Environment Variables

⚠️ BREAKING CHANGE — Tina4 v3.12.0
Every framework env var now requires the TINA4_ prefix. The legacy un-prefixed names (DATABASE_URL, SECRET, SMTP_HOST, HOST_NAME, etc.) no longer work. Setting them at startup makes the framework refuse to boot with a list of renames.
Run tina4 env --migrate to rewrite your existing .env automatically, or rename manually using the table below. The runtime guard prints the same mapping if it detects legacy names.
Conventional names stay un-prefixed: PORT, HOST, NODE_ENV, RACK_ENV, RUBY_ENV, ENVIRONMENT. These are runtime/PaaS conventions, not framework config.

Tina4 Python is configured through environment variables, read from .env at the project root. Every variable has a sensible default — most projects set three or four values and leave the rest alone.

This chapter lists every variable the Python framework reads, grouped by subsystem. Start with the minimum-config examples at the end, then come back here when you need to tune something specific.

Core Server

Variable	Default	Description
`HOST`	`0.0.0.0`	Bind address. `0.0.0.0` listens on every interface. `127.0.0.1` restricts to localhost.
`TINA4_HOST`	(inherits `HOST`)	Explicit Tina4-specific bind address override. Takes precedence over `HOST` when both are set.
`PORT`	`7146`	HTTP server port. The Rust CLI prefers `TINA4_PORT` but falls back to `PORT`.
`TINA4_PORT`	(inherits `PORT`)	Explicit Tina4-specific port override. Takes precedence over `PORT` when both are set.
`TINA4_HOST_NAME`	`localhost:7146`	Fully-qualified host used in generated absolute URLs (Swagger, OAuth redirects, emails).
`TINA4_DEBUG`	`false`	Master debug toggle. Enables Swagger UI, dev dashboard, live reload, template dump filter, error overlay. Never set to `true` in production.
`TINA4_ENV`	`development`	Runtime environment label. Values like `development`, `staging`, `production` control dev-only features.
`TINA4_ENV_FILE`	`.env`	Alternative `.env` path. Read at boot before any other framework config — point at `.env.staging` or `.env.production` to switch the whole config tree.
`TINA4_SUPPRESS`	`false`	Suppresses the framework startup banner. Useful in CI runs or systemd units where stdout is parsed by another process.
`TINA4_HEALTH_PATH`	`/__health`	URL for the built-in liveness/readiness endpoint. The legacy `/health` path is kept as an alias.
`TINA4_NO_BROWSER`	`false`	Stops `tina4 serve` from opening your browser on every restart. Recommended during active development.
`TINA4_OPEN_BROWSER`	`true`	Alternative flag — set to `false` to prevent the browser opening on start.
`TINA4_NO_RELOAD`	`false`	Disables the dev hot-reload signal from the Rust CLI. Use when you want a stable server for debugging.
`TINA4_DEV_POLL_INTERVAL`	`1.0`	Seconds between dev-mode mtime polls. Lower for faster reload, higher to reduce CPU.
`TINA4_PUBLIC_DIR`	`src/public`	Directory served as static files under `/`.

Secrets and Authentication

Variable	Default	Description
`TINA4_SECRET`	`tina4-default-secret`	JWT signing secret. Must be long, random, and unique per environment. Never commit.
`TINA4_TOKEN_LIMIT`	`60`	JWT token lifetime in minutes.
`TINA4_TOKEN_EXPIRES_IN`	(inherits `TOKEN_LIMIT`)	Alias for `TINA4_TOKEN_LIMIT`.
`TINA4_API_KEY`	(empty)	Static API key used by `Auth.validate_api_key()` as a fallback to JWT.
`TINA4_API_KEY`	(empty)	Legacy alias for `TINA4_API_KEY`.

