────────────────────────────────────────────────
 
 const METER_ID = '123e4567-e89b-12d3-a456-426614174000'
+const COOP_ID = 'coop-1'
 const KWH = 5.0
 const TIMESTAMP = 1_700_000_000
 
@@ -140,16 +142,29 @@ function mockReadingDb(meter: unknown) {
   } as ReturnType<typeof createServiceClient>)
 }
 
-function mockMeterDb({ existing = null }: { existing?: unknown } = {}) {
+function mockMeterDb({
+  existing = null,
+  accountType = 'cooperative',
+  meterCount = 0,
+}: { existing?: unknown; accountType?: string; meterCount?: number } = {}) {
   const maybeSingle = vi.fn().mockResolvedValue({ data: existing })
   const insertSingle = vi.fn().mockResolvedValue({
     data: { id: 'meter-1', active: true },
     error: null,
   })
+
   vi.mocked(createServiceClient).mockReturnValue({
     from: vi.fn().mockReturnValue({
-      select: vi.fn().mockReturnValue({
-        eq: vi.fn().mockReturnValue({ maybeSingle }),
+      select: vi.fn().mockImplementation((_fields, options) => {
+        if (options?.count) {
+          return Promise.resolve({ count: meterCount, error: null })
+        }
+        return {
+          eq: vi.fn().mockReturnValue({
+            maybeSingle: vi.fn().mockResolvedValue({ data: existing }),
+            single: vi.fn().mockResolvedValue({ data: { account_type: accountType }, error: null }),
+          }),
+        }
       }),
       insert: vi.fn().mockReturnValue({
         select: vi.fn().mockReturnValue({ single: insertSingle }),
@@ -158,7 +173,10 @@ function mockMeterDb({ existing = null }: { existing?: unknown } = {}) {
   } as ReturnType<typeof createServiceClient>)
 }
 
-beforeEach(() => vi.clearAllMocks())
+beforeEach(() => {
+  vi.clearAllMocks()
+  vi.mocked(requireAuth).mockResolvedValue({ user: { id: 'user-1' }, cooperativeId: COOP_ID, accessToken: 'abc' })
+})
 
 // ── Issue #29 — Input validation on all API routes ────────────────────────────
 
@@ -220,7 +238,6 @@ describe('regression issue_29: input validation on API routes', () => {
     mockMeterDb()
     const res = await postMeter(
       makeMeterRequest({
-        cooperative_id: '123e4567-e89b-12d3-a456-426614174000',
         serial_number: 'SN-001',
         pubkey_hex: 'a'.repeat(64),
       })
@@ -228,30 +245,30 @@ describe('regression issue_29: input validation on API routes', () => {
     expect(res.status).toBe(400)
   })
 
-  it('test_issue_29_meters_rejects_invalid_cooperative_id', async () => {
+  it('test_issue_29_meters_rejects_wrong_length_pubkey', async () => {
     mockMeterDb()
     const res = await postMeter(
       makeMeterRequest({
         name: 'Panel A',
-        cooperative_id: 'not-a-uuid',
         serial_number: 'SN-001',
-        pubkey_hex: 'a'.repeat(64),
+        pubkey_hex: 'tooshort',
       })
     )
     expect(res.status).toBe(400)
   })
 
-  it('test_issue_29_meters_rejects_wrong_length_pubkey', async () => {
-    mockMeterDb()
+  it('test_issue_351_meters_enforces_individual_limit', async () => {
+    mockMeterDb({ accountType: 'individual', meterCount: 1 })
     const res = await postMeter(
       makeMeterRequest({
-        name: 'Panel A',
-        cooperative_id: '123e4567-e89b-12d3-a456-426614174000',
-        serial_number: 'SN-001',
-        pubkey_hex: 'tooshort',
+        name: 'Second Meter',
+        serial_number: 'SN-002',
+        pubkey_hex: 'b'.repeat(64),
       })
     )
-    expect(res.status).toBe(400)
+    expect(res.status).toBe(403)
+    const json = await res.json()
+    expect(json.error).toMatch(/limited to 1 meter/i)
   })
 
