diff --git a/pkg/ueps/reader.go b/pkg/ueps/reader.go
index dfdf3cd..7227ce7 100644
--- a/pkg/ueps/reader.go
+++ b/pkg/ueps/reader.go
@@ -32,18 +32,13 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
 	var signature []byte
 	var payload []byte
 
-	// Loop through TLVs until we hit Payload (0xFF) or EOF
 	for {
-		// 1. Read Tag
 		tagByte, err := reader.ReadByte()
 		if err != nil {
 			return nil, err
 		}
 
-		// 2. Handle Payload Tag (0xFF) - The Exit Condition
 		if tagByte == TagPayload {
-			// Payload is length-prefixless; caller frames the stream.
-			// HMAC covers signedData (header TLVs) + raw payload bytes, not the 0xFF tag.
 			var err error
 			payload, err = io.ReadAll(reader)
 			if err != nil {
@@ -52,14 +47,12 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
 			break
 		}
 
-		// 3. Read Length (Standard TLV)
 		tagLengthByte, err := reader.ReadByte()
 		if err != nil {
 			return nil, err
 		}
 		tagLength := int(tagLengthByte)
 
-		// 4. Read Value
 		tagValue := make([]byte, tagLength)
 		if _, err := io.ReadFull(reader, tagValue); err != nil {
 			return nil, err
@@ -68,7 +61,6 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
 		switch tagByte {
 		case TagVersion:
 			header.Version = tagValue[0]
-			// Reconstruct signed data: Tag + Len + Val
 			signedData.WriteByte(tagByte)
 			signedData.WriteByte(byte(tagLength))
 			signedData.Write(tagValue)
@@ -94,9 +86,7 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
 			signedData.Write(tagValue)
 		case TagHMAC:
 			signature = tagValue
-			// We do NOT add the HMAC itself to signedData
 		default:
-			// Unknown tag (future proofing), verify it but ignore semantics
 			signedData.WriteByte(tagByte)
 			signedData.WriteByte(byte(tagLength))
 			signedData.Write(tagValue)
@@ -107,8 +97,6 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
 		return nil, errMissingHMAC
 	}
 
-	// 5. Verify HMAC
-	// Reconstruct: Headers (signedData) + Payload
 	messageAuthCode := hmac.New(sha256.New, sharedSecret)
 	messageAuthCode.Write(signedData.Bytes())
 	messageAuthCode.Write(payload)