[#1012 ] cli: Fix messages for list commands

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-02-29 14:22:10 +03:00
1083 changed files with 36100 additions and 69796 deletions
--- a/.docker/Dockerfile.adm
+++ b/.docker/Dockerfile.adm
@ -1,4 +1,4 @@
-FROM golang:1.23 AS builder
+FROM golang:1.21 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.docker/Dockerfile.ci
+++ b/.docker/Dockerfile.ci
@ -1,4 +1,4 @@
-FROM golang:1.23
+FROM golang:1.21

 WORKDIR /tmp

--- a/.docker/Dockerfile.cli
+++ b/.docker/Dockerfile.cli
@ -1,4 +1,4 @@
-FROM golang:1.23 AS builder
+FROM golang:1.21 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.docker/Dockerfile.ir
+++ b/.docker/Dockerfile.ir
@ -1,4 +1,4 @@
-FROM golang:1.23 AS builder
+FROM golang:1.21 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.docker/Dockerfile.storage
+++ b/.docker/Dockerfile.storage
@ -1,4 +1,4 @@
-FROM golang:1.23 AS builder
+FROM golang:1.21 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.forgejo/workflows/build.yml
+++ b/.forgejo/workflows/build.yml
@ -1,10 +1,6 @@
 name: Build

-on:
-  pull_request:
-  push:
-    branches:
-      - master
+on: [pull_request]

 jobs:
  build:
@ -12,7 +8,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        go_versions: [ '1.22', '1.23' ]
+        go_versions: [ '1.20', '1.21' ]

    steps:
      - uses: actions/checkout@v3
--- a/.forgejo/workflows/dco.yml
+++ b/.forgejo/workflows/dco.yml
@ -13,7 +13,7 @@ jobs:
      - name: Setup Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.22'
+          go-version: '1.21'

      - name: Run commit format checker
        uses: https://git.frostfs.info/TrueCloudLab/dco-go@v3
--- a/.forgejo/workflows/oci-image.yml
+++ b/.forgejo/workflows/oci-image.yml
@ -1,28 +0,0 @@
-name: OCI image
-
-on:
-  push:
-  workflow_dispatch:
-
-jobs:
-  image:
-    name: Build container images
-    runs-on: docker
-    container: git.frostfs.info/truecloudlab/env:oci-image-builder-bookworm
-    steps:
-      - name: Clone git repo
-        uses: actions/checkout@v3
-
-      - name: Build OCI image
-        run: make images
-
-      - name: Push image to OCI registry
-        run: |
-          echo "$REGISTRY_PASSWORD" \
-            | docker login --username truecloudlab --password-stdin git.frostfs.info
-          make push-images
-        if: >-
-          startsWith(github.ref, 'refs/tags/v') &&
-          (github.event_name == 'workflow_dispatch' || github.event_name == 'push')
-        env:
-          REGISTRY_PASSWORD: ${{secrets.FORGEJO_OCI_REGISTRY_PUSH_TOKEN}}
--- a/.forgejo/workflows/pre-commit.yml
+++ b/.forgejo/workflows/pre-commit.yml
@ -1,30 +0,0 @@
-name: Pre-commit hooks
-
-on:
-  pull_request:
-  push:
-    branches:
-      - master
-
-jobs:
-  precommit:
-    name: Pre-commit
-    env:
-      # Skip pre-commit hooks which are executed by other actions.
-      SKIP: make-lint,go-staticcheck-repo-mod,go-unit-tests,gofumpt
-    runs-on: ubuntu-22.04
-    # If we use actions/setup-python from either Github or Gitea,
-    # the line above fails with a cryptic error about not being able to find python.
-    # So install everything manually.
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: 1.23
-      - name: Set up Python
-        run: |
-          apt update
-          apt install -y pre-commit
-      - name: Run pre-commit
-        run: pre-commit run --color=always --hook-stage manual --all-files
--- a/.forgejo/workflows/tests.yml
+++ b/.forgejo/workflows/tests.yml
@ -1,10 +1,5 @@
 name: Tests and linters
-
-on:
-  pull_request:
-  push:
-    branches:
-      - master
+on: [pull_request]

 jobs:
  lint:
@ -16,7 +11,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.23'
+          go-version: '1.21'
          cache: true

      - name: Install linters
@ -30,7 +25,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        go_versions: [ '1.22', '1.23' ]
+        go_versions: [ '1.20', '1.21' ]
      fail-fast: false
    steps:
      - uses: actions/checkout@v3
@ -53,7 +48,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.22'
+          go-version: '1.21'
          cache: true

      - name: Run tests
@ -68,7 +63,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.23'
+          go-version: '1.21'
          cache: true

      - name: Install staticcheck
@ -76,41 +71,3 @@ jobs:

      - name: Run staticcheck
        run: make staticcheck-run
-
-  gopls:
-    name: gopls check
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: '1.22'
-          cache: true
-
-      - name: Install gopls
-        run: make gopls-install
-
-      - name: Run gopls
-        run: make gopls-run
-
-  fumpt:
-    name: Run gofumpt
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: '1.23'
-          cache: true
-
-      - name: Install gofumpt
-        run: make fumpt-install
-
-      - name: Run gofumpt
-        run: |
-          make fumpt
-          git diff --exit-code --quiet
--- a/.forgejo/workflows/vulncheck.yml
+++ b/.forgejo/workflows/vulncheck.yml
@ -1,10 +1,5 @@
 name: Vulncheck
-
-on:
-  pull_request:
-  push:
-    branches:
-      - master
+on: [pull_request]

 jobs:
  vulncheck:
@ -18,8 +13,7 @@ jobs:
      - name: Setup Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.23'
-          check-latest: true
+          go-version: '1.21'

      - name: Install govulncheck
        run: go install golang.org/x/vuln/cmd/govulncheck@latest
--- a/.forgejo/ISSUE_TEMPLATE/bug_report.md
+++ b/.forgejo/ISSUE_TEMPLATE/bug_report.md
--- a/.forgejo/ISSUE_TEMPLATE/config.yml
+++ b/.forgejo/ISSUE_TEMPLATE/config.yml
--- a/.forgejo/ISSUE_TEMPLATE/feature_request.md
+++ b/.forgejo/ISSUE_TEMPLATE/feature_request.md
--- a/.forgejo/logo.svg
+++ b/.forgejo/logo.svg
--- a/.gitlint
+++ b/.gitlint
@ -0,0 +1,11 @@
+[general]
+fail-without-commits=True
+regex-style-search=True
+contrib=CC1
+
+[title-match-regex]
+regex=^\[\#[0-9Xx]+\]\s
+
+[ignore-by-title]
+regex=^Release(.*)
+ignore=title-match-regex
--- a/.golangci.yml
+++ b/.golangci.yml
@ -12,8 +12,7 @@ run:
 # output configuration options
 output:
  # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
-  formats:
-    - format: tab
+  format: tab

 # all available settings of specific linters
 linters-settings:
@ -22,11 +21,6 @@ linters-settings:
    # 'default' case is present, even if all enum members aren't listed in the
    # switch
    default-signifies-exhaustive: true
-  gci:
-    sections:
-      - standard
-      - default
-    custom-order: true
  govet:
    # report about shadowed variables
    check-shadowing: false
@ -43,10 +37,6 @@ linters-settings:
    alias:
      pkg: git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object
      alias: objectSDK
-  unused:
-    field-writes-are-uses: false
-    exported-fields-are-used: false
-    local-variables-are-used: false
  custom:
    truecloudlab-linters:
      path: bin/linters/external_linters.so
@ -76,8 +66,7 @@ linters:
    - bidichk
    - durationcheck
    - exhaustive
-    - copyloopvar
-    - gci
+    - exportloopref
    - gofmt
    - goimports
    - misspell
@ -93,9 +82,5 @@ linters:
    - perfsprint
    - testifylint
    - protogetter
-    - intrange
-    - tenv
-    - unconvert
-    - unparam
  disable-all: true
  fast: false
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -2,6 +2,13 @@ ci:
  autofix_prs: false

 repos:
+  - repo: https://github.com/jorisroovers/gitlint
+    rev:  v0.19.1
+    hooks:
+      - id: gitlint
+        stages: [commit-msg]
+      - id: gitlint-ci
+
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
@ -16,7 +23,7 @@ repos:
    - id: trailing-whitespace
      args: [--markdown-linebreak-ext=md]
    - id: end-of-file-fixer
-      exclude: "(.key|.svg)$"
+      exclude: ".key$"

  - repo: https://github.com/shellcheck-py/shellcheck-py
    rev: v0.9.0.6
@ -35,7 +42,7 @@ repos:
    hooks:
       - id: go-unit-tests
         name: go unit tests
-         entry: make test GOFLAGS=''
+         entry: make test
         pass_filenames: false
         types: [go]
         language: system
--- a/.woodpecker/pre-commit.yml
+++ b/.woodpecker/pre-commit.yml
@ -0,0 +1,11 @@
+pipeline:
+  # Kludge for non-root containers under WoodPecker
+  fix-ownership:
+    image: alpine:latest
+    commands: chown -R 1234:1234 .
+
+  pre-commit:
+    image: git.frostfs.info/truecloudlab/frostfs-ci:v0.36
+    commands:
+      - export HOME="$(getent passwd $(id -u) | cut '-d:' -f6)"
+      - pre-commit run --hook-stage manual
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,129 +3,6 @@ Changelog for FrostFS Node

 ## [Unreleased]

-### Added
-### Changed
-### Fixed
-### Removed
-### Updated
-
-## [v0.44.0] - 2024-25-11 - Rongbuk
-
-### Added
- Allow to prioritize nodes during GET traversal via attributes (#1439)
- Add metrics for the frostfsid cache (#1464)
- Customize constant attributes attached to every tracing span (#1488)
- Manage additional keys in the `frostfsid` contract (#1505)
- Describe `--rule` flag in detail for `frostfs-cli ape-manager` subcommands (#1519)
-
-### Changed
- Support richer interaction with the console in `frostfs-cli container policy-playground` (#1396)
- Print address in base58 format in `frostfs-adm morph policy set-admin` (#1515)
-
-### Fixed
- Fix EC object search (#1408)
- Fix EC object put when one of the nodes is unavailable (#1427)
-
-### Removed
- Drop most of the eACL-related code (#1425)
- Remove `--basic-acl` flag from `frostfs-cli container create` (#1483)
-
-### Upgrading from v0.43.0
-The metabase schema has changed completely, resync is required.
-
-## [v0.42.0]
-
-### Added
- Add audit logs for gRPC requests (#1184)
- Add CLI command to convert eACL to APE (#1189)
- Add `--await` flag to `control set-status` (#60)
- `app_info` metric for binary version (#1154)
- `--quiet` flag for healthcheck command (#1209)
-
-### Changed
- Deprecate Container.SetEACL RPC (#1219)
-
-### Fixed
- Take groups into account during APE processing (#1190)
- Handle double SIGHUP correctly (#1145)
- Handle empty filenames in tree listing (#1074)
- Handle duplicate tree nodes in the split-brain scenario (#1234, #1251)
- Remove APE pre-check in Object.GET/HEAD/RANGE RPC (#1249)
- Delete EC gc marks and split info (#1257)
- Do not search for non-existent objects on deletion (#1261)
-
-### Updated
- Make putting EC chunks more robust (#1233)
-
-## [v0.41.0]
-
-### Added
- Support mTLS for morph client (#1170)
-
-### Fixed
- Update shard state metric during shard init (#1174)
- Handle ENOSPC in blobovnicza (#1166)
- Handle multiple split-infos for EC objects (#1163)
- Set `Disabled` mode as the default for components (#1168)
-
-## [v0.40.0]
-
-### Added
- Support EC chunk reconstruction in policer (#1129)
- Support LOCK, DELETE and SEARCH methods on EC objects (#1147, 1144)
- apemanager service to manage APE chains (#1105)
-
-### Fixed
- Properly verify GetRangeHash response (#1083)
- Send `MONOTONIC_USEC` in sdnotify on reload (#1135)
-
-### Updated
- neo-go to `v0.106.0`
-
-## [v0.39.0]
-
-### Added
- Preliminary erasure coding support (#1065, #1112, #1103, #1120)
- TTL cache for blobovnicza tree (#1004)
- Cache for frostfsid and policy contracts (#1117)
- Writecache path to metric labels (#966)
- Documentation for authentication mechanisms (#1097, #1104)
- Metrics for metabase resync status (#1029)
-
-### Changed
- Speed up metabase resync (#1024)
-
-### Fixed
- Possible panic in GET_RANGE (#1077)
-
-### Updated
- Minimum required Go version to 1.21
-
-## [v0.38.0]
-
-### Added
- Add `trace_id` to logs in `frostfs-node` (#146)
- Allow to forcefully remove container from IR (#733)
- LOKI support (#740)
- Allow sealing writecache (#569)
- Support tree service in data evacuation (#947)
- Use new policy engine mechanism for access control (#770, #804)
- Log about active notary deposit waiting (#963)
-
-### Changed
- Sort output in `frostfs-cli` subcommands (#333)
- Send bootstrap query at each epoch tick (#721)
- Do not retain garbage in fstree on systems supporting O_TMPFILE (#970)
-
-### Fixed
- Handle synchronization failures better in tree service (#741)
- Fix invalid batch size for iterator traversal in morph (#1000)
-
-### Updated
- `neo-go` to `v0.105.0`
-
-## [v0.37.0]
-
 ### Added
 - Support impersonate bearer token (#229)
 - Change log level on SIGHUP for ir (#125)
--- a/3
+++ b/3
@ -1,3 +0,0 @@
-.*          @TrueCloudLab/storage-core-committers @TrueCloudLab/storage-core-developers
-.forgejo/.* @potyarkin
-Makefile    @potyarkin
--- a/126
+++ b/126
@ -4,19 +4,20 @@ SHELL = bash
 REPO ?= $(shell go list -m)
 VERSION ?= $(shell git describe --tags --dirty --match "v*" --always --abbrev=8 2>/dev/null || cat VERSION 2>/dev/null || echo "develop")

-HUB_IMAGE ?= git.frostfs.info/truecloudlab/frostfs
+HUB_IMAGE ?= truecloudlab/frostfs
 HUB_TAG ?= "$(shell echo ${VERSION} | sed 's/^v//')"

-GO_VERSION ?= 1.22
-LINT_VERSION ?= 1.62.2
-TRUECLOUDLAB_LINT_VERSION ?= 0.0.8
+GO_VERSION ?= 1.21
+LINT_VERSION ?= 1.55.2
+TRUECLOUDLAB_LINT_VERSION ?= 0.0.3
 PROTOC_VERSION ?= 25.0
-PROTOGEN_FROSTFS_VERSION ?= $(shell go list -f '{{.Version}}' -m git.frostfs.info/TrueCloudLab/frostfs-sdk-go)
+PROTOC_GEN_GO_VERSION ?= $(shell go list -f '{{.Version}}' -m google.golang.org/protobuf)
+PROTOGEN_FROSTFS_VERSION ?= $(shell go list -f '{{.Version}}' -m git.frostfs.info/TrueCloudLab/frostfs-api-go/v2)
 PROTOC_OS_VERSION=osx-x86_64
 ifeq ($(shell uname), Linux)
 	PROTOC_OS_VERSION=linux-x86_64
 endif
-STATICCHECK_VERSION ?= 2024.1.1
+STATICCHECK_VERSION ?= 2023.1.6
 ARCH = amd64

 BIN = bin
@ -27,32 +28,28 @@ DIRS = $(BIN) $(RELEASE)
 CMDS = $(notdir $(basename $(wildcard cmd/frostfs-*)))
 BINS = $(addprefix $(BIN)/, $(CMDS))

+# .deb package versioning
+OS_RELEASE = $(shell lsb_release -cs)
+PKG_VERSION ?= $(shell echo $(VERSION) | sed "s/^v//" | \
+			sed -E "s/(.*)-(g[a-fA-F0-9]{6,8})(.*)/\1\3~\2/" | \
+			sed "s/-/~/")-${OS_RELEASE}
+
 OUTPUT_LINT_DIR ?= $(abspath $(BIN))/linters
 LINT_DIR = $(OUTPUT_LINT_DIR)/golangci-lint-$(LINT_VERSION)-v$(TRUECLOUDLAB_LINT_VERSION)
 TMP_DIR := .cache
 PROTOBUF_DIR ?= $(abspath $(BIN))/protobuf
 PROTOC_DIR ?= $(PROTOBUF_DIR)/protoc-v$(PROTOC_VERSION)
+PROTOC_GEN_GO_DIR ?= $(PROTOBUF_DIR)/protoc-gen-go-$(PROTOC_GEN_GO_VERSION)
 PROTOGEN_FROSTFS_DIR ?= $(PROTOBUF_DIR)/protogen-$(PROTOGEN_FROSTFS_VERSION)
 STATICCHECK_DIR ?= $(abspath $(BIN))/staticcheck
 STATICCHECK_VERSION_DIR ?= $(STATICCHECK_DIR)/$(STATICCHECK_VERSION)

-SOURCES = $(shell find . -type f -name "*.go" -print)
-
-GOFUMPT_VERSION ?= v0.7.0
-GOFUMPT_DIR ?= $(abspath $(BIN))/gofumpt
-GOFUMPT_VERSION_DIR ?= $(GOFUMPT_DIR)/$(GOFUMPT_VERSION)
-
-GOPLS_VERSION ?= v0.15.1
-GOPLS_DIR ?= $(abspath $(BIN))/gopls
-GOPLS_VERSION_DIR ?= $(GOPLS_DIR)/$(GOPLS_VERSION)
-GOPLS_TEMP_FILE := $(shell mktemp)
-
 FROSTFS_CONTRACTS_PATH=$(abspath ./../frostfs-contract)
 LOCODE_DB_PATH=$(abspath ./.cache/locode_db)
 LOCODE_DB_VERSION=v0.4.0

 .PHONY: help all images dep clean fmts fumpt imports test lint docker/lint
-		prepare-release pre-commit unpre-commit
+		prepare-release debpackage pre-commit unpre-commit

 # To build a specific binary, use it's name prefix with bin/ as a target
 # For example `make bin/frostfs-node` will build only storage node binary
@ -99,20 +96,21 @@ export-metrics: dep

 # Regenerate proto files:
 protoc:
-	@if [ ! -d "$(PROTOC_DIR)" ] || [ ! -d "$(PROTOGEN_FROSTFS_DIR)" ]; then \
+	@if [ ! -d "$(PROTOC_DIR)" ] || [ ! -d "$(PROTOC_GEN_GO_DIR)" ] || [ ! -d "$(PROTOGEN_FROSTFS_DIR)" ]; then \
 		make protoc-install; \
 	fi
 	@for f in `find . -type f -name '*.proto' -not -path './bin/*'`; do \
 		echo "⇒ Processing $$f "; \
 		$(PROTOC_DIR)/bin/protoc \
 			--proto_path=.:$(PROTOC_DIR)/include:/usr/local/include \
+			--plugin=protoc-gen-go=$(PROTOC_GEN_GO_DIR)/protoc-gen-go \
 			--plugin=protoc-gen-go-frostfs=$(PROTOGEN_FROSTFS_DIR)/protogen \
 			--go-frostfs_out=. --go-frostfs_opt=paths=source_relative \
+			--go_out=. --go_opt=paths=source_relative \
 			--go-grpc_opt=require_unimplemented_servers=false \
 			--go-grpc_out=. --go-grpc_opt=paths=source_relative $$f; \
 	done

-# Install protoc
 protoc-install:
 	@rm -rf $(PROTOBUF_DIR)
 	@mkdir $(PROTOBUF_DIR)
@ -120,8 +118,10 @@ protoc-install:
 	@wget -q -O $(PROTOBUF_DIR)/protoc-$(PROTOC_VERSION).zip 'https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION)-$(PROTOC_OS_VERSION).zip'
 	@unzip -q -o $(PROTOBUF_DIR)/protoc-$(PROTOC_VERSION).zip -d $(PROTOC_DIR)
 	@rm $(PROTOBUF_DIR)/protoc-$(PROTOC_VERSION).zip
+	@echo "⇒ Installing protoc-gen-go..."
+	@GOBIN=$(PROTOC_GEN_GO_DIR) go install -v google.golang.org/protobuf/...@$(PROTOC_GEN_GO_VERSION)
 	@echo "⇒ Instaling protogen FrostFS plugin..."
-	@GOBIN=$(PROTOGEN_FROSTFS_DIR) go install -mod=mod -v git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/util/protogen@$(PROTOGEN_FROSTFS_VERSION)
+	@GOBIN=$(PROTOGEN_FROSTFS_DIR) go install -mod=mod -v git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/util/protogen@$(PROTOGEN_FROSTFS_VERSION)

 # Build FrostFS component's docker image
 image-%:
@ -139,15 +139,6 @@ images: image-storage image-ir image-cli image-adm
 # Build dirty local Docker images
 dirty-images: image-dirty-storage image-dirty-ir image-dirty-cli image-dirty-adm

-# Push FrostFS components' docker image to the registry
-push-image-%:
-	@echo "⇒ Publish FrostFS $* docker image "
-	@docker push $(HUB_IMAGE)-$*:$(HUB_TAG)
-
-# Push all Docker images to the registry
-.PHONY: push-images
-push-images: push-image-storage push-image-ir push-image-cli push-image-adm
-
 # Run `make %` in Golang container
 docker/%:
 	docker run --rm -t \
@ -166,27 +157,15 @@ imports:
 	@echo "⇒ Processing goimports check"
 	@goimports -w cmd/ pkg/ misc/

-# Install gofumpt
-fumpt-install:
-	@rm -rf $(GOFUMPT_DIR)
-	@mkdir $(GOFUMPT_DIR)
-	@GOBIN=$(GOFUMPT_VERSION_DIR) go install mvdan.cc/gofumpt@$(GOFUMPT_VERSION)
-
-# Run gofumpt
 fumpt:
-	@if [ ! -d "$(GOFUMPT_VERSION_DIR)" ]; then \
-		make fumpt-install; \
-	fi
 	@echo "⇒ Processing gofumpt check"
-	$(GOFUMPT_VERSION_DIR)/gofumpt -l -w cmd/ pkg/ misc/
+	@gofumpt -l -w cmd/ pkg/ misc/

 # Run Unit Test with go test
-test: GOFLAGS ?= "-count=1"
 test:
 	@echo "⇒ Running go test"
-	@GOFLAGS="$(GOFLAGS)" go test ./...
+	@go test ./... -count=1

-# Run pre-commit
 pre-commit-run:
 	@pre-commit run -a --hook-stage manual

@ -200,7 +179,7 @@ lint-install:
 	@@make -C $(TMP_DIR)/linters lib CGO_ENABLED=1 OUT_DIR=$(OUTPUT_LINT_DIR)
 	@rm -rf $(TMP_DIR)/linters
 	@rmdir $(TMP_DIR) 2>/dev/null || true
-	@CGO_ENABLED=1 GOBIN=$(LINT_DIR) go install -trimpath github.com/golangci/golangci-lint/cmd/golangci-lint@v$(LINT_VERSION)
+	@CGO_ENABLED=1 GOBIN=$(LINT_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v$(LINT_VERSION)

 # Run linters
 lint:
@ -222,24 +201,6 @@ staticcheck-run:
 	fi
 	@$(STATICCHECK_VERSION_DIR)/staticcheck ./...

-# Install gopls
-gopls-install:
-	@rm -rf $(GOPLS_DIR)
-	@mkdir $(GOPLS_DIR)
-	@GOBIN=$(GOPLS_VERSION_DIR) go install golang.org/x/tools/gopls@$(GOPLS_VERSION)
-
-# Run gopls
-gopls-run:
-	@if [ ! -d "$(GOPLS_VERSION_DIR)" ]; then \
-		make gopls-install; \
-	fi
-	$(GOPLS_VERSION_DIR)/gopls check $(SOURCES) 2>&1 >$(GOPLS_TEMP_FILE)
-	@if [[ $$(wc -l < $(GOPLS_TEMP_FILE)) -ne 0 ]]; then \
-		cat $(GOPLS_TEMP_FILE); \
-		exit 1; \
-	fi
-	rm $(GOPLS_TEMP_FILE)
-
 # Run linters in Docker
 docker/lint:
 	docker run --rm -t \
@ -266,33 +227,36 @@ clean:
 	rm -rf $(BIN)
 	rm -rf $(RELEASE)

-# Download locode database
-locode-download:
-	mkdir -p $(TMP_DIR)
-	@wget -q -O ./$(TMP_DIR)/locode_db.gz 'https://git.frostfs.info/TrueCloudLab/frostfs-locode-db/releases/download/${LOCODE_DB_VERSION}/locode_db.gz'
-	gzip -dfk ./$(TMP_DIR)/locode_db.gz
+# Package for Debian
+debpackage:
+	dch -b --package frostfs-node \
+			--controlmaint \
+			--newversion $(PKG_VERSION) \
+			--distribution $(OS_RELEASE) \
+			"Please see CHANGELOG.md for code changes for $(VERSION)"
+	dpkg-buildpackage --no-sign -b
+
+debclean:
+	dh clean
+
+locode-download:
+	@wget -q -O ./.cache/locode_db.gz 'https://git.frostfs.info/TrueCloudLab/frostfs-locode-db/releases/download/${LOCODE_DB_VERSION}/locode_db.gz'
+	gzip -dfk ./.cache/locode_db.gz

-# Start dev environment
 env-up: all
 	docker compose -f dev/docker-compose.yml up -d
 	@if [ ! -d "$(FROSTFS_CONTRACTS_PATH)" ]; then \
 		echo "Frostfs contracts not found"; exit 1; \
 	fi
 	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph init --contracts ${FROSTFS_CONTRACTS_PATH}
-	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph refill-gas --gas 10.0 \
-		--storage-wallet ./dev/storage/wallet01.json \
-		--storage-wallet ./dev/storage/wallet02.json \
-		--storage-wallet ./dev/storage/wallet03.json \
-		--storage-wallet ./dev/storage/wallet04.json
-
+	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph refill-gas --storage-wallet ./dev/storage/wallet.json --gas 10.0
 	@if [ ! -f "$(LOCODE_DB_PATH)" ]; then \
 		make locode-download; \
 	fi
-	mkdir -p ./$(TMP_DIR)/state
-	mkdir -p ./$(TMP_DIR)/storage

-# Shutdown dev environment
 env-down:
-	docker compose -f dev/docker-compose.yml down -v
-	rm -rf ./$(TMP_DIR)/state
-	rm -rf ./$(TMP_DIR)/storage
+	docker compose -f dev/docker-compose.yml down
+	docker volume rm -f frostfs-node_neo-go
+	rm -f ./.cache/.frostfs-ir-state
+	rm -f ./.cache/.frostfs-node-state
+	rm -rf ./.cache/storage
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@
 <p align="center">
-  <img src="./.forgejo/logo.svg" width="500px" alt="FrostFS">
+  <img src="./.github/logo.svg" width="500px" alt="FrostFS">
 </p>

 <p align="center">
@ -7,8 +7,9 @@
 </p>

 ---
-[![Report](https://goreportcard.com/badge/git.frostfs.info/TrueCloudLab/frostfs-node)](https://goreportcard.com/report/git.frostfs.info/TrueCloudLab/frostfs-node)
-![Release (latest)](https://git.frostfs.info/TrueCloudLab/frostfs-node/badges/release.svg)
+[![Report](https://goreportcard.com/badge/github.com/TrueCloudLab/frostfs-node)](https://goreportcard.com/report/github.com/TrueCloudLab/frostfs-node)
+![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/TrueCloudLab/frostfs-node?sort=semver)
+![License](https://img.shields.io/github/license/TrueCloudLab/frostfs-node.svg?style=popout)

 # Overview

@ -32,8 +33,8 @@ manipulate large amounts of data without paying a prohibitive price.

