{
  "artifact": "White Noise Public Dependency Register",
  "generated_on": "2026-06-28",
  "prepared_from": "current public-site materials only",
  "use_boundary": "This register is for general information only. It is not a vendor audit, not a procurement policy, not SOC 2 or ISO 27001 evidence, not PCI evidence, not legal advice, not a data-processing agreement, and not proof of completed vendor security review.",
  "image_assets": [
    {
      "path": "assets/governance/white-noise-dependency-register-20260628.png",
      "provenance": "assets/governance/white-noise-dependency-register-20260628.provenance.json",
      "alt_text": "AI-generated White Noise dependency register review surface with hosting, payments, contact routing, analytics, AI tooling, publishing, Exchange infrastructure cards, evidence receipts, review gates, and blocked-claim markers",
      "boundary": "GPT-generated conceptual/editorial governance image only; not proof of vendor review completion, audited controls, procurement maturity, enterprise security, payment compliance, production CRM, live Exchange operations, or operational speculative technology."
    }
  ],
  "register": [
    {
      "dependency_class": "Hosting, domains, and deployment",
      "public_examples_inspected": [
        "static site files",
        "local asset references",
        "public materials integrity checks"
      ],
      "current_public_use_state": "Public publishing and reference hygiene are supportable when local references resolve and no uptime claim is made.",
      "stronger_use_gate": "Enterprise uptime, disaster recovery, SLA, or production reliability claims require service-specific owner, admin access, backup, monitoring, and continuity records.",
      "owner_state": "Platform owner not published; service-level register not public.",
      "review_trigger": "Any hosting, domain, CDN, deployment, backup, monitoring, or availability claim."
    },
    {
      "dependency_class": "Payments and checkout handoff",
      "public_examples_inspected": [
        "paypal-config.js",
        "store pages",
        "membership or purchase routes"
      ],
      "current_public_use_state": "Public posture may describe specialized processor handoff when White Noise does not claim direct card custody.",
      "stronger_use_gate": "PCI, refund operations, subscription billing, tax, chargeback, revenue-recognition, or direct billing-data claims require reviewed payment records and appropriate controls.",
      "owner_state": "Finance owner not published; processor terms and operating controls not public.",
      "review_trigger": "Any payment provider change, subscription launch, refund workflow, paid membership claim, or direct billing-data handling."
    },
    {
      "dependency_class": "Contact, inquiry, and response routing",
      "public_examples_inspected": [
        "wn-contact.html",
        "diligence request guide",
        "first-response standard",
        "inquiry triage protocol"
      ],
      "current_public_use_state": "Public routing and response-shape language are supportable when owner state and missing workflow proof remain explicit.",
      "stronger_use_gate": "Production CRM, staffed queue, SLA, audited response metrics, or confidential document exchange requires owner, access, logging, retention, and escalation records.",
      "owner_state": "Operating owner state is bounded; production CRM proof not public.",
      "review_trigger": "Any CRM, inbox, support desk, response-time metric, confidential-intake, or enterprise-routing claim."
    },
    {
      "dependency_class": "Analytics and operating measurement",
      "public_examples_inspected": [
        "public model context",
        "planning assumptions",
        "future KPI or conversion references"
      ],
      "current_public_use_state": "No audited metric claim is supportable without source records and definitions.",
      "stronger_use_gate": "KPI dashboards, conversion, retention, traffic, revenue, or capital-grade reporting require source-of-truth records, definitions, exclusions, and review owner.",
      "owner_state": "Data owner not public; audited metric source not public.",
      "review_trigger": "Any public operating metric, investor model update, analytics tool, or conversion claim."
    },
    {
      "dependency_class": "AI tooling and generated visuals",
      "public_examples_inspected": [
        "published generated governance visuals",
        "published investor visuals",
        "published privacy visuals",
        "published proof-pack visuals",
        "published technical visuals with provenance records"
      ],
      "current_public_use_state": "Editorial and conceptual support is allowed when provenance, alt text, prompt intent, and non-proof boundaries are visible.",
      "stronger_use_gate": "Treating AI outputs as operating proof, legal evidence, customer proof, product proof, or automated-control evidence requires separate operating evidence and review.",
      "owner_state": "Provenance owner exists at artifact level; vendor-security review not public.",
      "review_trigger": "Any new generated visual, AI workflow, model-provider claim, automation claim, or diligence use of AI-created material."
