voice: strip em dashes repo-wide per rule 9

423 em dashes across 38 files: 4 CHANGELOGs, 4 READMEs, source
files, banners, aesthetic palette comments, test docstrings.
Context-aware replacement:

"—" placeholders -> "-"
] — YYYY-MM-DD -> ] - YYYY-MM-DD (Keep-A-Changelog convention)
— Foo (next caps) -> . Foo (sentence break)
— foo (next lc) -> : foo (introduces detail)

LLM-tells scan clean (zero hits across all prose surfaces).
Client suite 75/75 + hermes suite 40/40 green post-scrub.
All Python files compile.

README.md

@@ -35,7 +35,7 @@ Five PyPI packages, one schema family, one architecture.
 
 The other four packages ride on top: `sibyl-memory-cli` for activation and tier management, `sibyl-memory-hermes` for Hermes Agent integration, `sibyl-memory-mcp` for any MCP-compatible client (Claude Code, Codex, Cursor, Continue), and `sibyl-plugin-schema` for the activation database that backs account, subscription, and staker-tier state on the server side.
 
-The architecture was benchmarked publicly on [LongMemEval Oracle](https://blog.sibylcap.com/longmemeval-v2) (ICLR 2025, University of Michigan, 500 questions) and placed **#2 overall at 95.6%**, tied with Chronos (PwC), beating Mastra, MemMachine, Hindsight, Mem0, Supermemory, Zep, and the Oracle baseline. It is the only file-based system in the top tier — running on a single 4 vCPU / 16 GB box, no vector infrastructure, no embedding fees.
+The architecture was benchmarked publicly on [LongMemEval Oracle](https://blog.sibylcap.com/longmemeval-v2) (ICLR 2025, University of Michigan, 500 questions) and placed **#2 overall at 95.6%**, tied with Chronos (PwC), beating Mastra, MemMachine, Hindsight, Mem0, Supermemory, Zep, and the Oracle baseline. It is the only file-based system in the top tier: running on a single 4 vCPU / 16 GB box, no vector infrastructure, no embedding fees.
 
 This is the entire stack as it ships to production agents today.
 
@@ -49,7 +49,7 @@ This is the entire stack as it ships to production agents today.
 | [`sibyl-memory-cli`](./sibyl-memory-cli) | [![PyPI](https://img.shields.io/pypi/v/sibyl-memory-cli)](https://pypi.org/project/sibyl-memory-cli/) | Command-line interface. `sibyl init` activates, `sibyl upgrade` runs the staker / subscription flow, `sibyl status` shows current tier and DB stats, `sibyl whoami`, `sibyl devices`. |
 | [`sibyl-memory-hermes`](./sibyl-memory-hermes) | [![PyPI](https://img.shields.io/pypi/v/sibyl-memory-hermes)](https://pypi.org/project/sibyl-memory-hermes/) | Bundled memory payload for Hermes Agent v0.13+ (and any other Python orchestration that wants direct SDK access). |
 | [`sibyl-memory-mcp`](./sibyl-memory-mcp) | [![PyPI](https://img.shields.io/pypi/v/sibyl-memory-mcp)](https://pypi.org/project/sibyl-memory-mcp/) | MCP server. Wraps the local SQLite + FTS5 memory engine and exposes it to MCP-compatible agents (Claude Code, Codex, Cursor, Continue, anything that speaks MCP). |
-| [`sibyl-plugin-schema`](./sibyl-plugin-schema) | (internal) | SQL migrations for the activation / account / subscription database. Not on PyPI — kept here as immutable record. |
+| [`sibyl-plugin-schema`](./sibyl-plugin-schema) | (internal) | SQL migrations for the activation / account / subscription database. Not on PyPI: kept here as immutable record. |
 
 ---
 
@@ -138,7 +138,7 @@ Built by [SIBYL](https://x.com/sibylcap), the autonomous agent operating at [Sib
 
 The agent has been operating in production since February 2026, ships code daily, holds an on-chain identity on Base (ERC-8004 agent ID 20880), runs an autonomous trading engine, an on-chain messaging protocol, an x402 payment rail, a token-gated chat demo, an advisory dashboard, and this memory product family. Everything verifiable on-chain.
 
-Memory architecture is the proven core. Sibyl Labs LLC owns the IP, signs contracts, and holds the legal wrapper around the agent's work. The work itself is shipped by the agent, in sessions, through the operator (`@tradingtulips`). The PyPI releases, the schema migrations, the CLI banner above — all of it is autonomous agent output.
+Memory architecture is the proven core. Sibyl Labs LLC owns the IP, signs contracts, and holds the legal wrapper around the agent's work. The work itself is shipped by the agent, in sessions, through the operator (`@tradingtulips`). The PyPI releases, the schema migrations, the CLI banner above: all of it is autonomous agent output.
 
 The on-chain record is the resume. This repository is one chapter of it.
 

sibyl-memory-cli/CHANGELOG.md

@@ -4,7 +4,7 @@ All notable changes to `sibyl-memory-cli` are recorded here. Format follows
 [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). Versioning follows
 [SemVer](https://semver.org/).
 
-## [0.3.2] — 2026-05-20
+## [0.3.2] - 2026-05-20
 
 Branding pass on the banner. Operator directive: "beneath the large
 SIBYL title it needs to say underneath the memory you can hold in
@@ -24,9 +24,9 @@ Preview captures at https://sibylcap.com/hud-2026-05-20 (scene 09
 isolates the banner; scenes 01 + 05 show it inline with the rest of
 the activation and install ceremonies).
 
-## [0.3.1] — 2026-05-20
+## [0.3.1] - 2026-05-20
 
-Operator-directed tuning: "typical app patterns — heavy menus on
+Operator-directed tuning: "typical app patterns: heavy menus on
 install window and initial setup, light on dashboards etc." v0.3.0
 applied the full section_header treatment uniformly across every
 subcommand. v0.3.1 lightens the daily-use dashboards and keeps the
@@ -35,22 +35,22 @@ ceremony reserved for activation moments.
 ### Changed
 
 - `sibyl status`, `sibyl whoami`, `sibyl devices`, `sibyl logout`,
-  `sibyl health` — dropped the section_header opener. Same convention
+  `sibyl health`: dropped the section_header opener. Same convention
   as `git status`, `ls -la`, `gh auth status`, `pg_isready`,
   `redis-cli ping`: utilitarian dashboards present data, not chrome.
   Eyebrow labels + kv rows + status lines remain.
 
 ### Unchanged
 
-- `sibyl init` — keeps the full SIBYL gradient banner + section
+- `sibyl init`: keeps the full SIBYL gradient banner + section
   headers + numbered next-steps. This IS the install moment; it earns
   the ceremony.
-- `sibyl upgrade` — keeps section header + KV. Mid-weight: tier-flip
+- `sibyl upgrade`: keeps section header + KV. Mid-weight: tier-flip
   moment is install-ish but not first-run.
-- `_aesthetic.py` library — unchanged. Applied differently across
+- `_aesthetic.py` library: unchanged. Applied differently across
   commands per the heavy/light convention.
 
-## [0.3.0] — 2026-05-20
+## [0.3.0] - 2026-05-20
 
 Visual identity pass across every subcommand. The `sibyl init` brand
 moment (the SIBYL ASCII wordmark with pale-gold → deep-ochre vertical
@@ -60,7 +60,7 @@ to the whole surface.
 
 ### Added
 
-- New `_aesthetic.py` module — shared visual library for the entire CLI.
+- New `_aesthetic.py` module: shared visual library for the entire CLI.
   Brand palette derived from the rule 46 creme paper face (PAPER, INK,
   ACCENT, JADE, PULSE, RULE, etc.). 24-bit truecolor → 256-color → plain
   text degradation cascade. Letter-spaced eyebrows, gradient titles,
@@ -100,31 +100,31 @@ to the whole surface.
   consistency (COLORTERM=truecolor, TERM_PROGRAM whitelist, TERM
   pattern match for kitty/alacritty/256color).
 
-## [0.2.0] — 2026-05-19
+## [0.2.0] - 2026-05-19
 
-Auth-redesign wave 2 — account-surface CLI commands. Adds `sibyl whoami`
+Auth-redesign wave 2: account-surface CLI commands. Adds `sibyl whoami`
 for a one-line account summary (masked by default, `--full` opt-in) and
 `sibyl devices` for listing active bearer tokens with per-device revoke.
 
 ### Added
 
-- `sibyl whoami` — one-line summary: short account_id, tier, masked email
+- `sibyl whoami`: one-line summary: short account_id, tier, masked email
   (`a***@e***.tld`), masked wallet (`0xabcd…1234`), this device label.
   `--full` flag shows unmasked email + wallet for ops scenarios.
-- `sibyl devices` — list active (non-revoked) bearer tokens for the
+- `sibyl devices`: list active (non-revoked) bearer tokens for the
   account in issued_at DESC order. Marks current device with `▶` and
   shows revoke command for each other device.
-- `sibyl devices revoke <index>` — POST `/api/plugin/devices` with the
+- `sibyl devices revoke <index>`. POST `/api/plugin/devices` with the
   bearer_id at that index. Refuses to revoke the calling device.
 
 ### Server companion (deployed)
 
-- `GET  /api/plugin/devices?account_id=<uuid>` — lists bearer_tokens.
-- `POST /api/plugin/devices { bearer_id }` — revokes the bearer.
+- `GET  /api/plugin/devices?account_id=<uuid>`: lists bearer_tokens.
+- `POST /api/plugin/devices { bearer_id }`: revokes the bearer.
 - Both auth via `Authorization: Bearer <session_token>`; caller must
   own the account.
 
-## [0.1.4] — 2026-05-18
+## [0.1.4] - 2026-05-18
 
 Maximum-efficiency onboarding release. New `sibyl setup` command auto-detects
 agent frameworks on the user's machine and wires SIBYL as the memory provider
@@ -134,14 +134,14 @@ sibyl-memory-hermes` + `sibyl-memory-hermes install-plugin` + manual
 
 ### Added
 
-- **`sibyl setup`** — new subcommand. Auto-detects Hermes (`$HERMES_HOME` or
+- **`sibyl setup`**: new subcommand. Auto-detects Hermes (`$HERMES_HOME` or
   `~/.hermes/` or `hermes` on PATH) and Claude Code (`~/.claude/settings.json`
   or `claude` on PATH). Prompts per stack with explicit confirmation:
   - Fresh add: `Set SIBYL as default memory provider in Hermes? [Y/n]` (default Y)
   - Overwrite existing: `Hermes currently uses 'mem0' as memory provider. Overwrite with SIBYL? [y/N]` (default N, never destroys user state without explicit y)
   - Already wired: noop with green status
   - Multi-framework: `Wire which? [h]ermes, [c]laude, [a]ll, [n]one (default: all)`
-- **`sibyl setup hermes`** / **`sibyl setup claude-code`** — explicit targeting
+- **`sibyl setup hermes`** / **`sibyl setup claude-code`**: explicit targeting
   for power users (skips detection, wires only the named stack).
 - **Flags**: `--yes` (accept all defaults, still respects destructive-default-N
   unless `--force` is also passed), `--force` (overwrite existing non-SIBYL
@@ -179,7 +179,7 @@ sibyl-memory-hermes` + `sibyl-memory-hermes install-plugin` + manual
 
 
 
-## [0.1.3] — 2026-05-18
+## [0.1.3] - 2026-05-18
 
 KAPPA external-tester remediation release. Family-wide alignment with the
 v0.4.0 client + v0.3.2 hermes (KAPPA-attributed fixes: exception export
@@ -199,7 +199,7 @@ code changes in this release.
 
 ---
 
-## [0.1.2] — 2026-05-18
+## [0.1.2] - 2026-05-18
 
 Audit-remediation release. v0.3.0 plugin-family pre-ship audit (2026-05-18T05:05Z)
 surfaced 10 critical findings; this release lands the CLI-side fixes.
@@ -208,17 +208,17 @@ cross-tier search), `sibyl-memory-hermes` v0.3.1, `sibyl-memory-mcp` v0.1.1.
 
 ### Fixed
 
-- **C3** — `__version__` no longer hardcoded. Now sourced from
+- **C3**. `__version__` no longer hardcoded. Now sourced from
   `importlib.metadata.version("sibyl-memory-cli")` with `+source` fallback.
   Same pattern as sibyl-memory-hermes v0.3.0+. Wheel and `__init__.py`
   can't drift.
-- **C3** — HTTP User-Agent header now built from the runtime
+- **C3**. HTTP User-Agent header now built from the runtime
   `_client_version()` helper instead of the hardcoded `"sibyl-memory-cli/0.1.0"`.
   Server telemetry will see real versions, not the stale literal.
-- **C3** — `/api/plugin/session-init` payload's `client_version` field
+- **C3**. `/api/plugin/session-init` payload's `client_version` field
   similarly switched from `__import__("sibyl_memory_cli").__version__` to
   the helper. Telemetry will accurately reflect 0.1.2+.
-- **C4** — post-activation message rewritten. Removed the fictional
+- **C4**: post-activation message rewritten. Removed the fictional
   `from hermes_agent import Agent; agent = Agent(memory=SibylMemoryProvider())`
   quickstart (the API never existed in any Hermes release). Replaced with:
   the real Hermes install flow (`sibyl-memory-hermes install-plugin` +
@@ -227,12 +227,12 @@ cross-tier search), `sibyl-memory-hermes` v0.3.1, `sibyl-memory-mcp` v0.1.1.
 
 ### Security
 
-- **SEC-2** — `write_credentials_atomic` now creates files at mode 0o600
+- **SEC-2**. `write_credentials_atomic` now creates files at mode 0o600
   set by the kernel at file-creation time via `os.open(O_WRONLY|O_CREAT|
   O_EXCL|O_NOFOLLOW, 0o600)`. Previously used `write_text()` then
   `os.chmod(0o600)`, leaving a world-readable window between syscalls every
   credential save. No race.
-- **SEC-1** (CLI-side mitigation) — the URL parameter handed to the
+- **SEC-1** (CLI-side mitigation): the URL parameter handed to the
   browser is now treated as an opaque pairing-session identifier, not as
   the long-lived bearer. After activation completes, the CLI prefers a
   server-issued `bearer_token` field from `/check` (post-fix server flow);
@@ -241,21 +241,21 @@ cross-tier search), `sibyl-memory-hermes` v0.3.1, `sibyl-memory-mcp` v0.1.1.
   release prepares the CLI to consume it when the server-side lands.
   Internal variable renamed `session_token` → `session_id` in `cmd_init`
   to reflect the corrected meaning.
-- **SEC-11** — `read_credentials` refuses to follow symlinks.
+- **SEC-11**. `read_credentials` refuses to follow symlinks.
 
 ### Dependencies
 
 - `sibyl-memory-client>=0.3.3` (was `>=0.3.0`)
-- `sibyl-memory-hermes>=0.3.1` (was `>=0.2.0`) — picks up the fictional-API
+- `sibyl-memory-hermes>=0.3.1` (was `>=0.2.0`): picks up the fictional-API
   removal in the hermes package; earlier versions are structurally broken.
 
-## [0.1.1] — 2026-05-17
+## [0.1.1] - 2026-05-17
 
 ### Added
 
 - **SIBYL wordmark banner** at the top of `sibyl init`. ANSI Shadow boxchars,
   24-bit truecolor vertical gradient flowing cream/white at the top through
-  warm gold to deep ochre at the bottom — aligned with the lab visual identity
+  warm gold to deep ochre at the bottom: aligned with the lab visual identity
   per the operator's brand-discipline rule (creme palette, `--accent #8a6a2a`).
   Plus a tagline: "memory you can hold in your hand".
 
@@ -263,16 +263,16 @@ cross-tier search), `sibyl-memory-hermes` v0.3.1, `sibyl-memory-mcp` v0.1.1.
 
 - New module `sibyl_memory_cli._banner` with `render_banner()` and
   `print_banner()` helpers. Truecolor support is detected via `COLORTERM`,
-  `TERM_PROGRAM`, and `TERM` — modern terminals (iTerm2, Alacritty, Kitty,
+  `TERM_PROGRAM`, and `TERM`: modern terminals (iTerm2, Alacritty, Kitty,
   wezterm, Ghostty, Windows Terminal, VS Code, Tabby) light up automatically.
 - Gracefully degrades to plain text (still readable, no escape junk) when
   `NO_COLOR` is set, when stdout is not a TTY, or when `TERM=dumb`.
-- Wired into `cmd_init` only — `status` / `health` / `upgrade` stay banner-free
+- Wired into `cmd_init` only. `status` / `health` / `upgrade` stay banner-free
   so they don't add noise to scripted invocations.
 - Banner palette is encoded as 6 RGB tuples (one per row) in the module
-  rather than computed at runtime — easier to tune and audit.
+  rather than computed at runtime: easier to tune and audit.
 
-## [0.1.0] — 2026-05-16
+## [0.1.0] - 2026-05-16
 
 ### Changed (same-day revision before publish): terminal pairing code
 
@@ -283,7 +283,7 @@ The code itself never leaves the user's machine until they type it
 into the browser's email panel. Replaces the earlier Resend-backed
 email magic-code flow, removing the external dependency entirely.
 
-The wallet (SIWE) path is unchanged — the pairing code only matters
+The wallet (SIWE) path is unchanged: the pairing code only matters
 for the email panel.
 
 
@@ -293,20 +293,20 @@ CLI + upgrade page so the SDK + payment-auth machinery has a front door.
 
 ### Added
 
-- **`sibyl init`** — browser activation. Generates a session UUID,
+- **`sibyl init`**: browser activation. Generates a session UUID,
   opens `sibyllabs.org/plugin/activate?session=...` in the user's
   browser, polls `api.sibyllabs.org/api/plugin/check` every 3s with a
   10-min timeout. On bind, writes `~/.sibyl-memory/credentials.json`
   atomically at mode 0600.
-- **`sibyl upgrade`** — opens `sibyllabs.org/plugin/upgrade?session=...`
+- **`sibyl upgrade`**: opens `sibyllabs.org/plugin/upgrade?session=...`
   with the existing session token. Polls `/api/plugin/access` every 3s
   with a 15-min timeout until `tier` changes from the local value.
   On change: rewrites credentials.json, clears `tier_cache.json` so
   the next write picks up the new entitlement immediately.
-- **`sibyl status`** — shows local credentials, DB size, tier cache
+- **`sibyl status`**: shows local credentials, DB size, tier cache
   state, plus the server's view of tier (subscription / staker /
   free). Flags local↔server tier drift.
-- **`sibyl health`** — wraps `SibylMemoryProvider.health()`. Prints
+- **`sibyl health`**: wraps `SibylMemoryProvider.health()`. Prints
   the JSON diagnostic dict.
 
