1066 changed files with 35755 additions and 65936 deletions
--- a/.docker/Dockerfile.adm
+++ b/.docker/Dockerfile.adm
@ -1,4 +1,4 @@
-FROM golang:1.23 AS builder
+FROM golang:1.21 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.docker/Dockerfile.ci
+++ b/.docker/Dockerfile.ci
@ -1,4 +1,4 @@
-FROM golang:1.23
+FROM golang:1.21
 WORKDIR /tmp
--- a/.docker/Dockerfile.cli
+++ b/.docker/Dockerfile.cli
@ -1,4 +1,4 @@
-FROM golang:1.23 AS builder
+FROM golang:1.21 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.docker/Dockerfile.ir
+++ b/.docker/Dockerfile.ir
@ -1,4 +1,4 @@
-FROM golang:1.23 AS builder
+FROM golang:1.21 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.docker/Dockerfile.storage
+++ b/.docker/Dockerfile.storage
@ -1,4 +1,4 @@
-FROM golang:1.23 AS builder
+FROM golang:1.21 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.forgejo/workflows/build.yml
+++ b/.forgejo/workflows/build.yml
@ -1,10 +1,6 @@
 name: Build
-on:
+on: [pull_request]
  pull_request:
  push:
    branches:
      - master
 jobs:
  build:
@ -12,7 +8,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        go_versions: [ '1.22', '1.23' ]
+        go_versions: [ '1.20', '1.21' ]
    steps:
      - uses: actions/checkout@v3
--- a/.forgejo/workflows/dco.yml
+++ b/.forgejo/workflows/dco.yml
@ -13,7 +13,7 @@ jobs:
      - name: Setup Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.22'
+          go-version: '1.21'
      - name: Run commit format checker
        uses: https://git.frostfs.info/TrueCloudLab/dco-go@v3
--- a/.forgejo/workflows/oci-image.yml
+++ b/.forgejo/workflows/oci-image.yml
@ -1,28 +0,0 @@
 name: OCI image
 on:
  push:
  workflow_dispatch:
 jobs:
  image:
    name: Build container images
    runs-on: docker
    container: git.frostfs.info/truecloudlab/env:oci-image-builder-bookworm
    steps:
      - name: Clone git repo
        uses: actions/checkout@v3
      - name: Build OCI image
        run: make images
      - name: Push image to OCI registry
        run: |
          echo "$REGISTRY_PASSWORD" \
            | docker login --username truecloudlab --password-stdin git.frostfs.info
          make push-images
        if: >-
          startsWith(github.ref, 'refs/tags/v') &&
          (github.event_name == 'workflow_dispatch' || github.event_name == 'push')
        env:
          REGISTRY_PASSWORD: ${{secrets.FORGEJO_OCI_REGISTRY_PUSH_TOKEN}}
--- a/.forgejo/workflows/pre-commit.yml
+++ b/.forgejo/workflows/pre-commit.yml
@ -1,30 +0,0 @@
 name: Pre-commit hooks
 on:
  pull_request:
  push:
    branches:
      - master
 jobs:
  precommit:
    name: Pre-commit
    env:
      # Skip pre-commit hooks which are executed by other actions.
      SKIP: make-lint,go-staticcheck-repo-mod,go-unit-tests,gofumpt
    runs-on: ubuntu-22.04
    # If we use actions/setup-python from either Github or Gitea,
    # the line above fails with a cryptic error about not being able to find python.
    # So install everything manually.
    steps:
      - uses: actions/checkout@v3
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
          go-version: 1.23
      - name: Set up Python
        run: |
          apt update
          apt install -y pre-commit
      - name: Run pre-commit
        run: pre-commit run --color=always --hook-stage manual --all-files
--- a/.forgejo/workflows/tests.yml
+++ b/.forgejo/workflows/tests.yml
@ -1,10 +1,5 @@
 name: Tests and linters
-
+on: [pull_request]
 on:
  pull_request:
  push:
    branches:
      - master
 jobs:
  lint:
@ -16,7 +11,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.23'
+          go-version: '1.21'
          cache: true
      - name: Install linters
@ -30,7 +25,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        go_versions: [ '1.22', '1.23' ]
+        go_versions: [ '1.20', '1.21' ]
      fail-fast: false
    steps:
      - uses: actions/checkout@v3
@ -53,7 +48,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.22'
+          go-version: '1.21'
          cache: true
      - name: Run tests
@ -68,7 +63,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.23'
+          go-version: '1.21'
          cache: true
      - name: Install staticcheck
@ -86,7 +81,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.22'
+          go-version: '1.21'
          cache: true
      - name: Install gopls
@ -94,23 +89,3 @@ jobs:
      - name: Run gopls
        run: make gopls-run
  fumpt:
    name: Run gofumpt
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
          go-version: '1.23'
          cache: true
      - name: Install gofumpt
        run: make fumpt-install
      - name: Run gofumpt
        run: |
          make fumpt
          git diff --exit-code --quiet
--- a/.forgejo/workflows/vulncheck.yml
+++ b/.forgejo/workflows/vulncheck.yml
@ -1,10 +1,5 @@
 name: Vulncheck
-
+on: [pull_request]
 on:
  pull_request:
  push:
    branches:
      - master
 jobs:
  vulncheck:
@ -18,8 +13,7 @@ jobs:
      - name: Setup Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.23'
+          go-version: '1.21'
          check-latest: true
      - name: Install govulncheck
        run: go install golang.org/x/vuln/cmd/govulncheck@latest
--- a/.forgejo/ISSUE_TEMPLATE/bug_report.md
+++ b/.forgejo/ISSUE_TEMPLATE/bug_report.md
--- a/.forgejo/ISSUE_TEMPLATE/config.yml
+++ b/.forgejo/ISSUE_TEMPLATE/config.yml
--- a/.forgejo/ISSUE_TEMPLATE/feature_request.md
+++ b/.forgejo/ISSUE_TEMPLATE/feature_request.md
--- a/.forgejo/logo.svg
+++ b/.forgejo/logo.svg
--- a/.gitlint
+++ b/.gitlint
@ -0,0 +1,11 @@
 [general]
 fail-without-commits=True
 regex-style-search=True
 contrib=CC1
 [title-match-regex]
 regex=^\[\#[0-9Xx]+\]\s
 [ignore-by-title]
 regex=^Release(.*)
 ignore=title-match-regex
--- a/.golangci.yml
+++ b/.golangci.yml
@ -12,8 +12,7 @@ run:
 # output configuration options
 output:
  # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
-  formats:
+  format: tab
    - format: tab
 # all available settings of specific linters
 linters-settings:
@ -38,10 +37,6 @@ linters-settings:
    alias:
      pkg: git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object
      alias: objectSDK
  unused:
    field-writes-are-uses: false
    exported-fields-are-used: false
    local-variables-are-used: false
  custom:
    truecloudlab-linters:
      path: bin/linters/external_linters.so
@ -71,7 +66,7 @@ linters:
    - bidichk
    - durationcheck
    - exhaustive
-    - copyloopvar
+    - exportloopref
    - gofmt
    - goimports
    - misspell
@ -87,9 +82,5 @@ linters:
    - perfsprint
    - testifylint
    - protogetter
    - intrange
    - tenv
    - unconvert
    - unparam
  disable-all: true
  fast: false
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -2,6 +2,13 @@ ci:
  autofix_prs: false
 repos:
  - repo: https://github.com/jorisroovers/gitlint
    rev:  v0.19.1
    hooks:
      - id: gitlint
        stages: [commit-msg]
      - id: gitlint-ci
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
@ -16,7 +23,7 @@ repos:
    - id: trailing-whitespace
      args: [--markdown-linebreak-ext=md]
    - id: end-of-file-fixer
-      exclude: "(.key|.svg)$"
+      exclude: ".key$"
  - repo: https://github.com/shellcheck-py/shellcheck-py
    rev: v0.9.0.6
@ -35,7 +42,7 @@ repos:
    hooks:
       - id: go-unit-tests
         name: go unit tests
-         entry: make test GOFLAGS=''
+         entry: make test
         pass_filenames: false
         types: [go]
         language: system
--- a/.woodpecker/pre-commit.yml
+++ b/.woodpecker/pre-commit.yml
@ -0,0 +1,11 @@
 pipeline:
  # Kludge for non-root containers under WoodPecker
  fix-ownership:
    image: alpine:latest
    commands: chown -R 1234:1234 .
  pre-commit:
    image: git.frostfs.info/truecloudlab/frostfs-ci:v0.36
    commands:
      - export HOME="$(getent passwd $(id -u) | cut '-d:' -f6)"
      - pre-commit run --hook-stage manual
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,99 +9,7 @@ Changelog for FrostFS Node
 ### Removed
 ### Updated
-## [v0.44.0] - 2024-25-11 - Rongbuk
+## [v0.38.0-rc.2]
 ### Added
 - Allow to prioritize nodes during GET traversal via attributes (#1439)
 - Add metrics for the frostfsid cache (#1464)
 - Customize constant attributes attached to every tracing span (#1488)
 - Manage additional keys in the `frostfsid` contract (#1505)
 - Describe `--rule` flag in detail for `frostfs-cli ape-manager` subcommands (#1519)
 ### Changed
 - Support richer interaction with the console in `frostfs-cli container policy-playground` (#1396)
 - Print address in base58 format in `frostfs-adm morph policy set-admin` (#1515)
 ### Fixed
 - Fix EC object search (#1408)
 - Fix EC object put when one of the nodes is unavailable (#1427)
 ### Removed
 - Drop most of the eACL-related code (#1425)
 - Remove `--basic-acl` flag from `frostfs-cli container create` (#1483)
 ### Upgrading from v0.43.0
 The metabase schema has changed completely, resync is required.
 ## [v0.42.0]
 ### Added
 - Add audit logs for gRPC requests (#1184)
 - Add CLI command to convert eACL to APE (#1189)
 - Add `--await` flag to `control set-status` (#60)
 - `app_info` metric for binary version (#1154)
 - `--quiet` flag for healthcheck command (#1209)
 ### Changed
 - Deprecate Container.SetEACL RPC (#1219)
 ### Fixed
 - Take groups into account during APE processing (#1190)
 - Handle double SIGHUP correctly (#1145)
 - Handle empty filenames in tree listing (#1074)
 - Handle duplicate tree nodes in the split-brain scenario (#1234, #1251)
 - Remove APE pre-check in Object.GET/HEAD/RANGE RPC (#1249)
 - Delete EC gc marks and split info (#1257)
 - Do not search for non-existent objects on deletion (#1261)
 ### Updated
 - Make putting EC chunks more robust (#1233)
 ## [v0.41.0]
 ### Added
 - Support mTLS for morph client (#1170)
 ### Fixed
 - Update shard state metric during shard init (#1174)
 - Handle ENOSPC in blobovnicza (#1166)
 - Handle multiple split-infos for EC objects (#1163)
 - Set `Disabled` mode as the default for components (#1168)
 ## [v0.40.0]
 ### Added
 - Support EC chunk reconstruction in policer (#1129)
 - Support LOCK, DELETE and SEARCH methods on EC objects (#1147, 1144)
 - apemanager service to manage APE chains (#1105)
 ### Fixed
 - Properly verify GetRangeHash response (#1083)
 - Send `MONOTONIC_USEC` in sdnotify on reload (#1135)
 ### Updated
 - neo-go to `v0.106.0`
 ## [v0.39.0]
 ### Added
 - Preliminary erasure coding support (#1065, #1112, #1103, #1120)
 - TTL cache for blobovnicza tree (#1004)
 - Cache for frostfsid and policy contracts (#1117)
 - Writecache path to metric labels (#966)
 - Documentation for authentication mechanisms (#1097, #1104)
 - Metrics for metabase resync status (#1029)
 ### Changed
 - Speed up metabase resync (#1024)
 ### Fixed
 - Possible panic in GET_RANGE (#1077)
 ### Updated
 - Minimum required Go version to 1.21
 ## [v0.38.0]
 ### Added
 - Add `trace_id` to logs in `frostfs-node` (#146)
@ -110,7 +18,6 @@ The metabase schema has changed completely, resync is required.
