Environment Variables
⚠️ BREAKING CHANGE — Tina4 v3.12.0
Every framework env var now requires the
TINA4_prefix. The legacy un-prefixed names (DATABASE_URL,SECRET,SMTP_HOST,HOST_NAME, etc.) no longer work. Setting them at startup makes the framework refuse to boot with a list of renames.Run
tina4 env --migrateto rewrite your existing.envautomatically, or rename manually using the table below. The runtime guard prints the same mapping if it detects legacy names.Conventional names stay un-prefixed:
PORT,HOST,NODE_ENV,RACK_ENV,RUBY_ENV,ENVIRONMENT. These are runtime/PaaS conventions, not framework config.
Tina4 Node.js is configured through environment variables, read from .env at the project root. Every variable has a sensible default — most projects set three or four values and leave the rest alone.
This chapter lists every variable the Node.js framework reads, grouped by subsystem. Start with the minimum-config examples at the end, then come back here when you need to tune something specific.
Core Server
| Variable | Default | Description |
|---|---|---|
HOST | 0.0.0.0 | Bind address. 0.0.0.0 listens on every interface. 127.0.0.1 restricts to localhost. |
TINA4_HOST | 0.0.0.0 | Framework-prefixed bind address. Takes precedence over HOST when both are set. |
PORT | 7148 | HTTP server port. The Rust CLI prefers TINA4_PORT but falls back to PORT. |
TINA4_PORT | (inherits PORT) | Explicit Tina4-specific port override. Takes precedence over PORT when both are set. |
TINA4_HOST_NAME | localhost:7148 | Fully-qualified host used in generated absolute URLs (Swagger, OAuth redirects, emails). |
TINA4_DEBUG | false | Master debug toggle. Enables Swagger UI, dev dashboard, live reload, template dump filter, error overlay. Never set to true in production. |
TINA4_SUPPRESS | false | Suppresses the boot banner on startup. Useful for clean CI logs and embedded usage. |
TINA4_ENV_FILE | .env | Path to the dotenv file loaded at startup. Relative paths resolve from the project root. |
TINA4_HEALTH_PATH | /__health | Path for the built-in health endpoint. Legacy /health alias is also registered when this points at /__health. |
TINA4_NO_BROWSER | false | Stops tina4 serve from opening your browser on every restart. |
TINA4_NO_RELOAD | false | Disables the dev hot-reload signal from the Rust CLI. Use when you want a stable server for debugging. |
TINA4_PRODUCTION | false | Forces production-mode startup (cluster mode, debug overlays disabled). Set automatically by tina4 serve --production. |
TINA4_ALLOW_LEGACY_ENV | false | Bypass the v3.12 env-prefix guard. CI / migration scripts only — never enable in production. |
Secrets and Authentication
| Variable | Default | Description |
|---|---|---|
TINA4_SECRET | (empty) | JWT signing secret. Must be long, random, and unique per environment. Never commit. |
TINA4_JWT_ALGORITHM | HS256 | JWT signing algorithm. Supports HS256, HS384, HS512. |
TINA4_TOKEN_LIMIT | 60 | JWT token lifetime in minutes. |
TINA4_API_KEY | (empty) | Static API key used as a fallback to JWT. |
Database
| Variable | Default | Description |
|---|---|---|
TINA4_DATABASE_URL | (required) | Connection URL. Scheme selects the driver: sqlite, postgres, mysql. |
TINA4_DATABASE_USERNAME | (empty) | Overrides the username embedded in TINA4_DATABASE_URL. |
TINA4_DATABASE_PASSWORD | (empty) | Overrides the password embedded in TINA4_DATABASE_URL. |
