diff --git a/src/_zkapauthorizer/__init__.py b/src/_zkapauthorizer/__init__.py
index f19d34ad0cfc6894480f9a08edc630083545855c..8fe710e41a1aa81cfddf973117d3aef3651588a3 100644
--- a/src/_zkapauthorizer/__init__.py
+++ b/src/_zkapauthorizer/__init__.py
@@ -17,5 +17,6 @@ __all__ = [
 ]
 
 from ._version import get_versions
-__version__ = get_versions()['version']
+
+__version__ = get_versions()["version"]
 del get_versions
diff --git a/src/_zkapauthorizer/_base64.py b/src/_zkapauthorizer/_base64.py
index ed838f8ee1eafe9ee3eb434426635fb910c83883..fe020e4e01ae74ccacf8a1b755c2726a2c52e9f7 100644
--- a/src/_zkapauthorizer/_base64.py
+++ b/src/_zkapauthorizer/_base64.py
@@ -32,12 +32,13 @@ from base64 import (
     b64decode as _b64decode,
 )
 
-_b64decode_validator = _compile(b'^[A-Za-z0-9-_]*={0,2}$')
+_b64decode_validator = _compile(b"^[A-Za-z0-9-_]*={0,2}$")
+
 
 def urlsafe_b64decode(s):
     """
     Like ``base64.b64decode`` but with validation.
     """
     if not _b64decode_validator.match(s):
-        raise Error('Non-base64 digit found')
+        raise Error("Non-base64 digit found")
     return _b64decode(s, altchars=b"-_")
diff --git a/src/_zkapauthorizer/_plugin.py b/src/_zkapauthorizer/_plugin.py
index caa0906615d615fe04f433723eee81a83b8ee2f3..66a5f4383eed55024796a54afa24bd82b61890b3 100644
--- a/src/_zkapauthorizer/_plugin.py
+++ b/src/_zkapauthorizer/_plugin.py
@@ -90,6 +90,7 @@ from .lease_maintenance import (
 
 _log = Logger()
 
+
 @implementer(IAnnounceableStorageServer)
 @attr.s
 class AnnounceableStorageServer(object):
@@ -112,6 +113,7 @@ class ZKAPAuthorizer(object):
         forces different methods to use instance state to share a database
         connection.
     """
+
     name = attr.ib(default=u"privatestorageio-zkapauthz-v1")
     _stores = attr.ib(default=attr.Factory(WeakValueDictionary))
 
@@ -120,7 +122,7 @@ class ZKAPAuthorizer(object):
         :return VoucherStore: The database for the given node.  At most one
             connection is made to the database per ``ZKAPAuthorizer`` instance.
         """
-        key =  node_config.get_config_path()
+        key = node_config.get_config_path()
         try:
             s = self._stores[key]
         except KeyError:
@@ -128,7 +130,6 @@ class ZKAPAuthorizer(object):
             self._stores[key] = s
         return s
 
-
     def _get_redeemer(self, node_config, announcement, reactor):
         """
         :return IRedeemer: The voucher redeemer indicated by the given
@@ -137,7 +138,6 @@ class ZKAPAuthorizer(object):
         """
         return get_redeemer(self.name, node_config, announcement, reactor)
 
-
     def get_storage_server(self, configuration, get_anonymous_storage_server):
         kwargs = configuration.copy()
         root_url = kwargs.pop(u"ristretto-issuer-root-url")
@@ -163,7 +163,6 @@ class ZKAPAuthorizer(object):
             ),
         )
 
-
     def get_storage_client(self, node_config, announcement, get_rref):
         """
         Create an ``IStorageClient`` that submits ZKAPs with certain requests in
@@ -172,19 +171,19 @@ class ZKAPAuthorizer(object):
         ``node_config``.
         """
         from twisted.internet import reactor
+
         redeemer = self._get_redeemer(node_config, announcement, reactor)
         store = self._get_store(node_config)
         controller = SpendingController.for_store(
             tokens_to_passes=redeemer.tokens_to_passes,
             store=store,
-       )
+        )
         return ZKAPAuthorizerStorageClient(
             get_configured_pass_value(node_config),
             get_rref,
             controller.get,
         )
 
-
     def get_client_resource(self, node_config, reactor=None):
         """
         Get an ``IZKAPRoot`` for the given node configuration.
@@ -203,15 +202,20 @@ class ZKAPAuthorizer(object):
 
 
 _init_storage = _Client.__dict__["init_storage"]
+
+
 def maintenance_init_storage(self, announceable_storage_servers):
     """
     A monkey-patched version of ``_Client.init_storage`` which also
     initializes the lease maintenance service.
     """
     from twisted.internet import reactor
+
     result = _init_storage(self, announceable_storage_servers)
     _maybe_attach_maintenance_service(reactor, self)
     return result
+
+
 _Client.init_storage = maintenance_init_storage
 
 
@@ -252,12 +256,14 @@ def _create_maintenance_service(reactor, node_config, client_node):
     :param allmydata.client._Client client_node: The client node the lease
         maintenance service will be attached to.
     """
+
     def get_now():
         return datetime.utcfromtimestamp(reactor.seconds())
 
     from twisted.plugins.zkapauthorizer import (
         storage_server,
     )
+
     store = storage_server._get_store(node_config)
 
     # Create the operation which performs the lease maintenance job when
@@ -283,7 +289,9 @@ def _create_maintenance_service(reactor, node_config, client_node):
         progress=store.start_lease_maintenance,
         get_now=get_now,
     )
-    last_run_path = FilePath(node_config.get_private_path(b"last-lease-maintenance-run"))
+    last_run_path = FilePath(
+        node_config.get_private_path(b"last-lease-maintenance-run")
+    )
     # Create the service to periodically run the lease maintenance operation.
     return lease_maintenance_service(
         maintain_leases,
diff --git a/src/_zkapauthorizer/_stack.py b/src/_zkapauthorizer/_stack.py
index 6fffe2cd73a6d241322269101f32afef7dfc0d73..518db3744b857b57eeb6423cdf6864e2bfc89b07 100644
--- a/src/_zkapauthorizer/_stack.py
+++ b/src/_zkapauthorizer/_stack.py
@@ -25,13 +25,14 @@ try:
 except ImportError:
     # Not available on Windows, unfortunately.
     RLIMIT_STACK = object()
+
     def getrlimit(which):
         return (-1, -1)
+
     def setrlimit(which, what):
         pass
 
 
-
 @contextmanager
 def less_limited_stack():
     """
diff --git a/src/_zkapauthorizer/_storage_client.py b/src/_zkapauthorizer/_storage_client.py
index 656679768f898ae67a4a63ea2bac01f88bf9ec80..df88decffd1a48928f801b9a19a7a52110148eb0 100644
--- a/src/_zkapauthorizer/_storage_client.py
+++ b/src/_zkapauthorizer/_storage_client.py
@@ -78,6 +78,7 @@ class IncorrectStorageServerReference(Exception):
     server instead references some other kind of object.  This makes the
     connection, and thus the configured storage server, unusable.
     """
+
     def __init__(self, furl, actual_name, expected_name):
         self.furl = furl
         self.actual_name = actual_name
@@ -119,7 +120,9 @@ def invalidate_rejected_passes(passes, more_passes_required):
         # suite... but let's not be so vulgar.
         return None
     SIGNATURE_CHECK_FAILED.log(count=num_failed)
-    rejected_passes, okay_passes = passes.split(more_passes_required.signature_check_failed)
+    rejected_passes, okay_passes = passes.split(
+        more_passes_required.signature_check_failed
+    )
     rejected_passes.mark_invalid(u"signature check failed")
 
     # It would be great to just expand okay_passes right here.  However, if
@@ -184,7 +187,9 @@ def call_with_passes_with_manual_spend(method, num_passes, get_passes, on_succes
                         pass_group = okay_pass_group
                         # Add the necessary number of new passes.  This might
                         # fail if we don't have enough tokens.
-                        pass_group = pass_group.expand(num_passes - len(pass_group.passes))
+                        pass_group = pass_group.expand(
+                            num_passes - len(pass_group.passes)
+                        )
                 else:
                     on_success(result, pass_group)
                     break
@@ -221,9 +226,11 @@ def with_rref(f):
     The ``RemoteReference`` is retrieved by calling ``_rref`` on the first
     argument passed to the function (expected to be ``self``).
     """
+
     @wraps(f)
     def g(self, *args, **kwargs):
         return f(self, self._rref(), *args, **kwargs)
+
     return g
 
 
@@ -233,11 +240,7 @@ def _encode_passes(group):
 
     :return list[bytes]: The encoded form of the passes in the given group.
     """
-    return list(
-        t.pass_text.encode("ascii")
-        for t
-        in group.passes
-    )
+    return list(t.pass_text.encode("ascii") for t in group.passes)
 
 
 @implementer(IStorageServer)
@@ -265,6 +268,7 @@ class ZKAPAuthorizerStorageClient(object):
         request for which they will be used.  The second gives the number of
         passes to request.
     """
+
     _expected_remote_interface_name = (
         "RIPrivacyPassAuthorizedStorageServer.tahoe.privatestorage.io"
     )
@@ -302,10 +306,10 @@ class ZKAPAuthorizerStorageClient(object):
         )
 
     def _spend_for_allocate_buckets(
-            self,
-            allocated_size,
-            result,
-            pass_group,
+        self,
+        allocated_size,
+        result,
+        pass_group,
     ):
         """
         Spend some subset of a pass group based on the results of an
@@ -336,16 +340,18 @@ class ZKAPAuthorizerStorageClient(object):
 
     @with_rref
     def allocate_buckets(
-            self,
-            rref,
-            storage_index,
-            renew_secret,
-            cancel_secret,
-            sharenums,
-            allocated_size,
-            canary,
+        self,
+        rref,
+        storage_index,
+        renew_secret,
+        cancel_secret,
+        sharenums,
+        allocated_size,
+        canary,
     ):
-        num_passes = required_passes(self._pass_value, [allocated_size] * len(sharenums))
+        num_passes = required_passes(
+            self._pass_value, [allocated_size] * len(sharenums)
+        )
         return call_with_passes_with_manual_spend(
             lambda passes: rref.callRemote(
                 "allocate_buckets",
@@ -358,15 +364,18 @@ class ZKAPAuthorizerStorageClient(object):
                 canary,
             ),
             num_passes,
-            partial(self._get_passes, allocate_buckets_message(storage_index).encode("utf-8")),
+            partial(
+                self._get_passes,
+                allocate_buckets_message(storage_index).encode("utf-8"),
+            ),
             partial(self._spend_for_allocate_buckets, allocated_size),
         )
 
     @with_rref
     def get_buckets(
-            self,
-            rref,
-            storage_index,
+        self,
+        rref,
+        storage_index,
     ):
         return rref.callRemote(
             "get_buckets",
@@ -376,17 +385,19 @@ class ZKAPAuthorizerStorageClient(object):
     @inline_callbacks
     @with_rref
     def add_lease(
-            self,
-            rref,
-            storage_index,
-            renew_secret,
-            cancel_secret,
+        self,
+        rref,
+        storage_index,
+        renew_secret,
+        cancel_secret,
     ):
-        share_sizes = (yield rref.callRemote(
-            "share_sizes",
-            storage_index,
-            None,
-        )).values()
+        share_sizes = (
+            yield rref.callRemote(
+                "share_sizes",
+                storage_index,
+                None,
+            )
+        ).values()
         num_passes = required_passes(self._pass_value, share_sizes)
 
         result = yield call_with_passes(
@@ -411,12 +422,12 @@ class ZKAPAuthorizerStorageClient(object):
 
     @with_rref
     def advise_corrupt_share(
-            self,
-            rref,
-            share_type,
-            storage_index,
-            shnum,
-            reason,
+        self,
+        rref,
+        share_type,
+        storage_index,
+        shnum,
+        reason,
     ):
         return rref.callRemote(
             "advise_corrupt_share",
@@ -429,12 +440,12 @@ class ZKAPAuthorizerStorageClient(object):
     @inline_callbacks
     @with_rref
     def slot_testv_and_readv_and_writev(
-            self,
-            rref,
-            storage_index,
-            secrets,
-            tw_vectors,
-            r_vector,
+        self,
+        rref,
+        storage_index,
+        secrets,
+        tw_vectors,
+        r_vector,
     ):
         # Read operations are free.
         num_passes = 0
@@ -459,8 +470,7 @@ class ZKAPAuthorizerStorageClient(object):
             now = self._clock.seconds()
             current_sizes = {
                 sharenum: stat.size
-                for (sharenum, stat)
-                in stats.items()
+                for (sharenum, stat) in stats.items()
                 if stat.lease_expiration > now
             }
             # Determine the cost of the new storage for the operation.
@@ -489,11 +499,11 @@ class ZKAPAuthorizerStorageClient(object):
 
     @with_rref
     def slot_readv(
-            self,
-            rref,
-            storage_index,
-            shares,
-            r_vector,
+        self,
+        rref,
+        storage_index,
+        shares,
+        r_vector,
     ):
         return rref.callRemote(
             "slot_readv",
diff --git a/src/_zkapauthorizer/_storage_server.py b/src/_zkapauthorizer/_storage_server.py
index a7a5616f35ee934868c5a3ae3b33c1953bbbb98a..626870c3c883089eb2be597d9655f53d374f67d4 100644
--- a/src/_zkapauthorizer/_storage_server.py
+++ b/src/_zkapauthorizer/_storage_server.py
@@ -112,6 +112,7 @@ from .storage_common import (
 SLOT_HEADER_SIZE = 468
 LEASE_TRAILER_SIZE = 4
 
+
 @attr.s
 class _ValidationResult(object):
     """
@@ -123,6 +124,7 @@ class _ValidationResult(object):
     :ivar list[int] signature_check_failed: A list of indexes (into the
         validated list) of passes which did not have a correct signature.
     """
+
     valid = attr.ib()
     signature_check_failed = attr.ib()
 
@@ -145,7 +147,9 @@ class _ValidationResult(object):
             proposed_signature = VerificationSignature.decode_base64(signature_base64)
             unblinded_token = signing_key.rederive_unblinded_token(preimage)
             verification_key = unblinded_token.derive_verification_key_sha512()
-            invalid_pass = verification_key.invalid_sha512(proposed_signature, message.encode("utf-8"))
+            invalid_pass = verification_key.invalid_sha512(
+                proposed_signature, message.encode("utf-8")
+            )
             return invalid_pass
         except Exception:
             # It would be pretty nice to log something here, sometimes, I guess?
@@ -195,7 +199,9 @@ class LeaseRenewalRequired(Exception):
     """
 
 
-@implementer_only(RIPrivacyPassAuthorizedStorageServer, IReferenceable, IRemotelyCallable)
+@implementer_only(
+    RIPrivacyPassAuthorizedStorageServer, IReferenceable, IRemotelyCallable
+)
 # It would be great to use `frozen=True` (value-based hashing) instead of
 # `cmp=False` (identity based hashing) but Referenceable wants to set some
 # attributes on self and it's hard to avoid that.
@@ -229,7 +235,16 @@ class ZKAPAuthorizerStorageServer(Referenceable):
         """
         return self._original.remote_get_version()
 
-    def remote_allocate_buckets(self, passes, storage_index, renew_secret, cancel_secret, sharenums, allocated_size, canary):
+    def remote_allocate_buckets(
+        self,
+        passes,
+        storage_index,
+        renew_secret,
+        cancel_secret,
+        sharenums,
+        allocated_size,
+        canary,
+    ):
         """
         Pass-through after a pass check to ensure that clients can only allocate
         storage for immutable shares if they present valid passes.
@@ -310,8 +325,8 @@ class ZKAPAuthorizerStorageServer(Referenceable):
 
     def remote_share_sizes(self, storage_index_or_slot, sharenums):
         with start_action(
-                action_type=u"zkapauthorizer:storage-server:remote:share-sizes",
-                storage_index_or_slot=storage_index_or_slot,
+            action_type=u"zkapauthorizer:storage-server:remote:share-sizes",
+            storage_index_or_slot=storage_index_or_slot,
         ):
             return dict(
                 get_share_sizes(self._original, storage_index_or_slot, sharenums)
@@ -320,17 +335,16 @@ class ZKAPAuthorizerStorageServer(Referenceable):
     def remote_stat_shares(self, storage_indexes_or_slots):
         return list(
             dict(stat_share(self._original, storage_index_or_slot))
-            for storage_index_or_slot
-            in storage_indexes_or_slots
+            for storage_index_or_slot in storage_indexes_or_slots
         )
 
     def remote_slot_testv_and_readv_and_writev(
-            self,
-            passes,
-            storage_index,
-            secrets,
-            tw_vectors,
-            r_vector,
+        self,
+        passes,
+        storage_index,
+        secrets,
+        tw_vectors,
+        r_vector,
     ):
         """
         Pass-through after a pass check to ensure clients can only allocate
@@ -341,9 +355,9 @@ class ZKAPAuthorizerStorageServer(Referenceable):
             same from the perspective of pass validation.
         """
         with start_action(
-                action_type=u"zkapauthorizer:storage-server:remote:slot-testv-and-readv-and-writev",
-                storage_index=b2a(storage_index),
-                path=storage_index_to_dir(storage_index),
+            action_type=u"zkapauthorizer:storage-server:remote:slot-testv-and-readv-and-writev",
+            storage_index=b2a(storage_index),
+            path=storage_index_to_dir(storage_index),
         ):
             result = self._slot_testv_and_readv_and_writev(
                 passes,
@@ -357,12 +371,12 @@ class ZKAPAuthorizerStorageServer(Referenceable):
             return result
 
     def _slot_testv_and_readv_and_writev(
-            self,
-            passes,
-            storage_index,
-            secrets,
-            tw_vectors,
-            r_vector,
+        self,
+        passes,
+        storage_index,
+        secrets,
+        tw_vectors,
+        r_vector,
     ):
         # Only writes to shares without an active lease will result in a lease
         # renewal.
@@ -380,11 +394,13 @@ class ZKAPAuthorizerStorageServer(Referenceable):
             )
             if has_active_lease(self._original, storage_index, self._clock.seconds()):
                 # Some of the storage is paid for already.
-                current_sizes = dict(get_share_sizes(
-                    self._original,
-                    storage_index,
-                    tw_vectors.keys(),
-                ))
+                current_sizes = dict(
+                    get_share_sizes(
+                        self._original,
+                        storage_index,
+                        tw_vectors.keys(),
+                    )
+                )
                 # print("has writes, has active lease, current sizes: {}".format(current_sizes))
             else:
                 # None of it is.
@@ -434,11 +450,7 @@ def has_active_lease(storage_server, storage_index, now):
         with an expiration time after ``now``.
     """
     leases = storage_server.get_slot_leases(storage_index)
-    return any(
-        lease.get_expiration_time() > now
-        for lease
-        in leases
-    )
+    return any(lease.get_expiration_time() > now for lease in leases)
 
 
 def check_pass_quantity(pass_value, validation, share_sizes):
@@ -463,7 +475,9 @@ def check_pass_quantity(pass_value, validation, share_sizes):
         validation.raise_for(required_pass_count)
 
 
-def check_pass_quantity_for_lease(pass_value, storage_index, validation, storage_server):
+def check_pass_quantity_for_lease(
+    pass_value, storage_index, validation, storage_server
+):
     """
     Check that the given number of passes is sufficient to add or renew a
     lease for one period for the given storage index.
@@ -567,8 +581,9 @@ def get_share_sizes(storage_server, storage_index_or_slot, sharenums):
     """
     return (
         (sharenum, stat.size)
-        for (sharenum, stat)
-        in get_share_stats(storage_server, storage_index_or_slot, sharenums)
+        for (sharenum, stat) in get_share_stats(
+            storage_server, storage_index_or_slot, sharenums
+        )
     )
 
 
@@ -592,7 +607,9 @@ def get_share_stats(storage_server, storage_index_or_slot, sharenums):
         is a share number and the second element gives stats about that share.
     """
     stat = None
-    for sharenum, sharepath in get_all_share_paths(storage_server, storage_index_or_slot):
+    for sharenum, sharepath in get_all_share_paths(
+        storage_server, storage_index_or_slot
+    ):
         if stat is None:
             stat = get_stat(sharepath)
         if sharenums is None or sharenum in sharenums:
@@ -699,7 +716,7 @@ def get_slot_share_size(sharepath):
     """
     with open(sharepath, "rb") as share_file:
         share_data_length_bytes = share_file.read(92)[-8:]
-        (share_data_length,) = unpack('>Q', share_data_length_bytes)
+        (share_data_length,) = unpack(">Q", share_data_length_bytes)
         return share_data_length
 
 
@@ -711,7 +728,9 @@ def stat_share(storage_server, storage_index_or_slot):
         ``ShareStat``.
     """
     stat = None
-    for sharenum, sharepath in get_all_share_paths(storage_server, storage_index_or_slot):
+    for sharenum, sharepath in get_all_share_paths(
+        storage_server, storage_index_or_slot
+    ):
         if stat is None:
             stat = get_stat(sharepath)
         yield (sharenum, stat(storage_server, storage_index_or_slot, sharepath))
@@ -745,4 +764,5 @@ from foolscap.referenceable import (
 from foolscap.ipb import (
     ISlicer,
 )
+
 registerAdapter(ReferenceableSlicer, ZKAPAuthorizerStorageServer, ISlicer)
diff --git a/src/_zkapauthorizer/configutil.py b/src/_zkapauthorizer/configutil.py
index d87772d9052f63157a0bb83235a1bb5004eb5e9d..c8c955a17db38bbec0d5eabd0a641ddce3ecf58f 100644
--- a/src/_zkapauthorizer/configutil.py
+++ b/src/_zkapauthorizer/configutil.py
@@ -62,14 +62,15 @@ def config_string_from_sections(divided_sections):
         last value wins).
     """
     sections = _merge_dictionaries(divided_sections)
-    return "".join(list(
-        "[{name}]\n{items}\n".format(
-            name=name,
-            items="\n".join(
-                "{key} = {value}".format(key=key, value=_tahoe_config_quote(value))
-                for (key, value)
-                in contents.items()
+    return "".join(
+        list(
+            "[{name}]\n{items}\n".format(
+                name=name,
+                items="\n".join(
+                    "{key} = {value}".format(key=key, value=_tahoe_config_quote(value))
+                    for (key, value) in contents.items()
+                ),
             )
+            for (name, contents) in sections.items()
         )
-        for (name, contents) in sections.items()
-    ))
+    )
diff --git a/src/_zkapauthorizer/controller.py b/src/_zkapauthorizer/controller.py
index 44a4b0211864796234874aca316066330635132b..881acb4a2ca2b5de3b628e8e89a21b90ce4ae4a9 100644
--- a/src/_zkapauthorizer/controller.py
+++ b/src/_zkapauthorizer/controller.py
@@ -104,11 +104,13 @@ from .model import (
 
 RETRY_INTERVAL = timedelta(milliseconds=1000)
 
+
 @attr.s
 class UnexpectedResponse(Exception):
     """
     The issuer responded in an unexpected and unhandled way.
     """
+
     code = attr.ib()
     body = attr.ib()
 
@@ -139,6 +141,7 @@ class RedemptionResult(object):
     :ivar unicode public_key: The public key which the server proved was
         involved in the redemption process.
     """
+
     unblinded_tokens = attr.ib()
     public_key = attr.ib()
 
@@ -147,6 +150,7 @@ class IRedeemer(Interface):
     """
     An ``IRedeemer`` can exchange a voucher for one or more passes.
     """
+
     def random_tokens_for_voucher(voucher, counter, count):
         """
         Generate a number of random tokens to use in the redemption process for
@@ -222,6 +226,7 @@ class IndexedRedeemer(object):
     A ``IndexedRedeemer`` delegates redemption to a redeemer chosen to
     correspond to the redemption counter given.
     """
+
     _log = Logger()
 
     redeemers = attr.ib()
@@ -248,6 +253,7 @@ class NonRedeemer(object):
     """
     A ``NonRedeemer`` never tries to redeem vouchers for ZKAPs.
     """
+
     @classmethod
     def make(cls, section_name, node_config, announcement, reactor):
         return cls()
@@ -272,6 +278,7 @@ class ErrorRedeemer(object):
     An ``ErrorRedeemer`` immediately locally fails voucher redemption with a
     configured error.
     """
+
     details = attr.ib(validator=attr.validators.instance_of(unicode))
 
     @classmethod
@@ -301,6 +308,7 @@ class DoubleSpendRedeemer(object):
     A ``DoubleSpendRedeemer`` pretends to try to redeem vouchers for ZKAPs but
     always fails with an error indicating the voucher has already been spent.
     """
+
     @classmethod
     def make(cls, section_name, node_config, announcement, reactor):
         return cls()
@@ -319,6 +327,7 @@ class UnpaidRedeemer(object):
     An ``UnpaidRedeemer`` pretends to try to redeem vouchers for ZKAPs but
     always fails with an error indicating the voucher has not been paid for.
     """
+
     @classmethod
     def make(cls, section_name, node_config, announcement, reactor):
         return cls()
@@ -337,6 +346,7 @@ class RecordingRedeemer(object):
     A ``CountingRedeemer`` delegates redemption logic to another object but
     records all redemption attempts.
     """
+
     original = attr.ib()
     redemptions = attr.ib(default=attr.Factory(list))
 
@@ -350,6 +360,7 @@ class RecordingRedeemer(object):
 
 def dummy_random_tokens(voucher, counter, count):
     v = urlsafe_b64decode(voucher.number.encode("ascii"))
+
     def dummy_random_token(n):
         return RandomToken(
             # Padding is 96 (random token length) - 32 (decoded voucher
@@ -358,11 +369,8 @@ def dummy_random_tokens(voucher, counter, count):
                 v + u"{:0>4}{:0>60}".format(counter, n).encode("ascii"),
             ).decode("ascii"),
         )
-    return list(
-        dummy_random_token(n)
-        for n
-        in range(count)
-    )
+
+    return list(dummy_random_token(n) for n in range(count))
 
