feat: add events module

[kewynakshlley]

No description provided.

[cubic-dev-ai]

7 issues found across 14 files

Confidence score: 2/5

• There is high merge risk from src/main/java/com/resend/services/events/Events.java: the API key permission-check requirement for newly added create/update/remove/send operations is flagged at high severity/confidence, which can cause authorization regressions if not explicitly validated.
• src/main/java/com/resend/services/events/Events.java also concatenates raw event identifiers into /events/ paths; without URL encoding, valid IDs containing reserved characters can break routing and user-facing requests.
• Model immutability concerns in src/main/java/com/resend/services/events/model/SendEventOptions.java and src/main/java/com/resend/services/events/model/CreateEventOptions.java (storing/exposing mutable maps by reference) can lead to unexpected request-data mutation after build(), increasing behavioral instability.
• Pay close attention to src/main/java/com/resend/services/events/Events.java, src/main/java/com/resend/services/events/model/SendEventOptions.java, src/main/java/com/resend/services/events/model/CreateEventOptions.java, and src/test/java/com/resend/services/events/EventsTest.java - permission checks, URL safety, mutability leaks, and mocked-under-test coverage gaps are the key risks.

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="src/main/java/com/resend/services/events/Events.java">

<violation number="1" location="src/main/java/com/resend/services/events/Events.java:15">
P1: Custom agent: **API Key Permission Check SDK Methods**

Rule `API Key Permission Check SDK Methods` is triggered: this PR adds new Events operations (create/update/remove/send), so you need to explicitly confirm production API keys have the required scopes before release to avoid permission-related runtime failures.</violation>

<violation number="2" location="src/main/java/com/resend/services/events/Events.java:53">
P2: Encode event identifiers before appending them to `/events/` paths; raw concatenation can break routing for valid names containing reserved URL characters.</violation>
</file>

<file name="src/test/java/com/resend/services/events/EventsTest.java">

<violation number="1" location="src/test/java/com/resend/services/events/EventsTest.java:23">
P1: These tests mock the class under test (`Events`), so they don't validate real module behavior and can produce false confidence.</violation>
</file>

<file name="src/main/java/com/resend/services/events/model/SendEventOptions.java">

<violation number="1" location="src/main/java/com/resend/services/events/model/SendEventOptions.java:31">
P2: `SendEventOptions` stores the caller-provided payload map by reference, so external mutations after `build()` can change the request data unexpectedly.</violation>

<violation number="2" location="src/main/java/com/resend/services/events/model/SendEventOptions.java:67">
P2: `getPayload()` exposes internal mutable state; callers can modify the returned map and mutate the object.</violation>
</file>

<file name="src/test/java/com/resend/services/util/EventsUtil.java">

<violation number="1" location="src/test/java/com/resend/services/util/EventsUtil.java:78">
P2: Replace the hardcoded personal email with a non-deliverable test address (for example, `example.com`) to avoid committing PII and accidental real-email sends.</violation>
</file>

<file name="src/main/java/com/resend/services/events/model/CreateEventOptions.java">

<violation number="1" location="src/main/java/com/resend/services/events/model/CreateEventOptions.java:23">
P2: CreateEventOptions stores the schema map by reference, allowing external mutation after build. Make a defensive copy (and ideally wrap it as unmodifiable) in the constructor.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}