Database

Variable	Default	Description
`TINA4_DATABASE_URL`	`sqlite:///data/app.db`	Connection URL. Scheme selects the driver: `sqlite`, `postgres`, `mysql`, `firebird`.
`TINA4_DATABASE_USERNAME`	(empty)	Overrides the username embedded in `TINA4_DATABASE_URL`.
`TINA4_DATABASE_PASSWORD`	(empty)	Overrides the password embedded in `TINA4_DATABASE_URL`.
`TINA4_DATABASE_FIREBIRD_PATH`	(empty)	Overrides the database path/alias parsed from `TINA4_DATABASE_URL` for Firebird. Useful for Windows backslash paths and split-config setups.
`TINA4_DB_CACHE`	`false`	Enables in-memory query-result caching for read queries.
`TINA4_DB_CACHE_TTL`	`60`	Query cache TTL in seconds when `TINA4_DB_CACHE=true`.
`TINA4_DB_POOL`	`0`	Default `pool` size for `Database(url)` when the caller doesn't pass `pool=` explicitly. `0` disables pooling and uses a single connection. Set to a positive integer (e.g. `4`) to enable round-robin connection pooling.
`TINA4_ORM_PLURAL_TABLE_NAMES`	`true`	When `true`, the ORM pluralises class names into table names (`User` → `users`). Set `false` to keep them singular.

CORS

Variable	Default	Description
`TINA4_CORS_ORIGINS`	`*`	Comma-separated allowed origins. Lock down to real domains in production.
`TINA4_CORS_MAX_AGE`	`600`	Preflight cache lifetime in seconds.

Routing

Variable	Default	Description
`TINA4_TRAILING_SLASH_REDIRECT`	`false`	When truthy, requests to `/foo/` are 301-redirected to `/foo` so search engines and clients only see one canonical URL per route. The root `/` is exempt.

Security Headers

Variable	Default	Description
`TINA4_CSP`	`default-src 'self'`	`Content-Security-Policy` header.
`TINA4_CSRF`	`true`	CSRF token validation on POST/PUT/PATCH/DELETE.
`TINA4_HSTS`	(empty/off)	`Strict-Transport-Security` max-age in seconds. Set `31536000` in production with HTTPS.
`TINA4_FRAME_OPTIONS`	`DENY`	`X-Frame-Options` header.
`TINA4_REFERRER_POLICY`	`strict-origin-when-cross-origin`	`Referrer-Policy` header.

Rate Limiting

Variable	Default	Description
`TINA4_RATE_LIMIT`	`100`	Maximum requests per window per IP. Set `0` to disable.
`TINA4_RATE_WINDOW`	`60`	Rate-limit window in seconds.

Sessions

Variable	Default	Description
`TINA4_SESSION_BACKEND`	`file`	Storage backend. Options: `file`, `redis`, `valkey`, `mongo`, `database`.
`TINA4_SESSION_TTL`	`1800`	Session expiry in seconds (30 minutes).
`TINA4_SESSION_SAMESITE`	`Lax`	SameSite cookie attribute. Options: `Strict`, `Lax`, `None`.
`TINA4_SESSION_PATH`	`data/sessions`	Filesystem path for the file backend.
`TINA4_SESSION_NAME`	`tina4_session`	Name of the session cookie sent to the browser.
`TINA4_SESSION_HTTPONLY`	`true`	Sets the `HttpOnly` cookie attribute so JavaScript on the page cannot read the session ID.
`TINA4_SESSION_SECURE`	`false`	Sets the `Secure` cookie attribute so the session cookie is only sent over HTTPS. Turn on in production.

Redis/Valkey session backend

Variable	Default	Description
`TINA4_SESSION_REDIS_HOST`	`localhost`	Redis host.
`TINA4_SESSION_REDIS_PORT`	`6379`	Redis port.
`TINA4_SESSION_REDIS_PASSWORD`	(none)	Redis auth password.
`TINA4_SESSION_REDIS_DB`	`0`	Redis database number.
`TINA4_SESSION_VALKEY_HOST`	`localhost`	Valkey host.
`TINA4_SESSION_VALKEY_PORT`	`6379`	Valkey port.
`TINA4_SESSION_VALKEY_PASSWORD`	(none)	Valkey auth password.
`TINA4_SESSION_VALKEY_DB`	`0`	Valkey database number.

MongoDB session backend

Variable	Default	Description
`TINA4_SESSION_MONGO_URL`	`mongodb://localhost:27017`	MongoDB connection string.
`TINA4_SESSION_MONGO_DB`	`tina4`	MongoDB database name.
`TINA4_SESSION_MONGO_COLLECTION`	`sessions`	MongoDB collection name.