   it('test_issue_29_validation_runs_before_db_access', async () => {
diff --git a/apps/web/src/app/api/cooperative/me/route.ts b/apps/web/src/app/api/cooperative/me/route.ts
new file mode 100644
index 0000000..133fb6d
--- /dev/null
+++ b/apps/web/src/app/api/cooperative/me/route.ts
@@ -0,0 +1,19 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { createServiceClient } from '@/lib/supabase'
+import { requireAuth, isAuthError } from '@/lib/auth'
+
+/** GET /api/cooperative/me — get current user's cooperative details */
+export async function GET(req: NextRequest) {
+  const auth = await requireAuth(req)
+  if (isAuthError(auth)) return auth
+
+  const db = createServiceClient()
+  const { data, error } = await db
+    .from('cooperatives')
+    .select('id, name, account_type, admin_address, suspended, created_at')
+    .eq('id', auth.cooperativeId)
+    .single()
+
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json(data)
+}
diff --git a/apps/web/src/app/api/cooperative/stats/route.ts b/apps/web/src/app/api/cooperative/stats/route.ts
new file mode 100644
index 0000000..7593bc2
--- /dev/null
+++ b/apps/web/src/app/api/cooperative/stats/route.ts
@@ -0,0 +1,42 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { createServiceClient } from '@/lib/supabase'
+import { requireAuth, isAuthError } from '@/lib/auth'
+
+/**
+ * GET /api/cooperative/stats
+ * Returns cooperative-level stats: total kWh anchored, total certificates, active meters.
+ */
+export async function GET(req: NextRequest) {
+  const auth = await requireAuth(req)
+  if (isAuthError(auth)) return auth
+
+  const db = createServiceClient()
+
+  // For total kWh, we sum readings from all meters in this cooperative
+  const [readingsResult, issuedResult, retiredResult, meterResult] = await Promise.all([
+    db.rpc('sum_cooperative_kwh', { target_cooperative_id: auth.cooperativeId }),
+    db.from('certificates').select('id', { count: 'exact', head: true }).eq('cooperative_id', auth.cooperativeId).eq('retired', false),
+    db.from('certificates').select('id', { count: 'exact', head: true }).eq('cooperative_id', auth.cooperativeId).eq('retired', true),
+    db.from('meters').select('id', { count: 'exact', head: true }).eq('cooperative_id', auth.cooperativeId).eq('active', true),
+  ])
+
+  // If RPC is missing, we fallback to a manual sum (inefficient but safe)
+  let total_kwh = readingsResult.data
+  if (readingsResult.error) {
+    // Better: manual query with join
+    const { data: joinData } = await db
+      .from('readings')
+      .select('kwh, meters!inner(cooperative_id)')
+      .eq('meters.cooperative_id', auth.cooperativeId)
+      .eq('anchored', true)
+    
+    total_kwh = (joinData ?? []).reduce((sum, r) => sum + Number(r.kwh), 0)
+  }
+
+  return NextResponse.json({
+    total_kwh: Math.round((total_kwh ?? 0) * 1000) / 1000,
+    certificates_issued: (issuedResult.count ?? 0) + (retiredResult.count ?? 0),
+    certificates_retired: retiredResult.count ?? 0,
+    active_meters: meterResult.count ?? 0,
+  })
+}
diff --git a/apps/web/src/app/api/governance/[id]/vote/route.ts b/apps/web/src/app/api/governance/[id]/vote/route.ts
new file mode 100644
index 0000000..2be8396
--- /dev/null
+++ b/apps/web/src/app/api/governance/[id]/vote/route.ts
@@ -0,0 +1,51 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { createServiceClient } from '@/lib/supabase'
+import { requireAuth, isAuthError } from '@/lib/auth'
+
+const VoteSchema = z.object({
+  choice: z.enum(['for', 'against', 'abstain']),
+})
+
+/** POST /api/governance/[id]/vote — cast a vote */
+export async function POST(req: NextRequest, { params }: { params: { id: string } }) {
+  const auth = await requireAuth(req)
+  if (isAuthError(auth)) return auth
+
+  const body = await req.json().catch(() => null)
+  const parsed = VoteSchema.safeParse(body)
+  if (!parsed.success) {
+    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
+  }
+
+  const db = createServiceClient()
+
+  // Verify proposal exists and belongs to user's cooperative
+  const { data: proposal, error: fetchError } = await db
+    .from('proposals')
+    .select('id, status, ends_at')
+    .eq('id', params.id)
+    .eq('cooperative_id', auth.cooperativeId)
+    .single()
+
+  if (fetchError || !proposal) {
+    return NextResponse.json({ error: 'Proposal not found' }, { status: 404 })
+  }
+
+  if (proposal.status !== 'active' || new Date(proposal.ends_at) < new Date()) {
+    return NextResponse.json({ error: 'Voting is closed for this proposal' }, { status: 400 })
+  }
+
+  // Record the vote
+  const { error } = await db
+    .from('votes')
+    .upsert({
+      proposal_id: params.id,
+      voter_id: auth.user.id,
+      choice: parsed.data.choice,
+    })
+
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+
+  return NextResponse.json({ message: 'Vote recorded successfully' })
+}
diff --git a/apps/web/src/app/api/governance/route.ts b/apps/web/src/app/api/governance/route.ts
new file mode 100644
index 0000000..757a332
--- /dev/null
+++ b/apps/web/src/app/api/governance/route.ts
@@ -0,0 +1,85 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { z } from 'zod'
+import { createServiceClient } from '@/lib/supabase'
+import { requireAuth, isAuthError } from '@/lib/auth'
+
+const ProposalSchema = z.object({
+  title: z.string().min(1).max(120),
+  description: z.string().min(1).max(2000),
+  action: z.string().max(200).optional(),
+  days: z.number().min(1).max(30).default(7),
+})
+
+/** GET /api/governance — list proposals for user's cooperative */
+export async function GET(req: NextRequest) {
+  const auth = await requireAuth(req)
+  if (isAuthError(auth)) return auth
+
+  const db = createServiceClient()
+  
+  // Fetch proposals and their vote counts
+  const { data, error } = await db
+    .from('proposals')
+    .select(`
+      *,
+      votes (
+        choice
+      )
+    `)
+    .eq('cooperative_id', auth.cooperativeId)
+    .order('created_at', { ascending: false })
+
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+
+  // Process votes into tallies and check if user has voted
+  const proposals = data.map((p: any) => {
+    const votes = p.votes as { choice: string }[]
+    const tally = {
+      for: votes.filter(v => v.choice === 'for').length,
+      against: votes.filter(v => v.choice === 'against').length,
+      abstain: votes.filter(v => v.choice === 'abstain').length,
+    }
+    
+    return {
+      ...p,
+      tally,
+      userVote: undefined, // Will be filled if needed, or handled client-side
+    }
+  })
+
+  return NextResponse.json(proposals)
+}
+
+/** POST /api/governance — create a new proposal */
+export async function POST(req: NextRequest) {
+  const auth = await requireAuth(req)
+  if (isAuthError(auth)) return auth
+
+  const body = await req.json().catch(() => null)
+  const parsed = ProposalSchema.safeParse(body)
+  if (!parsed.success) {
+    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 })
+  }
+
+  const db = createServiceClient()
+
+  const endsAt = new Date()
+  endsAt.setDate(endsAt.getDate() + parsed.data.days)
+
+  const { data, error } = await db
+    .from('proposals')
+    .insert({
+      cooperative_id: auth.cooperativeId,
+      title: parsed.data.title,
+      description: parsed.data.description,
+      action: parsed.data.action,
+      ends_at: endsAt.toISOString(),
+      status: 'active',
+    })
+    .select()
+    .single()
+
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+
+  return NextResponse.json(data, { status: 201 })
+}
diff --git a/apps/web/src/app/api/meters/route.test.ts b/apps/web/src/app/api/meters/route.test.ts
index c8b74b3..e96797c 100644
--- a/apps/web/src/app/api/meters/route.test.ts
+++ b/apps/web/src/app/api/meters/route.test.ts
@@ -2,12 +2,13 @@ import { describe, it, expect, vi, beforeEach } from 'vitest'
 