 - Allow sealing writecache (#569)
 - Support tree service in data evacuation (#947)
 - Use new policy engine mechanism for access control (#770, #804)
 - Log about active notary deposit waiting (#963)
 ### Changed
 - Sort output in `frostfs-cli` subcommands (#333)
--- a/3
+++ b/3
@ -1,3 +0,0 @@
 .*          @TrueCloudLab/storage-core-committers @TrueCloudLab/storage-core-developers
 .forgejo/.* @potyarkin
 Makefile    @potyarkin
--- a/111
+++ b/111
@ -4,19 +4,20 @@ SHELL = bash
 REPO ?= $(shell go list -m)
 VERSION ?= $(shell git describe --tags --dirty --match "v*" --always --abbrev=8 2>/dev/null || cat VERSION 2>/dev/null || echo "develop")
-HUB_IMAGE ?= git.frostfs.info/truecloudlab/frostfs
+HUB_IMAGE ?= truecloudlab/frostfs
 HUB_TAG ?= "$(shell echo ${VERSION} | sed 's/^v//')"
-GO_VERSION ?= 1.22
+GO_VERSION ?= 1.21
-LINT_VERSION ?= 1.62.2
+LINT_VERSION ?= 1.55.2
-TRUECLOUDLAB_LINT_VERSION ?= 0.0.8
+TRUECLOUDLAB_LINT_VERSION ?= 0.0.3
 PROTOC_VERSION ?= 25.0
-PROTOGEN_FROSTFS_VERSION ?= $(shell go list -f '{{.Version}}' -m git.frostfs.info/TrueCloudLab/frostfs-sdk-go)
+PROTOC_GEN_GO_VERSION ?= $(shell go list -f '{{.Version}}' -m google.golang.org/protobuf)
 PROTOGEN_FROSTFS_VERSION ?= $(shell go list -f '{{.Version}}' -m git.frostfs.info/TrueCloudLab/frostfs-api-go/v2)
 PROTOC_OS_VERSION=osx-x86_64
 ifeq ($(shell uname), Linux)
 	PROTOC_OS_VERSION=linux-x86_64
 endif
-STATICCHECK_VERSION ?= 2024.1.1
+STATICCHECK_VERSION ?= 2023.1.6
 ARCH = amd64
 BIN = bin
@ -27,32 +28,32 @@ DIRS = $(BIN) $(RELEASE)
 CMDS = $(notdir $(basename $(wildcard cmd/frostfs-*)))
 BINS = $(addprefix $(BIN)/, $(CMDS))
 # .deb package versioning
 OS_RELEASE = $(shell lsb_release -cs)
 PKG_VERSION ?= $(shell echo $(VERSION) | sed "s/^v//" | \
 			sed -E "s/(.*)-(g[a-fA-F0-9]{6,8})(.*)/\1\3~\2/" | \
 			sed "s/-/~/")-${OS_RELEASE}
 OUTPUT_LINT_DIR ?= $(abspath $(BIN))/linters
 LINT_DIR = $(OUTPUT_LINT_DIR)/golangci-lint-$(LINT_VERSION)-v$(TRUECLOUDLAB_LINT_VERSION)
 TMP_DIR := .cache
 PROTOBUF_DIR ?= $(abspath $(BIN))/protobuf
 PROTOC_DIR ?= $(PROTOBUF_DIR)/protoc-v$(PROTOC_VERSION)
 PROTOC_GEN_GO_DIR ?= $(PROTOBUF_DIR)/protoc-gen-go-$(PROTOC_GEN_GO_VERSION)
 PROTOGEN_FROSTFS_DIR ?= $(PROTOBUF_DIR)/protogen-$(PROTOGEN_FROSTFS_VERSION)
 STATICCHECK_DIR ?= $(abspath $(BIN))/staticcheck
 STATICCHECK_VERSION_DIR ?= $(STATICCHECK_DIR)/$(STATICCHECK_VERSION)
 SOURCES = $(shell find . -type f -name "*.go" -print)
 GOFUMPT_VERSION ?= v0.7.0
 GOFUMPT_DIR ?= $(abspath $(BIN))/gofumpt
 GOFUMPT_VERSION_DIR ?= $(GOFUMPT_DIR)/$(GOFUMPT_VERSION)
 GOPLS_VERSION ?= v0.15.1
 GOPLS_DIR ?= $(abspath $(BIN))/gopls
 GOPLS_VERSION_DIR ?= $(GOPLS_DIR)/$(GOPLS_VERSION)
 GOPLS_TEMP_FILE := $(shell mktemp)
 FROSTFS_CONTRACTS_PATH=$(abspath ./../frostfs-contract)
 LOCODE_DB_PATH=$(abspath ./.cache/locode_db)
 LOCODE_DB_VERSION=v0.4.0
 .PHONY: help all images dep clean fmts fumpt imports test lint docker/lint
-		prepare-release pre-commit unpre-commit
+		prepare-release debpackage pre-commit unpre-commit
 # To build a specific binary, use it's name prefix with bin/ as a target
 # For example `make bin/frostfs-node` will build only storage node binary
@ -99,20 +100,21 @@ export-metrics: dep
 # Regenerate proto files:
 protoc:
-	@if [ ! -d "$(PROTOC_DIR)" ] || [ ! -d "$(PROTOGEN_FROSTFS_DIR)" ]; then \
+	@if [ ! -d "$(PROTOC_DIR)" ] || [ ! -d "$(PROTOC_GEN_GO_DIR)" ] || [ ! -d "$(PROTOGEN_FROSTFS_DIR)" ]; then \
 		make protoc-install; \
 	fi
 	@for f in `find . -type f -name '*.proto' -not -path './bin/*'`; do \
 		echo "⇒ Processing $$f "; \
 		$(PROTOC_DIR)/bin/protoc \
 			--proto_path=.:$(PROTOC_DIR)/include:/usr/local/include \
 			--plugin=protoc-gen-go=$(PROTOC_GEN_GO_DIR)/protoc-gen-go \
 			--plugin=protoc-gen-go-frostfs=$(PROTOGEN_FROSTFS_DIR)/protogen \
 			--go-frostfs_out=. --go-frostfs_opt=paths=source_relative \
 			--go_out=. --go_opt=paths=source_relative \
 			--go-grpc_opt=require_unimplemented_servers=false \
 			--go-grpc_out=. --go-grpc_opt=paths=source_relative $$f; \
 	done
 # Install protoc
 protoc-install:
 	@rm -rf $(PROTOBUF_DIR)
 	@mkdir $(PROTOBUF_DIR)
@ -120,8 +122,10 @@ protoc-install:
 	@wget -q -O $(PROTOBUF_DIR)/protoc-$(PROTOC_VERSION).zip 'https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION)-$(PROTOC_OS_VERSION).zip'
 	@unzip -q -o $(PROTOBUF_DIR)/protoc-$(PROTOC_VERSION).zip -d $(PROTOC_DIR)
 	@rm $(PROTOBUF_DIR)/protoc-$(PROTOC_VERSION).zip
 	@echo "⇒ Installing protoc-gen-go..."
 	@GOBIN=$(PROTOC_GEN_GO_DIR) go install -v google.golang.org/protobuf/...@$(PROTOC_GEN_GO_VERSION)
 	@echo "⇒ Instaling protogen FrostFS plugin..."
-	@GOBIN=$(PROTOGEN_FROSTFS_DIR) go install -mod=mod -v git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/util/protogen@$(PROTOGEN_FROSTFS_VERSION)
+	@GOBIN=$(PROTOGEN_FROSTFS_DIR) go install -mod=mod -v git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/util/protogen@$(PROTOGEN_FROSTFS_VERSION)
 # Build FrostFS component's docker image
 image-%:
@ -139,15 +143,6 @@ images: image-storage image-ir image-cli image-adm
 # Build dirty local Docker images
 dirty-images: image-dirty-storage image-dirty-ir image-dirty-cli image-dirty-adm
 # Push FrostFS components' docker image to the registry
 push-image-%:
 	@echo "⇒ Publish FrostFS $* docker image "
 	@docker push $(HUB_IMAGE)-$*:$(HUB_TAG)
 # Push all Docker images to the registry
 .PHONY: push-images
 push-images: push-image-storage push-image-ir push-image-cli push-image-adm
 # Run `make %` in Golang container
 docker/%:
 	docker run --rm -t \
@ -166,27 +161,15 @@ imports:
 	@echo "⇒ Processing goimports check"
 	@goimports -w cmd/ pkg/ misc/
 # Install gofumpt
 fumpt-install:
 	@rm -rf $(GOFUMPT_DIR)
 	@mkdir $(GOFUMPT_DIR)
 	@GOBIN=$(GOFUMPT_VERSION_DIR) go install mvdan.cc/gofumpt@$(GOFUMPT_VERSION)
 # Run gofumpt
 fumpt:
 	@if [ ! -d "$(GOFUMPT_VERSION_DIR)" ]; then \
 		make fumpt-install; \
 	fi
 	@echo "⇒ Processing gofumpt check"
-	$(GOFUMPT_VERSION_DIR)/gofumpt -l -w cmd/ pkg/ misc/
+	@gofumpt -l -w cmd/ pkg/ misc/
 # Run Unit Test with go test
 test: GOFLAGS ?= "-count=1"
 test:
 	@echo "⇒ Running go test"
-	@GOFLAGS="$(GOFLAGS)" go test ./...
+	@go test ./... -count=1
 # Run pre-commit
 pre-commit-run:
 	@pre-commit run -a --hook-stage manual
@ -200,7 +183,7 @@ lint-install:
 	@@make -C $(TMP_DIR)/linters lib CGO_ENABLED=1 OUT_DIR=$(OUTPUT_LINT_DIR)
 	@rm -rf $(TMP_DIR)/linters
 	@rmdir $(TMP_DIR) 2>/dev/null || true
-	@CGO_ENABLED=1 GOBIN=$(LINT_DIR) go install -trimpath github.com/golangci/golangci-lint/cmd/golangci-lint@v$(LINT_VERSION)
+	@CGO_ENABLED=1 GOBIN=$(LINT_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v$(LINT_VERSION)
 # Run linters
 lint:
@ -222,23 +205,18 @@ staticcheck-run:
 	fi
 	@$(STATICCHECK_VERSION_DIR)/staticcheck ./...
 # Install gopls
 gopls-install:
 	@rm -rf $(GOPLS_DIR)
 	@mkdir $(GOPLS_DIR)
 	@GOBIN=$(GOPLS_VERSION_DIR) go install golang.org/x/tools/gopls@$(GOPLS_VERSION)
 # Run gopls
 gopls-run:
 	@if [ ! -d "$(GOPLS_VERSION_DIR)" ]; then \
 		make gopls-install; \
 	fi
-	$(GOPLS_VERSION_DIR)/gopls check $(SOURCES) 2>&1 >$(GOPLS_TEMP_FILE)
+	@if [[ $$(find . -type f -name "*.go" -print | xargs $(GOPLS_VERSION_DIR)/gopls check | tee /dev/tty | wc -l) -ne 0 ]]; then \
 	@if [[ $$(wc -l < $(GOPLS_TEMP_FILE)) -ne 0 ]]; then \
 		cat $(GOPLS_TEMP_FILE); \
 		exit 1; \
 	fi
 	rm $(GOPLS_TEMP_FILE)
 # Run linters in Docker
 docker/lint:
@ -266,33 +244,36 @@ clean:
 	rm -rf $(BIN)
 	rm -rf $(RELEASE)
-# Download locode database
+# Package for Debian
-locode-download:
+debpackage:
-	mkdir -p $(TMP_DIR)
+	dch -b --package frostfs-node \
-	@wget -q -O ./$(TMP_DIR)/locode_db.gz 'https://git.frostfs.info/TrueCloudLab/frostfs-locode-db/releases/download/${LOCODE_DB_VERSION}/locode_db.gz'
+			--controlmaint \
-	gzip -dfk ./$(TMP_DIR)/locode_db.gz
+			--newversion $(PKG_VERSION) \
 			--distribution $(OS_RELEASE) \
 			"Please see CHANGELOG.md for code changes for $(VERSION)"
 	dpkg-buildpackage --no-sign -b
 debclean:
 	dh clean
 locode-download:
 	@wget -q -O ./.cache/locode_db.gz 'https://git.frostfs.info/TrueCloudLab/frostfs-locode-db/releases/download/${LOCODE_DB_VERSION}/locode_db.gz'
 	gzip -dfk ./.cache/locode_db.gz
 # Start dev environment
 env-up: all
 	docker compose -f dev/docker-compose.yml up -d
 	@if [ ! -d "$(FROSTFS_CONTRACTS_PATH)" ]; then \
 		echo "Frostfs contracts not found"; exit 1; \
 	fi
 	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph init --contracts ${FROSTFS_CONTRACTS_PATH}
-	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph refill-gas --gas 10.0 \
+	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph refill-gas --storage-wallet ./dev/storage/wallet.json --gas 10.0
 		--storage-wallet ./dev/storage/wallet01.json \
 		--storage-wallet ./dev/storage/wallet02.json \
 		--storage-wallet ./dev/storage/wallet03.json \
 		--storage-wallet ./dev/storage/wallet04.json
 	@if [ ! -f "$(LOCODE_DB_PATH)" ]; then \
 		make locode-download; \
 	fi
 	mkdir -p ./$(TMP_DIR)/state
 	mkdir -p ./$(TMP_DIR)/storage
 # Shutdown dev environment
 env-down:
-	docker compose -f dev/docker-compose.yml down -v
+	docker compose -f dev/docker-compose.yml down
-	rm -rf ./$(TMP_DIR)/state
+	docker volume rm -f frostfs-node_neo-go
-	rm -rf ./$(TMP_DIR)/storage
+	rm -f ./.cache/.frostfs-ir-state
 	rm -f ./.cache/.frostfs-node-state
 	rm -rf ./.cache/storage
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@
 <p align="center">
-  <img src="./.forgejo/logo.svg" width="500px" alt="FrostFS">
+  <img src="./.github/logo.svg" width="500px" alt="FrostFS">
 </p>
 <p align="center">
@ -7,8 +7,9 @@
 </p>
 ---
-[![Report](https://goreportcard.com/badge/git.frostfs.info/TrueCloudLab/frostfs-node)](https://goreportcard.com/report/git.frostfs.info/TrueCloudLab/frostfs-node)
+[![Report](https://goreportcard.com/badge/github.com/TrueCloudLab/frostfs-node)](https://goreportcard.com/report/github.com/TrueCloudLab/frostfs-node)
-![Release (latest)](https://git.frostfs.info/TrueCloudLab/frostfs-node/badges/release.svg)
+![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/TrueCloudLab/frostfs-node?sort=semver)
 ![License](https://img.shields.io/github/license/TrueCloudLab/frostfs-node.svg?style=popout)
 # Overview
@ -32,8 +33,8 @@ manipulate large amounts of data without paying a prohibitive price.
