diff --git a/.github/workflows/Dockerfile.qa b/.github/workflows/Dockerfile.qa
new file mode 100644
index 00000000..44d179e3
--- /dev/null
+++ b/.github/workflows/Dockerfile.qa
@@ -0,0 +1,26 @@
+FROM python:3.13.2 AS builder
+
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1
+WORKDIR /app
+
+RUN python -m venv .venv
+
+COPY requirements.txt ./
+
+# Copy the dev firewall package
+COPY aikido_zen-*.whl ./
+
+# === THIS SECTION IS MODIFIED FOR QA STEP ===
+RUN .venv/bin/pip install -r requirements.txt && \
+    .venv/bin/pip uninstall -y aikido-zen && \
+    .venv/bin/pip install ./aikido_zen-*.whl
+# === END OF MODIFIED SECTION ===
+
+FROM python:3.13.2-slim
+WORKDIR /app
+RUN apt update && apt install -y gdb procps
+COPY --from=builder /app/.venv .venv/
+COPY . .
+ENV AIKIDO_BLOCK="1"
+CMD ["/app/.venv/bin/gunicorn", "--bind=[::]:8080", "--access-logfile=-", "--workers=1", "--threads=4", "wsgi:app"]
diff --git a/.github/workflows/qa-tests.yml b/.github/workflows/qa-tests.yml
new file mode 100644
index 00000000..d4749ae5
--- /dev/null
+++ b/.github/workflows/qa-tests.yml
@@ -0,0 +1,52 @@
+name: 🧪 QA Tests
+permissions:
+  contents: read
+on:
+  push: {}
+  workflow_call: {}
+
+jobs:
+  qa-tests:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout firewall-python
+        uses: actions/checkout@v5
+        with:
+          path: firewall-python
+
+      - name: Checkout zen-demo-python
+        uses: actions/checkout@v5
+        with:
+          repository: Aikido-demo-apps/zen-demo-python
+          path: zen-demo-python
+          ref: qa-test
+          submodules: true
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+
+      - name: Install poetry
+        run: pip install poetry
+
+      - name: Build firewall-python dev package
+        run: |
+          cd firewall-python
+          make build
+
+          # Move the built wheel to zen-demo-python directory
+          # poetry build creates both .tar.gz and .whl, we only need the wheel
+          mv dist/*.whl ../zen-demo-python/
+
+      - name: Replace Dockerfile with QA version
+        run: |
+          cp firewall-python/.github/workflows/Dockerfile.qa zen-demo-python/Dockerfile
+
+      - name: Run Firewall QA Tests
+        uses: AikidoSec/firewall-tester-action@releases/v1
+        with:
+          dockerfile_path: ./zen-demo-python/Dockerfile
+          app_port: 8080
+          sleep_before_test: 10