 vi.mock('@/lib/supabase', () => ({ createServiceClient: vi.fn() }))
 vi.mock('@/lib/auth', () => ({
-  requireAuth: vi.fn().mockResolvedValue({ user: { id: 'user-1' }, accessToken: 'tok' }),
+  requireAuth: vi.fn().mockResolvedValue({ user: { id: 'user-1' }, cooperativeId: 'coop-1', accessToken: 'tok' }),
   isAuthError: vi.fn().mockReturnValue(false),
 }))
 
 import { createServiceClient } from '@/lib/supabase'
 import { GET, POST } from '@/app/api/meters/route'
+import { requireAuth } from '@/lib/auth'
 
 function makeGetRequest() {
   return {
@@ -20,7 +21,9 @@ function mockDbGet(data: unknown[], error: unknown = null) {
   vi.mocked(createServiceClient).mockReturnValue({
     from: vi.fn().mockReturnValue({
       select: vi.fn().mockReturnValue({
-        order: vi.fn().mockResolvedValue({ data, error }),
+        eq: vi.fn().mockReturnValue({
+          order: vi.fn().mockResolvedValue({ data, error }),
+        }),
       }),
     }),
   } as ReturnType<typeof createServiceClient>)
@@ -35,19 +38,29 @@ function makeRequest(body: unknown) {
 
 const VALID_BODY = {
   name: 'Solar Panel A',
-  cooperative_id: '123e4567-e89b-12d3-a456-426614174000',
   serial_number: 'SN-001',
   pubkey_hex: 'a'.repeat(64),
 }
 
-function mockDb({ existing = null, insertData = { id: 'meter-1', ...VALID_BODY, active: true } } = {}) {
+function mockDb({
+  existing = null,
+  accountType = 'cooperative',
+  meterCount = 0,
+  insertData = { id: 'meter-1', ...VALID_BODY, active: true }
+} = {}) {
   const maybeSingle = vi.fn().mockResolvedValue({ data: existing })
   const insertSingle = vi.fn().mockResolvedValue({ data: insertData, error: null })
 
   vi.mocked(createServiceClient).mockReturnValue({
     from: vi.fn().mockReturnValue({
-      select: vi.fn().mockReturnValue({
-        eq: vi.fn().mockReturnValue({ maybeSingle }),
+      select: vi.fn().mockImplementation((_fields, options) => {
+        if (options?.count) return Promise.resolve({ count: meterCount, error: null })
+        return {
+          eq: vi.fn().mockReturnValue({
+            maybeSingle: vi.fn().mockResolvedValue({ data: existing }),
+            single: vi.fn().mockResolvedValue({ data: { account_type: accountType }, error: null }),
+          }),
+        }
       }),
       insert: vi.fn().mockReturnValue({
         select: vi.fn().mockReturnValue({ single: insertSingle }),
@@ -56,7 +69,10 @@ function mockDb({ existing = null, insertData = { id: 'meter-1', ...VALID_BODY,
   } as ReturnType<typeof createServiceClient>)
 }
 
-beforeEach(() => vi.clearAllMocks())
+beforeEach(() => {
+  vi.clearAllMocks()
+  vi.mocked(requireAuth).mockResolvedValue({ user: { id: 'user-1' }, cooperativeId: 'coop-1', accessToken: 'tok' })
+})
 
 describe('POST /api/meters', () => {
   it('returns 400 when name is missing', async () => {
@@ -80,6 +96,12 @@ describe('POST /api/meters', () => {
     expect(res.status).toBe(201)
   })
 
+  it('returns 403 when individual account limit is reached', async () => {
+    mockDb({ accountType: 'individual', meterCount: 1 })
+    const res = await POST(makeRequest(VALID_BODY))
+    expect(res.status).toBe(403)
+  })
+
   it('returns 400 when pubkey_hex is wrong length', async () => {
     mockDb()
     const res = await POST(makeRequest({ ...VALID_BODY, pubkey_hex: 'short' }))
diff --git a/apps/web/src/app/api/meters/route.ts b/apps/web/src/app/api/meters/route.ts
index 0f2159f..d6ad497 100644
--- a/apps/web/src/app/api/meters/route.ts
+++ b/apps/web/src/app/api/meters/route.ts
@@ -6,7 +6,6 @@ import { requireAuth, isAuthError } from '@/lib/auth'
 
 const RegisterSchema = z.object({
   name: z.string().min(1).max(128),
-  cooperative_id: z.string().uuid(),
   serial_number: z.string().min(1).max(64),
   pubkey_hex: z.string().length(64),
   meter_group: z.string().max(64).optional().nullable(),
@@ -27,6 +26,7 @@ export async function GET(req: NextRequest) {
   const { data, error } = await db
     .from('meters')
     .select('id, name, serial_number, pubkey_hex, active, created_at, cooperative_id, meter_group, tags')
+    .eq('cooperative_id', auth.cooperativeId)
     .order('created_at', { ascending: false })
 
   if (error) return NextResponse.json({ error: error.message }, { status: 500 })
@@ -46,6 +46,24 @@ export async function POST(req: NextRequest) {
 
   const db = createServiceClient()
 
