always-further · SequeI · Jun 23, 2026 · Jun 23, 2026
diff --git a/.github/workflows/attest-release.yml b/.github/workflows/attest-release.yml
@@ -13,7 +13,7 @@ permissions:
 
 jobs:
   attest:
-    if: github.repository == 'always-further/nono'
+    if: github.repository == 'nolabs-ai/nono'
     name: Attest Release Artifacts
     runs-on: ubuntu-latest
     permissions:

diff --git a/.github/workflows/aur-publish.yml b/.github/workflows/aur-publish.yml
@@ -25,7 +25,7 @@ jobs:
     name: Resolve publish parameters
     runs-on: ubuntu-latest
     if: >-
-      github.repository == 'always-further/nono' &&
+      github.repository == 'nolabs-ai/nono' &&
       ((github.event_name == 'workflow_dispatch') ||
       (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success'))
     outputs:

diff --git a/.github/workflows/docs-dispatch.yml b/.github/workflows/docs-dispatch.yml
@@ -11,13 +11,13 @@ permissions:
 
 jobs:
   dispatch:
-    if: github.repository == 'always-further/nono'
+    if: github.repository == 'nolabs-ai/nono'
     runs-on: ubuntu-latest
     steps:
       - name: Trigger docs repo rebuild
         uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1
         with:
           token: ${{ secrets.DOCS_PAT }}
-          repository: always-further/nono-docs
+          repository: nolabs-ai/nono-docs
           event-type: docs-update
           client-payload: '{"repo": "${{ github.repository }}", "sha": "${{ github.sha }}"}'
diff --git a/.github/workflows/homebrew-bump.yml b/.github/workflows/homebrew-bump.yml
@@ -23,6 +23,6 @@ jobs:
         with:
           formula-name: nono
           tag-name: ${{ github.event.inputs.tag }}
-          download-url: "https://github.com/always-further/nono/archive/refs/tags/${{ github.event.inputs.tag }}.tar.gz"
+          download-url: "https://github.com/nolabs-ai/nono/archive/refs/tags/${{ github.event.inputs.tag }}.tar.gz"
         env:
           COMMITTER_TOKEN: ${{ secrets.HOMEBREW_CORE_TOKEN }}
diff --git a/.github/workflows/image-build.yml b/.github/workflows/image-build.yml
@@ -33,7 +33,7 @@ jobs:
     name: Resolve build parameters
     runs-on: ubuntu-latest
     if: >-
-      github.repository == 'always-further/nono' &&
+      github.repository == 'nolabs-ai/nono' &&
       ((github.event_name == 'workflow_dispatch') ||
       (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success'))
     outputs:
@@ -175,11 +175,11 @@ jobs:
             STABLE=false
           fi
 
-          TAGS="ghcr.io/always-further/nono:${VERSION}"
+          TAGS="ghcr.io/nolabs-ai/nono:${VERSION}"
           if [ "$BUILD_PUSH" = "true" ] && [ "$STABLE" = "true" ] && [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
             MAJOR_MINOR="${VERSION%.*}"
-            TAGS="${TAGS},ghcr.io/always-further/nono:${MAJOR_MINOR}"
-            TAGS="${TAGS},ghcr.io/always-further/nono:latest"
+            TAGS="${TAGS},ghcr.io/nolabs-ai/nono:${MAJOR_MINOR}"
+            TAGS="${TAGS},ghcr.io/nolabs-ai/nono:latest"
           fi
 
           echo "version=$VERSION" >> "$GITHUB_OUTPUT"
@@ -210,7 +210,7 @@ jobs:
           push: ${{ needs.resolve.outputs.push == 'true' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: |
-            org.opencontainers.image.source=https://github.com/always-further/nono
+            org.opencontainers.image.source=https://github.com/nolabs-ai/nono
             org.opencontainers.image.version=${{ steps.meta.outputs.version }}
             org.opencontainers.image.description=Capability-based sandboxing for untrusted AI agents
 
