diff --git a/bin/disinto b/bin/disinto
index 3fb4060..8ca9ed2 100755
--- a/bin/disinto
+++ b/bin/disinto
@@ -303,10 +303,10 @@ services:
     environment:
       - DISINTO_VERSION=${DISINTO_VERSION:-main}
       - FORGE_URL=http://forgejo:3000
-      - FORGE_REPO=johba/disinto
-      - FORGE_OPS_REPO=johba/disinto-ops
+      - FORGE_REPO=${FORGE_REPO:-disinto-admin/disinto}
+      - FORGE_OPS_REPO=${FORGE_OPS_REPO:-disinto-admin/disinto-ops}
       - FORGE_TOKEN=${FORGE_TOKEN:-}
-      - FORGE_ADMIN_USERS=${FORGE_ADMIN_USERS:-disinto-admin,johba}
+      - FORGE_ADMIN_USERS=${FORGE_ADMIN_USERS:-disinto-admin}
       - FORGE_ADMIN_TOKEN=${FORGE_ADMIN_TOKEN:-}
       - OPS_REPO_ROOT=/opt/disinto-ops
       - PROJECT_REPO_ROOT=/opt/disinto
@@ -711,10 +711,10 @@ setup_forge() {
   # Preserve password for Woodpecker OAuth2 token generation (#779)
   _FORGE_ADMIN_PASS="$admin_pass"
 
-  # Create human user (johba) as site admin if it doesn't exist
-  local human_user="johba"
+  # Create human user (disinto-admin) as site admin if it doesn't exist
+  local human_user="disinto-admin"
   local human_pass
-  human_pass="human-$(head -c 16 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 20)"
+  human_pass="admin-$(head -c 16 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 20)"
 
   if ! curl -sf --max-time 5 "${forge_url}/api/v1/users/${human_user}" >/dev/null 2>&1; then
     echo "Creating human user: ${human_user}"
@@ -723,7 +723,7 @@ setup_forge() {
       --admin \
       --username "${human_user}" \
       --password "${human_pass}" \
-      --email "johba@disinto.local" \
+      --email "admin@disinto.local" \
       --must-change-password=false 2>&1); then
       echo "Error: failed to create human user '${human_user}':" >&2
       echo "  ${create_output}" >&2
@@ -1007,11 +1007,12 @@ setup_ops_repo() {
       -H "Content-Type: application/json" \
       "${forge_url}/api/v1/orgs/${org_name}/repos" \
       -d "{\"name\":\"${ops_name}\",\"auto_init\":true,\"default_branch\":\"${primary_branch}\",\"description\":\"Operational data for ${org_name}/${ops_name%-ops}\"}" >/dev/null 2>&1; then
-      # Fallback: create under the human user namespace
+      # Fallback: create under the repo owner namespace (FORGE_REPO owner)
+      local repo_owner="${FORGE_REPO%%/*}"
       curl -sf -X POST \
         -H "Authorization: token ${admin_token:-${FORGE_TOKEN}}" \
         -H "Content-Type: application/json" \
-        "${forge_url}/api/v1/users/johba/repos" \
+        "${forge_url}/api/v1/users/${repo_owner}/repos" \
         -d "{\"name\":\"${ops_name}\",\"auto_init\":true,\"default_branch\":\"${primary_branch}\",\"description\":\"Operational data\"}" >/dev/null 2>&1 || true
     fi
 
@@ -1985,7 +1986,7 @@ p.write_text(text)
 
   # Set up vault branch protection on ops repo (#77)
   # This ensures admin-only merge to main, blocking bots from merging vault PRs
-  # Use HUMAN_TOKEN (johba) or FORGE_TOKEN (dev-bot) for admin operations
+  # Use HUMAN_TOKEN (disinto-admin) or FORGE_TOKEN (dev-bot) for admin operations
   export FORGE_OPS_REPO="$ops_slug"
   # Source env.sh to ensure FORGE_TOKEN is available
   source "${FACTORY_ROOT}/lib/env.sh"
diff --git a/docker-compose.yml b/docker-compose.yml
index ee99c39..33c121e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -35,7 +35,7 @@ services:
       - FORGE_TOKEN=${FORGE_TOKEN:-}
       - FORGE_URL=http://forgejo:3000
       - PROJECT_TOML=projects/disinto.toml
-      - FORGE_REPO=johba/disinto
+      - FORGE_REPO=${FORGE_REPO:-disinto-admin/disinto}
     depends_on:
       - forgejo
 
