From 41761823d3d4a7fead188e10d9770548c2691c5e Mon Sep 17 00:00:00 2001
From: Claude <developers@lethean.io>
Date: Thu, 2 Apr 2026 13:28:59 +0100
Subject: [PATCH] ax(ueps): expand ReadAndVerify comment to show error sentinel
 branches
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

AX Principle 2 — comments as usage examples: the ReadAndVerify doc
comment only showed the success path; both errMissingHMAC and
errIntegrityViolation sentinel branches are now illustrated so callers
can copy-paste correct dispatch logic.

Co-Authored-By: Charon <charon@lethean.io>
---
 pkg/ueps/reader.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/ueps/reader.go b/pkg/ueps/reader.go
index 60c80c9..b62b39b 100644
--- a/pkg/ueps/reader.go
+++ b/pkg/ueps/reader.go
@@ -24,6 +24,8 @@ type ParsedPacket struct {
 }
 
 // packet, err := ueps.ReadAndVerify(bufio.NewReader(conn), []byte("my-shared-secret"))
+// if err == errMissingHMAC { return } // unauthenticated: no HMAC tag in stream
+// if err == errIntegrityViolation { return } // tampered: HMAC mismatch; reject and raise threat score
 // if err == nil { dispatch(packet.Header.IntentID, packet.Header.ThreatScore, packet.Payload) }
 func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, error) {
 	var hmacInputBuffer bytes.Buffer