TINA4_DATABASE_FIREBIRD_PATH | (empty) | Overrides the database path/alias parsed from TINA4_DATABASE_URL for Firebird. Useful for Windows backslash paths and split-config setups. |
TINA4_AUTOCOMMIT | false | Auto-commit after every write. Default is off — call commit() explicitly. |
TINA4_DB_CACHE | false | Enables in-memory query-result caching for read queries. |
TINA4_DB_CACHE_TTL | 30 | Query cache TTL in seconds when TINA4_DB_CACHE=true. |
TINA4_DB_POOL | 0 | Connection-pool size override. Applied to the database adapter's pool config when not set explicitly in code. 0 leaves the adapter default in place. |
TINA4_ORM_PLURAL_TABLE_NAMES | true | When true, the ORM pluralises class names into table names (User → users). |
CORS
| Variable | Default | Description |
|---|---|---|
TINA4_CORS_ORIGINS | * | Comma-separated allowed origins. Lock down to real domains in production. |
TINA4_CORS_METHODS | GET,POST,PUT,PATCH,DELETE,OPTIONS | Comma-separated list of allowed methods on preflight responses. |
TINA4_CORS_HEADERS | Content-Type,Authorization | Comma-separated list of allowed request headers on preflight responses. |
TINA4_CORS_MAX_AGE | 86400 | Preflight cache lifetime in seconds. |
TINA4_CORS_CREDENTIALS | true | Sets Access-Control-Allow-Credentials. |
Security Headers
| Variable | Default | Description |
|---|---|---|
TINA4_CSP | default-src 'self' | Content-Security-Policy header. |
TINA4_CSRF | false | CSRF token validation on POST/PUT/PATCH/DELETE. |
TINA4_HSTS | (empty/off) | Strict-Transport-Security max-age in seconds. Set 31536000 in production with HTTPS. |
TINA4_FRAME_OPTIONS | SAMEORIGIN | X-Frame-Options header. |
TINA4_REFERRER_POLICY | strict-origin-when-cross-origin | Referrer-Policy header. |
TINA4_PERMISSIONS_POLICY | camera=(), microphone=(), geolocation=() | Permissions-Policy header. |
Rate Limiting
| Variable | Default | Description |
|---|---|---|
TINA4_RATE_LIMIT | 100 | Maximum requests per window per IP. Set 0 to disable. |
TINA4_RATE_WINDOW | 60 | Rate-limit window in seconds. |
Sessions
| Variable | Default | Description |
|---|---|---|
TINA4_SESSION_BACKEND | file | Storage backend. Options: file, redis, valkey, mongo, database. |
TINA4_SESSION_NAME | tina4_session | Session cookie name. |
TINA4_SESSION_TTL | 1800 | Session expiry in seconds (30 minutes). |
TINA4_SESSION_SAMESITE | Lax | SameSite cookie attribute. Options: Strict, Lax, None. |
TINA4_SESSION_HTTPONLY | true | Emit the HttpOnly flag on the session cookie. |
TINA4_SESSION_SECURE | false | Emit the Secure flag on the session cookie. Enable behind HTTPS. |
TINA4_SESSION_PATH | data/sessions | Filesystem path for the file backend. |
Redis/Valkey session backend
| Variable | Default | Description |
|---|---|---|
TINA4_SESSION_REDIS_URL | (none) | Full redis:// URL. Overrides host/port when set. |
TINA4_SESSION_REDIS_HOST | 127.0.0.1 | Redis host. |
TINA4_SESSION_REDIS_PORT | 6379 | Redis port. |
TINA4_SESSION_REDIS_PASSWORD | (none) | Redis auth password. |
TINA4_SESSION_REDIS_DB | 0 | Redis database number. |
TINA4_SESSION_REDIS_PREFIX | tina4:session: | Key prefix for stored sessions. |
TINA4_SESSION_VALKEY_HOST | 127.0.0.1 | Valkey host. |
TINA4_SESSION_VALKEY_PORT | 6379 | Valkey port. |
TINA4_SESSION_VALKEY_PASSWORD | (none) | Valkey auth password. |
TINA4_SESSION_VALKEY_DB | 0 | Valkey database number. |
TINA4_SESSION_VALKEY_PREFIX | tina4:session: | Key prefix for stored sessions. |