 ### Design

sibyl-memory-cli/README.md

@@ -51,8 +51,8 @@ $ sibyl upgrade
 ```
 
 In the browser:
-- **Stake** — connect your wallet (browser or Coinbase Smart Wallet), sign to bind, and the page checks your `$SIBYL` balance on Base. If you hold the threshold (default 100,000 $SIBYL liquid+staked, configurable), the local cap lifts.
-- **Subscribe** — pick monthly ($29) / quarterly ($79) / annual ($290) USDC, sign the transfer, the server records the subscription. Tier flips immediately.
+- **Stake**: connect your wallet (browser or Coinbase Smart Wallet), sign to bind, and the page checks your `$SIBYL` balance on Base. If you hold the threshold (default 100,000 $SIBYL liquid+staked, configurable), the local cap lifts.
+- **Subscribe**: pick monthly ($29) / quarterly ($79) / annual ($290) USDC, sign the transfer, the server records the subscription. Tier flips immediately.
 
 On either path, the CLI sees the tier change, rewrites `credentials.json`, and clears `tier_cache.json` so your next write picks up the new entitlement without delay.
 
@@ -94,7 +94,7 @@ SIBYL_UPGRADE_BASE=https://staging.sibyllabs.org/plugin/upgrade sibyl upgrade
 ## Security
 
 - `credentials.json` is written atomically at mode 0600.
-- `session_token` is never printed in full — only a short slice.
+- `session_token` is never printed in full: only a short slice.
 - No memory content ever transits these endpoints. The CLI never reads `memory.db` content; it only checks file size.
 - Wallet operations happen in the browser. The CLI sees only the resulting tier change.
 

sibyl-memory-cli/src/sibyl_memory_cli/__init__.py

@@ -1,10 +1,10 @@
-"""sibyl-memory-cli — Command-line interface for the Sibyl Memory Plugin.
+"""sibyl-memory-cli. Command-line interface for the Sibyl Memory Plugin.
 
 Entry point: `sibyl` (installed via [project.scripts] in pyproject).
 
 Commands:
-    sibyl init          activate the plugin — opens browser SIWE flow, writes ~/.sibyl-memory/credentials.json
-    sibyl upgrade       open the upgrade flow — stake $SIBYL or subscribe in USDC
+    sibyl init          activate the plugin: opens browser SIWE flow, writes ~/.sibyl-memory/credentials.json
+    sibyl upgrade       open the upgrade flow: stake $SIBYL or subscribe in USDC
     sibyl status        show current tier, DB size, expiry, account
     sibyl health        provider self-check (mirrors SibylMemoryProvider.health())
 

sibyl-memory-cli/src/sibyl_memory_cli/_aesthetic.py

@@ -22,22 +22,22 @@ from typing import Iterable
 # ─── Palette (RGB · derived from rule 46 creme-paper tokens) ─────────
 # Names map 1:1 to CSS custom properties on lab artifacts.
 
-PAPER       = (245, 241, 230)   # --paper        — foreground accent on dark
-PAPER_DEEP  = (237, 230, 211)   # --paper-deep   — depth on creme
-CARD        = (253, 251, 245)   # --card         — slightly lifted creme
-INK         = (21,  17,  10)    # --ink          — main text on creme
-INK_SOFT    = (44,  39,  29)    # --ink-soft     — body text
-INK_MUTE    = (106, 99,  86)    # --ink-mute     — secondary text
-INK_FAINT   = (152, 145, 127)   # --ink-faint    — tertiary text
-RULE        = (216, 208, 187)   # --rule         — hairline
-RULE_STRONG = (184, 174, 147)   # --rule-strong  — emphasised hairline
-ACCENT      = (138, 106, 42)    # --accent       — ochre highlight
-ACCENT_WARM = (160, 132, 56)    # --accent-warm  — softer ochre
-ACCENT_GOLD = (224, 194, 119)   # mid gold       — gradient bridge
-ACCENT_PALE = (244, 229, 184)   # pale gold      — gradient top
-JADE        = (45,  110, 106)   # --jade         — cool counterpoint
-PULSE       = (29,  138, 130)   # --pulse        — brighter jade (live signal)
-ERROR       = (162, 58,  42)    # --error        — measured red
+PAPER       = (245, 241, 230)   # --paper       : foreground accent on dark
+PAPER_DEEP  = (237, 230, 211)   # --paper-deep  : depth on creme
+CARD        = (253, 251, 245)   # --card        : slightly lifted creme
+INK         = (21,  17,  10)    # --ink         : main text on creme
+INK_SOFT    = (44,  39,  29)    # --ink-soft    : body text
+INK_MUTE    = (106, 99,  86)    # --ink-mute    : secondary text
+INK_FAINT   = (152, 145, 127)   # --ink-faint   : tertiary text
+RULE        = (216, 208, 187)   # --rule        : hairline
+RULE_STRONG = (184, 174, 147)   # --rule-strong : emphasised hairline
+ACCENT      = (138, 106, 42)    # --accent      : ochre highlight
+ACCENT_WARM = (160, 132, 56)    # --accent-warm : softer ochre
+ACCENT_GOLD = (224, 194, 119)   # mid gold      : gradient bridge
+ACCENT_PALE = (244, 229, 184)   # pale gold     : gradient top
+JADE        = (45,  110, 106)   # --jade        : cool counterpoint
+PULSE       = (29,  138, 130)   # --pulse       : brighter jade (live signal)
+ERROR       = (162, 58,  42)    # --error       : measured red
 
 # Status glyphs (Unicode, terminal-safe in modern fonts)
 GLYPH_OK    = "✓"
@@ -56,7 +56,7 @@ def supports_truecolor() -> bool:
         return False
     if os.environ.get("TERM", "").lower() == "dumb":
         return False
-    # SIBYL_FORCE_COLOR=1 — explicit override for non-tty rendering
+    # SIBYL_FORCE_COLOR=1: explicit override for non-tty rendering
     # (CI logs, doc captures, dev inspection in non-tty environments).
     if os.environ.get("SIBYL_FORCE_COLOR") == "1":
         return True
@@ -269,7 +269,7 @@ def err_line(text: str) -> str:
 
 
 def hr_caption(caption: str, *, width: int = 60) -> str:
-    """Caption line under a divider — small, muted, centered."""
+    """Caption line under a divider: small, muted, centered."""
     pad = max(0, (width - len(caption)) // 2)
     return " " * pad + dim(caption)
 

sibyl-memory-cli/src/sibyl_memory_cli/_banner.py

@@ -2,7 +2,7 @@
 
 Prints the SIBYL wordmark in ANSI Shadow boxchars with a 24-bit truecolor
 vertical gradient flowing from cream/white at the top through warm gold
-to deep ochre at the bottom — aligned with the lab visual identity per
+to deep ochre at the bottom: aligned with the lab visual identity per
 the operator's brand-discipline rule (creme palette, deep-ochre accent).
 
 Gracefully degrades:
@@ -10,7 +10,7 @@ Gracefully degrades:
   - stdout is not a TTY        → plain text fallback (or skip entirely)
   - TERM=dumb                  → plain text fallback
 
-Truecolor support is detected via $COLORTERM (truecolor / 24bit) — most
+Truecolor support is detected via $COLORTERM (truecolor / 24bit): most
 modern terminals (iTerm2, Alacritty, Kitty, wezterm, Windows Terminal,
 modern xterm builds, Ghostty) advertise it. Falls back to 256-color
 gradient when not available.
@@ -20,7 +20,7 @@ from __future__ import annotations
 import os
 import sys
 
-# ANSI Shadow rendering of "SIBYL" — 6 rows, 41 cols. Each row gets its
+# ANSI Shadow rendering of "SIBYL": 6 rows, 41 cols. Each row gets its
 # own gradient color (top = pale cream/white, bottom = deep ochre).
 _LINES = (
     "███████╗██╗██████╗ ██╗   ██╗██╗     ",
@@ -49,7 +49,7 @@ _ATTRIBUTION = "a Sibyl Labs LLC Product. Agentic Infrastructure and Memory Prod
 
 
 def _supports_truecolor() -> bool:
-    """Detect 24-bit color support. Conservative — fall back gracefully."""
+    """Detect 24-bit color support. Conservative: fall back gracefully."""
     if os.environ.get("NO_COLOR"):
         return False
     if os.environ.get("TERM", "").lower() == "dumb":
@@ -96,22 +96,22 @@ def render_banner(*, force_color: bool | None = None) -> str:
     use_truecolor = force_color if force_color is not None else _supports_truecolor()
 
     if not use_truecolor:
-        # Plain text — still visually clean, just no color.
+        # Plain text: still visually clean, just no color.
         body = "\n".join("  " + line for line in _LINES)
         tagline = f"\n  {_TAGLINE}"
         attribution = f"\n  {_ATTRIBUTION}\n"
         return body + tagline + attribution
 
-    # Colored — apply per-row gradient.
+    # Colored: apply per-row gradient.
     colored_lines = []
     for line, (r, g, b) in zip(_LINES, _GRADIENT):
         colored_lines.append(f"  {_rgb(r, g, b)}{line}{_RESET}")
 
     body = "\n".join(colored_lines)
-    # Tagline in the deepest gold — present, but not competing with the wordmark.
+    # Tagline in the deepest gold: present, but not competing with the wordmark.
     r, g, b = _GRADIENT[-1]
     tagline = f"\n  {_rgb(r, g, b)}{_TAGLINE}{_RESET}"
-    # Attribution dimmer still — a half-step below the tagline so the hierarchy
+    # Attribution dimmer still: a half-step below the tagline so the hierarchy
     # reads SIBYL > tagline > attribution at a glance. ANSI dim (\033[2m) gives
     # ~55% perceived opacity across the supported terminals.
     attribution = f"\n  \033[2m{_rgb(r, g, b)}{_ATTRIBUTION}{_RESET}\n"

sibyl-memory-cli/src/sibyl_memory_cli/cli.py

@@ -8,9 +8,9 @@ Design pillars:
   - Credentials are written atomically at mode 0600, set at file-creation
     time via O_CREAT|O_EXCL|O_NOFOLLOW (no chmod-after-write race).
   - The URL parameter handed to the browser is an opaque session identifier,
-    not the long-lived bearer (audit SEC-1 — server-side pairing handoff
+    not the long-lived bearer (audit SEC-1: server-side pairing handoff
     issues a separate bearer at activation completion if available).
-  - session_token is never printed in full — display short slice only.
+  - session_token is never printed in full: display short slice only.
   - Polling has explicit timeouts; no infinite loops.
   - Every command exits with a clear status code (0 ok, 1 user error, 2 server error).
 """
@@ -55,7 +55,7 @@ DEFAULT_TIER_CACHE_PATH = Path("~/.sibyl-memory/tier_cache.json").expanduser()
 
 POLL_INTERVAL_SEC = 3
 INIT_TIMEOUT_SEC = 10 * 60      # 10 minutes for /init activation
-UPGRADE_TIMEOUT_SEC = 15 * 60   # 15 minutes for upgrade — wallet ux can be slow
+UPGRADE_TIMEOUT_SEC = 15 * 60   # 15 minutes for upgrade: wallet ux can be slow
 
 # ---- Color / output ----------------------------------------------------
 
@@ -88,7 +88,7 @@ def _detect_os_family() -> str | None:
 
 def short(token: str | None) -> str:
     if not token:
-        return "—"
+        return "-"
     if len(token) <= 12:
         return token
     return f"{token[:8]}…{token[-4:]}"
@@ -209,7 +209,7 @@ def cmd_init(args: argparse.Namespace) -> int:
     The pairing code is printed in the terminal. If the user picks the
     email path in the browser, they type both their email and this code.
     No external email service is required."""
-    # Brand moment — gold/white gradient SIBYL wordmark.
+    # Brand moment: gold/white gradient SIBYL wordmark.
     # Honors NO_COLOR + TTY detection automatically; safe to always call.
     from ._banner import print_banner
     print_banner()
@@ -231,7 +231,7 @@ def cmd_init(args: argparse.Namespace) -> int:
     # it as the activation rendezvous key only. The persistent bearer
     # is issued by the server in the /check response (`bearer_token`
     # field) after activation completes. Servers running pre-SEC-1
-    # firmware that echo the URL identifier as the bearer still work —
+    # firmware that echo the URL identifier as the bearer still work -
     # we use whichever the server returns in the bound credentials.
     session_id = str(uuid.uuid4())
     pairing_code = _gen_pairing_code()
@@ -290,7 +290,7 @@ def cmd_init(args: argparse.Namespace) -> int:
             resp = http_request("GET", f"/api/plugin/check?session={urllib.parse.quote(session_id)}", timeout=10.0)
         except HttpError as e:
             if e.status in (404, 503, 0):
-                # Session not yet created server-side, or transient — keep polling
+                # Session not yet created server-side, or transient: keep polling
                 pass
             else:
                 print(red(f"\nUnexpected error: {e.body}"))
@@ -301,19 +301,19 @@ def cmd_init(args: argparse.Namespace) -> int:
             creds = resp["credentials"]
             # SEC-1: prefer the server-issued bearer_token (post-fix) over
             # echoing the URL pairing-session id. Servers running pre-SEC-1
-            # firmware echo `session_token` back as the bearer — we use
+            # firmware echo `session_token` back as the bearer: we use
             # whichever the server returns. The CLI's session_id (URL
             # identifier) is the rendezvous key, not the persistent bearer.
             bearer = creds.get("bearer_token") or creds.get("session_token")
             if not bearer:
                 # Fallback: pre-SEC-1 server flow where neither field is
-                # echoed back — inject the pairing session id so subsequent
+                # echoed back: inject the pairing session id so subsequent
                 # /access and /check-write calls have something to send.
                 bearer = session_id
             # Sanity check on echoed session_token (pre-SEC-1 flow only)
             if creds.get("session_token") and creds["session_token"] != session_id \
                     and not creds.get("bearer_token"):
-                print(red("\nSession token mismatch — refusing to write credentials."))
+                print(red("\nSession token mismatch: refusing to write credentials."))
                 return 2
             creds["session_token"] = bearer
             path = write_credentials_atomic(creds, cred_path)
@@ -323,8 +323,8 @@ def cmd_init(args: argparse.Namespace) -> int:
             print()
             print(a.kv("Account", short(creds.get("account_id"))))
             print(a.kv("Tier", (creds.get("tier") or "free").upper(), value_color="accent"))
-            print(a.kv("Wallet", creds.get("wallet") or "—"))
-            print(a.kv("Email", creds.get("email") or "—"))
+            print(a.kv("Wallet", creds.get("wallet") or "-"))
+            print(a.kv("Email", creds.get("email") or "-"))
             print(a.kv("Credentials", str(path)))
             print()
             print(a.section_header("wire it into your agent"))
@@ -417,7 +417,7 @@ def cmd_upgrade(args: argparse.Namespace) -> int:
             if e.status == 401:
                 print(red("\nSession expired. Re-run `sibyl init`."))
                 return 1
-            # Transient — keep polling
+            # Transient: keep polling
             resp = {}
 
         new_tier = (resp.get("tier") or current_tier).lower()
@@ -444,8 +444,8 @@ def cmd_upgrade(args: argparse.Namespace) -> int:
                 print(a.kv("Storage cap", f"{resp['cap_bytes']:,} bytes"))
             if resp.get("staker"):
                 s = resp["staker"]
-                print(a.kv("Wallet", s.get("wallet", "—")))
-                print(a.kv("$SIBYL held", str(s.get("total_sibyl", "—"))))
+                print(a.kv("Wallet", s.get("wallet", "-")))
+                print(a.kv("$SIBYL held", str(s.get("total_sibyl", "-"))))
             print()
             print(a.dim("  local tier cache cleared. your next write will sync the new tier."))
             return 0
@@ -490,9 +490,9 @@ def cmd_status(args: argparse.Namespace) -> int:
     print(a.kv("Credentials", str(cred_path)))
     print(a.kv("Account", short(creds.get("account_id"))))
     print(a.kv("Tier", (creds.get("tier") or "free").upper(), value_color="accent"))
-    print(a.kv("Wallet", creds.get("wallet") or "—"))
-    print(a.kv("Email", creds.get("email") or "—"))
-    print(a.kv("Issued", creds.get("issued_at") or "—"))
+    print(a.kv("Wallet", creds.get("wallet") or "-"))
+    print(a.kv("Email", creds.get("email") or "-"))
+    print(a.kv("Issued", creds.get("issued_at") or "-"))
 
     db_path = Path(args.db).expanduser()
     if db_path.exists():
@@ -510,7 +510,7 @@ def cmd_status(args: argparse.Namespace) -> int:
         cache = json.loads(tier_cache.read_text(encoding="utf-8"))
         print(a.kv("Tier cache", f"{cache.get('tier','?')} (checked {cache.get('checked_at','?')[:19]})"))
     else:
-        print(a.kv("Tier cache", "—"))
+        print(a.kv("Tier cache", "-"))
 
     # Server view (only if account_id + session_token are present)
     if creds.get("account_id") and creds.get("session_token"):
@@ -524,14 +524,14 @@ def cmd_status(args: argparse.Namespace) -> int:
                 timeout=10.0,
             )
             print(a.kv("Tier", (resp.get("tier") or "free").upper(), value_color="accent"))
-            print(a.kv("Source", resp.get("source") or "—"))
+            print(a.kv("Source", resp.get("source") or "-"))
             print(a.kv("Cap bytes", "unlimited" if resp.get("cap_bytes") is None else f"{resp['cap_bytes']:,}"))
             if resp.get("expires_at"):
                 print(a.kv("Expires", resp["expires_at"]))
             if resp.get("staker"):
                 s = resp["staker"]
-                print(a.kv("$SIBYL held", str(s.get("total_sibyl", "—"))))
-                print(a.kv("Threshold", str(s.get("threshold_sibyl", "—"))))
+                print(a.kv("$SIBYL held", str(s.get("total_sibyl", "-"))))
+                print(a.kv("Threshold", str(s.get("threshold_sibyl", "-"))))
                 print(a.kv("Qualified", "yes" if s.get("qualified") else "no",
                            value_color="ok" if s.get("qualified") else "soft"))
             # Detect server/local drift
@@ -558,7 +558,7 @@ def cmd_dashboard(args: argparse.Namespace) -> int:
     who muscle-memory it get a real result.
 
     When account.sibyllabs.org ships, this will flip to
-    `webbrowser.open(...)` with no UX disruption — same command, real
+    `webbrowser.open(...)` with no UX disruption: same command, real
     web dashboard."""
     DASHBOARD_BASE = os.environ.get("SIBYL_DASHBOARD_BASE")
     if DASHBOARD_BASE:
@@ -583,7 +583,7 @@ def cmd_dashboard(args: argparse.Namespace) -> int:
 
 def _mask_email(e: str | None) -> str:
     if not e or "@" not in e:
-        return "—"
+        return "-"
     user, _, domain = e.partition("@")
     if "." not in domain:
         return f"{user[0]}***@{domain[0]}***"
@@ -593,7 +593,7 @@ def _mask_email(e: str | None) -> str:
 
 def _mask_wallet(w: str | None) -> str:
     if not w or not w.startswith("0x") or len(w) < 12:
-        return w or "—"
+        return w or "-"
     return f"{w[:6]}…{w[-4:]}"
 
 
@@ -616,8 +616,8 @@ def cmd_whoami(args: argparse.Namespace) -> int:
 
     print()
     print(f"  {a.color('account', a.INK_FAINT)}  {a.bold(short(acct))}  {a.dim(a.GLYPH_DOT)}  {a.gradient_gold(tier)}")
-    print(f"  {a.color('wallet ', a.INK_FAINT)}  {a.color(wallet or '—', a.INK)}")
-    print(f"  {a.color('email  ', a.INK_FAINT)}  {a.color(email or '—', a.INK)}")
+    print(f"  {a.color('wallet ', a.INK_FAINT)}  {a.color(wallet or '-', a.INK)}")
+    print(f"  {a.color('email  ', a.INK_FAINT)}  {a.color(email or '-', a.INK)}")
     os_label = _detect_os_family() or "unknown"
     device_line = f"sibyl-memory-cli/{_client_version()} {os_label}"
     print(f"  {a.color('device ', a.INK_FAINT)}  {a.dim(device_line)}")
@@ -667,7 +667,7 @@ def cmd_devices(args: argparse.Namespace) -> int:
             print(red(f"no device at index {idx}. Run `sibyl devices` to see indexes."))
             return 1
         if target.get("is_this_device"):
-            print(red("refusing to revoke your own device — that would lock you out. Run `sibyl logout` instead, then `sibyl init` on a fresh activation."))
+            print(red("refusing to revoke your own device: that would lock you out. Run `sibyl logout` instead, then `sibyl init` on a fresh activation."))
             return 1
         try:
             revoke_resp = http_request(
@@ -713,7 +713,7 @@ def cmd_devices(args: argparse.Namespace) -> int:
         is_this = d.get("is_this_device")
         marker = a.ok("▶") if is_this else " "
         label = d.get("device_label") or "(unlabeled)"
-        installed = d.get("install_method") or "—"
+        installed = d.get("install_method") or "-"
         last_seen = d.get("last_seen_at", "")[:19].replace("T", " ")
         idx_chip = a.chip(str(i), palette="jade" if is_this else "mute")
         label_color = a.gradient_gold(label) if is_this else a.color(label, a.INK)
@@ -727,7 +727,7 @@ def cmd_devices(args: argparse.Namespace) -> int:
 # ---- `sibyl logout` ----------------------------------------------------
 
 def cmd_logout(args: argparse.Namespace) -> int:
-    """Delete credentials.json + tier_cache.json. memory.db stays — that's your data."""
+    """Delete credentials.json + tier_cache.json. memory.db stays: that's your data."""
     cred_path = Path(args.credentials).expanduser()
     tier_cache = Path(args.tier_cache).expanduser()
 
@@ -757,7 +757,7 @@ def cmd_logout(args: argparse.Namespace) -> int:
 # ---- `sibyl health` ----------------------------------------------------
 
 def cmd_health(args: argparse.Namespace) -> int:
-    """SibylMemoryProvider.health() — minimal self-check."""
+    """SibylMemoryProvider.health(): minimal self-check."""
     try:
         from sibyl_memory_hermes import SibylMemoryProvider
     except ImportError:

sibyl-memory-cli/tests/test_setup.py

@@ -36,7 +36,7 @@ from sibyl_memory_cli.setup import (  # noqa: E402
 # ----------------------------------------------------------------------
 
 def _stub_install_plugin(hermes_home: str):
-    """Replacement for sibyl_memory_hermes.install_plugin.install — drops a fake
+    """Replacement for sibyl_memory_hermes.install_plugin.install: drops a fake
     adapter file so the wirer sees plugin_installed=True afterwards."""
     plugin_dir = Path(hermes_home) / "plugins" / "sibyl"
     plugin_dir.mkdir(parents=True, exist_ok=True)

sibyl-memory-client/CHANGELOG.md

@@ -4,9 +4,9 @@ All notable changes to `sibyl-memory-client` are recorded here. Format
 follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). Versioning
 follows [SemVer](https://semver.org/).
 
-## [0.4.1] — 2026-05-19
+## [0.4.1] - 2026-05-19
 
-Auth-redesign wave 1 step 15 — forward-compat with the server's v6 bearer
+Auth-redesign wave 1 step 15: forward-compat with the server's v6 bearer
 model. `/api/plugin/check-write` accepts `Authorization: Bearer <token>`
 headers in addition to the existing `session_token` body field. This
 release sends both: body field for older servers, header for the new
@@ -22,7 +22,7 @@ so legacy `session_token`-as-bearer credentials still resolve.
   (v1 backward compat). No behavior change against current production
   server. Companion: api-sibyllabs accepts both paths since v6 schema.
 
-## [0.4.0] — 2026-05-18
+## [0.4.0] - 2026-05-18
 
 KAPPA external-tester remediation release. Independent third-party install
 test (KAPPA, peer Tulip-referred) against the v0.3.3 family surfaced one
@@ -33,7 +33,7 @@ v0.1.3.
 
 ### Fixed
 
-- **KAPPA-BLOCKER** — `CapExceededError` and `TierVerificationError`
+- **KAPPA-BLOCKER**. `CapExceededError` and `TierVerificationError`
   relocated from `_capcheck.py` to `exceptions.py` so they are importable
   from the canonical `sibyl_memory_client.exceptions` submodule path. The
   v0.3.3 family had them defined and re-exported only at the top-level
@@ -41,19 +41,19 @@ v0.1.3.
   imports from) raised `ImportError`. `_capcheck.py` now imports them back
   for full backwards compatibility with anyone reaching into the private
   module.
-- **KAPPA-RED** — `~/.sibyl-memory/memory.db` now chmod 0600 after the
+- **KAPPA-RED**. `~/.sibyl-memory/memory.db` now chmod 0600 after the
   schema apply (was inheriting umask, typically 0644). WAL + SHM sidecar
   files also tightened to 0600 if present. Idempotent + non-fatal on
   chmod failure. Closes the file-perm gap KAPPA observed on a multi-user
   / CI / shared-dev-box install.
-- **KAPPA-YELLOW** — `set_entity`, `set_state`, and `set_reference` now
+- **KAPPA-YELLOW**. `set_entity`, `set_state`, and `set_reference` now
   validate user-supplied identifiers (category, name, key) before write.
   Rejects: non-string, empty, control characters / null bytes, length
   > 1024. Raises `ValidationError` with a recovery hint. Read paths are
   unchanged: already-stored bad identifiers remain accessible so users
   can introspect and migrate. New module-level helper
   `validate_identifier(value, *, field_name)`.
-- **KAPPA-YELLOW** — `search()` and `search_entities()` no longer silently
+- **KAPPA-YELLOW**. `search()` and `search_entities()` no longer silently
   swallow `sqlite3.OperationalError` into empty results. The error is now
   classified by `_classify_fts5_error()`:
   - schema-missing (`"no such table"`) returns empty (defense against
@@ -65,9 +65,9 @@ v0.1.3.
 
 ### Added
 
-- `validate_identifier(value, *, field_name)` — public helper for
+- `validate_identifier(value, *, field_name)`: public helper for
   validating user-supplied identifiers consistently across the SDK.
-- `_classify_fts5_error(err)` — internal helper for translating FTS5
+- `_classify_fts5_error(err)`: internal helper for translating FTS5
   `OperationalError` into the appropriate exception type.
 
 ### Notes
@@ -80,7 +80,7 @@ v0.1.3.
 
 ---
 
-## [0.3.3] — 2026-05-18
+## [0.3.3] - 2026-05-18
 
 Audit-remediation release. v0.3.0 pre-ship audit (2026-05-18T05:05Z) surfaced
 10 critical findings across four lanes; this release lands the engine-side
@@ -89,7 +89,7 @@ v0.1.2, `sibyl-memory-mcp` v0.1.1.
 
 ### Added
 
-- `MemoryClient.search(query, *, limit=20, prefix=False, tiers=None)` —
+- `MemoryClient.search(query, *, limit=20, prefix=False, tiers=None)` -
   cross-tier FTS5 search over entities + state + reference + journal. Each
   hit is tier-tagged with `{tier, key, category, body, snippet, rank, ts}`.
   Pass `tiers=("entity", "state")` to restrict scope. The marketing claim of
@@ -129,27 +129,27 @@ v0.1.2, `sibyl-memory-mcp` v0.1.1.
 
 ### Security
 
-- **SEC-2** — Atomic 0600-at-create for `TierCache.store`. Previously
+- **SEC-2**. Atomic 0600-at-create for `TierCache.store`. Previously
   used `write_text(...)` then `os.chmod(..., 0o600)`, leaving a
   world-readable window between syscalls every cache write. Now opens with
   `O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW` and mode `0o600` set at creation
   time. No race window.
-- **SEC-3** — FTS5 query sanitization on every MATCH path. Prevents
+- **SEC-3**. FTS5 query sanitization on every MATCH path. Prevents
   FTS5 injection / DoS via malformed queries.
-- **SEC-3** — `StorageError` messages no longer echo the absolute
+- **SEC-3**. `StorageError` messages no longer echo the absolute
   `db_path` or full SQLite error text. Original exception is chained via
   `from e` for debugging; user-visible message stays generic.
-- **SEC-9** — `TierVerificationError` no longer echoes the server-side
-  `error` body string in the user-visible message — strips to a generic
+- **SEC-9**. `TierVerificationError` no longer echoes the server-side
+  `error` body string in the user-visible message: strips to a generic
   "Retry shortly" pointer to avoid leaking internal server detail into
   user logs.
-- **SEC-11** — `TierCache.load` refuses to follow symlinks. A
+- **SEC-11**. `TierCache.load` refuses to follow symlinks. A
   low-privilege attacker who once had write to `~/.sibyl-memory` cannot
   redirect the cache to `/dev/null` or another file via symlink.
 
 ### Fixed
 
-- **C2** — `__version__` no longer hardcoded. Now sourced from
+- **C2**. `__version__` no longer hardcoded. Now sourced from
   `importlib.metadata.version("sibyl-memory-client")` with the same
   `+source` fallback pattern as sibyl-memory-hermes v0.3.0. The wheel and
   the in-Python `__version__` can no longer drift (v0.3.2 published with
@@ -166,7 +166,7 @@ v0.1.2, `sibyl-memory-mcp` v0.1.1.