Templates

Variable	Default	Description
`TINA4_TEMPLATE_CACHE_TTL`	`0`	Frond template compile-cache TTL in seconds. `0` keeps compiled templates in memory permanently — set to a positive value if you want the engine to recompile after N seconds (rarely needed; `tina4 serve` invalidates the cache automatically on file change).

Cache

Variable	Default	Description
`TINA4_CACHE_BACKEND`	`memory`	Response cache backend. Options: `memory`, `file`, `redis`.
`TINA4_CACHE_DIR`	`data/cache`	Cache directory for the file backend.
`TINA4_CACHE_TTL`	`60`	Default cache TTL in seconds.
`TINA4_CACHE_MAX_ENTRIES`	`1000`	Maximum cache entries. Oldest entries evicted first.
`TINA4_CACHE_URL`	`redis://localhost:6379`	Connection URL for remote cache backends.

Queues

Variable	Default	Description
`TINA4_QUEUE_BACKEND`	`lite`	Queue backend. Options: `lite` (file-based), `kafka`, `rabbitmq`, `mongo`, `database`.
`TINA4_QUEUE_PATH`	`data/queue`	Filesystem path for the lite backend.
`TINA4_QUEUE_URL`	(none)	Connection URL for remote backends.

Kafka queue backend

Variable	Default	Description
`TINA4_KAFKA_BROKERS`	`localhost:9092`	Comma-separated broker list.
`TINA4_KAFKA_GROUP_ID`	`tina4_consumer_group`	Kafka consumer group ID.

RabbitMQ queue backend

Variable	Default	Description
`TINA4_RABBITMQ_HOST`	`localhost`	RabbitMQ host.
`TINA4_RABBITMQ_PORT`	`5672`	RabbitMQ port.
`TINA4_RABBITMQ_USERNAME`	`guest`	RabbitMQ username.
`TINA4_RABBITMQ_PASSWORD`	`guest`	RabbitMQ password.
`TINA4_RABBITMQ_VHOST`	`/`	RabbitMQ virtual host.

MongoDB queue backend

Variable	Default	Description
`TINA4_MONGO_URI`	(none)	Full MongoDB connection string. Overrides host/port when set.
`TINA4_MONGO_HOST`	`localhost`	MongoDB host.
`TINA4_MONGO_PORT`	`27017`	MongoDB port.
`TINA4_MONGO_USERNAME`	(none)	MongoDB username.
`TINA4_MONGO_PASSWORD`	(none)	MongoDB password.
`TINA4_MONGO_DB`	`tina4`	MongoDB database name.
`TINA4_MONGO_COLLECTION`	`tina4_queue`	MongoDB collection name for jobs.

WebSocket

Variable	Default	Description
`TINA4_WS_BACKPLANE`	(none)	Backplane type. Set `redis` for multi-instance broadcasts.
`TINA4_WS_MAX_CONNECTIONS`	`1000`	Maximum concurrent WebSocket connections.
`TINA4_WS_MAX_FRAME_SIZE`	`65536`	Maximum WebSocket frame size in bytes.

Email

Variable	Default	Description
`TINA4_MAIL_HOST`	(none)	SMTP server hostname.
`TINA4_MAIL_PORT`	`587`	SMTP server port.
`TINA4_MAIL_USERNAME`	(none)	SMTP authentication username.
`TINA4_MAIL_PASSWORD`	(none)	SMTP authentication password.
`TINA4_MAIL_FROM`	(none)	Default sender email address.
`TINA4_MAIL_FROM_NAME`	(none)	Default sender display name.
`TINA4_MAIL_ENCRYPTION`	`tls`	Connection encryption. Options: `tls`, `ssl`, `none`.
`TINA4_MAIL_IMAP_HOST`	(none)	IMAP server for inbound mail.
`TINA4_MAIL_IMAP_PORT`	`993`	IMAP server port.
`TINA4_MAIL_IMAP_ENCRYPTION`	`tls`	IMAP transport encryption. Options: `tls`, `starttls`, `none`. Invalid values fall back to `tls` so a typo can't accidentally disable encryption.
`TINA4_MAILBOX_DIR`	`data/mailbox`	Dev mailbox directory. All outbound mail lands here when `TINA4_DEBUG=true`.

