Tova

Appearance

TovaA Modern Programming Language

Clean syntax. Pattern matching. Result types. High performance. From scripts to full-stack web — one language, one toolchain.

Get Started
Why Tova?
Playground

Clean, Expressive Syntax

Pipe operators, pattern matching with ranges/guards/string concat, algebraic data types, generics, interfaces, derive, guard clauses, Result/Option error handling, implicit returns, no semicolons.

High Performance

Result.map chain fusion (10x), array fill detection with Uint8Array upgrade (3x), range-to-for-loop rewrite, @wasm WebAssembly compilation, @fast TypedArray coercion, Rust FFI radix sort, multi-core parallel_map.

@wasm -- Native WebAssembly

Decorate any numeric function with @wasm to compile it to WebAssembly binary. Zero external toolchain. The compiler generates raw WASM bytes directly. Falls back to standard codegen automatically.

@fast -- TypedArray Optimization

Decorate functions with @fast to auto-coerce arrays to Float64Array/Int32Array. Dot product on 1M elements in 97ms. Kahan summation, vector ops, and a typed stdlib included.

Scripting & Data

CSV/JSON/JSONL/TSV I/O, file system ops, shell execution, pipe-based data pipelines. Run any .tova file directly -- no project scaffold needed.

parallel_map -- Multi-Core

Distribute CPU-intensive work across all cores with a persistent worker pool. 3.5x speedup on 8 cores. Workers reuse across calls -- zero startup overhead after first invocation.

Batteries Included

60+ stdlib functions, Tables/DataFrames, AI integration (Anthropic/OpenAI/Ollama), built-in test runner, REPL, LSP server, VS Code extension, production build with minification.

Compile-Time Security

One declarative security block for auth, RBAC, route protection, sensitive fields, CORS, CSP, rate limiting, CSRF, HSTS, and audit logging. Zero runtime dependencies. Compiler catches misconfigurations before your code runs.

Full-Stack Web

shared/server/browser blocks with automatic RPC bridge. Call server.get_users() from browser code -- the compiler handles networking, serialization, validation. Fine-grained signal reactivity.

The Language

Tova is a general-purpose programming language. You can write scripts, CLI tools, data pipelines, AI applications, and full-stack web apps -- all in one language with one toolchain.

Pattern Matching

tova
fn describe(shape) {
  match shape {
    Circle(r)      => "circle with area {3.14159 * r * r}"
    Rect(w, h)     => "rectangle {w}x{h}"
    Triangle(b, h) => "triangle with area {0.5 * b * h}"
  }
}

match args() {
  ["add", name]      => add_task(name)
  ["done", id]       => complete_task(toInt(id))
  ["list"]           => list_tasks() |> each(fn(t) print(t))
  _                  => print("Usage: tasks <add|done|list>")
}

The compiler checks exhaustiveness and warns on uncovered variants.

Pipes & Functional Composition

tova
result = data
  |> filter(fn(x) x > 0)
  |> map(fn(x) x * 2)
  |> sortBy(.value)
  |> take(10)
  |> sum()

Error Handling Without Exceptions

tova
fn load_config(path) {
  content = read_file(path)?            // Early return on Err
  config = parse_json(content)?
  Ok(config)
}

// Chain maps -- the compiler fuses them at compile time (10x faster)
value = Ok(42)
  .map(fn(x) x * 2)
  .map(fn(x) x + 1)
  .unwrap()

Types, Generics & Derive

tova
type Shape {
  Circle(radius: Float)
  Rect(width: Float, height: Float)
  Triangle(base: Float, height: Float)
} derive [Eq, Show, JSON]

interface Printable {
  fn toString() -> String
}

Scripting & Data

Tova works without web blocks. Scripts, CLI tools, data pipelines, AI apps:

tova
// Data pipeline with pipes
data = read("sales.csv")
  |> filter(fn(row) row.revenue > 1000)
  |> sortBy(.region)
  |> groupBy(.region, fn(rows) {
    { total: sumBy(rows, .revenue), count: len(rows) }
  })

write(data, "summary.json")
tova
// AI integration built in
response = ask("Summarize this document", provider: "anthropic")
embeddings = embed(texts, provider: "openai")
category = classify(text, ["positive", "negative", "neutral"])

Performance

Tova is a high-level language that generates high-performance code. The compiler applies automatic optimizations at compile time, and performance decorators let you opt in to native-speed execution for hot paths.

