Start the work of clearly distingushing client side types, server side types and types shared over the API by renaming "AccountSession" and "Session" names used on the server to "ServerSession".
Add PATCH /api/schedule endpoint for editing the schedule in a manner that's access controlled.