 FrostFS has a native [gRPC API](https://git.frostfs.info/TrueCloudLab/frostfs-api) and has
 protocol gateways for popular protocols such as [AWS
-S3](https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw),
-[HTTP](https://git.frostfs.info/TrueCloudLab/frostfs-http-gw),
+S3](https://github.com/TrueCloudLab/frostfs-s3-gw),
+[HTTP](https://github.com/TrueCloudLab/frostfs-http-gw),
 [FUSE](https://wikipedia.org/wiki/Filesystem_in_Userspace) and
 [sFTP](https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol) allowing
 developers to integrate applications without rewriting their code.
@ -44,11 +45,11 @@ Now, we only support GNU/Linux on amd64 CPUs with AVX/AVX2 instructions. More
 platforms will be officially supported after release `1.0`.

 The latest version of frostfs-node works with frostfs-contract
-[v0.19.2](https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases/tag/v0.19.2).
+[v0.16.0](https://github.com/TrueCloudLab/frostfs-contract/releases/tag/v0.16.0).

 # Building

-To make all binaries you need Go 1.22+ and `make`:
+To make all binaries you need Go 1.20+ and `make`:
 ```
 make all
 ```
@ -70,7 +71,7 @@ make docker/bin/frostfs-<name> # build a specific binary

 ## Docker images

-To make docker images suitable for use in [frostfs-dev-env](https://git.frostfs.info/TrueCloudLab/frostfs-dev-env/) use:
+To make docker images suitable for use in [frostfs-dev-env](https://github.com/TrueCloudLab/frostfs-dev-env/) use:
 ```
 make images
 ```
@ -98,7 +99,7 @@ See `frostfs-contract`'s README.md for build instructions.
 4. To create container and put object into it run (container and object IDs will be different):

 ```
-./bin/frostfs-cli container create -r 127.0.0.1:8080 --wallet ./dev/wallet.json --policy "REP 1 IN X CBF 1 SELECT 1 FROM * AS X" --await
+./bin/frostfs-cli container create -r 127.0.0.1:8080 --wallet ./dev/wallet.json --policy "REP 1 IN X CBF 1 SELECT 1 FROM * AS X" --basic-acl public-read-write --await
 Enter password >  <- press ENTER, the is no password for wallet
 CID: CfPhEuHQ2PRvM4gfBQDC4dWZY3NccovyfcnEdiq2ixju

@ -124,7 +125,7 @@ the feature/topic you are going to implement.

 # Credits

-FrostFS is maintained by [True Cloud Lab](https://git.frostfs.info/TrueCloudLab/) with the help and
+FrostFS is maintained by [True Cloud Lab](https://github.com/TrueCloudLab/) with the help and
 contributions from community members.

 Please see [CREDITS](CREDITS.md) for details.
--- a/2
+++ b/2
@ -1 +1 @@
-v0.44.0
+v0.36.0
--- a/cmd/frostfs-adm/README.md
+++ b/cmd/frostfs-adm/README.md
@ -56,8 +56,7 @@ credentials:     # passwords for consensus node / alphabet wallets
 #### Network deployment

 - `generate-alphabet` generates a set of wallets for consensus and
-  Alphabet nodes. The list of the name for alphabet wallets(no gaps between names allowed, order is important):
-  - az, buky, vedi, glagoli, dobro, yest, zhivete, dzelo, zemlja, izhe, izhei, gerv, kako, ljudi, mislete, nash, on, pokoj, rtsi, slovo, tverdo, uk
+  Alphabet nodes.

 - `init` initializes the sidechain by deploying smart contracts and
  setting provided FrostFS network configuration.
--- a/cmd/frostfs-adm/docs/deploy.md
+++ b/cmd/frostfs-adm/docs/deploy.md
@ -9,8 +9,8 @@ related configuration details.

 To follow this guide you need:
 - latest released version of [neo-go](https://github.com/nspcc-dev/neo-go/releases) (v0.97.2 at the moment),
- latest released version of [frostfs-adm](https://git.frostfs.info/TrueCloudLab/frostfs-node/releases) utility (v0.42.9 at the moment),
- latest released version of compiled [frostfs-contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases) (v0.19.2 at the moment).
+- latest released version of [frostfs-adm](https://github.com/TrueCloudLab/frostfs-node/releases) utility (v0.25.1 at the moment),
+- latest released version of compiled [frostfs-contract](https://github.com/TrueCloudLab/frostfs-contract/releases) (v0.11.0 at the moment).

 ## Step 1: Prepare network configuration

@ -34,8 +34,6 @@ alphabet-wallets: /home/user/deploy/alphabet-wallets
 network:
  max_object_size: 67108864
  epoch_duration: 240
-  max_ec_data_count: 12
-  max_ec_parity_count: 4
  fee:
    candidate: 0
    container: 0
@ -64,11 +62,6 @@ alphabet-wallets: /home/user/deploy/alphabet-wallets
 wallet[0]: hunter2
 ```

-This command generates wallets with the following names:
- - az, buky, vedi, glagoli, dobro, yest, zhivete, dzelo, zemlja, izhe, izhei, gerv, kako, ljudi, mislete, nash, on, pokoj, rtsi, slovo, tverdo, uk
-
-No gaps between names allowed, order is important.
-
 Do not lose wallet files and network config. Store it in an encrypted backed up
 storage.

--- a/cmd/frostfs-adm/internal/commonflags/flags.go
+++ b/cmd/frostfs-adm/internal/commonflags/flags.go
@ -16,26 +16,16 @@ const (
 	EndpointFlagDesc  = "N3 RPC node endpoint"
 	EndpointFlagShort = "r"

-	WalletPath          = "wallet"
-	WalletPathShorthand = "w"
-	WalletPathUsage     = "Path to the wallet"
-
 	AlphabetWalletsFlag     = "alphabet-wallets"
 	AlphabetWalletsFlagDesc = "Path to alphabet wallets dir"

-	AdminWalletPath  = "wallet-admin"
-	AdminWalletUsage = "Path to the admin wallet"
-
 	LocalDumpFlag                   = "local-dump"
-	ProtoConfigPath                 = "protocol"
 	ContractsInitFlag               = "contracts"
 	ContractsInitFlagDesc           = "Path to archive with compiled FrostFS contracts (the default is to fetch the latest release from the official repository)"
 	ContractsURLFlag                = "contracts-url"
 	ContractsURLFlagDesc            = "URL to archive with compiled FrostFS contracts"
 	EpochDurationInitFlag           = "network.epoch_duration"
 	MaxObjectSizeInitFlag           = "network.max_object_size"
-	MaxECDataCountFlag              = "network.max_ec_data_count"
-	MaxECParityCounFlag             = "network.max_ec_parity_count"
 	RefillGasAmountFlag             = "gas"
 	StorageWalletFlag               = "storage-wallet"
 	ContainerFeeInitFlag            = "network.fee.container"
@ -46,5 +36,4 @@ const (
 	HomomorphicHashDisabledInitFlag = "network.homomorphic_hash_disabled"
 	CustomZoneFlag                  = "domain"
 	AlphabetSizeFlag                = "size"
-	AllFlag                         = "all"
 )
--- a/cmd/frostfs-adm/internal/modules/config/config.go
+++ b/cmd/frostfs-adm/internal/modules/config/config.go
@ -21,8 +21,6 @@ type configTemplate struct {
 	CandidateFee            int
 	ContainerFee            int
 	ContainerAliasFee       int
-	MaxECDataCount          int
-	MaxECParityCount        int
 	WithdrawFee             int
 	Glagolitics             []string
 	HomomorphicHashDisabled bool
@ -33,8 +31,6 @@ alphabet-wallets: {{ .AlphabetDir}}
 network:
  max_object_size: {{ .MaxObjectSize}}
  epoch_duration: {{ .EpochDuration}}
-  max_ec_data_count: {{ .MaxECDataCount}}
-  max_ec_parity_count: {{ .MaxECParityCount}}
  homomorphic_hash_disabled: {{ .HomomorphicHashDisabled}}
  fee:
    candidate: {{ .CandidateFee}}
@ -110,8 +106,6 @@ func generateConfigExample(appDir string, credSize int) (string, error) {
 	tmpl := configTemplate{
 		Endpoint:                "https://neo.rpc.node:30333",
 		MaxObjectSize:           67108864,      // 64 MiB
-		MaxECDataCount:          12,            // Tested with 16-node networks, assuming 12 data + 4 parity nodes.
-		MaxECParityCount:        4,             // Maximum 4 parity chunks, typically <= 3 for most policies.
 		EpochDuration:           240,           // 1 hour with 15s per block
 		HomomorphicHashDisabled: false,         // object homomorphic hash is enabled
 		CandidateFee:            100_0000_0000, // 100.0 GAS (Fixed8)
@ -128,7 +122,7 @@ func generateConfigExample(appDir string, credSize int) (string, error) {
 	tmpl.AlphabetDir = filepath.Join(appDir, "alphabet-wallets")

 	var i innerring.GlagoliticLetter
-	for i = range innerring.GlagoliticLetter(credSize) {
+	for i = 0; i < innerring.GlagoliticLetter(credSize); i++ {
 		tmpl.Glagolitics = append(tmpl.Glagolitics, i.String())
 	}

--- a/cmd/frostfs-adm/internal/modules/config/config_test.go
+++ b/cmd/frostfs-adm/internal/modules/config/config_test.go
@ -27,8 +27,6 @@ func TestGenerateConfigExample(t *testing.T) {
 	require.Equal(t, "https://neo.rpc.node:30333", v.GetString("rpc-endpoint"))
 	require.Equal(t, filepath.Join(appDir, "alphabet-wallets"), v.GetString("alphabet-wallets"))
 	require.Equal(t, 67108864, v.GetInt("network.max_object_size"))
-	require.Equal(t, 12, v.GetInt("network.max_ec_data_count"))
-	require.Equal(t, 4, v.GetInt("network.max_ec_parity_count"))
 	require.Equal(t, 240, v.GetInt("network.epoch_duration"))
 	require.Equal(t, 10000000000, v.GetInt("network.fee.candidate"))
 	require.Equal(t, 1000, v.GetInt("network.fee.container"))
--- a/cmd/frostfs-adm/internal/modules/metabase/root.go
+++ b/cmd/frostfs-adm/internal/modules/metabase/root.go
@ -1,15 +0,0 @@
-package metabase
-
-import "github.com/spf13/cobra"
-
-// RootCmd is a root command of config section.
-var RootCmd = &cobra.Command{
-	Use:   "metabase",
-	Short: "Section for metabase commands",
-}
-
-func init() {
-	RootCmd.AddCommand(UpgradeCmd)
-
-	initUpgradeCommand()
-}
--- a/cmd/frostfs-adm/internal/modules/metabase/upgrade.go
+++ b/cmd/frostfs-adm/internal/modules/metabase/upgrade.go
@ -1,156 +0,0 @@
-package metabase
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"sync"
-	"time"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config"
-	engineconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/engine"
-	shardconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/engine/shard"
-	morphconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/morph"
-	nodeconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/node"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container"
-	meta "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/metabase"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
-	morphcontainer "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/container"
-	"github.com/spf13/cobra"
-	"golang.org/x/sync/errgroup"
-)
-
-const (
-	noCompactFlag = "no-compact"
-)
-
-var (
-	errNoPathsFound          = errors.New("no metabase paths found")
-	errNoMorphEndpointsFound = errors.New("no morph endpoints found")
-	errUpgradeFailed         = errors.New("upgrade failed")
-)
-
-var UpgradeCmd = &cobra.Command{
-	Use:   "upgrade",
-	Short: "Upgrade metabase to latest version",
-	RunE:  upgrade,
-}
-
-func upgrade(cmd *cobra.Command, _ []string) error {
-	configFile, err := cmd.Flags().GetString(commonflags.ConfigFlag)
-	if err != nil {
-		return err
-	}
-	configDir, err := cmd.Flags().GetString(commonflags.ConfigDirFlag)
-	if err != nil {
-		return err
-	}
-	appCfg := config.New(configFile, configDir, config.EnvPrefix)
-	paths, err := getMetabasePaths(appCfg)
-	if err != nil {
-		return err
-	}
-	if len(paths) == 0 {
-		return errNoPathsFound
-	}
-	cmd.Println("found", len(paths), "metabases:")
-	for i, path := range paths {
-		cmd.Println(i+1, ":", path)
-	}
-	mc, err := createMorphClient(cmd.Context(), appCfg)
-	if err != nil {
-		return err
-	}
-	defer mc.Close()
-	civ, err := createContainerInfoProvider(mc)
-	if err != nil {
-		return err
-	}
-	noCompact, _ := cmd.Flags().GetBool(noCompactFlag)
-	result := make(map[string]bool)
-	var resultGuard sync.Mutex
-	eg, ctx := errgroup.WithContext(cmd.Context())
-	for _, path := range paths {
-		eg.Go(func() error {
-			var success bool
-			cmd.Println("upgrading metabase", path, "...")
-			if err := meta.Upgrade(ctx, path, !noCompact, civ, func(a ...any) {
-				cmd.Println(append([]any{time.Now().Format(time.RFC3339), ":", path, ":"}, a...)...)
-			}); err != nil {
-				cmd.Println("error: failed to upgrade metabase", path, ":", err)
-			} else {
-				success = true
-				cmd.Println("metabase", path, "upgraded successfully")
-			}
-			resultGuard.Lock()
-			result[path] = success
-			resultGuard.Unlock()
-			return nil
-		})
-	}
-	if err := eg.Wait(); err != nil {
-		return err
-	}
-	allSuccess := true
-	for mb, ok := range result {
-		if ok {
-			cmd.Println(mb, ": success")
-		} else {
-			cmd.Println(mb, ": failed")
-			allSuccess = false
-		}
-	}
-	if allSuccess {
-		return nil
-	}
-	return errUpgradeFailed
-}
-
-func getMetabasePaths(appCfg *config.Config) ([]string, error) {
-	var paths []string
-	if err := engineconfig.IterateShards(appCfg, false, func(sc *shardconfig.Config) error {
-		paths = append(paths, sc.Metabase().Path())
-		return nil
-	}); err != nil {
-		return nil, fmt.Errorf("get metabase paths: %w", err)
-	}
-	return paths, nil
-}
-
-func createMorphClient(ctx context.Context, appCfg *config.Config) (*client.Client, error) {
-	addresses := morphconfig.RPCEndpoint(appCfg)
-	if len(addresses) == 0 {
-		return nil, errNoMorphEndpointsFound
-	}
-	key := nodeconfig.Key(appCfg)
-	cli, err := client.New(ctx,
-		key,
-		client.WithDialTimeout(morphconfig.DialTimeout(appCfg)),
-		client.WithEndpoints(addresses...),
-		client.WithSwitchInterval(morphconfig.SwitchInterval(appCfg)),
-	)
-	if err != nil {
-		return nil, fmt.Errorf("create morph client:%w", err)
-	}
-	return cli, nil
-}
-
-func createContainerInfoProvider(cli *client.Client) (container.InfoProvider, error) {
-	sh, err := cli.NNSContractAddress(client.NNSContainerContractName)
-	if err != nil {
-		return nil, fmt.Errorf("resolve container contract hash: %w", err)
-	}
-	cc, err := morphcontainer.NewFromMorph(cli, sh, 0)
-	if err != nil {
-		return nil, fmt.Errorf("create morph container client: %w", err)
-	}
-	return container.NewInfoProvider(func() (container.Source, error) {
-		return morphcontainer.AsContainerSource(cc), nil
-	}), nil
-}
-
-func initUpgradeCommand() {
-	flags := UpgradeCmd.Flags()
-	flags.Bool(noCompactFlag, false, "Do not compact upgraded metabase file")
-}
--- a/cmd/frostfs-adm/internal/modules/morph/ape/ape.go
+++ b/cmd/frostfs-adm/internal/modules/morph/ape/ape.go
@ -5,19 +5,33 @@ import (
 	"encoding/json"

 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )

 const (
-	jsonFlag      = "json"
-	jsonFlagDesc  = "Output rule chains in JSON format"
-	addrAdminFlag = "addr"
-	addrAdminDesc = "The address of the admins wallet"
+	namespaceTarget   = "namespace"
+	containerTarget   = "container"
+	jsonFlag          = "json"
+	jsonFlagDesc      = "Output rule chains in JSON format"
+	chainIDFlag       = "chain-id"
+	chainIDDesc       = "Rule chain ID"
+	ruleFlag          = "rule"
+	ruleFlagDesc      = "Rule chain in text format"
+	pathFlag          = "path"
+	pathFlagDesc      = "path to encoded chain in JSON or binary format"
+	targetNameFlag    = "target-name"
+	targetNameDesc    = "Resource name in APE resource name format"
+	targetTypeFlag    = "target-type"
+	targetTypeDesc    = "Resource type(container/namespace)"
+	addrAdminFlag     = "addr"
+	addrAdminDesc     = "The address of the admins wallet"
+	chainNameFlag     = "chain-name"
+	chainNameFlagDesc = "Chain name(ingress|s3)"
 )

 var (
@ -46,6 +60,7 @@ var (
 		Short: "List rule chains",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 		},
 		Run: listRuleChains,
 	}
@ -65,18 +80,10 @@ var (
 		Short: "Get admin",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 		},
 		Run: getAdmin,
 	}
-
-	listTargetsCmd = &cobra.Command{
-		Use:   "list-targets",
-		Short: "List targets",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-		},
-		Run: listTargets,
-	}
 )

 func initAddRuleChainCmd() {
@ -85,17 +92,17 @@ func initAddRuleChainCmd() {
 	addRuleChainCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	addRuleChainCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)

-	addRuleChainCmd.Flags().String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
-	_ = addRuleChainCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
-	addRuleChainCmd.Flags().String(apeCmd.TargetNameFlag, "", apeCmd.TargetTypeFlagDesc)
-	_ = addRuleChainCmd.MarkFlagRequired(apeCmd.TargetNameFlag)
+	addRuleChainCmd.Flags().String(targetTypeFlag, "", targetTypeDesc)
+	_ = addRuleChainCmd.MarkFlagRequired(targetTypeFlag)
+	addRuleChainCmd.Flags().String(targetNameFlag, "", targetNameDesc)
+	_ = addRuleChainCmd.MarkFlagRequired(targetNameFlag)

-	addRuleChainCmd.Flags().String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
-	_ = addRuleChainCmd.MarkFlagRequired(apeCmd.ChainIDFlag)
-	addRuleChainCmd.Flags().StringArray(apeCmd.RuleFlag, []string{}, apeCmd.RuleFlagDesc)
-	addRuleChainCmd.Flags().String(apeCmd.PathFlag, "", apeCmd.PathFlagDesc)
-	addRuleChainCmd.Flags().String(apeCmd.ChainNameFlag, apeCmd.Ingress, apeCmd.ChainNameFlagDesc)
-	addRuleChainCmd.MarkFlagsMutuallyExclusive(apeCmd.RuleFlag, apeCmd.PathFlag)
+	addRuleChainCmd.Flags().String(chainIDFlag, "", chainIDDesc)
+	_ = addRuleChainCmd.MarkFlagRequired(chainIDFlag)
+	addRuleChainCmd.Flags().StringArray(ruleFlag, []string{}, ruleFlagDesc)
+	addRuleChainCmd.Flags().String(pathFlag, "", pathFlagDesc)
+	addRuleChainCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
+	addRuleChainCmd.MarkFlagsMutuallyExclusive(ruleFlag, pathFlag)
 }

 func initRemoveRuleChainCmd() {
@ -104,25 +111,26 @@ func initRemoveRuleChainCmd() {
 	removeRuleChainCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	removeRuleChainCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)

-	removeRuleChainCmd.Flags().String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
-	_ = removeRuleChainCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
-	removeRuleChainCmd.Flags().String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
-	_ = removeRuleChainCmd.MarkFlagRequired(apeCmd.TargetNameFlag)
-	removeRuleChainCmd.Flags().String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
-	removeRuleChainCmd.Flags().String(apeCmd.ChainNameFlag, apeCmd.Ingress, apeCmd.ChainNameFlagDesc)
-	removeRuleChainCmd.Flags().Bool(commonflags.AllFlag, false, "Remove all chains for target")
-	removeRuleChainCmd.MarkFlagsMutuallyExclusive(commonflags.AllFlag, apeCmd.ChainIDFlag)
+	removeRuleChainCmd.Flags().String(targetTypeFlag, "", targetTypeDesc)
+	_ = removeRuleChainCmd.MarkFlagRequired(targetTypeFlag)
+	removeRuleChainCmd.Flags().String(targetNameFlag, "", targetNameDesc)
+	_ = removeRuleChainCmd.MarkFlagRequired(targetNameFlag)
+	removeRuleChainCmd.Flags().String(chainIDFlag, "", chainIDDesc)
+	_ = removeRuleChainCmd.MarkFlagRequired(chainIDFlag)
+	removeRuleChainCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
 }

 func initListRuleChainsCmd() {
 	Cmd.AddCommand(listRuleChainsCmd)

 	listRuleChainsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	listRuleChainsCmd.Flags().StringP(apeCmd.TargetTypeFlag, "t", "", apeCmd.TargetTypeFlagDesc)
-	_ = listRuleChainsCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
-	listRuleChainsCmd.Flags().String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	listRuleChainsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	listRuleChainsCmd.Flags().StringP(targetTypeFlag, "t", "", targetTypeDesc)
+	_ = listRuleChainsCmd.MarkFlagRequired(targetTypeFlag)
+	listRuleChainsCmd.Flags().String(targetNameFlag, "", targetNameDesc)
+	_ = listRuleChainsCmd.MarkFlagRequired(targetNameFlag)
 	listRuleChainsCmd.Flags().Bool(jsonFlag, false, jsonFlagDesc)
-	listRuleChainsCmd.Flags().String(apeCmd.ChainNameFlag, apeCmd.Ingress, apeCmd.ChainNameFlagDesc)
+	listRuleChainsCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
 }

 func initSetAdminCmd() {
@ -138,21 +146,14 @@ func initGetAdminCmd() {
 	Cmd.AddCommand(getAdminCmd)

 	getAdminCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-}
-
-func initListTargetsCmd() {
-	Cmd.AddCommand(listTargetsCmd)
-
-	listTargetsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	listTargetsCmd.Flags().StringP(apeCmd.TargetTypeFlag, "t", "", apeCmd.TargetTypeFlagDesc)
-	_ = listTargetsCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	getAdminCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }

 func addRuleChain(cmd *cobra.Command, _ []string) {
-	chain := apeCmd.ParseChain(cmd)
+	chain := parseChain(cmd)
 	target := parseTarget(cmd)
 	pci, ac := newPolicyContractInterface(cmd)
-	h, vub, err := pci.AddMorphRuleChain(apeCmd.ParseChainName(cmd), target, chain)
+	h, vub, err := pci.AddMorphRuleChain(parseChainName(cmd), target, chain)
 	cmd.Println("Waiting for transaction to persist...")
 	_, err = ac.Wait(h, vub, err)
 	commonCmd.ExitOnErr(cmd, "add rule chain error: %w", err)
@ -160,29 +161,20 @@ func addRuleChain(cmd *cobra.Command, _ []string) {
 }

 func removeRuleChain(cmd *cobra.Command, _ []string) {
+	chainID := parseChainID(cmd)
 	target := parseTarget(cmd)
 	pci, ac := newPolicyContractInterface(cmd)
-	removeAll, _ := cmd.Flags().GetBool(commonflags.AllFlag)
-	if removeAll {
-		h, vub, err := pci.RemoveMorphRuleChainsByTarget(apeCmd.ParseChainName(cmd), target)
-		cmd.Println("Waiting for transaction to persist...")
-		_, err = ac.Wait(h, vub, err)
-		commonCmd.ExitOnErr(cmd, "remove rule chain error: %w", err)
-		cmd.Println("All chains for target removed successfully")
-	} else {
-		chainID := apeCmd.ParseChainID(cmd)
-		h, vub, err := pci.RemoveMorphRuleChain(apeCmd.ParseChainName(cmd), target, chainID)
-		cmd.Println("Waiting for transaction to persist...")
-		_, err = ac.Wait(h, vub, err)
-		commonCmd.ExitOnErr(cmd, "remove rule chain error: %w", err)
-		cmd.Println("Rule chain removed successfully")
-	}
+	h, vub, err := pci.RemoveMorphRuleChain(parseChainName(cmd), target, chainID)
+	cmd.Println("Waiting for transaction to persist...")
+	_, err = ac.Wait(h, vub, err)
+	commonCmd.ExitOnErr(cmd, "remove rule chain error: %w", err)
+	cmd.Println("Rule chain removed successfully")
 }

 func listRuleChains(cmd *cobra.Command, _ []string) {
 	target := parseTarget(cmd)
-	pci, _ := newPolicyContractReaderInterface(cmd)
-	chains, err := pci.ListMorphRuleChains(apeCmd.ParseChainName(cmd), target)
+	pci, _ := newPolicyContractInterface(cmd)
+	chains, err := pci.ListMorphRuleChains(parseChainName(cmd), target)
 	commonCmd.ExitOnErr(cmd, "list rule chains error: %w", err)
 	if len(chains) == 0 {
 		return
@ -193,14 +185,14 @@ func listRuleChains(cmd *cobra.Command, _ []string) {
 		prettyJSONFormat(cmd, chains)
 	} else {
 		for _, c := range chains {
-			apeCmd.PrintHumanReadableAPEChain(cmd, c)
+			parseutil.PrintHumanReadableAPEChain(cmd, c)
 		}
 	}
 }

 func setAdmin(cmd *cobra.Command, _ []string) {
 	s, _ := cmd.Flags().GetString(addrAdminFlag)
-	addr, err := address.StringToUint160(s)
+	addr, err := util.Uint160DecodeStringLE(s)
 	commonCmd.ExitOnErr(cmd, "can't decode admin addr: %w", err)
 	pci, ac := newPolicyContractInterface(cmd)
 	h, vub, err := pci.SetAdmin(addr)
@ -211,32 +203,10 @@ func setAdmin(cmd *cobra.Command, _ []string) {
 }

 func getAdmin(cmd *cobra.Command, _ []string) {
-	pci, _ := newPolicyContractReaderInterface(cmd)
+	pci, _ := newPolicyContractInterface(cmd)
 	addr, err := pci.GetAdmin()
 	commonCmd.ExitOnErr(cmd, "unable to get admin: %w", err)
-	cmd.Println(address.Uint160ToString(addr))
-}
-
-func listTargets(cmd *cobra.Command, _ []string) {
-	typ := apeCmd.ParseTargetType(cmd)
-	pci, inv := newPolicyContractReaderInterface(cmd)
-
-	sid, it, err := pci.ListTargetsIterator(typ)
-	commonCmd.ExitOnErr(cmd, "list targets error: %w", err)
-	items, err := inv.TraverseIterator(sid, &it, 0)
-	for err == nil && len(items) != 0 {
-		for _, item := range items {
-			bts, err := item.TryBytes()
-			commonCmd.ExitOnErr(cmd, "list targets error: %w", err)
-			if len(bts) == 0 {
-				cmd.Println("(no name)")
-			} else {
-				cmd.Println(string(bts))
-			}
-		}
-		items, err = inv.TraverseIterator(sid, &it, 0)
-		commonCmd.ExitOnErr(cmd, "unable to list targets: %w", err)
-	}
+	cmd.Println(addr.StringLE())
 }

 func prettyJSONFormat(cmd *cobra.Command, chains []*apechain.Chain) {
--- a/cmd/frostfs-adm/internal/modules/morph/ape/ape_util.go
+++ b/cmd/frostfs-adm/internal/modules/morph/ape/ape_util.go
@ -1,93 +1,113 @@
 package ape

 import (
-	"errors"
+	"fmt"
+	"strings"

 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
+	parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 	morph "git.frostfs.info/TrueCloudLab/policy-engine/pkg/morph/policy"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )

-var errUnknownTargetType = errors.New("unknown target type")
+const (
+	ingress = "ingress"
+	s3      = "s3"
+)
+
+var mChainName = map[string]apechain.Name{
+	ingress: apechain.Ingress,
+	s3:      apechain.S3,
+}

 func parseTarget(cmd *cobra.Command) policyengine.Target {
-	typ := apeCmd.ParseTargetType(cmd)
-	name, _ := cmd.Flags().GetString(apeCmd.TargetNameFlag)
+	var targetType policyengine.TargetType
+	typ, _ := cmd.Flags().GetString(targetTypeFlag)
 	switch typ {
-	case policyengine.Namespace:
-		if name == "root" {
-			name = ""
-		}
-		return policyengine.NamespaceTarget(name)
-	case policyengine.Container:
-		var cnr cid.ID
-		commonCmd.ExitOnErr(cmd, "can't decode container ID: %w", cnr.DecodeString(name))
-		return policyengine.ContainerTarget(name)
-	case policyengine.User:
-		return policyengine.UserTarget(name)
-	case policyengine.Group:
-		return policyengine.GroupTarget(name)
+	case namespaceTarget:
+		targetType = policyengine.Namespace
+	case containerTarget:
+		targetType = policyengine.Container
 	default:
-		commonCmd.ExitOnErr(cmd, "read target type error: %w", errUnknownTargetType)
+		commonCmd.ExitOnErr(cmd, "read target type error: %w", fmt.Errorf("unknown target type"))
+	}
+	name, _ := cmd.Flags().GetString(targetNameFlag)
+
+	return policyengine.Target{
+		Name: name,
+		Type: targetType,
 	}
-	panic("unreachable")
 }

-// invokerAdapter adapats invoker.Invoker to ContractStorageInvoker interface.
-type invokerAdapter struct {
-	*invoker.Invoker
-	rpcActor invoker.RPCInvoke
+func parseChainID(cmd *cobra.Command) apechain.ID {
+	chainID, _ := cmd.Flags().GetString(chainIDFlag)
+	if chainID == "" {
+		commonCmd.ExitOnErr(cmd, "read chain id error: %w",
+			fmt.Errorf("chain id cannot be empty"))
+	}
+	return apechain.ID(chainID)
 }

-func (n *invokerAdapter) GetRPCInvoker() invoker.RPCInvoke {
-	return n.rpcActor
-}
+func parseChain(cmd *cobra.Command) *apechain.Chain {
+	chain := new(apechain.Chain)

-func newPolicyContractReaderInterface(cmd *cobra.Command) (*morph.ContractStorageReader, *invoker.Invoker) {
-	c, err := helper.NewRemoteClient(viper.GetViper())
-	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
-
-	inv := invoker.New(c, nil)
-	r := management.NewReader(inv)
-	nnsCs, err := helper.GetContractByID(r, 1)
-	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
-
-	ch, err := helper.NNSResolveHash(inv, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
-	commonCmd.ExitOnErr(cmd, "unable to resolve policy contract hash: %w", err)
-
-	invokerAdapter := &invokerAdapter{
-		Invoker:  inv,
-		rpcActor: c,
+	if rules, _ := cmd.Flags().GetStringArray(ruleFlag); len(rules) > 0 {
+		commonCmd.ExitOnErr(cmd, "parser error: %w", parseutil.ParseAPEChain(chain, rules))
+	} else if encPath, _ := cmd.Flags().GetString(pathFlag); encPath != "" {
+		commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", parseutil.ParseAPEChainBinaryOrJSON(chain, encPath))
+	} else {
+		commonCmd.ExitOnErr(cmd, "parser error: %w", fmt.Errorf("rule is not passed"))
 	}

-	return morph.NewContractStorageReader(invokerAdapter, ch), inv
+	chain.ID = parseChainID(cmd)
+
+	cmd.Println("Parsed chain:")
+	parseutil.PrintHumanReadableAPEChain(cmd, chain)
+
+	return chain
 }

-func newPolicyContractInterface(cmd *cobra.Command) (*morph.ContractStorage, *helper.LocalActor) {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+func parseChainName(cmd *cobra.Command) apechain.Name {
+	chainName, _ := cmd.Flags().GetString(chainNameFlag)
+	apeChainName, ok := mChainName[strings.ToLower(chainName)]
+	if !ok {
+		commonCmd.ExitOnErr(cmd, "", fmt.Errorf("unsupported chain name"))
+	}
+	return apeChainName
+}
+
+func newPolicyContractInterface(cmd *cobra.Command) (*morph.ContractStorage, *actor.Actor) {
+	v := viper.GetViper()
+	c, err := helper.GetN3Client(v)
 	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)

 	walletDir := config.ResolveHomePath(viper.GetString(commonflags.AlphabetWalletsFlag))
-	ac, err := helper.NewLocalActor(c, &helper.AlphabetWallets{Path: walletDir, Label: constants.ConsensusAccountName})
+	wallets, err := helper.GetAlphabetWallets(v, walletDir)
+	commonCmd.ExitOnErr(cmd, "unable to get alphabet wallets: %w", err)
+
+	committeeAcc, err := helper.GetWalletAccount(wallets[0], constants.CommitteeAccountName)
+	commonCmd.ExitOnErr(cmd, "can't find committee account: %w", err)
+
+	ac, err := helper.NewActor(c, committeeAcc)
 	commonCmd.ExitOnErr(cmd, "can't create actor: %w", err)

+	inv := &ac.Invoker
 	var ch util.Uint160
-	r := management.NewReader(ac.Invoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	r := management.NewReader(inv)
+	nnsCs, err := r.GetContractByID(1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)

-	ch, err = helper.NNSResolveHash(ac.Invoker, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
+	ch, err = helper.NNSResolveHash(inv, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
 	commonCmd.ExitOnErr(cmd, "unable to resolve policy contract hash: %w", err)

 	return morph.NewContractStorage(ac, ch), ac
--- a/cmd/frostfs-adm/internal/modules/morph/ape/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/ape/root.go
@ -13,5 +13,4 @@ func init() {
 	initListRuleChainsCmd()
 	initSetAdminCmd()
 	initGetAdminCmd()
-	initListTargetsCmd()
 }
--- a/cmd/frostfs-adm/internal/modules/morph/balance/balance.go
+++ b/cmd/frostfs-adm/internal/modules/morph/balance/balance.go
@ -51,7 +51,7 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {
 		nmHash          util.Uint160
 	)

-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return err
 	}
@ -60,7 +60,7 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {

 	if dumpStorage || dumpAlphabet || dumpProxy {
 		r := management.NewReader(inv)
-		nnsCs, err = helper.GetContractByID(r, 1)
+		nnsCs, err = r.GetContractByID(1)
 		if err != nil {
 			return fmt.Errorf("can't get NNS contract info: %w", err)
 		}
--- a/cmd/frostfs-adm/internal/modules/morph/config/config.go
+++ b/cmd/frostfs-adm/internal/modules/morph/config/config.go
@ -26,7 +26,7 @@ import (
 const forceConfigSet = "force"

 func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@ -34,7 +34,7 @@ func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
 	inv := invoker.New(c, nil)
 	r := management.NewReader(inv)

-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -60,19 +60,18 @@ func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
 		switch k {
 		case netmap.ContainerFeeConfig, netmap.ContainerAliasFeeConfig,
 			netmap.EpochDurationConfig, netmap.IrCandidateFeeConfig,
-			netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig,
-			netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig:
+			netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig:
 			nbuf := make([]byte, 8)
 			copy(nbuf[:], v)
 			n := binary.LittleEndian.Uint64(nbuf)
-			_, _ = tw.Write(fmt.Appendf(nil, "%s:\t%d (int)\n", k, n))
+			_, _ = tw.Write([]byte(fmt.Sprintf("%s:\t%d (int)\n", k, n)))
 		case netmap.HomomorphicHashingDisabledKey, netmap.MaintenanceModeAllowedConfig:
 			if len(v) == 0 || len(v) > 1 {
 				return helper.InvalidConfigValueErr(k)
 			}
-			_, _ = tw.Write(fmt.Appendf(nil, "%s:\t%t (bool)\n", k, v[0] == 1))
+			_, _ = tw.Write([]byte(fmt.Sprintf("%s:\t%t (bool)\n", k, v[0] == 1)))
 		default:
-			_, _ = tw.Write(fmt.Appendf(nil, "%s:\t%s (hex)\n", k, hex.EncodeToString(v)))
+			_, _ = tw.Write([]byte(fmt.Sprintf("%s:\t%s (hex)\n", k, hex.EncodeToString(v))))
 		}
 	}

@ -93,7 +92,7 @@ func SetConfigCmd(cmd *cobra.Command, args []string) error {
 	}

 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -104,22 +103,14 @@ func SetConfigCmd(cmd *cobra.Command, args []string) error {
 	}

 	forceFlag, _ := cmd.Flags().GetBool(forceConfigSet)
+
 	bw := io.NewBufBinWriter()
-	prm := make(map[string]any)
 	for _, arg := range args {
 		k, v, err := parseConfigPair(arg, forceFlag)
 		if err != nil {
 			return err
 		}

-		prm[k] = v
-	}
-
-	if err := validateConfig(prm, forceFlag); err != nil {
-		return err
-	}
-
-	for k, v := range prm {
 		// In NeoFS this is done via Notary contract. Here, however, we can form the
 		// transaction locally. The first `nil` argument is required only for notary
 		// disabled environment which is not supported by that command.
@ -137,50 +128,6 @@ func SetConfigCmd(cmd *cobra.Command, args []string) error {
 	return wCtx.AwaitTx()
 }

-const maxECSum = 256
-
-func validateConfig(args map[string]any, forceFlag bool) error {
-	var sumEC int64
-	_, okData := args[netmap.MaxECDataCountConfig]
-	_, okParity := args[netmap.MaxECParityCountConfig]
-	if okData != okParity {
-		return fmt.Errorf("both %s and %s must be present in the configuration",
-			netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig)
-	}
-
-	for k, v := range args {
-		switch k {
-		case netmap.ContainerFeeConfig, netmap.ContainerAliasFeeConfig,
-			netmap.EpochDurationConfig, netmap.IrCandidateFeeConfig,
-			netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig,
-			netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig:
-			value, ok := v.(int64)
-			if !ok {
-				return fmt.Errorf("%s has an invalid type. Expected type: int", k)
-			}
-
-			if value < 0 {
-				return fmt.Errorf("%s must be >= 0, got %v", k, v)
-			}
-
-			if k == netmap.MaxECDataCountConfig || k == netmap.MaxECParityCountConfig {
-				sumEC += value
-			}
-		case netmap.HomomorphicHashingDisabledKey, netmap.MaintenanceModeAllowedConfig:
-			_, ok := v.(bool)
-			if !ok {
-				return fmt.Errorf("%s has an invalid type. Expected type: bool", k)
-			}
-		}
-	}
-
-	if sumEC > maxECSum && !forceFlag {
-		return fmt.Errorf("the sum of %s and %s must be <= %d, got %d",
-			netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig, maxECSum, sumEC)
-	}
-	return nil
-}
-
 func parseConfigPair(kvStr string, force bool) (key string, val any, err error) {
 	k, v, found := strings.Cut(kvStr, "=")
 	if !found {
@ -193,8 +140,7 @@ func parseConfigPair(kvStr string, force bool) (key string, val any, err error)
 	switch key {
 	case netmap.ContainerFeeConfig, netmap.ContainerAliasFeeConfig,
 		netmap.EpochDurationConfig, netmap.IrCandidateFeeConfig,
-		netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig,
-		netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig:
+		netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig:
 		val, err = strconv.ParseInt(valRaw, 10, 64)
 		if err != nil {
 			err = fmt.Errorf("could not parse %s's value '%s' as int: %w", key, valRaw, err)
--- a/cmd/frostfs-adm/internal/modules/morph/config/config_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/config/config_test.go
@ -1,34 +0,0 @@
-package config
-
-import (
-	"testing"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/netmap"
-	"github.com/stretchr/testify/require"
-)
-
-func Test_ValidateConfig(t *testing.T) {
-	testArgs := make(map[string]any)
-
-	testArgs[netmap.MaxECDataCountConfig] = int64(11)
-	require.Error(t, validateConfig(testArgs, false))
-
-	testArgs[netmap.MaxECParityCountConfig] = int64(256)
-	require.Error(t, validateConfig(testArgs, false))
-	require.NoError(t, validateConfig(testArgs, true))
-
-	testArgs[netmap.MaxECParityCountConfig] = int64(-1)
-	require.Error(t, validateConfig(testArgs, false))
-
-	testArgs[netmap.MaxECParityCountConfig] = int64(55)
-	require.NoError(t, validateConfig(testArgs, false))
-
-	testArgs[netmap.HomomorphicHashingDisabledKey] = "1"
-	require.Error(t, validateConfig(testArgs, false))
-
-	testArgs[netmap.HomomorphicHashingDisabledKey] = true
-	require.NoError(t, validateConfig(testArgs, false))
-
-	testArgs["not-well-known-configuration-key"] = "key"
-	require.NoError(t, validateConfig(testArgs, false))
-}
--- a/cmd/frostfs-adm/internal/modules/morph/constants/const.go
+++ b/cmd/frostfs-adm/internal/modules/morph/constants/const.go
@ -4,6 +4,7 @@ import "time"

 const (
 	ConsensusAccountName = "consensus"
+	ProtoConfigPath      = "protocol"

 	// MaxAlphabetNodes is the maximum number of candidates allowed, which is currently limited by the size
 	// of the invocation script.
@ -27,10 +28,7 @@ const (
 	ContractWalletFilename    = "contract.json"
 	ContractWalletPasswordKey = "contract"

-	FrostfsOpsEmail  = "ops@frostfs.info"
-	NNSRefreshDefVal = int64(3600)
-	NNSRetryDefVal   = int64(600)
-	NNSTtlDefVal     = int64(3600)
+	FrostfsOpsEmail = "ops@frostfs.info"

 	DefaultExpirationTime = 10 * 365 * 24 * time.Hour / time.Second

--- a/cmd/frostfs-adm/internal/modules/morph/container/container.go
+++ b/cmd/frostfs-adm/internal/modules/morph/container/container.go
@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"os"
-	"slices"
 	"sort"

 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
@ -34,7 +33,7 @@ func getContainerContractHash(cmd *cobra.Command, inv *invoker.Invoker) (util.Ui
 	}
 	if err != nil {
 		r := management.NewReader(inv)
-		nnsCs, err := helper.GetContractByID(r, 1)
+		nnsCs, err := r.GetContractByID(1)
 		if err != nil {
 			return util.Uint160{}, fmt.Errorf("can't get NNS contract state: %w", err)
 		}
@ -76,7 +75,7 @@ func dumpContainers(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("invalid filename: %w", err)
 	}

-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@ -139,12 +138,13 @@ func dumpContainers(cmd *cobra.Command, _ []string) error {
 func dumpSingleContainer(bw *io.BufBinWriter, ch util.Uint160, inv *invoker.Invoker, id []byte) (*Container, error) {
 	bw.Reset()
 	emit.AppCall(bw.BinWriter, ch, "get", callflag.All, id)
+	emit.AppCall(bw.BinWriter, ch, "eACL", callflag.All, id)
 	res, err := inv.Run(bw.Bytes())
 	if err != nil {
 		return nil, fmt.Errorf("can't get container info: %w", err)
 	}
-	if len(res.Stack) != 1 {
-		return nil, fmt.Errorf("%w: expected 1 items on stack", errInvalidContainerResponse)
+	if len(res.Stack) != 2 {
+		return nil, fmt.Errorf("%w: expected 2 items on stack", errInvalidContainerResponse)
 	}

 	cnt := new(Container)
@ -153,11 +153,19 @@ func dumpSingleContainer(bw *io.BufBinWriter, ch util.Uint160, inv *invoker.Invo
 		return nil, fmt.Errorf("%w: %v", errInvalidContainerResponse, err)
 	}

+	ea := new(EACL)
+	err = ea.FromStackItem(res.Stack[1])
+	if err != nil {
+		return nil, fmt.Errorf("%w: %v", errInvalidContainerResponse, err)
+	}
+	if len(ea.Value) != 0 {
+		cnt.EACL = ea
+	}
 	return cnt, nil
 }

 func listContainers(cmd *cobra.Command, _ []string) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@ -249,6 +257,10 @@ func restoreOrPutContainers(containers []Container, isOK func([]byte) bool, cmd
 func putContainer(bw *io.BufBinWriter, ch util.Uint160, cnt Container) {
 	emit.AppCall(bw.BinWriter, ch, "put", callflag.All,
 		cnt.Value, cnt.Signature, cnt.PublicKey, cnt.Token)
+	if ea := cnt.EACL; ea != nil {
+		emit.AppCall(bw.BinWriter, ch, "setEACL", callflag.All,
+			ea.Value, ea.Signature, ea.PublicKey, ea.Token)
+	}
 }

 func isContainerRestored(cmd *cobra.Command, wCtx *helper.InitializeContext, containerHash util.Uint160, bw *io.BufBinWriter, hashValue util.Uint256) (bool, error) {
@ -291,7 +303,7 @@ func parseContainers(filename string) ([]Container, error) {

 func fetchContainerContractHash(wCtx *helper.InitializeContext) (util.Uint160, error) {
 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	if err != nil {
 		return util.Uint160{}, fmt.Errorf("can't get NNS contract state: %w", err)
 	}
@ -309,6 +321,15 @@ type Container struct {
 	Signature []byte `json:"signature"`
 	PublicKey []byte `json:"public_key"`
 	Token     []byte `json:"token"`
+	EACL      *EACL  `json:"eacl"`
+}
+
+// EACL represents extended ACL struct in contract storage.
+type EACL struct {
+	Value     []byte `json:"value"`
+	Signature []byte `json:"signature"`
+	PublicKey []byte `json:"public_key"`
+	Token     []byte `json:"token"`
 }

 // ToStackItem implements stackitem.Convertible.
@ -355,6 +376,50 @@ func (c *Container) FromStackItem(item stackitem.Item) error {
 	return nil
 }

+// ToStackItem implements stackitem.Convertible.
+func (c *EACL) ToStackItem() (stackitem.Item, error) {
+	return stackitem.NewStruct([]stackitem.Item{
+		stackitem.NewByteArray(c.Value),
+		stackitem.NewByteArray(c.Signature),
+		stackitem.NewByteArray(c.PublicKey),
+		stackitem.NewByteArray(c.Token),
+	}), nil
+}
+
+// FromStackItem implements stackitem.Convertible.
+func (c *EACL) FromStackItem(item stackitem.Item) error {
+	arr, ok := item.Value().([]stackitem.Item)
+	if !ok || len(arr) != 4 {
+		return errors.New("invalid stack item type")
+	}
+
+	value, err := arr[0].TryBytes()
+	if err != nil {
+		return errors.New("invalid eACL value")
+	}
+
+	sig, err := arr[1].TryBytes()
+	if err != nil {
+		return errors.New("invalid eACL signature")
+	}
+
+	pub, err := arr[2].TryBytes()
+	if err != nil {
+		return errors.New("invalid eACL public key")
+	}
+
+	tok, err := arr[3].TryBytes()
+	if err != nil {
+		return errors.New("invalid eACL token")
+	}
+
+	c.Value = value
+	c.Signature = sig
+	c.PublicKey = pub
+	c.Token = tok
+	return nil
+}
+
 // getCIDFilterFunc returns filtering function for container IDs.
 // Raw byte slices are used because it works with structures returned
 // from contract.
@ -381,7 +446,7 @@ func getCIDFilterFunc(cmd *cobra.Command) (func([]byte) bool, error) {
 		var id cid.ID
 		id.SetSHA256(v)
 		idStr := id.EncodeToString()
-		_, found := slices.BinarySearch(rawIDs, idStr)
-		return found
+		n := sort.Search(len(rawIDs), func(i int) bool { return rawIDs[i] >= idStr })
+		return n < len(rawIDs) && rawIDs[n] == idStr
 	}, nil
 }
--- a/cmd/frostfs-adm/internal/modules/morph/contract/deploy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/contract/deploy.go
@ -79,7 +79,7 @@ func deployContractCmd(cmd *cobra.Command, args []string) error {
 	}

 	r := management.NewReader(c.ReadOnlyInvoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't fetch NNS contract state: %w", err)
 	}
@ -148,14 +148,12 @@ func registerNNS(nnsCs *state.Contract, c *helper.InitializeContext, zone string

 		emit.AppCall(bw.BinWriter, nnsCs.Hash, "register", callflag.All,
 			zone, c.CommitteeAcc.Contract.ScriptHash(),
-			constants.FrostfsOpsEmail, constants.NNSRefreshDefVal, constants.NNSRetryDefVal,
-			int64(constants.DefaultExpirationTime), constants.NNSTtlDefVal)
+			constants.FrostfsOpsEmail, int64(3600), int64(600), int64(constants.DefaultExpirationTime), int64(3600))
 		emit.Opcodes(bw.BinWriter, opcode.ASSERT)

 		emit.AppCall(bw.BinWriter, nnsCs.Hash, "register", callflag.All,
 			domain, c.CommitteeAcc.Contract.ScriptHash(),
-			constants.FrostfsOpsEmail, constants.NNSRefreshDefVal, constants.NNSRetryDefVal,
-			int64(constants.DefaultExpirationTime), constants.NNSTtlDefVal)
+			constants.FrostfsOpsEmail, int64(3600), int64(600), int64(constants.DefaultExpirationTime), int64(3600))
 		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 	} else {
 		s, ok, err := c.NNSRegisterDomainScript(nnsCs.Hash, cs.Hash, domain)
--- a/cmd/frostfs-adm/internal/modules/morph/contract/dump_hashes.go
+++ b/cmd/frostfs-adm/internal/modules/morph/contract/dump_hashes.go
@ -36,13 +36,13 @@ type contractDumpInfo struct {
 }

 func dumpContractHashes(cmd *cobra.Command, _ []string) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}

 	r := management.NewReader(invoker.New(c, nil))
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return err
 	}
@ -68,7 +68,7 @@ func dumpContractHashes(cmd *cobra.Command, _ []string) error {

 	if irSize != 0 {
 		bw.Reset()
-		for i := range irSize {
+		for i := 0; i < irSize; i++ {
 			emit.AppCall(bw.BinWriter, cs.Hash, "resolve", callflag.ReadOnly,
 				helper.GetAlphabetNNSDomain(i),
 				int64(nns.TXT))
@ -79,7 +79,7 @@ func dumpContractHashes(cmd *cobra.Command, _ []string) error {
 			return fmt.Errorf("can't fetch info from NNS: %w", err)
 		}

-		for i := range irSize {
+		for i := 0; i < irSize; i++ {
 			info := contractDumpInfo{name: fmt.Sprintf("alphabet %d", i)}
 			if h, err := helper.ParseNNSResolveResult(alphaRes.Stack[i]); err == nil {
 				info.hash = h
@ -219,8 +219,8 @@ func printContractInfo(cmd *cobra.Command, infos []contractDumpInfo) {
 		if info.version == "" {
 			info.version = "unknown"
 		}
-		_, _ = tw.Write(fmt.Appendf(nil, "%s\t(%s):\t%s\n",
-			info.name, info.version, info.hash.StringLE()))
+		_, _ = tw.Write([]byte(fmt.Sprintf("%s\t(%s):\t%s\n",
+			info.name, info.version, info.hash.StringLE())))
 	}
 	_ = tw.Flush()

--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid/additional_keys.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid/additional_keys.go
@ -1,83 +0,0 @@
-package frostfsid
-
-import (
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-var (
-	frostfsidAddSubjectKeyCmd = &cobra.Command{
-		Use:   "add-subject-key",
-		Short: "Add a public key to the subject in frostfsid contract",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-		},
-		Run: frostfsidAddSubjectKey,
-	}
-	frostfsidRemoveSubjectKeyCmd = &cobra.Command{
-		Use:   "remove-subject-key",
-		Short: "Remove a public key from the subject in frostfsid contract",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-		},
-		Run: frostfsidRemoveSubjectKey,
-	}
-)
-
-func initFrostfsIDAddSubjectKeyCmd() {
-	Cmd.AddCommand(frostfsidAddSubjectKeyCmd)
-
-	ff := frostfsidAddSubjectKeyCmd.Flags()
-	ff.StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	ff.String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-
-	ff.String(subjectAddressFlag, "", "Subject address")
-	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectAddressFlag)
-
-	ff.String(subjectKeyFlag, "", "Public key to add")
-	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectKeyFlag)
-}
-
-func initFrostfsIDRemoveSubjectKeyCmd() {
-	Cmd.AddCommand(frostfsidRemoveSubjectKeyCmd)
-
-	ff := frostfsidRemoveSubjectKeyCmd.Flags()
-	ff.StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	ff.String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-
-	ff.String(subjectAddressFlag, "", "Subject address")
-	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectAddressFlag)
-
-	ff.String(subjectKeyFlag, "", "Public key to remove")
-	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectKeyFlag)
-}
-
-func frostfsidAddSubjectKey(cmd *cobra.Command, _ []string) {
-	addr := getFrostfsIDSubjectAddress(cmd)
-	pub := getFrostfsIDSubjectKey(cmd)
-
-	ffsid, err := newFrostfsIDClient(cmd)
-	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
-
-	ffsid.addCall(ffsid.roCli.AddSubjectKeyCall(addr, pub))
-
-	err = ffsid.sendWait()
-	commonCmd.ExitOnErr(cmd, "add subject key: %w", err)
-}
-
-func frostfsidRemoveSubjectKey(cmd *cobra.Command, _ []string) {
-	addr := getFrostfsIDSubjectAddress(cmd)
-	pub := getFrostfsIDSubjectKey(cmd)
-
-	ffsid, err := newFrostfsIDClient(cmd)
-	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
-
-	ffsid.addCall(ffsid.roCli.RemoveSubjectKeyCall(addr, pub))
-
-	err = ffsid.sendWait()
-	commonCmd.ExitOnErr(cmd, "remove subject key: %w", err)
-}
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid.go
@ -3,47 +3,34 @@ package frostfsid
 import (
 	"errors"
 	"fmt"
-	"math/big"
 	"sort"

 	frostfsidclient "git.frostfs.info/TrueCloudLab/frostfs-contract/frostfsid/client"
-	frostfsidrpclient "git.frostfs.info/TrueCloudLab/frostfs-contract/rpcclient/frostfsid"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/io"
-	"github.com/nspcc-dev/neo-go/pkg/neorpc/result"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
-	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )

-const iteratorBatchSize = 1
-
 const (
 	namespaceFlag      = "namespace"
 	subjectNameFlag    = "subject-name"
 	subjectKeyFlag     = "subject-key"
 	subjectAddressFlag = "subject-address"
-	extendedFlag       = "extended"
+	includeNamesFlag   = "include-names"
 	groupNameFlag      = "group-name"
 	groupIDFlag        = "group-id"

 	rootNamespacePlaceholder = "<root>"
-
-	keyFlag       = "key"
-	keyDescFlag   = "Key for storing a value in the subject's KV storage"
-	valueFlag     = "value"
-	valueDescFlag = "Value to be stored in the subject's KV storage"
 )

 var (
@ -66,6 +53,7 @@ var (
 		Use:   "list-namespaces",
 		Short: "List all namespaces in frostfsid",
 		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListNamespaces,
@ -95,6 +83,7 @@ var (
 		Use:   "list-subjects",
 		Short: "List subjects in namespace",
 		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListSubjects,
@ -124,6 +113,7 @@ var (
 		Use:   "list-groups",
 		Short: "List groups in namespace",
 		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListGroups,
@ -153,27 +143,11 @@ var (
 		Use:   "list-group-subjects",
 		Short: "List subjects in group",
 		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListGroupSubjects,
 	}
-
-	frostfsidSetKVCmd = &cobra.Command{
-		Use:   "set-kv",
-		Short: "Store a key-value pair in the subject's KV storage",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-		},
-		Run: frostfsidSetKV,
-	}
-	frostfsidDeleteKVCmd = &cobra.Command{
-		Use:   "delete-kv",
-		Short: "Delete a value from the subject's KV storage",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-		},
-		Run: frostfsidDeleteKV,
-	}
 )

 func initFrostfsIDCreateNamespaceCmd() {
@ -181,12 +155,12 @@ func initFrostfsIDCreateNamespaceCmd() {
 	frostfsidCreateNamespaceCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidCreateNamespaceCmd.Flags().String(namespaceFlag, "", "Namespace name to create")
 	frostfsidCreateNamespaceCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-	_ = frostfsidCreateNamespaceCmd.MarkFlagRequired(namespaceFlag)
 }

 func initFrostfsIDListNamespacesCmd() {
 	Cmd.AddCommand(frostfsidListNamespacesCmd)
 	frostfsidListNamespacesCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidListNamespacesCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }

 func initFrostfsIDCreateSubjectCmd() {
@ -209,7 +183,8 @@ func initFrostfsIDListSubjectsCmd() {
 	Cmd.AddCommand(frostfsidListSubjectsCmd)
 	frostfsidListSubjectsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidListSubjectsCmd.Flags().String(namespaceFlag, "", "Namespace to list subjects")
-	frostfsidListSubjectsCmd.Flags().Bool(extendedFlag, false, "Whether include subject info (require additional requests)")
+	frostfsidListSubjectsCmd.Flags().Bool(includeNamesFlag, false, "Whether include subject name (require additional requests)")
+	frostfsidListSubjectsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }

 func initFrostfsIDCreateGroupCmd() {
@ -218,7 +193,6 @@ func initFrostfsIDCreateGroupCmd() {
 	frostfsidCreateGroupCmd.Flags().String(namespaceFlag, "", "Namespace where create group")
 	frostfsidCreateGroupCmd.Flags().String(groupNameFlag, "", "Group name, must be unique in namespace")
 	frostfsidCreateGroupCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-	_ = frostfsidCreateGroupCmd.MarkFlagRequired(groupNameFlag)
 }

 func initFrostfsIDDeleteGroupCmd() {
@ -233,6 +207,7 @@ func initFrostfsIDListGroupsCmd() {
 	Cmd.AddCommand(frostfsidListGroupsCmd)
 	frostfsidListGroupsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidListGroupsCmd.Flags().String(namespaceFlag, "", "Namespace to list groups")
+	frostfsidListGroupsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }

 func initFrostfsIDAddSubjectToGroupCmd() {
@ -256,22 +231,8 @@ func initFrostfsIDListGroupSubjectsCmd() {
 	frostfsidListGroupSubjectsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidListGroupSubjectsCmd.Flags().String(namespaceFlag, "", "Namespace name")
 	frostfsidListGroupSubjectsCmd.Flags().Int64(groupIDFlag, 0, "Group id")
-	frostfsidListGroupSubjectsCmd.Flags().Bool(extendedFlag, false, "Whether include subject info (require additional requests)")
-}
-
-func initFrostfsIDSetKVCmd() {
-	Cmd.AddCommand(frostfsidSetKVCmd)
-	frostfsidSetKVCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	frostfsidSetKVCmd.Flags().String(subjectAddressFlag, "", "Subject address")
-	frostfsidSetKVCmd.Flags().String(keyFlag, "", keyDescFlag)
-	frostfsidSetKVCmd.Flags().String(valueFlag, "", valueDescFlag)
-}
-
-func initFrostfsIDDeleteKVCmd() {
-	Cmd.AddCommand(frostfsidDeleteKVCmd)
-	frostfsidDeleteKVCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	frostfsidDeleteKVCmd.Flags().String(subjectAddressFlag, "", "Subject address")
-	frostfsidDeleteKVCmd.Flags().String(keyFlag, "", keyDescFlag)
+	frostfsidListGroupSubjectsCmd.Flags().Bool(includeNamesFlag, false, "Whether include subject name (require additional requests)")
+	frostfsidListGroupSubjectsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }

 func frostfsidCreateNamespace(cmd *cobra.Command, _ []string) {
@ -287,15 +248,12 @@ func frostfsidCreateNamespace(cmd *cobra.Command, _ []string) {
 }

 func frostfsidListNamespaces(cmd *cobra.Command, _ []string) {
-	inv, _, hash := initInvoker(cmd)
-	reader := frostfsidrpclient.NewReader(inv, hash)
-	sessionID, it, err := reader.ListNamespaces()
-	commonCmd.ExitOnErr(cmd, "can't get namespace: %w", err)
-	items, err := readIterator(inv, &it, sessionID)
-	commonCmd.ExitOnErr(cmd, "can't read iterator: %w", err)
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract invoker: %w", err)
+
+	namespaces, err := ffsid.roCli.ListNamespaces()
+	commonCmd.ExitOnErr(cmd, "list namespaces: %w", err)

-	namespaces, err := frostfsidclient.ParseNamespaces(items)
-	commonCmd.ExitOnErr(cmd, "can't parse namespace: %w", err)
 	sort.Slice(namespaces, func(i, j int) bool { return namespaces[i].Name < namespaces[j].Name })

 	for _, namespace := range namespaces {
@ -336,32 +294,27 @@ func frostfsidDeleteSubject(cmd *cobra.Command, _ []string) {
 }

 func frostfsidListSubjects(cmd *cobra.Command, _ []string) {
-	extended, _ := cmd.Flags().GetBool(extendedFlag)
 	ns := getFrostfsIDNamespace(cmd)
-	inv, _, hash := initInvoker(cmd)
-	reader := frostfsidrpclient.NewReader(inv, hash)
-	sessionID, it, err := reader.ListNamespaceSubjects(ns)
-	commonCmd.ExitOnErr(cmd, "can't get namespace: %w", err)
+	includeNames, _ := cmd.Flags().GetBool(includeNamesFlag)

-	subAddresses, err := frostfsidclient.UnwrapArrayOfUint160(readIterator(inv, &it, sessionID))
-	commonCmd.ExitOnErr(cmd, "can't unwrap: %w", err)
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract invoker: %w", err)
+
+	subAddresses, err := ffsid.roCli.ListNamespaceSubjects(ns)
+	commonCmd.ExitOnErr(cmd, "list subjects: %w", err)

 	sort.Slice(subAddresses, func(i, j int) bool { return subAddresses[i].Less(subAddresses[j]) })

 	for _, addr := range subAddresses {
-		if !extended {
+		if !includeNames {
 			cmd.Println(address.Uint160ToString(addr))
 			continue
 		}

-		items, err := reader.GetSubject(addr)
-		commonCmd.ExitOnErr(cmd, "can't get subject: %w", err)
+		subj, err := ffsid.roCli.GetSubject(addr)
+		commonCmd.ExitOnErr(cmd, "get subject: %w", err)

-		subj, err := frostfsidclient.ParseSubject(items)
-		commonCmd.ExitOnErr(cmd, "can't parse subject: %w", err)
-
-		printSubjectInfo(cmd, addr, subj)
-		cmd.Println()
+		cmd.Printf("%s (%s)\n", address.Uint160ToString(addr), subj.Name)
 	}
 }

@ -394,17 +347,13 @@ func frostfsidDeleteGroup(cmd *cobra.Command, _ []string) {
 }

 func frostfsidListGroups(cmd *cobra.Command, _ []string) {
-	inv, _, hash := initInvoker(cmd)
 	ns := getFrostfsIDNamespace(cmd)

-	reader := frostfsidrpclient.NewReader(inv, hash)
-	sessionID, it, err := reader.ListGroups(ns)
-	commonCmd.ExitOnErr(cmd, "can't get namespace: %w", err)
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract invoker: %w", err)

-	items, err := readIterator(inv, &it, sessionID)
-	commonCmd.ExitOnErr(cmd, "can't list groups: %w", err)
-	groups, err := frostfsidclient.ParseGroups(items)
-	commonCmd.ExitOnErr(cmd, "can't parse groups: %w", err)
+	groups, err := ffsid.roCli.ListGroups(ns)
+	commonCmd.ExitOnErr(cmd, "list groups: %w", err)

 	sort.Slice(groups, func(i, j int) bool { return groups[i].Name < groups[j].Name })

@ -439,77 +388,29 @@ func frostfsidRemoveSubjectFromGroup(cmd *cobra.Command, _ []string) {
 	commonCmd.ExitOnErr(cmd, "remove subject from group error: %w", err)
 }

-func frostfsidSetKV(cmd *cobra.Command, _ []string) {
-	subjectAddress := getFrostfsIDSubjectAddress(cmd)
-	key, _ := cmd.Flags().GetString(keyFlag)
-	value, _ := cmd.Flags().GetString(valueFlag)
-
-	if key == "" {
-		commonCmd.ExitOnErr(cmd, "", errors.New("key can't be empty"))
-	}
-
-	ffsid, err := newFrostfsIDClient(cmd)
-	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
-
-	method, args := ffsid.roCli.SetSubjectKVCall(subjectAddress, key, value)
-
-	ffsid.addCall(method, args)
-
-	err = ffsid.sendWait()
-	commonCmd.ExitOnErr(cmd, "set KV: %w", err)
-}
-
-func frostfsidDeleteKV(cmd *cobra.Command, _ []string) {
-	subjectAddress := getFrostfsIDSubjectAddress(cmd)
-	key, _ := cmd.Flags().GetString(keyFlag)
-
-	if key == "" {
-		commonCmd.ExitOnErr(cmd, "", errors.New("key can't be empty"))
-	}
-
-	ffsid, err := newFrostfsIDClient(cmd)
-	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
-
-	method, args := ffsid.roCli.DeleteSubjectKVCall(subjectAddress, key)
-
-	ffsid.addCall(method, args)
-
-	err = ffsid.sendWait()
-	commonCmd.ExitOnErr(cmd, "delete KV: %w", err)
-}
-
 func frostfsidListGroupSubjects(cmd *cobra.Command, _ []string) {
 	ns := getFrostfsIDNamespace(cmd)
 	groupID := getFrostfsIDGroupID(cmd)
-	extended, _ := cmd.Flags().GetBool(extendedFlag)
-	inv, cs, hash := initInvoker(cmd)
-	_, err := helper.NNSResolveHash(inv, cs.Hash, helper.DomainOf(constants.FrostfsIDContract))
-	commonCmd.ExitOnErr(cmd, "can't get netmap contract hash: %w", err)
+	includeNames, _ := cmd.Flags().GetBool(includeNamesFlag)

-	reader := frostfsidrpclient.NewReader(inv, hash)
-	sessionID, it, err := reader.ListGroupSubjects(ns, big.NewInt(groupID))
-	commonCmd.ExitOnErr(cmd, "can't list groups: %w", err)
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)

-	items, err := readIterator(inv, &it, sessionID)
-	commonCmd.ExitOnErr(cmd, "can't read iterator: %w", err)
-
-	subjects, err := frostfsidclient.UnwrapArrayOfUint160(items, err)
-	commonCmd.ExitOnErr(cmd, "can't unwrap: %w", err)
+	subjects, err := ffsid.roCli.ListGroupSubjects(ns, groupID)
+	commonCmd.ExitOnErr(cmd, "list group subjects: %w", err)

 	sort.Slice(subjects, func(i, j int) bool { return subjects[i].Less(subjects[j]) })

 	for _, subjAddr := range subjects {
-		if !extended {
+		if !includeNames {
 			cmd.Println(address.Uint160ToString(subjAddr))
 			continue
 		}

-		items, err := reader.GetSubject(subjAddr)
-		commonCmd.ExitOnErr(cmd, "can't get subject: %w", err)
-		subj, err := frostfsidclient.ParseSubject(items)
-		commonCmd.ExitOnErr(cmd, "can't parse subject: %w", err)
-		printSubjectInfo(cmd, subjAddr, subj)
-		cmd.Println()
+		subj, err := ffsid.roCli.GetSubject(subjAddr)
+		commonCmd.ExitOnErr(cmd, "get subject: %w", err)
+
+		cmd.Printf("%s (%s)\n", address.Uint160ToString(subjAddr), subj.Name)
 	}
 }

@ -523,11 +424,11 @@ type frostfsidClient struct {
 func newFrostfsIDClient(cmd *cobra.Command) (*frostfsidClient, error) {
 	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
-		return nil, fmt.Errorf("can't initialize context: %w", err)
+		return nil, fmt.Errorf("can't to initialize context: %w", err)
 	}

 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return nil, fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -564,65 +465,10 @@ func (f *frostfsidClient) sendWaitRes() (*state.AppExecResult, error) {
 	}
 	f.bw.Reset()

+	if len(f.wCtx.SentTxs) == 0 {
+		return nil, errors.New("no transactions to wait")
+	}
+
 	f.wCtx.Command.Println("Waiting for transactions to persist...")
 	return f.roCli.Wait(f.wCtx.SentTxs[0].Hash, f.wCtx.SentTxs[0].Vub, nil)
 }
-
-func readIterator(inv *invoker.Invoker, iter *result.Iterator, sessionID uuid.UUID) ([]stackitem.Item, error) {
-	var shouldStop bool
-	res := make([]stackitem.Item, 0)
-	for !shouldStop {
-		items, err := inv.TraverseIterator(sessionID, iter, iteratorBatchSize)
-		if err != nil {
-			return nil, err
-		}
-
-		res = append(res, items...)
-		shouldStop = len(items) < iteratorBatchSize
-	}
-
-	return res, nil
-}
-
-func initInvoker(cmd *cobra.Command) (*invoker.Invoker, *state.Contract, util.Uint160) {
-	c, err := helper.NewRemoteClient(viper.GetViper())
-	commonCmd.ExitOnErr(cmd, "can't create N3 client: %w", err)
-
-	inv := invoker.New(c, nil)
-	r := management.NewReader(inv)
-
-	cs, err := r.GetContractByID(1)
-	commonCmd.ExitOnErr(cmd, "can't get NNS contract info: %w", err)
-
-	nmHash, err := helper.NNSResolveHash(inv, cs.Hash, helper.DomainOf(constants.FrostfsIDContract))
-	commonCmd.ExitOnErr(cmd, "can't get netmap contract hash: %w", err)
-
-	return inv, cs, nmHash
-}
-
-func printSubjectInfo(cmd *cobra.Command, addr util.Uint160, subj *frostfsidclient.Subject) {
-	cmd.Printf("Address: %s\n", address.Uint160ToString(addr))
-	pk := "<nil>"
-	if subj.PrimaryKey != nil {
-		pk = subj.PrimaryKey.String()
-	}
-	cmd.Printf("Primary key: %s\n", pk)
-	cmd.Printf("Name: %s\n", subj.Name)
-	cmd.Printf("Namespace: %s\n", subj.Namespace)
-	if len(subj.AdditionalKeys) > 0 {
-		cmd.Printf("Additional keys:\n")
-		for _, key := range subj.AdditionalKeys {
-			k := "<nil>"
-			if key != nil {
-				k = key.String()
-			}
-			cmd.Printf("- %s\n", k)
-		}
-	}
-	if len(subj.KV) > 0 {
-		cmd.Printf("KV:\n")
-		for k, v := range subj.KV {
-			cmd.Printf("- %s: %s\n", k, v)
-		}
-	}
-}
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid_util_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid_util_test.go
@ -1,12 +1,59 @@
 package frostfsid

 import (
+	"encoding/hex"
 	"testing"

+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/internal/ape"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 )

+func TestFrostfsIDConfig(t *testing.T) {
+	pks := make([]*keys.PrivateKey, 4)
+	for i := range pks {
+		pk, err := keys.NewPrivateKey()
+		require.NoError(t, err)
+		pks[i] = pk
+	}
+
+	fmts := []string{
+		pks[0].GetScriptHash().StringLE(),
+		address.Uint160ToString(pks[1].GetScriptHash()),
+		hex.EncodeToString(pks[2].PublicKey().UncompressedBytes()),
+		hex.EncodeToString(pks[3].PublicKey().Bytes()),
+	}
+
+	for i := range fmts {
+		v := viper.New()
+		v.Set("frostfsid.admin", fmts[i])
+
+		actual, found, err := helper.GetFrostfsIDAdmin(v)
+		require.NoError(t, err)
+		require.True(t, found)
+		require.Equal(t, pks[i].GetScriptHash(), actual)
+	}
+
+	t.Run("bad key", func(t *testing.T) {
+		v := viper.New()
+		v.Set("frostfsid.admin", "abc")
+
+		_, found, err := helper.GetFrostfsIDAdmin(v)
+		require.Error(t, err)
+		require.True(t, found)
+	})
+	t.Run("missing key", func(t *testing.T) {
+		v := viper.New()
+
+		_, found, err := helper.GetFrostfsIDAdmin(v)
+		require.NoError(t, err)
+		require.False(t, found)
+	})
+}
+
 func TestNamespaceRegexp(t *testing.T) {
 	for _, tc := range []struct {
 		name      string
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid/root.go
@ -12,8 +12,4 @@ func init() {
 	initFrostfsIDAddSubjectToGroupCmd()
 	initFrostfsIDRemoveSubjectFromGroupCmd()
 	initFrostfsIDListGroupSubjectsCmd()
-	initFrostfsIDSetKVCmd()
-	initFrostfsIDDeleteKVCmd()
-	initFrostfsIDAddSubjectKeyCmd()
-	initFrostfsIDRemoveSubjectKeyCmd()
 }
--- a/cmd/frostfs-adm/internal/modules/morph/generate/generate.go
+++ b/cmd/frostfs-adm/internal/modules/morph/generate/generate.go
@ -12,6 +12,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/gas"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
@ -64,47 +65,41 @@ func initializeWallets(v *viper.Viper, walletDir string, size int) ([]string, er
 	pubs := make(keys.PublicKeys, size)
 	passwords := make([]string, size)

-	var errG errgroup.Group
-
 	for i := range wallets {
 		password, err := config.GetPassword(v, innerring.GlagoliticLetter(i).String())
 		if err != nil {
 			return nil, fmt.Errorf("can't fetch password: %w", err)
 		}

-		errG.Go(func() error {
-			p := filepath.Join(walletDir, innerring.GlagoliticLetter(i).String()+".json")
-			f, err := os.OpenFile(p, os.O_CREATE, 0o644)
-			if err != nil {
-				return fmt.Errorf("can't create wallet file: %w", err)
-			}
-			if err := f.Close(); err != nil {
-				return fmt.Errorf("can't close wallet file: %w", err)
-			}
-			w, err := wallet.NewWallet(p)
-			if err != nil {
-				return fmt.Errorf("can't create wallet: %w", err)
-			}
-			if err := w.CreateAccount(constants.SingleAccountName, password); err != nil {
-				return fmt.Errorf("can't create account: %w", err)
-			}
+		p := filepath.Join(walletDir, innerring.GlagoliticLetter(i).String()+".json")
+		f, err := os.OpenFile(p, os.O_CREATE, 0o644)
+		if err != nil {
+			return nil, fmt.Errorf("can't create wallet file: %w", err)
+		}
+		if err := f.Close(); err != nil {
+			return nil, fmt.Errorf("can't close wallet file: %w", err)
+		}
+		w, err := wallet.NewWallet(p)
+		if err != nil {
+			return nil, fmt.Errorf("can't create wallet: %w", err)
+		}
+		if err := w.CreateAccount(constants.SingleAccountName, password); err != nil {
+			return nil, fmt.Errorf("can't create account: %w", err)
+		}

-			passwords[i] = password
-			wallets[i] = w
-			pubs[i] = w.Accounts[0].PrivateKey().PublicKey()
-			return nil
-		})
+		passwords[i] = password
+		wallets[i] = w
+		pubs[i] = w.Accounts[0].PrivateKey().PublicKey()
 	}

-	if err := errG.Wait(); err != nil {
-		return nil, err
-	}
+	var errG errgroup.Group

 	// Create committee account with N/2+1 multi-signature.
 	majCount := smartcontract.GetMajorityHonestNodeCount(size)
 	// Create consensus account with 2*N/3+1 multi-signature.
 	bftCount := smartcontract.GetDefaultHonestNodeCount(size)
 	for i := range wallets {
+		i := i
 		ps := pubs.Copy()
 		errG.Go(func() error {
 			if err := addMultisigAccount(wallets[i], majCount, constants.CommitteeAccountName, passwords[i], ps); err != nil {
@ -140,29 +135,60 @@ func addMultisigAccount(w *wallet.Wallet, m int, name, password string, pubs key
 }

 func generateStorageCreds(cmd *cobra.Command, _ []string) error {
-	walletPath, _ := cmd.Flags().GetString(commonflags.StorageWalletFlag)
-	w, err := wallet.NewWallet(walletPath)
-	if err != nil {
-		return fmt.Errorf("create wallet: %w", err)
-	}
-
-	label, _ := cmd.Flags().GetString(storageWalletLabelFlag)
-	password, err := config.GetStoragePassword(viper.GetViper(), label)
-	if err != nil {
-		return fmt.Errorf("can't fetch password: %w", err)
-	}
-
-	if label == "" {
-		label = constants.SingleAccountName
-	}
-
-	if err := w.CreateAccount(label, password); err != nil {
-		return fmt.Errorf("can't create account: %w", err)
-	}
-	return refillGas(cmd, storageGasConfigFlag, w.Accounts[0].ScriptHash())
+	return refillGas(cmd, storageGasConfigFlag, true)
 }

-func refillGas(cmd *cobra.Command, gasFlag string, gasReceivers ...util.Uint160) (err error) {
+func refillGas(cmd *cobra.Command, gasFlag string, createWallet bool) (err error) {
+	// storage wallet path is not part of the config
+	storageWalletPath, _ := cmd.Flags().GetString(commonflags.StorageWalletFlag)
+	// wallet address is not part of the config
+	walletAddress, _ := cmd.Flags().GetString(walletAddressFlag)
+
+	var gasReceiver util.Uint160
+
+	if len(walletAddress) != 0 {
+		gasReceiver, err = address.StringToUint160(walletAddress)
+		if err != nil {
+			return fmt.Errorf("invalid wallet address %s: %w", walletAddress, err)
+		}
+	} else {
+		if storageWalletPath == "" {
+			return fmt.Errorf("missing wallet path (use '--%s <out.json>')", commonflags.StorageWalletFlag)
+		}
+
+		var w *wallet.Wallet
+
+		if createWallet {
+			w, err = wallet.NewWallet(storageWalletPath)
+		} else {
+			w, err = wallet.NewWalletFromFile(storageWalletPath)
+		}
+
+		if err != nil {
+			return fmt.Errorf("can't create wallet: %w", err)
+		}
+
+		if createWallet {
+			var password string
+
+			label, _ := cmd.Flags().GetString(storageWalletLabelFlag)
+			password, err := config.GetStoragePassword(viper.GetViper(), label)
+			if err != nil {
+				return fmt.Errorf("can't fetch password: %w", err)
+			}
+
+			if label == "" {
+				label = constants.SingleAccountName
+			}
+
+			if err := w.CreateAccount(label, password); err != nil {
+				return fmt.Errorf("can't create account: %w", err)
+			}
+		}
+
+		gasReceiver = w.Accounts[0].Contract.ScriptHash()
+	}
+
 	gasStr := viper.GetString(gasFlag)

 	gasAmount, err := helper.ParseGASAmount(gasStr)
@ -176,11 +202,9 @@ func refillGas(cmd *cobra.Command, gasFlag string, gasReceivers ...util.Uint160)
 	}

 	bw := io.NewBufBinWriter()
-	for _, gasReceiver := range gasReceivers {
-		emit.AppCall(bw.BinWriter, gas.Hash, "transfer", callflag.All,
-			wCtx.CommitteeAcc.Contract.ScriptHash(), gasReceiver, int64(gasAmount), nil)
-		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
-	}
+	emit.AppCall(bw.BinWriter, gas.Hash, "transfer", callflag.All,
+		wCtx.CommitteeAcc.Contract.ScriptHash(), gasReceiver, int64(gasAmount), nil)
+	emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 	if bw.Err != nil {
 		return fmt.Errorf("BUG: invalid transfer arguments: %w", bw.Err)
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/generate/generate_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/generate/generate_test.go
@ -23,6 +23,8 @@ import (
 )

 func TestGenerateAlphabet(t *testing.T) {
+	const size = 4
+
 	walletDir := t.TempDir()
 	buf := setupTestTerminal(t)

@ -53,17 +55,17 @@ func TestGenerateAlphabet(t *testing.T) {
 	t.Run("no password for contract group wallet", func(t *testing.T) {
 		buf.Reset()
 		v.Set(commonflags.AlphabetWalletsFlag, walletDir)
-		require.NoError(t, cmd.Flags().Set(commonflags.AlphabetSizeFlag, "1"))
-		buf.WriteString("pass\r")
+		require.NoError(t, cmd.Flags().Set(commonflags.AlphabetSizeFlag, strconv.FormatUint(size, 10)))
+		for i := uint64(0); i < size; i++ {
+			buf.WriteString(strconv.FormatUint(i, 10) + "\r")
+		}
 		require.Error(t, AlphabetCreds(cmd, nil))
 	})

-	const size = 4
-
 	buf.Reset()
 	v.Set(commonflags.AlphabetWalletsFlag, walletDir)
 	require.NoError(t, GenerateAlphabetCmd.Flags().Set(commonflags.AlphabetSizeFlag, strconv.FormatUint(size, 10)))
-	for i := range uint64(size) {
+	for i := uint64(0); i < size; i++ {
 		buf.WriteString(strconv.FormatUint(i, 10) + "\r")
 	}

