> ## Documentation Index
> Fetch the complete documentation index at: https://docs.signalite.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit Package

> What external reviewers need before Signalite is presented as audit-ready.

Signalite's partner sandbox docs are not an external audit. This page defines the evidence package that should be prepared before broader partner distribution or a public TVL raise.

## Scope

The audit package should include:

| Area       | Included artifacts                                                                |
| ---------- | --------------------------------------------------------------------------------- |
| Contracts  | Vault, strategy, NAV source, deployment scripts, role configuration, tests        |
| Keeper     | State machine, dry-run/live guards, heartbeat, action selection, failure handling |
| API        | Readiness gates, quote builders, OpenAPI schema, activity/indexer correctness     |
| SDK        | Transaction builders, typed clients, React Native compatibility, error handling   |
| Operations | Railway services, cron jobs, env-var matrix, monitoring, runbooks                 |
| Docs       | Flow of funds, accounting/proof, user lifecycle, partner integration examples     |

## Reviewer questions

External reviewers should be able to answer these without asking for private operational context:

* Can strategy-controlled funds move only through intended paths?
* Are vault share-price calculations complete across buffer, strategy, Core, HLP, and in-flight states?
* Can queued redeem accounting be double-counted, skipped, or claimed by the wrong receiver?
* Can stale API/indexer state cause partners to show unsafe write actions?
* Can a keeper crash, stale state file, or duplicate keeper create inconsistent routing?
* Do access-gated docs and product UI avoid claiming unsupported revenue or audit status?

## Required evidence

Run and attach results from:

```bash theme={null}
npm run lint
npm run build
API_BASE=https://shlp-web-production.up.railway.app npm run smoke:api
PARTNER_READY_REQUIRED=1 API_BASE=https://shlp-web-production.up.railway.app npm run readiness:partner
pnpm --filter @arc/shlp-sdk test
pnpm --filter @arc/shlp-sdk build
pnpm --filter @arc/shlp-sdk typecheck:react-native
cd packages/contracts && forge test
pnpm --filter @arc/keeper typecheck && pnpm --filter @arc/keeper test
```

Also attach:

* Current deployed contract addresses
* Role table
* Keeper environment matrix with secrets redacted
* Live `/api/v1/health` response
* Live `/api/v1/vault` proof response
* A queued redeem lifecycle trace from requested to claimed
* Known limitations and unresolved issues

## Non-goals

Do not present these as complete before they exist:

* Formal audit report
* Public bug bounty
* SLA-backed API uptime
* Live partner revenue sharing
* Permissionless public launch

## Output

The final audit handoff should be a versioned folder containing:

```text theme={null}
audit-package/
  README.md
  addresses.md
  roles.md
  architecture.md
  flow-of-funds.md
  accounting-proof.md
  keeper-runbook.md
  api-openapi.json
  sdk-version.md
  test-results.md
  known-issues.md
```