 
 @implementer(IRedeemer)
@@ -379,6 +387,7 @@ class DummyRedeemer(object):
         Its corresponding private key certainly has not been used to sign
         anything.
     """
+
     _public_key = attr.ib(
         validator=attr.validators.instance_of(unicode),
     )
@@ -410,17 +419,15 @@ class DummyRedeemer(object):
                     voucher,
                 ),
             )
+
         def dummy_unblinded_token(random_token):
             random_value = b64decode(random_token.token_value.encode("ascii"))
             unblinded_value = random_value + b"x" * (96 - len(random_value))
             return UnblindedToken(b64encode(unblinded_value).decode("ascii"))
+
         return succeed(
             RedemptionResult(
-                list(
-                    dummy_unblinded_token(token)
-                    for token
-                    in random_tokens
-                ),
+                list(dummy_unblinded_token(token) for token in random_tokens),
                 self._public_key,
             ),
         )
@@ -431,21 +438,20 @@ class DummyRedeemer(object):
             # can include in the resulting Pass.  This ensures the pass values
             # will be unique if and only if the unblinded tokens were unique
             # (barring improbable hash collisions).
-            token_digest = sha256(
-                token.unblinded_token.encode("ascii")
-            ).hexdigest().encode("ascii")
+            token_digest = (
+                sha256(token.unblinded_token.encode("ascii"))
+                .hexdigest()
+                .encode("ascii")
+            )
 
-            preimage = b"preimage-" + token_digest[len(b"preimage-"):]
-            signature = b"signature-" + token_digest[len(b"signature-"):]
+            preimage = b"preimage-" + token_digest[len(b"preimage-") :]
+            signature = b"signature-" + token_digest[len(b"signature-") :]
             return Pass(
                 b64encode(preimage).decode("ascii"),
                 b64encode(signature).decode("ascii"),
             )
-        return list(
-            token_to_pass(token)
-            for token
-            in unblinded_tokens
-        )
+
+        return list(token_to_pass(token) for token in unblinded_tokens)
 
 
 class IssuerConfigurationMismatch(Exception):
@@ -470,6 +476,7 @@ class IssuerConfigurationMismatch(Exception):
     ZKAPs and chooses to change its configured issuer address, those existing
     ZKAPs will not be usable and new ones must be obtained.
     """
+
     def __str__(self):
         return "Announced issuer ({}) disagrees with configured issuer ({}).".format(
             *self.args
@@ -489,6 +496,7 @@ class RistrettoRedeemer(object):
 
     :ivar URL _api_root: The root of the issuer HTTP API.
     """
+
     _log = Logger()
 
     _treq = attr.ib()
@@ -522,31 +530,33 @@ class RistrettoRedeemer(object):
     def random_tokens_for_voucher(self, voucher, counter, count):
         return list(
             RandomToken(
-                challenge_bypass_ristretto.RandomToken.create().encode_base64().decode("ascii"),
+                challenge_bypass_ristretto.RandomToken.create()
+                .encode_base64()
+                .decode("ascii"),
             )
-            for n
-            in range(count)
+            for n in range(count)
         )
 
     @inlineCallbacks
     def redeemWithCounter(self, voucher, counter, encoded_random_tokens):
         random_tokens = list(
-            challenge_bypass_ristretto.RandomToken.decode_base64(token.token_value.encode("ascii"))
-            for token
-            in encoded_random_tokens
+            challenge_bypass_ristretto.RandomToken.decode_base64(
+                token.token_value.encode("ascii")
+            )
+            for token in encoded_random_tokens
         )
         blinded_tokens = list(token.blind() for token in random_tokens)
         response = yield self._treq.post(
             self._api_root.child(u"v1", u"redeem").to_text(),
-            dumps({
-                u"redeemVoucher": voucher.number,
-                u"redeemCounter": counter,
-                u"redeemTokens": list(
-                    token.encode_base64()
-                    for token
-                    in blinded_tokens
-                ),
-            }),
+            dumps(
+                {
+                    u"redeemVoucher": voucher.number,
+                    u"redeemCounter": counter,
+                    u"redeemTokens": list(
+                        token.encode_base64() for token in blinded_tokens
+                    ),
+                }
+            ),
             headers={b"content-type": b"application/json"},
         )
         response_body = yield content(response)
@@ -583,8 +593,7 @@ class RistrettoRedeemer(object):
             challenge_bypass_ristretto.SignedToken.decode_base64(
                 marshaled_signed_token.encode("ascii"),
             )
-            for marshaled_signed_token
-            in marshaled_signed_tokens
+            for marshaled_signed_token in marshaled_signed_tokens
         )
         self._log.info("Decoded signed tokens")
         clients_proof = challenge_bypass_ristretto.BatchDLEQProof.decode_base64(
@@ -601,45 +610,39 @@ class RistrettoRedeemer(object):
         self._log.info("Validated proof")
         unblinded_tokens = list(
             UnblindedToken(token.encode_base64().decode("ascii"))
-            for token
-            in clients_unblinded_tokens
+            for token in clients_unblinded_tokens
+        )
+        returnValue(
+            RedemptionResult(
+                unblinded_tokens,
+                marshaled_public_key,
+            )
         )
-        returnValue(RedemptionResult(
-            unblinded_tokens,
-            marshaled_public_key,
-        ))
 
     def tokens_to_passes(self, message, unblinded_tokens):
         assert isinstance(message, bytes)
         assert isinstance(unblinded_tokens, list)
         assert all(isinstance(element, UnblindedToken) for element in unblinded_tokens)
         unblinded_tokens = list(
-            challenge_bypass_ristretto.UnblindedToken.decode_base64(token.unblinded_token.encode("ascii"))
-            for token
-            in unblinded_tokens
+            challenge_bypass_ristretto.UnblindedToken.decode_base64(
+                token.unblinded_token.encode("ascii")
+            )
+            for token in unblinded_tokens
         )
         clients_verification_keys = list(
-            token.derive_verification_key_sha512()
-            for token
-            in unblinded_tokens
+            token.derive_verification_key_sha512() for token in unblinded_tokens
         )
         clients_signatures = list(
             verification_key.sign_sha512(message)
-            for verification_key
-            in clients_verification_keys
-        )
-        clients_preimages = list(
-            token.preimage()
-            for token
-            in unblinded_tokens
+            for verification_key in clients_verification_keys
         )
+        clients_preimages = list(token.preimage() for token in unblinded_tokens)
         passes = list(
             Pass(
                 preimage.encode_base64().decode("ascii"),
                 signature.encode_base64().decode("ascii"),
             )
-            for (preimage, signature)
-            in zip(clients_preimages, clients_signatures)
+            for (preimage, signature) in zip(clients_preimages, clients_signatures)
         )
         return passes
 
@@ -732,6 +735,7 @@ class PaymentController(object):
     :ivar IReactorTime _clock: The reactor to use for scheduling redemption
         retries.
     """
+
     _log = Logger()
 
     store = attr.ib()
@@ -801,7 +805,9 @@ class PaymentController(object):
                     voucher=voucher.number,
                 )
 
-    def _get_random_tokens_for_voucher(self, voucher, counter, num_tokens, total_tokens):
+    def _get_random_tokens_for_voucher(
+        self, voucher, counter, num_tokens, total_tokens
+    ):
         """
         Generate or load random tokens for a redemption attempt of a voucher.
 
@@ -810,6 +816,7 @@ class PaymentController(object):
         :param int total_tokens: The total number of tokens for which this
             voucher is expected to be redeemed.
         """
+
         def get_tokens():
             self._log.info(
                 "Generating random tokens for a voucher ({voucher}).",
@@ -878,7 +885,9 @@ class PaymentController(object):
             # server signs a given set of random tokens once or many times, the
             # number of passes that can be constructed is still only the size of
             # the set of random tokens.
-            token_count = token_count_for_group(self.num_redemption_groups, num_tokens, counter)
+            token_count = token_count_for_group(
+                self.num_redemption_groups, num_tokens, counter
+            )
             tokens = self._get_random_tokens_for_voucher(
                 voucher,
                 counter,
@@ -915,7 +924,9 @@ class PaymentController(object):
             )
 
         # Ask the redeemer to do the real task of redemption.
-        self._log.info("Redeeming random tokens for a voucher ({voucher}).", voucher=voucher)
+        self._log.info(
+            "Redeeming random tokens for a voucher ({voucher}).", voucher=voucher
+        )
         d = bracket(
             lambda: setitem(
                 self._active,
diff --git a/src/_zkapauthorizer/foolscap.py b/src/_zkapauthorizer/foolscap.py
index b8f12425e72f3c3e80df6350f59f16a6c93bb635..efe98fab4a9502750433033a178836a71de662f9 100644
--- a/src/_zkapauthorizer/foolscap.py
+++ b/src/_zkapauthorizer/foolscap.py
@@ -44,6 +44,7 @@ from allmydata.interfaces import (
     Offset,
 )
 
+
 @attr.s
 class ShareStat(Copyable, RemoteCopy):
     """
@@ -54,6 +55,7 @@ class ShareStat(Copyable, RemoteCopy):
     :ivar int lease_expiration: The POSIX timestamp of the time at which the
         lease on this share expires, or None if there is no lease.
     """
+
     typeToCopy = copytype = "ShareStat"
 
     # To be a RemoteCopy it must be possible to instantiate this with no
@@ -134,7 +136,8 @@ def add_arguments(schema, kwargs):
     # arguments.
     modified_schema.argumentNames = (
         # The new arguments
-        list(argName for (argName, _) in kwargs) +
+        list(argName for (argName, _) in kwargs)
+        +
         # The original arguments in the original order
         schema.argumentNames
     )
@@ -151,9 +154,8 @@ class RIPrivacyPassAuthorizedStorageServer(RemoteInterface):
     are expected to supply suitable passes and only after the passes have been
     validated is service provided.
     """
-    __remote_name__ = (
-        "RIPrivacyPassAuthorizedStorageServer.tahoe.privatestorage.io"
-    )
+
+    __remote_name__ = "RIPrivacyPassAuthorizedStorageServer.tahoe.privatestorage.io"
 
     get_version = RIStorageServer["get_version"]
 
@@ -164,11 +166,11 @@ class RIPrivacyPassAuthorizedStorageServer(RemoteInterface):
     get_buckets = RIStorageServer["get_buckets"]
 
     def share_sizes(
-            storage_index_or_slot=StorageIndex,
-            # Notionally, ChoiceOf(None, SetOf(int, maxLength=MAX_BUCKETS)).
-            # However, support for such a construction appears to be
-            # unimplemented in Foolscap.  So, instead...
-            sharenums=Any(),
+        storage_index_or_slot=StorageIndex,
+        # Notionally, ChoiceOf(None, SetOf(int, maxLength=MAX_BUCKETS)).
+        # However, support for such a construction appears to be
+        # unimplemented in Foolscap.  So, instead...
+        sharenums=Any(),
     ):
         """
         Get the size of the given shares in the given storage index or slot.  If a
@@ -177,7 +179,7 @@ class RIPrivacyPassAuthorizedStorageServer(RemoteInterface):
         return DictOf(int, Offset)
 
     def stat_shares(
-            storage_indexes_or_slots=ListOf(StorageIndex),
+        storage_indexes_or_slots=ListOf(StorageIndex),
     ):
         """
         Get various metadata about shares in the given storage index or slot.
diff --git a/src/_zkapauthorizer/lease_maintenance.py b/src/_zkapauthorizer/lease_maintenance.py
index 6d15951d6411f9861d4358b6043e66342c5c38e7..57b6091f8d3a238379c06a2127a63956be6ab990 100644
--- a/src/_zkapauthorizer/lease_maintenance.py
+++ b/src/_zkapauthorizer/lease_maintenance.py
@@ -85,14 +85,18 @@ def visit_storage_indexes(root_nodes, visit):
         visited.
     """
     if not isinstance(root_nodes, list):
-        raise TypeError("root_nodes must be a list, not {!r}".format(
-            root_nodes,
-        ))
+        raise TypeError(
+            "root_nodes must be a list, not {!r}".format(
+                root_nodes,
+            )
+        )
     for node in root_nodes:
         if not IFilesystemNode.providedBy(node):
-            raise TypeError("Root nodes must provide IFilesystemNode, {!r} does not".format(
-                node,
-            ))
+            raise TypeError(
+                "Root nodes must provide IFilesystemNode, {!r} does not".format(
+                    node,
+                )
+            )
 
     stack = root_nodes[:]
     while stack:
@@ -130,12 +134,12 @@ def iter_storage_indexes(visit_assets):
 
 @inlineCallbacks
 def renew_leases(
-        visit_assets,
-        storage_broker,
-        secret_holder,
-        min_lease_remaining,
-        get_activity_observer,
-        now,
+    visit_assets,
+    storage_broker,
+    secret_holder,
+    min_lease_remaining,
+    get_activity_observer,
+    now,
 ):
     """
     Check the leases on a group of nodes for those which are expired or close
@@ -169,9 +173,7 @@ def renew_leases(
     renewal_secret = secret_holder.get_renewal_secret()
     cancel_secret = secret_holder.get_cancel_secret()
     servers = list(
-        server.get_storage_server()
-        for server
-        in storage_broker.get_connected_servers()
+        server.get_storage_server() for server in storage_broker.get_connected_servers()
     )
 
     for server in servers:
@@ -191,13 +193,13 @@ def renew_leases(
 
 @inlineCallbacks
 def renew_leases_on_server(
-        min_lease_remaining,
-        renewal_secret,
-        cancel_secret,
-        storage_indexes,
-        server,
-        activity,
-        now,
+    min_lease_remaining,
+    renewal_secret,
+    cancel_secret,
+    storage_indexes,
+    server,
+    activity,
+    now,
 ):
     """
     Check leases on the shares for the given storage indexes on the given
@@ -318,6 +320,7 @@ class _FuzzyTimerService(Service):
     :ivar IReactorTime reactor: A Twisted reactor to use to schedule runs of
         the operation.
     """
+
     name = attr.ib()
     operation = attr.ib()
     initial_interval = attr.ib()
@@ -355,12 +358,12 @@ class _FuzzyTimerService(Service):
 
 
 def lease_maintenance_service(
-        maintain_leases,
-        reactor,
-        last_run_path,
-        random,
-        interval_mean=None,
-        interval_range=None,
+    maintain_leases,
+    reactor,
+    last_run_path,
+    random,
+    interval_mean=None,
+    interval_range=None,
 ):
     """
     Get an ``IService`` which will maintain leases on ``root_node`` and any
@@ -400,6 +403,7 @@ def lease_maintenance_service(
                 (interval_mean + halfrange).total_seconds(),
             ),
         )
+
     # Rather than an all-or-nothing last-run time we probably eventually want
     # to have a more comprehensive record of the state when we were last
     # interrupted.  This would remove the unfortunate behavior of restarting
@@ -420,7 +424,6 @@ def lease_maintenance_service(
             timedelta(0),
         )
 
-
     return _FuzzyTimerService(
         SERVICE_NAME,
         lambda: bracket(
@@ -496,6 +499,7 @@ class NoopMaintenanceObserver(object):
     """
     A lease maintenance observer that does nothing.
     """
+
     def observe(self, sizes):
         pass
 
@@ -509,6 +513,7 @@ class MemoryMaintenanceObserver(object):
     """
     A lease maintenance observer that records observations in memory.
     """
+
     observed = attr.ib(default=attr.Factory(list))
     finished = attr.ib(default=False)
 
@@ -520,12 +525,12 @@ class MemoryMaintenanceObserver(object):
 
 
 def maintain_leases_from_root(
-        get_root_nodes,
-        storage_broker,
-        secret_holder,
-        min_lease_remaining,
-        progress,
-        get_now,
+    get_root_nodes,
+    storage_broker,
+    secret_holder,
+    min_lease_remaining,
+    progress,
+    get_now,
 ):
     """
     An operation for ``lease_maintenance_service`` which visits ``root_node``
@@ -552,6 +557,7 @@ def maintain_leases_from_root(
 
     :return: A no-argument callable to perform the maintenance.
     """
+
     def visitor(visit_assets):
         return renew_leases(
             visit_assets,
diff --git a/src/_zkapauthorizer/model.py b/src/_zkapauthorizer/model.py
index 391ea1e4c40a75e28e3be5bc33d01a8a32a5bfc5..5e2d3441277c914d052b5db480ff02889964677a 100644
--- a/src/_zkapauthorizer/model.py
+++ b/src/_zkapauthorizer/model.py
@@ -89,6 +89,7 @@ class ILeaseMaintenanceObserver(Interface):
     An object which is interested in receiving events related to the progress
     of lease maintenance activity.
     """
+
     def observe(sizes):
         """
         Observe some shares encountered during lease maintenance.
@@ -106,6 +107,7 @@ class StoreOpenError(Exception):
     """
     There was a problem opening the underlying data store.
     """
+
     def __init__(self, reason):
         self.reason = reason
 
@@ -119,6 +121,7 @@ class NotEnoughTokens(Exception):
 
 CONFIG_DB_NAME = u"privatestorageio-zkapauthz-v1.sqlite3"
 
+
 def open_and_initialize(path, connect=None):
     """
     Open a SQLite3 database for use as a voucher store.
@@ -204,12 +207,14 @@ def with_cursor(f):
     normally then the transaction will be committed.  Otherwise, the
     transaction will be rolled back.
     """
+
     @wraps(f)
     def with_cursor(self, *a, **kw):
         with self._connection:
             cursor = self._connection.cursor()
             cursor.execute("BEGIN IMMEDIATE TRANSACTION")
             return f(self, cursor, *a, **kw)
+
     return with_cursor
 
 
@@ -236,6 +241,7 @@ class VoucherStore(object):
     :ivar now: A no-argument callable that returns the time of the call as a
         ``datetime`` instance.
     """
+
     _log = Logger()
 
     pass_value = pass_value_attribute()
@@ -339,11 +345,7 @@ class VoucherStore(object):
                 voucher=voucher,
                 counter=counter,
             )
-            tokens = list(
-                RandomToken(token_value)
-                for (token_value,)
-                in rows
-            )
+            tokens = list(RandomToken(token_value) for (token_value,) in rows)
         else:
             tokens = get_tokens()
             self._log.info(
@@ -356,17 +358,13 @@ class VoucherStore(object):
                 """
                 INSERT OR IGNORE INTO [vouchers] ([number], [expected-tokens], [created]) VALUES (?, ?, ?)
                 """,
-                (voucher, expected_tokens, self.now())
+                (voucher, expected_tokens, self.now()),
             )
             cursor.executemany(
                 """
                 INSERT INTO [tokens] ([voucher], [counter], [text]) VALUES (?, ?, ?)
                 """,
-                list(
-                    (voucher, counter, token.token_value)
-                    for token
-                    in tokens
-                ),
+                list((voucher, counter, token.token_value) for token in tokens),
             )
         return tokens
 
@@ -387,11 +385,7 @@ class VoucherStore(object):
         )
         refs = cursor.fetchall()
 
-        return list(
-            Voucher.from_row(row)
-            for row
-            in refs
-        )
+        return list(Voucher.from_row(row) for row in refs)
 
     def _insert_unblinded_tokens(self, cursor, unblinded_tokens, group_id):
         """
@@ -401,11 +395,7 @@ class VoucherStore(object):
             """
             INSERT INTO [unblinded-tokens] ([token], [redemption-group]) VALUES (?, ?)
             """,
-            list(
-                (token, group_id)
-                for token
-                in unblinded_tokens
-            ),
+            list((token, group_id) for token in unblinded_tokens),
         )
 
     @with_cursor
@@ -422,7 +412,9 @@ class VoucherStore(object):
         self._insert_unblinded_tokens(cursor, unblinded_tokens, group_id)
 
     @with_cursor
-    def insert_unblinded_tokens_for_voucher(self, cursor, voucher, public_key, unblinded_tokens, completed, spendable):
+    def insert_unblinded_tokens_for_voucher(
+        self, cursor, voucher, public_key, unblinded_tokens, completed, spendable
+    ):
         """
         Store some unblinded tokens received from redemption of a voucher.
 
@@ -442,7 +434,7 @@ class VoucherStore(object):
         :param bool spendable: ``True`` if it should be possible to spend the
             inserted tokens, ``False`` otherwise.
         """
-        if  completed:
+        if completed:
             voucher_state = u"redeemed"
         else:
             voucher_state = u"pending"
@@ -488,15 +480,13 @@ class VoucherStore(object):
             ),
         )
         if cursor.rowcount == 0:
-            raise ValueError("Cannot insert tokens for unknown voucher; add voucher first")
+            raise ValueError(
+                "Cannot insert tokens for unknown voucher; add voucher first"
+            )
 
         self._insert_unblinded_tokens(
             cursor,
-            list(
-                t.unblinded_token
-                for t
-                in unblinded_tokens
-            ),
+            list(t.unblinded_token for t in unblinded_tokens),
             group_id,
         )
 
@@ -524,7 +514,7 @@ class VoucherStore(object):
                 FROM [vouchers]
                 WHERE [number] = ?
                 """,
-                (voucher,)
+                (voucher,),
             )
             rows = cursor.fetchall()
             if len(rows) == 0:
@@ -584,11 +574,7 @@ class VoucherStore(object):
             """,
             texts,
         )
-        return list(
-            UnblindedToken(t)
-            for (t,)
-            in texts
-        )
+        return list(UnblindedToken(t) for (t,) in texts)
 
     @with_cursor
     def count_unblinded_tokens(self, cursor):
@@ -661,11 +647,7 @@ class VoucherStore(object):
             """
             INSERT INTO [invalid-unblinded-tokens] VALUES (?, ?)
             """,
-            list(
-                (token.unblinded_token, reason)
-                for token
-                in unblinded_tokens
-            ),
+            list((token.unblinded_token, reason) for token in unblinded_tokens),
         )
         cursor.execute(
             """
@@ -784,6 +766,7 @@ class LeaseMaintenance(object):
         objects, the database row id that corresponds to the started run.
         This is used to make sure future updates go to the right row.
     """
+
     _pass_value = pass_value_attribute()
     _now = attr.ib()
     _connection = attr.ib()
@@ -854,6 +837,7 @@ class LeaseMaintenanceActivity(object):
 # x = store.get_latest_lease_maintenance_activity()
 # xs.started, xs.passes_required, xs.finished
 
+
 @attr.s(frozen=True)
 class UnblindedToken(object):
     """
@@ -867,6 +851,7 @@ class UnblindedToken(object):
         ``challenge_bypass_ristretto.UnblindedToken`` using that class's
         ``decode_base64`` method.
     """
+
     unblinded_token = attr.ib(
         validator=attr.validators.and_(
             attr.validators.instance_of(unicode),
@@ -888,6 +873,7 @@ class Pass(object):
         text should be kept secret.  If pass text is divulged to third-parties
         the anonymity property may be compromised.
     """
+
     preimage = attr.ib(
         validator=attr.validators.and_(
             attr.validators.instance_of(unicode),
@@ -915,6 +901,7 @@ class RandomToken(object):
     :ivar unicode token_value: The base64-encoded representation of the random
         token.
     """
+
     token_value = attr.ib(
         validator=attr.validators.and_(
             attr.validators.instance_of(unicode),
@@ -941,6 +928,7 @@ class Pending(object):
     :ivar int counter: The number of partial redemptions which have been
         successfully performed for the voucher.
     """
+
     counter = _counter_attribute()
 
     def should_start_redemption(self):
@@ -960,6 +948,7 @@ class Redeeming(object):
     state is **pending** but for which there is a redemption operation in
     progress.
     """
+
     started = attr.ib(validator=attr.validators.instance_of(datetime))
     counter = _counter_attribute()
 
@@ -984,6 +973,7 @@ class Redeemed(object):
 
     :ivar int token_count: The number of tokens the voucher was redeemed for.
     """
+
     finished = attr.ib(validator=attr.validators.instance_of(datetime))
     token_count = attr.ib(validator=attr.validators.instance_of((int, long)))
 
@@ -1019,6 +1009,7 @@ class Unpaid(object):
     state is **pending** but the most recent redemption attempt has failed due
     to lack of payment.
     """
+
     finished = attr.ib(validator=attr.validators.instance_of(datetime))
 
     def should_start_redemption(self):
@@ -1038,6 +1029,7 @@ class Error(object):
     state is **pending** but the most recent redemption attempt has failed due
     to an error that is not handled by any other part of the system.
     """
+
     finished = attr.ib(validator=attr.validators.instance_of(datetime))
     details = attr.ib(validator=attr.validators.instance_of(unicode))
 
@@ -1070,6 +1062,7 @@ class Voucher(object):
         an instance of ``Pending``, ``Redeeming``, ``Redeemed``,
         ``DoubleSpend``, ``Unpaid``, or ``Error``.
     """
+
     number = attr.ib(
         validator=attr.validators.and_(
             attr.validators.instance_of(unicode),
@@ -1094,14 +1087,16 @@ class Voucher(object):
 
     state = attr.ib(
         default=Pending(counter=0),
-        validator=attr.validators.instance_of((
-            Pending,
-            Redeeming,
-            Redeemed,
-            DoubleSpend,
-            Unpaid,
-            Error,
-        )),
+        validator=attr.validators.instance_of(
+            (
+                Pending,
+                Redeeming,
+                Redeemed,
+                DoubleSpend,
+                Unpaid,
+                Error,
+            )
+        ),
     )
 
     @classmethod
@@ -1140,7 +1135,6 @@ class Voucher(object):
         version = values.pop(u"version")
         return getattr(cls, "from_json_v{}".format(version))(values)
 
-
     @classmethod
     def from_json_v1(cls, values):
         state_json = values[u"state"]
@@ -1176,19 +1170,18 @@ class Voucher(object):
         return cls(
             number=values[u"number"],
             expected_tokens=values[u"expected-tokens"],
-            created=None if values[u"created"] is None else parse_datetime(values[u"created"]),
+            created=None
+            if values[u"created"] is None
+            else parse_datetime(values[u"created"]),
             state=state,
         )
 
-
     def to_json(self):
         return dumps(self.marshal())
 
-
     def marshal(self):
         return self.to_json_v1()
 
-
     def to_json_v1(self):
         state = self.state.to_json_v1()
         return {
diff --git a/src/_zkapauthorizer/pricecalculator.py b/src/_zkapauthorizer/pricecalculator.py
index 007ec9cdf212839ddabbac9555308b29fb158483..296d0ad3c4b46010bdd31e639bcd303db21c5d3f 100644
--- a/src/_zkapauthorizer/pricecalculator.py
+++ b/src/_zkapauthorizer/pricecalculator.py
@@ -34,6 +34,7 @@ from .storage_common import (
     share_size_for_data,
 )
 
