docs: D-2 ETHOS compliance audit — pre-existing violations

Full scan of emoji, fmt.Printf, log format, and banned word
violations that predate the A/B/C/D-1 fix series.

Findings:
- ~61 emoji violations in log statements (server+agent)
- ~23 emoji instances in UI/CLI (intentional, lower priority)
- ~12 fmt.Printf used as logging (should be log.Printf)
- 0 banned words (all cleaned in prior series)
- 0 silenced errors

Estimated effort: MEDIUM. Priority: fmt.Printf fixes first,
then emoji in log statements, CLI emojis last.

See docs/D2_ETHOS_Compliance_Audit.md for complete listing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docs/D2_ETHOS_Compliance_Audit.md

@@ -0,0 +1,113 @@
+# D-2 ETHOS Compliance Audit — Pre-Existing Violations
+
+**Date:** 2026-03-29
+**Branch:** culurien
+**Scope:** All emoji, fmt.Printf, log format, banned word, and silenced error violations that predate the A/B/C/D-1 fix series.
+
+---
+
+## 1. EMOJI VIOLATIONS — SERVER (excluding test files)
+
+| File | Line | Emoji | Context |
+|------|------|-------|---------|
+| `middleware/machine_binding.go` | 150 | ⚠️ | SECURITY ALERT log |
+| `middleware/machine_binding.go` | 162 | ✓ | Machine ID validated log |
+| `handlers/agents.go` | 317 | 🔄 | Version update available |
+| `handlers/agents.go` | 320 | ✅ | Agent up to date |
+| `handlers/agents.go` | 442 | 🔄 | Stored version update |
+| `handlers/agents.go` | 445 | ✅ | Agent up to date |
+| `handlers/agents.go` | 1121 | ✅ | Token renewed |
+| `handlers/agents.go` | 1303 | ✅ | System info updated |
+| `handlers/agents.go` | 1331 | 💓 | Heartbeat active |
+| `handlers/agents.go` | 1336 | 💓 | Heartbeat extending |
+| `handlers/agents.go` | 1343 | 💓 | Heartbeat enabling |
+| `handlers/agents.go` | 1409 | 🚀 | Rapid polling mode |
+| `handlers/agent_updates.go` | 404 | ✅ | Bulk update |
+| `handlers/agent_updates.go` | 495 | ✅ | Package signed |
+| `handlers/update_handler.go` | 306 | ✅ | Package updated |
+| `handlers/updates.go` | 299 | ✅ | Package updated |
+| `handlers/setup.go` | 160+ | 📊🗄️👤🔧📋📄 | HTML template (UI, not log) |
+
+**Server emoji total: 16 in log statements + ~8 in HTML template**
+
+## 2. EMOJI VIOLATIONS — AGENT (excluding test files)
+
+| File | Line | Emoji | Context |
+|------|------|-------|---------|
+| `display/terminal.go` | 60-319 | 🚩✅📊💡📦🐳📋🔍🔴🟡🟢🔵 | Terminal display (intentional UI) |
+| `migration/executor.go` | 343,504,506,514 | ✅📦❌ | Migration progress |
+| `cmd/agent/main.go` | 294-322 | ❌🎉📋🌐💡🚀 | Registration CLI output |
+| `cmd/agent/main.go` | 479,494-520 | ✓🔄❌💡⚠️✅ | Token renewal log |
+| `cmd/agent/main.go` | 691-697 | 🚩📋🌐💡 | Startup banner |
+| `cmd/agent/main.go` | 844,1140-1285 | ✓⚠️📋💡 | Scan CLI output |
+| `cmd/agent/main.go` | 1399-1631 | ✓✗ | Install result logs |
+| `client/client.go` | 94 | (fmt.Printf) | Event buffer warning |
+
+**Agent emoji total: ~45 in log/CLI output + ~15 in terminal display (intentional UI)**
+
+## 3. fmt.Printf LOG VIOLATIONS — SERVER
+
+| File | Line | Context | Legitimate? |
+|------|------|---------|-------------|
+| `config/config.go` | 85-187 | `[CONFIG]` prefixed startup output | BORDERLINE — startup config, not structured log |
+| `services/security_settings_service.go` | 137 | Warning about audit log | NO — should be log.Printf |
+| `queries/docker.go` | 62,315 | Warning and cleanup count | NO — should be log.Printf |
+| `queries/metrics.go` | 62,281 | Warning and cleanup count | NO — should be log.Printf |
+| `queries/updates.go` | 374,592 | Warning and cleanup | NO — should be log.Printf |
+| `handlers/docker_reports.go` | 97 | Command completion warning | NO — should be log.Printf |
+| `handlers/metrics.go` | 96 | Command completion warning | NO — should be log.Printf |
+| `handlers/setup.go` | 52-432 | Setup wizard output | YES — CLI wizard, not log |
+
+**Server fmt.Printf violations: ~10 (excluding legitimate CLI output)**
+
+## 4. fmt.Printf LOG VIOLATIONS — AGENT
+
+| File | Line | Context | Legitimate? |
+|------|------|---------|-------------|
+| `cmd/agent/main.go` | 294-322 | Registration CLI output | YES — user-facing |
+| `cmd/agent/main.go` | 1140-1285 | Scan CLI output | YES — user-facing |
+| `display/terminal.go` | all | Terminal display | YES — user-facing |
+| `migration/executor.go` | 343-514 | Migration progress | BORDERLINE |
+| `client/client.go` | 94 | Event buffer warning | NO — should be log.Printf |
+
+**Agent fmt.Printf violations: ~2 (excluding legitimate CLI output)**
+
+## 5. BANNED WORDS
+
+**Total: 0** — all cleaned in prior fix series.
+
+## 6. SILENCED ERRORS
+
+No patterns of `_ = err`, empty error handlers, or `/dev/null` redirects found in production code.
+
+---
+
+## SUMMARY
+
+| Category | Server | Agent | Total |
+|----------|--------|-------|-------|
+| Emoji in log statements | 16 | ~45 | ~61 |
+| Emoji in HTML/CLI (intentional UI) | ~8 | ~15 | ~23 |
+| fmt.Printf as log (should be log.Printf) | ~10 | ~2 | ~12 |
+| Log format violations (missing [TAG]) | included above | included above | — |
+| Banned words | 0 | 0 | 0 |
+| Silenced errors | 0 | 0 | 0 |
+
+**Estimated effort: MEDIUM (~73 total violations, mostly mechanical emoji→text replacements)**
+
+### Priority
+
+1. **HIGH**: fmt.Printf used for logging in queries/ and handlers/ (12 violations) — bypasses structured log system
+2. **MEDIUM**: Emoji in log.Printf statements (~61 violations) — pollutes log output, breaks grep-based monitoring
+3. **LOW**: Emoji in CLI output / HTML templates (~23 instances) — intentional UI, lower priority
+4. **NOT APPLICABLE**: `display/terminal.go` emojis are part of the terminal UI design and should be exempted from ETHOS #1 (they are user-facing display, not log statements)
+
+### Files Excluded (already fixed in A/B/C/D series)
+
+- `middleware/auth.go` — A-3
+- `handlers/auth.go` — A-3
+- `scanner/winget.go` — C-1
+- `service/windows.go` — C-1
+- `client/client.go` (machine ID line only) — D-1
+- `database/db.go` — B-1
+- `cmd/server/main.go` (migration block) — B-1