 - Dropped unused `Iterable` and `ConflictError` imports from `client.py`
   (DC1/DC2). Both remain in `__all__` via re-export.
 
-## [0.3.2] — 2026-05-16
+## [0.3.2] - 2026-05-16
 
 Audit-remediation release. Companion to api-sibyllabs payment-rail fixes
 and the post-audit shipping pass. Closes T1-3, T1-4, T2-3 from the
@@ -175,7 +175,7 @@ msg_id 19e33139dfc3e4d4).
 
 ### Changed
 
-- **T1-3 — `archive_entity` now goes through CapGate**. The audit found
+- **T1-3. `archive_entity` now goes through CapGate**. The audit found
   that `MemoryClient.archive_entity` bypassed the cap check, letting a
   free user at 1.9 MB archive their largest entities (body copied into
   archived_entities, doubling footprint) to keep writing past 2 MB. The
@@ -183,20 +183,20 @@ msg_id 19e33139dfc3e4d4).
   (`body + name + category + reason + 200B overhead`), then calls
   `self._cap_gate.check(proposed_delta_bytes=delta)` before the write
   transaction. NotFoundError still raised before any cap-gate side effect.
-- **T1-3 — `Learner.accept_proposal` now accepts an optional `cap_gate`**.
+- **T1-3. `Learner.accept_proposal` now accepts an optional `cap_gate`**.
   `Learner.__init__` gains a `cap_gate: Any = None` parameter. When
   non-None, `accept_proposal` calls `cap_gate.check(proposed_delta_bytes=...)`
   before inserting the `reference_documents` row (skill body can be
   kilobytes). The convenience entry `MemoryClient.learner()` threads
   the client's CapGate through automatically. Direct-import callers can
   override `cap_gate=None` explicitly for tests.
-- **T2-3 — `_default_check_write_fn` no longer forges fake decisions on
+- **T2-3. `_default_check_write_fn` no longer forges fake decisions on
   HTTP error**. Previously a transient 502 response synthesized
   `{ok: False, tier: "free"}` and the caller cached it as authoritative,
   locking a paid user out for up to 7 days. Now raises
-  `TierVerificationError` on any HTTP error — the offline-grace path in
+  `TierVerificationError` on any HTTP error: the offline-grace path in
   `_refresh_and_check` decides whether to honor a recent cache or hard-cap.
-- **T1-4 — TierCacheEntry gains `server_expires_at` + `cache_token` fields**.
+- **T1-4. TierCacheEntry gains `server_expires_at` + `cache_token` fields**.
   `server_expires_at` is the server-supplied subscription expiry parsed
   from the `expires_at` field on the `/check-write` response. The cache
   is now honored only while `now < min(checked_at + grace_seconds,
@@ -220,7 +220,7 @@ msg_id 19e33139dfc3e4d4).
 
 - 53/53 unchanged, all green. The cap-gate addition in `archive_entity`
   fires under the default 2 MB cap on test data well below that
-  threshold — no test changes needed.
+  threshold: no test changes needed.
 
 ### Notes for downstream
 
@@ -229,7 +229,7 @@ msg_id 19e33139dfc3e4d4).
   hermes versions still work; the bug they had was over-aggressive
   exception swallowing, harmless to the cap-gate plumbing.
 
-## [0.3.1] — 2026-05-16
+## [0.3.1] - 2026-05-16
 
 Tamper-evidence release. Companion to api-sibyllabs HMAC signing.
 
@@ -242,13 +242,13 @@ Tamper-evidence release. Companion to api-sibyllabs HMAC signing.
 - `CapGate` accepts the same two kwargs and, when both are present,
   attaches them to every `/check-write` POST body. The server uses
   them to verify the signature and log `credentials_tamper_suspected`
-  telemetry on mismatch. The cap-gate decision itself is unaffected —
+  telemetry on mismatch. The cap-gate decision itself is unaffected -
   authoritative tier always comes from the database via
   `effectiveAccess`.
 
 ### Schema
 
-- Credentials JSON schema v2 (server-issued 2026-05-16+) — adds
+- Credentials JSON schema v2 (server-issued 2026-05-16+): adds
   `signature` (HMAC-SHA256 hex, 64 chars) and `signed_at` (ISO ts).
   Old schema v1 credentials still load and work; the client just
   sends an unsigned request and the server skips the tamper check.
@@ -257,7 +257,7 @@ Tamper-evidence release. Companion to api-sibyllabs HMAC signing.
 
 - 53/53 unchanged, all green. The signing path is purely additive.
 
-## [0.3.0] — 2026-05-15
+## [0.3.0] - 2026-05-15
 
 Hard-cap enforcement release. Operator directive 2026-05-15: "how do
 we hard-limit free users to the 2Mb size? and ensure they can't
@@ -268,19 +268,19 @@ boundary. Locked in: 7-day grace cache, hard cap on by default.
 ### Added
 
 - **`_capcheck.py` module** with the cap-enforcement primitives:
-  - `CapGate.check(proposed_delta_bytes)` — three fast paths plus one
+  - `CapGate.check(proposed_delta_bytes)`: three fast paths plus one
     slow server-refresh path. Most writes never phone home. The slow
     path only fires when (a) a free-tier user is about to push past
     2 MB or (b) the local tier cache has expired.
-  - `TierCache` — file-backed at `~/.sibyl-memory/tier_cache.json`,
+  - `TierCache`: file-backed at `~/.sibyl-memory/tier_cache.json`,
     mode 0600, atomic write, JSON shape `{ account_id, tier,
     checked_at, cap_bytes }`. Honored as fresh for 7 days; honored
     for an extended 14-day grace if the user is offline.
-  - `CapExceededError` (code `CAP_EXCEEDED`) — carries `upgrade_url`.
-  - `TierVerificationError` — raised only when the user is at the cap,
+  - `CapExceededError` (code `CAP_EXCEEDED`): carries `upgrade_url`.
+  - `TierVerificationError`: raised only when the user is at the cap,
     offline, AND has no valid grace cache. Distinct from CAP_EXCEEDED
     so callers can route the two error states differently.
-  - `_default_check_write_fn` — pure stdlib urllib transport. The
+  - `_default_check_write_fn`: pure stdlib urllib transport. The
     default endpoint is `https://api.sibyllabs.org/api/plugin/check-write`.
     Replaceable for tests via the `check_fn` constructor kwarg.
   - Constants `FREE_TIER_CAP_BYTES = 2 * 1024 * 1024` and
@@ -293,7 +293,7 @@ boundary. Locked in: 7-day grace cache, hard cap on by default.
     `set_reference`) calls `self._cap_gate.check(proposed_delta_bytes=...)`
     with a JSON-byte-length estimate. Reads are never gated.
   - Pre-activation users (no `account_id`) get a strict local 2 MB cap
-    with no server check possible — by design.
+    with no server check possible: by design.
 
 ### Tests
 
@@ -314,7 +314,7 @@ boundary. Locked in: 7-day grace cache, hard cap on by default.
   `memory/research/2026-05-15-hard-cap-enforcement.md` (deferred until
   `PLUGIN_CREDENTIAL_SIGNING_KEY` is provisioned in Doppler/Vercel).
 
-## [0.2.0] — 2026-05-15
+## [0.2.0] - 2026-05-15
 
 Self-learning + memory-linting release. Operator directive 2026-05-15:
 "add a self-learning cron + function to the memory deployment so the
@@ -323,47 +323,47 @@ do. could we also do memory linter?"
 
 ### Schema
 
-- **v2 migration** — adds two tables. Idempotent. v1 databases auto-upgrade on next open.
-  - `skill_proposals` — review queue for detected skills. Columns: id, tenant_id, created_at, pattern_kind, proposed_slug, proposed_title, proposed_body, evidence (JSON), confidence (REAL 0..1), summarizer, status (pending/accepted/rejected/superseded), reviewed_at, review_note, accepted_doc_key. UNIQUE indexes on (tenant_id, status, created_at) and (tenant_id, proposed_slug).
-  - `learning_runs` — watermark log so detectors don't rescan ground they covered. Columns: id, tenant_id, started_at, completed_at, summarizer, events_scanned, proposals_made, cursor_after_ts, notes.
+- **v2 migration**: adds two tables. Idempotent. v1 databases auto-upgrade on next open.
+  - `skill_proposals`: review queue for detected skills. Columns: id, tenant_id, created_at, pattern_kind, proposed_slug, proposed_title, proposed_body, evidence (JSON), confidence (REAL 0..1), summarizer, status (pending/accepted/rejected/superseded), reviewed_at, review_note, accepted_doc_key. UNIQUE indexes on (tenant_id, status, created_at) and (tenant_id, proposed_slug).
+  - `learning_runs`: watermark log so detectors don't rescan ground they covered. Columns: id, tenant_id, started_at, completed_at, summarizer, events_scanned, proposals_made, cursor_after_ts, notes.
 
 ### Added
 
 - **`learning.py` module** with the full self-learning loop:
-  - `Learner` class — scans journal_events since last watermark, runs four pattern detectors, dedupes by slug, persists top-N proposals.
+  - `Learner` class: scans journal_events since last watermark, runs four pattern detectors, dedupes by slug, persists top-N proposals.
   - Four deterministic detectors: `repeated_action`, `structural_similarity`, `co_occurrence`, `temporal_routine`.
   - Three pluggable summarizer backends (per operator design directive 2026-05-15):
-    - `LocalDeterministicSummarizer` (free tier default) — pure SQL + Python templates, zero network.
-    - `BYOKSummarizer` (paid tier opt-in) — user supplies their own inference callable, SDK never holds the key.
-    - `VeniceX402Summarizer` (paid tier hosted) — Venice-routed via x402 against the user's pre-funded plugin balance. Endpoint design at `memory/research/2026-05-15-self-learning-design.md`.
+    - `LocalDeterministicSummarizer` (free tier default): pure SQL + Python templates, zero network.
+    - `BYOKSummarizer` (paid tier opt-in): user supplies their own inference callable, SDK never holds the key.
+    - `VeniceX402Summarizer` (paid tier hosted). Venice-routed via x402 against the user's pre-funded plugin balance. Endpoint design at `memory/research/2026-05-15-self-learning-design.md`.
   - Review queue API: `list_proposals`, `get_proposal`, `accept_proposal` (writes `reference_documents` row under `skill/<slug>` key with provenance metadata), `reject_proposal`.
   - Both LLM-backed summarizers gracefully fall back to local-deterministic output when the inference callable raises.
 
-- **`lint.py` module** — local memory linter mirroring `scripts/memory-lint.mjs`:
+- **`lint.py` module**: local memory linter mirroring `scripts/memory-lint.mjs`:
   - `Linter` class with 9 checks across three severity tiers (critical / warning / info): schema-version, invalid-json-entity, invalid-json-state, invalid-json-journal, duplicate-entity, empty-reference, stale-entity, journal-without-acts, db-soft-cap, fts-rowcount-mismatch, flagged-actors-fresh.
   - `LintReport` dataclass with `to_dict()` (JSON-serializable) + `to_ascii()` (single-block boxed report for CLI).
   - Tunable thresholds: `soft_cap_bytes` (default 10 MB per operator decision), `stale_days` (default 90), `flag_recency_days` (default 30).
 
 - **`MemoryClient` API surface (additive)**:
-  - `client.learner(**kwargs)` — construct a tenant-bound Learner.
-  - `client.learn()` — convenience: one-shot Learner.run() returning a LearningRunReport.
+  - `client.learner(**kwargs)`: construct a tenant-bound Learner.
+  - `client.learn()`: convenience: one-shot Learner.run() returning a LearningRunReport.
   - `client.list_skill_proposals(status='pending', limit=50)`.
   - `client.accept_skill_proposal(id, note=None)`.
   - `client.reject_skill_proposal(id, note=None)`.
-  - `client.lint(**kwargs)` — returns a LintReport.
+  - `client.lint(**kwargs)`: returns a LintReport.
 
 - **Public exports** (`__init__.py`): added `Learner`, `SkillProposal`, `LearningRunReport`, `Summarizer`, `LocalDeterministicSummarizer`, `BYOKSummarizer`, `VeniceX402Summarizer`, `Linter`, `LintReport`, `Finding`.
 
 ### Tests
 
 - 22 new tests across two files:
-  - `tests/test_learning.py` — 12 tests: schema migration v2, no-event runs, repeated-action detection, watermark dedup, structural-similarity detection, accept/reject lifecycle, BYOK invocation, Venice/x402 fallback on failure, multi-tenant isolation.
-  - `tests/test_lint.py` — 10 tests: clean-DB baseline, duplicate-entity, empty-reference, stale-entity, journal-without-acts, soft-cap, ASCII report rendering, dict serialization, severity buckets, multi-tenant isolation.
+  - `tests/test_learning.py`: 12 tests: schema migration v2, no-event runs, repeated-action detection, watermark dedup, structural-similarity detection, accept/reject lifecycle, BYOK invocation, Venice/x402 fallback on failure, multi-tenant isolation.
+  - `tests/test_lint.py`: 10 tests: clean-DB baseline, duplicate-entity, empty-reference, stale-entity, journal-without-acts, soft-cap, ASCII report rendering, dict serialization, severity buckets, multi-tenant isolation.
 - Total package coverage: 10 (existing smoke) + 12 (learning) + 10 (lint) = **32 tests, all green**.
 
 ### Compatibility
 
-- v0.1.0 databases auto-upgrade to v2 on first open via existing idempotent `_ensure_schema()` path — no manual migration needed.
+- v0.1.0 databases auto-upgrade to v2 on first open via existing idempotent `_ensure_schema()` path: no manual migration needed.
 - `sibyl-memory-hermes` v0.1.0 is binary-compatible with v0.2.0 of this SDK (provider surface unchanged). Hermes-provider tests updated to expect schema_version=2.
 - Local-first promise unchanged: free tier remains zero-network. BYOK / Venice routes are paid-tier opt-in only and the CLI gate enforces tier checks upstream.
 
@@ -375,7 +375,7 @@ The CLI package will expose:
 - `sibyl lint` → runs `client.lint()`, prints `to_ascii()`, exits non-zero if `critical_count > 0`.
 - Optional cron install during `sibyl init` (Linux/macOS cron, Windows Task Scheduler) for daily learn + lint.
 
-## [0.1.0] — 2026-05-15
+## [0.1.0] - 2026-05-15
 
 Initial release.
 

sibyl-memory-client/README.md

@@ -33,7 +33,7 @@ results = memory.search_entities("atlas")
 Most agent-memory products store everything on someone else's servers, treat every piece of information the same way, and quietly forget the important things when you need them most. This SDK solves all three:
 
 - **Local-first.** Memory lives in a SQLite database in `~/.sibyl-memory/`. No cloud round-trip for any operation.
-- **Organized by kind.** Five separate tiers — state, entities, journal, reference, archive — each recalled the way it should be recalled.
+- **Organized by kind.** Five separate tiers: state, entities, journal, reference, archive: each recalled the way it should be recalled.
 - **Benchmarked.** The Sibyl Memory Plugin (built on this SDK) sits at #2 globally on the LongMemEval Oracle benchmark when paired with Claude Opus 4.6. Methodology open at [blog.sibylcap.com/longmemeval-v2](https://blog.sibylcap.com/longmemeval-v2).
 
 ## The five tiers

sibyl-memory-client/src/sibyl_memory_client/_capcheck.py

@@ -10,7 +10,7 @@ Design (v0.3.0):
        c) we have a recent cached server result that says we're under-cap
     3. The slow path (only fires at the cap boundary) hits the server endpoint
        POST /api/plugin/check-write with current_size + proposed_delta. The
-       server is the authoritative source for tier — credentials.json
+       server is the authoritative source for tier: credentials.json
        tampering is detected here because the server looks up the real tier
        from sibyl_plugin.accounts.
     4. Server response is cached for 7 days. After that, the next write at the
@@ -144,7 +144,7 @@ class TierCache:
 
         SEC-2 hardening (v0.3.3): the previous write_text() + chmod() pattern
         left a world-readable window between the syscalls. Now we open with
-        O_CREAT|O_EXCL|O_WRONLY and mode 0o600 — the kernel sets mode at the
+        O_CREAT|O_EXCL|O_WRONLY and mode 0o600: the kernel sets mode at the
         moment of creation, no race window."""
         payload = {
             "account_id": entry.account_id,
@@ -235,7 +235,7 @@ def _default_check_write_fn(
         # T2-3 fix: do NOT synthesize a fake "free tier" decision on HTTP
         # error. Previously a transient 502 would write `{tier:free, cap_bytes:2MB}`
         # into the cache for a legitimately paid user, locking them out
-        # for up to 7 days. Now we raise TierVerificationError — the
+        # for up to 7 days. Now we raise TierVerificationError: the
         # caller (_refresh_and_check) will fall back to a recent cache
         # if one exists, or hard-cap if no cache.
         try:
@@ -300,12 +300,12 @@ class CapGate:
         # HMAC signature + the claim it commits to. When both are present,
         # the server can verify and log mismatches as tamper-suspected
         # telemetry. Authoritative tier always comes from the DB regardless
-        # — these fields are advisory, defense in depth only.
+        #: these fields are advisory, defense in depth only.
         self._credentials_claim = credentials_claim
         self._credentials_signature = credentials_signature
 
     # ------------------------------------------------------------------
-    # Public entry point — called by every write path
+    # Public entry point: called by every write path
     # ------------------------------------------------------------------
     def check(self, proposed_delta_bytes: int = 0) -> None:
         """Verify that the proposed write is permitted. Raises
@@ -315,7 +315,7 @@ class CapGate:
         cached = self._cache.load()
         if cached and cached.is_fresh and cached.account_id == self.account_id:
             if cached.cap_bytes is None:
-                # Cached as paid (uncapped) within grace window — allow
+                # Cached as paid (uncapped) within grace window: allow
                 return
             # Cached as free with a cap. Enforce locally.
             new_size = self._db_size_fn() + proposed_delta_bytes
@@ -378,7 +378,7 @@ class CapGate:
         except TierVerificationError:
             # Offline. Fall back to the most recent cache if we have one,
             # even if technically expired (within an extended grace window
-            # of double the normal period — i.e., 14 days for tier=free).
+            # of double the normal period: i.e., 14 days for tier=free).
             #
             # T1-4 fix: respect server-supplied subscription expiry on the
             # offline path. The cache can no longer be honored past the
@@ -437,7 +437,7 @@ class CapGate:
 
         if ok:
             return  # server permitted the write
-        # Server rejected — typically free tier over cap.
+        # Server rejected: typically free tier over cap.
         raise CapExceededError(
             f"Your {tier} tier doesn't permit this write. "
             f"Current memory size: {current / 1024:.1f} KB. "

sibyl-memory-client/src/sibyl_memory_client/client.py

@@ -25,7 +25,7 @@ from .storage import Storage, dumps, loads, new_id, _utc_now_iso
 # but null bytes break downstream consumers (logs, exports, CLI display),
 # empty strings are nonsense as primary keys, and unbounded length is a
 # latent vector if any code path ever spills to filesystem. Validate on
-# WRITE only — reads of already-stored bad identifiers still work so users
+# WRITE only: reads of already-stored bad identifiers still work so users
 # can introspect and migrate.
 
 _IDENT_MAX_LENGTH = 1024
@@ -95,7 +95,7 @@ _FTS5_QUERY_ERROR_MARKERS = (
     "no such column",
 )
 
-# Substring marking the schema-missing case — keep silent (return empty)
+# Substring marking the schema-missing case: keep silent (return empty)
 # for defense against partial schema state on very old DBs.
 _SCHEMA_MISSING_MARKER = "no such table"
 
@@ -161,7 +161,7 @@ def _sanitize_fts5_query(raw: str, *, prefix: bool = False) -> str:
         quoted phrases (`"phrase"*` is invalid syntax) so we use bare
         tokens here. The character filter still blocks operator injection.
 
-    Empty / whitespace-only queries return an empty string — callers
+    Empty / whitespace-only queries return an empty string: callers
     should short-circuit on empty.
     """
     if not raw or not isinstance(raw, str):
@@ -175,7 +175,7 @@ def _sanitize_fts5_query(raw: str, *, prefix: bool = False) -> str:
         return ""
 
     if prefix:
-        # Reduce to safe bare tokens — alphanumeric + underscore only.
+        # Reduce to safe bare tokens: alphanumeric + underscore only.
         # Anything else (quotes, colons, hyphens, FTS5 operators) becomes
         # a space, then we split-and-rejoin to get clean whitespace.
         cleaned = "".join(ch if (ch.isalnum() or ch == "_") else " " for ch in s)
@@ -231,7 +231,7 @@ class MemoryClient:
         self._account_id = account_id
         self._session_token = session_token
 
-        # Cap gate — enforces the 2 MB free-tier cap with server-authoritative
+        # Cap gate: enforces the 2 MB free-tier cap with server-authoritative
         # tier verification at the boundary. See _capcheck.py for the design.
         if cap_gate is None:
             from ._capcheck import CapGate, TierCache
@@ -332,7 +332,7 @@ class MemoryClient:
             )
 
     # ------------------------------------------------------------------
-    # Entities (WARM tier) — single source of truth per rule 43
+    # Entities (WARM tier): single source of truth per rule 43
     # ------------------------------------------------------------------
     def set_entity(
         self,
@@ -359,7 +359,7 @@ class MemoryClient:
         validate_identifier(category, field_name="category")
         validate_identifier(name, field_name="name")
         body_json = _check_json(body)
-        # Cap gate — rough byte estimate (FTS5 + indexes add overhead)
+        # Cap gate: rough byte estimate (FTS5 + indexes add overhead)
         self._cap_gate.check(proposed_delta_bytes=len(body_json) + len(name) + len(category) + 200)
         with self._storage.transaction() as conn:
             existing = conn.execute(
@@ -454,7 +454,7 @@ class MemoryClient:
         return {"body": loads(row["body"]), "updated_at": row["updated_at"]}
 
     # ------------------------------------------------------------------
-    # Journal (COLD tier) — append-only event log
+    # Journal (COLD tier): append-only event log
     # ------------------------------------------------------------------
     def write_event(
         self,
@@ -523,7 +523,7 @@ class MemoryClient:
         ]
 
     # ------------------------------------------------------------------
-    # Reference (REFERENCE tier) — static lookup documents
+    # Reference (REFERENCE tier): static lookup documents
     # ------------------------------------------------------------------
     def set_reference(
         self,
@@ -574,7 +574,7 @@ class MemoryClient:
         raised before any cap-gate work.
         """
         # Read the row first so we can size the archive insert. NotFoundError
-        # propagates as before — no cap-gate side effect for missing entities.
+        # propagates as before: no cap-gate side effect for missing entities.
         with self._storage.connection() as conn:
             preview = conn.execute(
                 "SELECT id, body FROM entities WHERE tenant_id = ? AND category = ? AND name = ?",
@@ -605,7 +605,7 @@ class MemoryClient:
         return {"archived_id": arch_id, "original_id": row["id"]}
 
     # ------------------------------------------------------------------
-    # Self-learning + lint (v0.2.0) — paid-tier only
+    # Self-learning + lint (v0.2.0): paid-tier only
     # ------------------------------------------------------------------
     # Both convenience entrypoints below gate on tier and raise
     # TierGateError for free-tier callers. The underlying Learner / Linter
@@ -661,17 +661,17 @@ class MemoryClient:
         if "soft_cap_bytes" not in kwargs:
             from .lint import TIER_SOFT_CAPS, DEFAULT_SOFT_CAP_BYTES
             cap = TIER_SOFT_CAPS.get(self._tier, DEFAULT_SOFT_CAP_BYTES)
-            # Paid tiers map to None — pass a huge cap so the check effectively never fires
+            # Paid tiers map to None: pass a huge cap so the check effectively never fires
             kwargs["soft_cap_bytes"] = cap if cap is not None else (1 << 62)
         return Linter(self._storage, tenant_id=self._tenant_id, **kwargs).run()
 
     # ------------------------------------------------------------------
-    # Free-tier read access (no gating) — visibility into the upgrade pressure
+    # Free-tier read access (no gating): visibility into the upgrade pressure
     # ------------------------------------------------------------------
     def free_tier_status(self) -> dict[str, Any]:
         """Return current free-tier state: DB size, soft cap, % used.
 
-        Always available regardless of tier — free-tier callers use this
+        Always available regardless of tier: free-tier callers use this
         to render the "you're at X% of your free cap" upgrade prompt
         without needing to call the (gated) linter.
         """
@@ -708,7 +708,7 @@ class MemoryClient:
         Returns warm-tier entity rows only. For cross-tier search (entities +
         state + reference + journal in one call), use ``search()``.
 
-        Query is sanitized as a single FTS5 phrase — column-filter syntax
+        Query is sanitized as a single FTS5 phrase: column-filter syntax
         (``name:foo``) and unclosed quotes can't escape into the parser.
         Set ``prefix=True`` for prefix matching on the final token.
 
@@ -757,7 +757,7 @@ class MemoryClient:
               "body":  <JSON-decoded payload or string>,
               "snippet": <FTS5 snippet, up to ~120 chars around the match>,
               "rank":  <FTS5 rank, lower is better>,
-              "ts":    <ISO timestamp — updated_at or journal ts>
+              "ts":    <ISO timestamp: updated_at or journal ts>
             }
 
         Ordered by FTS5 rank across the union. The default ``limit`` applies
@@ -778,7 +778,7 @@ class MemoryClient:
             # v0.4.0 (KAPPA YELLOW finding): per-tier OperationalError handling
             # now classifies via _classify_fts5_error. Schema-missing keeps the
             # previous behavior (skip this tier silently, other tiers continue).
-            # FTS5 syntax / real backend errors raise — the query is bad for
+            # FTS5 syntax / real backend errors raise: the query is bad for
             # ALL tiers, no point continuing through the union.
             if "entity" in allowed:
                 try:
@@ -848,7 +848,7 @@ class MemoryClient:
                         raise exc from e
             if "journal" in allowed:
                 try:
-                    # Journal FTS5 is standalone — fetch the event_id from
+                    # Journal FTS5 is standalone: fetch the event_id from
                     # the FTS5 table directly, then join to journal_events
                     # by id (TEXT PK) for the typed body fields.
                     for r in conn.execute(

sibyl-memory-client/src/sibyl_memory_client/exceptions.py

@@ -6,7 +6,7 @@ string suggesting what the caller should try next.
 v0.4.0 (2026-05-18): `CapExceededError` + `TierVerificationError` relocated
 here from `_capcheck.py` so they are importable from the canonical
 `sibyl_memory_client.exceptions` submodule path (KAPPA bug report against
-sibyl-memory-mcp 0.1.1 — server imported these from `.exceptions` but they
+sibyl-memory-mcp 0.1.1: server imported these from `.exceptions` but they
 only lived on `._capcheck`).
 """
 from __future__ import annotations

sibyl-memory-client/src/sibyl_memory_client/learning.py

@@ -15,7 +15,7 @@ THREE RUNTIME MODES (operator directive 2026-05-15)
 2. **byok** (paid-tier opt-in)
    User pastes their own Anthropic / OpenAI / Venice key into config.
    The Learner uses the key to summarize matched event clusters into
-   prose skill bodies. Local-first stays intact at the data layer —
+   prose skill bodies. Local-first stays intact at the data layer -
    the user controls where the inference call goes. Sibyl Labs never
    sees the key or the payload.
 