+
 @attr.s
 class PriceCalculator(object):
     """
@@ -46,6 +47,7 @@ class PriceCalculator(object):
     :ivar int _pass_value: The bytes component of the bytes×time value of a
         single pass.
     """
+
     _shares_needed = attr.ib()
     _shares_total = attr.ib()
     _pass_value = attr.ib()
@@ -59,15 +61,10 @@ class PriceCalculator(object):
 
         :return int: The number of ZKAPs required.
         """
-        share_sizes = (
-            share_size_for_data(self._shares_needed, size)
-            for size
-            in sizes
-        )
+        share_sizes = (share_size_for_data(self._shares_needed, size) for size in sizes)
         all_required_passes = (
             required_passes(self._pass_value, [share_size] * self._shares_total)
-            for share_size
-            in share_sizes
+            for share_size in share_sizes
         )
         price = sum(all_required_passes, 0)
         return price
diff --git a/src/_zkapauthorizer/private.py b/src/_zkapauthorizer/private.py
index baf837206b53e067be86446bc956023908a303e1..81eb58b91d0af2ed0df98abc7157aa1638f9cc4b 100644
--- a/src/_zkapauthorizer/private.py
+++ b/src/_zkapauthorizer/private.py
@@ -64,10 +64,12 @@ from cryptography.hazmat.primitives.constant_time import (
 # public but we do want to make sure that hotfix is applied.  This seems like
 # an alright compromise.
 import allmydata.web.private as awp
+
 del awp
 
 SCHEME = b"tahoe-lafs"
 
+
 class IToken(ICredentials):
     def check(auth_token):
         pass
diff --git a/src/_zkapauthorizer/resource.py b/src/_zkapauthorizer/resource.py
index 1663b0c291d030e16614f894e54104f0a4dc73fe..18225e928cfa05a7dc81f1e6221740acaebe090b 100644
--- a/src/_zkapauthorizer/resource.py
+++ b/src/_zkapauthorizer/resource.py
@@ -88,13 +88,14 @@ class IZKAPRoot(IResource):
     """
     The root of the resource tree of this plugin's client web presence.
     """
+
     store = Attribute("The ``VoucherStore`` used by this resource tree.")
     controller = Attribute("The ``PaymentController`` used by this resource tree.")
 
 
 def get_token_count(
-        plugin_name,
-        node_config,
+    plugin_name,
+    node_config,
 ):
     """
     Retrieve the configured voucher value, in number of tokens, from the given
@@ -108,18 +109,20 @@ def get_token_count(
     :param int default: The value to return if none is configured.
     """
     section_name = u"storageclient.plugins.{}".format(plugin_name)
-    return int(node_config.get_config(
-        section=section_name,
-        option=u"default-token-count",
-        default=NUM_TOKENS,
-    ))
+    return int(
+        node_config.get_config(
+            section=section_name,
+            option=u"default-token-count",
+            default=NUM_TOKENS,
+        )
+    )
 
 
 def from_configuration(
-        node_config,
-        store,
-        redeemer=None,
-        clock=None,
+    node_config,
+    store,
+    redeemer=None,
+    clock=None,
 ):
     """
     Instantiate the plugin root resource using data from its configuration
@@ -186,9 +189,9 @@ def from_configuration(
 
 
 def authorizationless_resource_tree(
-        store,
-        controller,
-        calculate_price,
+    store,
+    controller,
+    calculate_price,
 ):
     """
     Create the full ZKAPAuthorizer client plugin resource hierarchy with no
@@ -231,6 +234,7 @@ class _CalculatePrice(Resource):
     """
     This resource exposes a storage price calculator.
     """
+
     allowedMethods = [b"POST"]
 
     render_HEAD = render_GET = None
@@ -260,43 +264,50 @@ class _CalculatePrice(Resource):
             body_object = loads(payload)
         except ValueError:
             request.setResponseCode(BAD_REQUEST)
-            return dumps({
-                "error": "could not parse request body",
-            })
+            return dumps(
+                {
+                    "error": "could not parse request body",
+                }
+            )
 
         try:
             version = body_object[u"version"]
             sizes = body_object[u"sizes"]
         except (TypeError, KeyError):
             request.setResponseCode(BAD_REQUEST)
-            return dumps({
-                "error": "could not read `version` and `sizes` properties",
-            })
+            return dumps(
+                {
+                    "error": "could not read `version` and `sizes` properties",
+                }
+            )
 
         if version != 1:
             request.setResponseCode(BAD_REQUEST)
-            return dumps({
-                "error": "did not find required version number 1 in request",
-            })
-
-        if (not isinstance(sizes, list) or
-            not all(
-                isinstance(size, (int, long)) and size >= 0
-                for size
-                in sizes
-        )):
+            return dumps(
+                {
+                    "error": "did not find required version number 1 in request",
+                }
+            )
+
+        if not isinstance(sizes, list) or not all(
+            isinstance(size, (int, long)) and size >= 0 for size in sizes
+        ):
             request.setResponseCode(BAD_REQUEST)
-            return dumps({
-                "error": "did not find required positive integer sizes list in request",
-            })
+            return dumps(
+                {
+                    "error": "did not find required positive integer sizes list in request",
+                }
+            )
 
         application_json(request)
 
         price = self._price_calculator.calculate(sizes)
-        return dumps({
-            u"price": price,
-            u"period": self._lease_period,
-        })
+        return dumps(
+            {
+                u"price": price,
+                u"period": self._lease_period,
+            }
+        )
 
 
 def wrong_content_type(request, required_type):
@@ -335,11 +346,14 @@ class _ProjectVersion(Resource):
     """
     This resource exposes the version of **ZKAPAuthorizer** itself.
     """
+
     def render_GET(self, request):
         application_json(request)
-        return dumps({
-            "version": _zkapauthorizer_version,
-        })
+        return dumps(
+            {
+                "version": _zkapauthorizer_version,
+            }
+        )
 
 
 class _UnblindedTokenCollection(Resource):
@@ -347,6 +361,7 @@ class _UnblindedTokenCollection(Resource):
     This class implements inspection of unblinded tokens.  Users **GET** this
     resource to find out about unblinded tokens in the system.
     """
+
     _log = Logger()
 
     def __init__(self, store, controller):
@@ -368,17 +383,18 @@ class _UnblindedTokenCollection(Resource):
 
         position = request.args.get(b"position", [b""])[0].decode("utf-8")
 
-        return dumps({
-            u"total": len(unblinded_tokens),
-            u"spendable": self._store.count_unblinded_tokens(),
-            u"unblinded-tokens": list(islice((
-                token
-                for token
-                in unblinded_tokens
-                if token > position
-            ), limit)),
-            u"lease-maintenance-spending": self._lease_maintenance_activity(),
-        })
+        return dumps(
+            {
+                u"total": len(unblinded_tokens),
+                u"spendable": self._store.count_unblinded_tokens(),
+                u"unblinded-tokens": list(
+                    islice(
+                        (token for token in unblinded_tokens if token > position), limit
+                    )
+                ),
+                u"lease-maintenance-spending": self._lease_maintenance_activity(),
+            }
+        )
 
     def render_POST(self, request):
         """
@@ -389,7 +405,6 @@ class _UnblindedTokenCollection(Resource):
         self._store.insert_unblinded_tokens(unblinded_tokens, group_id=0)
         return dumps({})
 
-
     def _lease_maintenance_activity(self):
         activity = self._store.get_latest_lease_maintenance_activity()
         if activity is None:
@@ -400,7 +415,6 @@ class _UnblindedTokenCollection(Resource):
         }
 
 
-
 class _VoucherCollection(Resource):
     """
     This class implements redemption of vouchers.  Users **PUT** such numbers
@@ -408,6 +422,7 @@ class _VoucherCollection(Resource):
     redemption controller.  Child resources of this resource can also be
     retrieved to monitor the status of previously submitted vouchers.
     """
+
     _log = Logger()
 
     def __init__(self, store, controller):
@@ -415,7 +430,6 @@ class _VoucherCollection(Resource):
         self._controller = controller
         Resource.__init__(self)
 
-
     def render_PUT(self, request):
         """
         Record a voucher and begin attempting to redeem it.
@@ -425,26 +439,31 @@ class _VoucherCollection(Resource):
         except Exception:
             return bad_request(u"json request body required").render(request)
         if payload.keys() != [u"voucher"]:
-            return bad_request(u"request object must have exactly one key: 'voucher'").render(request)
+            return bad_request(
+                u"request object must have exactly one key: 'voucher'"
+            ).render(request)
         voucher = payload[u"voucher"]
         if not is_syntactic_voucher(voucher):
-            return bad_request(u"submitted voucher is syntactically invalid").render(request)
+            return bad_request(u"submitted voucher is syntactically invalid").render(
+                request
+            )
 
-        self._log.info("Accepting a voucher ({voucher}) for redemption.", voucher=voucher)
+        self._log.info(
+            "Accepting a voucher ({voucher}) for redemption.", voucher=voucher
+        )
         self._controller.redeem(voucher)
         return b""
 
-
     def render_GET(self, request):
         application_json(request)
-        return dumps({
-            u"vouchers": list(
-                self._controller.incorporate_transient_state(voucher).marshal()
-                for voucher
-                in self._store.list()
-            ),
-        })
-
+        return dumps(
+            {
+                u"vouchers": list(
+                    self._controller.incorporate_transient_state(voucher).marshal()
+                    for voucher in self._store.list()
+                ),
+            }
+        )
 
     def getChild(self, segment, request):
         voucher = segment.decode("utf-8")
@@ -483,6 +502,7 @@ class VoucherView(Resource):
     """
     This class implements a view for a ``Voucher`` instance.
     """
+
     def __init__(self, voucher):
         """
         :param Voucher reference: The model object for which to provide a
@@ -491,7 +511,6 @@ class VoucherView(Resource):
         self._voucher = voucher
         Resource.__init__(self)
 
-
     def render_GET(self, request):
         application_json(request)
         return self._voucher.to_json()
@@ -503,5 +522,7 @@ def bad_request(reason=u"Bad Request"):
         REQUEST** response.
     """
     return ErrorPage(
-        BAD_REQUEST, b"Bad Request", reason.encode("utf-8"),
+        BAD_REQUEST,
+        b"Bad Request",
+        reason.encode("utf-8"),
     )
diff --git a/src/_zkapauthorizer/schema.py b/src/_zkapauthorizer/schema.py
index 27890a32fcebc15cfebae08580e7daf5d33f69cc..40c79ea41d4584b9c46fb2f73b053c4cb381f2a6 100644
--- a/src/_zkapauthorizer/schema.py
+++ b/src/_zkapauthorizer/schema.py
@@ -20,6 +20,7 @@ from __future__ import (
 This module defines the database schema used by the model interface.
 """
 
+
 def get_schema_version(cursor):
     cursor.execute(
         """
@@ -63,12 +64,10 @@ def run_schema_upgrades(upgrades, cursor):
         cursor.execute(upgrade)
 
 
-_INCREMENT_VERSION = (
-    """
+_INCREMENT_VERSION = """
     UPDATE [version]
     SET [version] = [version] + 1
     """
-)
 
 # A mapping from old schema versions to lists of unicode strings of SQL to
 # execute against that version of the schema to create the successor schema.
@@ -125,7 +124,6 @@ _UPGRADES = {
         )
         """,
     ],
-
     1: [
         """
         -- Incorrectly track a single public-key for all.  Later version of
@@ -133,14 +131,12 @@ _UPGRADES = {
         ALTER TABLE [vouchers] ADD COLUMN [public-key] text
         """,
     ],
-
     2: [
         """
         -- Keep track of progress through redemption of each voucher.
         ALTER TABLE [vouchers] ADD COLUMN [counter] integer DEFAULT 0
         """,
     ],
-
     3: [
         """
         -- Reference to the counter these tokens go with.
@@ -158,7 +154,6 @@ _UPGRADES = {
         ALTER TABLE [vouchers] ADD COLUMN [expected-tokens] integer NOT NULL DEFAULT 32768
         """,
     ],
-
     4: [
         """
         CREATE TABLE [invalid-unblinded-tokens] (
@@ -169,7 +164,6 @@ _UPGRADES = {
         )
         """,
     ],
-
     5: [
         """
         -- Create a table where rows represent a single group of unblinded
@@ -190,7 +184,6 @@ _UPGRADES = {
             [public-key] text
         )
         """,
-
         """
         -- Create one redemption group for every existing, redeemed voucher.
         -- These tokens were probably *not* all redeemed in one group but
@@ -199,14 +192,12 @@ _UPGRADES = {
         INSERT INTO [redemption-groups] ([voucher], [public-key], [spendable])
             SELECT DISTINCT([number]), [public-key], 1 FROM [vouchers] WHERE [state] = "redeemed"
         """,
-
         """
         -- Give each voucher a count of "sequestered" tokens.  Currently,
         -- these are unspendable tokens that were issued using a disallowed
         -- public key.
         ALTER TABLE [vouchers] ADD COLUMN [sequestered-count] integer NOT NULL DEFAULT 0
         """,
-
         """
         -- Give each unblinded token a reference to the [redemption-groups]
         -- table identifying the group that token arrived with.  This lets us
diff --git a/src/_zkapauthorizer/spending.py b/src/_zkapauthorizer/spending.py
index 20f0f775f17622f868e19790a35f7725b53f4759..49a693a438aaa11a5b270cb794aabe27e1848e18 100644
--- a/src/_zkapauthorizer/spending.py
+++ b/src/_zkapauthorizer/spending.py
@@ -31,10 +31,12 @@ from .eliot import (
     RESET_PASSES,
 )
 
+
 class IPassGroup(Interface):
     """
     A group of passed meant to be spent together.
     """
+
     passes = Attribute(":ivar list[Pass] passes: The passes themselves.")
 
     def split(select_indices):
@@ -91,6 +93,7 @@ class IPassFactory(Interface):
     """
     An object which can create passes.
     """
+
     def get(message, num_passes):
         """
         :param unicode message: A request-binding message for the resulting passes.
@@ -115,25 +118,18 @@ class PassGroup(object):
 
     :ivar list[Pass] passes: The passes of which this group consists.
     """
+
     _message = attr.ib()
     _factory = attr.ib()
     _tokens = attr.ib()
 
     @property
     def passes(self):
-        return list(
-            pass_
-            for (unblinded_token, pass_)
-            in self._tokens
-        )
+        return list(pass_ for (unblinded_token, pass_) in self._tokens)
 
     @property
     def unblinded_tokens(self):
-        return list(
-            unblinded_token
-            for (unblinded_token, pass_)
-            in self._tokens
-        )
+        return list(unblinded_token for (unblinded_token, pass_) in self._tokens)
 
     def split(self, select_indices):
         selected = []
@@ -171,6 +167,7 @@ class SpendingController(object):
     A ``SpendingController`` gives out ZKAPs and arranges for re-spend
     attempts when necessary.
     """
+
     get_unblinded_tokens = attr.ib()
     discard_unblinded_tokens = attr.ib()
     invalidate_unblinded_tokens = attr.ib()
diff --git a/src/_zkapauthorizer/storage_common.py b/src/_zkapauthorizer/storage_common.py
index 0709e4152cd6773d0c8a39b9055df3202f15bab2..85051327a5fdfb5b576cfaaf28a08720b79d9461 100644
--- a/src/_zkapauthorizer/storage_common.py
+++ b/src/_zkapauthorizer/storage_common.py
@@ -38,6 +38,7 @@ from pyutil.mathutil import (
     div_ceil,
 )
 
+
 @attr.s(frozen=True, str=True)
 class MorePassesRequired(Exception):
     """
@@ -53,6 +54,7 @@ class MorePassesRequired(Exception):
     :ivar set[int] signature_check_failed: Indices into the supplied list of
         passes indicating passes which failed the signature check.
     """
+
     valid_count = attr.ib(validator=attr.validators.instance_of((int, long)))
     required_count = attr.ib(validator=attr.validators.instance_of((int, long)))
     signature_check_failed = attr.ib(converter=frozenset)
@@ -64,18 +66,23 @@ def _message_maker(label):
             label=label,
             storage_index=b64encode(storage_index),
         )
+
     return make_message
 
+
 # Functions to construct the PrivacyPass request-binding message for pass
 # construction for different Tahoe-LAFS storage operations.
 allocate_buckets_message = _message_maker(u"allocate_buckets")
 add_lease_message = _message_maker(u"add_lease")
-slot_testv_and_readv_and_writev_message = _message_maker(u"slot_testv_and_readv_and_writev")
+slot_testv_and_readv_and_writev_message = _message_maker(
+    u"slot_testv_and_readv_and_writev"
+)
 
 # The number of bytes we're willing to store for a lease period for each pass
 # submitted.
 BYTES_PER_PASS = 1024 * 1024
 
+
 def get_configured_shares_needed(node_config):
     """
     Determine the configured-specified value of "needed" shares (``k``).
@@ -83,11 +90,13 @@ def get_configured_shares_needed(node_config):
     If no value is explicitly configured, the Tahoe-LAFS default (as best as
     we know it) is returned.
     """
-    return int(node_config.get_config(
-        section=u"client",
-        option=u"shares.needed",
-        default=3,
-    ))
+    return int(
+        node_config.get_config(
+            section=u"client",
+            option=u"shares.needed",
+            default=3,
+        )
+    )
 
 
 def get_configured_shares_total(node_config):
@@ -97,11 +106,13 @@ def get_configured_shares_total(node_config):
     If no value is explicitly configured, the Tahoe-LAFS default (as best as
     we know it) is returned.
     """
-    return int(node_config.get_config(
-        section=u"client",
-        option=u"shares.total",
-        default=10,
-    ))
+    return int(
+        node_config.get_config(
+            section=u"client",
+            option=u"shares.total",
+            default=10,
+        )
+    )
 
 
 def get_configured_pass_value(node_config):
@@ -113,11 +124,13 @@ def get_configured_pass_value(node_config):
     client section.
     """
     section_name = u"storageclient.plugins.privatestorageio-zkapauthz-v1"
-    return int(node_config.get_config(
-        section=section_name,
-        option=u"pass-value",
-        default=BYTES_PER_PASS,
-    ))
+    return int(
+        node_config.get_config(
+            section=section_name,
+            option=u"pass-value",
+            default=BYTES_PER_PASS,
+        )
+    )
 
 
 def get_configured_lease_duration(node_config):
@@ -136,10 +149,14 @@ def get_configured_allowed_public_keys(node_config):
     Read the set of allowed issuer public keys from the given configuration.
     """
     section_name = u"storageclient.plugins.privatestorageio-zkapauthz-v1"
-    return set(node_config.get_config(
-        section=section_name,
-        option=u"allowed-public-keys",
-    ).strip().split(","))
+    return set(
+        node_config.get_config(
+            section=section_name,
+            option=u"allowed-public-keys",
+        )
+        .strip()
+        .split(",")
+    )
 
 
 def required_passes(bytes_per_pass, share_sizes):
@@ -194,8 +211,7 @@ def has_writes(tw_vectors):
     """
     return any(
         data or (new_length is not None)
-        for (test, data, new_length)
-        in tw_vectors.values()
+        for (test, data, new_length) in tw_vectors.values()
     )
 
 
@@ -207,10 +223,7 @@ def get_sharenums(tw_vectors):
     :return set[int]: The share numbers which the given test/write vectors would write to.
     """
     return set(
-        sharenum
-        for (sharenum, (test, data, new_length))
-        in tw_vectors.items()
-        if data
+        sharenum for (sharenum, (test, data, new_length)) in tw_vectors.items() if data
     )
 
 
@@ -224,8 +237,7 @@ def get_allocated_size(tw_vectors):
     return max(
         list(
             max(offset + len(s) for (offset, s) in data)
-            for (sharenum, (test, data, new_length))
-            in tw_vectors.items()
+            for (sharenum, (test, data, new_length)) in tw_vectors.items()
             if data
         ),
     )
@@ -241,11 +253,9 @@ def get_implied_data_length(data_vector, new_length):
     :return int: The amount of data, in bytes, implied by a data vector and a
         size.
     """
-    data_based_size = max(
-        offset + len(data)
-        for (offset, data)
-        in data_vector
-    ) if data_vector else 0
+    data_based_size = (
+        max(offset + len(data) for (offset, data) in data_vector) if data_vector else 0
+    )
     if new_length is None:
         return data_based_size
     # new_length is only allowed to truncate, not expand.
@@ -266,8 +276,7 @@ def get_required_new_passes_for_mutable_write(pass_value, current_sizes, tw_vect
     new_sizes = current_sizes.copy()
     size_updates = {
         sharenum: get_implied_data_length(data_vector, new_length)
-        for (sharenum, (_, data_vector, new_length))
-        in tw_vectors.items()
+        for (sharenum, (_, data_vector, new_length)) in tw_vectors.items()
     }
     for sharenum, size in size_updates.items():
         if size > new_sizes.get(sharenum, 0):
@@ -289,25 +298,21 @@ def get_required_new_passes_for_mutable_write(pass_value, current_sizes, tw_vect
     )
     return required_new_passes
 
+
 def summarize(tw_vectors):
     return {
         sharenum: (
             list(
                 (offset, length, operator, len(specimen))
-                for (offset, length, operator, specimen)
-                in test_vector
-            ),
-            list(
-                (offset, len(data))
-                for (offset, data)
-                in data_vectors
+                for (offset, length, operator, specimen) in test_vector
             ),
+            list((offset, len(data)) for (offset, data) in data_vectors),
             new_length,
         )
-        for (sharenum, (test_vector, data_vectors, new_length))
-        in tw_vectors.items()
+        for (sharenum, (test_vector, data_vectors, new_length)) in tw_vectors.items()
     }
 
+
 def pass_value_attribute():
     """
     Define an attribute for an attrs-based object which can hold a pass value.
diff --git a/src/_zkapauthorizer/tests/__init__.py b/src/_zkapauthorizer/tests/__init__.py
index 102647a022c45553eb27ea9da5dfd0e433a11941..6b2e7df4628ca47cd6186d709c19266c425d2273 100644
--- a/src/_zkapauthorizer/tests/__init__.py
+++ b/src/_zkapauthorizer/tests/__init__.py
@@ -16,6 +16,7 @@
 The automated unit test suite.
 """
 
+
 def _configure_hypothesis():
     """
     Select define Hypothesis profiles and select one based on environment
@@ -41,10 +42,7 @@ def _configure_hypothesis():
         deadline=None,
     )
 
-    settings.register_profile(
-        "default",
-        **base
-    )
+    settings.register_profile("default", **base)
 
     settings.register_profile(
         "ci",
@@ -70,4 +68,5 @@ def _configure_hypothesis():
     settings.load_profile(profile_name)
     print("Loaded profile {}".format(profile_name))
 
+
 _configure_hypothesis()
diff --git a/src/_zkapauthorizer/tests/_exception.py b/src/_zkapauthorizer/tests/_exception.py
index 5e8bc8f5b21c29ebba4e93528a417761ff3fcf1d..a91f2fbf569526893cddae201909a83ae915a910 100644
--- a/src/_zkapauthorizer/tests/_exception.py
+++ b/src/_zkapauthorizer/tests/_exception.py
@@ -15,10 +15,10 @@
 # limitations under the License.
 
