feat: AI features, agent improvements, and host monitoring enhancements

AI Chat Integration:
- Multi-provider support (Anthropic, OpenAI, Ollama)
- Streaming responses with markdown rendering
- Agent command execution for remote troubleshooting
- Context-aware conversations with host/container metadata

Agent Updates:
- Add --enable-proxmox flag for automatic PVE/PBS token setup
- Improve auto-update with semver comparison (prevents downgrades)
- Add updatedFrom tracking to report previous version after update
- Reduce initial update check delay from 30s to 5s
- Add agent version column to Hosts page table

Host Metrics:
- Add DiskIO stats collection (read/write bytes, ops, time)
- Improve disk filtering to exclude Docker overlay mounts
- Add RAID array monitoring via mdadm
- Enhanced temperature sensor parsing

Frontend:
- New Agent Version column on Hosts overview table
- Improved node modal with agent-first installation flow
- Add DiskIO display in host drawer
- Better responsive handling for metric bars

docs/security/TEMPERATURE_MONITORING.md

@@ -1,29 +1,57 @@
-# 🌡️ Temperature Monitoring Security
+# 🌡️ Temperature Monitoring
 
-Secure architecture for collecting hardware temperatures.
+Pulse supports two methods for collecting hardware temperatures from Proxmox nodes.
 
-## 🛡️ Security Model
+## Recommended: Pulse Agent
+
+The simplest and most feature-rich method is installing the Pulse agent on your Proxmox nodes:
+
+```bash
+curl -fsSL http://your-pulse-server:7655/api/download/install.sh | bash -s -- \
+  --url http://your-pulse-server:7655 \
+  --token YOUR_TOKEN \
+  --enable-proxmox
+```
+
+**Benefits:**
+- ✅ One-command setup
+- ✅ Automatic API token creation
+- ✅ Temperature monitoring built-in
+- ✅ Enables AI features for VM/container management
+- ✅ No SSH keys or proxy configuration required
+
+The agent runs `sensors -j` locally and reports temperatures directly to Pulse.
+
+---
+
+## Legacy: Sensor Proxy (SSH-based)
+
+For users who prefer not to install an agent on their hypervisor, the sensor-proxy method is still available.
+
+> **Note:** This method is deprecated and will be removed in a future release. Consider migrating to the agent-based approach.
+
+### 🛡️ Security Model
 *   **Isolation**: SSH keys live on the host, not in the container.
 *   **Least Privilege**: Proxy runs as `pulse-sensor-proxy` (no shell).
 *   **Verification**: Container identity verified via `SO_PEERCRED`.
 
-## 🏗️ Components
+### 🏗️ Components
 1.  **Pulse Backend**: Connects to Unix socket `/mnt/pulse-proxy/pulse-sensor-proxy.sock`.
 2.  **Sensor Proxy**: Validates request, executes SSH to node.
 3.  **Target Node**: Accepts SSH key restricted to `sensors -j`.
 
-## 🔒 Key Restrictions
+### 🔒 Key Restrictions
 SSH keys deployed to nodes are locked down:
 ```
 command="sensors -j",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
 ```
 
-## 🚦 Rate Limiting
+### 🚦 Rate Limiting
 *   **Per Peer**: ~12 req/min.
 *   **Concurrency**: Max 2 parallel requests per peer.
 *   **Global**: Max 8 concurrent requests.
 
-## 📝 Auditing
+### 📝 Auditing
 All requests logged to system journal:
 ```bash
 journalctl -u pulse-sensor-proxy