tl-openmeter-local-dev
Facilitates local development and troubleshooting of OpenMeter with Docker, Stripe, and webhook configurations.
Install this skill
Security score
The tl-openmeter-local-dev skill was audited on May 12, 2026 and we found 61 security issues across 3 threat categories, including 16 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Curl to non-GitHub URL
| 95 | curl http://localhost:8888/api/v1/meters |
Curl to non-GitHub URL
| 120 | Verify: `curl http://localhost:8888/api/v1/apps` — should show Stripe (Sandbox may also be present and is irrelevant). |
Curl to non-GitHub URL
| 131 | 4. Get URL: `curl http://127.0.0.1:4040/api/tunnels` |
Curl to non-GitHub URL
| 201 | curl http://localhost:8888/api/v1/meters |
Curl to non-GitHub URL
| 204 | curl http://localhost:8888/api/v1/apps |
Curl to non-GitHub URL
| 207 | curl -X POST http://127.0.0.1:3001/webhooks/openmeter \ |
Webhook reference - potential data exfiltration
| 3 | description: Set up and troubleshoot OpenMeter for local development with Docker, ngrok, Stripe app, and webhook configuration. Covers self-hosted vs Cloud differences, catalog sync, environment-aware |
Webhook reference - potential data exfiltration
| 18 | Run OpenMeter locally with full metering, billing, and webhook support. Covers the gotchas that differ between self-hosted (Docker) and Cloud (staging/production). |
Webhook reference - potential data exfiltration
| 23 | - "Configure ngrok for webhooks" |
Webhook reference - potential data exfiltration
| 25 | - "Why is my webhook 500ing?" |
Webhook reference - potential data exfiltration
| 28 | - When user mentions OpenMeter + Docker, local dev, or webhook issues |
Webhook reference - potential data exfiltration
| 44 | - [references/webhooks.md](references/webhooks.md) — Webhook auth modes, event types, testing |
Webhook reference - potential data exfiltration
| 78 | | Webhook channels via API | **NO** ("not implemented") | Yes (Svix-backed) | |
Webhook reference - potential data exfiltration
| 79 | | Webhook notifications | **Yes** (YAML config only) | Yes (API channels) | |
Webhook reference - potential data exfiltration
| 82 | **Key insight**: Webhooks work locally via `config.local.yaml` static configuration. Cloud uses the `POST /api/v1/notification/channels` API (Svix). The catalog sync script handles this automatically. |
Webhook reference - potential data exfiltration
| 126 | Required for Stripe App callbacks and Stripe webhooks locally. |
Webhook reference - potential data exfiltration
| 136 | npx tsx scripts/openmeter/set-openmeter-webhook-url.ts |
Webhook reference - potential data exfiltration
| 151 | Expected local output includes `⊘ Skipping webhook channel (not supported on self-hosted OpenMeter)` — this is normal. |
Webhook reference - potential data exfiltration
| 167 | ## Step 6: Configure Stripe Webhooks |
Webhook reference - potential data exfiltration
| 169 | In [Stripe Dashboard](https://dashboard.stripe.com/test/webhooks): |
Webhook reference - potential data exfiltration
| 171 | 1. Add endpoint: `https://YOUR-NGROK-URL/webhooks/stripe` |
Webhook reference - potential data exfiltration
| 173 | 3. Copy signing secret to `.env` as `STRIPE_WEBHOOK_SECRET_DEV=whsec_...` |
Webhook reference - potential data exfiltration
| 177 | ## Webhook Authentication |
Webhook reference - potential data exfiltration
| 179 | See [references/webhooks.md](references/webhooks.md) for full details. |
Webhook reference - potential data exfiltration
| 183 | | Svix signatures | Cloud (staging/prod) | `SVIX_WEBHOOK_SECRET` + Svix headers | |
Webhook reference - potential data exfiltration