@@ -224,4 +224,4 @@ jobs:
           IMAGE_DIGEST: ${{ steps.push.outputs.digest }}
         run: |
           cosign sign --yes \
-            "ghcr.io/always-further/nono@${IMAGE_DIGEST}"
+            "ghcr.io/nolabs-ai/nono@${IMAGE_DIGEST}"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -20,7 +20,7 @@ env:
 
 jobs:
   build:
-    if: github.repository == 'always-further/nono'
+    if: github.repository == 'nolabs-ai/nono'
     name: Build ${{ matrix.target }}
     runs-on: ${{ matrix.os }}
     strategy:
@@ -274,7 +274,7 @@ jobs:
         with:
           formula-name: nono
           tag-name: ${{ env.RELEASE_TAG }}
-          download-url: "https://github.com/always-further/nono/archive/refs/tags/${{ env.RELEASE_TAG }}.tar.gz"
+          download-url: "https://github.com/nolabs-ai/nono/archive/refs/tags/${{ env.RELEASE_TAG }}.tar.gz"
         env:
           COMMITTER_TOKEN: ${{ secrets.HOMEBREW_CORE_TOKEN }}
 
@@ -287,10 +287,10 @@ jobs:
       fail-fast: false
       matrix:
         repo:
-          - always-further/nono-py
-          - always-further/nono-ts
-          - always-further/nono-go
-          - always-further/nono-docs
+          - nolabs-ai/nono-py
+          - nolabs-ai/nono-ts
+          - nolabs-ai/nono-go
+          - nolabs-ai/nono-docs
     steps:
       - name: Dispatch to ${{ matrix.repo }}
         uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1

diff --git a/.github/workflows/sign-instruction-files.yml b/.github/workflows/sign-instruction-files.yml
@@ -26,9 +26,9 @@ permissions:
 
 jobs:
   sign:
-    if: github.repository == 'always-further/nono'
+    if: github.repository == 'nolabs-ai/nono'
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-      - uses: always-further/agent-sign@c9426f1a00f823dd53e7b9068d910a68b43e49e9 # v0.0.11
+      - uses: nolabs-ai/agent-sign@c9426f1a00f823dd53e7b9068d910a68b43e49e9 # v0.0.11
diff --git a/Cargo.toml b/Cargo.toml
@@ -12,8 +12,8 @@ edition = "2024"
 rust-version = "1.95"
 authors = ["Luke Hinds"]
 license = "Apache-2.0"
-repository = "https://github.com/always-further/nono"
-homepage = "https://github.com/always-further/nono"
+repository = "https://github.com/nolabs-ai/nono"
+homepage = "https://github.com/nolabs-ai/nono"
 
 [workspace.dependencies]
 # Error handling

diff --git a/README.md b/README.md
@@ -10,15 +10,15 @@
 </p>
 <p>
   <a href="https://opensource.org/licenses/Apache-2.0"><img src="https://img.shields.io/badge/License-Apache%202.0-blue.svg" alt="License"/></a>
-  <a href="https://github.com/always-further/nono/actions/workflows/ci.yml"><img src="https://github.com/always-further/nono/actions/workflows/ci.yml/badge.svg" alt="CI Status"/></a>
+  <a href="https://github.com/nolabs-ai/nono/actions/workflows/ci.yml"><img src="https://github.com/nolabs-ai/nono/actions/workflows/ci.yml/badge.svg" alt="CI Status"/></a>
   <a href="https://www.bestpractices.dev/projects/13332"><img src="https://www.bestpractices.dev/projects/13332/badge" alt="OpenSSF Best Practices"/></a>
   <a href="https://docs.nono.sh"><img src="https://img.shields.io/badge/Docs-docs.nono.sh-green.svg" alt="Documentation"/></a>
 </p>
 <p>
   <a href="https://discord.gg/pPcjYzGvbS">
     <img src="https://img.shields.io/badge/Chat-Join%20Discord-7289da?style=for-the-badge&logo=discord&logoColor=white" alt="Join Discord"/>
   </a>
-   <a href="https://alwaysfurther.ai/careers">
+   <a href="https://nolabs.ai/careers">
       <img src="https://img.shields.io/badge/We're_Hiring-Join_the_team-ff4f00?style=for-the-badge&logo=githubsponsors&logoColor=white" alt="We're hiring"/>
   </a>
   <a href="https://github.com/marketplace/actions/agent-sign">
@@ -91,15 +91,15 @@ Head over to the [docs](https://nono.sh/docs) and discover nono's rich composabl
 
 nono provides FFI bindings for Rust, Python, TypeScript, and Go.
 
