# Migrating Tines to Code: The Complete Playbook (2026)

- Tool: No-Code to Code Migrations
- Last updated: July 2026

## TL;DR

Tines is a well-funded, active SOAR and security-workflow platform (unicorn, $272M raised as of Feb 2025). Stories export only in Tines' signed format — not as runnable code. The migration trigger is architectural: proprietary runtime, self-hosting gated behind Enterprise sales, or growing subscription cost. No urgency; this is a deliberate build-vs-buy decision for code-native security teams.

## Platform status

- Status: active — Tines (Dublin, founded 2018) raised a $125M Series C on Feb 11, 2025 at a $1.125B valuation (led by Goldman Sachs Growth Equity and SoftBank Vision Fund 2), bringing total funding to $272M. Prior: $50M Series B extension April 24, 2024 (Accel + Felicis). The platform continues shipping enterprise features through 2026. Self-hosting is Enterprise-only, gated behind a sales conversation.
- Migration urgency: low
- Typical timeline: 8–12 weeks
- Typical cost: $13K–$25K (agency, fixed)

## Why migrate

Tines is financially healthy and not at risk. The migration trigger is architectural — proprietary runtime with no code eject, self-hosting gated behind Enterprise, and a cost model that doesn't fit mid-market security teams.

- **Proprietary runtime, no code export** — Tines stories (workflows) are portable within Tines but run only on the Tines runtime. There is no eject to code; migration means a full rebuild, not a port.
- **Self-host gated behind Enterprise sales** — Self-hosting requires an Enterprise contract and a sales conversation (tines.com/docs/self-hosted/before-you-begin). Not openly downloadable; cannot self-host on Community or lower-tier plans.
- **Security teams hitting feature cost cliffs** — Tines' primary market is SOC automation. Pricing at Enterprise tier for self-host, compliance features, and staging environments may not fit mid-market security team budgets.
- **Lock-in deepens over time** — Every new story built in Tines is another unit of logic that must be rebuilt to leave. The longer a team stays, the larger the migration scope becomes.
- **No Git-native versioning at lower tiers** — Stories are treated as production artifacts. Peer review and staging workflows require Enterprise features; the absence of Git-native versioning creates operational risk in security contexts where change management matters.

## What you can export

Tines does not store your business data — it processes events and calls APIs. Stories export in a Tines-signed format usable only within the Tines ecosystem, not as runnable code on any other platform.

| Asset | Exportable | How |
| --- | --- | --- |
| Data | no | Tines does not store your business data. All data lives in your SIEM, ticketing system, email, or other connected tools. Export from those source systems directly. |
| Code | no | Stories (workflows) are Tines-proprietary. They export as signed Tines-format files and can only be imported into another Tines instance. |
| Design/UI | no | Not applicable — Tines is a workflow/automation platform with no app UI to export. |
| Logic/Workflows | partial | Stories can be exported in Tines' signed format and imported into another Tines environment — useful for staging/prod separation within Tines. The logic is visible within the editor and can be documented and reconstructed manually. |
| Users & Auth | no | Tines manages workspace auth. Password hash export is not documented. User list export is not documented. |

## Stack mapping

The target stack is Next.js + Supabase/PostgreSQL, replacing Tines' story runtime with typed TypeScript Server Actions, direct SDK calls, and a Supabase-backed case management layer.

| Platform concept | Code equivalent |
| --- | --- |
| Story trigger (webhook) | Next.js Route Handler + HMAC signature verification |
| Story trigger (schedule/polling) | Vercel Cron Jobs or pg_cron in Supabase |
| Action (HTTP request) | fetch() with error handling in a Next.js Server Action |
| Action (send email/Slack/Jira) | Direct SaaS SDK (Resend, Slack SDK, Jira API) |
| Action (condition/branch) | TypeScript if/switch in a Server Action |
| Case management (grouping events) | Supabase table with case_id, status, events JSONB |
| Team permissions | Supabase Row Level Security + role column |
| Audit trail | Supabase table with action_id, story_id, actor, timestamp, payload |

## Migration roadmap

The extraction phase starts with exporting every story and manually documenting it as a rebuild specification. Security-context migrations require a phased cutover with parallel running — no hard cutover mid-incident.

