diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4645c90..b5301e9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -381,22 +381,46 @@ jobs:
           # ones. Verify via direct psql.
           echo "--- hosts resolving to 'e2epg' ---"
           getent hosts e2epg || true
+          # Split-brain fix: 'e2epg' resolves to MULTIPLE IPs on the shared
+          # gitea_gitea network (leftover service containers from concurrent
+          # or crashed runs). Prisma picks one IP; psql picks another; push
+          # reports success but verification sees an empty database. Probe
+          # every resolved IP and lock onto the one that accepts our creds,
+          # then force DATABASE_URL/PLAYWRIGHT_DATABASE_URL to that explicit
+          # IP for the rest of the job so every subsequent step hits the
+          # same postgres instance.
+          IPS=$(getent hosts e2epg | awk '{print $1}')
+          PG_IP=""
+          for ip in $IPS; do
+            if PGPASSWORD=capakraken_test psql -h "$ip" -U capakraken -d capakraken_test -v ON_ERROR_STOP=1 -Atc "SELECT 1" >/dev/null 2>&1; then
+              PG_IP="$ip"
+              echo "Locked onto postgres at $PG_IP"
+              break
+            else
+              echo "Rejected $ip (auth or DB mismatch)"
+            fi
+          done
+          if [ -z "$PG_IP" ]; then
+            echo "ERROR: no resolved e2epg IP accepted capakraken_test credentials"
+            exit 1
+          fi
+          PINNED_URL="postgresql://capakraken:capakraken_test@$PG_IP:5432/capakraken_test"
+          echo "DATABASE_URL=$PINNED_URL" >> "$GITHUB_ENV"
+          echo "PLAYWRIGHT_DATABASE_URL=$PINNED_URL" >> "$GITHUB_ENV"
           echo "--- DROP SCHEMA ---"
-          psql -h e2epg -U capakraken -d capakraken_test -v ON_ERROR_STOP=1 \
+          psql -h "$PG_IP" -U capakraken -d capakraken_test -v ON_ERROR_STOP=1 \
             -c "DROP SCHEMA IF EXISTS public CASCADE; CREATE SCHEMA public; GRANT ALL ON SCHEMA public TO capakraken; GRANT ALL ON SCHEMA public TO public;"
           echo "--- prisma db push ---"
-          pnpm --filter @capakraken/db exec prisma db push --schema ./prisma/schema.prisma --accept-data-loss --skip-generate
+          DATABASE_URL="$PINNED_URL" pnpm --filter @capakraken/db exec prisma db push --schema ./prisma/schema.prisma --accept-data-loss --skip-generate
           echo "--- tables in public after push ---"
-          # `\dt public.*` was interpreted literally by this psql build (returned
-          # "Did not find any relation named public.*"). Query pg_tables directly.
-          psql -h e2epg -U capakraken -d capakraken_test -v ON_ERROR_STOP=1 -At \
+          psql -h "$PG_IP" -U capakraken -d capakraken_test -v ON_ERROR_STOP=1 -At \
             -c "SELECT tablename FROM pg_tables WHERE schemaname='public' ORDER BY tablename" \
             | tee /tmp/tables.txt
           if ! grep -qx 'audit_logs' /tmp/tables.txt; then
             echo "ERROR: audit_logs table missing after push!"
             exit 1
           fi
-          pnpm db:seed
+          DATABASE_URL="$PINNED_URL" pnpm db:seed
 
       - name: Run E2E tests
         # Bypass turbo here — it runs in strict env mode and does not pass