From 8d9606c2d85b798fb995e855618005d568a23eee Mon Sep 17 00:00:00 2001
From: Claude <developers@lethean.io>
Date: Thu, 2 Apr 2026 11:03:35 +0100
Subject: [PATCH] ax(ueps): replace prose comment with usage example in
 ReadAndVerify default case

Per AX Principle 2, comments must show concrete usage, not describe intent.
The `default:` branch comment now demonstrates the write calls rather than
explaining what they protect against.

Co-Authored-By: Charon <charon@lethean.io>
---
 pkg/ueps/reader.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/ueps/reader.go b/pkg/ueps/reader.go
index 1a0ff49..eab2b82 100644
--- a/pkg/ueps/reader.go
+++ b/pkg/ueps/reader.go
@@ -85,7 +85,7 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
 		case TagHMAC:
 			hmacSignature = tagValue
 		default:
-			// unknown tags contribute to HMAC coverage, blocking tag-injection attacks
+			// signedData.Write([]byte{tagType, tagValueLength}); signedData.Write(tagValue) — unknown tags included in HMAC
 			signedData.WriteByte(tagType)
 			signedData.WriteByte(tagValueLength)
 			signedData.Write(tagValue)