 __all__ = [
-    'MatchesExceptionType',
-    'Raises',
-    'raises',
-    ]
+    "MatchesExceptionType",
+    "Raises",
+    "raises",
+]
 
 import sys
 
@@ -55,7 +55,7 @@ class MatchesExceptionType(Matcher):
 
     def match(self, other):
         if type(other) != tuple:
-            return Mismatch('{!r} is not an exc_info tuple'.format(other))
+            return Mismatch("{!r} is not an exc_info tuple".format(other))
         expected_class = self.expected
         etype, evalue, etb = other
         if not issubclass(etype, expected_class):
@@ -94,7 +94,7 @@ class Raises(Matcher):
     def match(self, matchee):
         try:
             result = matchee()
-            return Mismatch('%r returned %r' % (matchee, result))
+            return Mismatch("%r returned %r" % (matchee, result))
         # Catch all exceptions: Raises() should be able to match a
         # KeyboardInterrupt or SystemExit.
         except:
@@ -113,7 +113,7 @@ class Raises(Matcher):
         return None
 
     def __str__(self):
-        return 'Raises()'
+        return "Raises()"
 
 
 def raises(exception_type):
diff --git a/src/_zkapauthorizer/tests/common.py b/src/_zkapauthorizer/tests/common.py
index 39aa9119e10c22670c2948b4f53a7dbb22dc4f6e..3a362a69d7b7ea6b7336890cdc6560fab6341a14 100644
--- a/src/_zkapauthorizer/tests/common.py
+++ b/src/_zkapauthorizer/tests/common.py
@@ -37,5 +37,7 @@ def _skipper(reason):
     def wrapper(f):
         def skipIt(self, *a, **kw):
             self.skipTest(reason)
+
         return skipIt
+
     return wrapper
diff --git a/src/_zkapauthorizer/tests/fixtures.py b/src/_zkapauthorizer/tests/fixtures.py
index 7f2246a2e15a605895730dd0fff3dfe3ea3978f1..3b554f2a1a4cf722d620ac3d0c93538914e62d46 100644
--- a/src/_zkapauthorizer/tests/fixtures.py
+++ b/src/_zkapauthorizer/tests/fixtures.py
@@ -52,6 +52,7 @@ from ..controller import (
     PaymentController,
 )
 
+
 @attr.s
 class AnonymousStorageServer(Fixture):
     """
@@ -67,6 +68,7 @@ class AnonymousStorageServer(Fixture):
     :ivar twisted.internet.task.Clock clock: The ``IReactorTime`` provider to
         supply to ``StorageServer`` for its time-checking needs.
     """
+
     clock = attr.ib()
 
     def _setUp(self):
@@ -82,9 +84,7 @@ class AnonymousStorageServer(Fixture):
             timeargs = {}
 
         self.storage_server = StorageServer(
-            self.tempdir.asBytesMode().path,
-            b"x" * 20,
-            **timeargs
+            self.tempdir.asBytesMode().path, b"x" * 20, **timeargs
         )
 
 
@@ -100,6 +100,7 @@ class TemporaryVoucherStore(Fixture):
 
     :ivar store: A newly created temporary store.
     """
+
     get_config = attr.ib()
     get_now = attr.ib()
 
@@ -122,6 +123,7 @@ class ConfiglessMemoryVoucherStore(Fixture):
     This is like ``TemporaryVoucherStore`` but faster because it skips the
     Tahoe-LAFS parts.
     """
+
     get_now = attr.ib()
     _public_key = attr.ib(default=b64encode(b"A" * 32).decode("utf-8"))
     redeemer = attr.ib(default=None, init=False)
diff --git a/src/_zkapauthorizer/tests/foolscap.py b/src/_zkapauthorizer/tests/foolscap.py
index 35716998d69bb32c5066f244e285aececd0bf6ba..93ba2142e6de4ddd0fcebd268ce270f2fa3ce5bf 100644
--- a/src/_zkapauthorizer/tests/foolscap.py
+++ b/src/_zkapauthorizer/tests/foolscap.py
@@ -46,6 +46,7 @@ from allmydata.interfaces import (
     RIStorageServer,
 )
 
+
 class RIStub(RemoteInterface):
     pass
 
@@ -54,6 +55,7 @@ class RIEcho(RemoteInterface):
     def echo(argument=Any()):
         return Any()
 
+
 @implementer(RIStorageServer)
 class StubStorageServer(object):
     pass
@@ -85,11 +87,13 @@ class DummyReferenceable(object):
     def doRemoteCall(self, *a, **kw):
         return None
 
+
 @attr.s
 class LocalTracker(object):
     """
     Pretend to be a tracker for a ``LocalRemote``.
     """
+
     interface = attr.ib()
     interfaceName = attr.ib(default=None)
 
@@ -115,6 +119,7 @@ class LocalRemote(object):
     :ivar foolscap.ipb.IReferenceable _referenceable: The object to which this
         provides a simulated remote interface.
     """
+
     _referenceable = attr.ib()
     check_args = attr.ib(default=True)
     tracker = attr.ib(default=None)
diff --git a/src/_zkapauthorizer/tests/json.py b/src/_zkapauthorizer/tests/json.py
index e96cc74bbd830ccf7af0ad52882143bd9824594c..3ffc724f73a30870354be71cee88b8c8fb5e99e2 100644
--- a/src/_zkapauthorizer/tests/json.py
+++ b/src/_zkapauthorizer/tests/json.py
@@ -24,6 +24,7 @@ from json import (
     loads as _loads,
 )
 
+
 def loads(data):
     """
     Load a JSON object from a byte string.
diff --git a/src/_zkapauthorizer/tests/matchers.py b/src/_zkapauthorizer/tests/matchers.py
index ea3343143e2d75ccf4c62d2f3c793265d64b6575..18fb3ea7fc5cc169e098ba0f74a0906c3a63d104 100644
--- a/src/_zkapauthorizer/tests/matchers.py
+++ b/src/_zkapauthorizer/tests/matchers.py
@@ -57,11 +57,13 @@ from ._exception import (
     raises,
 )
 
+
 @attr.s
 class Provides(object):
     """
     Match objects that provide all of a list of Zope Interface interfaces.
     """
+
     interfaces = attr.ib(validator=attr.validators.instance_of(list))
 
     def match(self, obj):
@@ -70,9 +72,12 @@ class Provides(object):
             if not iface.providedBy(obj):
                 missing.add(iface)
         if missing:
-            return Mismatch("{} does not provide expected {}".format(
-                obj, ", ".join(str(iface) for iface in missing),
-            ))
+            return Mismatch(
+                "{} does not provide expected {}".format(
+                    obj,
+                    ", ".join(str(iface) for iface in missing),
+                )
+            )
 
 
 def matches_version_dictionary():
@@ -81,13 +86,14 @@ def matches_version_dictionary():
     ``RIStorageServer.get_version`` which is also the dictionary returned by
     our own ``RIPrivacyPassAuthorizedStorageServer.get_version``.
     """
-    return ContainsDict({
-        # It has these two top-level keys, at least.  Try not to be too
-        # fragile by asserting much more than that they are present.
-        b'application-version': Always(),
-        b'http://allmydata.org/tahoe/protocols/storage/v1': Always(),
-    })
-
+    return ContainsDict(
+        {
+            # It has these two top-level keys, at least.  Try not to be too
+            # fragile by asserting much more than that they are present.
+            b"application-version": Always(),
+            b"http://allmydata.org/tahoe/protocols/storage/v1": Always(),
+        }
+    )
 
 
 def returns(matcher):
@@ -98,16 +104,13 @@ def returns(matcher):
     return _Returns(matcher)
 
 
-
 class _Returns(Matcher):
     def __init__(self, result_matcher):
         self.result_matcher = result_matcher
 
-
     def match(self, matchee):
         return self.result_matcher.match(matchee())
 
-
     def __str__(self):
         return "Returns({})".format(self.result_matcher)
 
@@ -147,8 +150,7 @@ def leases_current(relevant_storage_indexes, now, min_lease_remaining):
         # visited and maintained.
         lambda storage_server: list(
             stat
-            for (storage_index, stat)
-            in storage_server.buckets.items()
+            for (storage_index, stat) in storage_server.buckets.items()
             if storage_index in relevant_storage_indexes
         ),
         AllMatch(
@@ -157,7 +159,9 @@ def leases_current(relevant_storage_indexes, now, min_lease_remaining):
                 # further in the future than min_lease_remaining,
                 # either because it had time left or because we
                 # renewed it.
-                lambda share_stat: datetime.utcfromtimestamp(share_stat.lease_expiration),
+                lambda share_stat: datetime.utcfromtimestamp(
+                    share_stat.lease_expiration
+                ),
                 GreaterThan(now + min_lease_remaining),
             ),
         ),
@@ -184,7 +188,9 @@ def odd():
     )
 
 
-def matches_response(code_matcher=Always(), headers_matcher=Always(), body_matcher=Always()):
+def matches_response(
+    code_matcher=Always(), headers_matcher=Always(), body_matcher=Always()
+):
     """
     Match a Treq response object with certain code and body.
 
diff --git a/src/_zkapauthorizer/tests/privacypass.py b/src/_zkapauthorizer/tests/privacypass.py
index fcc3c6700472c03369d07927a92b408d48415d92..d678fa5b1c313ca757b8c627bdc9f60b39abe756 100644
--- a/src/_zkapauthorizer/tests/privacypass.py
+++ b/src/_zkapauthorizer/tests/privacypass.py
@@ -25,6 +25,7 @@ from challenge_bypass_ristretto import (
     PublicKey,
 )
 
+
 def make_passes(signing_key, for_message, random_tokens):
     """
     Create a number of cryptographically correct privacy passes.
@@ -41,15 +42,9 @@ def make_passes(signing_key, for_message, random_tokens):
     :return list[unicode]: The privacy passes.  The returned list has one
         element for each element of ``random_tokens``.
     """
-    blinded_tokens = list(
-        token.blind()
-        for token
-        in random_tokens
-    )
+    blinded_tokens = list(token.blind() for token in random_tokens)
     signatures = list(
-        signing_key.sign(blinded_token)
-        for blinded_token
-        in blinded_tokens
+        signing_key.sign(blinded_token) for blinded_token in blinded_tokens
     )
     proof = BatchDLEQProof.create(
         signing_key,
@@ -63,26 +58,21 @@ def make_passes(signing_key, for_message, random_tokens):
         PublicKey.from_signing_key(signing_key),
     )
     preimages = list(
-        unblinded_signature.preimage()
-        for unblinded_signature
-        in unblinded_signatures
+        unblinded_signature.preimage() for unblinded_signature in unblinded_signatures
     )
     verification_keys = list(
         unblinded_signature.derive_verification_key_sha512()
-        for unblinded_signature
-        in unblinded_signatures
+        for unblinded_signature in unblinded_signatures
     )
     message_signatures = list(
         verification_key.sign_sha512(for_message.encode("utf-8"))
-        for verification_key
-        in verification_keys
+        for verification_key in verification_keys
     )
     passes = list(
         u"{} {}".format(
             preimage.encode_base64().decode("ascii"),
             signature.encode_base64().decode("ascii"),
         ).encode("ascii")
-        for (preimage, signature)
-        in zip(preimages, message_signatures)
+        for (preimage, signature) in zip(preimages, message_signatures)
     )
     return passes
diff --git a/src/_zkapauthorizer/tests/storage_common.py b/src/_zkapauthorizer/tests/storage_common.py
index 5141dd58cd64ea5bf126a1364e8e2d13f8f942dd..88df0ae5abcf82f82747ac38c76eb44b37d13253 100644
--- a/src/_zkapauthorizer/tests/storage_common.py
+++ b/src/_zkapauthorizer/tests/storage_common.py
@@ -67,6 +67,7 @@ from ..spending import (
 # Hard-coded in Tahoe-LAFS
 LEASE_INTERVAL = 60 * 60 * 24 * 31
 
+
 def cleanup_storage_server(storage_server):
     """
     Delete all of the shares held by the given storage server.
@@ -85,13 +86,13 @@ def cleanup_storage_server(storage_server):
 
 
 def write_toy_shares(
-        storage_server,
-        storage_index,
-        renew_secret,
-        cancel_secret,
-        sharenums,
-        size,
-        canary,
+    storage_server,
+    storage_index,
+    renew_secret,
+    cancel_secret,
+    sharenums,
+    size,
+    canary,
 ):
     """
     Write some immutable shares to the given storage server.
@@ -161,8 +162,7 @@ def whitebox_write_sparse_share(sharepath, version, size, leases, now):
                     # expiration timestamp
                     int(now + LEASE_INTERVAL),
                 )
-                for renew
-                in leases
+                for renew in leases
             ),
         )
 
@@ -175,11 +175,13 @@ def integer_passes(limit):
         passes.  Successive calls to the function return unique pass values.
     """
     counter = iter(range(limit))
+
     def get_passes(message, num_passes):
         result = list(islice(counter, num_passes))
         if len(result) < num_passes:
             raise NotEnoughTokens()
         return result
+
     return get_passes
 
 
@@ -196,8 +198,7 @@ def get_passes(message, count, signing_key):
     """
     return list(
         Pass(*pass_.split(u" "))
-        for pass_
-        in make_passes(
+        for pass_ in make_passes(
             signing_key,
             message,
             list(RandomToken.create() for n in range(count)),
@@ -252,6 +253,7 @@ class _PassFactory(object):
     :ivar list[int] returned: A list of passes which were given out but then
         returned via ``IPassGroup.reset``.
     """
+
     _get_passes = attr.ib()
 
     returned = attr.ib(default=attr.Factory(list), init=False)
@@ -291,7 +293,9 @@ class _PassFactory(object):
     def _mark_invalid(self, reason, passes):
         for p in passes:
             if p not in self.in_use:
-                raise ValueError("Pass {} cannot be invalid, it is not in use.".format(p))
+                raise ValueError(
+                    "Pass {} cannot be invalid, it is not in use.".format(p)
+                )
         self.invalid.update(dict.fromkeys(passes, reason))
         self.in_use.difference_update(passes)
 
diff --git a/src/_zkapauthorizer/tests/strategies.py b/src/_zkapauthorizer/tests/strategies.py
index 4fe4df3f2f0b58fc860651a7ff9c4ddc011f0688..74f4e598881ca49a894593542ef196747b70b009 100644
--- a/src/_zkapauthorizer/tests/strategies.py
+++ b/src/_zkapauthorizer/tests/strategies.py
@@ -101,6 +101,7 @@ _UNBLINDED_TOKEN_LENGTH = 96
 # The length of a `VerificationSignature`, in bytes.
 _VERIFICATION_SIGNATURE_LENGTH = 64
 
+
 def tahoe_config_texts(storage_client_plugins, shares):
     """
     Build the text of complete Tahoe-LAFS configurations for a node.
@@ -113,6 +114,7 @@ def tahoe_config_texts(storage_client_plugins, shares):
         may be an integer or None to leave it unconfigured (and rely on the
         default).
     """
+
     def merge_shares(shares, the_rest):
         for (k, v) in zip(("needed", "happy", "total"), shares):
             if v is not None:
@@ -138,8 +140,7 @@ def tahoe_config_texts(storage_client_plugins, shares):
         fixed_dictionaries(
             {
                 "storageclient.plugins.{}".format(name): configs
-                for (name, configs)
-                in storage_client_plugins.items()
+                for (name, configs) in storage_client_plugins.items()
             },
         ),
         fixed_dictionaries(
@@ -198,13 +199,17 @@ def dummy_ristretto_keys():
     They're not really because they're entirely random rather than points on
     the curve.
     """
-    return binary(
-        min_size=32,
-        max_size=32,
-    ).map(
-        b64encode,
-    ).map(
-        lambda bs: bs.decode("ascii"),
+    return (
+        binary(
+            min_size=32,
+            max_size=32,
+        )
+        .map(
+            b64encode,
+        )
+        .map(
+            lambda bs: bs.decode("ascii"),
+        )
     )
 
 
@@ -216,17 +221,22 @@ def server_configurations(signing_key_path):
         **ristretto-signing-key-path** item.
     """
     return one_of(
-        fixed_dictionaries({
-            u"pass-value":
-            # The configuration is ini so everything is always a byte string!
-            integers(min_value=1).map(bytes),
-        }),
+        fixed_dictionaries(
+            {
+                u"pass-value":
+                # The configuration is ini so everything is always a byte string!
+                integers(min_value=1).map(bytes),
+            }
+        ),
         just({}),
     ).map(
-        lambda config: config.update({
-            u"ristretto-issuer-root-url": u"https://issuer.example.invalid/",
-            u"ristretto-signing-key-path": signing_key_path.path,
-        }) or config,
+        lambda config: config.update(
+            {
+                u"ristretto-issuer-root-url": u"https://issuer.example.invalid/",
+                u"ristretto-signing-key-path": signing_key_path.path,
+            }
+        )
+        or config,
     )
 
 
@@ -274,26 +284,34 @@ def client_ristrettoredeemer_configurations():
     """
     Build Ristretto-using configuration values for the client-side plugin.
     """
-    return zkapauthz_configuration(just({
-        u"ristretto-issuer-root-url": u"https://issuer.example.invalid/",
-        u"redeemer": u"ristretto",
-    }))
+    return zkapauthz_configuration(
+        just(
+            {
+                u"ristretto-issuer-root-url": u"https://issuer.example.invalid/",
+                u"redeemer": u"ristretto",
+            }
+        )
+    )
 
 
 def client_dummyredeemer_configurations():
     """
     Build DummyRedeemer-using configuration values for the client-side plugin.
     """
+
     def share_a_key(allowed_keys):
         return zkapauthz_configuration(
-            just({
-                u"redeemer": u"dummy",
-                # Pick out one of the allowed public keys so that the dummy
-                # appears to produce usable tokens.
-                u"issuer-public-key": next(iter(allowed_keys)),
-            }),
+            just(
+                {
+                    u"redeemer": u"dummy",
+                    # Pick out one of the allowed public keys so that the dummy
+                    # appears to produce usable tokens.
+                    u"issuer-public-key": next(iter(allowed_keys)),
+                }
+            ),
             allowed_public_keys=just(allowed_keys),
         )
+
     return dummy_ristretto_keys_sets().flatmap(share_a_key)
 
 
@@ -309,42 +327,58 @@ def client_doublespendredeemer_configurations(default_token_counts=token_counts(
     """
     Build DoubleSpendRedeemer-using configuration values for the client-side plugin.
     """
-    return zkapauthz_configuration(just({
-        u"redeemer": u"double-spend",
-    }))
+    return zkapauthz_configuration(
+        just(
+            {
+                u"redeemer": u"double-spend",
+            }
+        )
+    )
 
 
 def client_unpaidredeemer_configurations():
     """
     Build UnpaidRedeemer-using configuration values for the client-side plugin.
     """
-    return zkapauthz_configuration(just({
-        u"redeemer": u"unpaid",
-    }))
+    return zkapauthz_configuration(
+        just(
+            {
+                u"redeemer": u"unpaid",
+            }
+        )
+    )
 
 
 def client_nonredeemer_configurations():
     """
     Build NonRedeemer-using configuration values for the client-side plugin.
     """
-    return zkapauthz_configuration(just({
-        u"redeemer": u"non",
-    }))
+    return zkapauthz_configuration(
+        just(
+            {
+                u"redeemer": u"non",
+            }
+        )
+    )
 
 
 def client_errorredeemer_configurations(details):
     """
     Build ErrorRedeemer-using configuration values for the client-side plugin.
     """
-    return zkapauthz_configuration(just({
-        u"redeemer": u"error",
-        u"details": details,
-    }))
+    return zkapauthz_configuration(
+        just(
+            {
+                u"redeemer": u"error",
+                u"details": details,
+            }
+        )
+    )
 
 
 def direct_tahoe_configs(
-        zkapauthz_v1_configuration=client_dummyredeemer_configurations(),
-        shares=just((None, None, None)),
+    zkapauthz_v1_configuration=client_dummyredeemer_configurations(),
+    shares=just((None, None, None)),
 ):
     """
     Build complete Tahoe-LAFS configurations including the zkapauthorizer
@@ -355,9 +389,12 @@ def direct_tahoe_configs(
     :return SearchStrategy[_Config]: A strategy that builds Tahoe config
         objects.
     """
-    config_texts = minimal_tahoe_configs({
-        u"privatestorageio-zkapauthz-v1": zkapauthz_v1_configuration,
-    }, shares)
+    config_texts = minimal_tahoe_configs(
+        {
+            u"privatestorageio-zkapauthz-v1": zkapauthz_v1_configuration,
+        },
+        shares,
+    )
     return config_texts.map(
         lambda config_text: config_from_string(
             u"/dev/null/illegal",
@@ -368,8 +405,8 @@ def direct_tahoe_configs(
 
 
 def tahoe_configs(
-        zkapauthz_v1_configuration=client_dummyredeemer_configurations(),
-        shares=just((None, None, None)),
+    zkapauthz_v1_configuration=client_dummyredeemer_configurations(),
+    shares=just((None, None, None)),
 ):
     """
     Build complete Tahoe-LAFS configurations including the zkapauthorizer
@@ -384,16 +421,16 @@ def tahoe_configs(
         are the ``basedir`` and ``portnumfile`` arguments to Tahoe's
         ``config_from_string.``
     """
+
     def path_setter(config):
         def set_paths(basedir, portnumfile):
             config._basedir = basedir.decode("ascii")
             config.portnum_fname = portnumfile
             return config
+
         return set_paths
-    return direct_tahoe_configs(
-        zkapauthz_v1_configuration,
-        shares,
-    ).map(
+
+    return direct_tahoe_configs(zkapauthz_v1_configuration, shares,).map(
         path_setter,
     )
 
@@ -403,11 +440,7 @@ def share_parameters():
     Build three-tuples of integers giving usable k, happy, N parameters to
     Tahoe-LAFS' erasure encoding process.
     """
-    return lists(
-        integers(min_value=1, max_value=255),
-        min_size=3,
-        max_size=3,
-    ).map(
+    return lists(integers(min_value=1, max_value=255), min_size=3, max_size=3,).map(
         sorted,
     )
 
@@ -416,13 +449,17 @@ def vouchers():
     """
     Build unicode strings in the format of vouchers.
     """
-    return binary(
-        min_size=32,
-        max_size=32,
-    ).map(
-        urlsafe_b64encode,
-    ).map(
-        lambda voucher: voucher.decode("ascii"),
+    return (
+        binary(
+            min_size=32,
+            max_size=32,
+        )
+        .map(
+            urlsafe_b64encode,
+        )
+        .map(
+            lambda voucher: voucher.decode("ascii"),
+        )
     )
 
 
@@ -516,13 +553,12 @@ def byte_strings(label, length, entropy):
     potentially the entire length is random.
     """
     if len(label) + entropy > length:
-        raise ValueError("Entropy and label don't fit into {} bytes".format(
-            length,
-        ))
-    return binary(
-        min_size=entropy,
-        max_size=entropy,
-    ).map(
+        raise ValueError(
+            "Entropy and label don't fit into {} bytes".format(
+                length,
+            )
+        )
+    return binary(min_size=entropy, max_size=entropy,).map(
         lambda bs: label + b"x" * (length - entropy - len(label)) + bs,
     )
 
@@ -531,14 +567,18 @@ def random_tokens():
     """
     Build ``RandomToken`` instances.
     """
-    return byte_strings(
-        label=b"random-tokens",
-        length=_TOKEN_LENGTH,
-        entropy=4,
-    ).map(
-        b64encode,
-    ).map(
-        lambda token: RandomToken(token.decode("ascii")),
+    return (
+        byte_strings(
+            label=b"random-tokens",
+            length=_TOKEN_LENGTH,
+            entropy=4,
+        )
+        .map(
+            b64encode,
+        )
+        .map(
+            lambda token: RandomToken(token.decode("ascii")),
+        )
     )
 
 
@@ -586,14 +626,18 @@ def unblinded_tokens():
     base64 encode data.  You cannot use these in the PrivacyPass cryptographic
     protocol but you can put them into the database and take them out again.
     """
-    return byte_strings(
-        label=b"unblinded-tokens",
-        length=_UNBLINDED_TOKEN_LENGTH,
-        entropy=4,
-    ).map(
-        b64encode,
-    ).map(
-        lambda zkap: UnblindedToken(zkap.decode("ascii")),
+    return (
+        byte_strings(
+            label=b"unblinded-tokens",
+            length=_UNBLINDED_TOKEN_LENGTH,
+            entropy=4,
+        )
+        .map(
+            b64encode,
+        )
+        .map(
+            lambda zkap: UnblindedToken(zkap.decode("ascii")),
+        )
     )
 
 
@@ -729,10 +773,7 @@ def shares():
     """
     Build Tahoe-LAFS share data.
     """
-    return tuples(
-        sharenums(),
-        sizes()
-    ).map(
+    return tuples(sharenums(), sizes()).map(
         lambda num_and_size: bytes_for_share(*num_and_size),
     )
 
@@ -775,6 +816,7 @@ class TestAndWriteVectors(object):
     ``tw_vectors`` parameter accepted by
     ``RIStorageServer.slot_testv_and_readv_and_writev``.
     """
+
     test_vector = attr.ib()
     write_vector = attr.ib()
     new_length = attr.ib()
@@ -822,13 +864,16 @@ def announcements():
     """
     Build announcements for the ZKAPAuthorizer plugin.
     """
-    return just({
-        u"ristretto-issuer-root-url": u"https://issuer.example.invalid/",
-    })
+    return just(
+        {
+            u"ristretto-issuer-root-url": u"https://issuer.example.invalid/",
+        }
+    )
 
 
 _POSIX_EPOCH = datetime.utcfromtimestamp(0)
 
+
 def posix_safe_datetimes():
     """
     Build datetime instances in a range that can be represented as floats
@@ -869,10 +914,12 @@ def clocks(now=posix_timestamps()):
     :param now: A strategy that builds POSIX timestamps (ie, ints or floats in
         the range of time_t).
     """
+
     def clock_at_time(when):
         c = Clock()
         c.advance(when)
         return c
+
     return now.map(clock_at_time)
 
 
@@ -936,6 +983,7 @@ def node_hierarchies():
     Build hierarchies of ``IDirectoryNode`` and other ``IFilesystemNode``
     (incomplete) providers.
     """
+
     def storage_indexes_are_distinct(nodes):
         seen = set()
         for n in nodes.flatten():
@@ -945,10 +993,7 @@ def node_hierarchies():
             seen.add(si)
         return True
 
-    return recursive(
-        leaf_nodes(),
-        directory_nodes,
-    ).filter(
+    return recursive(leaf_nodes(), directory_nodes,).filter(
         storage_indexes_are_distinct,
     )
 
@@ -975,22 +1020,26 @@ def ristretto_signing_keys():
     Build byte strings holding base64-encoded Ristretto signing keys, perhaps
     with leading or trailing whitespace.
     """
-    keys = sampled_from([
-        # A few legit keys
-        b"mkQf85V2vyLQRUYuqRb+Ke6K+M9pOtXm4MslsuCdBgg=",
-        b"6f93OIdZHHAmSIaRXDSIU1UcN+sbDAh41TRPb5DhrgI=",
-        b"k58h8yPT18epw+EKMJhwHFfoM6r3TIExKm4efQHNBgM=",
-        b"rbaAlWZ3NCnl5oZ9meviGfpLbyJpgpuiuFOX0rLnNwQ=",
-    ])
-    whitespace = sampled_from([
-        # maybe no whitespace at all
-        b""
-        # or maybe some
-        b" ",
-        b"\t",
-        b"\n",
-        b"\r\n",
-    ])
+    keys = sampled_from(
+        [
+            # A few legit keys
+            b"mkQf85V2vyLQRUYuqRb+Ke6K+M9pOtXm4MslsuCdBgg=",
+            b"6f93OIdZHHAmSIaRXDSIU1UcN+sbDAh41TRPb5DhrgI=",
+            b"k58h8yPT18epw+EKMJhwHFfoM6r3TIExKm4efQHNBgM=",
+            b"rbaAlWZ3NCnl5oZ9meviGfpLbyJpgpuiuFOX0rLnNwQ=",
+        ]
+    )
+    whitespace = sampled_from(
+        [
+            # maybe no whitespace at all
+            b""
+            # or maybe some
+            b" ",
+            b"\t",
+            b"\n",
+            b"\r\n",
+        ]
+    )
 
     return builds(
         lambda leading, key, trailing: leading + key + trailing,
diff --git a/src/_zkapauthorizer/tests/test_base64.py b/src/_zkapauthorizer/tests/test_base64.py
index 4a988b6beae887138a8379210f2e76cae0aaab53..b699a9a8b8916611ba72533b1e6b8433f6e69ed5 100644
--- a/src/_zkapauthorizer/tests/test_base64.py
+++ b/src/_zkapauthorizer/tests/test_base64.py
@@ -47,6 +47,7 @@ class Base64Tests(TestCase):
     """
     Tests for ``urlsafe_b64decode``.
     """
+
     @given(binary())
     def test_roundtrip(self, bytestring):
         """
diff --git a/src/_zkapauthorizer/tests/test_client_resource.py b/src/_zkapauthorizer/tests/test_client_resource.py
index e420b676f2171f804c989b9e183bce831250dd97..55d31f1b6fb38938081dfff32b58a1a7bde2e205 100644
--- a/src/_zkapauthorizer/tests/test_client_resource.py
+++ b/src/_zkapauthorizer/tests/test_client_resource.py
@@ -222,15 +222,14 @@ def not_vouchers():
     """
     return one_of(
         text().filter(
-            lambda t: (
-                not is_urlsafe_base64(t)
-            ),
+            lambda t: (not is_urlsafe_base64(t)),
         ),
         vouchers().map(
             # Turn a valid voucher into a voucher that is invalid only by
             # containing a character from the base64 alphabet in place of one
             # from the urlsafe-base64 alphabet.
-            lambda voucher: u"/" + voucher[1:],
+            lambda voucher: u"/"
+            + voucher[1:],
         ),
     )
 
