Docs

Quick start

npm install -g @sinameraji/tpm

tpm init       # paste your Anthropic API key
cd your-product-repo
tpm audit

Don't want to install globally? npx @sinameraji/tpm@latest audit works without any install. macOS users hitting EACCES on global install: one-time prefix fix.

TPM runs on the source code in your current directory (primary source of truth). No browser automation, no fake signups. Step 2 of tpm audit optionally asks for your public marketing URL (landing/pricing/features) — auxiliary context that helps with positioning. Skip with Enter.

TPM uses Claude (Sonnet 4.6 by default, Opus 4.7 on the deep tier). You bring your own Anthropic API key — your key, your rate limits, your bill. A typical audit takes 8–12 minutes and costs roughly $1–3 at your account's rates. Nothing is transmitted anywhere except api.anthropic.com.

The six-stage method

TPM runs a deterministic pipeline. Each stage checkpoints to disk and can be replayed independently. Artifacts live in .tpm/artifacts/{audit_id}/:

• map.yaml — the static code map (routes, forms, components, nav)
• lean-canvas.yaml — Stage A: what the builder intended
• paths.yaml — Stage B: imagined user journey per persona
• delta.yaml — Stage C: the structured difference
• problems.yaml — Stage D: ranked by leverage argument
• solutions.yaml + prototypes/*.html — Stage E: top-5 fixes
• spec.md + spec.html — Stage F: the PM deliverable

Commands

• tpm init — initialize .tpm/ and walk you through Anthropic key + tier
• tpm audit — run the full audit on this codebase
• tpm audit --no-stream — disable the streaming progress UI for CI
• tpm report [audit_id] — show a prior spec.md / spec.html
• tpm config get/set/unset/show — inspect or change config
• tpm cost — show what your audits cost, aggregated locally
• tpm feedback — how to send feedback about an audit

Privacy & security

TPM runs on your machine. Prompts go directly to api.anthropic.com using your API key. There is no TPM-operated backend; no analytics; no phone-home. Your source code never leaves your machine except as inference prompts you can inspect in tpm audit --verbose.

More

• Source on GitHub
• The method
• Architecture
• Authoring patterns