diff --git a/docker/agents/entrypoint-llama.sh b/docker/agents/entrypoint-llama.sh
index df86816..8ebf19e 100755
--- a/docker/agents/entrypoint-llama.sh
+++ b/docker/agents/entrypoint-llama.sh
@@ -24,7 +24,7 @@ if [ ! -d "${PROJECT_REPO_ROOT}/.git" ]; then
   log "Cloning repo..."
   mkdir -p "$(dirname "$PROJECT_REPO_ROOT")"
   chown -R agent:agent /home/agent/repos 2>/dev/null || true
-  su -s /bin/bash agent -c "git clone http://dev-bot:${FORGE_TOKEN}@forgejo:3000/${FORGE_REPO:-johba/disinto}.git ${PROJECT_REPO_ROOT}"
+  su -s /bin/bash agent -c "git clone http://dev-bot:${FORGE_TOKEN}@forgejo:3000/${FORGE_REPO:-disinto-admin/disinto}.git ${PROJECT_REPO_ROOT}"
   log "Repo cloned"
 fi
 
diff --git a/docker/edge/entrypoint-edge.sh b/docker/edge/entrypoint-edge.sh
index 506d569..6f96bc5 100755
--- a/docker/edge/entrypoint-edge.sh
+++ b/docker/edge/entrypoint-edge.sh
@@ -5,7 +5,7 @@ set -euo pipefail
 export USER="${USER:-root}"
 
 DISINTO_VERSION="${DISINTO_VERSION:-main}"
-DISINTO_REPO="${FORGE_URL:-http://forgejo:3000}/johba/disinto.git"
+DISINTO_REPO="${FORGE_URL:-http://forgejo:3000}/${FORGE_REPO:-disinto-admin/disinto}.git"
 
 # Shallow clone at the pinned version
 if [ ! -d /opt/disinto/.git ]; then
diff --git a/formulas/release.toml b/formulas/release.toml
index 62add13..f702f42 100644
--- a/formulas/release.toml
+++ b/formulas/release.toml
@@ -58,7 +58,7 @@ Validate release prerequisites before proceeding.
 
 7. Check if tag already exists on Forgejo:
    - curl -sf -H "Authorization: token $FORGE_TOKEN" \
-   -   "$FORGE_URL/api/v1/repos/johba/disinto/git/tags/$RELEASE_VERSION"
+   -   "$FORGE_URL/api/v1/repos/$FORGE_REPO/git/tags/$RELEASE_VERSION"
    - If exists, exit with error
 
 8. Export RELEASE_VERSION for subsequent steps:
@@ -77,14 +77,14 @@ Create the release tag on Forgejo main via the Forgejo API.
 
 1. Get current HEAD SHA of main:
    - curl -sf -H "Authorization: token $FORGE_TOKEN" \
-   -   "$FORGE_URL/api/v1/repos/johba/disinto/branches/$PRIMARY_BRANCH"
+   -   "$FORGE_URL/api/v1/repos/$FORGE_REPO/branches/$PRIMARY_BRANCH"
    - Parse sha field from response
 
 2. Create tag via Forgejo API:
    - curl -sf -X POST \
    -   -H "Authorization: token $FORGE_TOKEN" \
    -   -H "Content-Type: application/json" \
-   -   "$FORGE_URL/api/v1/repos/johba/disinto/tags" \
+   -   "$FORGE_URL/api/v1/repos/$FORGE_REPO/tags" \
    -   -d "{\"tag\":\"$RELEASE_VERSION\",\"target\":\"$HEAD_SHA\",\"message\":\"Release $RELEASE_VERSION\"}"
    - Parse response for success
 
@@ -106,8 +106,8 @@ description = """
 Push the newly created tag to all configured mirrors.
 