+  // Fetch cooperative account type and current meter count
+  const [{ data: coop }, { count: meterCount }] = await Promise.all([
+    db.from('cooperatives').select('account_type').eq('id', auth.cooperativeId).single(),
+    db.from('meters').select('id', { count: 'exact', head: true }).eq('cooperative_id', auth.cooperativeId),
+  ])
+
+  if (!coop) {
+    return NextResponse.json({ error: 'Cooperative not found' }, { status: 404 })
+  }
+
+  // Enforce 1-meter limit for individual accounts
+  if (coop.account_type === 'individual' && (meterCount ?? 0) >= 1) {
+    return NextResponse.json(
+      { error: 'Individual accounts are limited to 1 meter. Please upgrade to a Cooperative account for multi-meter management.' },
+      { status: 403 }
+    )
+  }
+
   // Check for duplicate public key
   const { data: existing } = await db
     .from('meters')
@@ -59,7 +77,12 @@ export async function POST(req: NextRequest) {
 
   const { data, error } = await db
     .from('meters')
-    .insert({ ...parsed.data, active: true, api_key: generateApiKey() })
+    .insert({
+      ...parsed.data,
+      cooperative_id: auth.cooperativeId,
+      active: true,
+      api_key: generateApiKey(),
+    })
     .select()
     .single()
 
diff --git a/apps/web/src/app/certificates/page.tsx b/apps/web/src/app/certificates/page.tsx
index 7960dc5..bc38a42 100644
--- a/apps/web/src/app/certificates/page.tsx
+++ b/apps/web/src/app/certificates/page.tsx
@@ -43,6 +43,7 @@ export default function CertificatesPage() {
   const { toast, dismiss } = useToast()
   const { address, connected } = useWallet()
   const [retiring, setRetiring] = useState<Certificate | null>(null)
+  const [transferring, setTransferring] = useState<Certificate | null>(null)
   const [selected, setSelected] = useState<Set<string>>(new Set())
   const [bulkRetiring, setBulkRetiring] = useState(false)
 
diff --git a/apps/web/src/app/dashboard/page.tsx b/apps/web/src/app/dashboard/page.tsx
index 67fc184..eb0b43b 100644
--- a/apps/web/src/app/dashboard/page.tsx
+++ b/apps/web/src/app/dashboard/page.tsx
@@ -44,7 +44,7 @@ type Period = 'daily' | 'weekly' | 'monthly'
 // Fetch helpers
 // ---------------------------------------------------------------------------
 async function fetchStats(): Promise<Stats> {
-  const res = await fetch('/api/readings?type=stats')
+  const res = await fetch('/api/cooperative/stats')
   if (!res.ok) throw new Error('Failed to load stats')
   return res.json()
 }
diff --git a/apps/web/src/app/governance/page.tsx b/apps/web/src/app/governance/page.tsx
index 231ae1c..2345193 100644
--- a/apps/web/src/app/governance/page.tsx
+++ b/apps/web/src/app/governance/page.tsx
@@ -3,11 +3,12 @@
 import { useState } from 'react'
 import { Vote, Plus, Clock, CheckCircle, XCircle, Minus, ChevronDown, ChevronUp } from 'lucide-react'
 import { useWallet } from '@/hooks/useWallet'
+import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query'
 
 // ── Types ──────────────────────────────────────────────────────────────────────
 
 type VoteChoice = 'for' | 'against' | 'abstain'
-type ProposalStatus = 'active' | 'passed' | 'rejected' | 'pending'
+type ProposalStatus = 'active' | 'passed' | 'rejected' | 'pending' | 'expired'
 
 interface Tally { for: number; against: number; abstain: number }
 
@@ -17,45 +18,55 @@ interface Proposal {
   description: string
   status: ProposalStatus
   tally: Tally
-  endsAt: Date
+  ends_at: string
   userVote?: VoteChoice
 }
 
-// ── Seed data (replaced by real contract calls in production) ──────────────────
-
-const SEED: Proposal[] = [
-  {
-    id: 'prop-001',
-    title: 'Increase minimum meter reading interval to 15 minutes',
-    description: 'Reduce on-chain anchoring costs by batching readings every 15 minutes instead of every 5.',
-    status: 'active',
-    tally: { for: 142, against: 38, abstain: 12 },
-    endsAt: new Date(Date.now() + 3 * 24 * 60 * 60 * 1000),
-  },
-  {
-    id: 'prop-002',
-    title: 'Add support for wind energy certificates',
-    description: 'Extend the energy_token contract to support wind generation alongside solar.',
-    status: 'active',
-    tally: { for: 89, against: 61, abstain: 5 },
-    endsAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
-  },
-  {
-    id: 'prop-003',
-    title: 'Integrate I-REC bridge (v1)',
-    description: 'Build a bridge to the I-REC registry so SolarProof certificates can be cross-listed.',
-    status: 'passed',
-    tally: { for: 210, against: 30, abstain: 8 },
-    endsAt: new Date(Date.now() - 2 * 24 * 60 * 60 * 1000),
-  },
-]
+// ── Fetchers ──────────────────────────────────────────────────────────────────
+
+async function fetchProposals(): Promise<Proposal[]> {
+  const res = await fetch('/api/governance')
+  if (!res.ok) throw new Error('Failed to load proposals')
+  return res.json()
+}
+
+async function createProposal(body: {
+  title: string
+  description: string
+  action: string
+  days: number
+}): Promise<Proposal> {
+  const res = await fetch('/api/governance', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(body),
+  })
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({}))
+    throw new Error(err.error ?? 'Failed to create proposal')
+  }
+  return res.json()
+}
+
+async function castVote(proposalId: string, choice: VoteChoice): Promise<void> {
+  const res = await fetch(`/api/governance/${proposalId}/vote`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ choice }),
+  })
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({}))
+    throw new Error(err.error ?? 'Failed to cast vote')
+  }
+}
 