@@ -254,16 +253,20 @@ def invalid_bodies():
     """
     return one_of(
         # The wrong key but the right kind of value.
-        fixed_dictionaries({
-            u"some-key": vouchers(),
-        }).map(dumps),
+        fixed_dictionaries(
+            {
+                u"some-key": vouchers(),
+            }
+        ).map(dumps),
         # The right key but the wrong kind of value.
-        fixed_dictionaries({
-            u"voucher": one_of(
-                integers(),
-                not_vouchers(),
-            ),
-        }).map(dumps),
+        fixed_dictionaries(
+            {
+                u"voucher": one_of(
+                    integers(),
+                    not_vouchers(),
+                ),
+            }
+        ).map(dumps),
         # Not even JSON
         binary().filter(is_not_json),
     )
@@ -369,6 +372,7 @@ class FromConfigurationTests(TestCase):
     """
     Tests for ``from_configuration``.
     """
+
     @given(tahoe_configs())
     def test_allowed_public_keys(self, get_config):
         """
@@ -393,6 +397,7 @@ class GetTokenCountTests(TestCase):
     """
     Tests for ``get_token_count``.
     """
+
     @given(one_of(none(), integers(min_value=16)))
     def test_get_token_count(self, token_count):
         """
@@ -405,13 +410,15 @@ class GetTokenCountTests(TestCase):
             token_config = {}
         else:
             expected_count = token_count
-            token_config = {
-                u"default-token-count": u"{}".format(expected_count)
-            }
+            token_config = {u"default-token-count": u"{}".format(expected_count)}
 
-        config_text = config_string_from_sections([{
-            u"storageclient.plugins." + plugin_name: token_config,
-        }])
+        config_text = config_string_from_sections(
+            [
+                {
+                    u"storageclient.plugins." + plugin_name: token_config,
+                }
+            ]
+        )
         node_config = config_from_string(
             self.useFixture(TempDir()).join(b"tahoe"),
             u"tub.port",
@@ -427,6 +434,7 @@ class ResourceTests(TestCase):
     """
     General tests for the resources exposed by the plugin.
     """
+
     @given(
         tahoe_configs(),
         request_paths(),
@@ -459,11 +467,15 @@ class ResourceTests(TestCase):
 
     @given(
         tahoe_configs(),
-        requests(sampled_from([
-            [b"unblinded-token"],
-            [b"voucher"],
-            [b"version"],
-        ])),
+        requests(
+            sampled_from(
+                [
+                    [b"unblinded-token"],
+                    [b"voucher"],
+                    [b"version"],
+                ]
+            )
+        ),
     )
     def test_reachable(self, get_config, request):
         """
@@ -534,11 +546,11 @@ class UnblindedTokenTests(TestCase):
     Tests relating to ``/unblinded-token`` as implemented by the
     ``_zkapauthorizer.resource`` module.
     """
+
     def setUp(self):
         super(UnblindedTokenTests, self).setUp()
         self.useFixture(CaptureTwistedLogs())
 
-
     @given(
         tahoe_configs(),
         api_auth_tokens(),
@@ -558,11 +570,15 @@ class UnblindedTokenTests(TestCase):
         )
         root = root_from_config(config, datetime.now)
         agent = RequestTraversalAgent(root)
-        data = BytesIO(dumps({u"unblinded-tokens": list(
-            token.unblinded_token
-            for token
-            in unblinded_tokens
-        )}))
+        data = BytesIO(
+            dumps(
+                {
+                    u"unblinded-tokens": list(
+                        token.unblinded_token for token in unblinded_tokens
+                    )
+                }
+            )
+        )
 
         requesting = authorized_request(
             api_auth_token,
@@ -582,11 +598,7 @@ class UnblindedTokenTests(TestCase):
 
         self.assertThat(
             stored_tokens,
-            Equals(list(
-                token.unblinded_token
-                for token
-                in unblinded_tokens
-            )),
+            Equals(list(token.unblinded_token for token in unblinded_tokens)),
         )
 
     @given(
@@ -694,7 +706,9 @@ class UnblindedTokenTests(TestCase):
         maybe_extra_tokens(),
         text(max_size=64),
     )
-    def test_get_position(self, get_config, api_auth_token, voucher, extra_tokens, position):
+    def test_get_position(
+        self, get_config, api_auth_token, voucher, extra_tokens, position
+    ):
         """
         When the unblinded token collection receives a **GET** with a **position**
         query argument, it returns all unblinded tokens which sort greater
@@ -754,16 +768,21 @@ class UnblindedTokenTests(TestCase):
         integers(min_value=1, max_value=16),
         integers(min_value=1, max_value=128),
     )
-    def test_get_order_matches_use_order(self, get_config, api_auth_token, voucher, num_redemption_groups, extra_tokens):
+    def test_get_order_matches_use_order(
+        self, get_config, api_auth_token, voucher, num_redemption_groups, extra_tokens
+    ):
         """
         The first unblinded token returned in a response to a **GET** request is
         the first token to be used to authorize a storage request.
         """
+
         def after(d, f):
             new_d = Deferred()
+
             def f_and_continue(result):
                 maybeDeferred(f).chainDeferred(new_d)
                 return result
+
             d.addCallback(f_and_continue)
             return new_d
 
@@ -812,7 +831,8 @@ class UnblindedTokenTests(TestCase):
             gatherResults([getting_initial_tokens, getting_tokens_after]),
             succeeded(
                 MatchesPredicate(
-                    lambda (initial_tokens, tokens_after): initial_tokens[1:] == tokens_after,
+                    lambda (initial_tokens, tokens_after): initial_tokens[1:]
+                    == tokens_after,
                     u"initial, after (%s): initial[1:] != after",
                 ),
             ),
@@ -829,7 +849,9 @@ class UnblindedTokenTests(TestCase):
         ),
         datetimes(),
     )
-    def test_latest_lease_maintenance_spending(self, get_config, api_auth_token, size_observations, now):
+    def test_latest_lease_maintenance_spending(
+        self, get_config, api_auth_token, size_observations, now
+    ):
         """
         The most recently completed record of lease maintenance spending activity
         is reported in the response to a **GET** request.
@@ -862,18 +884,22 @@ class UnblindedTokenTests(TestCase):
         )
         self.assertThat(
             d,
-            succeeded(Equals({
-                "when": now.isoformat(),
-                "count": total,
-            })),
+            succeeded(
+                Equals(
+                    {
+                        "when": now.isoformat(),
+                        "count": total,
+                    }
+                )
+            ),
         )
 
 
 def succeeded_with_unblinded_tokens_with_matcher(
-        all_token_count,
-        match_spendable_token_count,
-        match_unblinded_tokens,
-        match_lease_maint_spending,
+    all_token_count,
+    match_spendable_token_count,
+    match_unblinded_tokens,
+    match_lease_maint_spending,
 ):
     """
     :return: A matcher which matches a Deferred which fires with a response
@@ -894,17 +920,20 @@ def succeeded_with_unblinded_tokens_with_matcher(
             AfterPreprocessing(
                 json_content,
                 succeeded(
-                    ContainsDict({
-                        u"total": Equals(all_token_count),
-                        u"spendable": match_spendable_token_count,
-                        u"unblinded-tokens": match_unblinded_tokens,
-                        u"lease-maintenance-spending": match_lease_maint_spending,
-                    }),
+                    ContainsDict(
+                        {
+                            u"total": Equals(all_token_count),
+                            u"spendable": match_spendable_token_count,
+                            u"unblinded-tokens": match_unblinded_tokens,
+                            u"lease-maintenance-spending": match_lease_maint_spending,
+                        }
+                    ),
                 ),
             ),
         ),
     )
 
+
 def succeeded_with_unblinded_tokens(all_token_count, returned_token_count):
     """
     :return: A matcher which matches a Deferred which fires with a response
@@ -926,6 +955,7 @@ def succeeded_with_unblinded_tokens(all_token_count, returned_token_count):
         match_lease_maint_spending=matches_lease_maintenance_spending(),
     )
 
+
 def matches_lease_maintenance_spending():
     """
     :return: A matcher which matches the value of the
@@ -934,18 +964,22 @@ def matches_lease_maintenance_spending():
     """
     return MatchesAny(
         Is(None),
-        ContainsDict({
-            u"when": matches_iso8601_datetime(),
-            u"amount": matches_positive_integer(),
-        }),
+        ContainsDict(
+            {
+                u"when": matches_iso8601_datetime(),
+                u"amount": matches_positive_integer(),
+            }
+        ),
     )
 
+
 def matches_positive_integer():
     return MatchesAll(
         IsInstance(int),
         GreaterThan(0),
     )
 
+
 def matches_iso8601_datetime():
     """
     :return: A matcher which matches unicode strings which can be parsed as an
@@ -959,17 +993,18 @@ def matches_iso8601_datetime():
         ),
     )
 
+
 class VoucherTests(TestCase):
     """
     Tests relating to ``/voucher`` as implemented by the
     ``_zkapauthorizer.resource`` module and its handling of
     vouchers.
     """
+
     def setUp(self):
         super(VoucherTests, self).setUp()
         self.useFixture(CaptureTwistedLogs())
 
-
     @given(tahoe_configs(), api_auth_tokens(), vouchers())
     def test_put_voucher(self, get_config, api_auth_token, voucher):
         """
@@ -1067,7 +1102,6 @@ class VoucherTests(TestCase):
             ),
         )
 
-
     @given(tahoe_configs(), api_auth_tokens(), vouchers())
     def test_get_unknown_voucher(self, get_config, api_auth_token, voucher):
         """
@@ -1118,10 +1152,12 @@ class VoucherTests(TestCase):
                 number=Equals(voucher),
                 expected_tokens=Equals(count),
                 created=Equals(now),
-                state=Equals(Redeeming(
-                    started=now,
-                    counter=0,
-                )),
+                state=Equals(
+                    Redeeming(
+                        started=now,
+                        counter=0,
+                    )
+                ),
             ),
         )
 
@@ -1148,10 +1184,12 @@ class VoucherTests(TestCase):
                 number=Equals(voucher),
                 expected_tokens=Equals(count),
                 created=Equals(now),
-                state=Equals(Redeemed(
-                    finished=now,
-                    token_count=count,
-                )),
+                state=Equals(
+                    Redeemed(
+                        finished=now,
+                        token_count=count,
+                    )
+                ),
             ),
         )
 
@@ -1179,9 +1217,11 @@ class VoucherTests(TestCase):
                 number=Equals(voucher),
                 expected_tokens=Equals(count),
                 created=Equals(now),
-                state=Equals(DoubleSpend(
-                    finished=now,
-                )),
+                state=Equals(
+                    DoubleSpend(
+                        finished=now,
+                    )
+                ),
             ),
         )
 
@@ -1209,9 +1249,11 @@ class VoucherTests(TestCase):
                 number=Equals(voucher),
                 expected_tokens=Equals(count),
                 created=Equals(now),
-                state=Equals(Unpaid(
-                    finished=now,
-                )),
+                state=Equals(
+                    Unpaid(
+                        finished=now,
+                    )
+                ),
             ),
         )
 
@@ -1239,14 +1281,18 @@ class VoucherTests(TestCase):
                 number=Equals(voucher),
                 expected_tokens=Equals(count),
                 created=Equals(now),
-                state=Equals(Error(
-                    finished=now,
-                    details=TRANSIENT_ERROR,
-                )),
+                state=Equals(
+                    Error(
+                        finished=now,
+                        details=TRANSIENT_ERROR,
+                    )
+                ),
             ),
         )
 
-    def _test_get_known_voucher(self, config, api_auth_token, now, voucher, voucher_matcher):
+    def _test_get_known_voucher(
+        self, config, api_auth_token, now, voucher, voucher_matcher
+    ):
         """
         Assert that a voucher that is ``PUT`` and then ``GET`` is represented in
         the JSON response.
@@ -1321,21 +1367,22 @@ class VoucherTests(TestCase):
             api_auth_token,
             now,
             vouchers,
-            Equals({
-                u"vouchers": list(
-                    Voucher(
-                        number=voucher,
-                        expected_tokens=count,
-                        created=now,
-                        state=Redeemed(
-                            finished=now,
-                            token_count=count,
-                        ),
-                    ).marshal()
-                    for voucher
-                    in vouchers
-                ),
-            }),
+            Equals(
+                {
+                    u"vouchers": list(
+                        Voucher(
+                            number=voucher,
+                            expected_tokens=count,
+                            created=now,
+                            state=Redeemed(
+                                finished=now,
+                                token_count=count,
+                            ),
+                        ).marshal()
+                        for voucher in vouchers
+                    ),
+                }
+            ),
         )
 
     @given(
@@ -1344,7 +1391,9 @@ class VoucherTests(TestCase):
         datetimes(),
         lists(vouchers(), unique=True),
     )
-    def test_list_vouchers_transient_states(self, config, api_auth_token, now, vouchers):
+    def test_list_vouchers_transient_states(
+        self, config, api_auth_token, now, vouchers
+    ):
         """
         A ``GET`` to the ``VoucherCollection`` itself returns a list of existing
         vouchers including state information that reflects transient states.
@@ -1355,23 +1404,26 @@ class VoucherTests(TestCase):
             api_auth_token,
             now,
             vouchers,
-            Equals({
-                u"vouchers": list(
-                    Voucher(
-                        number=voucher,
-                        expected_tokens=count,
-                        created=now,
-                        state=Unpaid(
-                            finished=now,
-                        ),
-                    ).marshal()
-                    for voucher
-                    in vouchers
-                ),
-            }),
+            Equals(
+                {
+                    u"vouchers": list(
+                        Voucher(
+                            number=voucher,
+                            expected_tokens=count,
+                            created=now,
+                            state=Unpaid(
+                                finished=now,
+                            ),
+                        ).marshal()
+                        for voucher in vouchers
+                    ),
+                }
+            ),
         )
 
-    def _test_list_vouchers(self, config, api_auth_token, now, vouchers, match_response_object):
+    def _test_list_vouchers(
+        self, config, api_auth_token, now, vouchers, match_response_object
+    ):
         add_api_token_to_config(
             # Hypothesis causes our test case instances to be re-used many
             # times between setUp and tearDown.  Avoid re-using the same
@@ -1434,13 +1486,17 @@ def mime_types(blacklist=None):
     """
     if blacklist is None:
         blacklist = set()
-    return tuples(
-        text(),
-        text(),
-    ).map(
-        b"/".join,
-    ).filter(
-        lambda content_type: content_type not in blacklist,
+    return (
+        tuples(
+            text(),
+            text(),
+        )
+        .map(
+            b"/".join,
+        )
+        .filter(
+            lambda content_type: content_type not in blacklist,
+        )
     )
 
 
@@ -1449,6 +1505,7 @@ class Request(object):
     """
     Represent some of the parameters of an HTTP request.
     """
+
     method = attr.ib()
     headers = attr.ib()
     data = attr.ib()
@@ -1460,23 +1517,25 @@ def bad_calculate_price_requests():
     ``/calculate-price`` endpoint.
     """
     good_methods = just(b"POST")
-    bad_methods = sampled_from([
-        b"GET",
-        b"HEAD",
-        b"PUT",
-        b"PATCH",
-        b"OPTIONS",
-        b"FOO",
-    ])
+    bad_methods = sampled_from(
+        [
+            b"GET",
+            b"HEAD",
+            b"PUT",
+            b"PATCH",
+            b"OPTIONS",
+            b"FOO",
+        ]
+    )
 
     good_headers = just({b"content-type": [b"application/json"]})
-    bad_headers = fixed_dictionaries({
-        b"content-type": mime_types(
-            blacklist={b"application/json"},
-        ).map(
-            lambda content_type: [content_type],
-        ),
-    })
+    bad_headers = fixed_dictionaries(
+        {
+            b"content-type": mime_types(blacklist={b"application/json"},).map(
+                lambda content_type: [content_type],
+            ),
+        }
+    )
 
     good_version = just(1)
     bad_version = one_of(
@@ -1495,20 +1554,26 @@ def bad_calculate_price_requests():
         lists(integers(max_value=-1), min_size=1),
     )
 
-    good_data = fixed_dictionaries({
-        u"version": good_version,
-        u"sizes": good_sizes,
-    }).map(dumps)
+    good_data = fixed_dictionaries(
+        {
+            u"version": good_version,
+            u"sizes": good_sizes,
+        }
+    ).map(dumps)
 
-    bad_data_version = fixed_dictionaries({
-        u"version": bad_version,
-        u"sizes": good_sizes,
-    }).map(dumps)
+    bad_data_version = fixed_dictionaries(
+        {
+            u"version": bad_version,
+            u"sizes": good_sizes,
+        }
+    ).map(dumps)
 
-    bad_data_sizes = fixed_dictionaries({
-        u"version": good_version,
-        u"sizes": bad_sizes,
-    }).map(dumps)
+    bad_data_sizes = fixed_dictionaries(
+        {
+            u"version": good_version,
+            u"sizes": bad_sizes,
+        }
+    ).map(dumps)
 
     bad_data_other = dictionaries(
         text(),
@@ -1537,13 +1602,8 @@ def bad_calculate_price_requests():
         fields[key] = value
         return fields
 
-    return sampled_from(
-        bad_choices,
-    ).flatmap(
-        lambda bad_choice: builds(
-            Request,
-            **merge(good_fields, *bad_choice)
-        ),
+    return sampled_from(bad_choices,).flatmap(
+        lambda bad_choice: builds(Request, **merge(good_fields, *bad_choice)),
     )
 
 
@@ -1552,6 +1612,7 @@ class CalculatePriceTests(TestCase):
     Tests relating to ``/calculate-price`` as implemented by the
     ``_zkapauthorizer.resource`` module.
     """
+
     url = b"http://127.0.0.1/calculate-price"
 
     @given(
@@ -1617,7 +1678,9 @@ class CalculatePriceTests(TestCase):
         api_auth_tokens(),
         lists(integers(min_value=0)),
     )
-    def test_calculated_price(self, encoding_params_and_get_config, api_auth_token, sizes):
+    def test_calculated_price(
+        self, encoding_params_and_get_config, api_auth_token, sizes
+    ):
         """
         A well-formed request returns the price in ZKAPs as an integer and the
         storage period (the minimum allowed) that they pay for.
@@ -1654,10 +1717,12 @@ class CalculatePriceTests(TestCase):
                     headers_matcher=application_json(),
                     body_matcher=AfterPreprocessing(
                         loads,
-                        Equals({
-                            u"price": expected_price,
-                            u"period": get_configured_lease_duration(config),
-                        }),
+                        Equals(
+                            {
+                                u"price": expected_price,
+                                u"period": get_configured_lease_duration(config),
+                            }
+                        ),
                     ),
                 ),
             ),
@@ -1705,10 +1770,12 @@ class _MatchResponse(object):
     _details = attr.ib(default=attr.Factory(dict))
 
     def match(self, response):
-        self._details.update({
-            u"code": response.code,
-            u"headers": response.headers.getAllRawHeaders(),
-        })
+        self._details.update(
+            {
+                u"code": response.code,
+                u"headers": response.headers.getAllRawHeaders(),
+            }
+        )
         return MatchesStructure(
             code=self.code,
             headers=self.headers,
diff --git a/src/_zkapauthorizer/tests/test_controller.py b/src/_zkapauthorizer/tests/test_controller.py
index cf7726f913566ca06412d523b9c80c7126987017..21fb0937adf5302b0c5df87d70511c18f15a34da 100644
--- a/src/_zkapauthorizer/tests/test_controller.py
+++ b/src/_zkapauthorizer/tests/test_controller.py
@@ -155,6 +155,7 @@ class TokenCountForGroupTests(TestCase):
     """
     Tests for ``token_count_for_group``.
     """
+
     @given(
         integers(),
         integers(),
@@ -167,9 +168,7 @@ class TokenCountForGroupTests(TestCase):
         range then ``ValueError`` is raised.
         """
         assume(
-            group_number < 0 or
-            group_number >= num_groups or
-            total_tokens < num_groups
+            group_number < 0 or group_number >= num_groups or total_tokens < num_groups
         )
         self.assertThat(
             lambda: token_count_for_group(num_groups, total_tokens, group_number),
@@ -189,8 +188,7 @@ class TokenCountForGroupTests(TestCase):
         self.assertThat(
             sum(
                 token_count_for_group(num_groups, total_tokens, group_number)
-                for group_number
-                in range(num_groups)
+                for group_number in range(num_groups)
             ),
             Equals(total_tokens),
         )
@@ -211,8 +209,7 @@ class TokenCountForGroupTests(TestCase):
         self.assertThat(
             list(
                 token_count_for_group(num_groups, total_tokens, group_number)
-                for group_number
-                in range(num_groups)
+                for group_number in range(num_groups)
             ),
             AllMatch(between(lower_bound, upper_bound)),
         )
@@ -222,6 +219,7 @@ class PaymentControllerTests(TestCase):
     """
     Tests for ``PaymentController``.
     """
+
     @given(tahoe_configs(), datetimes(), vouchers(), dummy_ristretto_keys())
     def test_should_not_redeem(self, get_config, now, voucher, public_key):
         """
@@ -284,7 +282,13 @@ class PaymentControllerTests(TestCase):
             Equals(model_Pending(counter=0)),
         )
 
-    @given(tahoe_configs(), datetimes(), vouchers(), voucher_counters(), dummy_ristretto_keys())
+    @given(
+        tahoe_configs(),
+        datetimes(),
+        vouchers(),
+        voucher_counters(),
+        dummy_ristretto_keys(),
+    )
     def test_redeeming(self, get_config, now, voucher, num_successes, public_key):
         """
         A ``Voucher`` is marked redeeming while ``IRedeemer.redeem`` is actively
@@ -296,8 +300,7 @@ class PaymentControllerTests(TestCase):
         # that.
         counter = num_successes + 1
         redeemer = IndexedRedeemer(
-            [DummyRedeemer(public_key)] * num_successes +
-            [NonRedeemer()],
+            [DummyRedeemer(public_key)] * num_successes + [NonRedeemer()],
         )
         store = self.useFixture(TemporaryVoucherStore(get_config, lambda: now)).store
         controller = PaymentController(
@@ -320,10 +323,12 @@ class PaymentControllerTests(TestCase):
         controller_voucher = controller.get_voucher(voucher)
         self.assertThat(
             controller_voucher.state,
-            Equals(model_Redeeming(
-                started=now,
-                counter=num_successes,
-            )),
+            Equals(
+                model_Redeeming(
+                    started=now,
+                    counter=num_successes,
+                )
+            ),
         )
 
     @given(
@@ -334,7 +339,9 @@ class PaymentControllerTests(TestCase):
         voucher_counters().map(lambda v: v + 1),
         dummy_ristretto_keys(),
     )
-    def test_restart_redeeming(self, get_config, now, voucher, before_restart, after_restart, public_key):
+    def test_restart_redeeming(
+        self, get_config, now, voucher, before_restart, after_restart, public_key
+    ):
         """
         If some redemption groups for a voucher have succeeded but the process is
         interrupted, redemption begins at the first incomplete redemption
@@ -360,8 +367,8 @@ class PaymentControllerTests(TestCase):
                 store,
                 # It will let `before_restart` attempts succeed before hanging.
                 IndexedRedeemer(
-                    [DummyRedeemer(public_key)] * before_restart +
-                    [NonRedeemer()] * after_restart,
+                    [DummyRedeemer(public_key)] * before_restart
+                    + [NonRedeemer()] * after_restart,
                 ),
                 default_token_count=num_tokens,
                 num_redemption_groups=num_redemption_groups,
@@ -381,8 +388,8 @@ class PaymentControllerTests(TestCase):
                 # It will succeed only for the higher counter values which did
                 # not succeed or did not get started on the first try.
                 IndexedRedeemer(
-                    [NonRedeemer()] * before_restart +
-                    [DummyRedeemer(public_key)] * after_restart,
+                    [NonRedeemer()] * before_restart
+                    + [DummyRedeemer(public_key)] * after_restart,
                 ),
                 # The default token count for this new controller doesn't
                 # matter.  The redemption attempt already started with some
@@ -410,8 +417,16 @@ class PaymentControllerTests(TestCase):
             ),
         )
 
-    @given(tahoe_configs(), datetimes(), vouchers(), voucher_counters(), integers(min_value=0, max_value=100))
-    def test_stop_redeeming_on_error(self, get_config, now, voucher, counter, extra_tokens):
+    @given(
+        tahoe_configs(),
+        datetimes(),
+        vouchers(),
+        voucher_counters(),
+        integers(min_value=0, max_value=100),
+    )
+    def test_stop_redeeming_on_error(
+        self, get_config, now, voucher, counter, extra_tokens
+    ):
         """
         If an error is encountered on one of the redemption attempts performed by
         ``IRedeemer.redeem``, the effort is suspended until the normal retry
@@ -463,10 +478,12 @@ class PaymentControllerTests(TestCase):
         persisted_voucher = store.get(voucher)
         self.assertThat(
             persisted_voucher.state,
-            Equals(model_Redeemed(
-                finished=now,
-                token_count=100,
-            )),
+            Equals(
+                model_Redeemed(
+                    finished=now,
+                    token_count=100,
+                )
+            ),
         )
 
     @given(tahoe_configs(), datetimes(), vouchers())
@@ -492,9 +509,11 @@ class PaymentControllerTests(TestCase):
         self.assertThat(
             persisted_voucher,
             MatchesStructure(
-                state=Equals(model_DoubleSpend(
-                    finished=now,
-                )),
+                state=Equals(
+                    model_DoubleSpend(
+                        finished=now,
+                    )
+                ),
             ),
         )
 
@@ -578,7 +597,7 @@ class PaymentControllerTests(TestCase):
                 MatchesStructure(
                     finished=Equals(datetime_now()),
                 ),
-            )
+            ),
         )
 
