fix: use IPv4 only for profile fetches

[michaelmwu]

Description

Limit external profile URL resolution to public IPv4 addresses so the resume profile fetcher does not pass mixed IPv4/IPv6 CURLOPT_RESOLVE entries into curl_cffi on IPv4-only containers. Add unit coverage for dual-stack hosts and IPv6 literal rejection.

Related Issue

None.

How Has This Been Tested?

uv run pytest tests/unit/test_resume_profile_processor.py -q

Summary by CodeRabbit

• Bug Fixes

  • Stricter validation now requires public IPv4 addresses for profile requests. IPv6 and non-public addresses are rejected with specific error messages. DNS resolution results are filtered to validated public IPv4 addresses only.

• Tests

  • Added test coverage for dual-stack DNS filtering and IPv6-literal profile URL rejection.

[coderabbitai]

Warning

Rate limit exceeded

@michaelmwu has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 24 minutes and 28 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c71819cb-ad4b-454c-9d0d-8c88500114d0

📥 Commits

Reviewing files that changed from the base of the PR and between 58981c1 and cd85167.

📒 Files selected for processing (2)

• packages/shared/src/five08/resume_profile_processor.py
• tests/unit/test_resume_profile_processor.py

📝 Walkthrough

Walkthrough

The changes restrict IP address handling in a profile request resolver to enforce public IPv4-only validation. The implementation now explicitly validates and filters addresses during literal IP parsing and DNS resolution, rejecting non-IPv4 and non-public addresses with specific error messages.

Changes

Cohort / File(s)	Summary
IP Address Validation Enforcement packages/shared/src/five08/resume_profile_processor.py, tests/unit/test_resume_profile_processor.py	Tightened _resolve_public_profile_request_target to require public IPv4 addresses only. Updated resolution logic to reject IPv4 literals that parse to non-IPv4 and filter resolved addresses to exclude IPv6. Added corresponding unit tests validating dual-stack DNS filtering and IPv6-literal URL rejection.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Through IPv4 fields we skip and spring,
Filtering out what's not our thing,
IPv6 and private IPs must depart,
Public IPv4 wins our heart! 🌐

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly matches the main objective: restricting profile URL resolution to IPv4 only to prevent mixed IPv4/IPv6 entries in curl operations on IPv4-only containers.
Docstring Coverage	✅ Passed	Docstring coverage is 80.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch michaelmwu/debug-github-pages

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Limits resume external profile URL resolution to public IPv4 addresses to avoid passing mixed IPv4/IPv6 CURLOPT_RESOLVE entries into curl_cffi in IPv4-only environments.

Changes:

• Reject IPv6 literals for profile URLs (require public IPv4).
• Filter DNS results to only include public IPv4 addresses when building pinned RESOLVE entries.
• Add unit tests covering dual-stack resolution behavior and IPv6 literal rejection.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
packages/shared/src/five08/resume_profile_processor.py	Enforces IPv4-only resolution and updates ordering/error behavior when no IPv4 addresses are available.
tests/unit/test_resume_profile_processor.py	Adds unit coverage for dual-stack hosts (IPv6 ignored) and IPv6 literal rejection.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.