 // ── Helpers ────────────────────────────────────────────────────────────────────
 
 function totalVotes(t: Tally) { return t.for + t.against + t.abstain }
 function pct(n: number, total: number) { return total === 0 ? 0 : Math.round((n / total) * 100) }
 
-function countdown(endsAt: Date): string {
+function countdown(endsAtStr: string): string {
+  const endsAt = new Date(endsAtStr)
   const diff = endsAt.getTime() - Date.now()
   if (diff <= 0) return 'Ended'
   const d = Math.floor(diff / 86_400_000)
@@ -68,6 +79,7 @@ const STATUS_BADGE: Record<ProposalStatus, string> = {
   passed: 'bg-green-100 text-green-700 dark:bg-green-900/40 dark:text-green-300',
   rejected: 'bg-red-100 text-red-700 dark:bg-red-900/40 dark:text-red-300',
   pending: 'bg-gray-100 text-gray-600 dark:bg-gray-800 dark:text-gray-400',
+  expired: 'bg-gray-100 text-gray-600 dark:bg-gray-800 dark:text-gray-400',
 }
 
 // ── Sub-components ─────────────────────────────────────────────────────────────
@@ -143,7 +155,7 @@ function ProposalCard({
   walletConnected: boolean
 }) {
   const [expanded, setExpanded] = useState(false)
-  const isActive = proposal.status === 'active'
+  const isActive = proposal.status === 'active' && new Date(proposal.ends_at) > new Date()
 
   return (
     <article
@@ -159,7 +171,7 @@ function ProposalCard({
             {isActive && (
               <span className="flex items-center gap-1 text-xs text-gray-400 dark:text-gray-500">
                 <Clock className="h-3 w-3" aria-hidden="true" />
-                {countdown(proposal.endsAt)}
+                {countdown(proposal.ends_at)}
               </span>
             )}
           </div>
@@ -214,13 +226,30 @@ function ProposalCard({
 interface FormState { title: string; description: string; days: string; action: string }
 const EMPTY: FormState = { title: '', description: '', days: '7', action: '' }
 
-function CreateProposalForm({ onCreated }: { onCreated: (p: Proposal) => void }) {
+function CreateProposalForm({ onCreated }: { onCreated: () => void }) {
   const { connected, connect } = useWallet()
   const [form, setForm] = useState<FormState>(EMPTY)
   const [errors, setErrors] = useState<Partial<FormState>>({})
   const [submitting, setSubmitting] = useState(false)
   const [success, setSuccess] = useState(false)
 
+  const mutation = useMutation({
+    mutationFn: (data: typeof form) => createProposal({
+      title: data.title,
+      description: data.description,
+      action: data.action,
+      days: Number(data.days),
+    }),
+    onSuccess: () => {
+      onCreated()
+      setForm(EMPTY)
+      setErrors({})
+      setSuccess(true)
+      setTimeout(() => setSuccess(false), 3000)
+    },
+    onError: (err: Error) => alert(err.message),
+  })
+
   function validate(): boolean {
     const e: Partial<FormState> = {}
     if (!form.title.trim()) e.title = 'Title is required.'
@@ -238,23 +267,7 @@ function CreateProposalForm({ onCreated }: { onCreated: (p: Proposal) => void })
     if (!connected) {
       try { await connect() } catch { return }
     }
-    setSubmitting(true)
-    // Simulate wallet signature + contract call
-    await new Promise((r) => setTimeout(r, 800))
-    const newProposal: Proposal = {
-      id: `prop-${Date.now()}`,
-      title: form.title.trim(),
-      description: form.description.trim(),
-      status: 'active',
-      tally: { for: 0, against: 0, abstain: 0 },
-      endsAt: new Date(Date.now() + Number(form.days) * 86_400_000),
-    }
-    onCreated(newProposal)
-    setForm(EMPTY)
-    setErrors({})
-    setSubmitting(false)
-    setSuccess(true)
-    setTimeout(() => setSuccess(false), 3000)
+    mutation.mutate(form)
   }
 
   return (
@@ -335,12 +348,12 @@ function CreateProposalForm({ onCreated }: { onCreated: (p: Proposal) => void })
 
         <button
           type="submit"
-          disabled={submitting}
-          aria-busy={submitting}
+          disabled={mutation.isPending}
+          aria-busy={mutation.isPending}
           className="flex items-center gap-2 rounded-lg bg-yellow-400 px-4 py-2 text-sm font-medium text-gray-900 hover:bg-yellow-500 focus:outline-none focus:ring-2 focus:ring-yellow-400 focus:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50"
         >
           <Plus className="h-4 w-4" aria-hidden="true" />
-          {submitting ? 'Submitting…' : connected ? 'Submit Proposal' : 'Connect Wallet & Submit'}
+          {mutation.isPending ? 'Submitting…' : connected ? 'Submit Proposal' : 'Connect Wallet & Submit'}
         </button>
       </form>
     </section>
@@ -378,27 +391,33 @@ function Field({
 
 export default function GovernancePage() {
   const { connected } = useWallet()
-  const [proposals, setProposals] = useState<Proposal[]>(SEED)
+  const qc = useQueryClient()
   const [showForm, setShowForm] = useState(false)
 
