Add docpull to ecosystem

[docpull]

Description

Adds docpull to the x402 ecosystem as a Services/Endpoints partner.

docpull is a PDF to Markdown API for AI agents. It accepts any publicly accessible PDF URL and returns structured Markdown, charged at $0.001 USDC per page via x402 v2 on Base mainnet. No accounts, no API keys, no subscriptions.

• Live at: https://docpull.ai
• API docs: https://docpull.ai/openapi.json
• MCP server: https://docpull.ai/mcp
• GitHub: https://github.com/docpull/docpull
• Category: Services/Endpoints

Checklist

• Working mainnet integration
• API documentation published
• Actively maintained

[cb-heimdall]

🟡 Heimdall Review Status

Requirement	Status	More Info
Reviews	🟡 0/1	Denominator calculation Show calculation 1 if user is bot 0 1 if user is external 0 2 if repo is sensitive 0 From .codeflow.yml 1 Additional review requirements Show calculation Max 0 0 From CODEOWNERS 0 Global minimum 0 Max 1 1 1 if commit is unverified 0 Sum 1

[TateLyman]

Ran a no-payment external pass against the public docpull surface. No payment headers, signatures, or paid calls were sent.

Repro:

npx --yes x402-surface-check@latest https://docpull.ai/openapi.json --limit 8 --origin https://docpull.ai
curl -i https://docpull.ai/.well-known/api-catalog
curl -i https://docpull.ai/.well-known/ai-plugin.json
curl -i https://docpull.ai/mcp
curl -i -X OPTIONS https://docpull.ai/extract \
  -H "Origin: https://docpull.ai" \
  -H "Access-Control-Request-Method: POST" \
  -H "Access-Control-Request-Headers: X-PAYMENT,Content-Type,Authorization"

What looks good:

• /openapi.json, /llms.txt, /.well-known/api-catalog, /.well-known/ai-plugin.json, and /?mode=agent are public and machine-readable.
• POST /extract returns a structured x402 402 before extraction.
• Observed challenge price is $0.001 on Base mainnet USDC, matching the PR/docs.
• /mcp responds as a streamable HTTP MCP endpoint and exposes server info even on GET/405.

Patch notes before/after merge:

• P1: browser preflight to POST /extract currently returns 404 with no Access-Control-Allow-Origin / Access-Control-Allow-Headers, so browser agents cannot discover that X-PAYMENT is allowed before retrying. Add an OPTIONS handler that allows X-PAYMENT, Content-Type, Authorization for the paid route.
• P1: the actual 402 response for /extract does not expose Access-Control-Allow-Origin, so browser agents also cannot read the payment challenge.
• P2: the challenge has a top-level resource URL, but the accepts[] entries do not repeat the charged URL. Mirroring the canonical resource into each accept leg, or documenting the top-level resource as authoritative, makes wallet-side spend maps easier to verify.
• P3: /.well-known/x402 returns 404 even though other discovery surfaces are strong. Either add a small x402 discovery document there or explicitly point agents to /.well-known/api-catalog, /?mode=agent, and /openapi.json as the canonical discovery paths.

I did not send X-PAYMENT, sign anything, or attempt a paid extraction.