fix:await async express routes

[phdargen]

Description

The express middleware does not actually await the route handler to complete. Thus for asyn operations the following res.statusCode >= 400 is ineffective and settlement might be triggered for failed API calls similar to the next middleware issue fixed here: https://github.com/coinbase/x402/pull/664

Proposed solution:

• Add a promise that resolves when res.end() is called by the handler
• When buffered res.end() is called signal that the response is ready
• Check res.statusCode only after resolves

Tests

Modified express example with protected routes:

app.get("/error", (req, res) => {
  res.status(500).send({ error: "Request timeout" });
});

app.get("/error-async", (req, res) => {
  setTimeout(() => {
    res.status(500).send({ error: "Request timeout" });
  }, 1000);
});

Before:

• Client output for error route: { error: 'Request timeout' }
• Client output for error-async route:

{ error: 'Request timeout' }
{
  success: true,
  transaction: '0xb0f94f5471b7cd01a90ff6da98d0cd82afb8c1309a8edfe0271f3d7ca767be29',
  network: 'base-sepolia',
  payer: '0xE33A295AF5C90A0649DFBECfDf9D604789B892e2'
}

After:

• Client output for error route: { error: 'Request timeout' }
• Client output for error-async route: { error: 'Request timeout' }

Checklist

• [x] I have formatted and linted my code
• [x] All new and existing tests pass
• [x] My commits are signed (required for merge) -- you may need to rebase if you initially pushed unsigned commits

[cb-heimdall]

✅ Heimdall Review Status

Requirement	Status	More Info
Reviews	✅ 1/1	Denominator calculation Show calculation 1 if user is bot 0 1 if user is external 0 2 if repo is sensitive 0 From .codeflow.yml 1 Additional review requirements Show calculation Max 0 0 From CODEOWNERS 0 Global minimum 0 Max 1 1 1 if commit is unverified 0 Sum 1

[vercel[bot]]

@phdargen is attempting to deploy a commit to the Coinbase Team on Vercel.

A member of the Team first needs to authorize it.