+  const { data: proposals = [], isLoading, error } = useQuery({
+    queryKey: ['proposals'],
+    queryFn: fetchProposals,
+  })
+
+  const voteMutation = useMutation({
+    mutationFn: ({ id, choice }: { id: string; choice: VoteChoice }) => castVote(id, choice),
+    onSuccess: () => {
+      qc.invalidateQueries({ queryKey: ['proposals'] })
+    },
+    onError: (err: Error) => alert(err.message),
+  })
+
   function handleVote(id: string, choice: VoteChoice) {
-    setProposals((prev) =>
-      prev.map((p) => {
-        if (p.id !== id) return p
-        const tally = { ...p.tally }
-        tally[choice] += 1
-        return { ...p, tally, userVote: choice }
-      })
-    )
+    voteMutation.mutate({ id, choice })
   }
 
-  function handleCreated(proposal: Proposal) {
-    setProposals((prev) => [proposal, ...prev])
+  function handleCreated() {
+    qc.invalidateQueries({ queryKey: ['proposals'] })
     setShowForm(false)
   }
 
-  const active = proposals.filter((p) => p.status === 'active')
-  const closed = proposals.filter((p) => p.status !== 'active')
+  const active = proposals.filter((p) => p.status === 'active' && new Date(p.ends_at) > new Date())
+  const closed = proposals.filter((p) => p.status !== 'active' || new Date(p.ends_at) <= new Date())
 
   return (
     <div className="mx-auto max-w-3xl px-4 py-8 sm:py-10">
@@ -408,7 +427,7 @@ export default function GovernancePage() {
           <div>
             <h1 className="text-xl font-bold text-gray-900 dark:text-gray-100 sm:text-2xl">Governance</h1>
             <p className="text-sm text-gray-500 dark:text-gray-400">
-              Community proposals for the SolarProof cooperative.
+              Community proposals for your cooperative.
             </p>
           </div>
         </div>
@@ -429,7 +448,19 @@ export default function GovernancePage() {
         </div>
       )}
 
-      {active.length > 0 && (
+      {error && (
+        <p role="alert" className="mb-4 text-sm text-red-600 dark:text-red-400">
+          Failed to load proposals.
+        </p>
+      )}
+
+      {isLoading ? (
+        <div className="space-y-4">
+          {[1, 2].map((i) => (
+            <div key={i} className="h-40 animate-pulse rounded-xl bg-gray-100 dark:bg-gray-800" />
+          ))}
+        </div>
+      ) : active.length > 0 ? (
         <section aria-labelledby="active-heading" className="mb-8">
           <h2 id="active-heading" className="mb-3 text-xs font-semibold uppercase tracking-wide text-gray-400 dark:text-gray-500">
             Active ({active.length})
@@ -440,9 +471,9 @@ export default function GovernancePage() {
             ))}
           </div>
         </section>
-      )}
+      ) : null}
 
-      {closed.length > 0 && (
+      {!isLoading && closed.length > 0 && (
         <section aria-labelledby="closed-heading">
           <h2 id="closed-heading" className="mb-3 text-xs font-semibold uppercase tracking-wide text-gray-400 dark:text-gray-500">
             Closed ({closed.length})
@@ -454,6 +485,12 @@ export default function GovernancePage() {
           </div>
         </section>
       )}
+
+      {!isLoading && active.length === 0 && closed.length === 0 && (
+        <p className="py-12 text-center text-sm text-gray-500 dark:text-gray-400">
+          No proposals found for your cooperative.
+        </p>
+      )}
     </div>
   )
 }
diff --git a/apps/web/src/app/meters/page.tsx b/apps/web/src/app/meters/page.tsx
index e909c46..0417ae8 100644
--- a/apps/web/src/app/meters/page.tsx
+++ b/apps/web/src/app/meters/page.tsx
@@ -26,7 +26,6 @@ async function fetchMeters(): Promise<Meter[]> {
 
 async function registerMeter(body: {
   name: string
-  cooperative_id: string
   serial_number: string
   pubkey_hex: string
   meter_group?: string
@@ -55,7 +54,6 @@ async function revokeMeter(id: string): Promise<void> {
 function RegisterForm({ onSuccess }: { onSuccess: () => void }) {
   const [form, setForm] = useState({
     name: '',
-    cooperative_id: '',
     serial_number: '',
     pubkey_hex: '',
     meter_group: '',
@@ -78,7 +76,6 @@ function RegisterForm({ onSuccess }: { onSuccess: () => void }) {
     onSuccess: () => {
       setForm({
         name: '',
-        cooperative_id: '',
         serial_number: '',
         pubkey_hex: '',
         meter_group: '',
@@ -106,6 +103,12 @@ function RegisterForm({ onSuccess }: { onSuccess: () => void }) {
         Register new meter
       </h2>
 
+      {error && (
+        <div role="alert" className="mb-4 rounded-lg bg-red-50 p-3 text-sm text-red-700 dark:bg-red-900/30 dark:text-red-400">
+          {error}
+        </div>
+      )}
+
       <div className="grid gap-4 sm:grid-cols-2 lg:grid-cols-3">
         <div>
           <label
@@ -125,24 +128,6 @@ function RegisterForm({ onSuccess }: { onSuccess: () => void }) {
           />
         </div>
 
-        <div>
-          <label
-            htmlFor="cooperative_id"
-            className="mb-1 block text-xs font-medium text-gray-600 dark:text-gray-400"
-          >
-            Cooperative ID (UUID)
-          </label>
-          <input
-            id="cooperative_id"
-            type="text"
-            required
-            value={form.cooperative_id}
-            onChange={(e) => setForm((f) => ({ ...f, cooperative_id: e.target.value }))}
-            placeholder="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
-            className="w-full rounded-md border border-gray-300 bg-white px-3 py-2 text-sm text-gray-900 placeholder-gray-400 focus:outline-none focus:ring-2 focus:ring-yellow-400 dark:border-gray-700 dark:bg-gray-800 dark:text-gray-100"
-          />
-        </div>
-
         <div>
           <label
             htmlFor="serial_number"
diff --git a/apps/web/src/app/settings/page.tsx b/apps/web/src/app/settings/page.tsx
index ffd6707..4cc4788 100644
--- a/apps/web/src/app/settings/page.tsx
+++ b/apps/web/src/app/settings/page.tsx
@@ -1,26 +1,69 @@
 'use client'
 
 import { useTheme } from 'next-themes'
-import { Moon, Sun } from 'lucide-react'
+import { useQuery } from '@tanstack/react-query'
+import { Moon, Sun, Building2, User } from 'lucide-react'
 
 export default function SettingsPage() {
   const { resolvedTheme, setTheme, systemTheme } = useTheme()
   const theme = resolvedTheme === 'system' ? systemTheme : resolvedTheme
 