 FrostFS has a native [gRPC API](https://git.frostfs.info/TrueCloudLab/frostfs-api) and has
 protocol gateways for popular protocols such as [AWS
-S3](https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw),
+S3](https://github.com/TrueCloudLab/frostfs-s3-gw),
-[HTTP](https://git.frostfs.info/TrueCloudLab/frostfs-http-gw),
+[HTTP](https://github.com/TrueCloudLab/frostfs-http-gw),
 [FUSE](https://wikipedia.org/wiki/Filesystem_in_Userspace) and
 [sFTP](https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol) allowing
 developers to integrate applications without rewriting their code.
@ -44,11 +45,11 @@ Now, we only support GNU/Linux on amd64 CPUs with AVX/AVX2 instructions. More
 platforms will be officially supported after release `1.0`.
 The latest version of frostfs-node works with frostfs-contract
-[v0.19.2](https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases/tag/v0.19.2).
+[v0.16.0](https://github.com/TrueCloudLab/frostfs-contract/releases/tag/v0.16.0).
 # Building
-To make all binaries you need Go 1.22+ and `make`:
+To make all binaries you need Go 1.20+ and `make`:
 ```
 make all
 ```
@ -70,7 +71,7 @@ make docker/bin/frostfs-<name> # build a specific binary
 ## Docker images
-To make docker images suitable for use in [frostfs-dev-env](https://git.frostfs.info/TrueCloudLab/frostfs-dev-env/) use:
+To make docker images suitable for use in [frostfs-dev-env](https://github.com/TrueCloudLab/frostfs-dev-env/) use:
 ```
 make images
 ```
@ -98,7 +99,7 @@ See `frostfs-contract`'s README.md for build instructions.
 4. To create container and put object into it run (container and object IDs will be different):
 ```
-./bin/frostfs-cli container create -r 127.0.0.1:8080 --wallet ./dev/wallet.json --policy "REP 1 IN X CBF 1 SELECT 1 FROM * AS X" --await
+./bin/frostfs-cli container create -r 127.0.0.1:8080 --wallet ./dev/wallet.json --policy "REP 1 IN X CBF 1 SELECT 1 FROM * AS X" --basic-acl public-read-write --await
 Enter password >  <- press ENTER, the is no password for wallet
 CID: CfPhEuHQ2PRvM4gfBQDC4dWZY3NccovyfcnEdiq2ixju
@ -124,7 +125,7 @@ the feature/topic you are going to implement.
 # Credits
-FrostFS is maintained by [True Cloud Lab](https://git.frostfs.info/TrueCloudLab/) with the help and
+FrostFS is maintained by [True Cloud Lab](https://github.com/TrueCloudLab/) with the help and
 contributions from community members.
 Please see [CREDITS](CREDITS.md) for details.
--- a/2
+++ b/2
@ -1 +1 @@
-v0.44.0
+v0.36.0
--- a/cmd/frostfs-adm/README.md
+++ b/cmd/frostfs-adm/README.md
@ -56,8 +56,7 @@ credentials:     # passwords for consensus node / alphabet wallets
 #### Network deployment
 - `generate-alphabet` generates a set of wallets for consensus and
-  Alphabet nodes. The list of the name for alphabet wallets(no gaps between names allowed, order is important):
+  Alphabet nodes.
  - az, buky, vedi, glagoli, dobro, yest, zhivete, dzelo, zemlja, izhe, izhei, gerv, kako, ljudi, mislete, nash, on, pokoj, rtsi, slovo, tverdo, uk
 - `init` initializes the sidechain by deploying smart contracts and
  setting provided FrostFS network configuration.
--- a/cmd/frostfs-adm/docs/deploy.md
+++ b/cmd/frostfs-adm/docs/deploy.md
@ -9,8 +9,8 @@ related configuration details.
 To follow this guide you need:
 - latest released version of [neo-go](https://github.com/nspcc-dev/neo-go/releases) (v0.97.2 at the moment),
- latest released version of [frostfs-adm](https://git.frostfs.info/TrueCloudLab/frostfs-node/releases) utility (v0.42.9 at the moment),
+- latest released version of [frostfs-adm](https://github.com/TrueCloudLab/frostfs-node/releases) utility (v0.25.1 at the moment),
- latest released version of compiled [frostfs-contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases) (v0.19.2 at the moment).
+- latest released version of compiled [frostfs-contract](https://github.com/TrueCloudLab/frostfs-contract/releases) (v0.11.0 at the moment).
 ## Step 1: Prepare network configuration
@ -34,8 +34,6 @@ alphabet-wallets: /home/user/deploy/alphabet-wallets
 network:
  max_object_size: 67108864
  epoch_duration: 240
  max_ec_data_count: 12
  max_ec_parity_count: 4
  fee:
    candidate: 0
    container: 0
@ -64,11 +62,6 @@ alphabet-wallets: /home/user/deploy/alphabet-wallets
 wallet[0]: hunter2
 ```
 This command generates wallets with the following names:
 - az, buky, vedi, glagoli, dobro, yest, zhivete, dzelo, zemlja, izhe, izhei, gerv, kako, ljudi, mislete, nash, on, pokoj, rtsi, slovo, tverdo, uk
 No gaps between names allowed, order is important.
 Do not lose wallet files and network config. Store it in an encrypted backed up
 storage.
--- a/cmd/frostfs-adm/internal/commonflags/flags.go
+++ b/cmd/frostfs-adm/internal/commonflags/flags.go
@ -16,26 +16,16 @@ const (
 	EndpointFlagDesc  = "N3 RPC node endpoint"
 	EndpointFlagShort = "r"
 	WalletPath          = "wallet"
 	WalletPathShorthand = "w"
 	WalletPathUsage     = "Path to the wallet"
 	AlphabetWalletsFlag     = "alphabet-wallets"
 	AlphabetWalletsFlagDesc = "Path to alphabet wallets dir"
 	AdminWalletPath  = "wallet-admin"
 	AdminWalletUsage = "Path to the admin wallet"
 	LocalDumpFlag                   = "local-dump"
 	ProtoConfigPath                 = "protocol"
 	ContractsInitFlag               = "contracts"
 	ContractsInitFlagDesc           = "Path to archive with compiled FrostFS contracts (the default is to fetch the latest release from the official repository)"
 	ContractsURLFlag                = "contracts-url"
 	ContractsURLFlagDesc            = "URL to archive with compiled FrostFS contracts"
 	EpochDurationInitFlag           = "network.epoch_duration"
 	MaxObjectSizeInitFlag           = "network.max_object_size"
 	MaxECDataCountFlag              = "network.max_ec_data_count"
 	MaxECParityCounFlag             = "network.max_ec_parity_count"
 	RefillGasAmountFlag             = "gas"
 	StorageWalletFlag               = "storage-wallet"
 	ContainerFeeInitFlag            = "network.fee.container"
@ -46,5 +36,4 @@ const (
 	HomomorphicHashDisabledInitFlag = "network.homomorphic_hash_disabled"
 	CustomZoneFlag                  = "domain"
 	AlphabetSizeFlag                = "size"
 	AllFlag                         = "all"
 )
--- a/cmd/frostfs-adm/internal/modules/config/config.go
+++ b/cmd/frostfs-adm/internal/modules/config/config.go
@ -21,8 +21,6 @@ type configTemplate struct {
 	CandidateFee            int
 	ContainerFee            int
 	ContainerAliasFee       int
 	MaxECDataCount          int
 	MaxECParityCount        int
 	WithdrawFee             int
 	Glagolitics             []string
 	HomomorphicHashDisabled bool
@ -33,8 +31,6 @@ alphabet-wallets: {{ .AlphabetDir}}
 network:
  max_object_size: {{ .MaxObjectSize}}
  epoch_duration: {{ .EpochDuration}}
  max_ec_data_count: {{ .MaxECDataCount}}
  max_ec_parity_count: {{ .MaxECParityCount}}
  homomorphic_hash_disabled: {{ .HomomorphicHashDisabled}}
  fee:
    candidate: {{ .CandidateFee}}
@ -110,8 +106,6 @@ func generateConfigExample(appDir string, credSize int) (string, error) {
 	tmpl := configTemplate{
 		Endpoint:                "https://neo.rpc.node:30333",
 		MaxObjectSize:           67108864,      // 64 MiB
 		MaxECDataCount:          12,            // Tested with 16-node networks, assuming 12 data + 4 parity nodes.
 		MaxECParityCount:        4,             // Maximum 4 parity chunks, typically <= 3 for most policies.
 		EpochDuration:           240,           // 1 hour with 15s per block
 		HomomorphicHashDisabled: false,         // object homomorphic hash is enabled
 		CandidateFee:            100_0000_0000, // 100.0 GAS (Fixed8)
@ -128,7 +122,7 @@ func generateConfigExample(appDir string, credSize int) (string, error) {
 	tmpl.AlphabetDir = filepath.Join(appDir, "alphabet-wallets")
 	var i innerring.GlagoliticLetter
-	for i = range innerring.GlagoliticLetter(credSize) {
+	for i = 0; i < innerring.GlagoliticLetter(credSize); i++ {
 		tmpl.Glagolitics = append(tmpl.Glagolitics, i.String())
 	}
--- a/cmd/frostfs-adm/internal/modules/config/config_test.go
+++ b/cmd/frostfs-adm/internal/modules/config/config_test.go
@ -27,8 +27,6 @@ func TestGenerateConfigExample(t *testing.T) {
 	require.Equal(t, "https://neo.rpc.node:30333", v.GetString("rpc-endpoint"))
 	require.Equal(t, filepath.Join(appDir, "alphabet-wallets"), v.GetString("alphabet-wallets"))
 	require.Equal(t, 67108864, v.GetInt("network.max_object_size"))
 	require.Equal(t, 12, v.GetInt("network.max_ec_data_count"))
 	require.Equal(t, 4, v.GetInt("network.max_ec_parity_count"))
 	require.Equal(t, 240, v.GetInt("network.epoch_duration"))
 	require.Equal(t, 10000000000, v.GetInt("network.fee.candidate"))
 	require.Equal(t, 1000, v.GetInt("network.fee.container"))
--- a/cmd/frostfs-adm/internal/modules/metabase/root.go
+++ b/cmd/frostfs-adm/internal/modules/metabase/root.go
@ -1,15 +0,0 @@
 package metabase
 import "github.com/spf13/cobra"
 // RootCmd is a root command of config section.
 var RootCmd = &cobra.Command{
 	Use:   "metabase",
 	Short: "Section for metabase commands",
 }
 func init() {
 	RootCmd.AddCommand(UpgradeCmd)
 	initUpgradeCommand()
 }
--- a/cmd/frostfs-adm/internal/modules/metabase/upgrade.go
+++ b/cmd/frostfs-adm/internal/modules/metabase/upgrade.go
@ -1,156 +0,0 @@
 package metabase
 import (
 	"context"
 	"errors"
 	"fmt"
 	"sync"
 	"time"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config"
 	engineconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/engine"
 	shardconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/engine/shard"
 	morphconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/morph"
 	nodeconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/node"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container"
 	meta "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/metabase"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
 	morphcontainer "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/container"
 	"github.com/spf13/cobra"
 	"golang.org/x/sync/errgroup"
 )
 const (
 	noCompactFlag = "no-compact"
 )
 var (
 	errNoPathsFound          = errors.New("no metabase paths found")
 	errNoMorphEndpointsFound = errors.New("no morph endpoints found")
 	errUpgradeFailed         = errors.New("upgrade failed")
 )
 var UpgradeCmd = &cobra.Command{
 	Use:   "upgrade",
 	Short: "Upgrade metabase to latest version",
 	RunE:  upgrade,
 }
 func upgrade(cmd *cobra.Command, _ []string) error {
 	configFile, err := cmd.Flags().GetString(commonflags.ConfigFlag)
 	if err != nil {
 		return err
 	}
 	configDir, err := cmd.Flags().GetString(commonflags.ConfigDirFlag)
 	if err != nil {
 		return err
 	}
 	appCfg := config.New(configFile, configDir, config.EnvPrefix)
 	paths, err := getMetabasePaths(appCfg)
 	if err != nil {
 		return err
 	}
 	if len(paths) == 0 {
 		return errNoPathsFound
 	}
 	cmd.Println("found", len(paths), "metabases:")
 	for i, path := range paths {
 		cmd.Println(i+1, ":", path)
 	}
 	mc, err := createMorphClient(cmd.Context(), appCfg)
 	if err != nil {
 		return err
 	}
 	defer mc.Close()
 	civ, err := createContainerInfoProvider(mc)
 	if err != nil {
 		return err
 	}
 	noCompact, _ := cmd.Flags().GetBool(noCompactFlag)
 	result := make(map[string]bool)
 	var resultGuard sync.Mutex
 	eg, ctx := errgroup.WithContext(cmd.Context())
 	for _, path := range paths {
 		eg.Go(func() error {
 			var success bool
 			cmd.Println("upgrading metabase", path, "...")
 			if err := meta.Upgrade(ctx, path, !noCompact, civ, func(a ...any) {
 				cmd.Println(append([]any{time.Now().Format(time.RFC3339), ":", path, ":"}, a...)...)