         # Some time passes.
@@ -618,7 +637,10 @@ class PaymentControllerTests(TestCase):
                     unique=True,
                 ).map(
                     # Split the keys into allowed and disallowed groups
-                    lambda public_keys: (public_keys[:num_allowed_key_groups], public_keys[num_allowed_key_groups:]),
+                    lambda public_keys: (
+                        public_keys[:num_allowed_key_groups],
+                        public_keys[num_allowed_key_groups:],
+                    ),
                 ),
             ),
         ),
@@ -626,7 +648,9 @@ class PaymentControllerTests(TestCase):
         # required by the number of redemption groups we have.
         integers(min_value=0, max_value=32),
     )
-    def test_sequester_tokens_for_untrusted_key(self, random, clock, voucher, public_keys, extra_token_count):
+    def test_sequester_tokens_for_untrusted_key(
+        self, random, clock, voucher, public_keys, extra_token_count
+    ):
         """
         All unblinded tokens which are returned from the redemption process
         associated with a public key that the controller has not been
@@ -655,11 +679,7 @@ class PaymentControllerTests(TestCase):
         datetime_now = lambda: datetime.utcfromtimestamp(clock.seconds())
         store = self.useFixture(ConfiglessMemoryVoucherStore(datetime_now)).store
 
-        redeemers = list(
-            DummyRedeemer(public_key)
-            for public_key
-            in all_public_keys
-        )
+        redeemers = list(DummyRedeemer(public_key) for public_key in all_public_keys)
 
         controller = PaymentController(
             store,
@@ -678,12 +698,14 @@ class PaymentControllerTests(TestCase):
         )
 
         def count_in_group(public_keys, key_group):
-            return sum((
-                token_count_for_group(num_redemption_groups, token_count, n)
-                for n, public_key
-                in enumerate(public_keys)
-                if public_key in key_group
-            ), 0)
+            return sum(
+                (
+                    token_count_for_group(num_redemption_groups, token_count, n)
+                    for n, public_key in enumerate(public_keys)
+                    if public_key in key_group
+                ),
+                0,
+            )
 
         allowed_token_count = count_in_group(all_public_keys, allowed_public_keys)
         disallowed_token_count = count_in_group(all_public_keys, disallowed_public_keys)
@@ -723,8 +745,7 @@ class PaymentControllerTests(TestCase):
             unblinded_token
             for counter, redeemer in enumerate(redeemers)
             if redeemer._public_key in allowed_public_keys
-            for unblinded_token
-            in redeemer.redeemWithCounter(
+            for unblinded_token in redeemer.redeemWithCounter(
                 voucher_obj,
                 counter,
                 redeemer.random_tokens_for_voucher(
@@ -746,10 +767,12 @@ class PaymentControllerTests(TestCase):
 
 NOWHERE = URL.from_text(u"https://127.0.0.1/")
 
+
 class RistrettoRedeemerTests(TestCase):
     """
     Tests for ``RistrettoRedeemer``.
     """
+
     def test_interface(self):
         """
         An ``RistrettoRedeemer`` instance provides ``IRedeemer``.
@@ -937,9 +960,11 @@ class RistrettoRedeemerTests(TestCase):
             counter,
             random_tokens,
         )
+
         def unblinded_tokens_to_passes(result):
             passes = redeemer.tokens_to_passes(message, result.unblinded_tokens)
             return passes
+
         d.addCallback(unblinded_tokens_to_passes)
 
         self.assertThat(
@@ -974,39 +999,32 @@ def ristretto_verify(signing_key, message, marshaled_passes):
         ``marshaled_passes`` pass the Ristretto-defined verification for an
         exchange using the given signing key and message.
     """
+
     def decode(marshaled_pass):
         t, s = marshaled_pass.split(u" ")
         return (
             TokenPreimage.decode_base64(t.encode("ascii")),
             VerificationSignature.decode_base64(s.encode("ascii")),
         )
+
     servers_passes = list(
-        decode(marshaled_pass.pass_text)
-        for marshaled_pass
-        in marshaled_passes
+        decode(marshaled_pass.pass_text) for marshaled_pass in marshaled_passes
     )
     servers_unblinded_tokens = list(
         signing_key.rederive_unblinded_token(token_preimage)
-        for (token_preimage, sig)
-        in servers_passes
-    )
-    servers_verification_sigs = list(
-        sig
-        for (token_preimage, sig)
-        in servers_passes
+        for (token_preimage, sig) in servers_passes
     )
+    servers_verification_sigs = list(sig for (token_preimage, sig) in servers_passes)
     servers_verification_keys = list(
         unblinded_token.derive_verification_key_sha512()
-        for unblinded_token
-        in servers_unblinded_tokens
+        for unblinded_token in servers_unblinded_tokens
     )
     invalid_passes = list(
         key.invalid_sha512(
             sig,
             message,
         )
-        for (key, sig)
-        in zip(servers_verification_keys, servers_verification_sigs)
+        for (key, sig) in zip(servers_verification_keys, servers_verification_sigs)
     )
 
     return not any(invalid_passes)
@@ -1038,6 +1056,7 @@ class UnexpectedResponseRedemption(Resource):
     An ``UnexpectedResponseRedemption`` simulates the Ristretto redemption
     server but always returns a non-JSON error response.
     """
+
     def render_POST(self, request):
         request.setResponseCode(INTERNAL_SERVER_ERROR)
         return b"Sorry, this server does not behave well."
@@ -1049,6 +1068,7 @@ class AlreadySpentRedemption(Resource):
     but always refuses to allow vouchers to be redeemed and reports an error
     that the voucher has already been redeemed.
     """
+
     def render_POST(self, request):
         request_error = check_redemption_request(request)
         if request_error is not None:
@@ -1063,6 +1083,7 @@ class UnpaidRedemption(Resource):
     always refuses to allow vouchers to be redeemed and reports an error that
     the voucher has not been paid for.
     """
+
     def render_POST(self, request):
         request_error = check_redemption_request(request)
         if request_error is not None:
@@ -1086,18 +1107,14 @@ class RistrettoRedemption(Resource):
         marshaled_blinded_tokens = request_body[u"redeemTokens"]
         servers_blinded_tokens = list(
             BlindedToken.decode_base64(marshaled_blinded_token.encode("ascii"))
-            for marshaled_blinded_token
-            in marshaled_blinded_tokens
+            for marshaled_blinded_token in marshaled_blinded_tokens
         )
         servers_signed_tokens = list(
             self.signing_key.sign(blinded_token)
-            for blinded_token
-            in servers_blinded_tokens
+            for blinded_token in servers_blinded_tokens
         )
         marshaled_signed_tokens = list(
-            signed_token.encode_base64()
-            for signed_token
-            in servers_signed_tokens
+            signed_token.encode_base64() for signed_token in servers_signed_tokens
         )
         servers_proof = BatchDLEQProof.create(
             self.signing_key,
@@ -1109,18 +1126,21 @@ class RistrettoRedemption(Resource):
         finally:
             servers_proof.destroy()
 
-        return dumps({
-            u"success": True,
-            u"public-key": self.public_key.encode_base64(),
-            u"signatures": marshaled_signed_tokens,
-            u"proof": marshaled_proof,
-        })
+        return dumps(
+            {
+                u"success": True,
+                u"public-key": self.public_key.encode_base64(),
+                u"signatures": marshaled_signed_tokens,
+                u"proof": marshaled_proof,
+            }
+        )
 
 
 class CheckRedemptionRequestTests(TestCase):
     """
     Tests for ``check_redemption_request``.
     """
+
     def test_content_type(self):
         """
         If the request content-type is not application/json, the response is
@@ -1197,6 +1217,7 @@ class CheckRedemptionRequestTests(TestCase):
             ),
         )
 
+
 def check_redemption_request(request):
     """
     Verify that the given request conforms to the redemption server's public
@@ -1218,7 +1239,8 @@ def check_redemption_request(request):
     actual_keys = set(request_body.keys())
     if expected_keys != actual_keys:
         return bad_request(
-            request, {
+            request,
+            {
                 u"success": False,
                 u"reason": u"{} != {}".format(
                     expected_keys,
diff --git a/src/_zkapauthorizer/tests/test_foolscap.py b/src/_zkapauthorizer/tests/test_foolscap.py
index 5912b3531c32e8b896834a77f88d66469aea0d85..c62fb10f87b7116b6a1ecac90d448261728518d7 100644
--- a/src/_zkapauthorizer/tests/test_foolscap.py
+++ b/src/_zkapauthorizer/tests/test_foolscap.py
@@ -81,6 +81,7 @@ from ..foolscap import (
     ShareStat,
 )
 
+
 class IHasSchema(RemoteInterface):
     def method(arg=int):
         return bytes
@@ -111,6 +112,7 @@ class LocalRemoteTests(TestCase):
     """
     Tests for the ``LocalRemote`` test double.
     """
+
     @given(
         ref=one_of(
             just(remote_reference()),
@@ -195,6 +197,7 @@ class LocalRemoteTests(TestCase):
         ``LocalRemote.callRemote`` returns a ``Deferred`` that fires with a
         failure if the method's result cannot be serialized.
         """
+
         class BrokenResultReferenceable(DummyReferenceable):
             def doRemoteCall(self, *a, **kw):
                 return BrokenCopyable()
@@ -224,6 +227,7 @@ class SerializationTests(TrialTestCase):
     """
     Tests for the serialization of types used in the Foolscap API.
     """
+
     def test_sharestat(self):
         """
         A ``ShareStat`` instance can be sent as an argument to and received in a
diff --git a/src/_zkapauthorizer/tests/test_lease_maintenance.py b/src/_zkapauthorizer/tests/test_lease_maintenance.py
index 142eff8243620f67de7d2aabf396c3f7badde3b6..d13dd635c2e70de97220ab309ce4b59829780b70 100644
--- a/src/_zkapauthorizer/tests/test_lease_maintenance.py
+++ b/src/_zkapauthorizer/tests/test_lease_maintenance.py
@@ -146,16 +146,18 @@ class DummyStorageServer(object):
     :ivar dict[bytes, ShareStat] buckets: A mapping from storage index to
         metadata about shares at that storage index.
     """
+
     clock = attr.ib()
     buckets = attr.ib()
     lease_seed = attr.ib()
 
     def stat_shares(self, storage_indexes):
-        return succeed(list(
-            {0: self.buckets[idx]} if idx in self.buckets else {}
-            for idx
-            in storage_indexes
-        ))
+        return succeed(
+            list(
+                {0: self.buckets[idx]} if idx in self.buckets else {}
+                for idx in storage_indexes
+            )
+        )
 
     def get_lease_seed(self):
         return self.lease_seed
@@ -227,6 +229,7 @@ class DummyServer(object):
     """
     A partial implementation of a Tahoe-LAFS "native" storage server.
     """
+
     _storage_server = attr.ib()
 
     def get_storage_server(self):
@@ -239,6 +242,7 @@ class DummyStorageBroker(object):
     """
     A partial implementation of a Tahoe-LAFS storage broker.
     """
+
     clock = attr.ib()
     _storage_servers = attr.ib()
 
@@ -259,6 +263,7 @@ class LeaseMaintenanceServiceTests(TestCase):
     """
     Tests for the service returned by ``lease_maintenance_service``.
     """
+
     @given(randoms())
     def test_interface(self, random):
         """
@@ -268,7 +273,7 @@ class LeaseMaintenanceServiceTests(TestCase):
         service = lease_maintenance_service(
             dummy_maintain_leases,
             clock,
-            FilePath(self.useFixture(TempDir()).join(u"last-run")),
+            FilePath(self.useFixture(TempDir()).join("last-run")),
             random,
         )
         self.assertThat(
@@ -296,7 +301,7 @@ class LeaseMaintenanceServiceTests(TestCase):
         service = lease_maintenance_service(
             dummy_maintain_leases,
             clock,
-            FilePath(self.useFixture(TempDir()).join(u"last-run")),
+            FilePath(self.useFixture(TempDir()).join("last-run")),
             random,
             mean,
             range_,
@@ -333,7 +338,7 @@ class LeaseMaintenanceServiceTests(TestCase):
 
         # Figure out the absolute last run time.
         last_run = datetime_now - since_last_run
-        last_run_path = FilePath(self.useFixture(TempDir()).join(u"last-run"))
+        last_run_path = FilePath(self.useFixture(TempDir()).join("last-run"))
         last_run_path.setContent(last_run.isoformat())
 
         service = lease_maintenance_service(
@@ -359,9 +364,16 @@ class LeaseMaintenanceServiceTests(TestCase):
             datetime_now + mean + (range_ / 2) - since_last_run,
         )
 
-        note("mean: {}\nrange: {}\nnow: {}\nlow: {}\nhigh: {}\nsince last: {}".format(
-            mean, range_, datetime_now, low, high, since_last_run,
-        ))
+        note(
+            "mean: {}\nrange: {}\nnow: {}\nlow: {}\nhigh: {}\nsince last: {}".format(
+                mean,
+                range_,
+                datetime_now,
+                low,
+                high,
+                since_last_run,
+            )
+        )
 
         self.assertThat(
             datetime.utcfromtimestamp(maintenance_call.getTime()),
@@ -379,7 +391,7 @@ class LeaseMaintenanceServiceTests(TestCase):
         service = lease_maintenance_service(
             lambda: None,
             clock,
-            FilePath(self.useFixture(TempDir()).join(u"last-run")),
+            FilePath(self.useFixture(TempDir()).join("last-run")),
             random,
         )
         service.startService()
@@ -405,13 +417,14 @@ class LeaseMaintenanceServiceTests(TestCase):
         When the service runs, it calls the ``maintain_leases`` object.
         """
         leases_maintained_at = []
+
         def maintain_leases():
             leases_maintained_at.append(datetime.utcfromtimestamp(clock.seconds()))
 
         service = lease_maintenance_service(
             maintain_leases,
             clock,
-            FilePath(self.useFixture(TempDir()).join(u"last-run")),
+            FilePath(self.useFixture(TempDir()).join("last-run")),
             random,
         )
         service.startService()
@@ -428,6 +441,7 @@ class VisitStorageIndexesFromRootTests(TestCase):
     """
     Tests for ``visit_storage_indexes_from_root``.
     """
+
     @given(node_hierarchies(), clocks())
     def test_visits_all_nodes(self, root_node, clock):
         """
@@ -435,6 +449,7 @@ class VisitStorageIndexesFromRootTests(TestCase):
         its deepest children.
         """
         visited = []
+
         def perform_visit(visit_assets):
             return visit_assets(visited.append)
 
@@ -454,11 +469,7 @@ class VisitStorageIndexesFromRootTests(TestCase):
                 HasLength(len(expected)),
                 AfterPreprocessing(
                     set,
-                    Equals(set(
-                        node.get_storage_index()
-                        for node
-                        in expected
-                    )),
+                    Equals(set(node.get_storage_index() for node in expected)),
                 ),
             ),
         )
@@ -468,6 +479,7 @@ class RenewLeasesTests(TestCase):
     """
     Tests for ``renew_leases``.
     """
+
     @given(storage_brokers(clocks()), lists(leaf_nodes(), unique=True))
     def test_renewed(self, storage_broker, nodes):
         """
@@ -519,23 +531,20 @@ class RenewLeasesTests(TestCase):
             succeeded(Always()),
         )
 
-        relevant_storage_indexes = set(
-            node.get_storage_index()
-            for node
-            in nodes
-        )
+        relevant_storage_indexes = set(node.get_storage_index() for node in nodes)
 
         self.assertThat(
             list(
                 server.get_storage_server()
-                for server
-                in storage_broker.get_connected_servers()
+                for server in storage_broker.get_connected_servers()
+            ),
+            AllMatch(
+                leases_current(
+                    relevant_storage_indexes,
+                    get_now(),
+                    min_lease_remaining,
+                )
             ),
-            AllMatch(leases_current(
-                relevant_storage_indexes,
-                get_now(),
-                min_lease_remaining,
-            )),
         )
 
 
@@ -543,6 +552,7 @@ class MaintainLeasesFromRootTests(TestCase):
     """
     Tests for ``maintain_leases_from_root``.
     """
+
     @given(storage_brokers(clocks()), node_hierarchies())
     def test_renewed(self, storage_broker, root_node):
         """
@@ -575,22 +585,21 @@ class MaintainLeasesFromRootTests(TestCase):
         )
 
         relevant_storage_indexes = set(
-            node.get_storage_index()
-            for node
-            in root_node.flatten()
+            node.get_storage_index() for node in root_node.flatten()
         )
 
         self.assertThat(
             list(
                 server.get_storage_server()
-                for server
-                in storage_broker.get_connected_servers()
+                for server in storage_broker.get_connected_servers()
+            ),
+            AllMatch(
+                leases_current(
+                    relevant_storage_indexes,
+                    get_now(),
+                    min_lease_remaining,
+                )
             ),
-            AllMatch(leases_current(
-                relevant_storage_indexes,
-                get_now(),
-                min_lease_remaining,
-            ))
         )
 
     @given(storage_brokers(clocks()), node_hierarchies())
diff --git a/src/_zkapauthorizer/tests/test_matchers.py b/src/_zkapauthorizer/tests/test_matchers.py
index 868a1e998bec4a54c093f24637a5a3f8ecee6261..a2df351b87637e1147c1b0851153c7f5ae17f408 100644
--- a/src/_zkapauthorizer/tests/test_matchers.py
+++ b/src/_zkapauthorizer/tests/test_matchers.py
@@ -61,6 +61,7 @@ class ProvidesTests(TestCase):
     """
     Tests for ``Provides``.
     """
+
     def test_match(self):
         """
         ``Provides.match`` returns ``None`` when the given object provides all of
@@ -86,6 +87,7 @@ class ReturnsTests(TestCase):
     """
     Tests for ``returns``.
     """
+
     def test_match(self):
         """
         ``returns(m)`` returns a matcher that matches when the given object
diff --git a/src/_zkapauthorizer/tests/test_model.py b/src/_zkapauthorizer/tests/test_model.py
index 5af002721ebcc7ce1b7ae45c8b2d0f2e0b045558..dbff95faf7f84a39d5368afa0eb412609074808a 100644
--- a/src/_zkapauthorizer/tests/test_model.py
+++ b/src/_zkapauthorizer/tests/test_model.py
@@ -67,7 +67,7 @@ from hypothesis.stateful import (
     rule,
     precondition,
     invariant,
-    run_state_machine_as_test
+    run_state_machine_as_test,
 )
 from hypothesis.strategies import (
     data,
@@ -119,6 +119,7 @@ class VoucherStoreTests(TestCase):
     """
     Tests for ``VoucherStore``.
     """
+
     @given(tahoe_configs(), datetimes(), vouchers())
     def test_get_missing(self, get_config, now, voucher):
         """
@@ -131,7 +132,12 @@ class VoucherStoreTests(TestCase):
             raises(KeyError),
         )
 
-    @given(tahoe_configs(), vouchers(), lists(random_tokens(), min_size=1, unique=True), datetimes())
+    @given(
+        tahoe_configs(),
+        vouchers(),
+        lists(random_tokens(), min_size=1, unique=True),
+        datetimes(),
+    )
     def test_add(self, get_config, voucher, tokens, now):
         """
         ``VoucherStore.get`` returns a ``Voucher`` representing a voucher
@@ -156,15 +162,17 @@ class VoucherStoreTests(TestCase):
         lists(random_tokens(), min_size=2, unique=True),
         datetimes(),
     )
-    def test_add_with_distinct_counters(self, get_config, voucher, counters, tokens, now):
+    def test_add_with_distinct_counters(
+        self, get_config, voucher, counters, tokens, now
+    ):
         """
         ``VoucherStore.add`` adds new tokens to the store when passed the same
         voucher but a different counter value.
         """
         counter_a = counters[0]
         counter_b = counters[1]
-        tokens_a = tokens[:len(tokens) / 2]
-        tokens_b = tokens[len(tokens) / 2:]
+        tokens_a = tokens[: len(tokens) / 2]
+        tokens_b = tokens[len(tokens) / 2 :]
 
         store = self.useFixture(TemporaryVoucherStore(get_config, lambda: now)).store
         # We only have to get the expected_tokens value (len(tokens)) right on
@@ -185,7 +193,12 @@ class VoucherStoreTests(TestCase):
         self.assertThat(tokens_a, Equals(added_tokens_a))
         self.assertThat(tokens_b, Equals(added_tokens_b))
 
-    @given(tahoe_configs(), vouchers(), datetimes(), lists(random_tokens(), min_size=1, unique=True))
+    @given(
+        tahoe_configs(),
+        vouchers(),
+        datetimes(),
+        lists(random_tokens(), min_size=1, unique=True),
+    )
     def test_add_idempotent(self, get_config, voucher, now, tokens):
         """
         More than one call to ``VoucherStore.add`` with the same argument results
@@ -233,14 +246,16 @@ class VoucherStoreTests(TestCase):
         ``VoucherStore.list`` returns a ``list`` containing a ``Voucher`` object
         for each voucher previously added.
         """
-        tokens = iter(data.draw(
-            lists(
-                random_tokens(),
-                unique=True,
-                min_size=len(vouchers),
-                max_size=len(vouchers),
-            ),
-        ))
+        tokens = iter(
+            data.draw(
+                lists(
+                    random_tokens(),
+                    unique=True,
+                    min_size=len(vouchers),
+                    max_size=len(vouchers),
+                ),
+            )
+        )
         store = self.useFixture(TemporaryVoucherStore(get_config, lambda: now)).store
         for voucher in vouchers:
             store.add(
@@ -252,11 +267,12 @@ class VoucherStoreTests(TestCase):
 
         self.assertThat(
             store.list(),
-            Equals(list(
-                Voucher(number, expected_tokens=1, created=now)
-                for number
-                in vouchers
-            )),
+            Equals(
+                list(
+                    Voucher(number, expected_tokens=1, created=now)
+                    for number in vouchers
+                )
+            ),
         )
 
     @skipIf(platform.isWindows(), "Hard to prevent directory creation on Windows")
@@ -299,8 +315,9 @@ class VoucherStoreTests(TestCase):
             ),
         )
 
-
-    @skipIf(platform.isWindows(), "Hard to prevent database from being opened on Windows")
+    @skipIf(
+        platform.isWindows(), "Hard to prevent database from being opened on Windows"
+    )
     @given(tahoe_configs(), datetimes())
     def test_unopenable_store(self, get_config, now):
         """
@@ -327,43 +344,37 @@ class VoucherStoreTests(TestCase):
         )
 
     @given(tahoe_configs(), vouchers(), dummy_ristretto_keys(), datetimes(), data())
-    def test_spend_order_equals_backup_order(self, get_config, voucher_value, public_key, now, data):
+    def test_spend_order_equals_backup_order(
+        self, get_config, voucher_value, public_key, now, data
+    ):
         """
         Unblinded tokens returned by ``VoucherStore.backup`` appear in the same
         order as they are returned by ``VoucherStore.get_unblinded_tokens``.
         """
         backed_up_tokens, spent_tokens, inserted_tokens = self._spend_order_test(
-            get_config,
-            voucher_value,
-            public_key,
-            now,
-            data
+            get_config, voucher_value, public_key, now, data
         )
         self.assertThat(
             backed_up_tokens,
             Equals(spent_tokens),
         )
 
-
     @given(tahoe_configs(), vouchers(), dummy_ristretto_keys(), datetimes(), data())
-    def test_spend_order_equals_insert_order(self, get_config, voucher_value, public_key, now, data):
+    def test_spend_order_equals_insert_order(
+        self, get_config, voucher_value, public_key, now, data
+    ):
         """
         Unblinded tokens returned by ``VoucherStore.get_unblinded_tokens``
         appear in the same order as they were inserted.
         """
         backed_up_tokens, spent_tokens, inserted_tokens = self._spend_order_test(
-            get_config,
-            voucher_value,
-            public_key,
-            now,
-            data
+            get_config, voucher_value, public_key, now, data
         )
         self.assertThat(
             spent_tokens,
             Equals(inserted_tokens),
         )
 
-
     def _spend_order_test(self, get_config, voucher_value, public_key, now, data):
         """
         Insert, backup, and extract some tokens.
@@ -385,7 +396,9 @@ class VoucherStoreTests(TestCase):
         store = VoucherStore.from_node_config(config, lambda: now)
 
         # Put some tokens in it that we can backup and extract
-        random_tokens, unblinded_tokens = paired_tokens(data, integers(min_value=1, max_value=5))
+        random_tokens, unblinded_tokens = paired_tokens(
+            data, integers(min_value=1, max_value=5)
+        )
         store.add(voucher_value, len(random_tokens), 0, lambda: random_tokens)
         store.insert_unblinded_tokens_for_voucher(
             voucher_value,
@@ -401,9 +414,7 @@ class VoucherStoreTests(TestCase):
         while tokens_remaining > 0:
             to_spend = data.draw(integers(min_value=1, max_value=tokens_remaining))
             extracted_tokens.extend(
-                token.unblinded_token
-                for token
-                in store.get_unblinded_tokens(to_spend)
+                token.unblinded_token for token in store.get_unblinded_tokens(to_spend)
             )
             tokens_remaining -= to_spend
 
@@ -420,6 +431,7 @@ class UnblindedTokenStateMachine(RuleBasedStateMachine):
     unblinded tokens in a ``VoucherStore`` - usable, in-use, spent, invalid,
     etc.
     """
+
     def __init__(self, case):
         super(UnblindedTokenStateMachine, self).__init__()
         self.case = case
@@ -555,12 +567,14 @@ class UnblindedTokenStateMachine(RuleBasedStateMachine):
 
     @invariant()
     def report_state(self):
-        note("available={} using={} invalid={} spent={}".format(
-            self.available,
-            len(self.using),
-            len(self.invalid),
-            len(self.spent),
-        ))
+        note(
+            "available={} using={} invalid={} spent={}".format(
+                self.available,
+                len(self.using),
+                len(self.invalid),
+                len(self.spent),
+            )
+        )
 
 
 def random_slice(taken_from, random, data):
@@ -588,6 +602,7 @@ class UnblindedTokenStateTests(TestCase):
     """
     Glue ``UnblindedTokenStateTests`` into our test runner.
     """
+
     def test_states(self):
         run_state_machine_as_test(lambda: UnblindedTokenStateMachine(self))
 