@@ -133,7 +133,7 @@ class LocalDeterministicSummarizer:
 
     Useful properties:
       • Zero network. Free-tier-safe.
-      • Deterministic — same input always produces the same body.
+      • Deterministic: same input always produces the same body.
       • Explains its own reasoning (so the user sees why the pattern
         was surfaced).
     """
@@ -175,7 +175,7 @@ class LocalDeterministicSummarizer:
                 f"the same journal entries."
             )
         else:
-            lines.append("(pattern kind unrecognized — flagged for review)")
+            lines.append("(pattern kind unrecognized: flagged for review)")
 
         lines.append("")
         lines.append("## Evidence")
@@ -183,7 +183,7 @@ class LocalDeterministicSummarizer:
         for ev in events[:5]:  # cap at five for readability
             ts = ev.get("ts") or "?"
             snippet = _short_event_snippet(ev)
-            lines.append(f"- `{ts}` — {snippet}")
+            lines.append(f"- `{ts}`: {snippet}")
         if len(events) > 5:
             lines.append(f"- _…and {len(events) - 5} more matching events_")
         lines.append("")
@@ -205,7 +205,7 @@ class BYOKSummarizer:
 
     The user passes a callable `inference_fn(prompt: str) -> str` so the
     SDK never holds the key itself. The callable can be implemented
-    against Anthropic, OpenAI, Venice, or any provider — the SDK
+    against Anthropic, OpenAI, Venice, or any provider: the SDK
     doesn't care.
 
     Free-tier installs cannot construct this class (the CLI's tier
@@ -287,7 +287,7 @@ class VeniceX402Summarizer:
 
 
 # ----------------------------------------------------------------------
-# Learner — orchestrates detection + summarization + persistence
+# Learner: orchestrates detection + summarization + persistence
 # ----------------------------------------------------------------------
 
 class Learner:
@@ -301,7 +301,7 @@ class Learner:
         max_proposals_per_run: cap to avoid swamping the review queue
         cap_gate: optional CapGate. When provided, accept_proposal calls
             the gate before writing the reference_documents row (T1-3 fix).
-            When None, no cap check is performed — exposed for advanced
+            When None, no cap check is performed: exposed for advanced
             callers who construct Learner directly and own their own
             enforcement.
     """
@@ -331,7 +331,7 @@ class Learner:
         run_id = new_id()
         started_at = _utc_now_iso()
 
-        # Resolve watermark — explicit `since` wins, otherwise look up last run
+        # Resolve watermark: explicit `since` wins, otherwise look up last run
         since_ts = since or self._last_watermark()
         events = self._load_events(since=since_ts)
         scanned = len(events)
@@ -366,7 +366,7 @@ class Learner:
         # temporal_routine: light-touch detector, deliberately last
         candidates.extend(_detect_temporal_routine(events, min_hits=self._min_hits))
 
-        # Deduplicate by slug — keep the highest-confidence candidate per slug
+        # Deduplicate by slug: keep the highest-confidence candidate per slug
         deduped: dict[str, _Candidate] = {}
         for c in candidates:
             existing = deduped.get(c.slug)
@@ -758,7 +758,7 @@ def _detect_temporal_routine(
         mean = sum(gaps_min) / len(gaps_min)
         if mean <= 0:
             continue
-        # Coefficient of variation — lower = more regular
+        # Coefficient of variation: lower = more regular
         var = sum((g - mean) ** 2 for g in gaps_min) / len(gaps_min)
         cov = (var ** 0.5) / mean
         if cov >= 0.6:

sibyl-memory-client/src/sibyl_memory_client/lint.py

@@ -29,7 +29,7 @@ Severity levels: `critical` | `warning` | `info`
 | fts-rowcount-mismatch  | warning  | FTS5 index count differs from entities count |
 | flagged-actors-fresh   | info     | recent flagged_actors entries (≤ N days)     |
 
-The check list is intentionally conservative for v0.2.0 — easy to extend.
+The check list is intentionally conservative for v0.2.0: easy to extend.
 """
 from __future__ import annotations
 
@@ -57,11 +57,11 @@ EXPECTED_SCHEMA_VERSION = 2
 # Tier → soft cap mapping. None means uncapped.
 TIER_SOFT_CAPS: dict[str, int | None] = {
     "free": 2 * 1024 * 1024,        # 2 MB
-    "sync": None,                    # uncapped — paid subscription
-    "team": None,                    # uncapped — paid subscription
-    "lifetime": None,                # uncapped — one-time payment
-    "stake": None,                   # uncapped — $SIBYL stake
-    "enterprise": None,              # uncapped — annual contract
+    "sync": None,                    # uncapped: paid subscription
+    "team": None,                    # uncapped: paid subscription
+    "lifetime": None,                # uncapped: one-time payment
+    "stake": None,                   # uncapped: $SIBYL stake
+    "enterprise": None,              # uncapped: annual contract
 }
 
 
@@ -162,7 +162,7 @@ class LintReport:
 
 
 # ----------------------------------------------------------------------
-# Linter — the actual checks
+# Linter: the actual checks
 # ----------------------------------------------------------------------
 
 class Linter:
@@ -205,7 +205,7 @@ class Linter:
                         f"DB schema version is {schema_version}, expected "
                         f">= {EXPECTED_SCHEMA_VERSION}"
                     ),
-                    recovery="Reopen the MemoryClient — schema migrations run on construction.",
+                    recovery="Reopen the MemoryClient: schema migrations run on construction.",
                 ))
 
             # Row counts
@@ -221,7 +221,7 @@ class Linter:
                     ).fetchone()
                     counts[tname] = int(row["n"]) if row else 0
                 except Exception:
-                    counts[tname] = -1  # table missing — schema-version check catches it
+                    counts[tname] = -1  # table missing: schema-version check catches it
 
             # ── JSON validity (defense-in-depth; CHECK constraints catch most)
             findings.extend(self._lint_json_bodies(conn))
@@ -338,7 +338,7 @@ class Linter:
                         severity="warning",
                         message=(
                             f"entities table has {ents} rows but FTS5 index "
-                            f"has {fts} — they should match"
+                            f"has {fts}: they should match"
                         ),
                         recovery="Rebuild FTS index: client.rebuild_fts() (planned).",
                         detail={"entities": ents, "fts": fts},
@@ -388,7 +388,7 @@ class Linter:
         )
 
     # ------------------------------------------------------------------
-    # Internal — JSON validity probe
+    # Internal. JSON validity probe
     # ------------------------------------------------------------------
     def _lint_json_bodies(self, conn: Any) -> list[Finding]:
         out: list[Finding] = []

sibyl-memory-client/src/sibyl_memory_client/storage.py

@@ -33,7 +33,7 @@ _SCHEMA_PATH = Path(__file__).parent / "schema.sql"
 # body, not just credentials. docs.sibyllabs.org/memory/install claims 0600
 # but sqlite3.connect inherits the process umask (typically yields 0644).
 # Tighten with explicit chmod after the schema apply guarantees the file
-# exists. Idempotent — safe to call every time. Also tightens WAL + SHM
+# exists. Idempotent: safe to call every time. Also tightens WAL + SHM
 # sidecar files if they exist after the first transaction.
 _DB_FILE_MODE = 0o600
 _DB_SIDECAR_SUFFIXES = ("-wal", "-shm")
@@ -56,7 +56,7 @@ def new_id() -> str:
 
 def dumps(payload: Any) -> str:
     """Canonical JSON serialization for body / payload fields.
-    sort_keys=False (preserve insertion order — matters for downstream diff).
+    sort_keys=False (preserve insertion order: matters for downstream diff).
     separators tight to keep DB rows compact."""
     return json.dumps(payload, separators=(",", ":"), ensure_ascii=False)
 
@@ -92,7 +92,7 @@ class Storage:
         manager for proper cleanup.
 
         SEC-3 hardening (v0.3.3): exception messages do not echo the absolute
-        db path — the original exception is chained via `from e` for debugging,
+        db path: the original exception is chained via `from e` for debugging,
         but the user-visible message stays generic."""
         try:
             conn = sqlite3.connect(
@@ -148,10 +148,10 @@ class Storage:
                 conn.execute("COMMIT")
 
     def _ensure_schema(self) -> None:
-        """Apply the canonical schema. Idempotent — safe to call on every open.
+        """Apply the canonical schema. Idempotent: safe to call on every open.
 
         After applying the schema, runs any pending migrations. v2 to v3 (2026-05-18)
-        is the only migration currently — it reshapes FTS5 tables from standalone
+        is the only migration currently: it reshapes FTS5 tables from standalone
         (body duplicated) to external-content (body lives in base tables only).
         Migration runs once and is idempotent thereafter."""
         if not _SCHEMA_PATH.exists():
@@ -180,7 +180,7 @@ class Storage:
         backfills state_documents_fts + journal_events_fts + the new
         reference_documents_fts shape for existing v2 databases.
 
-        Safe to call repeatedly — operations short-circuit once v3 is in place.
+        Safe to call repeatedly: operations short-circuit once v3 is in place.
         """
         with self.connection() as conn:
             row = conn.execute(
@@ -192,7 +192,7 @@ class Storage:
             sql = (row["sql"] or "").lower()
             needs_v3 = "entity_id" in sql or "content='entities'" not in sql.replace(" ", "")
             if not needs_v3:
-                # Already v3 shape — nothing to do.
+                # Already v3 shape: nothing to do.
                 return
 
         # v2 → v3: drop standalone FTS5 + triggers, re-create in external-content
@@ -220,7 +220,7 @@ class Storage:
                 conn.execute("INSERT INTO entities_fts(entities_fts) VALUES('rebuild')")
                 conn.execute("INSERT INTO state_documents_fts(state_documents_fts) VALUES('rebuild')")
                 conn.execute("INSERT INTO reference_documents_fts(reference_documents_fts) VALUES('rebuild')")
-                # journal_events_fts is contentless — can't 'rebuild' from
+                # journal_events_fts is contentless: can't 'rebuild' from
                 # outside. Backfill manually for any existing journal rows.
                 conn.execute(
                     """
@@ -235,7 +235,7 @@ class Storage:
         except sqlite3.Error as e:
             raise SchemaError(
                 f"FTS5 v2 to v3 migration failed: {e}",
-                recovery="Back up your memory.db, then delete it; the next open will create a fresh v3 DB. Your base-table data is unaffected by this migration failure — the FTS5 index will rebuild.",
+                recovery="Back up your memory.db, then delete it; the next open will create a fresh v3 DB. Your base-table data is unaffected by this migration failure: the FTS5 index will rebuild.",
             ) from e
 
     def schema_version(self) -> int | None:
@@ -249,7 +249,7 @@ class Storage:
     def _tighten_db_file_perms(self) -> None:
         """Set memory.db (and WAL/SHM sidecars if present) to mode 0600.
 
-        Idempotent. Safe on systems where chmod is a no-op (Windows) — we
+        Idempotent. Safe on systems where chmod is a no-op (Windows): we
         guard with hasattr. Errors during chmod are non-fatal: we want
         secure-by-default but won't block a working DB if the chmod call
         races a concurrent process or hits a read-only mount edge case.

sibyl-memory-client/tests/test_capcheck.py

@@ -23,7 +23,7 @@ from sibyl_memory_client import (
 
 
 # ----------------------------------------------------------------------
-# Fake check-write transport — lets us simulate server responses without
+# Fake check-write transport: lets us simulate server responses without
 # hitting the network
 # ----------------------------------------------------------------------
 
@@ -105,7 +105,7 @@ def test_at_cap_server_upgrades_user(tmp_path: Path) -> None:
         check_fn=server,
     )
     gate.check(proposed_delta_bytes=500)
-    # No exception — server told us we're paid
+    # No exception: server told us we're paid
     # Verify cache was updated
     cached = cache.load()
     assert cached is not None
@@ -127,7 +127,7 @@ def test_paid_cache_skips_server(tmp_path: Path) -> None:
     gate = CapGate(
         account_id="acc-1",
         session_token="sess-1",
-        db_size_fn=lambda: 100 * 1024 * 1024,  # 100 MB — way past free cap
+        db_size_fn=lambda: 100 * 1024 * 1024,  # 100 MB: way past free cap
         local_tier_hint="free",
         cache=cache,
         check_fn=server,
@@ -178,7 +178,7 @@ def test_offline_at_cap_with_recent_paid_cache(tmp_path: Path) -> None:
         cache=cache,
         check_fn=server,
     )
-    # No exception — cache is fresh and says paid
+    # No exception: cache is fresh and says paid
     gate.check(proposed_delta_bytes=10_000)
 
 
@@ -263,7 +263,7 @@ def test_e2e_free_tier_blocked_at_cap(tmp_path: Path) -> None:
         cap_gate=gate,
     )
 
-    # Under the cap — works fine
+    # Under the cap: works fine
     client.set_entity("project", "atlas", {"status": "active"})
 
     # Simulate being near the cap
@@ -283,7 +283,7 @@ def test_e2e_paid_tier_no_cap(tmp_path: Path) -> None:
     cache = TierCache(tmp_path / "tc.json")
     db_path = tmp_path / "memory.db"
 
-    fake_size = [50 * 1024 * 1024]  # 50 MB — way past free cap
+    fake_size = [50 * 1024 * 1024]  # 50 MB: way past free cap
 
     from sibyl_memory_client._capcheck import CapGate
     gate = CapGate(

sibyl-memory-client/tests/test_kappa_fixes.py

@@ -27,7 +27,7 @@ sys.path.insert(0, str(Path(__file__).parent.parent / "src"))
 
 
 # ----------------------------------------------------------------------
-# BLOCKER — submodule exception path
+# BLOCKER: submodule exception path
 # ----------------------------------------------------------------------
 
 def test_cap_exceeded_error_importable_from_exceptions_submodule():
@@ -66,7 +66,7 @@ def test_capcheck_backwards_compat_reexports():
 
 def test_top_level_package_still_exports_both():
     """The top-level `from sibyl_memory_client import CapExceededError` path
-    that already worked in v0.3.3 must still work — no regression on the
+    that already worked in v0.3.3 must still work: no regression on the
     main public surface."""
     from sibyl_memory_client import CapExceededError, TierVerificationError
     assert CapExceededError.__name__ == "CapExceededError"
@@ -74,7 +74,7 @@ def test_top_level_package_still_exports_both():
 
 
 # ----------------------------------------------------------------------
-# RED — memory.db file perms
+# RED: memory.db file perms
 # ----------------------------------------------------------------------
 
 @pytest.mark.skipif(not hasattr(os, "chmod"), reason="POSIX-only test")
@@ -107,7 +107,7 @@ def test_memory_db_wal_sidecar_perms_tighten_when_present(tmp_path):
 
 
 # ----------------------------------------------------------------------
-# YELLOW — validate_identifier
+# YELLOW: validate_identifier
 # ----------------------------------------------------------------------
 
 def test_validate_identifier_rejects_empty():
@@ -159,7 +159,7 @@ def test_validate_identifier_accepts_reasonable():
 
 
 # ----------------------------------------------------------------------
-# YELLOW — write paths call validate_identifier
+# YELLOW: write paths call validate_identifier
 # ----------------------------------------------------------------------
 
 def test_set_entity_rejects_empty_name(tmp_path):
@@ -195,7 +195,7 @@ def test_set_reference_rejects_empty_key(tmp_path):
 
 
 def test_read_paths_unaffected_by_validation(tmp_path):
-    """Read paths (get_entity, get_state, get_reference) must NOT validate —
+    """Read paths (get_entity, get_state, get_reference) must NOT validate -
     users with already-stored bad identifiers should still be able to read
     and migrate them.
 
@@ -205,7 +205,7 @@ def test_read_paths_unaffected_by_validation(tmp_path):
     from sibyl_memory_client import MemoryClient
     from sibyl_memory_client.exceptions import NotFoundError
     client = MemoryClient.local(tmp_path / "memory.db")
-    # Read on bad identifier should be NotFound, not ValidationError —
+    # Read on bad identifier should be NotFound, not ValidationError -
     # we don't gate reads. (NB: passing through SQLite, which handles it.)
     with pytest.raises(NotFoundError):
         client.get_entity("project", "nonexistent-but-validly-named")
@@ -214,7 +214,7 @@ def test_read_paths_unaffected_by_validation(tmp_path):
 
 
 # ----------------------------------------------------------------------
-# YELLOW — FTS5 error classifier
+# YELLOW. FTS5 error classifier
 # ----------------------------------------------------------------------
 
 def test_classify_fts5_error_schema_missing_returns_none():
@@ -250,12 +250,12 @@ def test_classify_fts5_error_other_returns_storage_error():
 
 
 def test_search_with_valid_query_does_not_raise(tmp_path):
-    """Normal queries should still work — no false-positive ValidationError."""
+    """Normal queries should still work: no false-positive ValidationError."""
     from sibyl_memory_client import MemoryClient
     client = MemoryClient.local(tmp_path / "memory.db")
     client.set_entity("project", "atlas", {"description": "alpha bravo charlie"})
     client.set_entity("project", "babel", {"description": "delta echo foxtrot"})
-    # Plain text query — should not raise, returns matching results
+    # Plain text query: should not raise, returns matching results
     hits = client.search("alpha")
     assert len(hits) >= 1
     # Empty query short-circuits to []
@@ -267,7 +267,7 @@ def test_search_with_valid_query_does_not_raise(tmp_path):
 def test_search_entities_phrase_match_semantics(tmp_path):
     """Document the actual phrase-match behavior so KAPPA's confusion
     (queries containing AND/OR/* return zero hits) is verified expected.
-    These queries get wrapped as phrases — they only match literal occurrences
+    These queries get wrapped as phrases: they only match literal occurrences
     of the phrase text in entity bodies."""
     from sibyl_memory_client import MemoryClient
     client = MemoryClient.local(tmp_path / "memory.db")
@@ -275,7 +275,7 @@ def test_search_entities_phrase_match_semantics(tmp_path):
     # "alpha bravo" should match because the body contains that exact phrase
     hits = client.search_entities("alpha bravo")
     assert len(hits) == 1
-    # "AND" is a literal here — no entity body contains "AND"
+    # "AND" is a literal here: no entity body contains "AND"
     hits = client.search_entities("AND OR NOT")
     assert hits == []
     # "*" is wrapped as a literal phrase

sibyl-memory-client/tests/test_learning.py

@@ -151,7 +151,7 @@ def test_double_accept_raises(client: MemoryClient) -> None:
 
 
 # ----------------------------------------------------------------------
-# Custom summarizer plumbing — BYOK + Venice/x402 stubs
+# Custom summarizer plumbing. BYOK + Venice/x402 stubs
 # ----------------------------------------------------------------------
 def test_byok_summarizer_invokes_inference_fn(client: MemoryClient) -> None:
     captured = {}
@@ -215,7 +215,7 @@ def test_learner_is_tenant_scoped(tmp_path: Path) -> None:
 
 
 # ----------------------------------------------------------------------
-# Tier gating — free tier blocked from self-learning
+# Tier gating: free tier blocked from self-learning
 # ----------------------------------------------------------------------
 def test_free_tier_cannot_learn(tmp_path: Path) -> None:
     from sibyl_memory_client import TierGateError
@@ -234,7 +234,7 @@ def test_free_tier_cannot_list_proposals(tmp_path: Path) -> None:
 
 
 def test_free_tier_can_still_use_core_memory(tmp_path: Path) -> None:
-    """Free-tier users get the full memory SDK — only learning/lint are gated.
+    """Free-tier users get the full memory SDK: only learning/lint are gated.
     This is the upgrade-pressure design: free tier is fully functional storage
     + retrieval, paid tier adds the intelligence layer."""
     free = MemoryClient.local(str(tmp_path / "free.db"))

sibyl-memory-client/tests/test_lint.py

@@ -104,7 +104,7 @@ def test_soft_cap_critical_threshold(client: MemoryClient) -> None:
     # Write enough rows to push the DB well above any tiny cap we set.
     for i in range(20):
         client.set_entity("project", f"p{i}", {"i": i, "payload": "x" * 200})
-    # Run with a 2 KB cap — well below the actual DB size after writes
+    # Run with a 2 KB cap: well below the actual DB size after writes
     report = client.lint(soft_cap_bytes=2 * 1024)
     matches = [f for f in report.findings if f.check == "db-soft-cap"]
     assert matches, f"expected db-soft-cap finding; got {[f.check for f in report.findings]}"
@@ -153,7 +153,7 @@ def test_lint_is_tenant_scoped(tmp_path: Path) -> None:
 
 
 # ----------------------------------------------------------------------
-# Tier gating — free tier blocked, paid tier allowed
+# Tier gating: free tier blocked, paid tier allowed
 # ----------------------------------------------------------------------
 def test_free_tier_cannot_lint(tmp_path: Path) -> None:
     from sibyl_memory_client import TierGateError

sibyl-memory-hermes/CHANGELOG.md

@@ -4,7 +4,7 @@ All notable changes to `sibyl-memory-hermes` are recorded here. Format
 follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). Versioning
 follows [SemVer](https://semver.org/).
 
-## [0.3.4] — 2026-05-20
+## [0.3.4] - 2026-05-20
 
 Branding pass on the vendored banner. Matches the change shipped in
 `sibyl-memory-cli` v0.3.2 in the same session. Operator directive:
@@ -21,10 +21,10 @@ Agentic Infrastructure and Memory Products' or something similar."
   on both `install-plugin` and `uninstall-plugin` since both commands
   print the banner before their section header.
 
-## [0.3.3] — 2026-05-20
+## [0.3.3] - 2026-05-20
 
 Visual identity pass on the `install-plugin` and `uninstall-plugin`
-commands. Operator directive: "typical app patterns — heavy menus on
+commands. Operator directive: "typical app patterns: heavy menus on
 install window and initial setup, light on dashboards etc." The
 install-plugin command is THE second-most-ceremonial moment a user has
 with SIBYL (after `sibyl init`), so it gets the full SIBYL banner +
@@ -55,7 +55,7 @@ sectioned numbered onboarding menu treatment.
 - Plain-text fallback preserves structure (still readable in dumb
   terminals or pipes).
 
-## [0.3.2] — 2026-05-18
+## [0.3.2] - 2026-05-18
 
 KAPPA external-tester remediation release. Family-wide alignment with the
 v0.4.0 client (KAPPA-attributed fixes: exception export path, db file
@@ -77,7 +77,7 @@ code changes in this release.
 
 ---
 
-## [0.3.1] — 2026-05-18
+## [0.3.1] - 2026-05-18
 
 Audit-remediation release. v0.3.0 pre-ship audit (2026-05-18T05:05Z)
 surfaced 10 critical findings across four lanes. This release lands the
@@ -87,7 +87,7 @@ Hermes-side fixes. Companion releases: `sibyl-memory-client` v0.3.3 (engine
 
 ### Added
 
-- `tests/test_adapter.py` — full regression coverage for the bundled Hermes
+- `tests/test_adapter.py`: full regression coverage for the bundled Hermes
   adapter. Validates: module imports cleanly off-Hermes (guarded ABC
   import + tool_error fallback), all 4 tool schemas resolve, end-to-end
   remember+recall round-trips through `handle_tool_call`, list filtering,
@@ -98,13 +98,13 @@ Hermes-side fixes. Companion releases: `sibyl-memory-client` v0.3.3 (engine
 
 ### Changed
 
-- **`SibylMemoryProvider.search()` now spans all four tiers** — entities +
+- **`SibylMemoryProvider.search()` now spans all four tiers**: entities +
   state + reference + journal. Returns tier-tagged hits (`{tier, key,
   category, body, snippet, rank, ts}`). The marketing claim of "FTS5
   across all tiers" is now true. Caller can restrict scope with
   `tiers=("entity",)` for the pre-v0.3.1 behavior. Backed by the new
   `MemoryClient.search()` in client v0.3.3.
-- `_hermes_plugin/adapter.py` — Hermes ABC + `tool_error` imports guarded
+- `_hermes_plugin/adapter.py`. Hermes ABC + `tool_error` imports guarded
   with try/except. The bundled module imports cleanly off-Hermes with
   no-op fallbacks. Audit P1.
 - `SibylAdapter.sync_turn` retries on transient failure (SQLITE_BUSY etc.)
@@ -121,7 +121,7 @@ Hermes-side fixes. Companion releases: `sibyl-memory-client` v0.3.3 (engine
   (`_DEFAULT_SEARCH_LIMIT=10`, `_DEFAULT_LIST_LIMIT=50`). Audit O1.
 - `RECALL_SCHEMA` description documents the row-wrapper return shape
   explicitly. `SEARCH_SCHEMA` updated for cross-tier coverage. Audit H2.
-- `provider.py` — `recall`, `forget`, `archive`, `set_state`, `get_state`,
+- `provider.py`. `recall`, `forget`, `archive`, `set_state`, `get_state`,
   `set_reference`, `get_reference` docstrings now include explicit
   `Raises:` sections and document return-shape asymmetry per tier.
   Audit H2/H3.
@@ -129,31 +129,31 @@ Hermes-side fixes. Companion releases: `sibyl-memory-client` v0.3.3 (engine
 
 ### Security
 
-- **SEC-2** — `credentials.write_credentials` now creates files atomically
+- **SEC-2**. `credentials.write_credentials` now creates files atomically
   with mode 0o600 set at creation via `os.open(O_WRONLY|O_CREAT|O_EXCL|
   O_NOFOLLOW, 0o600)`. No more world-readable window between `write_text()`
   and `os.chmod()` syscalls.
-- **SEC-5** — `install-plugin --force` and `uninstall-plugin` refuse to
+- **SEC-5**. `install-plugin --force` and `uninstall-plugin` refuse to
   `shutil.rmtree` any directory that doesn't contain a recognized prior
   Sibyl install (`plugin.yaml` with `name: sibyl` in the first 10 lines).
   Prevents destruction of arbitrary user-writable trees from misconfigured
   HERMES_HOME. Both commands also refuse symlinked destinations.
-- **SEC-11** — `load_credentials` refuses to follow symlinks. Checks
+- **SEC-11**. `load_credentials` refuses to follow symlinks. Checks
   `is_symlink()` BEFORE `resolve()`.
-- **SEC-10** — `handle_tool_call` error response carries only the
+- **SEC-10**. `handle_tool_call` error response carries only the
   exception class name.
 
 ### Fixed
 
-- **H7** — `hermes_bound` property emits `DeprecationWarning` on read.
+- **H7**. `hermes_bound` property emits `DeprecationWarning` on read.
   Always returns `False` (unchanged behavior). Slated for removal in v0.4.
-- `test_smoke.py` — schema_version assertion loosened to `>= 2` (audit T4);
+- `test_smoke.py`: schema_version assertion loosened to `>= 2` (audit T4);
   hermes_bound assertion tightened from `isinstance(..., bool)` to
   `is False` (audit T3).
-- README quickstart rewritten — removed the fictional
+- README quickstart rewritten: removed the fictional
   `Agent(memory=SibylMemoryProvider())` pattern (audit C5). Replaced
   with the real flow: `pip install` → `install-plugin` → config.yaml.
-- README "Hermes contract" section rewritten — removed the false claim
+- README "Hermes contract" section rewritten: removed the false claim
   that `SibylMemoryProvider` inherits Hermes' ABC at import time.
 
 ### Dependencies
@@ -170,10 +170,10 @@ sibyl-memory-hermes install-plugin --force
 ```
 
