diff --git a/pkg/ueps/reader.go b/pkg/ueps/reader.go
index 60c80c9..b62b39b 100644
--- a/pkg/ueps/reader.go
+++ b/pkg/ueps/reader.go
@@ -24,6 +24,8 @@ type ParsedPacket struct {
 }
 
 // packet, err := ueps.ReadAndVerify(bufio.NewReader(conn), []byte("my-shared-secret"))
+// if err == errMissingHMAC { return } // unauthenticated: no HMAC tag in stream
+// if err == errIntegrityViolation { return } // tampered: HMAC mismatch; reject and raise threat score
 // if err == nil { dispatch(packet.Header.IntentID, packet.Header.ThreatScore, packet.Payload) }
 func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, error) {
 	var hmacInputBuffer bytes.Buffer