FeatureWhat it doesImpact
Result.map chain fusionOk(v).map(f).map(g) compiles to Ok(g(f(v)))10x faster (zero allocation)
Array fill detectionPush loops become new Array(n).fill(val)3x faster
Boolean fill upgradeBoolean arrays become Uint8ArrayContiguous memory
Range-to-for rewritefor i in range(n) becomes a C-style loopNo array allocation
@wasm decoratorCompiles to WebAssembly binaryNative WASM speed
@fast decoratorCoerces arrays to TypedArrays97ms dot product on 1M elements
parallel_mapPersistent worker pool across cores3.5x speedup on 8 cores
Radix sort FFIO(n) sort for numeric arrays via Rust FFISort 1M in 27ms
HTTP fast modeSync handlers, direct dispatch108K req/s

See the full performance guide.

Compile-Time Security

The security {} block centralizes your entire security policy in one place. The compiler generates all enforcement code -- zero runtime dependencies.

tova
security {
  auth jwt { secret: env("JWT_SECRET"), expires: 86400 }

  role Admin { can: [manage_users, view_analytics] }
  role User  { can: [view_profile, edit_profile] }

  protect "/api/admin/*" { require: Admin }
  protect "/api/*" { require: authenticated }

  sensitive User.password { never_expose: true }
  sensitive User.email { visible_to: [Admin, "self"] }

  cors { origins: ["https://myapp.com"], credentials: true }
  csp { default_src: ["self"], script_src: ["self"] }
  rate_limit { max: 1000, window: 3600 }
  csrf { enabled: true, exempt: ["/api/webhooks/*"] }
  audit { events: [login, logout, manage_users], store: "audit_log" }
}

From this, the compiler generates JWT validation, role checking, route middleware, field sanitization, CSRF tokens, rate limit tracking, CSP headers, and audit logging. Default OWASP security headers are emitted on all server responses even without a security block. Compile-time warnings catch undefined roles, hardcoded secrets, CORS wildcards, SQL injection patterns, and XSS risks before your code ever runs. Use --strict-security to promote all security warnings to errors in CI. Learn more.

Full-Stack Web

When you need a web application, Tova's block model lets you write server and client code in one file:

tova
shared {
  type Todo { id: Int, text: String, done: Bool }
}

server {
  var todos = []

  fn all_todos() -> [Todo] { todos }

  fn add_todo(text: String) -> Todo {
    t = Todo(len(todos) + 1, text, false)
    todos = [...todos, t]
    t
  }
}

browser {
  state todos = []
  state draft = ""

  effect { todos = server.all_todos() }

  component App() {
    <div>
      <input value={draft} on:input={fn(e) draft = e.target.value} />
      <button on:click={fn() {
        server.add_todo(draft)
        draft = ""
        todos = server.all_todos()
      }}>"Add"</button>
      <ul>for t in todos { <li>"{t.text}"</li> }</ul>
    </div>
  }
}

server.add_todo(draft) is a compile-time RPC call. The compiler generates the HTTP endpoint, the fetch call, the serialization, and the async wrapping. You never write networking code.

Developer Experience

  • LSP server with diagnostics, completion, go-to-definition, hover, and signature help
  • VS Code extension with syntax highlighting and LSP integration
  • REPL with multi-line input and stdlib context
  • Dev server with hot reload on save
  • Production build with bundling, content hashing, and minification
  • Rich error messages with source context, carets, and suggestions
  • 6,700+ tests across 85 test files

Get Started

macOS / Linux:

bash
curl -fsSL https://raw.githubusercontent.com/tova-lang/tova-lang/main/install.sh | sh
tova new my-app
cd my-app && tova dev

Windows, macOS, or Linux (via Bun):

bash
bun install -g tova
tova new my-app
cd my-app && tova dev

Installation guide | 10-minute tour | Tutorial | Why Tova?

Released under the MIT License.

Copyright Enoch Kujem Abassey and Tova Contributors