Memory Sidecar v3.5.1 Memory Sidecar v3.5.1 is now available as an operational hardening release for the hermes-memory-installer ecosystem, targeting production readiness for the agent-agnostic memory sidecar. The release focuses on reliability, security, and operational visibility, with improvements in resource management, fault recovery, and isolation. Key features include automatic retry-and-backoff, circuit breakers, TLS 1.3 enforcement, and structured JSON logging with Prometheus metrics. Memory Sidecar v3.5.1 is now available as the operational hardening release for the hermes-memory-installer ecosystem. This version targets production readiness for the agent-agnostic memory sidecar, addressing stability, security, and observability. Experienced developers building multi-agent architectures or deploying memory services at scale will find critical improvements in resource management, fault recovery, and isolation. The core premise of the Memory Sidecar remains unchanged: it provides a standalone, persistent memory layer that any agent—LLM, API gateway, or custom service—can access via a uniform HTTP interface. v3.5.1 hardens this interface against real-world operational stress. No agent-specific modifications are required, meaning existing clients continue to work with zero code changes. The focus here is not on new features but on ensuring the sidecar behaves predictably under load, network partitions, and resource contention. Hardening in this release covers three pillars: reliability, security, and operational visibility. Reliability comes from automatic retry‑and‑backoff for transient database and network failures, circuit breakers that trip after repeated timeouts, and controlled memory pruning. The sidecar now monitors its own RSS and will proactively release idle segments when the system reports memory pressure. Connection pooling has been reworked: the default pool size scales with available CPU cores, and idle connections are recycled every 60 seconds to prevent stale sockets. Graceful shutdown also improved—SIGTERM triggers a flush of all pending writes and a clean close of the store. Security hardens the transport and access layers. TLS 1.3 is mandatory for all incoming requests; older TLS versions are rejected at the handshake level. API keys must now be presented as an Authorization: Bearer