TINA4_MAIL_HOST, TINA4_MAIL_PORT, TINA4_MAIL_USERNAME, TINA4_MAIL_PASSWORD, TINA4_MAIL_FROM, TINA4_MAIL_FROM_NAME, TINA4_MAIL_IMAP_HOST, TINA4_MAIL_IMAP_PORT are accepted as legacy aliases. New projects should use the TINA4_MAIL_* names.

Logging

Logs default to stdout in text format. Set TINA4_LOG_OUTPUT=file plus TINA4_LOG_FILE=app.log to write to disk; the framework rotates at TINA4_LOG_ROTATE_SIZE bytes and keeps TINA4_LOG_ROTATE_KEEP backups (app.log.1 … app.log.N). Switch TINA4_LOG_FORMAT=json for one structured record per line — perfect for shipping to Loki, Datadog, or any JSON-aware log aggregator.

Variable	Default	Description
`TINA4_LOG_LEVEL`	`ERROR`	Minimum log level written to files. Options: `ALL`, `DEBUG`, `INFO`, `WARNING`, `ERROR`.
`TINA4_LOG_FILE`	(empty — stdout only)	Path to a log file. Empty leaves logs on stdout. Relative paths are resolved against `TINA4_LOG_DIR`; absolute paths are used verbatim.
`TINA4_LOG_DIR`	`logs`	Directory for log files. Joined with `TINA4_LOG_FILE` when the latter is a relative path.
`TINA4_LOG_FORMAT`	`text`	Output format. `text` writes the human-readable `[INFO ] message` form; `json` writes one structured JSON record per line.
`TINA4_LOG_OUTPUT`	`stdout`	Where logs go. Options: `stdout`, `file`, `both`.
`TINA4_LOG_CRITICAL`	`false`	Enables the `Log.critical(...)` level above `error`. When off, calls to `Log.critical()` are silent no-ops.
`TINA4_LOG_ROTATE_SIZE`	`10485760`	Bytes per file before rotation (default 10 MB). `0` disables rotation entirely.
`TINA4_LOG_ROTATE_KEEP`	`5`	Number of rotated files to keep (`app.log.1` … `app.log.N`). Older files are deleted on the next rotation.
`TINA4_LOG_MAX_SIZE`	`10485760`	Legacy alias for `TINA4_LOG_ROTATE_SIZE`. Per-file log size limit in bytes (10 MB). Rotated when exceeded.
`TINA4_LOG_KEEP`	`5`	Legacy alias for `TINA4_LOG_ROTATE_KEEP`. Number of rotated log files to retain.

Uploads

Variable	Default	Description
`TINA4_MAX_UPLOAD_SIZE`	`10485760`	Maximum multipart upload size in bytes (10 MB).

Localisation

Variable	Default	Description
`TINA4_LOCALE`	`en`	Default locale for the I18n module.
`TINA4_LOCALE_DIR`	`src/locale`	Directory containing locale JSON files.

Services (background tasks)

Variable	Default	Description
`TINA4_SERVICE_DIR`	`src/services`	Directory scanned for service classes.

AI and MCP Tooling

The dashboard AI chat and the framework's RAG-based code search both default to a local qwen2.5-coder model served via Ollama. Nothing leaves your machine unless you point TINA4_AI_URL at a remote endpoint.

Variable	Default	Description
`TINA4_AI_URL`	`http://localhost:11434`	OpenAI-compatible HTTP endpoint for the chat/completion model. Ollama by default; can point at any compatible provider (vLLM, LM Studio, an OpenAI proxy).
`TINA4_AI_MODEL`	`qwen2.5-coder`	Model identifier the endpoint should serve.
`TINA4_RAG_URL`	(inherits `TINA4_AI_URL`)	Embedding endpoint for the framework RAG index. Override only if embeddings live on a different host.
`TINA4_AI_MODEL`	`nomic-embed-text`	Embedding model used to index `tina4_python/` and `src/`.
`TINA4_NO_AI_PORT`	`false`	Disables the MCP port listener in dev mode.
`TINA4_MCP_REMOTE`	`false`	Allow the MCP server to bind on non-localhost interfaces. Never enable in production.
`TINA4_OVERRIDE_CLIENT`	`false`	Allow the framework to start without the Rust CLI (`tina4 serve`). Used in Docker images and CI runners; bypasses SCSS compilation, the file watcher, and live reload.