    },
    {
      "dependency_class": "Publishing, corpus, and curriculum tooling",
      "public_examples_inspected": [
        "book surfaces",
        "Academy surfaces",
        "Library surfaces",
        "encyclopedia surfaces",
        "corpus files",
        "dataset-registry",
        "source-rights register"
      ],
      "current_public_use_state": "Public exploration and bounded company-authored publishing are supportable when source-rights boundaries remain visible.",
      "stronger_use_gate": "Institutional publishing, LMS, model-training, commercial dataset, licensing, or syndication claims require source-specific rights and dependency records.",
      "owner_state": "Content owner state is public at class level; service-level publishing records not public.",
      "review_trigger": "Any corpus export, curriculum partner, institutional publishing, dataset, licensing, or syndication claim."
    },
    {
      "dependency_class": "Account, member, CMS, and portal surfaces",
      "public_examples_inspected": [
        "wn-portal.html",
        "wn-cms.html",
        "wn-club.html",
        "WN Plus routes",
        "browser or demo account surfaces"
      ],
      "current_public_use_state": "Demo or static-surface language is supportable when production account custody is not implied.",
      "stronger_use_gate": "Production identity, admin access, retention, deletion, support, or enterprise authorization claims require system-owner and data-handling records.",
      "owner_state": "Production account owner not public; admin/access review not public.",
      "review_trigger": "Any server-side account, identity, member-data, CMS-admin, saved-state, or access-control change."
    },
    {
      "dependency_class": "Exchange, marketplace, custody, and WN Coin infrastructure",
      "public_examples_inspected": [
        "Exchange launch-status note",
        "WN Coin routes",
        "marketplace-adjacent pages"
      ],
      "current_public_use_state": "Preview, boundary, and launch-gate language are supportable while market activity remains blocked.",
      "stronger_use_gate": "Sale, custody, liquidity, market operations, creator payouts, asset provenance, payment rails, or compliance claims require launch-readiness, legal, dependency, and source-rights review.",
      "owner_state": "Launch owner and production infrastructure not public; live market operations not claimed.",
      "review_trigger": "Any exchange availability, token-sale, custody, marketplace, creator-payment, liquidity, or compliance-language change."
    }
  ],
  "publicly_allowed_now": [
    "State that third-party dependency review has begun at the dependency-class level.",
    "Pair this register with the security/data baseline, source-rights register, risk register, and operating cadence memo.",
    "Describe payment posture as specialized processor handoff when no direct billing credential custody is claimed.",
    "Describe generated images as editorial or conceptual only when provenance and usage boundaries are visible.",
    "Route serious counterparties to ask for one service-specific record when vendor, payment, CRM, analytics, AI, publishing, or Exchange readiness matters to their decision."
  ],
  "not_yet_allowed": [
    "Claim completed vendor security review, procurement maturity, SOC 2, ISO 27001, PCI, or enterprise vendor-management readiness.",
    "Treat static hosting, form routing, or payment handoff as proof of production enterprise operations.",
    "Publish response-time, conversion, retention, traffic, revenue, or operating metrics without source records.",
    "Treat generated-image or AI tooling provenance as legal clearance, customer proof, product proof, or operational speculative-technology evidence.",
    "Represent Exchange, WN Coin, custody, marketplace, liquidity, or asset-sale readiness from dependency availability alone.",
    "Route confidential, regulated, or sensitive material through public/demo paths without a reviewed intake workflow."
  ],
  "next_evidence_threshold": "A private service-level dependency register for material services used in hosting, domains, deployment, payments, contact routing, CRM, analytics, AI tooling, publishing/corpus workflows, account surfaces, Exchange, marketplace, custody, or creator-payment infrastructure."
}