User Journey

Booking, review and payment events roll up into daily KPI series. For each KPI the engine computes a trailing 14-day mean and standard deviation; a day whose z-score exceeds the KPI's threshold becomes a spike or drop anomaly, and a sustained shift between the first and last third of the window becomes a drift anomaly. The new anomaly lands on the alert board with its statistics.

An operator acknowledges or explains. Acknowledging emits kpi.threshold_breached on the shared bus; explaining writes a cost.logged row that #27 FinOps prices. The explanation itself points back into the spine — it recommends confirming the move against #27 cost and #28 data quality before alerting downstream, because a KPI swing is often an upstream volume or data issue rather than a real business event.