--- a/cmd/frostfs-adm/internal/modules/morph/generate/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/generate/root.go
@ -1,12 +1,7 @@
 package generate

 import (
-	"fmt"
-
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
-	"github.com/nspcc-dev/neo-go/pkg/util"
-	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@ -37,28 +32,8 @@ var (
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 			_ = viper.BindPFlag(commonflags.RefillGasAmountFlag, cmd.Flags().Lookup(commonflags.RefillGasAmountFlag))
 		},
-		RunE: func(cmd *cobra.Command, _ []string) error {
-			storageWalletPaths, _ := cmd.Flags().GetStringArray(commonflags.StorageWalletFlag)
-			walletAddresses, _ := cmd.Flags().GetStringArray(walletAddressFlag)
-
-			var gasReceivers []util.Uint160
-			for _, walletAddress := range walletAddresses {
-				addr, err := address.StringToUint160(walletAddress)
-				if err != nil {
-					return fmt.Errorf("invalid wallet address %s: %w", walletAddress, err)
-				}
-
-				gasReceivers = append(gasReceivers, addr)
-			}
-			for _, storageWalletPath := range storageWalletPaths {
-				w, err := wallet.NewWalletFromFile(storageWalletPath)
-				if err != nil {
-					return fmt.Errorf("can't create wallet: %w", err)
-				}
-
-				gasReceivers = append(gasReceivers, w.Accounts[0].Contract.ScriptHash())
-			}
-			return refillGas(cmd, commonflags.RefillGasAmountFlag, gasReceivers...)
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return refillGas(cmd, commonflags.RefillGasAmountFlag, false)
 		},
 	}
 	GenerateAlphabetCmd = &cobra.Command{
@ -75,10 +50,10 @@ var (
 func initRefillGasCmd() {
 	RefillGasCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	RefillGasCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	RefillGasCmd.Flags().StringArray(commonflags.StorageWalletFlag, nil, "Path to storage node wallet")
-	RefillGasCmd.Flags().StringArray(walletAddressFlag, nil, "Address of wallet")
+	RefillGasCmd.Flags().String(commonflags.StorageWalletFlag, "", "Path to storage node wallet")
+	RefillGasCmd.Flags().String(walletAddressFlag, "", "Address of wallet")
 	RefillGasCmd.Flags().String(commonflags.RefillGasAmountFlag, "", "Additional amount of GAS to transfer")
-	RefillGasCmd.MarkFlagsOneRequired(walletAddressFlag, commonflags.StorageWalletFlag)
+	RefillGasCmd.MarkFlagsMutuallyExclusive(walletAddressFlag, commonflags.StorageWalletFlag)
 }

 func initGenerateStorageCmd() {
--- a/cmd/frostfs-adm/internal/modules/morph/helper/actor.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/actor.go
@ -1,214 +0,0 @@
-package helper
-
-import (
-	"fmt"
-
-	"github.com/google/uuid"
-	"github.com/nspcc-dev/neo-go/pkg/core/state"
-	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
-	"github.com/nspcc-dev/neo-go/pkg/neorpc/result"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract/context"
-	"github.com/nspcc-dev/neo-go/pkg/util"
-	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
-	"github.com/nspcc-dev/neo-go/pkg/wallet"
-	"github.com/spf13/viper"
-)
-
-// LocalActor is a kludge, do not use it outside of the morph commands.
-type LocalActor struct {
-	neoActor   *actor.Actor
-	accounts   []*wallet.Account
-	Invoker    *invoker.Invoker
-	rpcInvoker invoker.RPCInvoke
-}
-
-type AlphabetWallets struct {
-	Label string
-	Path  string
-}
-
-func (a *AlphabetWallets) GetAccount(v *viper.Viper) ([]*wallet.Account, error) {
-	w, err := GetAlphabetWallets(v, a.Path)
-	if err != nil {
-		return nil, err
-	}
-
-	var accounts []*wallet.Account
-	for _, wall := range w {
-		acc, err := GetWalletAccount(wall, a.Label)
-		if err != nil {
-			return nil, err
-		}
-		accounts = append(accounts, acc)
-	}
-	return accounts, nil
-}
-
-type RegularWallets struct{ Path string }
-
-func (r *RegularWallets) GetAccount() ([]*wallet.Account, error) {
-	w, err := getRegularWallet(r.Path)
-	if err != nil {
-		return nil, err
-	}
-
-	return []*wallet.Account{w.GetAccount(w.GetChangeAddress())}, nil
-}
-
-// NewLocalActor create LocalActor with accounts form provided wallets.
-// In case of empty wallets provided created actor with dummy account only for read operation.
-//
-// If wallets are provided, the contract client will use accounts with accName name from these wallets.
-// To determine which account name should be used in a contract client, refer to how the contract
-// verifies the transaction signature.
-func NewLocalActor(c actor.RPCActor, alphabet *AlphabetWallets, regularWallets ...*RegularWallets) (*LocalActor, error) {
-	var act *actor.Actor
-	var accounts []*wallet.Account
-	var signers []actor.SignerAccount
-
-	if alphabet != nil {
-		account, err := alphabet.GetAccount(viper.GetViper())
-		if err != nil {
-			return nil, err
-		}
-
-		accounts = append(accounts, account...)
-		signers = append(signers, actor.SignerAccount{
-			Signer: transaction.Signer{
-				Account: account[0].Contract.ScriptHash(),
-				Scopes:  transaction.Global,
-			},
-			Account: account[0],
-		})
-	}
-
-	for _, w := range regularWallets {
-		if w == nil {
-			continue
-		}
-		account, err := w.GetAccount()
-		if err != nil {
-			return nil, err
-		}
-
-		accounts = append(accounts, account...)
-		signers = append(signers, actor.SignerAccount{
-			Signer: transaction.Signer{
-				Account: account[0].Contract.ScriptHash(),
-				Scopes:  transaction.Global,
-			},
-			Account: account[0],
-		})
-	}
-
-	act, err := actor.New(c, signers)
-	if err != nil {
-		return nil, err
-	}
-	return &LocalActor{
-		neoActor:   act,
-		accounts:   accounts,
-		Invoker:    &act.Invoker,
-		rpcInvoker: c,
-	}, nil
-}
-
-func (a *LocalActor) SendCall(contract util.Uint160, method string, params ...any) (util.Uint256, uint32, error) {
-	tx, err := a.neoActor.MakeCall(contract, method, params...)
-	if err != nil {
-		return util.Uint256{}, 0, err
-	}
-	err = a.resign(tx)
-	if err != nil {
-		return util.Uint256{}, 0, err
-	}
-	return a.neoActor.Send(tx)
-}
-
-func (a *LocalActor) SendRun(script []byte) (util.Uint256, uint32, error) {
-	tx, err := a.neoActor.MakeRun(script)
-	if err != nil {
-		return util.Uint256{}, 0, err
-	}
-	err = a.resign(tx)
-	if err != nil {
-		return util.Uint256{}, 0, err
-	}
-	return a.neoActor.Send(tx)
-}
-
-// resign is used to sign tx with committee accounts.
-// Inside the methods `MakeCall` and `SendRun` of the NeoGO's actor transaction is signing by committee account,
-// because actor uses committee wallet.
-// But it is not enough, need to sign with another committee accounts.
-func (a *LocalActor) resign(tx *transaction.Transaction) error {
-	if len(a.accounts[0].Contract.Parameters) > 1 {
-		// Use parameter context to avoid dealing with signature order.
-		network := a.neoActor.GetNetwork()
-		pc := context.NewParameterContext("", network, tx)
-		h := a.accounts[0].Contract.ScriptHash()
-		for _, acc := range a.accounts {
-			priv := acc.PrivateKey()
-			sign := priv.SignHashable(uint32(network), tx)
-			if err := pc.AddSignature(h, acc.Contract, priv.PublicKey(), sign); err != nil {
-				return fmt.Errorf("can't add signature: %w", err)
-			}
-			if len(pc.Items[h].Signatures) == len(acc.Contract.Parameters) {
-				break
-			}
-		}
-
-		w, err := pc.GetWitness(h)
-		if err != nil {
-			return fmt.Errorf("incomplete signature: %w", err)
-		}
-		tx.Scripts[0] = *w
-	}
-	return nil
-}
-
-func (a *LocalActor) Wait(h util.Uint256, vub uint32, err error) (*state.AppExecResult, error) {
-	return a.neoActor.Wait(h, vub, err)
-}
-
-func (a *LocalActor) Sender() util.Uint160 {
-	return a.neoActor.Sender()
-}
-
-func (a *LocalActor) Call(contract util.Uint160, operation string, params ...any) (*result.Invoke, error) {
-	return a.neoActor.Call(contract, operation, params...)
-}
-
-func (a *LocalActor) CallAndExpandIterator(_ util.Uint160, _ string, _ int, _ ...any) (*result.Invoke, error) {
-	panic("unimplemented")
-}
-
-func (a *LocalActor) TerminateSession(_ uuid.UUID) error {
-	panic("unimplemented")
-}
-
-func (a *LocalActor) TraverseIterator(sessionID uuid.UUID, iterator *result.Iterator, num int) ([]stackitem.Item, error) {
-	return a.neoActor.TraverseIterator(sessionID, iterator, num)
-}
-
-func (a *LocalActor) MakeRun(_ []byte) (*transaction.Transaction, error) {
-	panic("unimplemented")
-}
-
-func (a *LocalActor) MakeUnsignedCall(_ util.Uint160, _ string, _ []transaction.Attribute, _ ...any) (*transaction.Transaction, error) {
-	panic("unimplemented")
-}
-
-func (a *LocalActor) MakeUnsignedRun(_ []byte, _ []transaction.Attribute) (*transaction.Transaction, error) {
-	panic("unimplemented")
-}
-
-func (a *LocalActor) MakeCall(_ util.Uint160, _ string, _ ...any) (*transaction.Transaction, error) {
-	panic("unimplemented")
-}
-
-func (a *LocalActor) GetRPCInvoker() invoker.RPCInvoke {
-	return a.rpcInvoker
-}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/contract.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/contract.go
@ -15,7 +15,7 @@ import (

 func getFrostfsIDAdminFromContract(roInvoker *invoker.Invoker) (util.Uint160, bool, error) {
 	r := management.NewReader(roInvoker)
-	cs, err := GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return util.Uint160{}, false, fmt.Errorf("get nns contract: %w", err)
 	}
@ -62,7 +62,7 @@ func GetContractDeployData(c *InitializeContext, ctrName string, keysParam []any
 		// In case if NNS is updated multiple times, we can't calculate
 		// it's actual hash based on local data, thus query chain.
 		r := management.NewReader(c.ReadOnlyInvoker)
-		nnsCs, err := GetContractByID(r, 1)
+		nnsCs, err := r.GetContractByID(1)
 		if err != nil {
 			return nil, fmt.Errorf("get nns contract: %w", err)
 		}
@ -82,7 +82,7 @@ func GetContractDeployData(c *InitializeContext, ctrName string, keysParam []any
 			h, found, err = getFrostfsIDAdminFromContract(c.ReadOnlyInvoker)
 		}
 		if method != constants.UpdateMethodName || err == nil && !found {
-			h, found, err = getFrostfsIDAdmin(viper.GetViper())
+			h, found, err = GetFrostfsIDAdmin(viper.GetViper())
 		}
 		if err != nil {
 			return nil, err
@ -116,7 +116,7 @@ func GetContractDeployData(c *InitializeContext, ctrName string, keysParam []any
 	case constants.PolicyContract:
 		items = append(items, c.Contracts[constants.ProxyContract].Hash)
 	default:
-		panic("invalid contract name: " + ctrName)
+		panic(fmt.Sprintf("invalid contract name: %s", ctrName))
 	}
 	return items, nil
 }
@ -166,6 +166,5 @@ func DeployNNS(c *InitializeContext, method string) error {
 		return fmt.Errorf("can't send deploy transaction: %w", err)
 	}

-	c.Command.Println("NNS hash:", invokeHash.StringLE())
 	return c.AwaitTx()
 }
--- a/cmd/frostfs-adm/internal/modules/morph/helper/download.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/download.go
@ -14,8 +14,6 @@ import (
 	"github.com/spf13/cobra"
 )

-var errNoReleasesFound = errors.New("attempt to fetch contracts archive from the offitial repository failed: no releases found")
-
 func downloadContracts(cmd *cobra.Command, url string) (io.ReadCloser, error) {
 	cmd.Printf("Downloading contracts archive from '%s'\n", url)

@ -63,7 +61,7 @@ func downloadContractsFromRepository(cmd *cobra.Command) (io.ReadCloser, error)
 	}

 	if latestRelease == nil {
-		return nil, errNoReleasesFound
+		return nil, fmt.Errorf("attempt to fetch contracts archive from the offitial repository failed: no releases found")
 	}

 	cmd.Printf("Found release %s (%s)\n", latestRelease.TagName, latestRelease.Title)
--- a/cmd/frostfs-adm/internal/modules/morph/helper/frostfsid.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/frostfsid.go
@ -11,7 +11,7 @@ import (

 const frostfsIDAdminConfigKey = "frostfsid.admin"

-func getFrostfsIDAdmin(v *viper.Viper) (util.Uint160, bool, error) {
+func GetFrostfsIDAdmin(v *viper.Viper) (util.Uint160, bool, error) {
 	admin := v.GetString(frostfsIDAdminConfigKey)
 	if admin == "" {
 		return util.Uint160{}, false, nil
--- a/cmd/frostfs-adm/internal/modules/morph/helper/frostfsid_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/frostfsid_test.go
@ -1,53 +0,0 @@
-package helper
-
-import (
-	"encoding/hex"
-	"testing"
-
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
-	"github.com/spf13/viper"
-	"github.com/stretchr/testify/require"
-)
-
-func TestFrostfsIDConfig(t *testing.T) {
-	pks := make([]*keys.PrivateKey, 4)
-	for i := range pks {
-		pk, err := keys.NewPrivateKey()
-		require.NoError(t, err)
-		pks[i] = pk
-	}
-
-	fmts := []string{
-		pks[0].GetScriptHash().StringLE(),
-		address.Uint160ToString(pks[1].GetScriptHash()),
-		hex.EncodeToString(pks[2].PublicKey().UncompressedBytes()),
-		hex.EncodeToString(pks[3].PublicKey().Bytes()),
-	}
-
-	for i := range fmts {
-		v := viper.New()
-		v.Set("frostfsid.admin", fmts[i])
-
-		actual, found, err := getFrostfsIDAdmin(v)
-		require.NoError(t, err)
-		require.True(t, found)
-		require.Equal(t, pks[i].GetScriptHash(), actual)
-	}
-
-	t.Run("bad key", func(t *testing.T) {
-		v := viper.New()
-		v.Set("frostfsid.admin", "abc")
-
-		_, found, err := getFrostfsIDAdmin(v)
-		require.Error(t, err)
-		require.True(t, found)
-	})
-	t.Run("missing key", func(t *testing.T) {
-		v := viper.New()
-
-		_, found, err := getFrostfsIDAdmin(v)
-		require.NoError(t, err)
-		require.False(t, found)
-	})
-}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/initialize.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/initialize.go
@ -7,9 +7,7 @@ import (

 	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
@ -103,16 +101,6 @@ func GetWalletAccount(w *wallet.Wallet, typ string) (*wallet.Account, error) {
 	return nil, fmt.Errorf("account for '%s' not found", typ)
 }

-func GetComitteAcc(cmd *cobra.Command, v *viper.Viper) *wallet.Account {
-	walletDir := config.ResolveHomePath(viper.GetString(commonflags.AlphabetWalletsFlag))
-	wallets, err := GetAlphabetWallets(v, walletDir)
-	commonCmd.ExitOnErr(cmd, "unable to get alphabet wallets: %w", err)
-
-	committeeAcc, err := GetWalletAccount(wallets[0], constants.CommitteeAccountName)
-	commonCmd.ExitOnErr(cmd, "can't find committee account: %w", err)
-	return committeeAcc
-}
-
 func NNSResolve(inv *invoker.Invoker, nnsHash util.Uint160, domain string) (stackitem.Item, error) {
 	return unwrap.Item(inv.Call(nnsHash, "resolve", domain, int64(nns.TXT)))
 }
--- a/cmd/frostfs-adm/internal/modules/morph/helper/initialize_ctx.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/initialize_ctx.go
@ -3,7 +3,6 @@ package helper
 import (
 	"encoding/hex"
 	"encoding/json"
-	"errors"
 	"fmt"
 	io2 "io"
 	"os"
@ -34,11 +33,6 @@ import (
 	"github.com/spf13/viper"
 )

-var (
-	errNegativeDuration = errors.New("epoch duration must be positive")
-	errNegativeSize     = errors.New("max object size must be positive")
-)
-
 type ContractState struct {
 	NEF         *nef.File
 	RawNEF      []byte
@ -134,12 +128,12 @@ func NewInitializeContext(cmd *cobra.Command, v *viper.Viper) (*InitializeContex
 		return nil, err
 	}

-	accounts, err := getSingleAccounts(wallets)
+	accounts, err := createWalletAccounts(wallets)
 	if err != nil {
 		return nil, err
 	}

-	cliCtx, err := defaultClientContext(c, committeeAcc)
+	cliCtx, err := DefaultClientContext(c, committeeAcc)
 	if err != nil {
 		return nil, fmt.Errorf("client context: %w", err)
 	}
@ -172,11 +166,11 @@ func validateInit(cmd *cobra.Command) error {
 		return nil
 	}
 	if viper.GetInt64(commonflags.EpochDurationInitFlag) <= 0 {
-		return errNegativeDuration
+		return fmt.Errorf("epoch duration must be positive")
 	}

 	if viper.GetInt64(commonflags.MaxObjectSizeInitFlag) <= 0 {
-		return errNegativeSize
+		return fmt.Errorf("max object size must be positive")
 	}

 	return nil
@ -191,7 +185,7 @@ func createClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet)
 		}
 		c, err = NewLocalClient(cmd, v, wallets, ldf.Value.String())
 	} else {
-		c, err = NewRemoteClient(v)
+		c, err = GetN3Client(v)
 	}
 	if err != nil {
 		return nil, fmt.Errorf("can't create N3 client: %w", err)
@ -211,7 +205,7 @@ func getContractsPath(cmd *cobra.Command, needContracts bool) (string, error) {
 	return ctrPath, nil
 }

-func getSingleAccounts(wallets []*wallet.Wallet) ([]*wallet.Account, error) {
+func createWalletAccounts(wallets []*wallet.Wallet) ([]*wallet.Account, error) {
 	accounts := make([]*wallet.Account, len(wallets))
 	for i, w := range wallets {
 		acc, err := GetWalletAccount(w, constants.SingleAccountName)
@ -484,8 +478,7 @@ func (c *InitializeContext) EmitUpdateNNSGroupScript(bw *io.BufBinWriter, nnsHas
 	if isAvail {
 		emit.AppCall(bw.BinWriter, nnsHash, "register", callflag.All,
 			client.NNSGroupKeyName, c.CommitteeAcc.Contract.ScriptHash(),
-			constants.FrostfsOpsEmail, constants.NNSRefreshDefVal, constants.NNSRetryDefVal,
-			int64(constants.DefaultExpirationTime), constants.NNSTtlDefVal)
+			constants.FrostfsOpsEmail, int64(3600), int64(600), int64(constants.DefaultExpirationTime), int64(3600))
 		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 	}

@ -506,8 +499,7 @@ func (c *InitializeContext) NNSRegisterDomainScript(nnsHash, expectedHash util.U
 		bw := io.NewBufBinWriter()
 		emit.AppCall(bw.BinWriter, nnsHash, "register", callflag.All,
 			domain, c.CommitteeAcc.Contract.ScriptHash(),
-			constants.FrostfsOpsEmail, constants.NNSRefreshDefVal, constants.NNSRetryDefVal,
-			int64(constants.DefaultExpirationTime), constants.NNSTtlDefVal)
+			constants.FrostfsOpsEmail, int64(3600), int64(600), int64(constants.DefaultExpirationTime), int64(3600))
 		emit.Opcodes(bw.BinWriter, opcode.ASSERT)

 		if bw.Err != nil {
--- a/cmd/frostfs-adm/internal/modules/morph/helper/local_client.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/local_client.go
@ -8,7 +8,6 @@ import (
 	"sort"
 	"time"

-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/config"
@ -45,10 +44,11 @@ type LocalClient struct {
 	transactions []*transaction.Transaction
 	dumpPath     string
 	accounts     []*wallet.Account
+	maxGasInvoke int64
 }

 func NewLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet, dumpPath string) (*LocalClient, error) {
-	cfg, err := config.LoadFile(v.GetString(commonflags.ProtoConfigPath))
+	cfg, err := config.LoadFile(v.GetString(constants.ProtoConfigPath))
 	if err != nil {
 		return nil, err
 	}
@ -58,59 +58,17 @@ func NewLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet
 		return nil, err
 	}

-	go bc.Run()
-
-	accounts, err := getBlockSigningAccounts(cfg.ProtocolConfiguration, wallets)
-	if err != nil {
-		return nil, err
-	}
-
-	if cmd.Name() != "init" {
-		if err := restoreDump(bc, dumpPath); err != nil {
-			return nil, fmt.Errorf("restore dump: %w", err)
-		}
-	}
-
-	return &LocalClient{
-		bc:       bc,
-		dumpPath: dumpPath,
-		accounts: accounts,
-	}, nil
-}
-
-func restoreDump(bc *core.Blockchain, dumpPath string) error {
-	f, err := os.OpenFile(dumpPath, os.O_RDONLY, 0o600)
-	if err != nil {
-		return fmt.Errorf("can't open local dump: %w", err)
-	}
-	defer f.Close()
-
-	r := io.NewBinReaderFromIO(f)
-
-	var skip uint32
-	if bc.BlockHeight() != 0 {
-		skip = bc.BlockHeight() + 1
-	}
-
-	count := r.ReadU32LE() - skip
-	if err := chaindump.Restore(bc, r, skip, count, nil); err != nil {
-		return err
-	}
-	return nil
-}
-
-func getBlockSigningAccounts(cfg config.ProtocolConfiguration, wallets []*wallet.Wallet) ([]*wallet.Account, error) {
+	m := smartcontract.GetDefaultHonestNodeCount(int(cfg.ProtocolConfiguration.ValidatorsCount))
 	accounts := make([]*wallet.Account, len(wallets))
 	for i := range accounts {
-		acc, err := GetWalletAccount(wallets[i], constants.ConsensusAccountName)
+		accounts[i], err = GetWalletAccount(wallets[i], constants.ConsensusAccountName)
 		if err != nil {
 			return nil, err
 		}
-		accounts[i] = acc
 	}

 	indexMap := make(map[string]int)
-	for i, pub := range cfg.StandbyCommittee {
+	for i, pub := range cfg.ProtocolConfiguration.StandbyCommittee {
 		indexMap[pub] = i
 	}

@ -119,19 +77,45 @@ func getBlockSigningAccounts(cfg config.ProtocolConfiguration, wallets []*wallet
 		pj := accounts[j].PrivateKey().PublicKey().Bytes()
 		return indexMap[string(pi)] < indexMap[string(pj)]
 	})
-	sort.Slice(accounts[:cfg.ValidatorsCount], func(i, j int) bool {
+	sort.Slice(accounts[:cfg.ProtocolConfiguration.ValidatorsCount], func(i, j int) bool {
 		return accounts[i].PublicKey().Cmp(accounts[j].PublicKey()) == -1
 	})

-	m := smartcontract.GetDefaultHonestNodeCount(int(cfg.ValidatorsCount))
-	return accounts[:m], nil
+	go bc.Run()
+
+	if cmd.Name() != "init" {
+		f, err := os.OpenFile(dumpPath, os.O_RDONLY, 0o600)
+		if err != nil {
+			return nil, fmt.Errorf("can't open local dump: %w", err)
+		}
+		defer f.Close()
+
+		r := io.NewBinReaderFromIO(f)
+
+		var skip uint32
+		if bc.BlockHeight() != 0 {
+			skip = bc.BlockHeight() + 1
+		}
+
+		count := r.ReadU32LE() - skip
+		if err := chaindump.Restore(bc, r, skip, count, nil); err != nil {
+			return nil, fmt.Errorf("can't restore local dump: %w", err)
+		}
+	}
+
+	return &LocalClient{
+		bc:           bc,
+		dumpPath:     dumpPath,
+		accounts:     accounts[:m],
+		maxGasInvoke: 15_0000_0000,
+	}, nil
 }

 func (l *LocalClient) GetBlockCount() (uint32, error) {
 	return l.bc.BlockHeight(), nil
 }

-func (l *LocalClient) GetNativeContracts() ([]state.Contract, error) {
+func (l *LocalClient) GetNativeContracts() ([]state.NativeContract, error) {
 	return l.bc.GetNatives(), nil
 }

@ -145,6 +129,11 @@ func (l *LocalClient) GetApplicationLog(h util.Uint256, t *trigger.Type) (*resul
 	return &a, nil
 }

+func (l *LocalClient) GetCommittee() (keys.PublicKeys, error) {
+	// not used by `morph init` command
+	panic("unexpected call")
+}
+
 // InvokeFunction is implemented via `InvokeScript`.
 func (l *LocalClient) InvokeFunction(h util.Uint160, method string, sPrm []smartcontract.Parameter, ss []transaction.Signer) (*result.Invoke, error) {
 	var err error
@ -237,7 +226,7 @@ func (l *LocalClient) CalculateNetworkFee(tx *transaction.Transaction) (int64, e
 					paramz = []manifest.Parameter{{Type: smartcontract.SignatureType}}
 				} else if nSigs, _, ok := vm.ParseMultiSigContract(w.VerificationScript); ok {
 					paramz = make([]manifest.Parameter, nSigs)
-					for j := range nSigs {
+					for j := 0; j < nSigs; j++ {
 						paramz[j] = manifest.Parameter{Type: smartcontract.SignatureType}
 					}
 				}
@ -308,7 +297,13 @@ func (l *LocalClient) InvokeScript(script []byte, signers []transaction.Signer)
 }

 func (l *LocalClient) SendRawTransaction(tx *transaction.Transaction) (util.Uint256, error) {
-	tx = tx.Copy()
+	// We need to test that transaction was formed correctly to catch as many errors as we can.
+	bs := tx.Bytes()
+	_, err := transaction.NewTransactionFromBytes(bs)
+	if err != nil {
+		return tx.Hash(), fmt.Errorf("invalid transaction: %w", err)
+	}
+
 	l.transactions = append(l.transactions, tx)
 	return tx.Hash(), nil
 }
--- a/cmd/frostfs-adm/internal/modules/morph/helper/n3client.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/n3client.go
@ -2,7 +2,6 @@ package helper

 import (
 	"context"
-	"crypto/tls"
 	"errors"
 	"fmt"
 	"time"
@ -10,6 +9,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/neorpc/result"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
@ -24,10 +24,15 @@ import (
 // Client represents N3 client interface capable of test-invoking scripts
 // and sending signed transactions to chain.
 type Client interface {
-	actor.RPCActor
+	invoker.RPCInvoke

-	GetNativeContracts() ([]state.Contract, error)
+	GetBlockCount() (uint32, error)
+	GetNativeContracts() ([]state.NativeContract, error)
 	GetApplicationLog(util.Uint256, *trigger.Type) (*result.ApplicationLog, error)
+	GetVersion() (*result.Version, error)
+	SendRawTransaction(*transaction.Transaction) (util.Uint256, error)
+	GetCommittee() (keys.PublicKeys, error)
+	CalculateNetworkFee(tx *transaction.Transaction) (int64, error)
 }

 type HashVUBPair struct {
@ -42,7 +47,7 @@ type ClientContext struct {
 	SentTxs         []HashVUBPair
 }

-func NewRemoteClient(v *viper.Viper) (Client, error) {
+func GetN3Client(v *viper.Viper) (Client, error) {
 	// number of opened connections
 	// by neo-go client per one host
 	const (
@ -55,23 +60,9 @@ func NewRemoteClient(v *viper.Viper) (Client, error) {
 	if endpoint == "" {
 		return nil, errors.New("missing endpoint")
 	}
-
-	var cfg *tls.Config
-	if rootCAs := v.GetStringSlice("tls.trusted_ca_list"); len(rootCAs) != 0 {
-		certFile := v.GetString("tls.certificate")
-		keyFile := v.GetString("tls.key")
-
-		tlsConfig, err := rpcclient.TLSClientConfig(rootCAs, certFile, keyFile)
-		if err != nil {
-			return nil, err
-		}
-
-		cfg = tlsConfig
-	}
 	c, err := rpcclient.New(ctx, endpoint, rpcclient.Options{
 		MaxConnsPerHost: maxConnsPerHost,
 		RequestTimeout:  requestTimeout,
-		TLSClientConfig: cfg,
 	})
 	if err != nil {
 		return nil, err
@ -82,14 +73,8 @@ func NewRemoteClient(v *viper.Viper) (Client, error) {
 	return c, nil
 }

-func defaultClientContext(c Client, committeeAcc *wallet.Account) (*ClientContext, error) {
-	commAct, err := actor.New(c, []actor.SignerAccount{{
-		Signer: transaction.Signer{
-			Account: committeeAcc.Contract.ScriptHash(),
-			Scopes:  transaction.Global,
-		},
-		Account: committeeAcc,
-	}})
+func DefaultClientContext(c Client, committeeAcc *wallet.Account) (*ClientContext, error) {
+	commAct, err := NewActor(c, committeeAcc)
 	if err != nil {
 		return nil, err
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/netmap.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/netmap.go
@ -3,7 +3,6 @@ package helper
 import (
 	"errors"
 	"fmt"
-	"slices"

 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
@ -30,14 +29,10 @@ var NetmapConfigKeys = []string{
 	netmap.MaintenanceModeAllowedConfig,
 }

-var errFailedToFetchListOfNetworkKeys = errors.New("can't fetch list of network config keys from the netmap contract")
-
 func GetDefaultNetmapContractConfigMap() map[string]any {
 	m := make(map[string]any)
 	m[netmap.EpochDurationConfig] = viper.GetInt64(commonflags.EpochDurationInitFlag)
 	m[netmap.MaxObjectSizeConfig] = viper.GetInt64(commonflags.MaxObjectSizeInitFlag)
-	m[netmap.MaxECDataCountConfig] = viper.GetInt64(commonflags.MaxECDataCountFlag)
-	m[netmap.MaxECParityCountConfig] = viper.GetInt64(commonflags.MaxECParityCounFlag)
 	m[netmap.ContainerFeeConfig] = viper.GetInt64(commonflags.ContainerFeeInitFlag)
 	m[netmap.ContainerAliasFeeConfig] = viper.GetInt64(commonflags.ContainerAliasFeeInitFlag)
 	m[netmap.IrCandidateFeeConfig] = viper.GetInt64(commonflags.CandidateFeeInitFlag)
@ -73,17 +68,13 @@ func InvalidConfigValueErr(key string) error {
 	return fmt.Errorf("invalid %s config value from netmap contract", key)
 }