Swagger / OpenAPI

Variable	Default	Description
`TINA4_SWAGGER_TITLE`	`Tina4 API`	OpenAPI spec title.
`TINA4_SWAGGER_DESCRIPTION`	(empty)	OpenAPI spec description.
`TINA4_SWAGGER_VERSION`	`1.0.0`	OpenAPI spec version.
`TINA4_SWAGGER_ENABLED`	(inherits `TINA4_DEBUG`)	Toggle the Swagger UI on or off independently of debug mode. Set `true` in production to keep API docs available without enabling the rest of the dev surface.
`TINA4_SWAGGER_CONTACT_EMAIL`	(empty)	Contact email rendered in the OpenAPI spec's `info.contact.email` field.
`TINA4_SWAGGER_LICENSE`	(empty)	License name in the OpenAPI spec's `info.license.name` field (e.g. `MIT`, `Apache-2.0`).

GraphQL

Variable	Default	Description
`TINA4_GRAPHQL_ENDPOINT`	`/graphql`	URL path the GraphQL handler is mounted on. POST serves queries, GET serves the GraphiQL IDE.
`TINA4_GRAPHQL_AUTO_SCHEMA`	`true`	When `true`, the framework auto-builds the GraphQL schema from every registered ORM model on boot. Set `false` if you want to define the schema manually with `gql.schema.add_type(...)`.

MCP (Model Context Protocol)

Variable	Default	Description
`TINA4_MCP`	(inherits `TINA4_DEBUG`)	Toggle the built-in MCP dev-tools server. Set explicitly to keep the MCP endpoint exposed in a debug-disabled deployment (e.g. for a remote AI assistant).
`TINA4_MCP_PORT`	(framework port + 2000)	TCP port for the MCP server. The default offset keeps it clear of both the main server (default `7145`) and the AI test port (`+1000`).

Minimal `.env` for Development

bash

TINA4_DEBUG=true
TINA4_LOG_LEVEL=DEBUG
TINA4_NO_BROWSER=true

Debug mode lights up the Swagger UI, the dev dashboard, detailed error pages, and live reload. Keeping the browser flag on stops a new tab opening every time you save a file.

Minimal `.env` for Production

bash

TINA4_SECRET=your-long-random-secret-here
TINA4_DATABASE_URL=postgresql://user:password@db-host:5432/myapp
TINA4_CORS_ORIGINS=https://myapp.com,https://www.myapp.com
TINA4_HSTS=31536000
TINA4_MAIL_HOST=smtp.example.com
TINA4_MAIL_PORT=587
TINA4_MAIL_USERNAME=noreply@myapp.com
TINA4_MAIL_PASSWORD=your-smtp-password
TINA4_MAIL_FROM=noreply@myapp.com

No TINA4_DEBUG. It defaults to false, which is what you want in production. Set a real secret, a real database, locked-down CORS origins, HSTS, and SMTP credentials if you send email. Everything else has a production-appropriate default.

Environment Variables ​

Core Server ​

Secrets and Authentication ​

Database ​

CORS ​

Routing ​

Security Headers ​

Rate Limiting ​

Sessions ​

Redis/Valkey session backend ​

MongoDB session backend ​

Templates ​

Cache ​

Queues ​

Kafka queue backend ​

RabbitMQ queue backend ​

MongoDB queue backend ​

WebSocket ​

Email ​

Logging ​

Uploads ​

Localisation ​

Services (background tasks) ​

AI and MCP Tooling ​

Swagger / OpenAPI ​

GraphQL ​

MCP (Model Context Protocol) ​

Minimal .env for Development ​

Minimal .env for Production ​