| 184 | | x-webhook-secret | Self-hosted with secret | `OPENMETER_WEBHOOK_SECRET` header check | |
Webhook reference - potential data exfiltration
| 206 | # Webhook endpoint responding |
Webhook reference - potential data exfiltration
| 207 | curl -X POST http://127.0.0.1:3001/webhooks/openmeter \ |
Webhook reference - potential data exfiltration
| 238 | - [ngrok](https://ngrok.com/docs) — Secure tunnels for webhook testing |
Ngrok tunnel reference
| 3 | description: Set up and troubleshoot OpenMeter for local development with Docker, ngrok, Stripe app, and webhook configuration. Covers self-hosted vs Cloud differences, catalog sync, environment-aware |
Ngrok tunnel reference
| 5 | compatibility: Requires Docker Desktop, Node.js 18+, PowerShell or Bash. Ngrok required for Stripe billing. |
Ngrok tunnel reference
| 23 | - "Configure ngrok for webhooks" |
Ngrok tunnel reference
| 59 | - Yes → Steps 1, 2, 3, 4, 5, 6 (full setup with ngrok) |
Ngrok tunnel reference
| 62 | **Question 3: Ngrok status** (only if Stripe = yes) |
Ngrok tunnel reference
| 63 | - Already set up → skip ngrok install in Step 3 |
Ngrok tunnel reference
| 124 | ## Step 3: Set Up Ngrok |
Ngrok tunnel reference
| 128 | 1. Install: `choco install ngrok` (Windows) or `brew install ngrok` (macOS) |
Ngrok tunnel reference
| 129 | 2. Auth: `ngrok config add-authtoken YOUR_TOKEN` |
Ngrok tunnel reference
| 130 | 3. Start: `.\scripts\start-ngrok.ps1` or `ngrok http 3001` |
Ngrok tunnel reference
| 163 | For ngrok HTTP forwarding, set `API_HTTP_FOR_NGROK=true` in `.env`. |
Ngrok tunnel reference
| 171 | 1. Add endpoint: `https://YOUR-NGROK-URL/webhooks/stripe` |
Ngrok tunnel reference
| 222 | | Ngrok URL changed | Update `.env`, `config.local.yaml`, Stripe Dashboard; restart OpenMeter | |
Ngrok tunnel reference
| 238 | - [ngrok](https://ngrok.com/docs) — Secure tunnels for webhook testing |
Access to .env file
| 118 | **Requires**: `STRIPE_SECRET_KEY` in `.env` |
Access to .env file
| 163 | For ngrok HTTP forwarding, set `API_HTTP_FOR_NGROK=true` in `.env`. |
Access to .env file
| 173 | 3. Copy signing secret to `.env` as `STRIPE_WEBHOOK_SECRET_DEV=whsec_...` |
Access to .env file
| 222 | | Ngrok URL changed | Update `.env`, `config.local.yaml`, Stripe Dashboard; restart OpenMeter | |
External URL reference
| 95 | curl http://localhost:8888/api/v1/meters |
External URL reference
| 98 | Portal UI: `http://localhost:8889` |
External URL reference
| 120 | Verify: `curl http://localhost:8888/api/v1/apps` — should show Stripe (Sandbox may also be present and is irrelevant). |
External URL reference
| 131 | 4. Get URL: `curl http://127.0.0.1:4040/api/tunnels` |
External URL reference
| 169 | In [Stripe Dashboard](https://dashboard.stripe.com/test/webhooks): |
External URL reference
| 171 | 1. Add endpoint: `https://YOUR-NGROK-URL/webhooks/stripe` |
External URL reference
| 201 | curl http://localhost:8888/api/v1/meters |
External URL reference
| 204 | curl http://localhost:8888/api/v1/apps |
External URL reference
| 207 | curl -X POST http://127.0.0.1:3001/webhooks/openmeter \ |
External URL reference
| 232 | - [OpenMeter Docker Setup](https://openmeter.io/docs/installation/docker) — Official Docker guide |
External URL reference
| 233 | - [OpenMeter Self-Hosted](https://openmeter.io/docs/guides/self-hosted) — Self-hosting guide |
External URL reference
| 234 | - [Stripe App Setup](https://openmeter.io/docs/guides/stripe) — Stripe integration |
External URL reference
| 238 | - [ngrok](https://ngrok.com/docs) — Secure tunnels for webhook testing |
External URL reference
| 239 | - [Stripe CLI](https://stripe.com/docs/stripe-cli) — Local Stripe development |