-func EmitNewEpochCall(bw *io.BufBinWriter, wCtx *InitializeContext, nmHash util.Uint160, countEpoch int64) error {
-	if countEpoch <= 0 {
-		return errors.New("number of epochs cannot be less than 1")
-	}
-
+func EmitNewEpochCall(bw *io.BufBinWriter, wCtx *InitializeContext, nmHash util.Uint160) error {
 	curr, err := unwrap.Int64(wCtx.ReadOnlyInvoker.Call(nmHash, "epoch"))
 	if err != nil {
 		return errors.New("can't fetch current epoch from the netmap contract")
 	}

-	newEpoch := curr + countEpoch
+	newEpoch := curr + 1
 	wCtx.Command.Printf("Current epoch: %d, increase to %d.\n", curr, newEpoch)

 	// In NeoFS this is done via Notary contract. Here, however, we can form the
@ -94,7 +85,7 @@ func EmitNewEpochCall(bw *io.BufBinWriter, wCtx *InitializeContext, nmHash util.

 func GetNetConfigFromNetmapContract(roInvoker *invoker.Invoker) ([]stackitem.Item, error) {
 	r := management.NewReader(roInvoker)
-	cs, err := GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return nil, fmt.Errorf("get nns contract: %w", err)
 	}
@ -104,7 +95,7 @@ func GetNetConfigFromNetmapContract(roInvoker *invoker.Invoker) ([]stackitem.Ite
 	}
 	arr, err := unwrap.Array(roInvoker.Call(nmHash, "listConfig"))
 	if err != nil {
-		return nil, errFailedToFetchListOfNetworkKeys
+		return nil, fmt.Errorf("can't fetch list of network config keys from the netmap contract")
 	}
 	return arr, err
 }
@ -119,8 +110,11 @@ func MergeNetmapConfig(roInvoker *invoker.Invoker, md map[string]any) error {
 		return err
 	}
 	for k, v := range m {
-		if slices.Contains(NetmapConfigKeys, k) {
-			md[k] = v
+		for _, key := range NetmapConfigKeys {
+			if k == key {
+				md[k] = v
+				break
+			}
 		}
 	}
 	return nil
--- a/cmd/frostfs-adm/internal/modules/morph/helper/util.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/util.go
@ -14,36 +14,14 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
-	"github.com/nspcc-dev/neo-go/cli/input"
-	"github.com/nspcc-dev/neo-go/pkg/core/state"
+	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/viper"
 )

-func getRegularWallet(walletPath string) (*wallet.Wallet, error) {
-	w, err := wallet.NewWalletFromFile(walletPath)
-	if err != nil {
-		return nil, err
-	}
-
-	password, err := input.ReadPassword("Enter password for wallet:")
-	if err != nil {
-		return nil, fmt.Errorf("can't fetch password: %w", err)
-	}
-
-	for i := range w.Accounts {
-		if err = w.Accounts[i].Decrypt(password, keys.NEP2ScryptParams()); err != nil {
-			err = fmt.Errorf("can't unlock wallet: %w", err)
-			break
-		}
-	}
-
-	return w, err
-}
-
 func GetAlphabetWallets(v *viper.Viper, walletDir string) ([]*wallet.Wallet, error) {
 	wallets, err := openAlphabetWallets(v, walletDir)
 	if err != nil {
@ -62,51 +40,58 @@ func openAlphabetWallets(v *viper.Viper, walletDir string) ([]*wallet.Wallet, er
 		return nil, fmt.Errorf("can't read alphabet wallets dir: %w", err)
 	}

-	var wallets []*wallet.Wallet
-	var letter string
-	for i := range constants.MaxAlphabetNodes {
-		letter = innerring.GlagoliticLetter(i).String()
-		p := filepath.Join(walletDir, letter+".json")
-		var w *wallet.Wallet
-		w, err = wallet.NewWalletFromFile(p)
-		if err != nil {
-			if errors.Is(err, os.ErrNotExist) {
-				err = nil
-			} else {
-				err = fmt.Errorf("can't open alphabet wallet: %w", err)
+	var size int
+loop:
+	for i := 0; i < len(walletFiles); i++ {
+		name := innerring.GlagoliticLetter(i).String() + ".json"
+		for j := range walletFiles {
+			if walletFiles[j].Name() == name {
+				size++
+				continue loop
 			}
-			break
+		}
+		break
+	}
+	if size == 0 {
+		return nil, errors.New("alphabet wallets dir is empty (run `generate-alphabet` command first)")
+	}
+
+	wallets := make([]*wallet.Wallet, size)
+	for i := 0; i < size; i++ {
+		letter := innerring.GlagoliticLetter(i).String()
+		p := filepath.Join(walletDir, letter+".json")
+		w, err := wallet.NewWalletFromFile(p)
+		if err != nil {
+			return nil, fmt.Errorf("can't open wallet: %w", err)
 		}

-		var password string
-		password, err = config.GetPassword(v, letter)
+		password, err := config.GetPassword(v, letter)
 		if err != nil {
-			err = fmt.Errorf("can't fetch password: %w", err)
-			break
+			return nil, fmt.Errorf("can't fetch password: %w", err)
 		}

 		for i := range w.Accounts {
-			if err = w.Accounts[i].Decrypt(password, keys.NEP2ScryptParams()); err != nil {
-				err = fmt.Errorf("can't unlock wallet: %w", err)
-				break
+			if err := w.Accounts[i].Decrypt(password, keys.NEP2ScryptParams()); err != nil {
+				return nil, fmt.Errorf("can't unlock wallet: %w", err)
 			}
 		}

-		wallets = append(wallets, w)
-	}
-	if err != nil {
-		return nil, fmt.Errorf("can't read wallet for letter '%s': %w", letter, err)
-	}
-	if len(wallets) == 0 {
-		err = errors.New("there are no alphabet wallets in dir (run `generate-alphabet` command first)")
-		if len(walletFiles) > 0 {
-			err = fmt.Errorf("use glagolitic names for wallets(run `print-alphabet`): %w", err)
-		}
-		return nil, err
+		wallets[i] = w
 	}
+
 	return wallets, nil
 }

+func NewActor(c actor.RPCActor, committeeAcc *wallet.Account) (*actor.Actor, error) {
+	return actor.New(c, []actor.SignerAccount{{
+		Signer: transaction.Signer{
+			Account: committeeAcc.Contract.ScriptHash(),
+			Scopes:  transaction.Global,
+		},
+		Account: committeeAcc,
+	}})
+}
+
 func ReadContract(ctrPath, ctrName string) (*ContractState, error) {
 	rawNef, err := os.ReadFile(filepath.Join(ctrPath, ctrName+"_contract.nef"))
 	if err != nil {
@ -137,11 +122,11 @@ func readContractsFromArchive(file io.Reader, names []string) (map[string]*Contr
 	}

 	r := tar.NewReader(gr)
-	var h *tar.Header
-	for h, err = r.Next(); err == nil && h != nil; h, err = r.Next() {
-		if h.Typeflag != tar.TypeReg {
-			continue
+	for h, err := r.Next(); ; h, err = r.Next() {
+		if err != nil {
+			break
 		}
+
 		dir, _ := filepath.Split(h.Name)
 		ctrName := filepath.Base(dir)

@ -164,9 +149,6 @@ func readContractsFromArchive(file io.Reader, names []string) (map[string]*Contr
 		}
 		m[ctrName] = cs
 	}
-	if err != nil && err != io.EOF {
-		return nil, fmt.Errorf("can't read contracts from archive: %w", err)
-	}

 	for ctrName, cs := range m {
 		if cs.RawNEF == nil {
@ -193,18 +175,3 @@ func ParseGASAmount(s string) (fixedn.Fixed8, error) {
 	}
 	return gasAmount, nil
 }
-
-// GetContractByID retrieves a contract by its ID using the standard GetContractByID method.
-// However, if the returned state.Contract is nil, it returns an error indicating that the contract was not found.
-// See https://git.frostfs.info/TrueCloudLab/frostfs-node/issues/1210
-func GetContractByID(r *management.ContractReader, id int32) (*state.Contract, error) {
-	cs, err := r.GetContractByID(id)
-	if err != nil {
-		return nil, err
-	}
-
-	if cs == nil {
-		return nil, errors.New("contract not found")
-	}
-	return cs, nil
-}
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_nns.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_nns.go
@ -21,7 +21,7 @@ import (

 func setNNS(c *helper.InitializeContext) error {
 	r := management.NewReader(c.ReadOnlyInvoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	if err != nil {
 		return err
 	}
@ -33,8 +33,7 @@ func setNNS(c *helper.InitializeContext) error {
 		bw := io.NewBufBinWriter()
 		emit.AppCall(bw.BinWriter, nnsCs.Hash, "register", callflag.All,
 			"frostfs", c.CommitteeAcc.Contract.ScriptHash(),
-			constants.FrostfsOpsEmail, constants.NNSRefreshDefVal, constants.NNSRetryDefVal,
-			int64(constants.DefaultExpirationTime), constants.NNSTtlDefVal)
+			constants.FrostfsOpsEmail, int64(3600), int64(600), int64(constants.DefaultExpirationTime), int64(3600))
 		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 		if err := c.SendCommitteeTx(bw.Bytes(), true); err != nil {
 			return fmt.Errorf("can't add domain root to NNS: %w", err)
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_register.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_register.go
@ -100,7 +100,10 @@ func registerCandidates(c *helper.InitializeContext) error {
 	// Register candidates in batches in order to overcome the signers amount limit.
 	// See: https://github.com/nspcc-dev/neo-go/blob/master/pkg/core/transaction/transaction.go#L27
 	for i := 0; i < need; i += registerBatchSize {
-		start, end := i, min(i+registerBatchSize, need)
+		start, end := i, i+registerBatchSize
+		if end > need {
+			end = need
+		}
 		// This check is sound because transactions are accepted/rejected atomically.
 		if have >= end {
 			continue
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_roles.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_roles.go
@ -1,8 +1,6 @@
 package initialize

 import (
-	"fmt"
-
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/noderoles"
 	"github.com/nspcc-dev/neo-go/pkg/io"
@ -31,14 +29,10 @@ func setNotaryAndAlphabetNodes(c *helper.InitializeContext) error {
 		callflag.States|callflag.AllowNotify, int64(noderoles.NeoFSAlphabet), pubs)

 	if err := c.SendCommitteeTx(w.Bytes(), false); err != nil {
-		return fmt.Errorf("send committee transaction: %w", err)
+		return err
 	}

-	err := c.AwaitTx()
-	if err != nil {
-		err = fmt.Errorf("await committee transaction: %w", err)
-	}
-	return err
+	return c.AwaitTx()
 }

 func setRolesFinished(c *helper.InitializeContext) (bool, error) {
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_test.go
@ -53,7 +53,7 @@ func TestInitialize(t *testing.T) {
 		testInitialize(t, constants.MaxAlphabetNodes)
 	})
 	t.Run("too many nodes", func(t *testing.T) {
-		require.ErrorIs(t, generateTestData(t.TempDir(), constants.MaxAlphabetNodes+1), helper.ErrTooManyAlphabetNodes)
+		require.ErrorIs(t, generateTestData(t, t.TempDir(), constants.MaxAlphabetNodes+1), helper.ErrTooManyAlphabetNodes)
 	})
 }

@ -61,8 +61,8 @@ func testInitialize(t *testing.T, committeeSize int) {
 	testdataDir := t.TempDir()
 	v := viper.GetViper()

-	require.NoError(t, generateTestData(testdataDir, committeeSize))
-	v.Set(commonflags.ProtoConfigPath, filepath.Join(testdataDir, protoFileName))
+	require.NoError(t, generateTestData(t, testdataDir, committeeSize))
+	v.Set(constants.ProtoConfigPath, filepath.Join(testdataDir, protoFileName))

 	// Set to the path or remove the next statement to download from the network.
 	require.NoError(t, Cmd.Flags().Set(commonflags.ContractsInitFlag, contractsPath))
@ -98,7 +98,7 @@ func testInitialize(t *testing.T, committeeSize int) {
 	})
 }

-func generateTestData(dir string, size int) error {
+func generateTestData(t *testing.T, dir string, size int) error {
 	v := viper.GetViper()
 	v.Set(commonflags.AlphabetWalletsFlag, dir)

@ -113,7 +113,7 @@ func generateTestData(dir string, size int) error {
 	}

 	var pubs []string
-	for i := range size {
+	for i := 0; i < size; i++ {
 		p := filepath.Join(dir, innerring.GlagoliticLetter(i).String()+".json")
 		w, err := wallet.NewWalletFromFile(p)
 		if err != nil {
@ -148,7 +148,7 @@ func generateTestData(dir string, size int) error {
 }

 func setTestCredentials(v *viper.Viper, size int) {
-	for i := range size {
+	for i := 0; i < size; i++ {
 		v.Set("credentials."+innerring.GlagoliticLetter(i).String(), strconv.FormatUint(uint64(i), 10))
 	}
 	v.Set("credentials.contract", constants.TestContractPassword)
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_transfer.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_transfer.go
@ -3,7 +3,6 @@ package initialize
 import (
 	"fmt"
 	"math/big"
-	"strings"

 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
@ -22,16 +21,13 @@ import (
 )

 const (
+	gasInitialTotalSupply = 30000000 * native.GASFactor
 	// initialAlphabetGASAmount represents the amount of GAS given to each alphabet node.
 	initialAlphabetGASAmount = 10_000 * native.GASFactor
 	// initialProxyGASAmount represents the amount of GAS given to a proxy contract.
 	initialProxyGASAmount = 50_000 * native.GASFactor
 )

-func initialCommitteeGASAmount(c *helper.InitializeContext, initialGasDistribution int64) int64 {
-	return (initialGasDistribution - initialAlphabetGASAmount*int64(len(c.Wallets))) / 2
-}
-
 func transferFunds(c *helper.InitializeContext) error {
 	ok, err := transferFundsFinished(c)
 	if ok || err != nil {
@ -41,11 +37,6 @@ func transferFunds(c *helper.InitializeContext) error {
 		return err
 	}

-	version, err := c.Client.GetVersion()
-	if err != nil {
-		return err
-	}
-
 	var transfers []transferTarget
 	for _, acc := range c.Accounts {
 		to := acc.Contract.ScriptHash()
@ -63,7 +54,7 @@ func transferFunds(c *helper.InitializeContext) error {
 		transferTarget{
 			Token:   gas.Hash,
 			Address: c.CommitteeAcc.Contract.ScriptHash(),
-			Amount:  initialCommitteeGASAmount(c, int64(version.Protocol.InitialGasDistribution)),
+			Amount:  (gasInitialTotalSupply - initialAlphabetGASAmount*int64(len(c.Wallets))) / 2,
 		},
 		transferTarget{
 			Token:   neo.Hash,
@ -84,26 +75,12 @@ func transferFunds(c *helper.InitializeContext) error {
 	return c.AwaitTx()
 }

-// transferFundsFinished checks balances of accounts we transfer GAS to.
-// The stage is considered finished if the balance is greater than the half of what we need to transfer.
 func transferFundsFinished(c *helper.InitializeContext) (bool, error) {
+	acc := c.Accounts[0]
+
 	r := nep17.NewReader(c.ReadOnlyInvoker, gas.Hash)
-	res, err := r.BalanceOf(c.ConsensusAcc.ScriptHash())
-	if err != nil {
-		return false, err
-	}
-
-	version, err := c.Client.GetVersion()
-	if err != nil || res.Cmp(big.NewInt(int64(version.Protocol.InitialGasDistribution))) != -1 {
-		return false, err
-	}
-
-	res, err = r.BalanceOf(c.CommitteeAcc.ScriptHash())
-	if err != nil {
-		return false, err
-	}
-
-	return res != nil && res.Cmp(big.NewInt(initialCommitteeGASAmount(c, int64(version.Protocol.InitialGasDistribution)))) == 1, err
+	res, err := r.BalanceOf(acc.Contract.ScriptHash())
+	return res.Cmp(big.NewInt(initialAlphabetGASAmount/2)) == 1, err
 }

 func transferGASToProxy(c *helper.InitializeContext) error {
@ -163,17 +140,5 @@ func createNEP17MultiTransferTx(c helper.Client, acc *wallet.Account, recipients
 	if err != nil {
 		return nil, fmt.Errorf("can't create actor: %w", err)
 	}
-	tx, err := act.MakeRun(w.Bytes())
-	if err != nil {
-		sum := make(map[util.Uint160]int64)
-		for _, recipient := range recipients {
-			sum[recipient.Token] += recipient.Amount
-		}
-		detail := make([]string, 0, len(sum))
-		for _, value := range sum {
-			detail = append(detail, fmt.Sprintf("amount=%v", value))
-		}
-		err = fmt.Errorf("transfer failed: from=%s(%s) %s: %w", acc.Label, acc.Address, strings.Join(detail, " "), err)
-	}
-	return tx, err
+	return act.MakeRun(w.Bytes())
 }
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/root.go
@ -2,6 +2,7 @@ package initialize

 import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@ -24,14 +25,12 @@ var Cmd = &cobra.Command{
 		_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		_ = viper.BindPFlag(commonflags.EpochDurationInitFlag, cmd.Flags().Lookup(epochDurationCLIFlag))
 		_ = viper.BindPFlag(commonflags.MaxObjectSizeInitFlag, cmd.Flags().Lookup(maxObjectSizeCLIFlag))
-		_ = viper.BindPFlag(commonflags.MaxECDataCountFlag, cmd.Flags().Lookup(commonflags.MaxECDataCountFlag))
-		_ = viper.BindPFlag(commonflags.MaxECParityCounFlag, cmd.Flags().Lookup(commonflags.MaxECParityCounFlag))
 		_ = viper.BindPFlag(commonflags.HomomorphicHashDisabledInitFlag, cmd.Flags().Lookup(homomorphicHashDisabledCLIFlag))
 		_ = viper.BindPFlag(commonflags.CandidateFeeInitFlag, cmd.Flags().Lookup(candidateFeeCLIFlag))
 		_ = viper.BindPFlag(commonflags.ContainerFeeInitFlag, cmd.Flags().Lookup(containerFeeCLIFlag))
 		_ = viper.BindPFlag(commonflags.ContainerAliasFeeInitFlag, cmd.Flags().Lookup(containerAliasFeeCLIFlag))
 		_ = viper.BindPFlag(commonflags.WithdrawFeeInitFlag, cmd.Flags().Lookup(withdrawFeeCLIFlag))
-		_ = viper.BindPFlag(commonflags.ProtoConfigPath, cmd.Flags().Lookup(commonflags.ProtoConfigPath))
+		_ = viper.BindPFlag(constants.ProtoConfigPath, cmd.Flags().Lookup(constants.ProtoConfigPath))
 	},
 	RunE: initializeSideChainCmd,
 }
@ -47,7 +46,7 @@ func initInitCmd() {
 	// Defaults are taken from neo-preodolenie.
 	Cmd.Flags().Uint64(containerFeeCLIFlag, 1000, "Container registration fee")
 	Cmd.Flags().Uint64(containerAliasFeeCLIFlag, 500, "Container alias fee")
-	Cmd.Flags().String(commonflags.ProtoConfigPath, "", "Path to the consensus node configuration")
+	Cmd.Flags().String(constants.ProtoConfigPath, "", "Path to the consensus node configuration")
 	Cmd.Flags().String(commonflags.LocalDumpFlag, "", "Path to the blocks dump file")
 	Cmd.MarkFlagsMutuallyExclusive(commonflags.ContractsInitFlag, commonflags.ContractsURLFlag)
 }
--- a/cmd/frostfs-adm/internal/modules/morph/netmap/epoch.go
+++ b/cmd/frostfs-adm/internal/modules/morph/netmap/epoch.go
@ -12,16 +12,14 @@ import (
 	"github.com/spf13/viper"
 )

-const deltaFlag = "delta"
-
 func ForceNewEpochCmd(cmd *cobra.Command, _ []string) error {
 	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
-		return fmt.Errorf("can't initialize context: %w", err)
+		return fmt.Errorf("can't to initialize context: %w", err)
 	}

 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -32,8 +30,7 @@ func ForceNewEpochCmd(cmd *cobra.Command, _ []string) error {
 	}

 	bw := io.NewBufBinWriter()
-	delta, _ := cmd.Flags().GetInt64(deltaFlag)
-	if err := helper.EmitNewEpochCall(bw, wCtx, nmHash, delta); err != nil {
+	if err := helper.EmitNewEpochCall(bw, wCtx, nmHash); err != nil {
 		return err
 	}

--- a/cmd/frostfs-adm/internal/modules/morph/netmap/netmap_candidates.go
+++ b/cmd/frostfs-adm/internal/modules/morph/netmap/netmap_candidates.go
@ -13,13 +13,13 @@ import (
 )

 func listNetmapCandidatesNodes(cmd *cobra.Command, _ []string) {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client: %w", err)

 	inv := invoker.New(c, nil)
 	r := management.NewReader(inv)

-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract info: %w", err)

 	nmHash, err := helper.NNSResolveHash(inv, cs.Hash, helper.DomainOf(constants.NetmapContract))
--- a/cmd/frostfs-adm/internal/modules/morph/netmap/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/netmap/root.go
@ -12,6 +12,7 @@ var (
 		Short: "List netmap candidates nodes",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 		},
 		Run: listNetmapCandidatesNodes,
 	}
@ -34,7 +35,6 @@ func initForceNewEpochCmd() {
 	ForceNewEpoch.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	ForceNewEpoch.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	ForceNewEpoch.Flags().String(commonflags.LocalDumpFlag, "", "Path to the blocks dump file")
-	ForceNewEpoch.Flags().Int64(deltaFlag, 1, "Number of epochs to increase the current epoch")
 }