 			}); err != nil {
 				cmd.Println("error: failed to upgrade metabase", path, ":", err)
 			} else {
 				success = true
 				cmd.Println("metabase", path, "upgraded successfully")
 			}
 			resultGuard.Lock()
 			result[path] = success
 			resultGuard.Unlock()
 			return nil
 		})
 	}
 	if err := eg.Wait(); err != nil {
 		return err
 	}
 	allSuccess := true
 	for mb, ok := range result {
 		if ok {
 			cmd.Println(mb, ": success")
 		} else {
 			cmd.Println(mb, ": failed")
 			allSuccess = false
 		}
 	}
 	if allSuccess {
 		return nil
 	}
 	return errUpgradeFailed
 }
 func getMetabasePaths(appCfg *config.Config) ([]string, error) {
 	var paths []string
 	if err := engineconfig.IterateShards(appCfg, false, func(sc *shardconfig.Config) error {
 		paths = append(paths, sc.Metabase().Path())
 		return nil
 	}); err != nil {
 		return nil, fmt.Errorf("get metabase paths: %w", err)
 	}
 	return paths, nil
 }
 func createMorphClient(ctx context.Context, appCfg *config.Config) (*client.Client, error) {
 	addresses := morphconfig.RPCEndpoint(appCfg)
 	if len(addresses) == 0 {
 		return nil, errNoMorphEndpointsFound
 	}
 	key := nodeconfig.Key(appCfg)
 	cli, err := client.New(ctx,
 		key,
 		client.WithDialTimeout(morphconfig.DialTimeout(appCfg)),
 		client.WithEndpoints(addresses...),
 		client.WithSwitchInterval(morphconfig.SwitchInterval(appCfg)),
 	)
 	if err != nil {
 		return nil, fmt.Errorf("create morph client:%w", err)
 	}
 	return cli, nil
 }
 func createContainerInfoProvider(cli *client.Client) (container.InfoProvider, error) {
 	sh, err := cli.NNSContractAddress(client.NNSContainerContractName)
 	if err != nil {
 		return nil, fmt.Errorf("resolve container contract hash: %w", err)
 	}
 	cc, err := morphcontainer.NewFromMorph(cli, sh, 0)
 	if err != nil {
 		return nil, fmt.Errorf("create morph container client: %w", err)
 	}
 	return container.NewInfoProvider(func() (container.Source, error) {
 		return morphcontainer.AsContainerSource(cc), nil
 	}), nil
 }
 func initUpgradeCommand() {
 	flags := UpgradeCmd.Flags()
 	flags.Bool(noCompactFlag, false, "Do not compact upgraded metabase file")
 }
--- a/cmd/frostfs-adm/internal/modules/morph/ape/ape.go
+++ b/cmd/frostfs-adm/internal/modules/morph/ape/ape.go
@ -5,19 +5,33 @@ import (
 	"encoding/json"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 const (
-	jsonFlag      = "json"
+	namespaceTarget   = "namespace"
-	jsonFlagDesc  = "Output rule chains in JSON format"
+	containerTarget   = "container"
-	addrAdminFlag = "addr"
+	jsonFlag          = "json"
-	addrAdminDesc = "The address of the admins wallet"
+	jsonFlagDesc      = "Output rule chains in JSON format"
 	chainIDFlag       = "chain-id"
 	chainIDDesc       = "Rule chain ID"
 	ruleFlag          = "rule"
 	ruleFlagDesc      = "Rule chain in text format"
 	pathFlag          = "path"
 	pathFlagDesc      = "path to encoded chain in JSON or binary format"
 	targetNameFlag    = "target-name"
 	targetNameDesc    = "Resource name in APE resource name format"
 	targetTypeFlag    = "target-type"
 	targetTypeDesc    = "Resource type(container/namespace)"
 	addrAdminFlag     = "addr"
 	addrAdminDesc     = "The address of the admins wallet"
 	chainNameFlag     = "chain-name"
 	chainNameFlagDesc = "Chain name(ingress|s3)"
 )
 var (
@ -68,15 +82,6 @@ var (
 		},
 		Run: getAdmin,
 	}
 	listTargetsCmd = &cobra.Command{
 		Use:   "list-targets",
 		Short: "List targets",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: listTargets,
 	}
 )
 func initAddRuleChainCmd() {
@ -85,17 +90,17 @@ func initAddRuleChainCmd() {
 	addRuleChainCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	addRuleChainCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-	addRuleChainCmd.Flags().String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	addRuleChainCmd.Flags().String(targetTypeFlag, "", targetTypeDesc)
-	_ = addRuleChainCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	_ = addRuleChainCmd.MarkFlagRequired(targetTypeFlag)
-	addRuleChainCmd.Flags().String(apeCmd.TargetNameFlag, "", apeCmd.TargetTypeFlagDesc)
+	addRuleChainCmd.Flags().String(targetNameFlag, "", targetNameDesc)
-	_ = addRuleChainCmd.MarkFlagRequired(apeCmd.TargetNameFlag)
+	_ = addRuleChainCmd.MarkFlagRequired(targetNameFlag)
-	addRuleChainCmd.Flags().String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
+	addRuleChainCmd.Flags().String(chainIDFlag, "", chainIDDesc)
-	_ = addRuleChainCmd.MarkFlagRequired(apeCmd.ChainIDFlag)
+	_ = addRuleChainCmd.MarkFlagRequired(chainIDFlag)
-	addRuleChainCmd.Flags().StringArray(apeCmd.RuleFlag, []string{}, apeCmd.RuleFlagDesc)
+	addRuleChainCmd.Flags().StringArray(ruleFlag, []string{}, ruleFlagDesc)
-	addRuleChainCmd.Flags().String(apeCmd.PathFlag, "", apeCmd.PathFlagDesc)
+	addRuleChainCmd.Flags().String(pathFlag, "", pathFlagDesc)
-	addRuleChainCmd.Flags().String(apeCmd.ChainNameFlag, apeCmd.Ingress, apeCmd.ChainNameFlagDesc)
+	addRuleChainCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
-	addRuleChainCmd.MarkFlagsMutuallyExclusive(apeCmd.RuleFlag, apeCmd.PathFlag)
+	addRuleChainCmd.MarkFlagsMutuallyExclusive(ruleFlag, pathFlag)
 }
 func initRemoveRuleChainCmd() {
@ -104,25 +109,25 @@ func initRemoveRuleChainCmd() {
 	removeRuleChainCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	removeRuleChainCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-	removeRuleChainCmd.Flags().String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	removeRuleChainCmd.Flags().String(targetTypeFlag, "", targetTypeDesc)
-	_ = removeRuleChainCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	_ = removeRuleChainCmd.MarkFlagRequired(targetTypeFlag)
-	removeRuleChainCmd.Flags().String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	removeRuleChainCmd.Flags().String(targetNameFlag, "", targetNameDesc)
-	_ = removeRuleChainCmd.MarkFlagRequired(apeCmd.TargetNameFlag)
+	_ = removeRuleChainCmd.MarkFlagRequired(targetNameFlag)
-	removeRuleChainCmd.Flags().String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
+	removeRuleChainCmd.Flags().String(chainIDFlag, "", chainIDDesc)
-	removeRuleChainCmd.Flags().String(apeCmd.ChainNameFlag, apeCmd.Ingress, apeCmd.ChainNameFlagDesc)
+	_ = removeRuleChainCmd.MarkFlagRequired(chainIDFlag)
-	removeRuleChainCmd.Flags().Bool(commonflags.AllFlag, false, "Remove all chains for target")
+	removeRuleChainCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
 	removeRuleChainCmd.MarkFlagsMutuallyExclusive(commonflags.AllFlag, apeCmd.ChainIDFlag)
 }
 func initListRuleChainsCmd() {
 	Cmd.AddCommand(listRuleChainsCmd)
 	listRuleChainsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	listRuleChainsCmd.Flags().StringP(apeCmd.TargetTypeFlag, "t", "", apeCmd.TargetTypeFlagDesc)
+	listRuleChainsCmd.Flags().StringP(targetTypeFlag, "t", "", targetTypeDesc)
-	_ = listRuleChainsCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	_ = listRuleChainsCmd.MarkFlagRequired(targetTypeFlag)
-	listRuleChainsCmd.Flags().String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	listRuleChainsCmd.Flags().String(targetNameFlag, "", targetNameDesc)
 	_ = listRuleChainsCmd.MarkFlagRequired(targetNameFlag)
 	listRuleChainsCmd.Flags().Bool(jsonFlag, false, jsonFlagDesc)
-	listRuleChainsCmd.Flags().String(apeCmd.ChainNameFlag, apeCmd.Ingress, apeCmd.ChainNameFlagDesc)
+	listRuleChainsCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
 }
 func initSetAdminCmd() {
@ -140,19 +145,11 @@ func initGetAdminCmd() {
 	getAdminCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 }
 func initListTargetsCmd() {
 	Cmd.AddCommand(listTargetsCmd)
 	listTargetsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	listTargetsCmd.Flags().StringP(apeCmd.TargetTypeFlag, "t", "", apeCmd.TargetTypeFlagDesc)
 	_ = listTargetsCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
 }
 func addRuleChain(cmd *cobra.Command, _ []string) {
-	chain := apeCmd.ParseChain(cmd)
+	chain := parseChain(cmd)
 	target := parseTarget(cmd)
 	pci, ac := newPolicyContractInterface(cmd)
-	h, vub, err := pci.AddMorphRuleChain(apeCmd.ParseChainName(cmd), target, chain)
+	h, vub, err := pci.AddMorphRuleChain(parseChainName(cmd), target, chain)
 	cmd.Println("Waiting for transaction to persist...")
 	_, err = ac.Wait(h, vub, err)
 	commonCmd.ExitOnErr(cmd, "add rule chain error: %w", err)
@ -160,29 +157,20 @@ func addRuleChain(cmd *cobra.Command, _ []string) {
 }
 func removeRuleChain(cmd *cobra.Command, _ []string) {
 	chainID := parseChainID(cmd)
 	target := parseTarget(cmd)
 	pci, ac := newPolicyContractInterface(cmd)
-	removeAll, _ := cmd.Flags().GetBool(commonflags.AllFlag)
+	h, vub, err := pci.RemoveMorphRuleChain(parseChainName(cmd), target, chainID)
-	if removeAll {
+	cmd.Println("Waiting for transaction to persist...")
-		h, vub, err := pci.RemoveMorphRuleChainsByTarget(apeCmd.ParseChainName(cmd), target)
+	_, err = ac.Wait(h, vub, err)
-		cmd.Println("Waiting for transaction to persist...")
+	commonCmd.ExitOnErr(cmd, "remove rule chain error: %w", err)
-		_, err = ac.Wait(h, vub, err)
+	cmd.Println("Rule chain removed successfully")
 		commonCmd.ExitOnErr(cmd, "remove rule chain error: %w", err)
 		cmd.Println("All chains for target removed successfully")
 	} else {
 		chainID := apeCmd.ParseChainID(cmd)
 		h, vub, err := pci.RemoveMorphRuleChain(apeCmd.ParseChainName(cmd), target, chainID)
 		cmd.Println("Waiting for transaction to persist...")