-Also available as [Python](https://github.com/always-further/nono-py), [TypeScript](https://github.com/always-further/nono-ts), and [Go](https://github.com/always-further/nono-go) bindings.
+Also available as [Python](https://github.com/nolabs-ai/nono-py), [TypeScript](https://github.com/nolabs-ai/nono-ts), and [Go](https://github.com/nolabs-ai/nono-go) bindings.
 
 ## Contributing
 
 We encourage using AI tools to contribute. However, you must understand and carefully review any AI-generated code before submitting. Security is paramount. If you don't understand how a change works, ask in [Discord](https://discord.gg/pPcjYzGvbS) first.
 
 ## Security
 
-If you discover a security vulnerability, please **do not open a public issue**. Follow the process in our [Security Policy](https://github.com/always-further/nono/security).
+If you discover a security vulnerability, please **do not open a public issue**. Follow the process in our [Security Policy](https://github.com/nolabs-ai/nono/security).
 
 ## License
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -18,7 +18,7 @@ We strongly encourage responsible disclosure and collaboration while the project
 
 Instead, report vulnerabilities **privately** via GitHub Security Advisories:
 
-👉 https://github.com/always-further/nono/security/advisories/new
+👉 https://github.com/nolabs-ai/nono/security/advisories/new
 
 This ensures:
 

diff --git a/cliff.toml b/cliff.toml
@@ -4,7 +4,7 @@ header = """
 """
 body = """
 {%- macro remote_url() -%}
-  https://github.com/always-further/nono
+  https://github.com/nolabs-ai/nono
 {%- endmacro -%}
 
 {% if version -%}
@@ -47,5 +47,5 @@ commit_parsers = [
 ]
 
 [remote.github]
-owner = "always-further"
+owner = "nolabs-ai"
 repo = "nono"
diff --git a/crates/nono-cli/README.md b/crates/nono-cli/README.md
@@ -19,7 +19,7 @@ cargo install nono-cli
 ### From Source
 
 ```bash
-git clone https://github.com/always-further/nono
+git clone https://github.com/nolabs-ai/nono
 cd nono
 cargo build --release
 ```

