diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml
index de40d93..cc47414 100644
--- a/.github/workflows/wheels.yml
+++ b/.github/workflows/wheels.yml
@@ -94,6 +94,11 @@ jobs:
     permissions:
       id-token: write
     steps:
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
       - name: Download wheel artifacts
         uses: actions/download-artifact@v4
         with:
@@ -107,5 +112,39 @@ jobs:
           path: dist
           name: sdist
 
+      - name: Validate distribution archives
+        run: |
+          python -m pip install --upgrade pip twine
+          python - <<'PY'
+          import glob
+          import zipfile
+          import sys
+
+          wheels = sorted(glob.glob("dist/**/*.whl", recursive=True))
+          if not wheels:
+              print("No wheel files found under dist/")
+              sys.exit(1)
+
+          bad = []
+          for whl in wheels:
+              try:
+                  with zipfile.ZipFile(whl) as zf:
+                      zf.testzip()
+              except Exception as exc:
+                  bad.append((whl, repr(exc)))
+
+          if bad:
+              print("Corrupted wheel(s) detected:")
+              for p, e in bad:
+                  print(f"  - {p}: {e}")
+              sys.exit(1)
+
+          print("All wheels passed ZIP integrity check.")
+          PY
+          find dist -type f \( -name "*.whl" -o -name "*.tar.gz" \) -print
+          python -m twine check $(find dist -type f \( -name "*.whl" -o -name "*.tar.gz" \))
+
       - name: Publish package distributions to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          packages-dir: dist