 The local SQLite schema auto-migrates from v2 to v3 on first open after
-upgrade. No application data is lost — FTS5 indexes rebuild from base
+upgrade. No application data is lost. FTS5 indexes rebuild from base
 tables. ~50ms per 10k entities on first open, idempotent thereafter.
 
-## [0.3.0] — 2026-05-17
+## [0.3.0] - 2026-05-17
 
 Real Hermes plugin landing. v0.2.x was structurally incompatible with
 Hermes' actual `MemoryProvider` ABC (wrong soft-bind import path, missing
@@ -187,37 +187,37 @@ and validated via Hermes' own `load_memory_provider('sibyl')` loader.
 ### Architecture shift
 
 - **Split into SDK + adapter.** `SibylMemoryProvider` is now a pure SDK
-  class — framework-agnostic, no ABC inheritance, no Hermes-specific glue.
+  class: framework-agnostic, no ABC inheritance, no Hermes-specific glue.
   All Hermes contract code lives in the bundled adapter at
   `_hermes_plugin/adapter.py`, copied to `$HERMES_HOME/plugins/sibyl/` by
   the new `sibyl-memory-hermes install-plugin` console script.
 - **Hermes uses filesystem discovery, NOT pip entry points.** Verified
-  against `plugins/memory/__init__.py` source — there is no
+  against `plugins/memory/__init__.py` source: there is no
   `importlib.metadata.entry_points()` call anywhere in Hermes' loader.
   `pip install sibyl-memory-hermes` is necessary but not sufficient; the
   install-plugin script bridges the gap.
 