 		_, err = ac.Wait(h, vub, err)
 		commonCmd.ExitOnErr(cmd, "remove rule chain error: %w", err)
 		cmd.Println("Rule chain removed successfully")
 	}
 }
 func listRuleChains(cmd *cobra.Command, _ []string) {
 	target := parseTarget(cmd)
 	pci, _ := newPolicyContractReaderInterface(cmd)
-	chains, err := pci.ListMorphRuleChains(apeCmd.ParseChainName(cmd), target)
+	chains, err := pci.ListMorphRuleChains(parseChainName(cmd), target)
 	commonCmd.ExitOnErr(cmd, "list rule chains error: %w", err)
 	if len(chains) == 0 {
 		return
@ -193,14 +181,14 @@ func listRuleChains(cmd *cobra.Command, _ []string) {
 		prettyJSONFormat(cmd, chains)
 	} else {
 		for _, c := range chains {
-			apeCmd.PrintHumanReadableAPEChain(cmd, c)
+			parseutil.PrintHumanReadableAPEChain(cmd, c)
 		}
 	}
 }
 func setAdmin(cmd *cobra.Command, _ []string) {
 	s, _ := cmd.Flags().GetString(addrAdminFlag)
-	addr, err := address.StringToUint160(s)
+	addr, err := util.Uint160DecodeStringLE(s)
 	commonCmd.ExitOnErr(cmd, "can't decode admin addr: %w", err)
 	pci, ac := newPolicyContractInterface(cmd)
 	h, vub, err := pci.SetAdmin(addr)
@ -214,29 +202,7 @@ func getAdmin(cmd *cobra.Command, _ []string) {
 	pci, _ := newPolicyContractReaderInterface(cmd)
 	addr, err := pci.GetAdmin()
 	commonCmd.ExitOnErr(cmd, "unable to get admin: %w", err)
-	cmd.Println(address.Uint160ToString(addr))
+	cmd.Println(addr.StringLE())
 }
 func listTargets(cmd *cobra.Command, _ []string) {
 	typ := apeCmd.ParseTargetType(cmd)
 	pci, inv := newPolicyContractReaderInterface(cmd)
 	sid, it, err := pci.ListTargetsIterator(typ)
 	commonCmd.ExitOnErr(cmd, "list targets error: %w", err)
 	items, err := inv.TraverseIterator(sid, &it, 0)
 	for err == nil && len(items) != 0 {
 		for _, item := range items {
 			bts, err := item.TryBytes()
 			commonCmd.ExitOnErr(cmd, "list targets error: %w", err)
 			if len(bts) == 0 {
 				cmd.Println("(no name)")
 			} else {
 				cmd.Println(string(bts))
 			}
 		}
 		items, err = inv.TraverseIterator(sid, &it, 0)
 		commonCmd.ExitOnErr(cmd, "unable to list targets: %w", err)
 	}
 }
 func prettyJSONFormat(cmd *cobra.Command, chains []*apechain.Chain) {
--- a/cmd/frostfs-adm/internal/modules/morph/ape/ape_util.go
+++ b/cmd/frostfs-adm/internal/modules/morph/ape/ape_util.go
@ -1,15 +1,14 @@
 package ape
 import (
-	"errors"
+	"fmt"
 	"strings"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
+	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 	morph "git.frostfs.info/TrueCloudLab/policy-engine/pkg/morph/policy"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
@ -19,72 +18,98 @@ import (
 	"github.com/spf13/viper"
 )
-var errUnknownTargetType = errors.New("unknown target type")
+const (
 	ingress = "ingress"
 	s3      = "s3"
 )
 var mChainName = map[string]apechain.Name{
 	ingress: apechain.Ingress,
 	s3:      apechain.S3,
 }
 func parseTarget(cmd *cobra.Command) policyengine.Target {
-	typ := apeCmd.ParseTargetType(cmd)
+	var targetType policyengine.TargetType
-	name, _ := cmd.Flags().GetString(apeCmd.TargetNameFlag)
+	typ, _ := cmd.Flags().GetString(targetTypeFlag)
 	switch typ {
-	case policyengine.Namespace:
+	case namespaceTarget:
-		if name == "root" {
+		targetType = policyengine.Namespace
-			name = ""
+	case containerTarget:
-		}
+		targetType = policyengine.Container
 		return policyengine.NamespaceTarget(name)
 	case policyengine.Container:
 		var cnr cid.ID
 		commonCmd.ExitOnErr(cmd, "can't decode container ID: %w", cnr.DecodeString(name))
 		return policyengine.ContainerTarget(name)
 	case policyengine.User:
 		return policyengine.UserTarget(name)
 	case policyengine.Group:
 		return policyengine.GroupTarget(name)
 	default:
-		commonCmd.ExitOnErr(cmd, "read target type error: %w", errUnknownTargetType)
+		commonCmd.ExitOnErr(cmd, "read target type error: %w", fmt.Errorf("unknown target type"))
 	}
 	name, _ := cmd.Flags().GetString(targetNameFlag)
 	return policyengine.Target{
 		Name: name,
 		Type: targetType,
 	}
 	panic("unreachable")
 }
-// invokerAdapter adapats invoker.Invoker to ContractStorageInvoker interface.
+func parseChainID(cmd *cobra.Command) apechain.ID {
-type invokerAdapter struct {
+	chainID, _ := cmd.Flags().GetString(chainIDFlag)
-	*invoker.Invoker
+	if chainID == "" {
-	rpcActor invoker.RPCInvoke
+		commonCmd.ExitOnErr(cmd, "read chain id error: %w",
 			fmt.Errorf("chain id cannot be empty"))
 	}
 	return apechain.ID(chainID)
 }
-func (n *invokerAdapter) GetRPCInvoker() invoker.RPCInvoke {
+func parseChain(cmd *cobra.Command) *apechain.Chain {
-	return n.rpcActor
+	chain := new(apechain.Chain)
 	if rules, _ := cmd.Flags().GetStringArray(ruleFlag); len(rules) > 0 {
 		commonCmd.ExitOnErr(cmd, "parser error: %w", parseutil.ParseAPEChain(chain, rules))
 	} else if encPath, _ := cmd.Flags().GetString(pathFlag); encPath != "" {
 		commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", parseutil.ParseAPEChainBinaryOrJSON(chain, encPath))
 	} else {
 		commonCmd.ExitOnErr(cmd, "parser error: %w", fmt.Errorf("rule is not passed"))
 	}
 	chain.ID = parseChainID(cmd)
 	cmd.Println("Parsed chain:")
 	parseutil.PrintHumanReadableAPEChain(cmd, chain)
 	return chain
 }
 func parseChainName(cmd *cobra.Command) apechain.Name {
 	chainName, _ := cmd.Flags().GetString(chainNameFlag)
 	apeChainName, ok := mChainName[strings.ToLower(chainName)]
 	if !ok {
 		commonCmd.ExitOnErr(cmd, "", fmt.Errorf("unsupported chain name"))
 	}
 	return apeChainName
 }
 func newPolicyContractReaderInterface(cmd *cobra.Command) (*morph.ContractStorageReader, *invoker.Invoker) {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
 	inv := invoker.New(c, nil)
 	var ch util.Uint160
 	r := management.NewReader(inv)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
-	ch, err := helper.NNSResolveHash(inv, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
+	ch, err = helper.NNSResolveHash(inv, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
 	commonCmd.ExitOnErr(cmd, "unable to resolve policy contract hash: %w", err)
-	invokerAdapter := &invokerAdapter{
+	return morph.NewContractStorageReader(inv, ch), inv
 		Invoker:  inv,
 		rpcActor: c,
 	}
 	return morph.NewContractStorageReader(invokerAdapter, ch), inv
 }
 func newPolicyContractInterface(cmd *cobra.Command) (*morph.ContractStorage, *helper.LocalActor) {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
-	walletDir := config.ResolveHomePath(viper.GetString(commonflags.AlphabetWalletsFlag))
+	ac, err := helper.NewLocalActor(cmd, c)
 	ac, err := helper.NewLocalActor(c, &helper.AlphabetWallets{Path: walletDir, Label: constants.ConsensusAccountName})
 	commonCmd.ExitOnErr(cmd, "can't create actor: %w", err)
 	var ch util.Uint160
 	r := management.NewReader(ac.Invoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
 	ch, err = helper.NNSResolveHash(ac.Invoker, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
--- a/cmd/frostfs-adm/internal/modules/morph/ape/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/ape/root.go
@ -13,5 +13,4 @@ func init() {
 	initListRuleChainsCmd()
 	initSetAdminCmd()
 	initGetAdminCmd()
 	initListTargetsCmd()
 }
--- a/cmd/frostfs-adm/internal/modules/morph/balance/balance.go
+++ b/cmd/frostfs-adm/internal/modules/morph/balance/balance.go
@ -51,7 +51,7 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {
 		nmHash          util.Uint160
 	)
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return err
 	}
@ -60,7 +60,7 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {
 	if dumpStorage || dumpAlphabet || dumpProxy {
 		r := management.NewReader(inv)
-		nnsCs, err = helper.GetContractByID(r, 1)
+		nnsCs, err = r.GetContractByID(1)
 		if err != nil {
 			return fmt.Errorf("can't get NNS contract info: %w", err)
 		}
--- a/cmd/frostfs-adm/internal/modules/morph/config/config.go
+++ b/cmd/frostfs-adm/internal/modules/morph/config/config.go
@ -26,7 +26,7 @@ import (
 const forceConfigSet = "force"
 func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@ -34,7 +34,7 @@ func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
 	inv := invoker.New(c, nil)
 	r := management.NewReader(inv)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -60,8 +60,7 @@ func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
 		switch k {
 		case netmap.ContainerFeeConfig, netmap.ContainerAliasFeeConfig,
 			netmap.EpochDurationConfig, netmap.IrCandidateFeeConfig,
-			netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig,
+			netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig:
 			netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig:
 			nbuf := make([]byte, 8)
 			copy(nbuf[:], v)
 			n := binary.LittleEndian.Uint64(nbuf)
@ -93,7 +92,7 @@ func SetConfigCmd(cmd *cobra.Command, args []string) error {
 	}
 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -104,22 +103,14 @@ func SetConfigCmd(cmd *cobra.Command, args []string) error {
 	}
 	forceFlag, _ := cmd.Flags().GetBool(forceConfigSet)
 	bw := io.NewBufBinWriter()
 	prm := make(map[string]any)
 	for _, arg := range args {
 		k, v, err := parseConfigPair(arg, forceFlag)
 		if err != nil {
 			return err
 		}
 		prm[k] = v
 	}
 	if err := validateConfig(prm, forceFlag); err != nil {
 		return err
 	}
 	for k, v := range prm {
 		// In NeoFS this is done via Notary contract. Here, however, we can form the
 		// transaction locally. The first `nil` argument is required only for notary
 		// disabled environment which is not supported by that command.
@ -137,50 +128,6 @@ func SetConfigCmd(cmd *cobra.Command, args []string) error {
 	return wCtx.AwaitTx()
 }
 const maxECSum = 256
 func validateConfig(args map[string]any, forceFlag bool) error {
 	var sumEC int64
 	_, okData := args[netmap.MaxECDataCountConfig]
 	_, okParity := args[netmap.MaxECParityCountConfig]
 	if okData != okParity {
 		return fmt.Errorf("both %s and %s must be present in the configuration",
 			netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig)
 	}
 	for k, v := range args {
 		switch k {
 		case netmap.ContainerFeeConfig, netmap.ContainerAliasFeeConfig,
 			netmap.EpochDurationConfig, netmap.IrCandidateFeeConfig,
 			netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig,
 			netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig:
 			value, ok := v.(int64)
 			if !ok {
 				return fmt.Errorf("%s has an invalid type. Expected type: int", k)
 			}
 			if value < 0 {
 				return fmt.Errorf("%s must be >= 0, got %v", k, v)
 			}
 			if k == netmap.MaxECDataCountConfig || k == netmap.MaxECParityCountConfig {
 				sumEC += value
 			}
 		case netmap.HomomorphicHashingDisabledKey, netmap.MaintenanceModeAllowedConfig:
 			_, ok := v.(bool)
 			if !ok {
 				return fmt.Errorf("%s has an invalid type. Expected type: bool", k)
 			}
 		}
 	}
 	if sumEC > maxECSum && !forceFlag {
 		return fmt.Errorf("the sum of %s and %s must be <= %d, got %d",
 			netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig, maxECSum, sumEC)
 	}
 	return nil
 }
 func parseConfigPair(kvStr string, force bool) (key string, val any, err error) {
 	k, v, found := strings.Cut(kvStr, "=")
 	if !found {
@ -193,8 +140,7 @@ func parseConfigPair(kvStr string, force bool) (key string, val any, err error)
 	switch key {
 	case netmap.ContainerFeeConfig, netmap.ContainerAliasFeeConfig,
 		netmap.EpochDurationConfig, netmap.IrCandidateFeeConfig,
-		netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig,
+		netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig:
 		netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig:
 		val, err = strconv.ParseInt(valRaw, 10, 64)
 		if err != nil {
 			err = fmt.Errorf("could not parse %s's value '%s' as int: %w", key, valRaw, err)
--- a/cmd/frostfs-adm/internal/modules/morph/config/config_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/config/config_test.go
@ -1,34 +0,0 @@
 package config
 import (
 	"testing"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/netmap"
 	"github.com/stretchr/testify/require"
 )
 func Test_ValidateConfig(t *testing.T) {
 	testArgs := make(map[string]any)
 	testArgs[netmap.MaxECDataCountConfig] = int64(11)
 	require.Error(t, validateConfig(testArgs, false))
 	testArgs[netmap.MaxECParityCountConfig] = int64(256)
 	require.Error(t, validateConfig(testArgs, false))
 	require.NoError(t, validateConfig(testArgs, true))
 	testArgs[netmap.MaxECParityCountConfig] = int64(-1)
 	require.Error(t, validateConfig(testArgs, false))
 	testArgs[netmap.MaxECParityCountConfig] = int64(55)
 	require.NoError(t, validateConfig(testArgs, false))
 	testArgs[netmap.HomomorphicHashingDisabledKey] = "1"
 	require.Error(t, validateConfig(testArgs, false))
 	testArgs[netmap.HomomorphicHashingDisabledKey] = true
 	require.NoError(t, validateConfig(testArgs, false))
 	testArgs["not-well-known-configuration-key"] = "key"
 	require.NoError(t, validateConfig(testArgs, false))
 }
--- a/cmd/frostfs-adm/internal/modules/morph/constants/const.go
+++ b/cmd/frostfs-adm/internal/modules/morph/constants/const.go
@ -4,6 +4,7 @@ import "time"
 const (
 	ConsensusAccountName = "consensus"
 	ProtoConfigPath      = "protocol"
 	// MaxAlphabetNodes is the maximum number of candidates allowed, which is currently limited by the size
 	// of the invocation script.
