# Code Audit Preparation Plan

The goal is to methodically review each package and replace any stubbed, simulated, or placeholder implementations with production-ready logic. Use this tracker to record progress.

## Review Cadence
1. Select a package or subsystem.
2. Catalogue all functions/structs that appear mocked, simulated, or simplified.
3. Link to the source and note what the true production behaviour should be.
4. Outline remediation steps (implementation, tests, docs, runbooks).
5. Mark the item complete once merged and verified.

## Initial Focus Areas
- **Arbitrage Execution** (`pkg/arbitrage/executor.go`, `pkg/arbitrage/flash_executor.go`)
  - Simulation-only sections (mock transactions, gas estimation defaults).
  - TODO: Replace with real contract calls, gas oracle integration, and error handling covering on-chain responses.
- **Detection Engine** (`pkg/arbitrage/detection_engine.go`)
  - Placeholder logging and simplified opportunity scoring.
  - TODO: Reconcile with production heuristics and ensure confidence calculations align with live data.
- **Metrics Server** (`pkg/metrics/metrics.go`)
  - Confirm metrics cover end-to-end profitability, latency and error scenarios.
  - TODO: Validate against Prometheus/Grafana expectations and add missing labels if required.
- **Simulation Paths** (`pkg/arbitrage/executor.go` simulation routines, `tools/simulation` vectors)
  - Ensure replay harness mirrors live execution paths and uses realistic inputs.
  - TODO: Gather historical vector captures and remove hard-coded assumptions.
- **Security/Staging Scripts** (`scripts/run.sh`, deployment scripts)
  - Identify mocked secrets, rate limits, and incomplete hardening steps.
  - TODO: Replace with secure secret management integrations and production checks.

## Tracking Table
| Package / Module | Status | Notes |
| ---------------- | ------ | ----- |
| Arbitrage Executor | [ ] | Simulation paths rely on mocked gas estimation, fake receipts, and do not call real flash swap contracts (`simulateFlashSwapArbitrage`, `executeFlashSwapArbitrage`). Replace with production integrations, add on-chain error handling, and move simulation-only helpers under tests/examples. |
| FlashSwap Executor | [ ] | `submitTransaction`, `waitForConfirmation`, and `createSuccessfulResult` operate entirely on mock transactions/receipts; replace with actual contract bindings, receipt polling, and error handling. |
| Detection Engine | ☐ | Audit scoring heuristics vs. spec, implement production priorities. |
| Metrics | ☐ | Validate Prometheus labels and dashboards with SRE team. |
| Tooling: Simulation | ☐ | Gather live vectors, validate profit calculations, hook into CI. |
| Scripts: Deployment | ☐ | Harden secrets handling, document rollback plans. |

Update this plan after each review session and cross link to PRs or issues that close the gaps.