MongoDB session backend
| Variable | Default | Description |
|---|---|---|
TINA4_SESSION_MONGO_URI | (none) | Full MongoDB connection string. Overrides host/port when set. |
TINA4_SESSION_MONGO_HOST | 127.0.0.1 | MongoDB host. |
TINA4_SESSION_MONGO_PORT | 27017 | MongoDB port. |
TINA4_SESSION_MONGO_USERNAME | (none) | MongoDB username. |
TINA4_SESSION_MONGO_PASSWORD | (none) | MongoDB password. |
TINA4_SESSION_MONGO_DB | tina4_sessions | MongoDB database name. |
TINA4_SESSION_MONGO_COLLECTION | sessions | MongoDB collection name. |
Cache
| Variable | Default | Description |
|---|---|---|
TINA4_CACHE_BACKEND | memory | Response cache backend. Options: memory, file, redis. |
TINA4_CACHE_DIR | data/cache | Cache directory for the file backend. |
TINA4_CACHE_TTL | 60 | Default cache TTL in seconds. |
TINA4_CACHE_MAX_ENTRIES | 1000 | Maximum cache entries. |
TINA4_CACHE_URL | redis://localhost:6379 | Connection URL for remote cache backends. |
Queues
| Variable | Default | Description |
|---|---|---|
TINA4_QUEUE_BACKEND | file | Queue backend. Options: file, rabbitmq, kafka, mongodb. |
TINA4_QUEUE_PATH | data/queue | Filesystem path for the file backend. |
TINA4_QUEUE_URL | (none) | Connection URL for remote backends (rabbitmq/kafka). |
Kafka queue backend
| Variable | Default | Description |
|---|---|---|
TINA4_KAFKA_BROKERS | localhost:9092 | Comma-separated broker list. |
TINA4_KAFKA_GROUP_ID | tina4_consumer_group | Kafka consumer group ID. |
RabbitMQ queue backend
| Variable | Default | Description |
|---|---|---|
TINA4_RABBITMQ_HOST | localhost | RabbitMQ host. |
TINA4_RABBITMQ_PORT | 5672 | RabbitMQ port. |
TINA4_RABBITMQ_USERNAME | guest | RabbitMQ username. |
TINA4_RABBITMQ_PASSWORD | guest | RabbitMQ password. |
TINA4_RABBITMQ_VHOST | / | RabbitMQ virtual host. |
MongoDB queue backend
| Variable | Default | Description |
|---|---|---|
TINA4_MONGO_URI | (none) | Full MongoDB connection string. Overrides host/port when set. |
TINA4_MONGO_HOST | localhost | MongoDB host. |
TINA4_MONGO_PORT | 27017 | MongoDB port. |
TINA4_MONGO_USERNAME | (none) | MongoDB username. |
TINA4_MONGO_PASSWORD | (none) | MongoDB password. |
TINA4_MONGO_DB | tina4 | MongoDB database name. |
TINA4_MONGO_COLLECTION | tina4_queue | MongoDB collection name for jobs. |
WebSocket
| Variable | Default | Description |
|---|---|---|
TINA4_WS_PORT | 8080 | Default WebSocket server port when one isn't passed to the constructor. |
TINA4_WS_BACKPLANE | (none) | Backplane type for multi-instance broadcasts. Options: redis, nats. |
TINA4_WS_BACKPLANE_URL | redis://localhost:6379 (redis) / nats://localhost:4222 (nats) | Connection URL for the chosen backplane. |
Email
| Variable | Default | Description |
|---|---|---|
TINA4_MAIL_HOST | (none) | SMTP server hostname. |
TINA4_MAIL_PORT | 587 | SMTP server port. |
TINA4_MAIL_USERNAME | (none) | SMTP authentication username. |
TINA4_MAIL_PASSWORD | (none) | SMTP authentication password. |
TINA4_MAIL_FROM | (none) | Default sender email address. |
TINA4_MAIL_FROM_NAME | (none) | Default sender display name. |
TINA4_MAIL_ENCRYPTION | tls | Connection encryption. Options: tls, ssl, none. |
TINA4_MAIL_IMAP_HOST | (none) | IMAP server for inbound mail. |
TINA4_MAIL_IMAP_PORT | 993 | IMAP server port. |
TINA4_MAIL_IMAP_ENCRYPTION | tls | IMAP transport security. Options: tls, starttls, none. Node also accepts ssl as an alias for tls for back-compat. |