### Phase 1: Phase 1: Story Documentation (1–2 weeks)

- Export every story from Tines in Tines' signed format; store exports in Git as documentation artifacts
- For each story, document: trigger type, trigger source (which external system), number of actions, all external API calls made, and all downstream systems affected
- Count the total number of actions across all active stories — this is the migration-effort proxy (complex stories with 8–10 actions are 3–5x longer to rebuild than simple ones)
- List every credential stored in Tines (SIEM API key, Jira token, Slack token, etc.) and identify the team owner of each

### Phase 2: Phase 2: Infrastructure Foundation (1 week)

- Set up Next.js project with Supabase, configure Supabase Vault for credential management — security contexts require proper secrets from the start
- Design the case management schema in Supabase (case_id, status, events JSONB, created_at, updated_at) before writing any story code
- Implement audit logging table (action_id, story_id, actor, timestamp, payload) — required from day one in security contexts
- Establish a staging Vercel environment for parallel running

### Phase 3: Phase 3: Story Rebuild (phased by priority) (5–8 weeks)

- Rebuild lowest-risk stories first — monitoring and alerting before phishing triage or incident response
- Implement each story as a Server Action or Route Handler; add HMAC signature verification for all webhook triggers
- Re-authorize each credential in Supabase Vault; test each external API connection before any story goes live
- Run old Tines story and new implementation in parallel; define explicit parity criteria per story before cutover

> Watch out: SOC stories that cover phishing triage, incident response, or alert enrichment create a real security operations gap if they go offline during migration. Do not cut over any security-critical story until the new implementation has run in parallel through at least one live incident cycle.

### Phase 4: Phase 4: Cutover & Governance (1–2 weeks)

- Disable Tines stories one by one after confirming new equivalents meet parity criteria and have survived at least one full operational cycle
- Implement code review via Git pull requests for all future workflow changes — equivalent to Tines' Enterprise staging/approval workflow
- Document the new stack architecture, story inventory, and credential owners for team onboarding
- Cancel or downgrade Tines subscription after confirming all stories are stable

## Cost paths

| Path | Cost | Timeline | Fits |
| --- | --- | --- | --- |
| DIY (with AI tools) | $0–$500 + time | 4–6 months part-time | Code-native security engineering teams with clear story documentation and fewer than 10 active stories. Works when the team has direct experience building webhook handlers and API integrations. |
| Freelancer | $3K–$10K | 4–8 weeks | Teams with well-documented stories, a small story library (under 10), and connectors limited to common platforms (Slack, Jira, email). Requires strong specification handoff. |
| Agency (RapidDev) | $13K–$25K fixed | 8–12 weeks | Security teams with 10+ stories, complex SIEM/ticketing integrations, compliance requirements, or the need to maintain SOC coverage throughout migration with zero gap. |

## Risks and mitigations

- **Security operations gap during migration** — Phishing triage, incident response, and alert-enrichment stories going offline during migration create a real SOC gap. Run old and new implementations in parallel. Define explicit parity criteria per story. Do not cut over any security-critical story during an active incident.
- **Story complexity underestimation** — A Tines story that appears simple in the editor may call 8–10 external APIs with complex error handling and conditional branching. Count the number of actions and external API calls in every story before estimating migration effort — complex stories take 3–5x longer to rebuild than simple ones.
- **Credential re-entry across multiple security tools** — Tines stores credentials for SIEM, threat intelligence feeds, ticketing, email, and messaging. Each must be re-established in Supabase Vault with appropriate access control. Document every credential before starting; identify the team owner for each. Scheduling re-authorization sessions is often the longest lead-time item.
- **Peer review and compliance gap** — If you use Enterprise Tines with staging/approval workflows, you need equivalent governance immediately for compliance purposes. Implement Git pull request review for all workflow changes and a staging Vercel environment from day one — not as a follow-up.
- **No drop-in replacement for Tines' collaborative UX** — Tines provides a visual story builder with collaborative review that non-technical analysts can use. A code-based replacement requires developer-grade tooling. Evaluate whether a hybrid approach — Tines for analyst-operated stories, code for engineer-owned automations — is more realistic than a full migration.

## Stay or go

Stay if:

- Your SOC team is analyst-heavy and non-technical; Tines' visual story builder is a genuine productivity advantage that code cannot replace for them
- You are already on Enterprise and self-hosting within your own VPC, which resolves the data-residency concern
- Your story library is growing and the rebuild cost at current scope would exceed 12 months of Tines subscription cost

Go if:

- You need self-hosting but cannot justify the Enterprise sales conversation and its associated cost tier
- Your security engineering team is code-native and the visual editor is not adding value over direct code review and Git-based change management
- You are hitting Tines pricing cliffs and the renewal cost has triggered an internal build-vs-buy review

Tines is a legitimate, funded platform with a strong position in security automation. The decision to migrate is primarily economic and architectural, not urgency-driven. If your team is code-native and SOC automation logic is owned by engineers, a code-based stack is maintainable and cheaper at scale. If your SOC is analyst-operated, stay and use Tines as designed.