--- a/cmd/frostfs-adm/internal/modules/morph/container/container.go
+++ b/cmd/frostfs-adm/internal/modules/morph/container/container.go
@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"os"
 	"slices"
 	"sort"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
@ -34,7 +33,7 @@ func getContainerContractHash(cmd *cobra.Command, inv *invoker.Invoker) (util.Ui
 	}
 	if err != nil {
 		r := management.NewReader(inv)
-		nnsCs, err := helper.GetContractByID(r, 1)
+		nnsCs, err := r.GetContractByID(1)
 		if err != nil {
 			return util.Uint160{}, fmt.Errorf("can't get NNS contract state: %w", err)
 		}
@ -76,7 +75,7 @@ func dumpContainers(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("invalid filename: %w", err)
 	}
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@ -139,12 +138,13 @@ func dumpContainers(cmd *cobra.Command, _ []string) error {
 func dumpSingleContainer(bw *io.BufBinWriter, ch util.Uint160, inv *invoker.Invoker, id []byte) (*Container, error) {
 	bw.Reset()
 	emit.AppCall(bw.BinWriter, ch, "get", callflag.All, id)
 	emit.AppCall(bw.BinWriter, ch, "eACL", callflag.All, id)
 	res, err := inv.Run(bw.Bytes())
 	if err != nil {
 		return nil, fmt.Errorf("can't get container info: %w", err)
 	}
-	if len(res.Stack) != 1 {
+	if len(res.Stack) != 2 {
-		return nil, fmt.Errorf("%w: expected 1 items on stack", errInvalidContainerResponse)
+		return nil, fmt.Errorf("%w: expected 2 items on stack", errInvalidContainerResponse)
 	}
 	cnt := new(Container)
@ -153,11 +153,19 @@ func dumpSingleContainer(bw *io.BufBinWriter, ch util.Uint160, inv *invoker.Invo
 		return nil, fmt.Errorf("%w: %v", errInvalidContainerResponse, err)
 	}
 	ea := new(EACL)
 	err = ea.FromStackItem(res.Stack[1])
 	if err != nil {
 		return nil, fmt.Errorf("%w: %v", errInvalidContainerResponse, err)
 	}
 	if len(ea.Value) != 0 {
 		cnt.EACL = ea
 	}
 	return cnt, nil
 }
 func listContainers(cmd *cobra.Command, _ []string) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@ -249,6 +257,10 @@ func restoreOrPutContainers(containers []Container, isOK func([]byte) bool, cmd
 func putContainer(bw *io.BufBinWriter, ch util.Uint160, cnt Container) {
 	emit.AppCall(bw.BinWriter, ch, "put", callflag.All,
 		cnt.Value, cnt.Signature, cnt.PublicKey, cnt.Token)
 	if ea := cnt.EACL; ea != nil {
 		emit.AppCall(bw.BinWriter, ch, "setEACL", callflag.All,
 			ea.Value, ea.Signature, ea.PublicKey, ea.Token)
 	}
 }
 func isContainerRestored(cmd *cobra.Command, wCtx *helper.InitializeContext, containerHash util.Uint160, bw *io.BufBinWriter, hashValue util.Uint256) (bool, error) {
@ -291,7 +303,7 @@ func parseContainers(filename string) ([]Container, error) {
 func fetchContainerContractHash(wCtx *helper.InitializeContext) (util.Uint160, error) {
 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	if err != nil {
 		return util.Uint160{}, fmt.Errorf("can't get NNS contract state: %w", err)
 	}
@ -309,6 +321,15 @@ type Container struct {
 	Signature []byte `json:"signature"`
 	PublicKey []byte `json:"public_key"`
 	Token     []byte `json:"token"`
 	EACL      *EACL  `json:"eacl"`
 }
 // EACL represents extended ACL struct in contract storage.
 type EACL struct {
 	Value     []byte `json:"value"`
 	Signature []byte `json:"signature"`
 	PublicKey []byte `json:"public_key"`
 	Token     []byte `json:"token"`
 }
 // ToStackItem implements stackitem.Convertible.
@ -355,6 +376,50 @@ func (c *Container) FromStackItem(item stackitem.Item) error {
 	return nil
 }
 // ToStackItem implements stackitem.Convertible.
 func (c *EACL) ToStackItem() (stackitem.Item, error) {
 	return stackitem.NewStruct([]stackitem.Item{
 		stackitem.NewByteArray(c.Value),
 		stackitem.NewByteArray(c.Signature),
 		stackitem.NewByteArray(c.PublicKey),
 		stackitem.NewByteArray(c.Token),
 	}), nil
 }
 // FromStackItem implements stackitem.Convertible.
 func (c *EACL) FromStackItem(item stackitem.Item) error {
 	arr, ok := item.Value().([]stackitem.Item)
 	if !ok || len(arr) != 4 {
 		return errors.New("invalid stack item type")
 	}
 	value, err := arr[0].TryBytes()
 	if err != nil {
 		return errors.New("invalid eACL value")
 	}
 	sig, err := arr[1].TryBytes()
 	if err != nil {
 		return errors.New("invalid eACL signature")
 	}
 	pub, err := arr[2].TryBytes()
 	if err != nil {
 		return errors.New("invalid eACL public key")
 	}
 	tok, err := arr[3].TryBytes()
 	if err != nil {
 		return errors.New("invalid eACL token")
 	}
 	c.Value = value
 	c.Signature = sig
 	c.PublicKey = pub
 	c.Token = tok
 	return nil
 }
 // getCIDFilterFunc returns filtering function for container IDs.
 // Raw byte slices are used because it works with structures returned
 // from contract.
@ -381,7 +446,7 @@ func getCIDFilterFunc(cmd *cobra.Command) (func([]byte) bool, error) {
 		var id cid.ID
 		id.SetSHA256(v)
 		idStr := id.EncodeToString()
-		_, found := slices.BinarySearch(rawIDs, idStr)
+		n := sort.Search(len(rawIDs), func(i int) bool { return rawIDs[i] >= idStr })
-		return found
+		return n < len(rawIDs) && rawIDs[n] == idStr
 	}, nil
 }
--- a/cmd/frostfs-adm/internal/modules/morph/contract/deploy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/contract/deploy.go
@ -79,7 +79,7 @@ func deployContractCmd(cmd *cobra.Command, args []string) error {
 	}
 	r := management.NewReader(c.ReadOnlyInvoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't fetch NNS contract state: %w", err)
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/contract/dump_hashes.go
+++ b/cmd/frostfs-adm/internal/modules/morph/contract/dump_hashes.go
@ -36,13 +36,13 @@ type contractDumpInfo struct {
 }
 func dumpContractHashes(cmd *cobra.Command, _ []string) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
 	r := management.NewReader(invoker.New(c, nil))
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return err
 	}
@ -68,7 +68,7 @@ func dumpContractHashes(cmd *cobra.Command, _ []string) error {
 	if irSize != 0 {
 		bw.Reset()
-		for i := range irSize {
+		for i := 0; i < irSize; i++ {
 			emit.AppCall(bw.BinWriter, cs.Hash, "resolve", callflag.ReadOnly,
 				helper.GetAlphabetNNSDomain(i),
 				int64(nns.TXT))
@ -79,7 +79,7 @@ func dumpContractHashes(cmd *cobra.Command, _ []string) error {
 			return fmt.Errorf("can't fetch info from NNS: %w", err)
 		}
-		for i := range irSize {
+		for i := 0; i < irSize; i++ {
 			info := contractDumpInfo{name: fmt.Sprintf("alphabet %d", i)}
 			if h, err := helper.ParseNNSResolveResult(alphaRes.Stack[i]); err == nil {
 				info.hash = h
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid/additional_keys.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid/additional_keys.go
@ -1,83 +0,0 @@
 package frostfsid
 import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 var (
 	frostfsidAddSubjectKeyCmd = &cobra.Command{
 		Use:   "add-subject-key",
 		Short: "Add a public key to the subject in frostfsid contract",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidAddSubjectKey,
 	}
 	frostfsidRemoveSubjectKeyCmd = &cobra.Command{
 		Use:   "remove-subject-key",
 		Short: "Remove a public key from the subject in frostfsid contract",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidRemoveSubjectKey,
 	}
 )
 func initFrostfsIDAddSubjectKeyCmd() {
 	Cmd.AddCommand(frostfsidAddSubjectKeyCmd)
 	ff := frostfsidAddSubjectKeyCmd.Flags()
 	ff.StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	ff.String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	ff.String(subjectAddressFlag, "", "Subject address")
 	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectAddressFlag)
 	ff.String(subjectKeyFlag, "", "Public key to add")
 	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectKeyFlag)
 }
 func initFrostfsIDRemoveSubjectKeyCmd() {
 	Cmd.AddCommand(frostfsidRemoveSubjectKeyCmd)
 	ff := frostfsidRemoveSubjectKeyCmd.Flags()
 	ff.StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	ff.String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	ff.String(subjectAddressFlag, "", "Subject address")
 	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectAddressFlag)
 	ff.String(subjectKeyFlag, "", "Public key to remove")
 	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectKeyFlag)
 }
 func frostfsidAddSubjectKey(cmd *cobra.Command, _ []string) {
 	addr := getFrostfsIDSubjectAddress(cmd)
 	pub := getFrostfsIDSubjectKey(cmd)
 	ffsid, err := newFrostfsIDClient(cmd)
 	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
 	ffsid.addCall(ffsid.roCli.AddSubjectKeyCall(addr, pub))
 	err = ffsid.sendWait()
 	commonCmd.ExitOnErr(cmd, "add subject key: %w", err)
 }
 func frostfsidRemoveSubjectKey(cmd *cobra.Command, _ []string) {
 	addr := getFrostfsIDSubjectAddress(cmd)
 	pub := getFrostfsIDSubjectKey(cmd)
 	ffsid, err := newFrostfsIDClient(cmd)
 	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
 	ffsid.addCall(ffsid.roCli.RemoveSubjectKeyCall(addr, pub))
 	err = ffsid.sendWait()
 	commonCmd.ExitOnErr(cmd, "remove subject key: %w", err)
 }
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid.go
@ -3,32 +3,24 @@ package frostfsid
 import (
 	"errors"
 	"fmt"
 	"math/big"
 	"sort"
 	frostfsidclient "git.frostfs.info/TrueCloudLab/frostfs-contract/frostfsid/client"
 	frostfsidrpclient "git.frostfs.info/TrueCloudLab/frostfs-contract/rpcclient/frostfsid"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/neorpc/result"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 const iteratorBatchSize = 1
 const (
 	namespaceFlag      = "namespace"
 	subjectNameFlag    = "subject-name"
@ -39,11 +31,6 @@ const (
 	groupIDFlag        = "group-id"
 	rootNamespacePlaceholder = "<root>"
 	keyFlag       = "key"
 	keyDescFlag   = "Key for storing a value in the subject's KV storage"
 	valueFlag     = "value"
 	valueDescFlag = "Value to be stored in the subject's KV storage"
 )
 var (
@ -66,6 +53,7 @@ var (
 		Use:   "list-namespaces",
 		Short: "List all namespaces in frostfsid",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListNamespaces,
@ -95,6 +83,7 @@ var (
 		Use:   "list-subjects",
 		Short: "List subjects in namespace",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListSubjects,
@ -124,6 +113,7 @@ var (
 		Use:   "list-groups",
 		Short: "List groups in namespace",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListGroups,
@ -153,27 +143,11 @@ var (
 		Use:   "list-group-subjects",
 		Short: "List subjects in group",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListGroupSubjects,
 	}
 	frostfsidSetKVCmd = &cobra.Command{
 		Use:   "set-kv",
 		Short: "Store a key-value pair in the subject's KV storage",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidSetKV,
 	}
 	frostfsidDeleteKVCmd = &cobra.Command{
 		Use:   "delete-kv",
 		Short: "Delete a value from the subject's KV storage",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidDeleteKV,
 	}
 )
 func initFrostfsIDCreateNamespaceCmd() {
@ -187,6 +161,7 @@ func initFrostfsIDCreateNamespaceCmd() {
 func initFrostfsIDListNamespacesCmd() {
 	Cmd.AddCommand(frostfsidListNamespacesCmd)
 	frostfsidListNamespacesCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidListNamespacesCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 func initFrostfsIDCreateSubjectCmd() {
@ -210,6 +185,7 @@ func initFrostfsIDListSubjectsCmd() {
 	frostfsidListSubjectsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidListSubjectsCmd.Flags().String(namespaceFlag, "", "Namespace to list subjects")
 	frostfsidListSubjectsCmd.Flags().Bool(includeNamesFlag, false, "Whether include subject name (require additional requests)")
 	frostfsidListSubjectsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 func initFrostfsIDCreateGroupCmd() {
@ -218,7 +194,6 @@ func initFrostfsIDCreateGroupCmd() {
 	frostfsidCreateGroupCmd.Flags().String(namespaceFlag, "", "Namespace where create group")
 	frostfsidCreateGroupCmd.Flags().String(groupNameFlag, "", "Group name, must be unique in namespace")
 	frostfsidCreateGroupCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	_ = frostfsidCreateGroupCmd.MarkFlagRequired(groupNameFlag)
 }
 func initFrostfsIDDeleteGroupCmd() {
@ -233,6 +208,7 @@ func initFrostfsIDListGroupsCmd() {
 	Cmd.AddCommand(frostfsidListGroupsCmd)
 	frostfsidListGroupsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidListGroupsCmd.Flags().String(namespaceFlag, "", "Namespace to list groups")
 	frostfsidListGroupsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 func initFrostfsIDAddSubjectToGroupCmd() {
@ -257,21 +233,7 @@ func initFrostfsIDListGroupSubjectsCmd() {
 	frostfsidListGroupSubjectsCmd.Flags().String(namespaceFlag, "", "Namespace name")
 	frostfsidListGroupSubjectsCmd.Flags().Int64(groupIDFlag, 0, "Group id")
 	frostfsidListGroupSubjectsCmd.Flags().Bool(includeNamesFlag, false, "Whether include subject name (require additional requests)")