@@ -596,6 +611,7 @@ class LeaseMaintenanceTests(TestCase):
     """
     Tests for the lease-maintenance related parts of ``VoucherStore``.
     """
+
     @given(
         tahoe_configs(),
         posix_safe_datetimes(),
@@ -645,9 +661,11 @@ class LeaseMaintenanceTests(TestCase):
             for (num_passes, trim_size) in sizes:
                 passes_required += num_passes
                 trim_size %= store.pass_value
-                x.observe([
-                    num_passes * store.pass_value - trim_size,
-                ])
+                x.observe(
+                    [
+                        num_passes * store.pass_value - trim_size,
+                    ]
+                )
             now += finish_delay
             x.finish()
             finished = now
@@ -669,6 +687,7 @@ class VoucherTests(TestCase):
     """
     Tests for ``Voucher``.
     """
+
     @given(voucher_objects())
     def test_json_roundtrip(self, reference):
         """
@@ -688,18 +707,22 @@ def paired_tokens(data, sizes=integers(min_value=1, max_value=1000)):
     :rtype: ([RandomTokens], [UnblindedTokens])
     """
     num_tokens = data.draw(sizes)
-    r = data.draw(lists(
-        random_tokens(),
-        min_size=num_tokens,
-        max_size=num_tokens,
-        unique=True,
-    ))
-    u = data.draw(lists(
-        unblinded_tokens(),
-        min_size=num_tokens,
-        max_size=num_tokens,
-        unique=True,
-    ))
+    r = data.draw(
+        lists(
+            random_tokens(),
+            min_size=num_tokens,
+            max_size=num_tokens,
+            unique=True,
+        )
+    )
+    u = data.draw(
+        lists(
+            unblinded_tokens(),
+            min_size=num_tokens,
+            max_size=num_tokens,
+            unique=True,
+        )
+    )
     return r, u
 
 
@@ -707,6 +730,7 @@ class UnblindedTokenStoreTests(TestCase):
     """
     Tests for ``UnblindedToken``-related functionality of ``VoucherStore``.
     """
+
     @given(
         tahoe_configs(),
         datetimes(),
@@ -715,7 +739,9 @@ class UnblindedTokenStoreTests(TestCase):
         lists(unblinded_tokens(), unique=True),
         booleans(),
     )
-    def test_unblinded_tokens_without_voucher(self, get_config, now, voucher_value, public_key, unblinded_tokens, completed):
+    def test_unblinded_tokens_without_voucher(
+        self, get_config, now, voucher_value, public_key, unblinded_tokens, completed
+    ):
         """
         Unblinded tokens for a voucher which has not been added to the store cannot be inserted.
         """
@@ -739,14 +765,18 @@ class UnblindedTokenStoreTests(TestCase):
         booleans(),
         data(),
     )
-    def test_unblinded_tokens_round_trip(self, get_config, now, voucher_value, public_key, completed, data):
+    def test_unblinded_tokens_round_trip(
+        self, get_config, now, voucher_value, public_key, completed, data
+    ):
         """
         Unblinded tokens that are added to the store can later be retrieved and counted.
         """
         random_tokens, unblinded_tokens = paired_tokens(data)
         store = self.useFixture(TemporaryVoucherStore(get_config, lambda: now)).store
         store.add(voucher_value, len(random_tokens), 0, lambda: random_tokens)
-        store.insert_unblinded_tokens_for_voucher(voucher_value, public_key, unblinded_tokens, completed, spendable=True)
+        store.insert_unblinded_tokens_for_voucher(
+            voucher_value, public_key, unblinded_tokens, completed, spendable=True
+        )
 
         # All the tokens just inserted should be counted.
         self.expectThat(
@@ -774,7 +804,9 @@ class UnblindedTokenStoreTests(TestCase):
         integers(min_value=1, max_value=100),
         data(),
     )
-    def test_mark_vouchers_redeemed(self, get_config, now, voucher_value, public_key, num_tokens, data):
+    def test_mark_vouchers_redeemed(
+        self, get_config, now, voucher_value, public_key, num_tokens, data
+    ):
         """
         The voucher for unblinded tokens that are added to the store is marked as
         redeemed.
@@ -798,16 +830,20 @@ class UnblindedTokenStoreTests(TestCase):
 
         store = self.useFixture(TemporaryVoucherStore(get_config, lambda: now)).store
         store.add(voucher_value, len(random), 0, lambda: random)
-        store.insert_unblinded_tokens_for_voucher(voucher_value, public_key, unblinded, completed=True, spendable=True)
+        store.insert_unblinded_tokens_for_voucher(
+            voucher_value, public_key, unblinded, completed=True, spendable=True
+        )
         loaded_voucher = store.get(voucher_value)
         self.assertThat(
             loaded_voucher,
             MatchesStructure(
                 expected_tokens=Equals(len(random)),
-                state=Equals(Redeemed(
-                    finished=now,
-                    token_count=num_tokens,
-                )),
+                state=Equals(
+                    Redeemed(
+                        finished=now,
+                        token_count=num_tokens,
+                    )
+                ),
             ),
         )
 
@@ -817,7 +853,9 @@ class UnblindedTokenStoreTests(TestCase):
         vouchers(),
         lists(random_tokens(), min_size=1, unique=True),
     )
-    def test_mark_vouchers_double_spent(self, get_config, now, voucher_value, random_tokens):
+    def test_mark_vouchers_double_spent(
+        self, get_config, now, voucher_value, random_tokens
+    ):
         """
         A voucher which is reported as double-spent is marked in the database as
         such.
@@ -829,9 +867,11 @@ class UnblindedTokenStoreTests(TestCase):
         self.assertThat(
             voucher,
             MatchesStructure(
-                state=Equals(DoubleSpend(
-                    finished=now,
-                )),
+                state=Equals(
+                    DoubleSpend(
+                        finished=now,
+                    )
+                ),
             ),
         )
 
@@ -843,7 +883,9 @@ class UnblindedTokenStoreTests(TestCase):
         integers(min_value=1, max_value=100),
         data(),
     )
-    def test_mark_spent_vouchers_double_spent(self, get_config, now, voucher_value, public_key, num_tokens, data):
+    def test_mark_spent_vouchers_double_spent(
+        self, get_config, now, voucher_value, public_key, num_tokens, data
+    ):
         """
         A voucher which has already been spent cannot be marked as double-spent.
         """
@@ -865,7 +907,9 @@ class UnblindedTokenStoreTests(TestCase):
         )
         store = self.useFixture(TemporaryVoucherStore(get_config, lambda: now)).store
         store.add(voucher_value, len(random), 0, lambda: random)
-        store.insert_unblinded_tokens_for_voucher(voucher_value, public_key, unblinded, completed=True, spendable=True)
+        store.insert_unblinded_tokens_for_voucher(
+            voucher_value, public_key, unblinded, completed=True, spendable=True
+        )
         self.assertThat(
             lambda: store.mark_voucher_double_spent(voucher_value),
             raises(ValueError),
@@ -895,7 +939,9 @@ class UnblindedTokenStoreTests(TestCase):
         integers(min_value=1),
         data(),
     )
-    def test_not_enough_unblinded_tokens(self, get_config, now, voucher_value, public_key, completed, extra, data):
+    def test_not_enough_unblinded_tokens(
+        self, get_config, now, voucher_value, public_key, completed, extra, data
+    ):
         """
         ``get_unblinded_tokens`` raises ``NotEnoughTokens`` if ``count`` is
         greater than the number of unblinded tokens in the store.
diff --git a/src/_zkapauthorizer/tests/test_plugin.py b/src/_zkapauthorizer/tests/test_plugin.py
index ee8f0016c0a8a197541f35dae6df6f837c1ceeaf..26929628c5bc5af150145505b2f613dc42d349e5 100644
--- a/src/_zkapauthorizer/tests/test_plugin.py
+++ b/src/_zkapauthorizer/tests/test_plugin.py
@@ -174,7 +174,6 @@ from .eliot import (
 )
 
 
-
 SIGNING_KEY_PATH = FilePath(__file__).sibling(u"testing-signing.key")
 
 
@@ -184,11 +183,11 @@ def get_rref(interface=None):
     return LocalRemote(DummyReferenceable(interface))
 
 
-
 class GetRRefTests(TestCase):
     """
     Tests for ``get_rref``.
     """
+
     def test_localremote(self):
         """
         ``get_rref`` returns an instance of ``LocalRemote``.
@@ -210,7 +209,9 @@ class GetRRefTests(TestCase):
             AfterPreprocessing(
                 lambda ref: ref.tracker,
                 MatchesStructure(
-                    interfaceName=Equals(RIPrivacyPassAuthorizedStorageServer.__remote_name__),
+                    interfaceName=Equals(
+                        RIPrivacyPassAuthorizedStorageServer.__remote_name__
+                    ),
                 ),
             ),
         )
@@ -237,6 +238,7 @@ class PluginTests(TestCase):
     """
     Tests for ``twisted.plugins.zkapauthorizer.storage_server``.
     """
+
     def test_discoverable(self):
         """
         The plugin can be discovered.
@@ -246,7 +248,6 @@ class PluginTests(TestCase):
             Contains(storage_server),
         )
 
-
     def test_provides_interface(self):
         """
         ``storage_server`` provides ``IFoolscapStoragePlugin``.
@@ -257,12 +258,12 @@ class PluginTests(TestCase):
         )
 
 
-
 class ServerPluginTests(TestCase):
     """
     Tests for the plugin's implementation of
     ``IFoolscapStoragePlugin.get_storage_server``.
     """
+
     @given(server_configurations(SIGNING_KEY_PATH))
     def test_returns_announceable(self, configuration):
         """
@@ -278,7 +279,6 @@ class ServerPluginTests(TestCase):
             succeeded(Provides([IAnnounceableStorageServer])),
         )
 
-
     @given(server_configurations(SIGNING_KEY_PATH))
     def test_returns_referenceable(self, configuration):
         """
@@ -323,7 +323,6 @@ class ServerPluginTests(TestCase):
             ),
         )
 
-
     @given(server_configurations(SIGNING_KEY_PATH))
     def test_returns_hashable(self, configuration):
         """
@@ -352,15 +351,21 @@ class ServerPluginTests(TestCase):
 
 tahoe_configs_with_dummy_redeemer = tahoe_configs(client_dummyredeemer_configurations())
 
-tahoe_configs_with_mismatched_issuer = minimal_tahoe_configs({
-    u"privatestorageio-zkapauthz-v1": just({u"ristretto-issuer-root-url": u"https://another-issuer.example.invalid/"}),
-})
+tahoe_configs_with_mismatched_issuer = minimal_tahoe_configs(
+    {
+        u"privatestorageio-zkapauthz-v1": just(
+            {u"ristretto-issuer-root-url": u"https://another-issuer.example.invalid/"}
+        ),
+    }
+)
+
 
 class ClientPluginTests(TestCase):
     """
     Tests for the plugin's implementation of
     ``IFoolscapStoragePlugin.get_storage_client``.
     """
+
     @given(tahoe_configs(), announcements())
     def test_interface(self, get_config, announcement):
         """
@@ -384,7 +389,6 @@ class ClientPluginTests(TestCase):
             Provides([IStorageServer]),
         )
 
-
     @given(tahoe_configs_with_mismatched_issuer, announcements())
     def test_mismatched_ristretto_issuer(self, config_text, announcement):
         """
@@ -420,7 +424,6 @@ class ClientPluginTests(TestCase):
             raises(IssuerConfigurationMismatch),
         )
 
-
     @given(
         tahoe_configs(),
         announcements(),
@@ -431,15 +434,14 @@ class ClientPluginTests(TestCase):
         sizes(),
     )
     def test_mismatch_storage_server_furl(
-            self,
-            get_config,
-            announcement,
-            storage_index,
-            renew_secret,
-            cancel_secret,
-            sharenums,
-            size,
-
+        self,
+        get_config,
+        announcement,
+        storage_index,
+        renew_secret,
+        cancel_secret,
+        sharenums,
+        size,
     ):
         """
         If the ``get_rref`` passed to ``get_storage_client`` returns a reference
@@ -484,14 +486,14 @@ class ClientPluginTests(TestCase):
     )
     @capture_logging(lambda self, logger: logger.validate())
     def test_unblinded_tokens_spent(
-            self,
-            logger,
-            get_config,
-            now,
-            announcement,
-            voucher,
-            num_passes,
-            public_key,
+        self,
+        logger,
+        get_config,
+        now,
+        announcement,
+        voucher,
+        num_passes,
+        public_key,
     ):
         """
         The ``ZKAPAuthorizerStorageServer`` returned by ``get_storage_client``
@@ -548,10 +550,12 @@ class ClientPluginTests(TestCase):
                 AllMatch(
                     AfterPreprocessing(
                         lambda logged_message: logged_message.message,
-                        ContainsDict({
-                            u"message": Equals(u"request binding message"),
-                            u"count": Equals(num_passes),
-                        }),
+                        ContainsDict(
+                            {
+                                u"message": Equals(u"request binding message"),
+                                u"count": Equals(num_passes),
+                            }
+                        ),
                     ),
                 ),
             ),
@@ -563,6 +567,7 @@ class ClientResourceTests(TestCase):
     Tests for the plugin's implementation of
     ``IFoolscapStoragePlugin.get_client_resource``.
     """
+
     @given(tahoe_configs())
     def test_interface(self, get_config):
         """
@@ -617,6 +622,7 @@ class LeaseMaintenanceServiceTests(TestCase):
     """
     Tests for the plugin's initialization of the lease maintenance service.
     """
+
     def _created_test(self, get_config, servers_yaml, rootcap):
         original_tempdir = tempfile.tempdir
 
@@ -654,7 +660,7 @@ class LeaseMaintenanceServiceTests(TestCase):
             # suite if we don't clean it up.  We can't do this with a tearDown
             # or a fixture or an addCleanup because hypothesis doesn't run any
             # of those at the right time. :/
-           tempfile.tempdir = original_tempdir
+            tempfile.tempdir = original_tempdir
 
     @settings(
         deadline=None,
@@ -671,7 +677,6 @@ class LeaseMaintenanceServiceTests(TestCase):
         """
         return self._created_test(get_config, servers_yaml, rootcap=True)
 
-
     @settings(
         deadline=None,
     )
@@ -691,6 +696,7 @@ class LoadSigningKeyTests(TestCase):
     """
     Tests for ``load_signing_key``.
     """
+
     @given(ristretto_signing_keys())
     def test_valid(self, key_bytes):
         """
diff --git a/src/_zkapauthorizer/tests/test_pricecalculator.py b/src/_zkapauthorizer/tests/test_pricecalculator.py
index 25eaa40d09102b66ffbb592d590497c33d1c8517..c1ca75d82c629d709889e80361c8de98a3f3155f 100644
--- a/src/_zkapauthorizer/tests/test_pricecalculator.py
+++ b/src/_zkapauthorizer/tests/test_pricecalculator.py
@@ -55,10 +55,12 @@ from .matchers import (
 
 file_sizes = lists(sizes(), min_size=1)
 
+
 class PriceCalculatorTests(TestCase):
     """
     Tests for ``PriceCalculator``.
     """
+
     @given(
         integers(min_value=1),
         integers(min_value=1),
@@ -103,7 +105,6 @@ class PriceCalculatorTests(TestCase):
             greater_or_equal(more_needed_price),
         )
 
-
     @given(
         integers(min_value=1, max_value=127),
         integers(min_value=1, max_value=127),
diff --git a/src/_zkapauthorizer/tests/test_private.py b/src/_zkapauthorizer/tests/test_private.py
index 9382eb54021adea9a893b1b412c065398a4f0704..54d6d3f8ece4d1c080374bab44d80dc6a3b134f6 100644
--- a/src/_zkapauthorizer/tests/test_private.py
+++ b/src/_zkapauthorizer/tests/test_private.py
@@ -53,21 +53,25 @@ from allmydata.test.web.matchers import (
     has_response_code,
 )
 
+
 class PrivacyTests(TestCase):
     """
     Tests for the privacy features of the resources created by ``create_private_tree``.
     """
+
     def setUp(self):
         self.token = b"abcdef"
         self.resource = create_private_tree(lambda: self.token, Resource())
         self.agent = RequestTraversalAgent(self.resource)
-        self.client =  HTTPClient(self.agent)
+        self.client = HTTPClient(self.agent)
         return super(PrivacyTests, self).setUp()
 
     def _authorization(self, scheme, value):
-        return Headers({
-            u"authorization": [u"{} {}".format(scheme, value)],
-        })
+        return Headers(
+            {
+                "authorization": ["{} {}".format(scheme, value)],
+            }
+        )
 
     def test_unauthorized(self):
         """
@@ -86,7 +90,7 @@ class PrivacyTests(TestCase):
         self.assertThat(
             self.client.head(
                 b"http:///foo/bar",
-                headers=self._authorization(u"basic", self.token),
+                headers=self._authorization("basic", self.token),
             ),
             succeeded(has_response_code(Equals(UNAUTHORIZED))),
         )
@@ -99,7 +103,7 @@ class PrivacyTests(TestCase):
         self.assertThat(
             self.client.head(
                 b"http:///foo/bar",
-                headers=self._authorization(SCHEME, u"foo bar"),
+                headers=self._authorization(SCHEME, "foo bar"),
             ),
             succeeded(has_response_code(Equals(UNAUTHORIZED))),
         )
diff --git a/src/_zkapauthorizer/tests/test_schema.py b/src/_zkapauthorizer/tests/test_schema.py
index da1af22218d7431852e341f6e7a7d1106d65f6d1..a3b9d074563c02fb11d265bae3bda93a738f224e 100644
--- a/src/_zkapauthorizer/tests/test_schema.py
+++ b/src/_zkapauthorizer/tests/test_schema.py
@@ -32,6 +32,7 @@ from ..schema import (
     _UPGRADES,
 )
 
+
 class UpgradeTests(TestCase):
     def test_consistency(self):
         """
diff --git a/src/_zkapauthorizer/tests/test_spending.py b/src/_zkapauthorizer/tests/test_spending.py
index bb52eff98f14da6c06e63ed61aa77fbacb228321..7b3908c4eb21077276382dff6a430be72a36e3fc 100644
--- a/src/_zkapauthorizer/tests/test_spending.py
+++ b/src/_zkapauthorizer/tests/test_spending.py
@@ -56,10 +56,12 @@ from ..spending import (
     SpendingController,
 )
 
+
 class PassGroupTests(TestCase):
     """
     Tests for ``IPassGroup`` and the factories that create them.
     """
+
     @given(vouchers(), pass_counts(), posix_safe_datetimes())
     def test_get(self, voucher, num_passes, now):
         """
@@ -94,14 +96,14 @@ class PassGroupTests(TestCase):
         )
 
     def _test_token_group_operation(
-            self,
-            operation,
-            matches_tokens,
-            voucher,
-            num_passes,
-            now,
-            random,
-            data,
+        self,
+        operation,
+        matches_tokens,
+        voucher,
+        num_passes,
+        now,
+        random,
+        data,
     ):
         configless = self.useFixture(
             ConfiglessMemoryVoucherStore(
@@ -143,6 +145,7 @@ class PassGroupTests(TestCase):
         Passes in a group can be marked as successfully spent to prevent them from
         being re-used by a future ``get`` call.
         """
+
         def matches_tokens(num_passes, group):
             return AfterPreprocessing(
                 # The use of `backup` here to check is questionable.  TODO:
@@ -150,6 +153,7 @@ class PassGroupTests(TestCase):
                 lambda store: store.backup()[u"unblinded-tokens"],
                 HasLength(num_passes - len(group.passes)),
             )
+
         return self._test_token_group_operation(
             lambda group: group.mark_spent(),
             matches_tokens,
@@ -166,6 +170,7 @@ class PassGroupTests(TestCase):
         Passes in a group can be marked as invalid to prevent them from being
         re-used by a future ``get`` call.
         """
+
         def matches_tokens(num_passes, group):
             return AfterPreprocessing(
                 # The use of `backup` here to check is questionable.  TODO:
@@ -173,6 +178,7 @@ class PassGroupTests(TestCase):
                 lambda store: store.backup()[u"unblinded-tokens"],
                 HasLength(num_passes - len(group.passes)),
             )
+
         return self._test_token_group_operation(
             lambda group: group.mark_invalid(u"reason"),
             matches_tokens,
@@ -189,12 +195,14 @@ class PassGroupTests(TestCase):
         Passes in a group can be reset to allow them to be re-used by a future
         ``get`` call.
         """
+
         def matches_tokens(num_passes, group):
             return AfterPreprocessing(
                 # They've been reset so we should be able to re-get them.
                 lambda store: store.get_unblinded_tokens(len(group.passes)),
                 Equals(group.unblinded_tokens),
             )
+
         return self._test_token_group_operation(
             lambda group: group.reset(),
             matches_tokens,
diff --git a/src/_zkapauthorizer/tests/test_storage_client.py b/src/_zkapauthorizer/tests/test_storage_client.py
index c697090885784e259258b873c0ce68e340e190f2..5d769282ea596abcbe8e94ba9068c106ba7bd420 100644
--- a/src/_zkapauthorizer/tests/test_storage_client.py
+++ b/src/_zkapauthorizer/tests/test_storage_client.py
@@ -96,11 +96,11 @@ from .storage_common import (
 )
 
 
-
 class GetConfiguredValueTests(TestCase):
     """
     Tests for helpers for reading certain configuration values.
     """
+
     @given(integers(min_value=1, max_value=255))
     def test_get_configured_shares_needed(self, expected):
         """
@@ -115,7 +115,9 @@ class GetConfiguredValueTests(TestCase):
 shares.needed = {}
 shares.happy = 5
 shares.total = 10
-""".format(expected),
+""".format(
+                expected
+            ),
         )
 
         self.assertThat(
@@ -137,7 +139,9 @@ shares.total = 10
 shares.needed = 5
 shares.happy = 5
 shares.total = {}
-""".format(expected),
+""".format(
+                expected
+            ),
         )
 
         self.assertThat(
@@ -163,7 +167,9 @@ shares.total = 10
 
 [storageclient.plugins.privatestorageio-zkapauthz-v1]
 pass-value={}
-""".format(expected),
+""".format(
+                expected
+            ),
         )
 
         self.assertThat(
@@ -189,7 +195,9 @@ shares.total = 10
 
 [storageclient.plugins.privatestorageio-zkapauthz-v1]
 allowed-public-keys = {}
-""".format(",".join(expected)),
+""".format(
+                ",".join(expected)
+            ),
         )
 
         self.assertThat(
@@ -202,6 +210,7 @@ class CallWithPassesTests(TestCase):
     """
     Tests for ``call_with_passes``.
     """
+
     @given(pass_counts())
     def test_success_result(self, num_passes):
         """
@@ -321,7 +330,9 @@ class CallWithPassesTests(TestCase):
         def reject_even_pass_values(group):
             passes = group.passes
             good_passes = list(idx for (idx, p) in enumerate(passes) if p % 2)
-            bad_passes = list(idx for (idx, p) in enumerate(passes) if idx not in good_passes)
+            bad_passes = list(
+                idx for (idx, p) in enumerate(passes) if idx not in good_passes
+            )
             if len(good_passes) < num_passes:
                 _ValidationResult(
                     valid=good_passes,
@@ -463,12 +474,15 @@ class CallWithPassesTests(TestCase):
             ),
         )
 
+
 def reset(group):
     group.reset()
 
+
 def spend(group):
     group.mark_spent()
 
+
 def invalidate(group):
     group.mark_invalid(u"reason")
 
@@ -480,6 +494,7 @@ class PassFactoryTests(TestCase):
     It is unfortunate that this isn't the same test suite as
     ``test_spending.PassGroupTests``.
     """
+
     @given(pass_counts(), pass_counts())
     def test_returned_passes_reused(self, num_passes_a, num_passes_b):
         """
diff --git a/src/_zkapauthorizer/tests/test_storage_protocol.py b/src/_zkapauthorizer/tests/test_storage_protocol.py
index ae54c30eb40679a86fe955108f30daf13f00f837..f5e51f7c5df87730d4b14ce5469836c5410600fd 100644
--- a/src/_zkapauthorizer/tests/test_storage_protocol.py
+++ b/src/_zkapauthorizer/tests/test_storage_protocol.py
@@ -39,6 +39,7 @@ from testtools.twistedsupport import (
     succeeded,
     failed,
 )
+
 # I'd rather use https://twistedmatrix.com/trac/ticket/8900 but efforts
 # there appear to have stalled.
 from testtools.twistedsupport._deferred import (
@@ -137,6 +138,7 @@ class RequiredPassesTests(TestCase):
     """
     Tests for ``required_passes``.
     """
+
     @given(integers(min_value=1), sets(integers(min_value=0)))
     def test_incorrect_types(self, bytes_per_pass, share_sizes):
         """
@@ -159,11 +161,7 @@ class RequiredPassesTests(TestCase):
         """
         actual = required_passes(
             bytes_per_pass,
-            list(
-                passes * bytes_per_pass
-                for passes
-                in expected_per_share
-            ),
+            list(passes * bytes_per_pass for passes in expected_per_share),
         )
         self.assertThat(
             actual,
@@ -190,13 +188,16 @@ class ShareTests(TestCase):
     :ivar pass_factory: An object which is responsible for creating passes
         which are used by these tests.
     """
+
     pass_value = 128 * 1024
 
     def setUp(self):
         super(ShareTests, self).setUp()
         self.canary = LocalReferenceable(None)
         self.signing_key = random_signing_key()
-        self.pass_factory = pass_factory(get_passes=privacypass_passes(self.signing_key))
+        self.pass_factory = pass_factory(
+            get_passes=privacypass_passes(self.signing_key)
+        )
 
         self.clock = Clock()
         self.anonymous_storage_server = self.useFixture(
@@ -245,7 +246,9 @@ class ShareTests(TestCase):
         size=sizes(),
         data=data_strategy(),
     )
-    def test_rejected_passes_reported(self, storage_index, renew_secret, cancel_secret, sharenums, size, data):
+    def test_rejected_passes_reported(
+        self, storage_index, renew_secret, cancel_secret, sharenums, size, data
+    ):
         """
         Any passes rejected by the storage server are reported with a
         ``MorePassesRequired`` exception sent to the client.
@@ -300,11 +303,7 @@ class ShareTests(TestCase):
             # it.
             self.local_remote_server.callRemote(
                 "allocate_buckets",
-                list(
-                    pass_.pass_text.encode("ascii")
-                    for pass_
-                    in all_passes
-                ),
+                list(pass_.pass_text.encode("ascii") for pass_ in all_passes),
                 storage_index,
                 renew_secret,
                 cancel_secret,
@@ -333,7 +332,9 @@ class ShareTests(TestCase):
         sharenums=sharenum_sets(),
         size=sizes(),
     )
-    def test_create_immutable(self, storage_index, renew_secret, cancel_secret, sharenums, size):
+    def test_create_immutable(
+        self, storage_index, renew_secret, cancel_secret, sharenums, size
+    ):
         """
         Immutable share data created using *allocate_buckets* and methods of the
         resulting buckets can be read back using *get_buckets* and methods of
@@ -398,14 +399,12 @@ class ShareTests(TestCase):
             MatchesStructure(
                 issued=HasLength(anticipated_passes),
                 spent=HasLength(anticipated_passes),
-
                 returned=HasLength(0),
                 in_use=HasLength(0),
                 invalid=HasLength(0),
             ),
         )
 