 func init() {
--- a/cmd/frostfs-adm/internal/modules/morph/nns/domains.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/domains.go
@ -1,93 +0,0 @@
-package nns
-
-import (
-	"math/big"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"github.com/nspcc-dev/neo-go/pkg/wallet"
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-func initRegisterCmd() {
-	Cmd.AddCommand(registerCmd)
-	registerCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	registerCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-	registerCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
-	registerCmd.Flags().String(nnsEmailFlag, constants.FrostfsOpsEmail, "Domain owner email")
-	registerCmd.Flags().Int64(nnsRefreshFlag, constants.NNSRefreshDefVal, "SOA record REFRESH parameter")
-	registerCmd.Flags().Int64(nnsRetryFlag, constants.NNSRetryDefVal, "SOA record RETRY parameter")
-	registerCmd.Flags().Int64(nnsExpireFlag, int64(constants.DefaultExpirationTime), "SOA record EXPIRE parameter")
-	registerCmd.Flags().Int64(nnsTTLFlag, constants.NNSTtlDefVal, "SOA record TTL parameter")
-	registerCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
-
-	_ = cobra.MarkFlagRequired(registerCmd.Flags(), nnsNameFlag)
-}
-
-func registerDomain(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
-
-	name, _ := cmd.Flags().GetString(nnsNameFlag)
-	email, _ := cmd.Flags().GetString(nnsEmailFlag)
-	refresh, _ := cmd.Flags().GetInt64(nnsRefreshFlag)
-	retry, _ := cmd.Flags().GetInt64(nnsRetryFlag)
-	expire, _ := cmd.Flags().GetInt64(nnsExpireFlag)
-	ttl, _ := cmd.Flags().GetInt64(nnsTTLFlag)
-
-	h, vub, err := c.Register(name, actor.Sender(), email, big.NewInt(refresh),
-		big.NewInt(retry), big.NewInt(expire), big.NewInt(ttl))
-	commonCmd.ExitOnErr(cmd, "unable to register domain: %w", err)
-
-	cmd.Println("Waiting for transaction to persist...")
-	_, err = actor.Wait(h, vub, err)
-	commonCmd.ExitOnErr(cmd, "register domain error: %w", err)
-	cmd.Println("Domain registered successfully")
-}
-
-func initDeleteCmd() {
-	Cmd.AddCommand(deleteCmd)
-	deleteCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	deleteCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-	deleteCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
-	deleteCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
-
-	_ = cobra.MarkFlagRequired(deleteCmd.Flags(), nnsNameFlag)
-}
-
-func deleteDomain(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
-
-	name, _ := cmd.Flags().GetString(nnsNameFlag)
-	h, vub, err := c.DeleteDomain(name)
-
-	_, err = actor.Wait(h, vub, err)
-	commonCmd.ExitOnErr(cmd, "delete domain error: %w", err)
-	cmd.Println("Domain deleted successfully")
-}
-
-func initSetAdminCmd() {
-	Cmd.AddCommand(setAdminCmd)
-	setAdminCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	setAdminCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-	setAdminCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
-	setAdminCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
-	setAdminCmd.Flags().String(commonflags.AdminWalletPath, "", commonflags.AdminWalletUsage)
-	_ = setAdminCmd.MarkFlagRequired(commonflags.AdminWalletPath)
-
-	_ = cobra.MarkFlagRequired(setAdminCmd.Flags(), nnsNameFlag)
-}
-
-func setAdmin(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
-
-	name, _ := cmd.Flags().GetString(nnsNameFlag)
-	w, err := wallet.NewWalletFromFile(viper.GetString(commonflags.AdminWalletPath))
-	commonCmd.ExitOnErr(cmd, "can't get admin wallet: %w", err)
-	h, vub, err := c.SetAdmin(name, w.GetAccount(w.GetChangeAddress()).ScriptHash())
-
-	_, err = actor.Wait(h, vub, err)
-	commonCmd.ExitOnErr(cmd, "Set admin error: %w", err)
-	cmd.Println("Set admin successfully")
-}
--- a/cmd/frostfs-adm/internal/modules/morph/nns/helper.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/helper.go
@ -1,67 +0,0 @@
-package nns
-
-import (
-	"errors"
-
-	client "git.frostfs.info/TrueCloudLab/frostfs-contract/rpcclient/nns"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-func nnsWriter(cmd *cobra.Command) (*client.Contract, *helper.LocalActor) {
-	v := viper.GetViper()
-	c, err := helper.NewRemoteClient(v)
-	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
-
-	alphabetWalletPath := config.ResolveHomePath(v.GetString(commonflags.AlphabetWalletsFlag))
-	walletPath := config.ResolveHomePath(v.GetString(commonflags.WalletPath))
-	adminWalletPath := config.ResolveHomePath(v.GetString(commonflags.AdminWalletPath))
-
-	var (
-		alphabet       *helper.AlphabetWallets
-		regularWallets []*helper.RegularWallets
-	)
-
-	if alphabetWalletPath != "" {
-		alphabet = &helper.AlphabetWallets{Path: alphabetWalletPath, Label: constants.ConsensusAccountName}
-	}
-
-	if walletPath != "" {
-		regularWallets = append(regularWallets, &helper.RegularWallets{Path: walletPath})
-	}
-
-	if adminWalletPath != "" {
-		regularWallets = append(regularWallets, &helper.RegularWallets{Path: adminWalletPath})
-	}
-
-	if alphabet == nil && regularWallets == nil {
-		commonCmd.ExitOnErr(cmd, "", errors.New("no wallets provided"))
-	}
-
-	ac, err := helper.NewLocalActor(c, alphabet, regularWallets...)
-	commonCmd.ExitOnErr(cmd, "can't create actor: %w", err)
-
-	r := management.NewReader(ac.Invoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
-	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
-	return client.New(ac, nnsCs.Hash), ac
-}
-
-func nnsReader(cmd *cobra.Command) (*client.ContractReader, *invoker.Invoker) {
-	c, err := helper.NewRemoteClient(viper.GetViper())
-	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
-
-	inv := invoker.New(c, nil)
-	r := management.NewReader(inv)
-	nnsCs, err := helper.GetContractByID(r, 1)
-	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
-
-	return client.NewReader(inv, nnsCs.Hash), inv
-}
--- a/cmd/frostfs-adm/internal/modules/morph/nns/record.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/record.go
@ -1,178 +0,0 @@
-package nns
-
-import (
-	"errors"
-	"math/big"
-	"strings"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
-	"github.com/spf13/cobra"
-)
-
-func initAddRecordCmd() {
-	Cmd.AddCommand(addRecordCmd)
-	addRecordCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	addRecordCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-	addRecordCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
-	addRecordCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
-	addRecordCmd.Flags().String(nnsRecordDataFlag, "", nnsRecordDataFlagDesc)
-	addRecordCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
-
-	_ = cobra.MarkFlagRequired(addRecordCmd.Flags(), nnsNameFlag)
-	_ = cobra.MarkFlagRequired(addRecordCmd.Flags(), nnsRecordTypeFlag)
-	_ = cobra.MarkFlagRequired(addRecordCmd.Flags(), nnsRecordDataFlag)
-}
-
-func initGetRecordsCmd() {
-	Cmd.AddCommand(getRecordsCmd)
-	getRecordsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	getRecordsCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
-	getRecordsCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
-
-	_ = cobra.MarkFlagRequired(getRecordsCmd.Flags(), nnsNameFlag)
-}
-
-func initDelRecordsCmd() {
-	Cmd.AddCommand(delRecordsCmd)
-	delRecordsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	delRecordsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-	delRecordsCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
-	delRecordsCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
-	delRecordsCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
-
-	_ = cobra.MarkFlagRequired(delRecordsCmd.Flags(), nnsNameFlag)
-	_ = cobra.MarkFlagRequired(delRecordsCmd.Flags(), nnsRecordTypeFlag)
-}
-
-func initDelRecordCmd() {
-	Cmd.AddCommand(delRecordCmd)
-	delRecordCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	delRecordCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-	delRecordCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
-	delRecordCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
-	delRecordCmd.Flags().String(nnsRecordDataFlag, "", nnsRecordDataFlagDesc)
-	delRecordCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
-
-	_ = cobra.MarkFlagRequired(delRecordCmd.Flags(), nnsNameFlag)
-	_ = cobra.MarkFlagRequired(delRecordCmd.Flags(), nnsRecordTypeFlag)
-	_ = cobra.MarkFlagRequired(delRecordCmd.Flags(), nnsRecordDataFlag)
-}
-
-func addRecord(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
-	name, _ := cmd.Flags().GetString(nnsNameFlag)
-	data, _ := cmd.Flags().GetString(nnsRecordDataFlag)
-	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
-	typ, err := getRecordType(recordType)
-	commonCmd.ExitOnErr(cmd, "unable to parse record type: %w", err)
-	h, vub, err := c.AddRecord(name, typ, data)
-	commonCmd.ExitOnErr(cmd, "unable to add record: %w", err)
-
-	cmd.Println("Waiting for transaction to persist...")
-	_, err = actor.Wait(h, vub, err)
-	commonCmd.ExitOnErr(cmd, "renew domain error: %w", err)
-	cmd.Println("Record added successfully")
-}
-
-func getRecords(cmd *cobra.Command, _ []string) {
-	c, inv := nnsReader(cmd)
-	name, _ := cmd.Flags().GetString(nnsNameFlag)
-	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
-	if recordType == "" {
-		sid, r, err := c.GetAllRecords(name)
-		commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
-		defer func() {
-			_ = inv.TerminateSession(sid)
-		}()
-		items, err := inv.TraverseIterator(sid, &r, 0)
-		commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
-		for len(items) != 0 {
-			for j := range items {
-				rs := items[j].Value().([]stackitem.Item)
-				bs, err := rs[2].TryBytes()
-				commonCmd.ExitOnErr(cmd, "unable to parse record state: %w", err)
-				cmd.Printf("%s %s\n",
-					recordTypeToString(nns.RecordType(rs[1].Value().(*big.Int).Int64())),
-					string(bs))
-			}
-			items, err = inv.TraverseIterator(sid, &r, 0)
-			commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
-		}
-	} else {
-		typ, err := getRecordType(recordType)
-		commonCmd.ExitOnErr(cmd, "unable to parse record type: %w", err)
-		items, err := c.GetRecords(name, typ)
-		commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
-		for _, item := range items {
-			record, err := item.TryBytes()
-			commonCmd.ExitOnErr(cmd, "unable to parse response: %w", err)
-			cmd.Println(string(record))
-		}
-	}
-}
-
-func delRecords(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
-	name, _ := cmd.Flags().GetString(nnsNameFlag)
-	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
-	typ, err := getRecordType(recordType)
-	commonCmd.ExitOnErr(cmd, "unable to parse record type: %w", err)
-	h, vub, err := c.DeleteRecords(name, typ)
-	commonCmd.ExitOnErr(cmd, "unable to delete records: %w", err)
-
-	cmd.Println("Waiting for transaction to persist...")
-	_, err = actor.Wait(h, vub, err)
-	commonCmd.ExitOnErr(cmd, "delete records error: %w", err)
-	cmd.Println("Records removed successfully")
-}
-
-func delRecord(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
-	name, _ := cmd.Flags().GetString(nnsNameFlag)
-	data, _ := cmd.Flags().GetString(nnsRecordDataFlag)
-	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
-	typ, err := getRecordType(recordType)
-	commonCmd.ExitOnErr(cmd, "unable to parse record type: %w", err)
-	h, vub, err := c.DeleteRecord(name, typ, data)
-	commonCmd.ExitOnErr(cmd, "unable to delete record: %w", err)
-
-	cmd.Println("Waiting for transaction to persist...")
-	_, err = actor.Wait(h, vub, err)
-	commonCmd.ExitOnErr(cmd, "delete records error: %w", err)
-	cmd.Println("Record removed successfully")
-}
-
-func getRecordType(recordType string) (*big.Int, error) {
-	switch strings.ToUpper(recordType) {
-	case "A":
-		return big.NewInt(int64(nns.A)), nil
-	case "CNAME":
-		return big.NewInt(int64(nns.CNAME)), nil
-	case "SOA":
-		return big.NewInt(int64(nns.SOA)), nil
-	case "TXT":
-		return big.NewInt(int64(nns.TXT)), nil
-	case "AAAA":
-		return big.NewInt(int64(nns.AAAA)), nil
-	}
-	return nil, errors.New("unsupported record type")
-}
-
-func recordTypeToString(rt nns.RecordType) string {
-	switch rt {
-	case nns.A:
-		return "A"
-	case nns.CNAME:
-		return "CNAME"
-	case nns.SOA:
-		return "SOA"
-	case nns.TXT:
-		return "TXT"
-	case nns.AAAA:
-		return "AAAA"
-	}
-	return ""
-}
--- a/cmd/frostfs-adm/internal/modules/morph/nns/renew.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/renew.go
@ -1,26 +0,0 @@
-package nns
-
-import (
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"github.com/spf13/cobra"
-)
-
-func initRenewCmd() {
-	Cmd.AddCommand(renewCmd)
-	renewCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	renewCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-	renewCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
-}
-
-func renewDomain(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
-	name, _ := cmd.Flags().GetString(nnsNameFlag)
-	h, vub, err := c.Renew(name)
-	commonCmd.ExitOnErr(cmd, "unable to renew domain: %w", err)
-
-	cmd.Println("Waiting for transaction to persist...")
-	_, err = actor.Wait(h, vub, err)
-	commonCmd.ExitOnErr(cmd, "renew domain error: %w", err)
-	cmd.Println("Domain renewed successfully")
-}
--- a/cmd/frostfs-adm/internal/modules/morph/nns/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/root.go
@ -1,136 +0,0 @@
-package nns
-
-import (
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-const (
-	nnsNameFlag           = "name"
-	nnsNameFlagDesc       = "Domain name"
-	nnsEmailFlag          = "email"
-	nnsRefreshFlag        = "refresh"
-	nnsRetryFlag          = "retry"
-	nnsExpireFlag         = "expire"
-	nnsTTLFlag            = "ttl"
-	nnsRecordTypeFlag     = "type"
-	nnsRecordTypeFlagDesc = "Domain name service record type(A|CNAME|SOA|TXT)"
-	nnsRecordDataFlag     = "data"
-	nnsRecordDataFlagDesc = "Domain name service record data"
-)
-
-var (
-	Cmd = &cobra.Command{
-		Use:   "nns",
-		Short: "Section for Neo Name Service (NNS)",
-	}
-	tokensCmd = &cobra.Command{
-		Use:   "tokens",
-		Short: "List all registered domain names",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-		},
-		Run: listTokens,
-	}
-	registerCmd = &cobra.Command{
-		Use:   "register",
-		Short: "Registers a new domain",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
-			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
-		},
-		Run: registerDomain,
-	}
-	deleteCmd = &cobra.Command{
-		Use:   "delete",
-		Short: "Delete a domain by name",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
-			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
-		},
-		Run: deleteDomain,
-	}
-	renewCmd = &cobra.Command{
-		Use:   "renew",
-		Short: "Increases domain expiration date",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
-		},
-		Run: renewDomain,
-	}
-	updateCmd = &cobra.Command{
-		Use:   "update",
-		Short: "Updates soa record",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
-		},
-		Run: updateSOA,
-	}
-	addRecordCmd = &cobra.Command{
-		Use:   "add-record",
-		Short: "Adds a new record of the specified type to the provided domain",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
-			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
-		},
-		Run: addRecord,
-	}
-	getRecordsCmd = &cobra.Command{
-		Use:   "get-records",
-		Short: "Returns domain record of the specified type",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-		},
-		Run: getRecords,
-	}
-	delRecordsCmd = &cobra.Command{
-		Use:   "delete-records",
-		Short: "Removes domain records with the specified type",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
-			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
-		},
-		Run: delRecords,
-	}
-	delRecordCmd = &cobra.Command{
-		Use:   "delete-record",
-		Short: "Removes domain record with the specified type and data",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
-			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
-		},
-		Run: delRecord,
-	}
-	setAdminCmd = &cobra.Command{
-		Use:   "set-admin",
-		Short: "Sets admin for domain",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
-			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
-			_ = viper.BindPFlag(commonflags.AdminWalletPath, cmd.Flags().Lookup(commonflags.AdminWalletPath))
-		},
-		Run: setAdmin,
-	}
-)
-
-func init() {
-	initTokensCmd()
-	initRegisterCmd()
-	initDeleteCmd()
-	initRenewCmd()
-	initUpdateCmd()
-	initAddRecordCmd()
-	initGetRecordsCmd()
-	initDelRecordsCmd()
-	initDelRecordCmd()
-	initSetAdminCmd()
-}
--- a/cmd/frostfs-adm/internal/modules/morph/nns/tokens.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/tokens.go
@ -1,65 +0,0 @@
-package nns
-
-import (
-	"math/big"
-	"strings"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
-	client "git.frostfs.info/TrueCloudLab/frostfs-contract/rpcclient/nns"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"github.com/spf13/cobra"
-)
-
-const (
-	verboseDesc = "Include additional information about CNAME record."
-)
-
-func initTokensCmd() {
-	Cmd.AddCommand(tokensCmd)
-	tokensCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	tokensCmd.Flags().BoolP(commonflags.Verbose, commonflags.VerboseShorthand, false, verboseDesc)
-}
-
-func listTokens(cmd *cobra.Command, _ []string) {
-	c, _ := nnsReader(cmd)
-	it, err := c.Tokens()
-	commonCmd.ExitOnErr(cmd, "unable to get tokens: %w", err)
-	for toks, err := it.Next(10); err == nil && len(toks) > 0; toks, err = it.Next(10) {
-		for _, token := range toks {
-			output := string(token)
-			if verbose, _ := cmd.Flags().GetBool(commonflags.Verbose); verbose {
-				cname, err := getCnameRecord(c, token)
-				commonCmd.ExitOnErr(cmd, "", err)
-				if cname != "" {
-					output += " (CNAME: " + cname + ")"
-				}
-			}
-			cmd.Println(output)
-		}
-	}
-}
-
-func getCnameRecord(c *client.ContractReader, token []byte) (string, error) {
-	items, err := c.GetRecords(string(token), big.NewInt(int64(nns.CNAME)))
-
-	// GetRecords returns the error "not an array" if the domain does not contain records.
-	if err != nil && strings.Contains(err.Error(), "not an array") {
-		return "", nil
-	}
-
-	if err != nil {
-		return "", err
-	}
-
-	if len(items) == 0 {
-		return "", nil
-	}
-
-	record, err := items[0].TryBytes()
-	if err != nil {
-		return "", err
-	}
-
-	return string(record), nil
-}
--- a/cmd/frostfs-adm/internal/modules/morph/nns/update.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/update.go
@ -1,50 +0,0 @@
-package nns
-
-import (
-	"math/big"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"github.com/spf13/cobra"
-)
-
-func initUpdateCmd() {
-	Cmd.AddCommand(updateCmd)
-	updateCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	updateCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-	updateCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
-	updateCmd.Flags().String(nnsEmailFlag, constants.FrostfsOpsEmail, "Domain owner email")
-	updateCmd.Flags().Int64(nnsRefreshFlag, constants.NNSRefreshDefVal,
-		"The number of seconds between update requests from secondary and slave name servers")
-	updateCmd.Flags().Int64(nnsRetryFlag, constants.NNSRetryDefVal,
-		"The number of seconds the secondary or slave will wait before retrying when the last attempt has failed")
-	updateCmd.Flags().Int64(nnsExpireFlag, int64(constants.DefaultExpirationTime),
-		"The number of seconds a master or slave will wait before considering the data stale "+
-			"if it cannot reach the primary name server")
-	updateCmd.Flags().Int64(nnsTTLFlag, constants.NNSTtlDefVal,
-		"The number of seconds a domain name is cached locally before expiration and return to authoritative "+
-			"nameservers for updated information")
-
-	_ = cobra.MarkFlagRequired(updateCmd.Flags(), nnsNameFlag)
-}
-
-func updateSOA(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
-
-	name, _ := cmd.Flags().GetString(nnsNameFlag)
-	email, _ := cmd.Flags().GetString(nnsEmailFlag)
-	refresh, _ := cmd.Flags().GetInt64(nnsRefreshFlag)
-	retry, _ := cmd.Flags().GetInt64(nnsRetryFlag)
-	expire, _ := cmd.Flags().GetInt64(nnsExpireFlag)
-	ttl, _ := cmd.Flags().GetInt64(nnsTTLFlag)
-
-	h, vub, err := c.UpdateSOA(name, email, big.NewInt(refresh),
-		big.NewInt(retry), big.NewInt(expire), big.NewInt(ttl))
-	commonCmd.ExitOnErr(cmd, "unable to send transaction: %w", err)
-
-	cmd.Println("Waiting for transaction to persist...")
-	_, err = actor.Wait(h, vub, err)
-	commonCmd.ExitOnErr(cmd, "register domain error: %w", err)
-	cmd.Println("SOA records updated successfully")
-}
--- a/cmd/frostfs-adm/internal/modules/morph/node/remove.go
+++ b/cmd/frostfs-adm/internal/modules/morph/node/remove.go
@ -37,7 +37,7 @@ func RemoveNodesCmd(cmd *cobra.Command, args []string) error {
 	defer wCtx.Close()

 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -53,7 +53,7 @@ func RemoveNodesCmd(cmd *cobra.Command, args []string) error {
 			int64(netmapcontract.NodeStateOffline), nodeKeys[i].Bytes())
 	}

-	if err := helper.EmitNewEpochCall(bw, wCtx, nmHash, 1); err != nil {
+	if err := helper.EmitNewEpochCall(bw, wCtx, nmHash); err != nil {
 		return err
 	}

--- a/cmd/frostfs-adm/internal/modules/morph/notary/notary.go
+++ b/cmd/frostfs-adm/internal/modules/morph/notary/notary.go
@ -1,9 +1,9 @@
 package notary

 import (
-	"errors"
 	"fmt"
 	"math/big"
+	"strconv"

 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
@ -31,8 +31,6 @@ const (
 	notaryDepositTillFlag = "till"
 )

-var errInvalidNotaryDepositLifetime = errors.New("notary deposit lifetime must be a positive integer")
-
 func depositNotary(cmd *cobra.Command, _ []string) error {
 	w, err := openWallet(cmd)
 	if err != nil {
@ -40,8 +38,7 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 	}

 	accHash := w.GetChangeAddress()
-	addr, _ := cmd.Flags().GetString(walletAccountFlag)
-	if addr != "" {
+	if addr, err := cmd.Flags().GetString(walletAccountFlag); err == nil {
 		accHash, err = address.StringToUint160(addr)
 		if err != nil {
 			return fmt.Errorf("invalid address: %s", addr)
@ -53,7 +50,7 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("can't find account for %s", accHash)
 	}

-	prompt := fmt.Sprintf("Enter password for %s > ", address.Uint160ToString(accHash))
+	prompt := fmt.Sprintf("Enter password for %s >", address.Uint160ToString(accHash))
 	pass, err := input.ReadPassword(prompt)
 	if err != nil {
 		return fmt.Errorf("can't get password: %v", err)
@ -73,16 +70,23 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 		return err
 	}

-	till, _ := cmd.Flags().GetInt64(notaryDepositTillFlag)
-	if till <= 0 {
-		return errInvalidNotaryDepositLifetime
+	till := int64(defaultNotaryDepositLifetime)
+	tillStr, err := cmd.Flags().GetString(notaryDepositTillFlag)
+	if err != nil {
+		return err
+	}
+	if tillStr != "" {
+		till, err = strconv.ParseInt(tillStr, 10, 64)
+		if err != nil || till <= 0 {
+			return fmt.Errorf("notary deposit lifetime must be a positive integer")
+		}
 	}

 	return transferGas(cmd, acc, accHash, gasAmount, till)
 }

 func transferGas(cmd *cobra.Command, acc *wallet.Account, accHash util.Uint160, gasAmount fixedn.Fixed8, till int64) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return err
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/notary/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/notary/root.go
@ -20,7 +20,7 @@ func initDepositoryNotaryCmd() {
 	DepositCmd.Flags().String(commonflags.StorageWalletFlag, "", "Path to storage node wallet")
 	DepositCmd.Flags().String(walletAccountFlag, "", "Wallet account address")
 	DepositCmd.Flags().String(commonflags.RefillGasAmountFlag, "", "Amount of GAS to deposit")
-	DepositCmd.Flags().Int64(notaryDepositTillFlag, defaultNotaryDepositLifetime, "Notary deposit duration in blocks")
+	DepositCmd.Flags().String(notaryDepositTillFlag, "", "Notary deposit duration in blocks")
 }

 func init() {
--- a/cmd/frostfs-adm/internal/modules/morph/policy/policy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/policy/policy.go
@ -2,7 +2,6 @@ package policy

 import (
 	"bytes"
-	"errors"
 	"fmt"
 	"strconv"
 	"strings"
@ -25,19 +24,17 @@ const (
 	setFeeParam       = "FeePerByte"
 )

-var errInvalidParameterFormat = errors.New("invalid parameter format, must be Parameter=Value")
-
 func SetPolicyCmd(cmd *cobra.Command, args []string) error {
 	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
-		return fmt.Errorf("can't initialize context: %w", err)
+		return fmt.Errorf("can't to initialize context: %w", err)
 	}

 	bw := io.NewBufBinWriter()
 	for i := range args {
 		k, v, found := strings.Cut(args[i], "=")
 		if !found {
-			return errInvalidParameterFormat
+			return fmt.Errorf("invalid parameter format, must be Parameter=Value")
 		}

 		switch k {
@ -48,7 +45,7 @@ func SetPolicyCmd(cmd *cobra.Command, args []string) error {

 		value, err := strconv.ParseUint(v, 10, 32)
 		if err != nil {
-			return fmt.Errorf("can't parse parameter value '%s': %w", args[i], err)
+			return fmt.Errorf("can't parse parameter value '%s': %w", args[1], err)
 		}

 		emit.AppCall(bw.BinWriter, policy.Hash, "set"+k, callflag.All, int64(value))
@ -62,7 +59,7 @@ func SetPolicyCmd(cmd *cobra.Command, args []string) error {
 }

 func dumpPolicyCmd(cmd *cobra.Command, _ []string) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client:", err)

 	inv := invoker.New(c, nil)
@ -80,9 +77,9 @@ func dumpPolicyCmd(cmd *cobra.Command, _ []string) error {
 	buf := bytes.NewBuffer(nil)
 	tw := tabwriter.NewWriter(buf, 0, 2, 2, ' ', 0)

-	_, _ = tw.Write(fmt.Appendf(nil, "Execution Fee Factor:\t%d (int)\n", execFee))
-	_, _ = tw.Write(fmt.Appendf(nil, "Fee Per Byte:\t%d (int)\n", feePerByte))
-	_, _ = tw.Write(fmt.Appendf(nil, "Storage Price:\t%d (int)\n", storagePrice))
+	_, _ = tw.Write([]byte(fmt.Sprintf("Execution Fee Factor:\t%d (int)\n", execFee)))
+	_, _ = tw.Write([]byte(fmt.Sprintf("Fee Per Byte:\t%d (int)\n", feePerByte)))
+	_, _ = tw.Write([]byte(fmt.Sprintf("Storage Price:\t%d (int)\n", storagePrice)))

 	_ = tw.Flush()
 	cmd.Print(buf.String())
--- a/cmd/frostfs-adm/internal/modules/morph/policy/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/policy/root.go
@ -16,7 +16,7 @@ var (
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		RunE: SetPolicyCmd,
-		ValidArgsFunction: func(_ *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {
+		ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 			return []string{"ExecFeeFactor=", "StoragePrice=", "FeePerByte="}, cobra.ShellCompDirectiveNoSpace
 		},
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/proxy/proxy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/proxy/proxy.go
@ -20,39 +20,30 @@ const (
 	accountAddressFlag = "account"
 )

-func parseAddresses(cmd *cobra.Command) []util.Uint160 {
-	var addrs []util.Uint160
-
-	accs, _ := cmd.Flags().GetStringArray(accountAddressFlag)
-	for _, acc := range accs {
-		addr, err := address.StringToUint160(acc)
-		commonCmd.ExitOnErr(cmd, "invalid account: %w", err)
-
-		addrs = append(addrs, addr)
-	}
-	return addrs
-}
-
 func addProxyAccount(cmd *cobra.Command, _ []string) {
-	addrs := parseAddresses(cmd)
-	err := processAccount(cmd, addrs, "addAccount")
+	acc, _ := cmd.Flags().GetString(accountAddressFlag)
+	addr, err := address.StringToUint160(acc)
+	commonCmd.ExitOnErr(cmd, "invalid account: %w", err)
+	err = processAccount(cmd, addr, "addAccount")
 	commonCmd.ExitOnErr(cmd, "processing error: %w", err)
 }

 func removeProxyAccount(cmd *cobra.Command, _ []string) {
-	addrs := parseAddresses(cmd)
-	err := processAccount(cmd, addrs, "removeAccount")
+	acc, _ := cmd.Flags().GetString(accountAddressFlag)
+	addr, err := address.StringToUint160(acc)
+	commonCmd.ExitOnErr(cmd, "invalid account: %w", err)
+	err = processAccount(cmd, addr, "removeAccount")
 	commonCmd.ExitOnErr(cmd, "processing error: %w", err)
 }

-func processAccount(cmd *cobra.Command, addrs []util.Uint160, method string) error {
+func processAccount(cmd *cobra.Command, addr util.Uint160, method string) error {
 	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
-		return fmt.Errorf("can't initialize context: %w", err)
+		return fmt.Errorf("can't to initialize context: %w", err)
 	}

 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -63,9 +54,7 @@ func processAccount(cmd *cobra.Command, addrs []util.Uint160, method string) err
 	}

 	bw := io.NewBufBinWriter()
-	for _, addr := range addrs {
-		emit.AppCall(bw.BinWriter, proxyHash, method, callflag.All, addr)
-	}
+	emit.AppCall(bw.BinWriter, proxyHash, method, callflag.All, addr)

 	if err := wCtx.SendConsensusTx(bw.Bytes()); err != nil {
 		return err
--- a/cmd/frostfs-adm/internal/modules/morph/proxy/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/proxy/root.go
@ -29,16 +29,12 @@ var (

 func initProxyAddAccount() {
 	AddAccountCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	AddAccountCmd.Flags().StringArray(accountAddressFlag, nil, "Wallet address string")
-	_ = AddAccountCmd.MarkFlagRequired(accountAddressFlag)
-	AddAccountCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	AddAccountCmd.Flags().String(accountAddressFlag, "", "Wallet address string")
 }

 func initProxyRemoveAccount() {
 	RemoveAccountCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	RemoveAccountCmd.Flags().StringArray(accountAddressFlag, nil, "Wallet address string")
-	_ = AddAccountCmd.MarkFlagRequired(accountAddressFlag)
-	RemoveAccountCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	RemoveAccountCmd.Flags().String(accountAddressFlag, "", "Wallet address string")
 }

 func init() {
--- a/cmd/frostfs-adm/internal/modules/morph/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/root.go
@ -10,7 +10,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/generate"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/initialize"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/netmap"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/nns"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/node"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/notary"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/policy"
@ -50,5 +49,4 @@ func init() {
 	RootCmd.AddCommand(proxy.RemoveAccountCmd)

 	RootCmd.AddCommand(frostfsid.Cmd)
-	RootCmd.AddCommand(nns.Cmd)
 }
--- a/cmd/frostfs-adm/internal/modules/root.go
+++ b/cmd/frostfs-adm/internal/modules/root.go
@ -5,7 +5,6 @@ import (

 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/metabase"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/storagecfg"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/misc"
@ -42,7 +41,6 @@ func init() {
 	rootCmd.AddCommand(config.RootCmd)
 	rootCmd.AddCommand(morph.RootCmd)
 	rootCmd.AddCommand(storagecfg.RootCmd)
-	rootCmd.AddCommand(metabase.RootCmd)

 	rootCmd.AddCommand(autocomplete.Command("frostfs-adm"))
 	rootCmd.AddCommand(gendoc.Command(rootCmd, gendoc.Options{}))
--- a/cmd/frostfs-adm/internal/modules/storagecfg/config.go
+++ b/cmd/frostfs-adm/internal/modules/storagecfg/config.go
@ -40,6 +40,8 @@ morph:
    - address: wss://{{.}}/ws{{end}}
 {{if not .Relay }}
 storage:
+  shard_pool_size: 15  # size of per-shard worker pools used for PUT operations
+
  shard:
    default: # section with the default shard parameters
      metabase:
@ -60,7 +62,6 @@ storage:
          width: 4   # max width of object tree storage in key-value DB
          opened_cache_capacity: 50  # maximum number of opened database files
          opened_cache_ttl: 5m  # ttl for opened database file
-          opened_cache_exp_interval: 15s  # cache cleanup interval for expired blobovnicza's

      gc:
        remover_batch_size: 200  # number of objects to be removed by the garbage collector
--- a/cmd/frostfs-adm/internal/modules/storagecfg/root.go
+++ b/cmd/frostfs-adm/internal/modules/storagecfg/root.go
@ -11,7 +11,6 @@ import (
 	"net/url"
 	"os"
 	"path/filepath"
-	"slices"
 	"strconv"
 	"strings"
 	"text/template"
@ -31,6 +30,7 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
+
 	"github.com/spf13/cobra"
 )

@ -105,7 +105,7 @@ func storageConfig(cmd *cobra.Command, args []string) {
 		fatalOnErr(errors.New("can't find account in wallet"))
 	}

-	c.Wallet.Password, err = input.ReadPassword(fmt.Sprintf("Enter password for %s > ", c.Wallet.Account))
+	c.Wallet.Password, err = input.ReadPassword(fmt.Sprintf("Account password for %s: ", c.Wallet.Account))
 	fatalOnErr(err)

 	err = acc.Decrypt(c.Wallet.Password, keys.NEP2ScryptParams())
@ -410,7 +410,8 @@ func initClient(rpc []string) *rpcclient.Client {
 	var c *rpcclient.Client
 	var err error