-}
+	frostfsidListGroupSubjectsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 func initFrostfsIDSetKVCmd() {
 	Cmd.AddCommand(frostfsidSetKVCmd)
 	frostfsidSetKVCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidSetKVCmd.Flags().String(subjectAddressFlag, "", "Subject address")
 	frostfsidSetKVCmd.Flags().String(keyFlag, "", keyDescFlag)
 	frostfsidSetKVCmd.Flags().String(valueFlag, "", valueDescFlag)
 }
 func initFrostfsIDDeleteKVCmd() {
 	Cmd.AddCommand(frostfsidDeleteKVCmd)
 	frostfsidDeleteKVCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidDeleteKVCmd.Flags().String(subjectAddressFlag, "", "Subject address")
 	frostfsidDeleteKVCmd.Flags().String(keyFlag, "", keyDescFlag)
 }
 func frostfsidCreateNamespace(cmd *cobra.Command, _ []string) {
@ -287,15 +249,12 @@ func frostfsidCreateNamespace(cmd *cobra.Command, _ []string) {
 }
 func frostfsidListNamespaces(cmd *cobra.Command, _ []string) {
-	inv, _, hash := initInvoker(cmd)
+	ffsid, err := newFrostfsIDClient(cmd)
-	reader := frostfsidrpclient.NewReader(inv, hash)
+	commonCmd.ExitOnErr(cmd, "init contract invoker: %w", err)
-	sessionID, it, err := reader.ListNamespaces()
+
-	commonCmd.ExitOnErr(cmd, "can't get namespace: %w", err)
+	namespaces, err := ffsid.roCli.ListNamespaces()
-	items, err := readIterator(inv, &it, sessionID)
+	commonCmd.ExitOnErr(cmd, "list namespaces: %w", err)
 	commonCmd.ExitOnErr(cmd, "can't read iterator: %w", err)
 	namespaces, err := frostfsidclient.ParseNamespaces(items)
 	commonCmd.ExitOnErr(cmd, "can't parse namespace: %w", err)
 	sort.Slice(namespaces, func(i, j int) bool { return namespaces[i].Name < namespaces[j].Name })
 	for _, namespace := range namespaces {
@ -336,15 +295,14 @@ func frostfsidDeleteSubject(cmd *cobra.Command, _ []string) {
 }
 func frostfsidListSubjects(cmd *cobra.Command, _ []string) {
 	includeNames, _ := cmd.Flags().GetBool(includeNamesFlag)
 	ns := getFrostfsIDNamespace(cmd)
-	inv, _, hash := initInvoker(cmd)
+	includeNames, _ := cmd.Flags().GetBool(includeNamesFlag)
 	reader := frostfsidrpclient.NewReader(inv, hash)
 	sessionID, it, err := reader.ListNamespaceSubjects(ns)
 	commonCmd.ExitOnErr(cmd, "can't get namespace: %w", err)
-	subAddresses, err := frostfsidclient.UnwrapArrayOfUint160(readIterator(inv, &it, sessionID))
+	ffsid, err := newFrostfsIDClient(cmd)
-	commonCmd.ExitOnErr(cmd, "can't unwrap: %w", err)
+	commonCmd.ExitOnErr(cmd, "init contract invoker: %w", err)
 	subAddresses, err := ffsid.roCli.ListNamespaceSubjects(ns)
 	commonCmd.ExitOnErr(cmd, "list subjects: %w", err)
 	sort.Slice(subAddresses, func(i, j int) bool { return subAddresses[i].Less(subAddresses[j]) })
@ -354,14 +312,8 @@ func frostfsidListSubjects(cmd *cobra.Command, _ []string) {
 			continue
 		}
-		sessionID, it, err := reader.ListSubjects()
+		subj, err := ffsid.roCli.GetSubject(addr)
-		commonCmd.ExitOnErr(cmd, "can't get subject: %w", err)
+		commonCmd.ExitOnErr(cmd, "get subject: %w", err)
 		items, err := readIterator(inv, &it, sessionID)
 		commonCmd.ExitOnErr(cmd, "can't read iterator: %w", err)
 		subj, err := frostfsidclient.ParseSubject(items)
 		commonCmd.ExitOnErr(cmd, "can't parse subject: %w", err)
 		cmd.Printf("%s (%s)\n", address.Uint160ToString(addr), subj.Name)
 	}
@ -396,17 +348,13 @@ func frostfsidDeleteGroup(cmd *cobra.Command, _ []string) {
 }
 func frostfsidListGroups(cmd *cobra.Command, _ []string) {
 	inv, _, hash := initInvoker(cmd)
 	ns := getFrostfsIDNamespace(cmd)
-	reader := frostfsidrpclient.NewReader(inv, hash)
+	ffsid, err := newFrostfsIDClient(cmd)
-	sessionID, it, err := reader.ListGroups(ns)
+	commonCmd.ExitOnErr(cmd, "init contract invoker: %w", err)
 	commonCmd.ExitOnErr(cmd, "can't get namespace: %w", err)
-	items, err := readIterator(inv, &it, sessionID)
+	groups, err := ffsid.roCli.ListGroups(ns)
-	commonCmd.ExitOnErr(cmd, "can't list groups: %w", err)
+	commonCmd.ExitOnErr(cmd, "list groups: %w", err)
 	groups, err := frostfsidclient.ParseGroups(items)
 	commonCmd.ExitOnErr(cmd, "can't parse groups: %w", err)
 	sort.Slice(groups, func(i, j int) bool { return groups[i].Name < groups[j].Name })
@ -441,62 +389,16 @@ func frostfsidRemoveSubjectFromGroup(cmd *cobra.Command, _ []string) {
 	commonCmd.ExitOnErr(cmd, "remove subject from group error: %w", err)
 }
 func frostfsidSetKV(cmd *cobra.Command, _ []string) {
 	subjectAddress := getFrostfsIDSubjectAddress(cmd)
 	key, _ := cmd.Flags().GetString(keyFlag)
 	value, _ := cmd.Flags().GetString(valueFlag)
 	if key == "" {
 		commonCmd.ExitOnErr(cmd, "", errors.New("key can't be empty"))
 	}
 	ffsid, err := newFrostfsIDClient(cmd)
 	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
 	method, args := ffsid.roCli.SetSubjectKVCall(subjectAddress, key, value)
 	ffsid.addCall(method, args)
 	err = ffsid.sendWait()
 	commonCmd.ExitOnErr(cmd, "set KV: %w", err)
 }
 func frostfsidDeleteKV(cmd *cobra.Command, _ []string) {
 	subjectAddress := getFrostfsIDSubjectAddress(cmd)
 	key, _ := cmd.Flags().GetString(keyFlag)
 	if key == "" {
 		commonCmd.ExitOnErr(cmd, "", errors.New("key can't be empty"))
 	}
 	ffsid, err := newFrostfsIDClient(cmd)
 	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
 	method, args := ffsid.roCli.DeleteSubjectKVCall(subjectAddress, key)
 	ffsid.addCall(method, args)
 	err = ffsid.sendWait()
 	commonCmd.ExitOnErr(cmd, "delete KV: %w", err)
 }
 func frostfsidListGroupSubjects(cmd *cobra.Command, _ []string) {
 	ns := getFrostfsIDNamespace(cmd)
 	groupID := getFrostfsIDGroupID(cmd)
 	includeNames, _ := cmd.Flags().GetBool(includeNamesFlag)
 	inv, cs, hash := initInvoker(cmd)
 	_, err := helper.NNSResolveHash(inv, cs.Hash, helper.DomainOf(constants.FrostfsIDContract))
 	commonCmd.ExitOnErr(cmd, "can't get netmap contract hash: %w", err)
-	reader := frostfsidrpclient.NewReader(inv, hash)
+	ffsid, err := newFrostfsIDClient(cmd)
-	sessionID, it, err := reader.ListGroupSubjects(ns, big.NewInt(groupID))
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
 	commonCmd.ExitOnErr(cmd, "can't list groups: %w", err)
-	items, err := readIterator(inv, &it, sessionID)
+	subjects, err := ffsid.roCli.ListGroupSubjects(ns, groupID)
-	commonCmd.ExitOnErr(cmd, "can't read iterator: %w", err)
+	commonCmd.ExitOnErr(cmd, "list group subjects: %w", err)
 	subjects, err := frostfsidclient.UnwrapArrayOfUint160(items, err)
 	commonCmd.ExitOnErr(cmd, "can't unwrap: %w", err)
 	sort.Slice(subjects, func(i, j int) bool { return subjects[i].Less(subjects[j]) })
@ -506,10 +408,9 @@ func frostfsidListGroupSubjects(cmd *cobra.Command, _ []string) {
 			continue
 		}
-		items, err := reader.GetSubject(subjAddr)
+		subj, err := ffsid.roCli.GetSubject(subjAddr)
-		commonCmd.ExitOnErr(cmd, "can't get subject: %w", err)
+		commonCmd.ExitOnErr(cmd, "get subject: %w", err)
-		subj, err := frostfsidclient.ParseSubject(items)
+
 		commonCmd.ExitOnErr(cmd, "can't parse subject: %w", err)
 		cmd.Printf("%s (%s)\n", address.Uint160ToString(subjAddr), subj.Name)
 	}
 }
@ -524,11 +425,11 @@ type frostfsidClient struct {
 func newFrostfsIDClient(cmd *cobra.Command) (*frostfsidClient, error) {
 	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
-		return nil, fmt.Errorf("can't initialize context: %w", err)
+		return nil, fmt.Errorf("can't to initialize context: %w", err)
 	}
 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return nil, fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -565,38 +466,10 @@ func (f *frostfsidClient) sendWaitRes() (*state.AppExecResult, error) {
 	}
 	f.bw.Reset()
 	if len(f.wCtx.SentTxs) == 0 {
 		return nil, errors.New("no transactions to wait")
 	}
 	f.wCtx.Command.Println("Waiting for transactions to persist...")
 	return f.roCli.Wait(f.wCtx.SentTxs[0].Hash, f.wCtx.SentTxs[0].Vub, nil)
 }
 func readIterator(inv *invoker.Invoker, iter *result.Iterator, sessionID uuid.UUID) ([]stackitem.Item, error) {
 	var shouldStop bool
 	res := make([]stackitem.Item, 0)
 	for !shouldStop {
 		items, err := inv.TraverseIterator(sessionID, iter, iteratorBatchSize)
 		if err != nil {
 			return nil, err
 		}
 		res = append(res, items...)
 		shouldStop = len(items) < iteratorBatchSize
 	}
 	return res, nil
 }
 func initInvoker(cmd *cobra.Command) (*invoker.Invoker, *state.Contract, util.Uint160) {
 	c, err := helper.NewRemoteClient(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client: %w", err)
 	inv := invoker.New(c, nil)
 	r := management.NewReader(inv)
 	cs, err := r.GetContractByID(1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract info: %w", err)
 	nmHash, err := helper.NNSResolveHash(inv, cs.Hash, helper.DomainOf(constants.FrostfsIDContract))
 	commonCmd.ExitOnErr(cmd, "can't get netmap contract hash: %w", err)
 	return inv, cs, nmHash
 }
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid_util_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid_util_test.go
@ -1,12 +1,59 @@
 package frostfsid
 import (
 	"encoding/hex"
 	"testing"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/internal/ape"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 )
 func TestFrostfsIDConfig(t *testing.T) {
 	pks := make([]*keys.PrivateKey, 4)
 	for i := range pks {
 		pk, err := keys.NewPrivateKey()
 		require.NoError(t, err)
 		pks[i] = pk
 	}
 	fmts := []string{
 		pks[0].GetScriptHash().StringLE(),
 		address.Uint160ToString(pks[1].GetScriptHash()),
 		hex.EncodeToString(pks[2].PublicKey().UncompressedBytes()),
 		hex.EncodeToString(pks[3].PublicKey().Bytes()),
 	}
 	for i := range fmts {
 		v := viper.New()
 		v.Set("frostfsid.admin", fmts[i])
 		actual, found, err := helper.GetFrostfsIDAdmin(v)
 		require.NoError(t, err)
 		require.True(t, found)
 		require.Equal(t, pks[i].GetScriptHash(), actual)
 	}
 	t.Run("bad key", func(t *testing.T) {
 		v := viper.New()
 		v.Set("frostfsid.admin", "abc")
 		_, found, err := helper.GetFrostfsIDAdmin(v)
 		require.Error(t, err)
 		require.True(t, found)
 	})
 	t.Run("missing key", func(t *testing.T) {
 		v := viper.New()
 		_, found, err := helper.GetFrostfsIDAdmin(v)
 		require.NoError(t, err)
 		require.False(t, found)
 	})
 }
 func TestNamespaceRegexp(t *testing.T) {
 	for _, tc := range []struct {
 		name      string
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid/root.go
@ -12,8 +12,4 @@ func init() {
 	initFrostfsIDAddSubjectToGroupCmd()
 	initFrostfsIDRemoveSubjectFromGroupCmd()
 	initFrostfsIDListGroupSubjectsCmd()
 	initFrostfsIDSetKVCmd()
 	initFrostfsIDDeleteKVCmd()
 	initFrostfsIDAddSubjectKeyCmd()
 	initFrostfsIDRemoveSubjectKeyCmd()
 }
--- a/cmd/frostfs-adm/internal/modules/morph/generate/generate.go
+++ b/cmd/frostfs-adm/internal/modules/morph/generate/generate.go
@ -12,6 +12,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/gas"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
@ -64,47 +65,41 @@ func initializeWallets(v *viper.Viper, walletDir string, size int) ([]string, er
 	pubs := make(keys.PublicKeys, size)
 	passwords := make([]string, size)
 	var errG errgroup.Group
 	for i := range wallets {
 		password, err := config.GetPassword(v, innerring.GlagoliticLetter(i).String())
 		if err != nil {
 			return nil, fmt.Errorf("can't fetch password: %w", err)
 		}
-		errG.Go(func() error {
+		p := filepath.Join(walletDir, innerring.GlagoliticLetter(i).String()+".json")
-			p := filepath.Join(walletDir, innerring.GlagoliticLetter(i).String()+".json")
+		f, err := os.OpenFile(p, os.O_CREATE, 0o644)
-			f, err := os.OpenFile(p, os.O_CREATE, 0o644)
+		if err != nil {
-			if err != nil {
+			return nil, fmt.Errorf("can't create wallet file: %w", err)
-				return fmt.Errorf("can't create wallet file: %w", err)
+		}
-			}
+		if err := f.Close(); err != nil {
-			if err := f.Close(); err != nil {
+			return nil, fmt.Errorf("can't close wallet file: %w", err)
-				return fmt.Errorf("can't close wallet file: %w", err)
+		}
-			}
+		w, err := wallet.NewWallet(p)
-			w, err := wallet.NewWallet(p)
+		if err != nil {
-			if err != nil {
+			return nil, fmt.Errorf("can't create wallet: %w", err)
-				return fmt.Errorf("can't create wallet: %w", err)
+		}
-			}
+		if err := w.CreateAccount(constants.SingleAccountName, password); err != nil {
-			if err := w.CreateAccount(constants.SingleAccountName, password); err != nil {
+			return nil, fmt.Errorf("can't create account: %w", err)
-				return fmt.Errorf("can't create account: %w", err)
+		}
 			}
-			passwords[i] = password
+		passwords[i] = password
-			wallets[i] = w
+		wallets[i] = w
-			pubs[i] = w.Accounts[0].PrivateKey().PublicKey()
+		pubs[i] = w.Accounts[0].PrivateKey().PublicKey()
 			return nil
 		})
 	}
-	if err := errG.Wait(); err != nil {
+	var errG errgroup.Group
 		return nil, err
 	}
 	// Create committee account with N/2+1 multi-signature.