diff --git a/crates/nono-cli/data/profile-authoring-guide.md b/crates/nono-cli/data/profile-authoring-guide.md
@@ -198,9 +198,9 @@ If a command uses a proxy credential, both layers must allow the operation. For
                   "endpoint_policy": {
                     "default": "deny",
                     "allow": [
-                      { "method": "GET", "path": "/repos/always-further/nono/issues" },
-                      { "method": "GET", "path": "/repos/always-further/nono/issues/*" },
-                      { "method": "POST", "path": "/repos/always-further/nono/issues/*/comments" }
+                      { "method": "GET", "path": "/repos/nolabs-ai/nono/issues" },
+                      { "method": "GET", "path": "/repos/nolabs-ai/nono/issues/*" },
+                      { "method": "POST", "path": "/repos/nolabs-ai/nono/issues/*/comments" }
                     ],
                     "deny": [
                       {
@@ -233,7 +233,7 @@ If a command uses a proxy credential, both layers must allow the operation. For
 }
 ```
 
-Endpoint policy uses the same decision order as invocation policy: `deny`, then `approve`, then `allow`, then `default`. A broad `deny` such as `{"method": "POST", "path": "/repos/always-further/nono/issues/**"}` will still win over a later `allow` for issue comments. Remove or narrow the deny when the mutation is intentionally allowed.
+Endpoint policy uses the same decision order as invocation policy: `deny`, then `approve`, then `allow`, then `default`. A broad `deny` such as `{"method": "POST", "path": "/repos/nolabs-ai/nono/issues/**"}` will still win over a later `allow` for issue comments. Remove or narrow the deny when the mutation is intentionally allowed.
 
 ### security
 
@@ -399,7 +399,7 @@ Capture commands run with `NONO_SESSION_ID`, `NONO_REQUEST_HOST`, `NONO_REQUEST_
   "credential_name": "github",
   "route_id": "github",
   "request_host": "api.github.com",
-  "request_path": "/repos/always-further/nono/issues/787",
+  "request_path": "/repos/nolabs-ai/nono/issues/787",
   "request_method": "GET",
   "cache_scope": "always-further"
 }
@@ -874,7 +874,7 @@ Supported predicate forms include `linux`, `macos`, `linux:fedora`, `linux:rhel-
 
 ## 9. Migration from previous schema
 
-Issue [#594](https://github.com/always-further/nono/issues/594) restructured the profile JSON schema. The old `policy.*` namespace has been dissolved into `filesystem`, `groups`, and `commands`; `security.groups` and `security.allowed_commands` have moved to top-level `groups.include` and `commands.allow`.
+Issue [#594](https://github.com/nolabs-ai/nono/issues/594) restructured the profile JSON schema. The old `policy.*` namespace has been dissolved into `filesystem`, `groups`, and `commands`; `security.groups` and `security.allowed_commands` have moved to top-level `groups.include` and `commands.allow`.
 
 Legacy keys still deserialize — profiles using the old names continue to load and emit a single deprecation warning — but they are scheduled for removal in **v1.0.0**. New profiles and edits should use the canonical keys below.
 

diff --git a/crates/nono-cli/src/command_policy.rs b/crates/nono-cli/src/command_policy.rs
@@ -3811,7 +3811,7 @@ mod tests {
                                 endpoint_policy: Some(EndpointPolicyConfig {
                                     allow: vec![EndpointRuleConfig {
                                         method: "GET".to_string(),
-                                        path: "/repos/always-further/nono/issues".to_string(),
+                                        path: "/repos/nolabs-ai/nono/issues".to_string(),
                                         backend: None,
                                         reason: None,
                                         timeout_secs: Some(0),

diff --git a/crates/nono-cli/src/migration.rs b/crates/nono-cli/src/migration.rs
@@ -29,7 +29,7 @@ const ENV_NO_MIGRATE: &str = "NONO_NO_MIGRATE";
 /// Surfaced in both the install confirmation and the decline-path hint
 /// so users have a way to investigate before they say yes (or come
 /// back to after they say no).
-const LEARN_MORE_URL: &str = "https://github.com/always-further/nono/discussions/780";
+const LEARN_MORE_URL: &str = "https://github.com/nolabs-ai/nono/discussions/780";
 
 /// Profile names this CLI knows about as official, vetted packs.
 /// Fast-path for the common case so users don't pay a network round

diff --git a/crates/nono-cli/src/profile/mod.rs b/crates/nono-cli/src/profile/mod.rs
@@ -7349,7 +7349,7 @@ mod tests {
                                                 "allow": [
                                                     {
                                                         "method": "GET",
-                                                        "path": "/repos/always-further/nono/issues"
+                                                        "path": "/repos/nolabs-ai/nono/issues"
                                                     }
                                                 ]
                                             }

diff --git a/crates/nono-cli/src/proxy_runtime.rs b/crates/nono-cli/src/proxy_runtime.rs
@@ -2932,7 +2932,7 @@ mod tests {
             credential_name: "github".to_string(),
             route_id: "github".to_string(),
             request_host: "api.github.com".to_string(),
-            request_path: "/repos/always-further/nono/issues/787".to_string(),
+            request_path: "/repos/nolabs-ai/nono/issues/787".to_string(),
