diff --git a/memory/2026-03-17.md b/memory/2026-03-17.md
new file mode 100644
index 0000000..6c93f4a
--- /dev/null
+++ b/memory/2026-03-17.md
@@ -0,0 +1,95 @@
+
+## Mira Discord Bot — Created & Live (Mar 17)
+- App ID: 1483483480435458240
+- Bot token stored in OC config (discord accounts.mira)
+- Guild: vault1984 (1478270766007976009)
+- Intents enabled: Presence, Server Members, Message Content
+- Agent config: /home/johan/mira workspace, ✨ avatar
+- Status: ONLINE as of 12:39 PM ET
+
+## Chrome Remote Debug Setup (Mar 17)
+- Mac SSH: johanjongsma@192.168.1.14 (key: ~/.ssh/id_ed25519)
+- OC browser profile "user": driver=existing-session, attachOnly=true
+- alias chrome-debug on Mac: launches Chrome with --remote-debugging-port=9222 --remote-debugging-address=0.0.0.0
+- Dock app: ~/Applications/ChromeDebug.app (compiled AppleScript)
+- Note: Chrome must be launched fresh (not existing instance) for debug port to bind
+
+## Email Triage — Real-time Pipeline Fixed (Mar 17)
+- MC webhook → OC /hooks/messages → mail agent (agentId: mail)
+- Junk filter prompt: default=PASS, government/official bodies always pass
+- Removed Kaseya rules from both junk prompt and routing guide
+- MijnOverheid (Belastingdienst) emails restored to inbox — 2 tax documents pending
+
+## Session Summary — Mar 17 Morning/Midday
+
+### Email Triage Pipeline
+- MC webhook → OC /hooks/messages → agentId: mail (was missing agentId, now fixed)
+- Junk filter rules: removed Kaseya-specific rules entirely
+- Routing rules: "default=PASS" principle added — never archive what you can't confirm is noise
+- Government/official bodies (Belastingdienst, MijnOverheid) always pass — legal consequences
+- Two MijnOverheid Belastingdienst emails restored to inbox (Feb 20, Mar 13) — TAX DOCS, Johan must check
+- 208 messages archived from inboxes (tj@ and johan@) since Feb 15
+- Pipeline verified working end-to-end
+
+### Alerts surfaced during triage
+- Openprovider URGENT Suspension — needs immediate attention
+- Chase Prime Visa — payment was due Mar 7 (possibly overdue)
+- Health Link invoice #000061 — $216.90 Sophia blood draw, unpaid, multiple reminders
+- National Visa Center — immigration reinstatement notice
+- Venmo $480 outstanding from Diane Murray
+- Jonathan Hayden — replied to MRI analysis (real human, in inbox)
+- Macy's statement acct 8097 Feb 26
+
+### Mac SSH Access — Established
+- johanjongsma@192.168.1.14 (key: ~/.ssh/id_ed25519 from forge)
+- Mac username is johanjongsma (NOT johan — wasted time on wrong username earlier)
+- SSH enabled via System Settings → General → Sharing → Remote Login
+- PubkeyAuthentication needed explicit `yes` in sshd_config
+
+### Chrome Remote Debug
+- Working command: `/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --remote-debugging-port=9222 --remote-debugging-address=0.0.0.0`
+- Alias `chrome-debug` added to ~/.zshrc on Mac
+- Dock app: ~/Applications/ChromeDebug.app (AppleScript compiled via osacompile — must run in GUI session, not SSH)
+- OC browser profile "user": driver=existing-session, attachOnly=true, color=#00AA00
+- cdpUrl was initially set to 127.0.0.1:19222 (SSH tunnel) — corrected to 192.168.1.14:9222 (direct LAN)
+- Chrome must be launched fresh (kill existing instance first) for debug port to actually bind
+- `--remote-debugging-address=0.0.0.0` required or Chrome only binds to localhost