-	shuffled := slices.Clone(rpc)
+	shuffled := make([]string, len(rpc))
+	copy(shuffled, rpc)
 	rand.Shuffle(len(shuffled), func(i, j int) { shuffled[i], shuffled[j] = shuffled[j], shuffled[i] })

 	for _, endpoint := range shuffled {
--- a/cmd/frostfs-cli/docs/sessions.md
+++ b/cmd/frostfs-cli/docs/sessions.md
@ -72,3 +72,4 @@ All other `object` sub-commands support only static sessions (2).
 List of commands supporting sessions (static only):
 - `create`
 - `delete`
+- `set-eacl`
--- a/cmd/frostfs-cli/internal/client/client.go
+++ b/cmd/frostfs-cli/internal/client/client.go
@ -2,27 +2,25 @@ package internal

 import (
 	"bytes"
-	"cmp"
 	"context"
 	"errors"
 	"fmt"
 	"io"
-	"os"
-	"slices"
+	"sort"
+	"strings"

 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/accounting"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/checksum"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	containerSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 	objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/version"
 )

-var errMissingHeaderInResponse = errors.New("missing header in response")
-
 // BalanceOfPrm groups parameters of BalanceOf operation.
 type BalanceOfPrm struct {
 	commonPrm
@ -76,29 +74,13 @@ func ListContainers(ctx context.Context, prm ListContainersPrm) (res ListContain
 // SortedIDList returns sorted list of identifiers of user's containers.
 func (x ListContainersRes) SortedIDList() []cid.ID {
 	list := x.cliRes.Containers()
-	slices.SortFunc(list, cid.ID.Cmp)
+	sort.Slice(list, func(i, j int) bool {
+		lhs, rhs := list[i].EncodeToString(), list[j].EncodeToString()
+		return strings.Compare(lhs, rhs) < 0
+	})
 	return list
 }

-func ListContainersStream(ctx context.Context, prm ListContainersPrm, processCnr func(id cid.ID) bool) (err error) {
-	cliPrm := &client.PrmContainerListStream{
-		XHeaders: prm.XHeaders,
-		OwnerID:  prm.OwnerID,
-		Session:  prm.Session,
-	}
-	rdr, err := prm.cli.ContainerListInit(ctx, *cliPrm)
-	if err != nil {
-		return fmt.Errorf("init container list: %w", err)
-	}
-
-	err = rdr.Iterate(processCnr)
-	if err != nil {
-		return fmt.Errorf("read container list: %w", err)
-	}
-
-	return
-}
-
 // PutContainerPrm groups parameters of PutContainer operation.
 type PutContainerPrm struct {
 	Client       *client.Client
@ -205,6 +187,54 @@ func DeleteContainer(ctx context.Context, prm DeleteContainerPrm) (res DeleteCon
 	return
 }

+// EACLPrm groups parameters of EACL operation.
+type EACLPrm struct {
+	Client       *client.Client
+	ClientParams client.PrmContainerEACL
+}
+
+// EACLRes groups the resulting values of EACL operation.
+type EACLRes struct {
+	cliRes *client.ResContainerEACL
+}
+
+// EACL returns requested eACL table.
+func (x EACLRes) EACL() eacl.Table {
+	return x.cliRes.Table()
+}
+
+// EACL reads eACL table from FrostFS by container ID.
+//
+// Returns any error which prevented the operation from completing correctly in error return.
+func EACL(ctx context.Context, prm EACLPrm) (res EACLRes, err error) {
+	res.cliRes, err = prm.Client.ContainerEACL(ctx, prm.ClientParams)
+
+	return
+}
+
+// SetEACLPrm groups parameters of SetEACL operation.
+type SetEACLPrm struct {
+	Client       *client.Client
+	ClientParams client.PrmContainerSetEACL
+}
+
+// SetEACLRes groups the resulting values of SetEACL operation.
+type SetEACLRes struct{}
+
+// SetEACL requests to save an eACL table in FrostFS.
+//
+// Operation is asynchronous and no guaranteed even in the absence of errors.
+// The required time is also not predictable.
+//
+// Success can be verified by reading by container identifier.
+//
+// Returns any error which prevented the operation from completing correctly in error return.
+func SetEACL(ctx context.Context, prm SetEACLPrm) (res SetEACLRes, err error) {
+	_, err = prm.Client.ContainerSetEACL(ctx, prm.ClientParams)
+
+	return
+}
+
 // NetworkInfoPrm groups parameters of NetworkInfo operation.
 type NetworkInfoPrm struct {
 	Client       *client.Client
@ -323,7 +353,7 @@ type PutObjectPrm struct {

 	rdr io.Reader

-	headerCallback func()
+	headerCallback func(*objectSDK.Object)

 	prepareLocally bool
 }
@ -340,7 +370,7 @@ func (x *PutObjectPrm) SetPayloadReader(rdr io.Reader) {

 // SetHeaderCallback sets callback which is called on the object after the header is received
 // but before the payload is written.
-func (x *PutObjectPrm) SetHeaderCallback(f func()) {
+func (x *PutObjectPrm) SetHeaderCallback(f func(*objectSDK.Object)) {
 	x.headerCallback = f
 }

@ -409,7 +439,7 @@ func PutObject(ctx context.Context, prm PutObjectPrm) (*PutObjectRes, error) {

 	if wrt.WriteHeader(ctx, *prm.hdr) {
 		if prm.headerCallback != nil {
-			prm.headerCallback()
+			prm.headerCallback(prm.hdr)
 		}

 		sz := prm.hdr.PayloadSize()
@ -579,6 +609,13 @@ type HeadObjectPrm struct {
 	commonObjectPrm
 	objectAddressPrm
 	rawPrm
+
+	mainOnly bool
+}
+
+// SetMainOnlyFlag sets flag to get only main fields of an object header in terms of FrostFS API.
+func (x *HeadObjectPrm) SetMainOnlyFlag(v bool) {
+	x.mainOnly = v
 }

 // HeadObjectRes groups the resulting values of HeadObject operation.
@ -617,7 +654,7 @@ func HeadObject(ctx context.Context, prm HeadObjectPrm) (*HeadObjectRes, error)
 	var hdr objectSDK.Object

 	if !res.ReadHeader(&hdr) {
-		return nil, errMissingHeaderInResponse
+		return nil, fmt.Errorf("missing header in response")
 	}

 	return &HeadObjectRes{
@ -673,7 +710,9 @@ func SearchObjects(ctx context.Context, prm SearchObjectsPrm) (*SearchObjectsRes

 	for {
 		n, ok = rdr.Read(buf)
-		list = append(list, buf[:n]...)
+		for i := 0; i < n; i++ {
+			list = append(list, buf[i])
+		}
 		if !ok {
 			break
 		}
@ -684,7 +723,10 @@ func SearchObjects(ctx context.Context, prm SearchObjectsPrm) (*SearchObjectsRes
 		return nil, fmt.Errorf("read object list: %w", err)
 	}

-	slices.SortFunc(list, oid.ID.Cmp)
+	sort.Slice(list, func(i, j int) bool {
+		lhs, rhs := list[i].EncodeToString(), list[j].EncodeToString()
+		return strings.Compare(lhs, rhs) < 0
+	})

 	return &SearchObjectsRes{
 		ids: list,
@ -848,65 +890,3 @@ func SyncContainerSettings(ctx context.Context, prm SyncContainerPrm) (*SyncCont

 	return new(SyncContainerRes), nil
 }
-
-// PatchObjectPrm groups parameters of PatchObject operation.
-type PatchObjectPrm struct {
-	commonObjectPrm
-	objectAddressPrm
-
-	NewAttributes []objectSDK.Attribute
-
-	ReplaceAttribute bool
-
-	PayloadPatches []PayloadPatch
-}
-
-type PayloadPatch struct {
-	Range objectSDK.Range
-
-	PayloadPath string
-}
-
-type PatchRes struct {
-	OID oid.ID
-}
-
-func Patch(ctx context.Context, prm PatchObjectPrm) (*PatchRes, error) {
-	patchPrm := client.PrmObjectPatch{
-		XHeaders:    prm.xHeaders,
-		BearerToken: prm.bearerToken,
-		Session:     prm.sessionToken,
-		Address:     prm.objAddr,
-	}
-
-	slices.SortFunc(prm.PayloadPatches, func(a, b PayloadPatch) int {
-		return cmp.Compare(a.Range.GetOffset(), b.Range.GetOffset())
-	})
-
-	patcher, err := prm.cli.ObjectPatchInit(ctx, patchPrm)
-	if err != nil {
-		return nil, fmt.Errorf("init payload reading: %w", err)
-	}
-
-	if patcher.PatchAttributes(ctx, prm.NewAttributes, prm.ReplaceAttribute) {
-		for _, pp := range prm.PayloadPatches {
-			payloadFile, err := os.OpenFile(pp.PayloadPath, os.O_RDONLY, os.ModePerm)
-			if err != nil {
-				return nil, err
-			}
-			applied := patcher.PatchPayload(ctx, &pp.Range, payloadFile)
-			_ = payloadFile.Close()
-			if !applied {
-				break
-			}
-		}
-	}
-
-	res, err := patcher.Close(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return &PatchRes{
-		OID: res.ObjectID(),
-	}, nil
-}
--- a/cmd/frostfs-cli/internal/client/sdk.go
+++ b/cmd/frostfs-cli/internal/client/sdk.go
@ -58,7 +58,6 @@ func GetSDKClient(ctx context.Context, cmd *cobra.Command, key *ecdsa.PrivateKey
 		GRPCDialOptions: []grpc.DialOption{
 			grpc.WithChainUnaryInterceptor(tracing.NewUnaryClientInteceptor()),
 			grpc.WithChainStreamInterceptor(tracing.NewStreamClientInterceptor()),
-			grpc.WithDefaultCallOptions(grpc.WaitForReady(true)),
 		},
 	}
 	if timeout := viper.GetDuration(commonflags.Timeout); timeout > 0 {
--- a/cmd/frostfs-cli/internal/common/tracing.go
+++ b/cmd/frostfs-cli/internal/common/tracing.go
@ -2,7 +2,7 @@ package common

 import (
 	"context"
-	"slices"
+	"sort"
 	"strings"

 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
@ -45,11 +45,15 @@ func StartClientCommandSpan(cmd *cobra.Command) {
 	})
 	commonCmd.ExitOnErr(cmd, "init tracing: %w", err)

-	var components []string
+	var components sort.StringSlice
 	for c := cmd; c != nil; c = c.Parent() {
 		components = append(components, c.Name())
 	}
-	slices.Reverse(components)
+	for i, j := 0, len(components)-1; i < j; {
+		components.Swap(i, j)
+		i++
+		j--
+	}

 	operation := strings.Join(components, ".")
 	ctx, span := tracing.StartSpanFromContext(cmd.Context(), operation)
--- a/cmd/frostfs-cli/internal/commonflags/flags.go
+++ b/cmd/frostfs-cli/internal/commonflags/flags.go
@ -11,9 +11,9 @@ import (
 // values and their usage descriptions.
 const (
 	GenerateKey          = "generate-key"
-	GenerateKeyShorthand = "g"
-	GenerateKeyDefault   = false
-	GenerateKeyUsage     = "Generate new private key"
+	generateKeyShorthand = "g"
+	generateKeyDefault   = false
+	generateKeyUsage     = "Generate new private key"

 	WalletPath          = "wallet"
 	WalletPathShorthand = "w"
@ -28,7 +28,7 @@ const (
 	RPC          = "rpc-endpoint"
 	RPCShorthand = "r"
 	RPCDefault   = ""
-	RPCUsage     = "Remote node address ('<host>:<port>' or 'grpcs://<host>:<port>')"
+	RPCUsage     = "Remote node address (as 'multiaddr' or '<host>:<port>')"

 	Timeout          = "timeout"
 	TimeoutShorthand = "t"
@ -50,13 +50,6 @@ const (

 	TracingFlag      = "trace"
 	TracingFlagUsage = "Generate trace ID and print it."
-
-	AwaitFlag      = "await"
-	AwaitFlagUsage = "Wait for the operation to complete"
-
-	QuietFlag          = "quiet"
-	QuietFlagShorthand = "q"
-	QuietFlagUsage     = "Print nothing and exit with non-zero code on failure"
 )

 // Init adds common flags to the command:
@ -79,7 +72,7 @@ func Init(cmd *cobra.Command) {
 func InitWithoutRPC(cmd *cobra.Command) {
 	ff := cmd.Flags()

-	ff.BoolP(GenerateKey, GenerateKeyShorthand, GenerateKeyDefault, GenerateKeyUsage)
+	ff.BoolP(GenerateKey, generateKeyShorthand, generateKeyDefault, generateKeyUsage)
 	ff.StringP(WalletPath, WalletPathShorthand, WalletPathDefault, WalletPathUsage)
 	ff.StringP(Account, AccountShorthand, AccountDefault, AccountUsage)
 }
--- a/cmd/frostfs-cli/internal/key/key_test.go
+++ b/cmd/frostfs-cli/internal/key/key_test.go
@ -24,8 +24,6 @@ var testCmd = &cobra.Command{
 }

 func Test_getOrGenerate(t *testing.T) {
-	t.Cleanup(viper.Reset)
-
 	dir := t.TempDir()

 	wallPath := filepath.Join(dir, "wallet.json")
--- a/cmd/frostfs-cli/modules/accounting/balance.go
+++ b/cmd/frostfs-cli/modules/accounting/balance.go
@ -23,7 +23,7 @@ var accountingBalanceCmd = &cobra.Command{
 	Use:   "balance",
 	Short: "Get internal balance of FrostFS account",
 	Long:  `Get internal balance of FrostFS account`,
-	Run: func(cmd *cobra.Command, _ []string) {
+	Run: func(cmd *cobra.Command, args []string) {
 		var idUser user.ID

 		pk := key.GetOrGenerate(cmd)
--- a/cmd/frostfs-cli/modules/accounting/root.go
+++ b/cmd/frostfs-cli/modules/accounting/root.go
@ -11,7 +11,7 @@ var Cmd = &cobra.Command{
 	Use:   "accounting",
 	Short: "Operations with accounts and balances",
 	Long:  `Operations with accounts and balances`,
-	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
+	PersistentPreRun: func(cmd *cobra.Command, args []string) {
 		flags := cmd.Flags()

 		_ = viper.BindPFlag(commonflags.WalletPath, flags.Lookup(commonflags.WalletPath))
--- a/cmd/frostfs-cli/modules/ape_manager/add_chain.go
+++ b/cmd/frostfs-cli/modules/ape_manager/add_chain.go
@ -1,86 +0,0 @@
-package apemanager
-
-import (
-	"fmt"
-
-	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
-	apeSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
-	client_sdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
-	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
-	"github.com/spf13/cobra"
-)
-
-var addCmd = &cobra.Command{
-	Use:   "add",
-	Short: "Add rule chain for a target",
-	Run:   add,
-	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
-		commonflags.Bind(cmd)
-	},
-}
-
-func parseTarget(cmd *cobra.Command) (ct apeSDK.ChainTarget) {
-	t := apeCmd.ParseTarget(cmd)
-
-	ct.Name = t.Name
-
-	switch t.Type {
-	case engine.Namespace:
-		ct.TargetType = apeSDK.TargetTypeNamespace
-	case engine.Container:
-		ct.TargetType = apeSDK.TargetTypeContainer
-	case engine.User:
-		ct.TargetType = apeSDK.TargetTypeUser
-	case engine.Group:
-		ct.TargetType = apeSDK.TargetTypeGroup
-	default:
-		commonCmd.ExitOnErr(cmd, "conversion error: %w", fmt.Errorf("unknown type '%c'", t.Type))
-	}
-	return ct
-}
-
-func parseChain(cmd *cobra.Command) apeSDK.Chain {
-	c := apeCmd.ParseChain(cmd)
-	serialized := c.Bytes()
-	return apeSDK.Chain{
-		Raw: serialized,
-	}
-}
-
-func add(cmd *cobra.Command, _ []string) {
-	c := parseChain(cmd)
-
-	target := parseTarget(cmd)
-
-	key := key.Get(cmd)
-	cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
-
-	res, err := cli.APEManagerAddChain(cmd.Context(), client_sdk.PrmAPEManagerAddChain{
-		ChainTarget: target,
-		Chain:       c,
-	})
-
-	commonCmd.ExitOnErr(cmd, "add chain error: %w", err)
-
-	cmd.Println("Rule has been added.")
-	cmd.Println("Chain ID: ", string(res.ChainID))
-}
-
-func initAddCmd() {
-	commonflags.Init(addCmd)
-
-	ff := addCmd.Flags()
-	ff.StringArray(apeCmd.RuleFlag, []string{}, apeCmd.RuleFlagDesc)
-	ff.String(apeCmd.PathFlag, "", apeCmd.PathFlagDesc)
-	ff.String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
-	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
-	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
-	_ = addCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
-	ff.Bool(apeCmd.ChainIDHexFlag, false, apeCmd.ChainIDHexFlagDesc)
-
-	addCmd.MarkFlagsMutuallyExclusive(apeCmd.PathFlag, apeCmd.RuleFlag)
-}
--- a/cmd/frostfs-cli/modules/ape_manager/list_chain.go
+++ b/cmd/frostfs-cli/modules/ape_manager/list_chain.go
@ -1,49 +0,0 @@
-package apemanager
-
-import (
-	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
-	client_sdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
-	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
-	"github.com/spf13/cobra"
-)
-
-var listCmd = &cobra.Command{
-	Use:   "list",
-	Short: "List rule chains defined on target",
-	Run:   list,
-	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
-		commonflags.Bind(cmd)
-	},
-}
-
-func list(cmd *cobra.Command, _ []string) {
-	target := parseTarget(cmd)
-
-	key := key.Get(cmd)
-	cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
-
-	resp, err := cli.APEManagerListChains(cmd.Context(),
-		client_sdk.PrmAPEManagerListChains{
-			ChainTarget: target,
-		})
-	commonCmd.ExitOnErr(cmd, "list chains call error: %w", err)
-
-	for _, respChain := range resp.Chains {
-		var chain apechain.Chain
-		commonCmd.ExitOnErr(cmd, "decode error: %w", chain.DecodeBytes(respChain.Raw))
-		apeCmd.PrintHumanReadableAPEChain(cmd, &chain)
-	}
-}
-
-func initListCmd() {
-	commonflags.Init(listCmd)
-
-	ff := listCmd.Flags()
-	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
-	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
-	_ = listCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
-}
--- a/cmd/frostfs-cli/modules/ape_manager/remove_chain.go
+++ b/cmd/frostfs-cli/modules/ape_manager/remove_chain.go
@ -1,51 +0,0 @@
-package apemanager
-
-import (
-	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
-	client_sdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
-	"github.com/spf13/cobra"
-)
-
-var removeCmd = &cobra.Command{
-	Use:   "remove",
-	Short: "Remove rule chain for a target",
-	Run:   remove,
-	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
-		commonflags.Bind(cmd)
-	},
-}
-
-func remove(cmd *cobra.Command, _ []string) {
-	target := parseTarget(cmd)
-
-	key := key.Get(cmd)
-	cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
-
-	chainID := apeCmd.ParseChainID(cmd)
-	chainIDRaw := []byte(chainID)
-
-	_, err := cli.APEManagerRemoveChain(cmd.Context(), client_sdk.PrmAPEManagerRemoveChain{
-		ChainTarget: target,
-		ChainID:     chainIDRaw,
-	})
-
-	commonCmd.ExitOnErr(cmd, "remove chain error: %w", err)
-
-	cmd.Println("\nRule has been removed.")
-}
-
-func initRemoveCmd() {
-	commonflags.Init(removeCmd)
-
-	ff := removeCmd.Flags()
-	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
-	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
-	_ = removeCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
-	ff.String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
-	_ = removeCmd.MarkFlagRequired(apeCmd.ChainIDFlag)
-	ff.Bool(apeCmd.ChainIDHexFlag, false, apeCmd.ChainIDHexFlagDesc)
-}
--- a/cmd/frostfs-cli/modules/ape_manager/root.go
+++ b/cmd/frostfs-cli/modules/ape_manager/root.go
@ -1,21 +0,0 @@
-package apemanager
-
-import (
-	"github.com/spf13/cobra"
-)
-
-var Cmd = &cobra.Command{
-	Use:   "ape-manager",
-	Short: "Operations with APE manager",
-	Long:  `Operations with APE manager`,
-}
-
-func init() {
-	Cmd.AddCommand(addCmd)
-	Cmd.AddCommand(removeCmd)
-	Cmd.AddCommand(listCmd)
-
-	initAddCmd()
-	initRemoveCmd()
-	initListCmd()
-}
--- a/cmd/frostfs-cli/modules/bearer/create.go
+++ b/cmd/frostfs-cli/modules/bearer/create.go
@ -15,12 +15,10 @@ import (
 	eaclSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
 )

 const (
 	eaclFlag           = "eacl"
-	apeFlag            = "ape"
 	issuedAtFlag       = "issued-at"
 	notValidBeforeFlag = "not-valid-before"
 	ownerFlag          = "owner"
@ -39,17 +37,10 @@ In this case --` + commonflags.RPC + ` flag should be specified and the epoch in
 is set to current epoch + n.
 `,
 	Run: createToken,
-	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
-		ff := cmd.Flags()
-
-		_ = viper.BindPFlag(commonflags.WalletPath, ff.Lookup(commonflags.WalletPath))
-		_ = viper.BindPFlag(commonflags.Account, ff.Lookup(commonflags.Account))
-	},
 }

 func init() {
-	createCmd.Flags().StringP(eaclFlag, "e", "", "Path to the extended ACL table (mutually exclusive with --impersonate and --ape flag)")
-	createCmd.Flags().StringP(apeFlag, "a", "", "Path to the JSON-encoded APE override (mutually exclusive with --impersonate and --eacl flag)")
+	createCmd.Flags().StringP(eaclFlag, "e", "", "Path to the extended ACL table (mutually exclusive with --impersonate flag)")
 	createCmd.Flags().StringP(issuedAtFlag, "i", "+0", "Epoch to issue token at")
 	createCmd.Flags().StringP(notValidBeforeFlag, "n", "+0", "Not valid before epoch")
 	createCmd.Flags().StringP(commonflags.ExpireAt, "x", "", "The last active epoch for the token")
@ -58,15 +49,13 @@ func init() {
 	createCmd.Flags().Bool(jsonFlag, false, "Output token in JSON")
 	createCmd.Flags().Bool(impersonateFlag, false, "Mark token as impersonate to consider the token signer as the request owner (mutually exclusive with --eacl flag)")
 	createCmd.Flags().StringP(commonflags.RPC, commonflags.RPCShorthand, commonflags.RPCDefault, commonflags.RPCUsage)
-	createCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, commonflags.WalletPathDefault, commonflags.WalletPathUsage)
-	createCmd.Flags().StringP(commonflags.Account, commonflags.AccountShorthand, commonflags.AccountDefault, commonflags.AccountUsage)

-	createCmd.MarkFlagsMutuallyExclusive(eaclFlag, apeFlag, impersonateFlag)
+	createCmd.MarkFlagsMutuallyExclusive(eaclFlag, impersonateFlag)

 	_ = cobra.MarkFlagFilename(createCmd.Flags(), eaclFlag)
-	_ = cobra.MarkFlagFilename(createCmd.Flags(), apeFlag)

 	_ = cobra.MarkFlagRequired(createCmd.Flags(), commonflags.ExpireAt)
+	_ = cobra.MarkFlagRequired(createCmd.Flags(), ownerFlag)
 	_ = cobra.MarkFlagRequired(createCmd.Flags(), outFlag)
 }

@ -107,16 +96,16 @@ func createToken(cmd *cobra.Command, _ []string) {
 			fmt.Errorf("expiration epoch is less than not-valid-before epoch: %d < %d", exp, nvb))
 	}

+	ownerStr, _ := cmd.Flags().GetString(ownerFlag)
+
+	var ownerID user.ID
+	commonCmd.ExitOnErr(cmd, "can't parse recipient: %w", ownerID.DecodeString(ownerStr))
+
 	var b bearer.Token
 	b.SetExp(exp)
 	b.SetNbf(nvb)
 	b.SetIat(iat)
-
-	if ownerStr, _ := cmd.Flags().GetString(ownerFlag); ownerStr != "" {
-		var ownerID user.ID
-		commonCmd.ExitOnErr(cmd, "can't parse recipient: %w", ownerID.DecodeString(ownerStr))
-		b.ForUser(ownerID)
-	}
+	b.ForUser(ownerID)

 	impersonate, _ := cmd.Flags().GetBool(impersonateFlag)
 	b.SetImpersonate(impersonate)
@ -130,14 +119,6 @@ func createToken(cmd *cobra.Command, _ []string) {
 		b.SetEACLTable(*table)
 	}

-	apePath, _ := cmd.Flags().GetString(apeFlag)
-	if apePath != "" {
-		var apeOverride bearer.APEOverride
-		raw, err := os.ReadFile(apePath)
-		commonCmd.ExitOnErr(cmd, "can't read APE rules: %w", err)
-		commonCmd.ExitOnErr(cmd, "can't parse APE rules: %w", json.Unmarshal(raw, &apeOverride))
-		b.SetAPEOverride(apeOverride)
-	}
 	var data []byte

 	toJSON, _ := cmd.Flags().GetBool(jsonFlag)
--- a/cmd/frostfs-cli/modules/bearer/generate_override.go
+++ b/cmd/frostfs-cli/modules/bearer/generate_override.go
@ -1,76 +0,0 @@
-package bearer
-
-import (
-	"fmt"
-	"os"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
-	apeSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
-	cidSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-	"github.com/spf13/cobra"
-)
-
-const (
-	outputFlag = "output"
-)
-
-var generateAPEOverrideCmd = &cobra.Command{
-	Use:   "generate-ape-override",
-	Short: "Generate APE override.",
-	Long: `Generate APE override by target and APE chains. Util command.
-
-Generated APE override can be dumped to a file in JSON format that is passed to
-"create" command.
-`,
-	Run: genereateAPEOverride,
-}
-
-func genereateAPEOverride(cmd *cobra.Command, _ []string) {
-	c := apeCmd.ParseChain(cmd)
-
-	targetCID, _ := cmd.Flags().GetString(commonflags.CIDFlag)
-	var cid cidSDK.ID
-	commonCmd.ExitOnErr(cmd, "invalid cid format: %w", cid.DecodeString(targetCID))
-
-	override := &bearer.APEOverride{
-		Target: apeSDK.ChainTarget{
-			TargetType: apeSDK.TargetTypeContainer,
-			Name:       targetCID,
-		},
-		Chains: []apeSDK.Chain{
-			{
-				Raw: c.Bytes(),
-			},
-		},
-	}
-
-	overrideMarshalled, err := override.MarshalJSON()
-	commonCmd.ExitOnErr(cmd, "failed to marshal APE override: %w", err)
-
-	outputPath, _ := cmd.Flags().GetString(outputFlag)
-	if outputPath != "" {
-		err := os.WriteFile(outputPath, overrideMarshalled, 0o644)
-		commonCmd.ExitOnErr(cmd, "dump error: %w", err)
-	} else {
-		fmt.Print("\n")
-		fmt.Println(string(overrideMarshalled))
-	}
-}
-
-func init() {
-	ff := generateAPEOverrideCmd.Flags()
-
-	ff.StringP(commonflags.CIDFlag, "", "", "Target container ID.")
-	_ = cobra.MarkFlagRequired(createCmd.Flags(), commonflags.CIDFlag)
-
-	ff.StringArray(apeCmd.RuleFlag, []string{}, "Rule statement")
-	ff.String(apeCmd.PathFlag, "", "Path to encoded chain in JSON or binary format")
-	ff.String(apeCmd.ChainIDFlag, "", "Assign ID to the parsed chain")
-	ff.Bool(apeCmd.ChainIDHexFlag, false, "Flag to parse chain ID as hex")
-
-	ff.String(outputFlag, "", "Output path to dump result JSON-encoded APE override")
-	_ = cobra.MarkFlagFilename(createCmd.Flags(), outputFlag)
-}
--- a/Show more
+++ b/Show more