+  const { data: coop, isLoading } = useQuery({
+    queryKey: ['my-cooperative'],
+    queryFn: async () => {
+      const res = await fetch('/api/cooperative/me')
+      if (!res.ok) throw new Error('Failed to load cooperative info')
+      return res.json()
+    }
+  })
+
   function toggleTheme() {
     setTheme(theme === 'dark' ? 'light' : 'dark')
   }
 
   return (
     <div className="mx-auto max-w-4xl px-4 py-8">
-      <h1 className="mb-4 text-2xl font-bold text-gray-900 dark:text-gray-100">User settings</h1>
-      <div className="grid gap-6 rounded-3xl border border-gray-200 bg-white p-6 shadow-sm dark:border-gray-800 dark:bg-gray-950">
-        <section>
+      <h1 className="mb-4 text-2xl font-bold text-gray-900 dark:text-gray-100">Settings</h1>
+      
+      <div className="space-y-6">
+        {/* Account Info */}
+        <section className="rounded-xl border border-gray-200 bg-white p-6 dark:border-gray-800 dark:bg-gray-950">
+          <h2 className="mb-4 text-lg font-semibold text-gray-900 dark:text-gray-100">Account</h2>
+          <div className="flex items-center justify-between">
+            <div className="flex items-center gap-4">
+              <div className="flex h-12 w-12 items-center justify-center rounded-full bg-yellow-100 dark:bg-yellow-900/30">
+                {coop?.account_type === 'cooperative' ? (
+                  <Building2 className="h-6 w-6 text-yellow-600 dark:text-yellow-400" />
+                ) : (
+                  <User className="h-6 w-6 text-yellow-600 dark:text-yellow-400" />
+                )}
+              </div>
+              <div>
+                <p className="text-sm font-medium text-gray-900 dark:text-gray-100 capitalize">
+                  {isLoading ? 'Loading...' : `${coop?.account_type || 'individual'} Account`}
+                </p>
+                <p className="text-xs text-gray-500 dark:text-gray-400">
+                  {coop?.account_type === 'cooperative' 
+                    ? 'Full access to multi-meter management and cooperative governance.'
+                    : 'Limited to 1 meter. Upgrade to Cooperative for multiple meters.'}
+                </p>
+              </div>
+            </div>
+            {coop?.account_type === 'individual' && (
+              <button className="rounded-md bg-yellow-400 px-3 py-1.5 text-xs font-medium text-gray-900 hover:bg-yellow-500">
+                Upgrade
+              </button>
+            )}
+          </div>
+        </section>
+
+        {/* Theme Settings */}
+        <section className="rounded-xl border border-gray-200 bg-white p-6 dark:border-gray-800 dark:bg-gray-950">
           <div className="flex items-center justify-between gap-4">
             <div>
               <h2 className="text-lg font-semibold text-gray-900 dark:text-gray-100">Theme</h2>
               <p className="mt-1 text-sm text-gray-600 dark:text-gray-400">
-                Use dark mode for better low-light readability. Your preference is saved in localStorage.
+                Use dark mode for better low-light readability.
               </p>
             </div>
             <button
@@ -29,19 +72,10 @@ export default function SettingsPage() {
               className="inline-flex items-center gap-2 rounded-full border border-gray-300 bg-gray-50 px-4 py-2 text-sm font-semibold text-gray-900 transition hover:bg-gray-100 dark:border-gray-700 dark:bg-gray-900 dark:text-gray-100 dark:hover:bg-gray-800"
             >
               {theme === 'dark' ? <Sun className="h-4 w-4" aria-hidden="true" /> : <Moon className="h-4 w-4" aria-hidden="true" />}
-              {theme === 'dark' ? 'Light mode' : 'Dark mode'}
+              {theme === 'dark' ? 'Light' : 'Dark'}
             </button>
           </div>
         </section>
-
-        <section className="rounded-3xl bg-gray-50 p-5 dark:bg-gray-900">
-          <p className="text-sm text-gray-700 dark:text-gray-300">
-            Current theme: <span className="font-semibold text-gray-900 dark:text-gray-100">{theme || 'system'}</span>
-          </p>
-          <p className="mt-2 text-sm text-gray-500 dark:text-gray-400">
-            SolarProof stores your theme selection in localStorage under <code className="rounded bg-gray-100 px-1.5 py-0.5 dark:bg-gray-800">solarproof-theme</code>.
-          </p>
-        </section>
       </div>
     </div>
   )
diff --git a/apps/web/src/lib/auth.ts b/apps/web/src/lib/auth.ts
index d44ce71..a0faa45 100644
--- a/apps/web/src/lib/auth.ts
+++ b/apps/web/src/lib/auth.ts
@@ -71,7 +71,7 @@ export async function revokeToken(accessToken: string): Promise<void> {
  */
 export async function requireAuth(
   req: NextRequest
-): Promise<{ user: { id: string; email?: string }; accessToken: string } | NextResponse> {
+): Promise<{ user: { id: string; email?: string }; accessToken: string; cooperativeId: string } | NextResponse> {
   const authHeader = req.headers.get('authorization') ?? ''
   const accessToken = authHeader.startsWith('Bearer ') ? authHeader.slice(7) : null
 