+
+### Mira Discord Bot
+- Created via browser automation (headless OC browser + Johan clicking CAPTCHA)
+- App ID: 1483483480435458240 | Bot: Mira#7065
+- Token: MTQ4MzQ4MzQ4MDQzNTQ1ODI0MA.G9zfbb.m9MdxDSgGnGJYz4i4oiR_3FZb8D4FCOK0oFXMo
+- Guild: vault1984 (1478270766007976009) — added via OAuth2 authorize flow
+- Intents: all three privileged intents enabled (Presence, Server Members, Message Content)
+- OC config: channels.discord.accounts.mira, workspace /home/johan/mira
+- ONLINE as of 12:39 PM ET Mar 17
+- Error 4014 was the blocker — intents were set via application flags API but NOT in the bot portal UI (separate thing)
+
+### OC Browser Profile Learnings
+- profile="user" with driver="existing-session" = Chrome MCP attach, no debug port needed in theory
+- BUT in practice needs Chrome running with --remote-debugging-port on the same machine as gateway
+- Gateway is on forge (Linux), Chrome is on Mac — so remote CDP required
+- Remote CDP profile: cdpUrl pointing at Mac's IP:9222
+- existing-session driver does NOT accept userDataDir key (config validation error)
+- SSH tunnel approach works but unnecessary — direct LAN is cleaner
+
+### Pending
+- Johan needs to check MijnOverheid for Belastingdienst tax documents
+- Openprovider suspension needs immediate attention
+- Chase payment may be overdue
+- Mac Chrome needs to be re-launched with debug flags for browser automation to work again
+
+## Mira Discord — Root Cause & Fix (Mar 17 13:09)
+- **Root cause:** Missing entry in `bindings[]` array in openclaw.json
+- George/Iaso had explicit bindings `{agentId: "george", match: {channel: "discord", accountId: "george"}}`
+- Mira only had a telegram binding — Discord messages were never routed to her agent
+- **Fix:** Added `{agentId: "mira", match: {channel: "discord", accountId: "mira"}}` to bindings[]
+- Also: new bot token issued by Johan (old one may have been compromised/expired)
+- New token: MTQ4MzQ4MzQ4MDQzNTQ1ODI0MA.GYcXfM.oqWv6C_R2TRNtAZ61fZRAZPtg30L2olIk7zQ_8
+- **Lesson:** When adding a new Discord bot account, ALWAYS add a binding entry — account name matching agent ID is NOT sufficient
+
+## Claude API Outage / Degraded (Mar 17 ~13:30-13:41 ET)
+- Sonnet 4.6 timeouts hitting all agents
+- OC fallback also fails (fallback = same model, no alternate configured)
+- George's 4.3MB session was archived to prevent compounding the issue
+- Not a config issue — Anthropic-side degradation
diff --git a/memory/claude-usage.db b/memory/claude-usage.db
index 62402a5..22e48af 100644
Binary files a/memory/claude-usage.db and b/memory/claude-usage.db differ
diff --git a/memory/claude-usage.json b/memory/claude-usage.json
index d829bfb..c789c9d 100644
--- a/memory/claude-usage.json
+++ b/memory/claude-usage.json
@@ -1,9 +1,9 @@
 {
-  "last_updated": "2026-03-17T16:00:01.624344Z",
+  "last_updated": "2026-03-17T22:00:02.109827Z",
   "source": "api",
   "session_percent": 0,
-  "session_resets": null,
-  "weekly_percent": 30,
-  "weekly_resets": "2026-03-20T03:00:00.580458+00:00",
-  "sonnet_percent": 36
+  "session_resets": "2026-03-18T01:59:59.998512+00:00",
+  "weekly_percent": 41,
+  "weekly_resets": "2026-03-20T02:59:59.998534+00:00",
+  "sonnet_percent": 54
 }
\ No newline at end of file
diff --git a/memory/git-audit-lastfull.txt b/memory/git-audit-lastfull.txt