## Migration checklist

- Export every story from Tines and store the exports in Git as documentation artifacts — Signed story exports are the only portable artifact from Tines. Store them as documentation even though they cannot run outside Tines.
- Document each story: trigger source, number of actions, all external APIs called, and downstream systems affected — This documentation is your rebuild specification. The total action count across all stories is your migration-effort proxy.
- Count the total number of actions across all active stories — Stories with 8–10 actions calling multiple external APIs take 3–5x longer to rebuild than simple 2–3 action stories. This count drives your timeline estimate.
- List every credential stored in Tines and identify the team owner of each — Credential re-authorization is typically the longest scheduling bottleneck in security-tool migrations. Start early.
- Evaluate Supabase Vault for secret management before writing any code — Security contexts require proper secret handling from day one. Environment variables in plain text are not an acceptable long-term solution for SIEM keys and threat-intelligence credentials.
- Define a parity cutover criterion for each story before starting the rebuild — SOC stories cannot be cut over on a schedule — they must meet explicit parity criteria and survive a live operational cycle. Document these criteria before writing a line of code.

## Frequently asked questions

### Can I export my Tines story logic as code?

No. Tines stories export in a Tines-signed format that can only be imported into another Tines instance. There is no automated code-generation from stories and no eject path to a different runtime. Migration means manually documenting each story's logic and rebuilding it as TypeScript Server Actions and fetch calls.

### Is Tines shutting down?

No. Tines raised a $125M Series C on Feb 11, 2025 at a $1.125B valuation, bringing total funding to $272M. The platform is actively shipping enterprise features. The reason to migrate is architectural — proprietary runtime, self-hosting gated behind Enterprise sales, or pricing — not platform risk.

### Can I self-host Tines?

Only on an Enterprise contract, after a sales conversation (documented at tines.com/docs/self-hosted/before-you-begin). Self-hosting is not available on Community or lower-tier plans and is not openly downloadable. If self-hosting is a requirement you cannot meet through Enterprise pricing, migration is the only path.

### What happens to my users and credentials when I migrate off Tines?

Tines manages workspace auth and credential storage. User list export and password hash export are not documented as available. All users and access control must be rebuilt from scratch using Supabase Auth and RLS policies. More importantly, every credential stored in Tines (SIEM API key, Jira token, Slack token, threat-intelligence feeds) must be re-entered in Supabase Vault — document them all before starting.

### How long does a Tines migration take?

Typically 8–12 weeks. The largest variables are the number of active stories, the average action count per story (stories with 8–10 external API calls take 3–5x longer than 2–3 action stories), and the number of credentials requiring re-authorization. Security contexts also require a parallel-running period before cutover, which adds 2–4 weeks.

### How do I maintain SOC coverage during the migration?

Run the old Tines story and the new implementation in parallel. Define explicit parity criteria for each story (same alert enrichment, same ticket creation, same Slack notification) and a minimum parallel-running period before cutover. Do not cut over any security-critical story during an active incident. Migrate monitoring and alerting stories first; leave phishing triage and incident response stories last.

### How much does a Tines migration cost?

DIY for a code-native security team with a small story library: near-zero software cost, 4–6 months part-time effort. Freelancer for well-documented stories: $3K–$10K. Fixed-price agency engagement for teams with 10+ stories, multiple SIEM integrations, or compliance requirements: $13K–$25K over 8–12 weeks. RapidDev offers a free scoping call to count your active stories and estimate effort at rapidevelopers.com.

### Should I consider a hybrid approach — keeping Tines for analysts and rebuilding only engineer-owned stories in code?

Yes, this is often the most practical path. Tines' visual story builder genuinely benefits non-technical analysts who need to create and modify workflows without engineering support. A hybrid model — Tines for analyst-operated stories, custom code for engineer-owned complex automations — may deliver better ROI than a full migration, especially if your Community or Pro tier pricing is acceptable.

---

Source: https://www.rapidevelopers.com/no-code-to-code/how-to-migrate-tines-io-project-to-code
© RapidDev — https://www.rapidevelopers.com/no-code-to-code/how-to-migrate-tines-io-project-to-code
