diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 00fa35ed..d00fb8e4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -146,25 +146,21 @@ jobs:
   # Validate plano config
   # ──────────────────────────────────────────────
   validate-config:
-    needs: plano-cli-tests
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v6
 
-      - name: Download planoai binary
-        uses: actions/download-artifact@v6
+      - name: Set up Python
+        uses: actions/setup-python@v6
         with:
-          name: planoai-binary
-          path: crates/target/release/
+          python-version: "3.14"
 
-      - name: Make binary executable
-        run: chmod +x crates/target/release/planoai
+      - name: Install planoai
+        run: pip install -e ./cli
 
       - name: Validate plano config
-        run: |
-          export PATH="$PWD/crates/target/release:$PATH"
-          bash config/validate_plano_config.sh
+        run: bash config/validate_plano_config.sh
 
   # ──────────────────────────────────────────────
   # Docker security scan (Trivy)
diff --git a/config/validate_plano_config.sh b/config/validate_plano_config.sh
index e65bf5c2..572ac2ec 100644
--- a/config/validate_plano_config.sh
+++ b/config/validate_plano_config.sh
@@ -8,7 +8,13 @@ for file in $(find . -name config.yaml -o -name plano_config_full_reference.yaml
   rendered_file="$(pwd)/${file}_rendered"
   touch "$rendered_file"
 
-  planoai validate "$(pwd)/${file}" 2>&1 > /dev/null
+  PLANO_CONFIG_FILE="$(pwd)/${file}" \
+  PLANO_CONFIG_SCHEMA_FILE="${SCRIPT_DIR}/plano_config_schema.yaml" \
+  TEMPLATE_ROOT="${SCRIPT_DIR}" \
+  ENVOY_CONFIG_TEMPLATE_FILE="envoy.template.yaml" \
+  PLANO_CONFIG_FILE_RENDERED="$rendered_file" \
+  ENVOY_CONFIG_FILE_RENDERED="/dev/null" \
+  python -m planoai.config_generator 2>&1 > /dev/null
 
   if [ $? -ne 0 ]; then
     echo "Validation failed for $file"