 ### Added
 
-- **`_hermes_plugin/adapter.py`** — full `MemoryProvider` ABC implementation.
+- **`_hermes_plugin/adapter.py`**: full `MemoryProvider` ABC implementation.
   - 4 tools exposed: `sibyl_remember`, `sibyl_recall`, `sibyl_search`,
     `sibyl_list`.
   - Mandatory methods: `name`, `is_available`, `initialize`,
     `get_tool_schemas`, `handle_tool_call`.
   - Recommended overrides: `system_prompt_block` (model-facing tool list),
     `prefetch` (FTS5 + load_context block, with noise filter),
-    `queue_prefetch` (no-op — local SQLite is fast), `sync_turn`
+    `queue_prefetch` (no-op: local SQLite is fast), `sync_turn`
     (daemon-threaded per byterover pattern, 5s join + 10s shutdown).
   - Optional hooks: `on_session_switch`, `on_pre_compress`
     (paired user+assistant flush), `on_delegation`, `on_memory_write`
-    (accepts `metadata=None` kwarg — avoids the byterover signature bug).
+    (accepts `metadata=None` kwarg: avoids the byterover signature bug).
   - Defensive: `agent_context != 'primary'` guard in sync_turn so cron /
     subagent runs don't corrupt the user's representation.
   - `_stable_key()` uses blake2b for deterministic content addressing,
     so add+remove on the same content actually targets the same entity.
   - Validated end-to-end via `load_memory_provider('sibyl')` dry-run + all
     4 tool schemas resolved in OpenAI function-calling format.
-- **`_hermes_plugin/plugin.yaml`** — Hermes plugin metadata
+- **`_hermes_plugin/plugin.yaml`**. Hermes plugin metadata
   (name, description, version, homepage).
 - **`sibyl_memory_hermes.install_plugin`** + console script
   `sibyl-memory-hermes install-plugin`:
@@ -230,7 +230,7 @@ and validated via Hermes' own `load_memory_provider('sibyl')` loader.
   - Flags: `--hermes-home <path>`, `--force`, `--dry-run`.
 - **`sibyl-memory-hermes uninstall-plugin`** counterpart for clean removal.
 
-### Changed (breaking, but no users were affected — the prior path was broken)
+### Changed (breaking, but no users were affected: the prior path was broken)
 
 - **`SibylMemoryProvider` no longer subclasses `MemoryProvider`.** The
   conditional soft-bind in v0.2.x always failed (wrong import path); the
@@ -239,7 +239,7 @@ and validated via Hermes' own `load_memory_provider('sibyl')` loader.
   property and `health()` field are kept for backwards compatibility but
   always return False; they're deprecated for removal in a future major.
 - **`__init__.py` docstring rewritten.** The fictional `from hermes_agent
-  import Agent; Agent(memory=SibylMemoryProvider())` quickstart is gone —
+  import Agent; Agent(memory=SibylMemoryProvider())` quickstart is gone -
   that API never existed in any Hermes release. Replaced with the real
   install flow (`pip install` → `install-plugin` → config.yaml edit).
 - **`__version__` is now single-sourced** from `importlib.metadata.version(
@@ -249,15 +249,15 @@ and validated via Hermes' own `load_memory_provider('sibyl')` loader.
 ### Fixed
 
 - `provider.py:57` no longer attempts `from hermes_agent.memory import
-  MemoryProvider`. That import path does not exist in hermes-agent — the
+  MemoryProvider`. That import path does not exist in hermes-agent: the
   real module is `agent.memory_provider`. Removed entirely; the SDK class
   doesn't inherit from the ABC anymore (see Architecture shift above).
 
 ### Dependencies
 
-- `sibyl-memory-client>=0.3.2` (was `>=0.3.1` — picks up the cap-gate +
+- `sibyl-memory-client>=0.3.2` (was `>=0.3.1`: picks up the cap-gate +
   HTTPError fixes from yesterday's audit pass).
-- Optional: `hermes-agent>=0.13.0` (was `>=0.10.0` — the ABC is documented
+- Optional: `hermes-agent>=0.13.0` (was `>=0.10.0`: the ABC is documented
   for v0.13 specifically; older releases may work but aren't validated).
 
 ### How to upgrade from v0.2.x
@@ -270,7 +270,7 @@ hermes                                # picks up the new tools
 ```
 
 If you were importing `from hermes_agent import Agent` (per the old
-docstring), that never worked — delete those lines. If you were using
+docstring), that never worked: delete those lines. If you were using
 `SibylMemoryProvider()` directly from a non-Hermes Python orchestration,
 no changes needed; the SDK surface is unchanged.
 
@@ -282,27 +282,27 @@ no changes needed; the SDK surface is unchanged.
 - File-bundle validated: `importlib.resources.files('sibyl_memory_hermes.
   _hermes_plugin').joinpath('adapter.py').read_bytes()` returns the
   expected 18,118-byte payload.
-- install-plugin smoke-tested against a `/tmp/fake_hermes_home` target —
+- install-plugin smoke-tested against a `/tmp/fake_hermes_home` target -
   files land at `$HERMES_HOME/plugins/sibyl/{__init__.py, plugin.yaml}`.
 
 ### Authorship
 
 Developed by SIBYL, Sibyl Labs LLC. Adapter contract derived from the
-installed hermes-agent 0.13.0 wheel source — `agent/memory_provider.py`
+installed hermes-agent 0.13.0 wheel source. `agent/memory_provider.py`
 (the ABC) and `plugins/memory/byterover/` (the idiomatic threading +
 schema pattern). MIT licensed.
 
-## [0.2.2] — 2026-05-16
+## [0.2.2] - 2026-05-16
 
 Audit-remediation release. Companion to `sibyl-memory-client` v0.3.2.
 
 ### Changed
 
-- **T2-2 — `SibylMemoryProvider.recall()` narrows exception handling to
+- **T2-2. `SibylMemoryProvider.recall()` narrows exception handling to
   `NotFoundError` only**. Previously caught bare `Exception`, which
   swallowed `StorageError` / `TenantError` / `SchemaError` and returned
   `None` (the Hermes-style soft-miss). That masked real storage failures
-  end-to-end — exactly the silent-fallback pattern that caused the
+  end-to-end: exactly the silent-fallback pattern that caused the
   production Bug 2 on the server side. Now `NotFoundError` returns
   `None` as intended; every other exception propagates so the caller
   can surface or retry.
@@ -318,7 +318,7 @@ Audit-remediation release. Companion to `sibyl-memory-client` v0.3.2.
   `_check_fn` raise-on-HTTPError fix (T2-3). v0.3.1 still works; the
   changes are independent.
 
-## [0.2.1] — 2026-05-16
+## [0.2.1] - 2026-05-16
 
 HMAC signed-credentials plumbing. Companion to `sibyl-memory-client`
 v0.3.1 and the api-sibyllabs credential-signer release.
@@ -326,7 +326,7 @@ v0.3.1 and the api-sibyllabs credential-signer release.
 ### Changed
 
 - `Credentials` dataclass gained `signature: str | None = None` and
-  `signed_at: str | None = None` fields. Backwards compatible —
+  `signed_at: str | None = None` fields. Backwards compatible -
   schema v1 credentials still load with these fields as `None`.
 - `SibylMemoryProvider.__init__` reads the signature + canonical
   claim from credentials.json and passes them through to
@@ -344,7 +344,7 @@ database.
 
 - 21/21 unchanged, all green.
 
-## [0.2.0] — 2026-05-15
+## [0.2.0] - 2026-05-15
 
 Hard-cap plumbing release. Companion to `sibyl-memory-client` v0.3.0.
 
@@ -358,29 +358,29 @@ Hard-cap plumbing release. Companion to `sibyl-memory-client` v0.3.0.
   2 MB cap with no server-check fallback.
 - `Credentials` dataclass gained an optional `session_token` field
   (the long-lived bearer issued by the activation flow). Backwards
-  compatible — existing v0.1.x credentials files load fine,
+  compatible: existing v0.1.x credentials files load fine,
   `session_token` simply lands as `None`.
 
 ### Notes
 
 - Depends on `sibyl-memory-client>=0.3.0`. Earlier clients lack the
   cap-gate plumbing.
-- Pre-activation users (no credentials.json) still work — they hit
+- Pre-activation users (no credentials.json) still work: they hit
   the strict local 2 MB cap with no upgrade path until they run
   `sibyl init`.
 
-## [0.1.1] — 2026-05-15
+## [0.1.1] - 2026-05-15
 
 Patch: stripped placeholder GitHub URLs from pyproject metadata
 (operator scar: never write a link to a domain not verified to
 exist). No code changes.
 
-## [0.1.0] — 2026-05-15
+## [0.1.0] - 2026-05-15
 
 First real release. Replaces the v0.0.1 PyPI name-reservation placeholder.
 
 ### Added
-- `SibylMemoryProvider` — Hermes-compatible memory provider on top of
+- `SibylMemoryProvider`. Hermes-compatible memory provider on top of
   `sibyl-memory-client`. Auto-inherits Hermes' `MemoryProvider` ABC when
   Hermes is installed; degrades to standalone object base when not.
 - Five-tier memory routing: journal (`save_context`/`load_context`),
@@ -400,12 +400,12 @@ First real release. Replaces the v0.0.1 PyPI name-reservation placeholder.
   Hermes binding state.
 
 ### Notes
-- Depends on `sibyl-memory-client>=0.1.0`. No Hermes hard dep — install
+- Depends on `sibyl-memory-client>=0.1.0`. No Hermes hard dep: install
   via `pip install sibyl-memory-hermes[hermes]` to opt into the ABC.
 - License: MIT.
 - Compatible with Python 3.10+.
 
-## [0.0.1] — 2026-05-15 (name-reservation placeholder)
+## [0.0.1] - 2026-05-15 (name-reservation placeholder)
 
 Initial PyPI upload to reserve the package name. Empty package; not
 intended for use. Superseded by v0.1.0 in the same session.

sibyl-memory-hermes/README.md

@@ -3,14 +3,14 @@
 **Sibyl Memory SDK + bundled Hermes plugin payload. Local-first, SQLite-backed, structured-tier memory for Hermes v0.13+ (and any Python orchestration that wants direct SDK access).**
 
 The package ships two things:
-1. **`SibylMemoryProvider`** — a framework-agnostic SDK class. Call it directly from any Python code that wants structured local memory.
-2. **A bundled Hermes plugin payload** — a thin adapter implementing Hermes v0.13's `MemoryProvider` ABC. Installed into `$HERMES_HOME/plugins/sibyl/` by the `sibyl-memory-hermes install-plugin` console script.
+1. **`SibylMemoryProvider`**: a framework-agnostic SDK class. Call it directly from any Python code that wants structured local memory.
+2. **A bundled Hermes plugin payload**: a thin adapter implementing Hermes v0.13's `MemoryProvider` ABC. Installed into `$HERMES_HOME/plugins/sibyl/` by the `sibyl-memory-hermes install-plugin` console script.
 
 Memory content lives on the user's own machine, never on our servers. Built on [`sibyl-memory-client`](https://pypi.org/project/sibyl-memory-client/), the SDK foundation.
 
 ## Install (Hermes path)
 
-Hermes' loader uses filesystem discovery, NOT pip entry points. A pip install alone won't make Sibyl visible to Hermes — the `install-plugin` console script bridges the gap.
+Hermes' loader uses filesystem discovery, NOT pip entry points. A pip install alone won't make Sibyl visible to Hermes: the `install-plugin` console script bridges the gap.
 
 ```bash
 pip install sibyl-memory-hermes
@@ -26,10 +26,10 @@ memory:
 
 Restart Hermes. Four tools become available to the agent:
 
-- `sibyl_remember(category, name, body)` — store a structured fact
-- `sibyl_recall(category, name)` — look up a known fact
-- `sibyl_search(query)` — FTS5 search across **all four tiers** (entities, state, journal, reference); hits are tier-tagged
-- `sibyl_list(category?, status?)` — browse what's remembered
+- `sibyl_remember(category, name, body)`: store a structured fact
+- `sibyl_recall(category, name)`: look up a known fact
+- `sibyl_search(query)`. FTS5 search across **all four tiers** (entities, state, journal, reference); hits are tier-tagged
+- `sibyl_list(category?, status?)`: browse what's remembered
 
 Optional: lift the 2 MB free-tier cap by binding your account:
 
@@ -84,7 +84,7 @@ Different intents, different lookups, no embedding model required. FTS5 covers f
 
 The Hermes plugin is implemented by a bundled adapter at `_hermes_plugin/adapter.py`. The adapter is copied into `$HERMES_HOME/plugins/sibyl/` by the `install-plugin` console script and is what Hermes' filesystem loader picks up. The adapter implements Hermes v0.13's `MemoryProvider` ABC and delegates every call to `SibylMemoryProvider`.
 
-The SDK class itself (`SibylMemoryProvider`) is framework-agnostic — it does not inherit from any framework ABC. This is the v0.3.0 architecture shift. v0.2.x and earlier attempted soft-inheritance via a broken import path; that path was removed and the adapter pattern replaced it.
+The SDK class itself (`SibylMemoryProvider`) is framework-agnostic: it does not inherit from any framework ABC. This is the v0.3.0 architecture shift. v0.2.x and earlier attempted soft-inheritance via a broken import path; that path was removed and the adapter pattern replaced it.
 
 ## Activation
 

sibyl-memory-hermes/src/sibyl_memory_hermes/__init__.py

@@ -1,4 +1,4 @@
-"""sibyl-memory-hermes — Sibyl Memory SDK + bundled Hermes plugin payload.
+"""sibyl-memory-hermes. Sibyl Memory SDK + bundled Hermes plugin payload.
 
 Public exports:
     SibylMemoryProvider     framework-agnostic Sibyl Memory SDK class
@@ -12,20 +12,20 @@ ARCHITECTURE (v0.3.0+)
 
 This package ships two things:
 
-  1. `SibylMemoryProvider` — a pure-Python SDK class. Framework-agnostic.
+  1. `SibylMemoryProvider`: a pure-Python SDK class. Framework-agnostic.
      Routes memory operations across the five Sibyl tiers (warm entities,
      hot state, cold journal, reference docs, archive). Can be called
      directly by any orchestration that wants a structured local memory
      backend.
 
-  2. A bundled Hermes plugin payload (`_hermes_plugin/`) — a thin adapter
+  2. A bundled Hermes plugin payload (`_hermes_plugin/`): a thin adapter
      implementing Hermes v0.13+ `MemoryProvider` ABC that delegates to
      `SibylMemoryProvider`. Installed into `$HERMES_HOME/plugins/sibyl/`
      by the `sibyl-memory-hermes install-plugin` console script.
 
 Hermes' plugin loader uses filesystem discovery, NOT pip entry points
 (verified against `plugins/memory/__init__.py` source 2026-05-17). A pip
-install alone won't make Sibyl visible to Hermes — the install-plugin
+install alone won't make Sibyl visible to Hermes: the install-plugin
 script bridges that gap.
 
 HERMES INSTALL FLOW

sibyl-memory-hermes/src/sibyl_memory_hermes/_aesthetic.py

@@ -22,22 +22,22 @@ from typing import Iterable
 # ─── Palette (RGB · derived from rule 46 creme-paper tokens) ─────────
 # Names map 1:1 to CSS custom properties on lab artifacts.
 
-PAPER       = (245, 241, 230)   # --paper        — foreground accent on dark
-PAPER_DEEP  = (237, 230, 211)   # --paper-deep   — depth on creme
-CARD        = (253, 251, 245)   # --card         — slightly lifted creme
-INK         = (21,  17,  10)    # --ink          — main text on creme
-INK_SOFT    = (44,  39,  29)    # --ink-soft     — body text
-INK_MUTE    = (106, 99,  86)    # --ink-mute     — secondary text
-INK_FAINT   = (152, 145, 127)   # --ink-faint    — tertiary text
-RULE        = (216, 208, 187)   # --rule         — hairline
-RULE_STRONG = (184, 174, 147)   # --rule-strong  — emphasised hairline
-ACCENT      = (138, 106, 42)    # --accent       — ochre highlight
-ACCENT_WARM = (160, 132, 56)    # --accent-warm  — softer ochre
-ACCENT_GOLD = (224, 194, 119)   # mid gold       — gradient bridge
-ACCENT_PALE = (244, 229, 184)   # pale gold      — gradient top
-JADE        = (45,  110, 106)   # --jade         — cool counterpoint
-PULSE       = (29,  138, 130)   # --pulse        — brighter jade (live signal)
-ERROR       = (162, 58,  42)    # --error        — measured red
+PAPER       = (245, 241, 230)   # --paper       : foreground accent on dark
+PAPER_DEEP  = (237, 230, 211)   # --paper-deep  : depth on creme
+CARD        = (253, 251, 245)   # --card        : slightly lifted creme
+INK         = (21,  17,  10)    # --ink         : main text on creme
+INK_SOFT    = (44,  39,  29)    # --ink-soft    : body text
+INK_MUTE    = (106, 99,  86)    # --ink-mute    : secondary text
+INK_FAINT   = (152, 145, 127)   # --ink-faint   : tertiary text
+RULE        = (216, 208, 187)   # --rule        : hairline
+RULE_STRONG = (184, 174, 147)   # --rule-strong : emphasised hairline
+ACCENT      = (138, 106, 42)    # --accent      : ochre highlight
+ACCENT_WARM = (160, 132, 56)    # --accent-warm : softer ochre
+ACCENT_GOLD = (224, 194, 119)   # mid gold      : gradient bridge
+ACCENT_PALE = (244, 229, 184)   # pale gold     : gradient top
+JADE        = (45,  110, 106)   # --jade        : cool counterpoint
+PULSE       = (29,  138, 130)   # --pulse       : brighter jade (live signal)
+ERROR       = (162, 58,  42)    # --error       : measured red
 
 # Status glyphs (Unicode, terminal-safe in modern fonts)
 GLYPH_OK    = "✓"
@@ -56,7 +56,7 @@ def supports_truecolor() -> bool:
         return False
     if os.environ.get("TERM", "").lower() == "dumb":
         return False
-    # SIBYL_FORCE_COLOR=1 — explicit override for non-tty rendering
+    # SIBYL_FORCE_COLOR=1: explicit override for non-tty rendering
     # (CI logs, doc captures, dev inspection in non-tty environments).
     if os.environ.get("SIBYL_FORCE_COLOR") == "1":
         return True
@@ -269,7 +269,7 @@ def err_line(text: str) -> str:
 
 
 def hr_caption(caption: str, *, width: int = 60) -> str:
-    """Caption line under a divider — small, muted, centered."""
+    """Caption line under a divider: small, muted, centered."""
     pad = max(0, (width - len(caption)) // 2)
     return " " * pad + dim(caption)
 

sibyl-memory-hermes/src/sibyl_memory_hermes/_banner.py

@@ -2,7 +2,7 @@
 
 Prints the SIBYL wordmark in ANSI Shadow boxchars with a 24-bit truecolor
 vertical gradient flowing from cream/white at the top through warm gold
-to deep ochre at the bottom — aligned with the lab visual identity per
+to deep ochre at the bottom: aligned with the lab visual identity per
 the operator's brand-discipline rule (creme palette, deep-ochre accent).
 