@@ -92,7 +92,16 @@ export async function requireAuth(
     return NextResponse.json({ error: 'Invalid or expired token' }, { status: 401 })
   }
 
-  return { user: { id: data.user.id, email: data.user.email }, accessToken }
+  const cooperativeId = data.user.app_metadata.cooperative_id
+  if (!cooperativeId) {
+    return NextResponse.json({ error: 'User has no associated cooperative' }, { status: 403 })
+  }
+
+  return {
+    user: { id: data.user.id, email: data.user.email },
+    accessToken,
+    cooperativeId,
+  }
 }
 
 /**
diff --git a/apps/web/src/lib/database.types.ts b/apps/web/src/lib/database.types.ts
index 7451364..3ed9b69 100644
--- a/apps/web/src/lib/database.types.ts
+++ b/apps/web/src/lib/database.types.ts
@@ -4,9 +4,29 @@ export interface Database {
   public: {
     Tables: {
       cooperatives: {
-        Row: { id: string; name: string; admin_address: string; created_at: string; suspended: boolean }
-        Insert: { name: string; admin_address: string; suspended?: boolean }
-        Update: Partial<{ name: string; admin_address: string; suspended: boolean }>
+        Row: { id: string; name: string; admin_address: string; created_at: string; suspended: boolean; account_type: 'individual' | 'cooperative' }
+        Insert: { name: string; admin_address: string; suspended?: boolean; account_type?: 'individual' | 'cooperative' }
+        Update: Partial<{ name: string; admin_address: string; suspended: boolean; account_type: 'individual' | 'cooperative' }>
+        Relationships: []
+      }
+      proposals: {
+        Row: {
+          id: string; cooperative_id: string; title: string; description: string
+          status: 'active' | 'passed' | 'rejected'; action: string | null; ends_at: string; created_at: string
+        }
+        Insert: {
+          cooperative_id: string; title: string; description: string
+          status?: 'active' | 'passed' | 'rejected'; action?: string | null; ends_at: string
+        }
+        Update: Partial<{
+          title: string; description: string; status: 'active' | 'passed' | 'rejected'; action: string | null; ends_at: string
+        }>
+        Relationships: []
+      }
+      votes: {
+        Row: { proposal_id: string; voter_id: string; choice: 'for' | 'against' | 'abstain'; created_at: string }
+        Insert: { proposal_id: string; voter_id: string; choice: 'for' | 'against' | 'abstain' }
+        Update: Partial<{ choice: 'for' | 'against' | 'abstain' }>
         Relationships: []
       }
       meters: {
diff --git a/supabase/migrations/20260603000000_cooperative_accounts.sql b/supabase/migrations/20260603000000_cooperative_accounts.sql
new file mode 100644
index 0000000..0dcae36
--- /dev/null
+++ b/supabase/migrations/20260603000000_cooperative_accounts.sql
@@ -0,0 +1,83 @@
+-- Migration: Cooperative accounts and governance tables
+-- Closes #351
+
+-- 1. Add account_type to cooperatives
+alter table cooperatives
+  add column if not exists account_type text not null default 'individual'
+  check (account_type in ('individual', 'cooperative'));
+
+-- 2. Create proposals table
+create table if not exists proposals (
+  id uuid primary key default gen_random_uuid(),
+  cooperative_id uuid not null references cooperatives(id) on delete cascade,
+  title text not null,
+  description text not null,
+  status text not null default 'active' check (status in ('active', 'passed', 'rejected')),
+  action text,
+  ends_at timestamptz not null,
+  created_at timestamptz not null default now()
+);
+
+-- 3. Create votes table
+create table if not exists votes (
+  proposal_id uuid not null references proposals(id) on delete cascade,
+  voter_id uuid not null,
+  choice text not null check (choice in ('for', 'against', 'abstain')),
+  created_at timestamptz not null default now(),
+  primary key (proposal_id, voter_id)
+);
+
+-- 4. Enable RLS
+alter table proposals enable row level security;
+alter table votes enable row level security;
+
+-- 5. RLS Policies for proposals
+create policy "members_select_own_proposals" on proposals
+  for select using (cooperative_id = auth.cooperative_id());
+
+create policy "members_insert_own_proposals" on proposals
+  for insert with check (cooperative_id = auth.cooperative_id());
+
+create policy "admin_all_proposals" on proposals
+  for all using (auth.jwt() -> 'app_metadata' ->> 'role' = 'admin');
+
+-- 6. RLS Policies for votes
+create policy "members_select_own_votes" on votes
+  for select using (
+    exists (
+      select 1 from proposals p
+      where p.id = votes.proposal_id
+        and p.cooperative_id = auth.cooperative_id()
+    )
+  );
+
+create policy "members_insert_own_votes" on votes
+  for insert with check (
+    voter_id = (auth.jwt() ->> 'sub')::uuid and
+    exists (
+      select 1 from proposals p
+      where p.id = votes.proposal_id
+        and p.cooperative_id = auth.cooperative_id()
+    )
+  );
+
+create policy "admin_all_votes" on votes
+  for all using (auth.jwt() -> 'app_metadata' ->> 'role' = 'admin');
+
+-- 7. Indexes for performance
+create index if not exists idx_proposals_cooperative_id on proposals(cooperative_id);
+create index if not exists idx_votes_proposal_id on votes(proposal_id);
+
+-- 8. Helper function for cooperative stats
+create or replace function sum_cooperative_kwh(target_cooperative_id uuid)
+returns numeric
+language sql
+security definer
+set search_path = public
+as $$
+  select coalesce(sum(r.kwh), 0)
+  from readings r
+  join meters m on m.id = r.meter_id
+  where m.cooperative_id = target_cooperative_id
+    and r.anchored = true;
+$$;