             request_method: "GET".to_string(),
             session_id: String::new(),
             cache_scope: String::new(),
@@ -2986,7 +2986,7 @@ mod tests {
                     credential_name: "github".to_string(),
                     route_id: "github".to_string(),
                     request_host: "api.github.com".to_string(),
-                    request_path: "/repos/always-further/nono/issues/787".to_string(),
+                    request_path: "/repos/nolabs-ai/nono/issues/787".to_string(),
                     request_method: "GET".to_string(),
                     session_id: String::new(),
                     cache_scope: String::new(),

diff --git a/crates/nono-cli/src/setup.rs b/crates/nono-cli/src/setup.rs
@@ -181,7 +181,7 @@ impl SetupRunner {
                   1. Check your kernel config: CONFIG_SECURITY_LANDLOCK=y\n\
                   2. Add to boot params: lsm=landlock,lockdown,yama,integrity,apparmor\n\
                   3. Reboot your system\n\n\
-                See: https://github.com/always-further/nono/docs/troubleshooting.md#landlock-not-supported",
+                See: https://github.com/nolabs-ai/nono/docs/troubleshooting.md#landlock-not-supported",
                 e
             )))?;
 
@@ -411,7 +411,7 @@ impl SetupRunner {
                 println!();
             }
 
-            println!("Documentation: https://github.com/always-further/nono#readme");
+            println!("Documentation: https://github.com/nolabs-ai/nono#readme");
             println!();
             println!("Run 'nono run --help' to see all options.");
         }

diff --git a/crates/nono-cli/src/test_env.rs b/crates/nono-cli/src/test_env.rs
@@ -4,7 +4,7 @@
 /// `env::set_var` / `env::remove_var` calls race against each other.
 /// All env-mutating tests must acquire this lock before touching env vars.
 ///
-/// See <https://github.com/always-further/nono/issues/567> for the plan to
+/// See <https://github.com/nolabs-ai/nono/issues/567> for the plan to
 /// eliminate env var mutation from tests entirely.
 #[allow(dead_code)]
 pub static ENV_LOCK: std::sync::Mutex<()> = std::sync::Mutex::new(());

diff --git a/crates/nono-cli/src/update_check.rs b/crates/nono-cli/src/update_check.rs
@@ -603,7 +603,7 @@ mod tests {
             "latest_version": "0.7.0",
             "update_available": true,
             "message": null,
-            "release_url": "https://github.com/always-further/nono/releases/tag/v0.7.0"
+            "release_url": "https://github.com/nolabs-ai/nono/releases/tag/v0.7.0"
         }"#;
 
         let info: UpdateInfo = serde_json::from_str(json).expect("deserialize");

diff --git a/crates/nono-proxy/src/route.rs b/crates/nono-proxy/src/route.rs
@@ -1177,18 +1177,14 @@ mod tests {
             select(&candidates, "GET", "/org-b/repo.git/info/refs"),
             Selection::Route("github_https_org_b")
         );
-        // Public repo (e.g. always-further/nono) → passthrough, no cred
+        // Public repo (e.g. nolabs-ai/nono) → passthrough, no cred
         assert_eq!(
-            select(&candidates, "GET", "/always-further/nono.git/info/refs"),
+            select(&candidates, "GET", "/nolabs-ai/nono.git/info/refs"),
             Selection::Passthrough
         );
         // POST to public repo → also passthrough
         assert_eq!(
-            select(
-                &candidates,
-                "POST",
-                "/always-further/nono.git/git-upload-pack"
-            ),
+            select(&candidates, "POST", "/nolabs-ai/nono.git/git-upload-pack"),
             Selection::Passthrough
         );
 
@@ -1209,7 +1205,7 @@ mod tests {
         );
         // Public repo matches only the /** catch-all → 1 match, ok
         assert_eq!(
-            select(&candidates2, "GET", "/always-further/nono.git/info/refs"),
+            select(&candidates2, "GET", "/nolabs-ai/nono.git/info/refs"),
             Selection::Route("github_https_all")
         );
     }

diff --git a/docs/docs.json b/docs/docs.json
@@ -17,7 +17,7 @@
   },
   "navbar": {
     "links": [
-      { "label": "GitHub", "href": "https://github.com/always-further/nono" }
+      { "label": "GitHub", "href": "https://github.com/nolabs-ai/nono" }
     ],
     "primary": {
       "type": "button",
@@ -130,7 +130,7 @@
   },
   "footer": {
     "socials": {
-      "github": "https://github.com/always-further/nono",
+      "github": "https://github.com/nolabs-ai/nono",
       "discord": "https://discord.gg/pPcjYzGvbS"
     }
   }

diff --git a/docs/plans/2026-04-24-issue-594-phase-2-schema-design.md b/docs/plans/2026-04-24-issue-594-phase-2-schema-design.md
@@ -1,7 +1,7 @@
 # Issue #594 — Phase 2: Profile JSON Schema Restructuring
 
 **Status:** Design complete, ready for implementation planning.
-**Upstream issue:** https://github.com/always-further/nono/issues/594
+**Upstream issue:** https://github.com/nolabs-ai/nono/issues/594
 **Scope:** Phase 2 of the two-phase split. Phase 1 (CLI namespace consolidation) shipped in 5ff9bc3.
 
 ## Problem
@@ -374,7 +374,7 @@ profile JSON schema (#594)` with a body listing the nine key moves and
    (two-layer parsing, legacy capture structs), and `remove_by=v1.0.0`.
    Issue #594 serves as the deprecation tracking issue for the whole phase —
    no separate issue.
-2. Mirror in upstream `always-further/nono` if not already present.
+2. Mirror in upstream `nolabs-ai/nono` if not already present.
 
 ### Verification gates (all must pass before merge)