Initial commit: Nerd Monitor - Cross-platform system monitoring application

Features:
- Multi-platform agents (Linux, macOS, Windows - AMD64 & ARM64)
- Real-time CPU, RAM, and disk usage monitoring
- Responsive web dashboard with live status indicators
- Session-based authentication with secure credentials
- Stale agent detection and removal (6+ months inactive)
- Auto-refresh dashboard (5 second intervals)
- 15-second agent reporting intervals
- Auto-generated agent IDs from hostnames
- In-memory storage (zero database setup)
- Minimal dependencies (Chi router + Templ templating)

Project Structure:
- cmd/: Agent and Server executables
- internal/: API, Auth, Stats, Storage, and UI packages
- views/: Templ templates for dashboard UI
- Makefile: Build automation for all platforms

Ready for deployment with comprehensive documentation:
- README.md: Full project documentation
- QUICKSTART.md: Getting started guide
- AGENTS.md: Development guidelines

internal/auth/errors.go

@@ -0,0 +1,6 @@
+package auth
+
+import "errors"
+
+// ErrInvalidCredentials is returned when login credentials are invalid.
+var ErrInvalidCredentials = errors.New("invalid credentials")

internal/auth/middleware.go

@@ -0,0 +1,98 @@
+package auth
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"net/http"
+	"sync"
+	"time"
+)
+
+// Session represents an authenticated user session.
+type Session struct {
+	Token     string
+	ExpiresAt time.Time
+}
+
+// Manager handles authentication and session management.
+type Manager struct {
+	mu        sync.RWMutex
+	sessions  map[string]*Session
+	username  string
+	password  string
+	expiryDur time.Duration
+}
+
+// New creates a new authentication manager with default credentials.
+func New(username, password string) *Manager {
+	return &Manager{
+		sessions:  make(map[string]*Session),
+		username:  username,
+		password:  password,
+		expiryDur: 24 * time.Hour,
+	}
+}
+
+// Login validates credentials and creates a session.
+func (m *Manager) Login(username, password string) (string, error) {
+	if username != m.username || password != m.password {
+		return "", ErrInvalidCredentials
+	}
+
+	token, err := generateToken()
+	if err != nil {
+		return "", err
+	}
+
+	m.mu.Lock()
+	defer m.mu.Unlock()
+
+	m.sessions[token] = &Session{
+		Token:     token,
+		ExpiresAt: time.Now().Add(m.expiryDur),
+	}
+
+	return token, nil
+}
+
+// Validate checks if a session token is valid.
+func (m *Manager) Validate(token string) bool {
+	m.mu.RLock()
+	defer m.mu.RUnlock()
+
+	session, ok := m.sessions[token]
+	if !ok {
+		return false
+	}
+
+	return session.ExpiresAt.After(time.Now())
+}
+
+// Logout invalidates a session.
+func (m *Manager) Logout(token string) {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+
+	delete(m.sessions, token)
+}
+
+// Middleware returns a Chi middleware for authentication.
+func (m *Manager) Middleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		cookie, err := r.Cookie("session_token")
+		if err != nil || !m.Validate(cookie.Value) {
+			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			return
+		}
+		next.ServeHTTP(w, r)
+	})
+}
+
+// generateToken creates a random hex token.
+func generateToken() (string, error) {
+	b := make([]byte, 16)
+	if _, err := rand.Read(b); err != nil {
+		return "", err
+	}
+	return hex.EncodeToString(b), nil
+}