TINA4_MAILBOX_DIR | data/mailbox | Dev mailbox directory. All outbound mail lands here when TINA4_DEBUG=true. |
TINA4_MAIL_HOST,TINA4_MAIL_PORT,TINA4_MAIL_USERNAME,TINA4_MAIL_PASSWORD,TINA4_MAIL_FROM,TINA4_MAIL_FROM_NAME,TINA4_MAIL_IMAP_HOST,TINA4_MAIL_IMAP_PORT,TINA4_MAIL_IMAP_USERNAME,TINA4_MAIL_IMAP_PASSWORDare accepted as legacy aliases. New projects should use theTINA4_MAIL_*names.
Logging
Logs default to stdout. Set TINA4_LOG_OUTPUT=file plus TINA4_LOG_FILE=app.log to write to disk; the framework rotates at TINA4_LOG_ROTATE_SIZE bytes and keeps TINA4_LOG_ROTATE_KEEP backups using stdlib fs calls.
| Variable | Default | Description |
|---|---|---|
TINA4_LOG_LEVEL | DEBUG | Minimum log level written to console and files. Options: DEBUG, INFO, WARNING, ERROR, ALL. |
TINA4_LOG_MAX_SIZE | 10 | Per-file log size limit in megabytes. Rotated when exceeded. |
TINA4_LOG_KEEP | 5 | Number of rotated log files to retain. |
File logging
| Variable | Default | Description |
|---|---|---|
TINA4_LOG_FILE | (empty = stdout only) | Explicit log file path. Absolute paths are used as-is; relative paths resolve against TINA4_LOG_DIR. |
TINA4_LOG_DIR | logs | Directory for log files when TINA4_LOG_FILE is relative or unset. |
TINA4_LOG_FORMAT | text | File log format. Options: text, json. |
TINA4_LOG_OUTPUT | stdout | Where to write logs. Options: stdout, file, both. |
TINA4_LOG_CRITICAL | false | Enable the CRITICAL level shortcut. Off by default to keep the log surface compact. |
TINA4_LOG_ROTATE_SIZE | 10485760 | Rotate the file when it reaches this many bytes (10 MB). 0 disables rotation. Node uses an atomic fs.renameSync shift on each write. |
TINA4_LOG_ROTATE_KEEP | 5 | Number of rotated historical files to retain. |
Localisation
| Variable | Default | Description |
|---|---|---|
TINA4_LOCALE | en | Default locale for the I18n module. |
TINA4_LOCALE_DIR | src/locales | Directory containing locale JSON files. |
Uploads
| Variable | Default | Description |
|---|---|---|
TINA4_MAX_UPLOAD_SIZE | 10485760 | Maximum multipart upload size in bytes (10 MB). |
Services (background tasks)
| Variable | Default | Description |
|---|---|---|
TINA4_SERVICE_DIR | src/services | Directory scanned for service classes. |
TINA4_SERVICE_SLEEP | 5 | Seconds the service runner sleeps between empty polls. |
Routing
| Variable | Default | Description |
|---|---|---|
TINA4_TEMPLATE_ROUTING | on | Auto-route any request without a matching handler to a same-named Frond template. Set to off, false, 0, no, or disabled for explicit-only routing. |
TINA4_TRAILING_SLASH_REDIRECT | false | When true, requests with a trailing slash are 301-redirected to the canonical no-trailing-slash form. |
Templates
| Variable | Default | Description |
|---|---|---|
TINA4_TEMPLATE_CACHE_TTL | 0 | Frond template cache TTL in seconds. 0 (the default) caches permanently for the process lifetime. |
GraphQL
| Variable | Default | Description |
|---|---|---|
TINA4_GRAPHQL_AUTO_SCHEMA | true | Auto-build a schema from registered ORM models when the dev server starts. Set false to require an explicit schema. |
TINA4_GRAPHQL_ENDPOINT | /graphql | Path the GraphQL handler is mounted on. |
AI and MCP Tooling
The dashboard AI chat and the framework's RAG-based code search both default to a local qwen2.5-coder model served via Ollama. Nothing leaves your machine unless you point TINA4_AI_URL at a remote endpoint.