index b3561e8..11b3599 100644
--- a/memory/git-audit-lastfull.txt
+++ b/memory/git-audit-lastfull.txt
@@ -1 +1 @@
-1773677024
+1773763419
diff --git a/memory/heartbeat-state.json b/memory/heartbeat-state.json
index b24710f..3ce4746 100644
--- a/memory/heartbeat-state.json
+++ b/memory/heartbeat-state.json
@@ -14,7 +14,7 @@
   "lastDocInbox": "2026-02-25T22:01:42.532628Z",
   "lastTechScan": 1773753620.4265354,
   "lastMemoryReview": 1773753620.4265354,
-  "lastIntraDayXScan": 1773754274,
+  "lastIntraDayXScan": 1773772466,
   "lastInouSuggestion": "2026-03-16T21:04:43.993567+00:00",
   "lastEmail": 1773753620.4265354,
   "pendingBriefingItems": [],
diff --git a/memory/x-watch-last.md b/memory/x-watch-last.md
index deb9912..80f9f32 100644
--- a/memory/x-watch-last.md
+++ b/memory/x-watch-last.md
@@ -1,9 +1,19 @@
-# Last X Watch: 2026-03-17T13:31:00Z
+# Last X Watch: 2026-03-17T18:34:00Z
 
 ## Status: AUTH FAILED — bird CLI returning HTTP 401 on all token sets
 
-Both token sets in `~/clawd/scripts/bird` (wrapper) and `~/.config/bird/config.json5` return 401.
-X session tokens appear to have expired. Johan needs to re-auth bird from Chrome.
+X auth tokens remain expired. Used web search fallback for high-signal items.
+Chrome has no X.com cookies in Default or any managed profile.
+Johan needs to re-auth bird from Chrome (navigate to x.com, log in, then bird will auto-extract cookies).
+
+## NEW THIS SCAN (posted to dashboard):
+- **OpenAI GPT-5.4 mini & nano released** (Mar 17) — mini: $0.75/M in, $4.50/M out; nano: $0.20/M in, $1.25/M out. Near-flagship coding perf. Mini on ChatGPT Free/Go; nano API-only.
+- **Cloudflare AI Security for Apps — GA** (Mar 16-17) — security layer for AI apps, model/host agnostic
+
+## ALREADY ON DASHBOARD (skip):
+- Kimi/Moonshot $1B raise at $18B valuation
+- OpenAI + AWS deal for 3M Pentagon employees
+- MiniMax M2 open-sourced (8% Sonnet price, 2x speed)
 
 ## BLACKLIST — do not surface these again unless concrete new development:
 - NemoClaw / OpenShell — announced + confirmed, steipete building with NVIDIA (covered twice already)
@@ -12,13 +22,16 @@ X session tokens appear to have expired. Johan needs to re-auth bird from Chrome
 - steipete at GTC / NVIDIA engineers helping OC security
 - AlexFinn met steipete at GTC
 - MiniMax M2.7 benchmarks — release imminent (covered twice)
+- MiniMax M2 open-sourced (now on dashboard)
 - Kimi Attention Residuals paper + Elon Musk RT
 - Kimi founder at GTC (Tue Mar 17, 11am PDT)
+- Kimi/Moonshot $1B raise at $18B valuation (on dashboard)
 - Susie Wiles breast cancer diagnosis
 - Operation Epic Fury US/Iran strikes — Trump says "soon"
 - Partial US government shutdown / aviation strain
 - NVIDIA DLSS 5 announced (fall 2026)
 - Cloudflare Italy €14M Piracy Shield fine appeal
+- Cloudflare AI Security for Apps GA (now on dashboard)
 - Cuba total power grid failure
 - CodexBar 0.18
 - SentinelOne $1B revenue milestone + Cloudflare partnership expansion (Mar 16-17)
@@ -26,3 +39,5 @@ X session tokens appear to have expired. Johan needs to re-auth bird from Chrome
 - SentinelOne Q4 earnings beat (Mar 13)
 - NVIDIA adds Hyundai/BYD to self-driving tech (Mar 16)
 - Gold crossed $5,000 milestone (Mar 17)
+- OpenAI + AWS Pentagon deal (on dashboard)
+- GPT-5.4 mini & nano released (on dashboard)