 1. Add mirror remotes if not already present:
-   - Codeberg: git remote add codeberg git@codeberg.org:johba/disinto.git
-   - GitHub: git remote add github git@github.com:disinto/disinto.git
+   - Codeberg: git remote add codeberg git@codeberg.org:${FORGE_REPO_OWNER}/${PROJECT_NAME}.git
+   - GitHub: git remote add github git@github.com:disinto/${PROJECT_NAME}.git
    - Check with: git remote -v
 
 2. Push tag to Codeberg:
@@ -120,9 +120,9 @@ Push the newly created tag to all configured mirrors.
 
 4. Verify tags exist on mirrors:
    - curl -sf -H "Authorization: token $GITHUB_TOKEN" \
-   -   "https://api.github.com/repos/disinto/disinto/tags/$RELEASE_VERSION"
+   -   "https://api.github.com/repos/disinto/${PROJECT_NAME}/tags/$RELEASE_VERSION"
    - curl -sf -H "Authorization: token $FORGE_TOKEN" \
-   -   "$FORGE_URL/api/v1/repos/johba/disinto/git/tags/$RELEASE_VERSION"
+   -   "$FORGE_URL/api/v1/repos/$FORGE_REPO/git/tags/$RELEASE_VERSION"
 
 5. Log success:
    - echo "Tag $RELEASE_VERSION pushed to mirrors"
@@ -227,7 +227,7 @@ Write the release result to a file for tracking.
    - {
    -   "version": "$RELEASE_VERSION",
    -   "image_id": "$IMAGE_ID",
-   -   "forgejo_tag_url": "$FORGE_URL/johba/disinto/src/$RELEASE_VERSION",
+   -   "forgejo_tag_url": "$FORGE_URL/$FORGE_REPO/src/$RELEASE_VERSION",
    -   "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
    -   "status": "success"
    - }
diff --git a/lib/branch-protection.sh b/lib/branch-protection.sh
index 81a2be1..b0ed481 100644
--- a/lib/branch-protection.sh
+++ b/lib/branch-protection.sh
@@ -379,7 +379,7 @@ remove_branch_protection() {
 # - Allow review-bot to approve PRs
 #
 # Args:
-#   $1 - Repo path in format 'owner/repo' (e.g., 'johba/disinto')
+#   $1 - Repo path in format 'owner/repo' (e.g., 'disinto-admin/disinto')
 #   $2 - Branch to protect (default: main)
 #
 # Returns: 0 on success, 1 on failure
@@ -536,7 +536,7 @@ if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
       echo "Required environment variables:"
       echo "  FORGE_TOKEN     Forgejo API token (admin user recommended)"
       echo "  FORGE_URL       Forgejo instance URL (e.g., https://codeberg.org)"
-      echo "  FORGE_OPS_REPO  Ops repo in format owner/repo (e.g., johba/disinto-ops)"
+      echo "  FORGE_OPS_REPO  Ops repo in format owner/repo (e.g., disinto-admin/disinto-ops)"
       exit 0
       ;;
   esac
diff --git a/lib/load-project.sh b/lib/load-project.sh
index dcddc94..95d3480 100755
--- a/lib/load-project.sh
+++ b/lib/load-project.sh
@@ -83,7 +83,7 @@ if mirrors:
 # Export parsed variables.
 # Inside the agents container (DISINTO_CONTAINER=1), compose already sets the
 # correct FORGE_URL (http://forgejo:3000) and path vars for the container
-# environment.  The TOML carries host-perspective values (localhost, /home/johba/…)
+# environment.  The TOML carries host-perspective values (localhost, /home/admin/…)
 # that would break container API calls and path resolution.  Skip overriding
 # any env var that is already set when running inside the container.
 while IFS='=' read -r _key _val; do
@@ -100,6 +100,8 @@ export FORGE_URL="${FORGE_URL:-http://localhost:3000}"
 if [ -n "$FORGE_REPO" ]; then
   export FORGE_API="${FORGE_URL}/api/v1/repos/${FORGE_REPO}"
   export FORGE_WEB="${FORGE_URL}/${FORGE_REPO}"
+  # Extract repo owner (first path segment of owner/repo)
+  export FORGE_REPO_OWNER="${FORGE_REPO%%/*}"
 fi
 # Backwards-compat aliases
 export CODEBERG_REPO="${FORGE_REPO}"