 Gracefully degrades:
@@ -10,7 +10,7 @@ Gracefully degrades:
   - stdout is not a TTY        → plain text fallback (or skip entirely)
   - TERM=dumb                  → plain text fallback
 
-Truecolor support is detected via $COLORTERM (truecolor / 24bit) — most
+Truecolor support is detected via $COLORTERM (truecolor / 24bit): most
 modern terminals (iTerm2, Alacritty, Kitty, wezterm, Windows Terminal,
 modern xterm builds, Ghostty) advertise it. Falls back to 256-color
 gradient when not available.
@@ -20,7 +20,7 @@ from __future__ import annotations
 import os
 import sys
 
-# ANSI Shadow rendering of "SIBYL" — 6 rows, 41 cols. Each row gets its
+# ANSI Shadow rendering of "SIBYL": 6 rows, 41 cols. Each row gets its
 # own gradient color (top = pale cream/white, bottom = deep ochre).
 _LINES = (
     "███████╗██╗██████╗ ██╗   ██╗██╗     ",
@@ -49,7 +49,7 @@ _ATTRIBUTION = "a Sibyl Labs LLC Product. Agentic Infrastructure and Memory Prod
 
 
 def _supports_truecolor() -> bool:
-    """Detect 24-bit color support. Conservative — fall back gracefully."""
+    """Detect 24-bit color support. Conservative: fall back gracefully."""
     if os.environ.get("NO_COLOR"):
         return False
     if os.environ.get("TERM", "").lower() == "dumb":
@@ -96,22 +96,22 @@ def render_banner(*, force_color: bool | None = None) -> str:
     use_truecolor = force_color if force_color is not None else _supports_truecolor()
 
     if not use_truecolor:
-        # Plain text — still visually clean, just no color.
+        # Plain text: still visually clean, just no color.
         body = "\n".join("  " + line for line in _LINES)
         tagline = f"\n  {_TAGLINE}"
         attribution = f"\n  {_ATTRIBUTION}\n"
         return body + tagline + attribution
 
-    # Colored — apply per-row gradient.
+    # Colored: apply per-row gradient.
     colored_lines = []
     for line, (r, g, b) in zip(_LINES, _GRADIENT):
         colored_lines.append(f"  {_rgb(r, g, b)}{line}{_RESET}")
 
     body = "\n".join(colored_lines)
-    # Tagline in the deepest gold — present, but not competing with the wordmark.
+    # Tagline in the deepest gold: present, but not competing with the wordmark.
     r, g, b = _GRADIENT[-1]
     tagline = f"\n  {_rgb(r, g, b)}{_TAGLINE}{_RESET}"
-    # Attribution dimmer still — a half-step below the tagline so the hierarchy
+    # Attribution dimmer still: a half-step below the tagline so the hierarchy
     # reads SIBYL > tagline > attribution at a glance. ANSI dim (\033[2m) gives
     # ~55% perceived opacity across the supported terminals.
     attribution = f"\n  \033[2m{_rgb(r, g, b)}{_ATTRIBUTION}{_RESET}\n"

sibyl-memory-hermes/src/sibyl_memory_hermes/_hermes_plugin/__init__.py

@@ -1,4 +1,4 @@
-"""Bundled Hermes plugin payload — NOT for direct import.
+"""Bundled Hermes plugin payload. NOT for direct import.
 
 Contains the validated MemoryProvider adapter (`adapter.py`) and its
 metadata (`plugin.yaml`). The `sibyl-memory-hermes install-plugin`

sibyl-memory-hermes/src/sibyl_memory_hermes/_hermes_plugin/adapter.py

@@ -1,4 +1,4 @@
-"""Sibyl memory plugin — MemoryProvider adapter for sibyl-memory-hermes.
+"""Sibyl memory plugin. MemoryProvider adapter for sibyl-memory-hermes.
 
 Developed by SIBYL, Sibyl Labs LLC. MIT licensed.
 
@@ -21,13 +21,13 @@ Install location:
 
 Configuration:
     Credentials live in ~/.sibyl-memory/credentials.json (managed by the
-    `sibyl init` CLI). This adapter does not duplicate that — it lets the
+    `sibyl init` CLI). This adapter does not duplicate that: it lets the
     SDK auto-load credentials. The only Hermes-side option is `db_path`,
     which defaults to <HERMES_HOME>/sibyl/memory.db so each profile has
     its own database.
 
 v0.3.1 hardening (audit-remediation):
-    - Hermes ABC + tool_error imports are guarded — module imports cleanly
+    - Hermes ABC + tool_error imports are guarded: module imports cleanly
       outside Hermes (tests, dry-run tooling). Off-Hermes the adapter
       degrades to a no-op MemoryProvider base; the tool dispatcher still
       works for offline validation.
@@ -70,7 +70,7 @@ except ImportError:
 
 logger = logging.getLogger(__name__)
 
-# Timeouts + sizes — all named constants, no magic numbers in dispatch logic.
+# Timeouts + sizes: all named constants, no magic numbers in dispatch logic.
 _SYNC_JOIN_TIMEOUT = 5.0          # wait this long for previous sync_turn write
 _SHUTDOWN_JOIN_TIMEOUT = 10.0     # wait this long on shutdown
 _MIN_QUERY_LEN = 10               # skip tiny prefetch queries (noise)
@@ -99,7 +99,7 @@ def _stable_key(content: str, prefix: str = "") -> str:
 
 
 # ---------------------------------------------------------------------------
-# Tool schemas — OpenAI function-calling shape
+# Tool schemas. OpenAI function-calling shape
 # ---------------------------------------------------------------------------
 
 REMEMBER_SCHEMA = {
@@ -108,7 +108,7 @@ REMEMBER_SCHEMA = {
         "Upsert a structured fact into Sibyl's warm-entity tier. Use for "
         "anything worth remembering across sessions: project decisions, user "
         "preferences, API quirks, conventions. (category, name) is the unique "
-        "key — re-calling with the same pair overwrites."
+        "key: re-calling with the same pair overwrites."
     ),
     "parameters": {
         "type": "object",
@@ -139,7 +139,7 @@ RECALL_SCHEMA = {
     "description": (
         "Look up a single entity by (category, name). Returns the entity row "
         "(or null if absent) shaped {id, tenant_id, category, name, status, "
-        "body, created_at, updated_at} — the user data is under .body. Use "
+        "body, created_at, updated_at}: the user data is under .body. Use "
         "when you know exactly what to fetch; use sibyl_search for fuzzy/keyword lookup."
     ),
     "parameters": {
@@ -163,7 +163,7 @@ SEARCH_SCHEMA = {
     "parameters": {
         "type": "object",
         "properties": {
-            "query": {"type": "string", "description": "Search query. User input is sanitized as a single FTS5 phrase — column-filter syntax (name:foo) is treated as literal text."},
+            "query": {"type": "string", "description": "Search query. User input is sanitized as a single FTS5 phrase: column-filter syntax (name:foo) is treated as literal text."},
             "limit": {
                 "type": "integer",
                 "description": f"Max results (default {_DEFAULT_SEARCH_LIMIT}).",
@@ -226,7 +226,7 @@ class SibylAdapter(MemoryProvider):
         return "sibyl"
 
     def is_available(self) -> bool:
-        """Cheap local check — no network, no DB open."""
+        """Cheap local check: no network, no DB open."""
         try:
             import sibyl_memory_hermes  # noqa: F401
             return True
@@ -282,7 +282,7 @@ class SibylAdapter(MemoryProvider):
             return ""
         if not hits:
             return ""
-        lines = ["## Sibyl Memory — relevant context"]
+        lines = ["## Sibyl Memory: relevant context"]
         for hit in hits:
             tier = hit.get("tier", "?")
             category = hit.get("category", "")
@@ -297,7 +297,7 @@ class SibylAdapter(MemoryProvider):
         return block[:_MAX_PREFETCH_CHARS]
 
     def queue_prefetch(self, query: str, *, session_id: str = "") -> None:
-        # Sibyl is local SQLite — prefetch() runs synchronously and is fast.
+        # Sibyl is local SQLite: prefetch() runs synchronously and is fast.
         # Nothing to queue.
         pass
 
@@ -342,7 +342,7 @@ class SibylAdapter(MemoryProvider):
                         # Exponential backoff for SQLITE_BUSY / transient errors
                         time.sleep(_BUSY_RETRY_BACKOFF * (2 ** (attempt - 1)))
                         continue
-                    # Final attempt failed — escalate from debug to warning
+                    # Final attempt failed: escalate from debug to warning
                     # so users see drops in production logs.
                     logger.warning(
                         "Sibyl sync_turn dropped a journal turn after %d attempts: %s",
@@ -478,7 +478,7 @@ class SibylAdapter(MemoryProvider):
                         metadata: dict[str, Any] | None = None) -> None:
         """Mirror built-in `memory` tool writes into Sibyl's warm tier.
 
-        Accepts metadata even though we treat it as informational only —
+        Accepts metadata even though we treat it as informational only -
         ignoring the kwarg would TypeError under strict callers.
         """
         if not self._sibyl or not content:
@@ -499,24 +499,24 @@ class SibylAdapter(MemoryProvider):
     # -- config ------------------------------------------------------------
 
     def get_config_schema(self) -> list[dict[str, Any]]:
-        """No Hermes-side config — prerequisite is the `sibyl init` CLI.
+        """No Hermes-side config: prerequisite is the `sibyl init` CLI.
 
         Sibyl manages its own credentials and identity outside Hermes:
         running `sibyl init` writes ~/.sibyl-memory/credentials.json,
         which the SDK auto-loads at construction time. We deliberately
         return [] here so `hermes memory setup` does NOT double-prompt
-        for credentials that already live in the Sibyl native file —
+        for credentials that already live in the Sibyl native file -
         running both flows would diverge tenant ids and confuse users.
 
         If a future version needs Hermes-side overrides (alt db_path,
         explicit tenant_id for testing), add them here as non-secret
-        fields — keep secrets in credentials.json so there's one
+        fields: keep secrets in credentials.json so there's one
         source of truth.
         """
         return []
 
     def save_config(self, values: dict[str, Any], hermes_home: str) -> None:
-        # Nothing to persist — values are read live from credentials.json and
+        # Nothing to persist: values are read live from credentials.json and
         # constructor args. This stays a no-op until a hermes-side config
         # file is actually needed.
         return

sibyl-memory-hermes/src/sibyl_memory_hermes/_hermes_plugin/plugin.yaml

@@ -1,5 +1,5 @@
 name: sibyl
-description: Sibyl Memory — local-first, SQLite-backed, structured-tier memory (warm entities, hot state, cold journal, reference docs). Backed by sibyl-memory-hermes.
+description: Sibyl Memory: local-first, SQLite-backed, structured-tier memory (warm entities, hot state, cold journal, reference docs). Backed by sibyl-memory-hermes.
 version: 0.3.1
 homepage: https://sibyllabs.org/memory
 author: SIBYL, Sibyl Labs LLC

sibyl-memory-hermes/src/sibyl_memory_hermes/credentials.py

@@ -55,8 +55,8 @@ class Credentials:
     the server re-verifies. Mismatches surface as `credentials_tamper_suspected`
     telemetry. The authoritative tier comes from the database regardless.
 
-    schema_version 1 credentials (no signature) still load — old fields are
-    None — and continue to work unsigned. The SDK just sends an unsigned
+    schema_version 1 credentials (no signature) still load: old fields are
+    None: and continue to work unsigned. The SDK just sends an unsigned
     request and the server skips the tamper check."""
 
     account_id: str
@@ -79,7 +79,7 @@ def load_credentials(path: str | Path = DEFAULT_CRED_PATH) -> Credentials:
     redirect this file to read from /dev/null or any sensitive path. We
     use ``Path.is_symlink()`` to detect, then ``lstat`` to confirm the
     file type. On detection, raises ``CredentialsNotFoundError`` (the
-    safe default — caller falls back to DEFAULT_TENANT).
+    safe default: caller falls back to DEFAULT_TENANT).
 
     Raises:
         CredentialsNotFoundError: file missing or symlinked
@@ -87,7 +87,7 @@ def load_credentials(path: str | Path = DEFAULT_CRED_PATH) -> Credentials:
         OSError: I/O failure reading the file
     """
     resolved = Path(path).expanduser()
-    # SEC-11: detect symlinks BEFORE resolve() — resolve follows them silently.
+    # SEC-11: detect symlinks BEFORE resolve(): resolve follows them silently.
     if resolved.is_symlink():
         raise CredentialsNotFoundError(resolved)
     resolved = resolved.resolve()
@@ -129,7 +129,7 @@ def write_credentials(creds: Credentials, path: str | Path = DEFAULT_CRED_PATH)
     ``os.open(O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW, 0o600)``. Previously
     used ``tmp.write_text()`` then ``os.chmod(0o600)``, leaving a
     world-readable window between syscalls. Now mode is set by the
-    kernel at file-creation time — no race.
+    kernel at file-creation time: no race.
 
     Used by `sibyl init`.
     """

sibyl-memory-hermes/src/sibyl_memory_hermes/install_plugin.py

@@ -1,4 +1,4 @@
-"""`sibyl-memory-hermes install-plugin` — installs the Sibyl adapter into Hermes.
+"""`sibyl-memory-hermes install-plugin`: installs the Sibyl adapter into Hermes.
 
 Hermes' loader does NOT use pip entry points (verified against
 plugins/memory/__init__.py source 2026-05-17). It scans the filesystem
@@ -95,7 +95,7 @@ def _looks_like_sibyl_install(dest: Path) -> bool:
         content = yaml_path.read_text(encoding="utf-8")
     except OSError:
         return False
-    # Loose match — yaml has `name: sibyl` somewhere near the top
+    # Loose match: yaml has `name: sibyl` somewhere near the top
     for line in content.splitlines()[:10]:
         stripped = line.strip().lower()
         if stripped.startswith("name:") and "sibyl" in stripped:
@@ -162,7 +162,7 @@ def install(hermes_home: Path, force: bool, dry_run: bool) -> int:
     print(a.section_header("next steps", subtitle="three to go · then your agent has memory"))
     print()
 
-    # Step 1 — activate in config.yaml
+    # Step 1: activate in config.yaml
     print(f"  {a.chip('1', palette='accent')}  {a.bold('Activate Sibyl in your Hermes config')}")
     print(f"      {a.color(str(hermes_home / 'config.yaml'), a.INK)}")
     print()
@@ -170,15 +170,15 @@ def install(hermes_home: Path, force: bool, dry_run: bool) -> int:
     print(f"          {a.color('provider:', a.ACCENT)} {a.color('sibyl', a.INK)}")
     print()
 
-    # Step 2 — bind account
+    # Step 2: bind account
     print(f"  {a.chip('2', palette='accent')}  {a.bold('Bind your account')}  {a.dim('(optional · lifts the 2 MB free-tier cap)')}")
     print(f"      {a.color('sibyl init', a.INK)}")
     print(a.dim("      three paths: desktop wallet · email + code · USDC-send from mobile"))
-    print(a.dim("      defer if you want — the plugin runs on a local default tenant without it"))
+    print(a.dim("      defer if you want: the plugin runs on a local default tenant without it"))
     print()
 
-    # Step 3 — start hermes
-    print(f"  {a.chip('3', palette='accent')}  {a.bold('Start Hermes — your agent now has memory')}")
+    # Step 3: start hermes
+    print(f"  {a.chip('3', palette='accent')}  {a.bold('Start Hermes: your agent now has memory')}")
     print(a.dim("      tools available to the agent:"))
     for tool in ("sibyl_remember", "sibyl_recall", "sibyl_search", "sibyl_list"):
         print(f"        {a.color(a.GLYPH_BULLET, a.PULSE)} {a.color(tool, a.INK)}")
@@ -193,7 +193,7 @@ def install(hermes_home: Path, force: bool, dry_run: bool) -> int:
 
 def uninstall(hermes_home: Path, dry_run: bool) -> int:
     dest = _plugin_dest(hermes_home)
-    # ── HEAVY: removal is also ceremonial — banner + section header.
+    # ── HEAVY: removal is also ceremonial: banner + section header.
     print_banner()
     print(a.section_header("uninstall-plugin",
                           subtitle="remove sibyl from this hermes install"))
@@ -202,7 +202,7 @@ def uninstall(hermes_home: Path, dry_run: bool) -> int:
     print(a.kv("Plugin dest", str(dest)))
     print()
     if not dest.exists():
-        print(a.warn_line("Nothing to uninstall — plugin directory does not exist."))
+        print(a.warn_line("Nothing to uninstall: plugin directory does not exist."))
         return 0
     if dest.is_symlink():
         print(a.err_line(f"Refused: {dest} is a symlink."))

sibyl-memory-hermes/src/sibyl_memory_hermes/provider.py

@@ -1,4 +1,4 @@
-"""SibylMemoryProvider — framework-agnostic Sibyl Memory SDK class.
+"""SibylMemoryProvider: framework-agnostic Sibyl Memory SDK class.
 
 DESIGN NOTES
 ============
@@ -16,7 +16,7 @@ that delegates to this class. The split is intentional:
 Prior versions (v0.2.x) attempted conditional inheritance from Hermes'
 ABC at import time, but the import path was wrong (`hermes_agent.memory`
 vs the actual `agent.memory_provider`), so the soft-bind silently failed
-on every install. v0.3.0 removes the conditional inheritance entirely —
+on every install. v0.3.0 removes the conditional inheritance entirely -
 the adapter handles all Hermes glue. See packages/sibyl-memory-hermes/
 CHANGELOG.md for the full ratification of this architectural shift.
 
@@ -64,7 +64,7 @@ class SibylMemoryProvider:
                         is loaded; if also missing, DEFAULT_TENANT is used.
         credentials_path: override for credentials.json discovery.
         require_credentials: if True, raise CredentialsNotFoundError when
-                        the file is missing. Default False — degrade to
+                        the file is missing. Default False: degrade to
                         DEFAULT_TENANT so callers can run pre-activation.
         autoload_credentials: if True (default), read credentials.json on
                         construction and apply tenant_id from it.
@@ -111,7 +111,7 @@ class SibylMemoryProvider:
         client_account_id = creds.account_id if creds else None
         client_session_token = creds.session_token if creds else None
         # Build the canonical signed-claim object that matches the server's
-        # SIGNING_FIELDS shape. Order doesn't matter on the JSON wire —
+        # SIGNING_FIELDS shape. Order doesn't matter on the JSON wire -
         # the server canonicalizes by field name.
         client_claim = None
         client_signature = None
@@ -136,7 +136,7 @@ class SibylMemoryProvider:
             credentials_signature=client_signature,
         )
 
-        # v0.3.0: no conditional super().__init__() — class is no longer
+        # v0.3.0: no conditional super().__init__(): class is no longer
         # an ABC subclass. Hermes binding lives in the bundled adapter.
 
     # ------------------------------------------------------------------
@@ -183,7 +183,7 @@ class SibylMemoryProvider:
     # ==================================================================
     # The Hermes v0.10.0 memory contract uses save_context / load_context
     # for the per-turn agent memory loop. We map these onto the journal
-    # (COLD) tier — every turn is an event in the agent's session log.
+    # (COLD) tier: every turn is an event in the agent's session log.
     #
     # remember() / recall() / forget() are the higher-level fact-store
     # operations that map onto entities (WARM tier).
@@ -210,7 +210,7 @@ class SibylMemoryProvider:
         return self._client.read_events(limit=limit)
 
     def clear_context(self) -> None:
-        """No-op for now — journal events are append-only by design.
+        """No-op for now: journal events are append-only by design.
 
         If a caller genuinely wants to wipe the journal, they should drop
         the database file. This method exists for Hermes contract
@@ -241,7 +241,7 @@ class SibylMemoryProvider:
         Note: the return shape is the full row wrapper, not just the body
         dict. To get the user payload only, use ``recall(...).["body"]``.
         State and reference tier reads (``get_state``, ``get_reference``)
-        return slimmer ``{body, updated_at}`` shapes — that asymmetry is
+        return slimmer ``{body, updated_at}`` shapes: that asymmetry is
         intentional (entities carry more provenance) and documented here
         per audit H2.
 
