diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
new file mode 100644
index 0000000..9352475
--- /dev/null
+++ b/.github/workflows/e2e.yml
@@ -0,0 +1,52 @@
+# ─────────────────────────────────────────────────────────────────────────────
+# e2e.yml — run the FULL browser-driving e2e suite (the 138 @pytest.mark.e2e)
+# on GitHub, on every push/PR to main.
+#
+# Why this can run on CI when the drive-gate had to stay light: the drive-gate
+# launched Firefox in true HEADLESS mode, which is content-process unstable on
+# the hosted runners (eval-CSP / context-destroyed). The stealth wrapper instead
+# launches Firefox HEADED on a real display; under `xvfb-run` (a virtual X
+# server) that's exactly what we get on a headless CI box — stable, and the same
+# thing webrtc-e2e.yml already relies on.
+#
+# Secret-free, so it's safe in public CI: the binary is the PUBLIC firefox-9
+# release (no token), and the webrtc e2e fake a local TCP-only SOCKS. The proxy
+# realness gate (fppro / smartproxy) is NOT here — it needs secrets and stays a
+# local pre-release gate.
+# ─────────────────────────────────────────────────────────────────────────────
+name: e2e
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  e2e:
+    name: e2e (linux, xvfb)
+    runs-on: ubuntu-24.04
+    timeout-minutes: 40
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+        with: { fetch-depth: 1 }
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
+        with: { python-version: '3.11' }
+      - name: Install wrapper + test deps (+ pinned Playwright)
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install ".[dev]"
+          python -m pip install "playwright==$(cat scripts/playwright_pin.txt)"
+      - name: System deps (xvfb + Firefox runtime libs)
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y xvfb
+          sudo "$(which python)" -m playwright install-deps firefox
+      - name: Fetch the published firefox binary
+        run: echo "FF=$(python -m invisible_playwright fetch | tail -1)" >> "$GITHUB_ENV"
+      - name: Run the full e2e suite under a virtual display
+        run: xvfb-run -a python scripts/run_e2e.py "$FF"