| Variable | Default | Description |
|---|---|---|
TINA4_AI_URL | http://localhost:11434 | OpenAI-compatible HTTP endpoint for the chat/completion model (Ollama by default). |
TINA4_AI_MODEL | qwen2.5-coder | Model identifier the endpoint should serve. |
TINA4_RAG_URL | (inherits TINA4_AI_URL) | Embedding endpoint for the framework RAG index. |
TINA4_AI_MODEL | nomic-embed-text | Embedding model used to index the framework and src/. |
TINA4_MCP_REMOTE | false | Allow the MCP server to bind on non-localhost interfaces. Never enable in production. |
TINA4_NO_AI_PORT | false | Disables the MCP port listener in dev mode. |
TINA4_OVERRIDE_CLIENT | false | Allow the framework to start without the Rust CLI (tina4 serve). Used in Docker images and CI runners; bypasses SCSS compilation, the file watcher, and live reload. |
MCP
| Variable | Default | Description |
|---|---|---|
TINA4_MCP | (inherits TINA4_DEBUG) | Enables the MCP server. Defaults to true when TINA4_DEBUG=true, false otherwise. |
TINA4_MCP_PORT | (main port + 2000) | Port the MCP server listens on. Defaults to the framework HTTP port plus 2000. |
Swagger / OpenAPI
| Variable | Default | Description |
|---|---|---|
TINA4_SWAGGER_TITLE | Tina4 API | OpenAPI spec title. |
TINA4_SWAGGER_DESCRIPTION | Auto-generated API documentation | OpenAPI spec description. |
TINA4_SWAGGER_VERSION | 0.0.1 | OpenAPI spec version. |
TINA4_SWAGGER_CONTACT_EMAIL | (empty) | Contact email written into the generated OpenAPI info.contact block. |
TINA4_SWAGGER_LICENSE | (empty) | License name written into the generated OpenAPI info.license block. |
TINA4_SWAGGER_ENABLED | (inherits TINA4_DEBUG) | Mount the Swagger UI. Defaults to enabled when TINA4_DEBUG=true. Force true/false to override. |
Minimal .env for Development
bash
TINA4_DEBUG=true
TINA4_LOG_LEVEL=DEBUG
TINA4_NO_BROWSER=trueDebug mode lights up the Swagger UI, the dev dashboard, detailed error pages, and live reload. Keeping the browser flag on stops a new tab opening every time you save a file.
Minimal .env for Production
bash
TINA4_SECRET=your-long-random-secret-here
TINA4_DATABASE_URL=postgresql://user:password@db-host:5432/myapp
TINA4_CORS_ORIGINS=https://myapp.com,https://www.myapp.com
TINA4_HSTS=31536000
TINA4_MAIL_HOST=smtp.example.com
TINA4_MAIL_PORT=587
TINA4_MAIL_USERNAME=noreply@myapp.com
TINA4_MAIL_PASSWORD=your-smtp-password
TINA4_MAIL_FROM=noreply@myapp.comNo TINA4_DEBUG. It defaults to false, which is what you want in production. Set a real secret, a real database, locked-down CORS origins, HSTS, and SMTP credentials if you send email. Everything else has a production-appropriate default.