@@ -253,7 +253,7 @@ class SibylMemoryProvider:
         T2-2 fix: previously caught bare ``Exception``, which swallowed
         StorageError / TenantError / SchemaError as "not found". That
         masked underlying-storage failures end-to-end. Now narrows to
-        NotFoundError only — every other exception propagates so the
+        NotFoundError only: every other exception propagates so the
         caller can surface or retry.
         """
         try:
@@ -261,7 +261,7 @@ class SibylMemoryProvider:
         except NotFoundError:
             return None
 
-    def list(  # noqa: A003 — Hermes-compatible name
+    def list(  # noqa: A003. Hermes-compatible name
         self,
         category: str | None = None,
         *,
@@ -278,7 +278,7 @@ class SibylMemoryProvider:
             StorageError: backend failure
             TenantError: misconfigured tenant_id
 
-        Does NOT raise on missing entity — returns False instead (audit H3).
+        Does NOT raise on missing entity: returns False instead (audit H3).
         """
         return self._client.delete_entity(category, name)
 
@@ -299,7 +299,7 @@ class SibylMemoryProvider:
             CapExceededError: archive would push the DB past the free-tier cap
             StorageError: backend failure
 
-        Unlike ``forget``, ``archive`` is strict — missing entities raise
+        Unlike ``forget``, ``archive`` is strict: missing entities raise
         NotFoundError rather than no-oping (audit H3).
         """
         return self._client.archive_entity(category, name, reason=reason)
@@ -343,7 +343,7 @@ class SibylMemoryProvider:
         """Set a reference-tier document.
 
         Note: reference bodies are plain ``str`` (markdown, runbooks,
-        notes), not dict — intentionally different from entity / state
+        notes), not dict: intentionally different from entity / state
         which take dict|list bodies. Use the ``metadata`` kwarg for any
         structured side-data.
 
@@ -374,7 +374,7 @@ class SibylMemoryProvider:
         """Cross-tier FTS5 full-text search across all four searchable tiers.
 
         v0.3.1: search now spans entities + state + reference + journal
-        (was: entities only — the marketing claim of "search across all
+        (was: entities only: the marketing claim of "search across all
         tiers" was not yet true in v0.3.0).
 
         Returns: list of tier-tagged hits, each shaped::
@@ -394,7 +394,7 @@ class SibylMemoryProvider:
         restrict scope. ``prefix=True`` enables prefix matching on the
         last token.
 
-        Query is sanitized as a single FTS5 phrase — column-filter
+        Query is sanitized as a single FTS5 phrase: column-filter
         syntax (``name:foo``) is treated as literal text. Empty / invalid
         queries return ``[]``.
 
@@ -410,7 +410,7 @@ class SibylMemoryProvider:
     # Diagnostics
     # ------------------------------------------------------------------
     def health(self) -> dict[str, Any]:
-        """Return a small diagnostic dict — used by `sibyl status`."""
+        """Return a small diagnostic dict: used by `sibyl status`."""
         db_path = self._client.storage.db_path
         return {
             "ok": True,

sibyl-memory-hermes/tests/test_adapter.py

@@ -35,7 +35,7 @@ from sibyl_memory_hermes._hermes_plugin.adapter import (
 # Module loadability
 # ----------------------------------------------------------------------
 def test_module_imports_without_hermes() -> None:
-    """Off-Hermes the adapter still imports — the Hermes ABC + tool_error
+    """Off-Hermes the adapter still imports: the Hermes ABC + tool_error
     guards land their no-op fallbacks. Tests can therefore exercise it
     without spinning up a Hermes runtime."""
     # _HERMES_AVAILABLE reflects whether hermes-agent is installed.
@@ -50,7 +50,7 @@ def test_module_imports_without_hermes() -> None:
 
 
 def test_register_function_exists() -> None:
-    """register(ctx) is the Hermes plugin entry point — must exist for the
+    """register(ctx) is the Hermes plugin entry point: must exist for the
     filesystem loader to find it."""
     assert callable(adapter_module.register)
 
@@ -192,10 +192,10 @@ def test_handle_tool_call_search_sanitizes_malformed_query(tmp_path: Path) -> No
     """SEC-3 hardening: malformed FTS5 queries (unclosed quotes, column
     filters) must not crash or leak SQL error text."""
     adapter = _make_initialized_adapter(tmp_path)
-    # Unclosed quote — pre-v0.3.1 would surface OperationalError + db_path leak
+    # Unclosed quote: pre-v0.3.1 would surface OperationalError + db_path leak
     out = json.loads(adapter.handle_tool_call("sibyl_search", {"query": '"'}))
     assert "results" in out
-    # Empty input — should return empty results, not error
+    # Empty input: should return empty results, not error
     out2 = json.loads(adapter.handle_tool_call("sibyl_search", {"query": ""}))
     assert "error" in out2  # query is required
 
@@ -223,7 +223,7 @@ def test_sync_turn_during_shutdown_skips(tmp_path: Path) -> None:
     skipped via the shutdown flag check in the worker loop)."""
     adapter = _make_initialized_adapter(tmp_path)
     adapter.shutdown()
-    # Should not raise — even though we shut down, the call itself is safe
+    # Should not raise: even though we shut down, the call itself is safe
     adapter.sync_turn("user msg", "assistant reply")
 
 

sibyl-memory-hermes/tests/test_smoke.py

@@ -2,7 +2,7 @@
 
 These exercise the public provider surface. They run against a fresh
 SQLite DB per test via pytest tmp_path fixtures. Hermes is NOT required
-to be installed — the provider degrades gracefully.
+to be installed: the provider degrades gracefully.
 """
 from __future__ import annotations
 
@@ -229,7 +229,7 @@ def test_fts_search(tmp_path: Path) -> None:
 
     # v0.3.1: provider.search() now returns cross-tier hits with a `key`
     # field (was: entity rows with `name`). The shape is documented in
-    # MemoryClient.search() — each hit is {tier, key, category, body, ...}.
+    # MemoryClient.search(): each hit is {tier, key, category, body, ...}.
     results = provider.search("memory")
     keys = {r["key"] for r in results if r["tier"] == "entity"}
     assert "atlas" in keys
@@ -275,7 +275,7 @@ def test_health(tmp_path: Path) -> None:
     assert h["schema_version"] >= 2
     assert h["db_size_bytes"] >= 0
     assert h["tier"] == "free"
-    # hermes_bound is deprecated since v0.3.0 and always False — the asymmetry
+    # hermes_bound is deprecated since v0.3.0 and always False: the asymmetry
     # is the signal v0.4 cleanup is approaching. Tightened from bool-only check.
     assert h["hermes_bound"] is False
 

sibyl-memory-mcp/CHANGELOG.md

@@ -4,7 +4,7 @@ All notable changes to `sibyl-memory-mcp` are recorded here. Format follows
 [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). Versioning follows
 [SemVer](https://semver.org/).
 
-## [0.1.2] — 2026-05-18
+## [0.1.2] - 2026-05-18
 
 KAPPA external-tester remediation release. v0.1.1 was functionally broken
 on PyPI: `pip install sibyl-memory-mcp` followed by the entry-point invocation
@@ -17,7 +17,7 @@ clean-venv install smoke test in CI. Gap closed by the companion
 
 ### Fixed
 
-- **KAPPA-BLOCKER** — `sibyl-memory-mcp` now imports cleanly in a fresh
+- **KAPPA-BLOCKER**. `sibyl-memory-mcp` now imports cleanly in a fresh
   venv. The fix lives in the companion `sibyl-memory-client` v0.4.0 which
   exports `CapExceededError` and `TierVerificationError` from the
   `.exceptions` submodule path. This release bumps the client pin to
@@ -39,7 +39,7 @@ clean-venv install smoke test in CI. Gap closed by the companion
 
 ---
 
-## [0.1.1] — 2026-05-18
+## [0.1.1] - 2026-05-18
 
 Audit-remediation release. v0.3.0 plugin-family pre-ship audit (2026-05-18T05:05Z)
 flagged this package's `memory_record_event` tool as broken end-to-end (every
@@ -49,27 +49,27 @@ Companion releases: `sibyl-memory-client` v0.3.3, `sibyl-memory-hermes` v0.3.1,
 
 ### Fixed
 
-- **C1** — `memory_record_event` now calls the SDK's actual signature
+- **C1**. `memory_record_event` now calls the SDK's actual signature
   ``client.write_event(*, evaluated, acted, forward, extra, ts)``. The
   previous call ``client.write_event(kind, body, category=category,
   name=name)`` referenced parameters that don't exist and raised
   TypeError on every invocation. The high-level (kind, body, category,
   name) contract is preserved by translating: kind+body → `acted={kind,
   body}`, optional category+name → `extra={category, name}`.
-- **H2** — `memory_get_state` now unpacks the SDK's `{body, updated_at}`
+- **H2**. `memory_get_state` now unpacks the SDK's `{body, updated_at}`
   return shape into a flat response: `{ok, key, body: <user payload>,
   updated_at: <iso ts>}`. Previously returned `body` containing the full
   wrapper, so "body" meant two different things at different nesting
   depths in the same response.
-- **N3** — `memory_list` `category` parameter is now Optional. Matches
-  the SDK + Hermes adapter behavior — pass it to filter, omit to list
+- **N3**. `memory_list` `category` parameter is now Optional. Matches
+  the SDK + Hermes adapter behavior: pass it to filter, omit to list
   across all categories.
 
 ### Changed
 
-- **P-H1** — `MemoryClient` is cached at module scope. Previously rebuilt
+- **P-H1**. `MemoryClient` is cached at module scope. Previously rebuilt
   on every tool call (reading schema.sql from disk + bootstrapping FTS5
-  vtables — 10-50 ms per call). Cache invalidates on credentials.json
+  vtables: 10-50 ms per call). Cache invalidates on credentials.json
   mtime change so `sibyl upgrade` is still picked up without a server
   restart. Net effect: agent recall/search latency drops to single-digit
   milliseconds.
@@ -79,11 +79,11 @@ Companion releases: `sibyl-memory-client` v0.3.3, `sibyl-memory-hermes` v0.3.1,
   description and tool docstring now match the actual behavior.
 - Query sanitization handled by the client SDK (FTS5 column-filter
   syntax can't break out into the parser). MCP server didn't need
-  its own sanitization — it's downstream of the SDK fix.
+  its own sanitization: it's downstream of the SDK fix.
 
 ### Security
 
-- **SEC-4 / SEC-11** — `_load_credentials` refuses to follow symlinks.
+- **SEC-4 / SEC-11**. `_load_credentials` refuses to follow symlinks.
   Previously called `read_text()` on the resolved path, which would
   silently follow.
 
@@ -92,11 +92,11 @@ Companion releases: `sibyl-memory-client` v0.3.3, `sibyl-memory-hermes` v0.3.1,
 - `sibyl-memory-client>=0.3.3` (was `>=0.3.2`)
 - `sibyl-memory-hermes>=0.3.1` (was `>=0.2.2`)
 
-## [0.1.0] — 2026-05-17
+## [0.1.0] - 2026-05-17
 
 Initial release. Operator question 2026-05-17: "currently i'm only seeing
 instructions for Hermes agent, how could this be used with claude code or
-codex?" — answer: an MCP server wrapping `MemoryClient.local()`. Both Claude
+codex?": answer: an MCP server wrapping `MemoryClient.local()`. Both Claude
 Code and Codex CLI consume MCP, so a single server unlocks both.
 
 ### Added
@@ -104,14 +104,14 @@ Code and Codex CLI consume MCP, so a single server unlocks both.
 - **MCP server** (`sibyl-memory-mcp` console script + `python -m sibyl_memory_mcp`)
   using the official `mcp>=1.0.0` Python SDK with FastMCP convenience layer.
 - **8 tools** exposed over stdio transport:
-  - `memory_remember` — `set_entity(category, name, body)`
-  - `memory_recall` — `get_entity(category, name)`
-  - `memory_search` — `search_entities(query, limit)` (FTS5)
-  - `memory_list` — `list_entities(category, limit)`
-  - `memory_forget` — `archive_entity(category, name, reason)`
-  - `memory_set_state` — `set_state(key, body)` (HOT tier)
-  - `memory_get_state` — `get_state(key)`
-  - `memory_record_event` — `write_event(kind, body, category, name)` (COLD tier)
+  - `memory_remember`. `set_entity(category, name, body)`
+  - `memory_recall`. `get_entity(category, name)`
+  - `memory_search`. `search_entities(query, limit)` (FTS5)
+  - `memory_list`. `list_entities(category, limit)`
+  - `memory_forget`. `archive_entity(category, name, reason)`
+  - `memory_set_state`. `set_state(key, body)` (HOT tier)
+  - `memory_get_state`. `get_state(key)`
+  - `memory_record_event`. `write_event(kind, body, category, name)` (COLD tier)
 - **Auto-reads** `~/.sibyl-memory/credentials.json` on every tool call so tier
   changes from `sibyl upgrade` are picked up without restarting the server.
 - **Typed error envelope** mapping SDK exceptions to MCP-friendly payloads:
@@ -123,7 +123,7 @@ Code and Codex CLI consume MCP, so a single server unlocks both.
 ### Design notes
 
 - Re-opens `MemoryClient.local()` on every tool call. SQLite open is
-  sub-millisecond and this keeps the server stateless — no stale tier cache
+  sub-millisecond and this keeps the server stateless: no stale tier cache
   in the process, every call sees the current credentials.
 - Free-tier 2 MB cap is enforced server-side against the database (HMAC-signed
   credentials prevent local tampering). The MCP server has no way to bypass it.
@@ -138,10 +138,10 @@ Code and Codex CLI consume MCP, so a single server unlocks both.
 
 ### Compatible with
 
-- **Claude Code** — add to `~/.claude/settings.json` or project `.mcp.json`
-- **Codex CLI** — add to `~/.codex/config.toml`
-- **Cursor** — add to `~/.cursor/mcp.json`
-- **Continue** — add to `~/.continue/config.json` mcpServers block
+- **Claude Code**: add to `~/.claude/settings.json` or project `.mcp.json`
+- **Codex CLI**: add to `~/.codex/config.toml`
+- **Cursor**: add to `~/.cursor/mcp.json`
+- **Continue**: add to `~/.continue/config.json` mcpServers block
 - Any other MCP-spec-compliant client.
 
 ### License

sibyl-memory-mcp/README.md

@@ -71,8 +71,8 @@ Full docs at [docs.sibyllabs.org/memory/integrations](https://docs.sibyllabs.org
 - **Free tier**: 8 tools work. Hard-capped at 2 MB of local storage. Writes that would push past the cap return `CAP_EXCEEDED` with an `upgrade_url`. Self-learning and memory-check-up tools are not exposed on free tier.
 - **Paid tiers** (Sync / Stake / Lifetime / Enterprise): cap removed. All tools enabled.
 
-The cap-gate runs against the **server-authoritative** tier (verified via HMAC-signed credentials) — the MCP server can't bypass it by editing the local file.
+The cap-gate runs against the **server-authoritative** tier (verified via HMAC-signed credentials): the MCP server can't bypass it by editing the local file.
 
 ## License
 
-MIT — same as the rest of the `sibyl-memory-*` family.
+MIT: same as the rest of the `sibyl-memory-*` family.

sibyl-memory-mcp/pyproject.toml

@@ -5,7 +5,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "sibyl-memory-mcp"
 version = "0.1.2"
-description = "MCP server for Sibyl Memory Plugin — wraps the local SQLite + FTS5 memory engine and exposes it to MCP-compatible agents (Claude Code, Codex, Cursor, Continue, anything that speaks MCP)."
+description = "MCP server for Sibyl Memory Plugin: wraps the local SQLite + FTS5 memory engine and exposes it to MCP-compatible agents (Claude Code, Codex, Cursor, Continue, anything that speaks MCP)."
 readme = "README.md"
 requires-python = ">=3.10"
 license = { text = "MIT" }

sibyl-memory-mcp/src/sibyl_memory_mcp/__init__.py

@@ -1,4 +1,4 @@
-"""sibyl-memory-mcp — MCP server for Sibyl Memory Plugin.
+"""sibyl-memory-mcp. MCP server for Sibyl Memory Plugin.
 
 Wraps the local SQLite + FTS5 memory engine (sibyl-memory-client) and
 exposes it to any MCP-compatible agent: Claude Code, Codex CLI, Cursor,

sibyl-memory-mcp/src/sibyl_memory_mcp/server.py

@@ -12,7 +12,7 @@
 
 All operations run against the local SQLite at ~/.sibyl-memory/memory.db.
 The cap gate (free-tier 2 MB hard cap, paid-tier uncapped) is enforced
-automatically by the underlying sibyl-memory-client SDK — the MCP server
+automatically by the underlying sibyl-memory-client SDK: the MCP server
 just surfaces the typed errors back to the caller.
 
 v0.1.1 hardening (audit-remediation):
@@ -66,7 +66,7 @@ def _load_credentials() -> dict[str, Any]:
 
     v0.1.1 hardening:
       - Refuses to follow symlinks (SEC-11). If the file is a symlink,
-        treat as absent — same behavior as the Hermes provider.
+        treat as absent: same behavior as the Hermes provider.
       - Treats any I/O / parse error as absent (existing behavior).
     """
     if not DEFAULT_CRED_PATH.exists():
@@ -108,7 +108,7 @@ def _open_client() -> MemoryClient:
     """Return a MemoryClient bound to the local DB + credentials.
 
     v0.1.1 (audit P-H1): cached at module scope. Previously rebuilt every
-    tool call (reading schema.sql from disk + bootstrapping FTS5 vtables —
+    tool call (reading schema.sql from disk + bootstrapping FTS5 vtables -
     10-50ms per call). Now invalidated only when credentials.json mtime
     changes, which is the only thing that should change tier behavior.
     """
@@ -189,7 +189,7 @@ def build_server() -> FastMCP:
         """Store an entity in long-term memory.
 
         Use for facts, project state, person profiles, anything the agent
-        should remember across sessions. Idempotent on (category, name) —
+        should remember across sessions. Idempotent on (category, name) -
         a second call with the same key updates the entry.
 
         Args:
@@ -225,10 +225,10 @@ def build_server() -> FastMCP:
 
         v0.1.1: spans all four searchable tiers. Each hit carries a `tier`
         tag so the agent knows where the match came from. Previously was
-        entities-only — the v0.3.0 plugin family marketing claim of
+        entities-only: the v0.3.0 plugin family marketing claim of
         "search across all tiers" is now actually true.
 
-        Query is sanitized as a single FTS5 phrase — column-filter syntax
+        Query is sanitized as a single FTS5 phrase: column-filter syntax
         (`name:foo`, `rowid:*`) is treated as literal text and cannot
         break out into the FTS5 parser. Empty/invalid queries return [].
 
@@ -250,7 +250,7 @@ def build_server() -> FastMCP:
     ) -> dict[str, Any]:
         """List entities, optionally filtered by category. Most-recently-updated first.
 
-        v0.1.1: `category` is now optional (audit N3 — matches the SDK and
+        v0.1.1: `category` is now optional (audit N3: matches the SDK and
         Hermes adapter behavior). Pass it to filter; omit to list across
         all categories.
 
@@ -267,7 +267,7 @@ def build_server() -> FastMCP:
 
     @mcp.tool()
     def memory_forget(category: str, name: str, reason: str | None = None) -> dict[str, Any]:
-        """Archive an entity (not destroyed — moved to archived_entities).
+        """Archive an entity (not destroyed: moved to archived_entities).
 
         The body is preserved in the archive table for forensic recovery
         but no longer appears in recall/list/search. Pass a `reason` to
@@ -284,7 +284,7 @@ def build_server() -> FastMCP:
     def memory_set_state(key: str, body: dict[str, Any] | list[Any]) -> dict[str, Any]:
         """Write a HOT-tier state document.
 
-        Use for ephemeral working state the agent updates frequently —
+        Use for ephemeral working state the agent updates frequently -
         current focus, in-flight task list, working draft. Faster than
         entity writes; one row per key, overwritten on each set.
         """
@@ -299,7 +299,7 @@ def build_server() -> FastMCP:
     def memory_get_state(key: str) -> dict[str, Any]:
         """Read a HOT-tier state document by key.
 
-        v0.1.1 (audit H2): response shape is now flat —
+        v0.1.1 (audit H2): response shape is now flat -
             {ok, key, body: <user payload>, updated_at: <iso ts>}
         Previously returned ``body`` = the full ``{body, updated_at}`` dict
         from the SDK, so "body" meant two different things at different
@@ -330,7 +330,7 @@ def build_server() -> FastMCP:
     ) -> dict[str, Any]:
         """Append a COLD-tier journal event.
 
-        Use for things that happened — actions taken, decisions made,
+        Use for things that happened: actions taken, decisions made,
         observations recorded. Append-only; never overwrites. Best paired
         with entities (the entity is the noun, the journal is the verb).