-
     @given(
         storage_index=storage_indexes(),
         renew_secret=lease_renew_secrets(),
@@ -415,13 +414,13 @@ class ShareTests(TestCase):
         size=sizes(),
     )
     def test_shares_already_exist(
-            self,
-            storage_index,
-            renew_secret,
-            cancel_secret,
-            existing_sharenums,
-            additional_sharenums,
-            size,
+        self,
+        storage_index,
+        renew_secret,
+        cancel_secret,
+        existing_sharenums,
+        additional_sharenums,
+        size,
     ):
         """
         When the remote *allocate_buckets* implementation reports that shares
@@ -492,7 +491,6 @@ class ShareTests(TestCase):
                 issued=HasLength(anticipated_passes),
                 spent=HasLength(expected_spent_passes),
                 returned=HasLength(expected_returned_passes),
-
                 in_use=HasLength(0),
                 invalid=HasLength(0),
             ),
@@ -505,7 +503,9 @@ class ShareTests(TestCase):
         sharenums=sharenum_sets(),
         size=sizes(),
     )
-    def test_add_lease(self, storage_index, renew_secrets, cancel_secret, sharenums, size):
+    def test_add_lease(
+        self, storage_index, renew_secrets, cancel_secret, sharenums, size
+    ):
         """
         A lease can be added to an existing immutable share.
         """
@@ -540,7 +540,9 @@ class ShareTests(TestCase):
         leases = list(self.anonymous_storage_server.get_leases(storage_index))
         self.assertThat(leases, HasLength(2))
 
-    def _stat_shares_immutable_test(self, storage_index, sharenum, size, when, leases, write_shares):
+    def _stat_shares_immutable_test(
+        self, storage_index, sharenum, size, when, leases, write_shares
+    ):
         # Hypothesis causes our storage server to be used many times.  Clean
         # up between iterations.
         cleanup_storage_server(self.anonymous_storage_server)
@@ -578,12 +580,14 @@ class ShareTests(TestCase):
         finally:
             patch.cleanUp()
 
-        expected = [{
-            sharenum: ShareStat(
-                size=size,
-                lease_expiration=int(self.clock.seconds() + LEASE_INTERVAL),
-            ),
-        }]
+        expected = [
+            {
+                sharenum: ShareStat(
+                    size=size,
+                    lease_expiration=int(self.clock.seconds() + LEASE_INTERVAL),
+                ),
+            }
+        ]
         self.assertThat(
             self.client.stat_shares([storage_index]),
             succeeded(Equals(expected)),
@@ -598,7 +602,9 @@ class ShareTests(TestCase):
         when=posix_timestamps(),
         leases=lists(lease_renew_secrets(), unique=True),
     )
-    def test_stat_shares_immutable(self, storage_index, renew_secret, cancel_secret, sharenum, size, when, leases):
+    def test_stat_shares_immutable(
+        self, storage_index, renew_secret, cancel_secret, sharenum, size, when, leases
+    ):
         """
         Size and lease information about immutable shares can be retrieved from a
         storage server.
@@ -628,7 +634,9 @@ class ShareTests(TestCase):
         leases=lists(lease_renew_secrets(), unique=True, min_size=1),
         version=share_versions(),
     )
-    def test_stat_shares_immutable_wrong_version(self, storage_index, sharenum, size, when, leases, version):
+    def test_stat_shares_immutable_wrong_version(
+        self, storage_index, sharenum, size, when, leases, version
+    ):
         """
         If a share file with an unexpected version is found, ``stat_shares``
         declines to offer a result (by raising ``ValueError``).
@@ -673,7 +681,9 @@ class ShareTests(TestCase):
         # Encode our knowledge of the share header format and size right here...
         position=integers(min_value=0, max_value=11),
     )
-    def test_stat_shares_truncated_file(self, storage_index, sharenum, size, when, version, position):
+    def test_stat_shares_truncated_file(
+        self, storage_index, sharenum, size, when, version, position
+    ):
         """
         If a share file is truncated in the middle of the header,
         ``stat_shares`` declines to offer a result (by raising
@@ -712,8 +722,10 @@ class ShareTests(TestCase):
             ),
         )
 
-
-    @skipIf(platform.isWindows(), "Creating large files on Windows (no sparse files) is too slow")
+    @skipIf(
+        platform.isWindows(),
+        "Creating large files on Windows (no sparse files) is too slow",
+    )
     @given(
         storage_index=storage_indexes(),
         sharenum=sharenums(),
@@ -721,7 +733,9 @@ class ShareTests(TestCase):
         when=posix_timestamps(),
         leases=lists(lease_renew_secrets(), unique=True, min_size=1),
     )
-    def test_stat_shares_immutable_large(self, storage_index, sharenum, size, when, leases):
+    def test_stat_shares_immutable_large(
+        self, storage_index, sharenum, size, when, leases
+    ):
         """
         Size and lease information about very large immutable shares can be
         retrieved from a storage server.
@@ -730,6 +744,7 @@ class ShareTests(TestCase):
         share placement and layout.  This is necessary to avoid having to
         write real multi-gigabyte files to exercise the behavior.
         """
+
         def write_shares(storage_server, storage_index, sharenums, size, canary):
             sharedir = FilePath(storage_server.sharedir).preauthChild(
                 # storage_index_to_dir likes to return multiple segments
@@ -767,7 +782,9 @@ class ShareTests(TestCase):
         test_and_write_vectors_for_shares=slot_test_and_write_vectors_for_shares(),
         when=posix_timestamps(),
     )
-    def test_stat_shares_mutable(self, storage_index, secrets, test_and_write_vectors_for_shares, when):
+    def test_stat_shares_mutable(
+        self, storage_index, secrets, test_and_write_vectors_for_shares, when
+    ):
         """
         Size and lease information about mutable shares can be retrieved from a
         storage server.
@@ -788,8 +805,7 @@ class ShareTests(TestCase):
                     secrets=secrets,
                     tw_vectors={
                         k: v.for_call()
-                        for (k, v)
-                        in test_and_write_vectors_for_shares.items()
+                        for (k, v) in test_and_write_vectors_for_shares.items()
                     },
                     r_vector=[],
                 ),
@@ -802,23 +818,23 @@ class ShareTests(TestCase):
             u"Server rejected a write to a new mutable slot",
         )
 
-        expected = [{
-            sharenum: ShareStat(
-                size=get_implied_data_length(
-                    vectors.write_vector,
-                    vectors.new_length,
-                ),
-                lease_expiration=int(self.clock.seconds() + LEASE_INTERVAL),
-            )
-            for (sharenum, vectors)
-            in test_and_write_vectors_for_shares.items()
-        }]
+        expected = [
+            {
+                sharenum: ShareStat(
+                    size=get_implied_data_length(
+                        vectors.write_vector,
+                        vectors.new_length,
+                    ),
+                    lease_expiration=int(self.clock.seconds() + LEASE_INTERVAL),
+                )
+                for (sharenum, vectors) in test_and_write_vectors_for_shares.items()
+            }
+        ]
         self.assertThat(
             self.client.stat_shares([storage_index]),
             succeeded(Equals(expected)),
         )
 
-
     @skipIf(
         platform.isWindows(),
         "StorageServer fails to create necessary directory for corruption advisories in Windows.",
@@ -830,7 +846,9 @@ class ShareTests(TestCase):
         sharenum=sharenums(),
         size=sizes(),
     )
-    def test_advise_corrupt_share(self, storage_index, renew_secret, cancel_secret, sharenum, size):
+    def test_advise_corrupt_share(
+        self, storage_index, renew_secret, cancel_secret, sharenum, size
+    ):
         """
         An advisory of corruption in a share can be sent to the server.
         """
@@ -872,7 +890,9 @@ class ShareTests(TestCase):
         ),
         test_and_write_vectors_for_shares=slot_test_and_write_vectors_for_shares(),
     )
-    def test_create_mutable(self, storage_index, secrets, test_and_write_vectors_for_shares):
+    def test_create_mutable(
+        self, storage_index, secrets, test_and_write_vectors_for_shares
+    ):
         """
         Mutable share data written using *slot_testv_and_readv_and_writev* can be
         read back as-written and without spending any more passes.
@@ -887,8 +907,7 @@ class ShareTests(TestCase):
                 secrets=secrets,
                 tw_vectors={
                     k: v.for_call()
-                    for (k, v)
-                    in test_and_write_vectors_for_shares.items()
+                    for (k, v) in test_and_write_vectors_for_shares.items()
                 },
                 r_vector=[],
             ),
@@ -905,7 +924,9 @@ class ShareTests(TestCase):
         )
         # Now we can read it back without spending any more passes.
         before_passes = len(self.pass_factory.issued)
-        assert_read_back_data(self, storage_index, secrets, test_and_write_vectors_for_shares)
+        assert_read_back_data(
+            self, storage_index, secrets, test_and_write_vectors_for_shares
+        )
         after_passes = len(self.pass_factory.issued)
         self.assertThat(
             before_passes,
@@ -921,7 +942,9 @@ class ShareTests(TestCase):
         ),
         test_and_write_vectors_for_shares=slot_test_and_write_vectors_for_shares(),
     )
-    def test_mutable_rewrite_preserves_lease(self, storage_index, secrets, test_and_write_vectors_for_shares):
+    def test_mutable_rewrite_preserves_lease(
+        self, storage_index, secrets, test_and_write_vectors_for_shares
+    ):
         """
         When mutable share data is rewritten using
         *slot_testv_and_readv_and_writev* any leases on the corresponding slot
@@ -934,8 +957,9 @@ class ShareTests(TestCase):
         def leases():
             return list(
                 lease.to_mutable_data()
-                for lease
-                in self.anonymous_storage_server.get_slot_leases(storage_index)
+                for lease in self.anonymous_storage_server.get_slot_leases(
+                    storage_index
+                )
             )
 
         def write():
@@ -944,8 +968,7 @@ class ShareTests(TestCase):
                 secrets=secrets,
                 tw_vectors={
                     k: v.for_call()
-                    for (k, v)
-                    in test_and_write_vectors_for_shares.items()
+                    for (k, v) in test_and_write_vectors_for_shares.items()
                 },
                 r_vector=[],
             )
@@ -984,15 +1007,15 @@ class ShareTests(TestCase):
         test_and_write_vectors_for_shares=slot_test_and_write_vectors_for_shares(),
     )
     def test_mutable_rewrite_renews_expired_lease(
-            self,
-            storage_index,
-            when,
-            sharenum,
-            size,
-            write_enabler,
-            renew_secret,
-            cancel_secret,
-            test_and_write_vectors_for_shares,
+        self,
+        storage_index,
+        when,
+        sharenum,
+        size,
+        write_enabler,
+        renew_secret,
+        cancel_secret,
+        test_and_write_vectors_for_shares,
     ):
         """
         When mutable share data with an expired lease is rewritten using
@@ -1012,8 +1035,7 @@ class ShareTests(TestCase):
                 secrets=secrets,
                 tw_vectors={
                     k: v.for_call()
-                    for (k, v)
-                    in test_and_write_vectors_for_shares.items()
+                    for (k, v) in test_and_write_vectors_for_shares.items()
                 },
                 r_vector=[],
             )
@@ -1037,17 +1059,23 @@ class ShareTests(TestCase):
         # marked as expiring one additional lease period into the future.
         self.assertThat(
             self.server.remote_stat_shares([storage_index]),
-            Equals([{
-                num: ShareStat(
-                    size=get_implied_data_length(
-                        test_and_write_vectors_for_shares[num].write_vector,
-                        test_and_write_vectors_for_shares[num].new_length,
-                    ),
-                    lease_expiration=int(self.clock.seconds() + self.server.LEASE_PERIOD.total_seconds()),
-                )
-                for num
-                in test_and_write_vectors_for_shares
-            }]),
+            Equals(
+                [
+                    {
+                        num: ShareStat(
+                            size=get_implied_data_length(
+                                test_and_write_vectors_for_shares[num].write_vector,
+                                test_and_write_vectors_for_shares[num].new_length,
+                            ),
+                            lease_expiration=int(
+                                self.clock.seconds()
+                                + self.server.LEASE_PERIOD.total_seconds()
+                            ),
+                        )
+                        for num in test_and_write_vectors_for_shares
+                    }
+                ]
+            ),
         )
 
     @given(
@@ -1059,7 +1087,9 @@ class ShareTests(TestCase):
         ),
         test_and_write_vectors_for_shares=slot_test_and_write_vectors_for_shares(),
     )
-    def test_client_cannot_control_lease_behavior(self, storage_index, secrets, test_and_write_vectors_for_shares):
+    def test_client_cannot_control_lease_behavior(
+        self, storage_index, secrets, test_and_write_vectors_for_shares
+    ):
         """
         If the client passes ``renew_leases`` to *slot_testv_and_readv_and_writev*
         it fails with ``TypeError``, no lease is updated, and no share data is
@@ -1086,11 +1116,7 @@ class ShareTests(TestCase):
             # secrets
             secrets,
             # tw_vectors
-            {
-                k: v.for_call()
-                for (k, v)
-                in test_and_write_vectors_for_shares.items()
-            },
+            {k: v.for_call() for (k, v) in test_and_write_vectors_for_shares.items()},
             # r_vector
             [],
             # add_leases
@@ -1115,8 +1141,7 @@ class ShareTests(TestCase):
             shares=None,
             r_vector=list(
                 list(map(write_vector_to_read_vector, vector.write_vector))
-                for vector
-                in test_and_write_vectors_for_shares.values()
+                for vector in test_and_write_vectors_for_shares.values()
             ),
         )
         self.expectThat(
@@ -1133,7 +1158,9 @@ class ShareTests(TestCase):
         )
 
 
-def assert_read_back_data(self, storage_index, secrets, test_and_write_vectors_for_shares):
+def assert_read_back_data(
+    self, storage_index, secrets, test_and_write_vectors_for_shares
+):
     """
     Assert that the data written by ``test_and_write_vectors_for_shares`` can
     be read back from ``storage_index``.
@@ -1149,22 +1176,17 @@ def assert_read_back_data(self, storage_index, secrets, test_and_write_vectors_f
     # Create a buffer and pile up all the write operations in it.
     # This lets us make correct assertions about overlapping writes.
     for sharenum, vectors in test_and_write_vectors_for_shares.items():
-        length = max(
-            offset + len(data)
-            for (offset, data)
-            in vectors.write_vector
-        )
+        length = max(offset + len(data) for (offset, data) in vectors.write_vector)
         expected = b"\x00" * length
         for (offset, data) in vectors.write_vector:
-            expected = expected[:offset] + data + expected[offset + len(data):]
+            expected = expected[:offset] + data + expected[offset + len(data) :]
         if vectors.new_length is not None and vectors.new_length < length:
-            expected = expected[:vectors.new_length]
+            expected = expected[: vectors.new_length]
 
         expected_result = list(
             # Get the expected value out of our scratch buffer.
-            expected[offset:offset + len(data)]
-            for (offset, data)
-            in vectors.write_vector
+            expected[offset : offset + len(data)]
+            for (offset, data) in vectors.write_vector
         )
 
         _, single_read = extract_result(
diff --git a/src/_zkapauthorizer/tests/test_storage_server.py b/src/_zkapauthorizer/tests/test_storage_server.py
index 1adab62a8b9e6e6605424f2a2ee78dc75f2f87bd..004534c2ba153ee5baeb084c5ac74cdb9fd3334a 100644
--- a/src/_zkapauthorizer/tests/test_storage_server.py
+++ b/src/_zkapauthorizer/tests/test_storage_server.py
@@ -111,6 +111,7 @@ class ValidationResultTests(TestCase):
     """
     Tests for ``_ValidationResult``.
     """
+
     def setUp(self):
         super(ValidationResultTests, self).setUp()
         self.signing_key = random_signing_key()
@@ -128,9 +129,7 @@ class ValidationResultTests(TestCase):
             list(RandomToken.create() for i in range(valid_count)),
         )
         all_passes = valid_passes + list(
-            pass_.pass_text.encode("ascii")
-            for pass_
-            in invalid_passes
+            pass_.pass_text.encode("ascii") for pass_ in invalid_passes
         )
         shuffle(all_passes)
 
@@ -144,14 +143,12 @@ class ValidationResultTests(TestCase):
                 _ValidationResult(
                     valid=list(
                         idx
-                        for (idx, pass_)
-                        in enumerate(all_passes)
+                        for (idx, pass_) in enumerate(all_passes)
                         if pass_ in valid_passes
                     ),
                     signature_check_failed=list(
                         idx
-                        for (idx, pass_)
-                        in enumerate(all_passes)
+                        for (idx, pass_) in enumerate(all_passes)
                         if pass_ not in valid_passes
                     ),
                 ),
@@ -183,7 +180,9 @@ class ValidationResultTests(TestCase):
                     ),
                     AfterPreprocessing(
                         str,
-                        Equals("MorePassesRequired(valid_count=4, required_count=10, signature_check_failed=frozenset([4]))"),
+                        Equals(
+                            "MorePassesRequired(valid_count=4, required_count=10, signature_check_failed=frozenset([4]))"
+                        ),
                     ),
                 ),
             )
@@ -193,6 +192,7 @@ class PassValidationTests(TestCase):
     """
     Tests for pass validation performed by ``ZKAPAuthorizerStorageServer``.
     """
+
     pass_value = 128 * 1024
 
     @skipIf(platform.isWindows(), "Storage server is not supported on Windows")
@@ -238,13 +238,14 @@ class PassValidationTests(TestCase):
 
         allocate_buckets = lambda: self.storage_server.doRemoteCall(
             "allocate_buckets",
-            (valid_passes,
-             storage_index,
-             renew_secret,
-             cancel_secret,
-             share_nums,
-             allocated_size,
-             LocalReferenceable(None),
+            (
+                valid_passes,
+                storage_index,
+                renew_secret,
+                cancel_secret,
+                share_nums,
+                allocated_size,
+                LocalReferenceable(None),
             ),
             {},
         )
@@ -253,7 +254,6 @@ class PassValidationTests(TestCase):
             raises(MorePassesRequired),
         )
 
-
     @given(
         storage_index=storage_indexes(),
         secrets=tuples(
@@ -305,13 +305,12 @@ class PassValidationTests(TestCase):
         else:
             self.fail("expected MorePassesRequired, got {}".format(result))
 
-
     def _test_extend_mutable_fails_without_passes(
-            self,
-            storage_index,
-            secrets,
-            test_and_write_vectors_for_shares,
-            make_data_vector,
+        self,
+        storage_index,
+        secrets,
+        test_and_write_vectors_for_shares,
+        make_data_vector,
     ):
         """
         Verify that increasing the storage requirements of a slot without
@@ -327,9 +326,7 @@ class PassValidationTests(TestCase):
         cleanup_storage_server(self.anonymous_storage_server)
 
         tw_vectors = {
-            k: v.for_call()
-            for (k, v)
-            in test_and_write_vectors_for_shares.items()
+            k: v.for_call() for (k, v) in test_and_write_vectors_for_shares.items()
         }
 
         note("tw_vectors summarized: {}".format(summarize(tw_vectors)))
@@ -344,11 +341,7 @@ class PassValidationTests(TestCase):
         valid_passes = make_passes(
             self.signing_key,
             slot_testv_and_readv_and_writev_message(storage_index),
-            list(
-                RandomToken.create()
-                for i
-                in range(required_pass_count)
-            ),
+            list(RandomToken.create() for i in range(required_pass_count)),
         )
 
         # Create an initial share to toy with.
@@ -417,7 +410,9 @@ class PassValidationTests(TestCase):
         ),
         test_and_write_vectors_for_shares=slot_test_and_write_vectors_for_shares(),
     )
-    def test_extend_mutable_with_write_fails_without_passes(self, storage_index, secrets, test_and_write_vectors_for_shares):
+    def test_extend_mutable_with_write_fails_without_passes(
+        self, storage_index, secrets, test_and_write_vectors_for_shares
+    ):
         """
         If ``remote_slot_testv_and_readv_and_writev`` is invoked to increase
         storage usage by performing a write past the end of a share without
@@ -435,13 +430,13 @@ class PassValidationTests(TestCase):
         )
 
     def _test_lease_operation_fails_without_passes(
-            self,
-            storage_index,
-            secrets,
-            sharenums,
-            allocated_size,
-            lease_operation,
-            lease_operation_message,
+        self,
+        storage_index,
+        secrets,
+        sharenums,
+        allocated_size,
+        lease_operation,
+        lease_operation_message,
     ):
         """
         Assert that a lease-taking operation fails if it is not supplied with
@@ -461,7 +456,9 @@ class PassValidationTests(TestCase):
 
         renew_secret, cancel_secret = secrets
 
-        required_count = required_passes(self.pass_value, [allocated_size] * len(sharenums))
+        required_count = required_passes(
+            self.pass_value, [allocated_size] * len(sharenums)
+        )
         # Create some shares at a slot which will require lease renewal.
         write_toy_shares(
             self.anonymous_storage_server,
@@ -514,16 +511,20 @@ class PassValidationTests(TestCase):
         sharenums=sharenum_sets(),
         allocated_size=sizes(),
     )
-    def test_add_lease_fails_without_passes(self, storage_index, secrets, sharenums, allocated_size):
+    def test_add_lease_fails_without_passes(
+        self, storage_index, secrets, sharenums, allocated_size
+    ):
         """
         If ``remote_add_lease`` is invoked without supplying enough passes to
         cover the storage for all shares on the given storage index, the
         operation fails with ``MorePassesRequired``.
         """
         renew_secret, cancel_secret = secrets
+
         def add_lease(storage_server, passes):
             return storage_server.doRemoteCall(
-                "add_lease", (
+                "add_lease",
+                (
                     passes,
                     storage_index,
                     renew_secret,
@@ -531,6 +532,7 @@ class PassValidationTests(TestCase):
                 ),
                 {},
             )
+
         return self._test_lease_operation_fails_without_passes(
             storage_index,
             secrets,
@@ -550,7 +552,9 @@ class PassValidationTests(TestCase):
         sharenums=one_of(just(None), sharenum_sets()),
         test_and_write_vectors_for_shares=slot_test_and_write_vectors_for_shares(),
     )
-    def test_mutable_share_sizes(self, slot, secrets, sharenums, test_and_write_vectors_for_shares):
+    def test_mutable_share_sizes(
+        self, slot, secrets, sharenums, test_and_write_vectors_for_shares
+    ):
         """
         ``share_sizes`` returns the size of the requested mutable shares in the
         requested slot.
@@ -560,9 +564,7 @@ class PassValidationTests(TestCase):
         cleanup_storage_server(self.anonymous_storage_server)
 
         tw_vectors = {
-            k: v.for_call()
-            for (k, v)
-            in test_and_write_vectors_for_shares.items()
+            k: v.for_call() for (k, v) in test_and_write_vectors_for_shares.items()
         }
 
         # Create an initial share to toy with.
@@ -574,11 +576,7 @@ class PassValidationTests(TestCase):
         valid_passes = make_passes(
             self.signing_key,
             slot_testv_and_readv_and_writev_message(slot),
-            list(
-                RandomToken.create()
-                for i
-                in range(required_pass_count)
-            ),
+            list(RandomToken.create() for i in range(required_pass_count)),
         )
         test, read = self.storage_server.doRemoteCall(
             "slot_testv_and_readv_and_writev",
@@ -599,13 +597,13 @@ class PassValidationTests(TestCase):
 
         expected_sizes = {
             sharenum: get_implied_data_length(data_vector, new_length)
-            for (sharenum, (testv, data_vector, new_length))
-            in tw_vectors.items()
+            for (sharenum, (testv, data_vector, new_length)) in tw_vectors.items()
             if sharenums is None or sharenum in sharenums
         }
 
         actual_sizes = self.storage_server.doRemoteCall(
-            "share_sizes", (
+            "share_sizes",
+            (
                 slot,
                 sharenums,
             ),
diff --git a/src/_zkapauthorizer/tests/test_strategies.py b/src/_zkapauthorizer/tests/test_strategies.py
index 3f60fcd8a617e344e20b7c5e2bb496143e07d571..408053e91de8b74ae114c5fd12971d15ea203a07 100644
--- a/src/_zkapauthorizer/tests/test_strategies.py
+++ b/src/_zkapauthorizer/tests/test_strategies.py
@@ -47,10 +47,12 @@ from .strategies import (
     share_parameters,
 )
 
+
 class TahoeConfigsTests(TestCase):
     """
     Tests for ``tahoe_configs``.
     """
+
     @given(data())
     def test_parses(self, data):
         """
diff --git a/src/_zkapauthorizer/validators.py b/src/_zkapauthorizer/validators.py
index bd1545144b3a9ed39d10c656ccd9ebbbde549804..8bea8f19eed1aab1192205e722bdbf935d3fa4a3 100644
--- a/src/_zkapauthorizer/validators.py
+++ b/src/_zkapauthorizer/validators.py
@@ -20,6 +20,7 @@ from base64 import (
     b64decode,
 )
 
+
 def is_base64_encoded(b64decode=b64decode):
     def validate_is_base64_encoded(inst, attr, value):
         try:
@@ -31,8 +32,10 @@ def is_base64_encoded(b64decode=b64decode):
                     value=value,
                 ),
             )
+
     return validate_is_base64_encoded
 
+
 def has_length(expected):
     def validate_has_length(inst, attr, value):
         if len(value) != expected:
@@ -43,8 +46,10 @@ def has_length(expected):
                     actual=len(value),
                 ),
             )
+
     return validate_has_length
 
+
 def greater_than(expected):
     def validate_relation(inst, attr, value):
         if value > expected:
@@ -57,4 +62,5 @@ def greater_than(expected):
                 actual=value,
             ),
         )
+
     return validate_relation