 	majCount := smartcontract.GetMajorityHonestNodeCount(size)
 	// Create consensus account with 2*N/3+1 multi-signature.
 	bftCount := smartcontract.GetDefaultHonestNodeCount(size)
 	for i := range wallets {
 		i := i
 		ps := pubs.Copy()
 		errG.Go(func() error {
 			if err := addMultisigAccount(wallets[i], majCount, constants.CommitteeAccountName, passwords[i], ps); err != nil {
@ -140,29 +135,60 @@ func addMultisigAccount(w *wallet.Wallet, m int, name, password string, pubs key
 }
 func generateStorageCreds(cmd *cobra.Command, _ []string) error {
-	walletPath, _ := cmd.Flags().GetString(commonflags.StorageWalletFlag)
+	return refillGas(cmd, storageGasConfigFlag, true)
 	w, err := wallet.NewWallet(walletPath)
 	if err != nil {
 		return fmt.Errorf("create wallet: %w", err)
 	}
 	label, _ := cmd.Flags().GetString(storageWalletLabelFlag)
 	password, err := config.GetStoragePassword(viper.GetViper(), label)
 	if err != nil {
 		return fmt.Errorf("can't fetch password: %w", err)
 	}
 	if label == "" {
 		label = constants.SingleAccountName
 	}
 	if err := w.CreateAccount(label, password); err != nil {
 		return fmt.Errorf("can't create account: %w", err)
 	}
 	return refillGas(cmd, storageGasConfigFlag, w.Accounts[0].ScriptHash())
 }
-func refillGas(cmd *cobra.Command, gasFlag string, gasReceivers ...util.Uint160) (err error) {
+func refillGas(cmd *cobra.Command, gasFlag string, createWallet bool) (err error) {
 	// storage wallet path is not part of the config
 	storageWalletPath, _ := cmd.Flags().GetString(commonflags.StorageWalletFlag)
 	// wallet address is not part of the config
 	walletAddress, _ := cmd.Flags().GetString(walletAddressFlag)
 	var gasReceiver util.Uint160
 	if len(walletAddress) != 0 {
 		gasReceiver, err = address.StringToUint160(walletAddress)
 		if err != nil {
 			return fmt.Errorf("invalid wallet address %s: %w", walletAddress, err)
 		}
 	} else {
 		if storageWalletPath == "" {
 			return fmt.Errorf("missing wallet path (use '--%s <out.json>')", commonflags.StorageWalletFlag)
 		}
 		var w *wallet.Wallet
 		if createWallet {
 			w, err = wallet.NewWallet(storageWalletPath)
 		} else {
 			w, err = wallet.NewWalletFromFile(storageWalletPath)
 		}
 		if err != nil {
 			return fmt.Errorf("can't create wallet: %w", err)
 		}
 		if createWallet {
 			var password string
 			label, _ := cmd.Flags().GetString(storageWalletLabelFlag)
 			password, err := config.GetStoragePassword(viper.GetViper(), label)
 			if err != nil {
 				return fmt.Errorf("can't fetch password: %w", err)
 			}
 			if label == "" {
 				label = constants.SingleAccountName
 			}
 			if err := w.CreateAccount(label, password); err != nil {
 				return fmt.Errorf("can't create account: %w", err)
 			}
 		}
 		gasReceiver = w.Accounts[0].Contract.ScriptHash()
 	}
 	gasStr := viper.GetString(gasFlag)
 	gasAmount, err := helper.ParseGASAmount(gasStr)
@ -176,11 +202,9 @@ func refillGas(cmd *cobra.Command, gasFlag string, gasReceivers ...util.Uint160)
 	}
 	bw := io.NewBufBinWriter()
-	for _, gasReceiver := range gasReceivers {
+	emit.AppCall(bw.BinWriter, gas.Hash, "transfer", callflag.All,
-		emit.AppCall(bw.BinWriter, gas.Hash, "transfer", callflag.All,
+		wCtx.CommitteeAcc.Contract.ScriptHash(), gasReceiver, int64(gasAmount), nil)
-			wCtx.CommitteeAcc.Contract.ScriptHash(), gasReceiver, int64(gasAmount), nil)
+	emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 	}
 	if bw.Err != nil {
 		return fmt.Errorf("BUG: invalid transfer arguments: %w", bw.Err)
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/generate/generate_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/generate/generate_test.go
@ -23,6 +23,8 @@ import (
 )
 func TestGenerateAlphabet(t *testing.T) {
 	const size = 4
 	walletDir := t.TempDir()
 	buf := setupTestTerminal(t)
@ -53,17 +55,17 @@ func TestGenerateAlphabet(t *testing.T) {
 	t.Run("no password for contract group wallet", func(t *testing.T) {
 		buf.Reset()
 		v.Set(commonflags.AlphabetWalletsFlag, walletDir)
-		require.NoError(t, cmd.Flags().Set(commonflags.AlphabetSizeFlag, "1"))
+		require.NoError(t, cmd.Flags().Set(commonflags.AlphabetSizeFlag, strconv.FormatUint(size, 10)))
-		buf.WriteString("pass\r")
+		for i := uint64(0); i < size; i++ {
 			buf.WriteString(strconv.FormatUint(i, 10) + "\r")
 		}
 		require.Error(t, AlphabetCreds(cmd, nil))
 	})
 	const size = 4
 	buf.Reset()
 	v.Set(commonflags.AlphabetWalletsFlag, walletDir)
 	require.NoError(t, GenerateAlphabetCmd.Flags().Set(commonflags.AlphabetSizeFlag, strconv.FormatUint(size, 10)))
-	for i := range uint64(size) {
+	for i := uint64(0); i < size; i++ {
 		buf.WriteString(strconv.FormatUint(i, 10) + "\r")
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/generate/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/generate/root.go
@ -1,12 +1,7 @@
 package generate
 import (
 	"fmt"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@ -37,28 +32,8 @@ var (
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 			_ = viper.BindPFlag(commonflags.RefillGasAmountFlag, cmd.Flags().Lookup(commonflags.RefillGasAmountFlag))
 		},
-		RunE: func(cmd *cobra.Command, _ []string) error {
+		RunE: func(cmd *cobra.Command, args []string) error {
-			storageWalletPaths, _ := cmd.Flags().GetStringArray(commonflags.StorageWalletFlag)
+			return refillGas(cmd, commonflags.RefillGasAmountFlag, false)
 			walletAddresses, _ := cmd.Flags().GetStringArray(walletAddressFlag)
 			var gasReceivers []util.Uint160
 			for _, walletAddress := range walletAddresses {
 				addr, err := address.StringToUint160(walletAddress)
 				if err != nil {
 					return fmt.Errorf("invalid wallet address %s: %w", walletAddress, err)
 				}
 				gasReceivers = append(gasReceivers, addr)
 			}
 			for _, storageWalletPath := range storageWalletPaths {
 				w, err := wallet.NewWalletFromFile(storageWalletPath)
 				if err != nil {
 					return fmt.Errorf("can't create wallet: %w", err)
 				}
 				gasReceivers = append(gasReceivers, w.Accounts[0].Contract.ScriptHash())
 			}
 			return refillGas(cmd, commonflags.RefillGasAmountFlag, gasReceivers...)
 		},
 	}
 	GenerateAlphabetCmd = &cobra.Command{
@ -75,10 +50,10 @@ var (
 func initRefillGasCmd() {
 	RefillGasCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	RefillGasCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	RefillGasCmd.Flags().StringArray(commonflags.StorageWalletFlag, nil, "Path to storage node wallet")
+	RefillGasCmd.Flags().String(commonflags.StorageWalletFlag, "", "Path to storage node wallet")
-	RefillGasCmd.Flags().StringArray(walletAddressFlag, nil, "Address of wallet")
+	RefillGasCmd.Flags().String(walletAddressFlag, "", "Address of wallet")
 	RefillGasCmd.Flags().String(commonflags.RefillGasAmountFlag, "", "Additional amount of GAS to transfer")
-	RefillGasCmd.MarkFlagsOneRequired(walletAddressFlag, commonflags.StorageWalletFlag)
+	RefillGasCmd.MarkFlagsMutuallyExclusive(walletAddressFlag, commonflags.StorageWalletFlag)
 }
 func initGenerateStorageCmd() {
--- a/cmd/frostfs-adm/internal/modules/morph/helper/actor.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/actor.go
@ -3,6 +3,10 @@ package helper
 import (
 	"fmt"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
@ -13,105 +17,60 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 // LocalActor is a kludge, do not use it outside of the morph commands.
 type LocalActor struct {
-	neoActor   *actor.Actor
+	neoActor *actor.Actor
-	accounts   []*wallet.Account
+	accounts []*wallet.Account
-	Invoker    *invoker.Invoker
+	Invoker  *invoker.Invoker
 	rpcInvoker invoker.RPCInvoke
 }
 type AlphabetWallets struct {
 	Label string
 	Path  string
 }
 func (a *AlphabetWallets) GetAccount(v *viper.Viper) ([]*wallet.Account, error) {
 	w, err := GetAlphabetWallets(v, a.Path)
 	if err != nil {
 		return nil, err
 	}
 	var accounts []*wallet.Account
 	for _, wall := range w {
 		acc, err := GetWalletAccount(wall, a.Label)
 		if err != nil {
 			return nil, err
 		}
 		accounts = append(accounts, acc)
 	}
 	return accounts, nil
 }
 type RegularWallets struct{ Path string }
 func (r *RegularWallets) GetAccount() ([]*wallet.Account, error) {
 	w, err := getRegularWallet(r.Path)
 	if err != nil {
 		return nil, err
 	}
 	return []*wallet.Account{w.GetAccount(w.GetChangeAddress())}, nil
 }
 // NewLocalActor create LocalActor with accounts form provided wallets.
 // In case of empty wallets provided created actor with dummy account only for read operation.
-//
+func NewLocalActor(cmd *cobra.Command, c actor.RPCActor) (*LocalActor, error) {
-// If wallets are provided, the contract client will use accounts with accName name from these wallets.
+	walletDir := config.ResolveHomePath(viper.GetString(commonflags.AlphabetWalletsFlag))
 // To determine which account name should be used in a contract client, refer to how the contract
 // verifies the transaction signature.
 func NewLocalActor(c actor.RPCActor, alphabet *AlphabetWallets, regularWallets ...*RegularWallets) (*LocalActor, error) {
 	var act *actor.Actor
 	var accounts []*wallet.Account
-	var signers []actor.SignerAccount
+	if walletDir == "" {
-
+		account, err := wallet.NewAccount()
-	if alphabet != nil {
+		commonCmd.ExitOnErr(cmd, "unable to create dummy account: %w", err)
-		account, err := alphabet.GetAccount(viper.GetViper())
+		act, err = actor.New(c, []actor.SignerAccount{{
 			Signer: transaction.Signer{
 				Account: account.Contract.ScriptHash(),
 				Scopes:  transaction.Global,
 			},
 			Account: account,
 		}})
 		if err != nil {
 			return nil, err
 		}
 	} else {
 		wallets, err := GetAlphabetWallets(viper.GetViper(), walletDir)
 		commonCmd.ExitOnErr(cmd, "unable to get alphabet wallets: %w", err)
-		accounts = append(accounts, account...)
+		for _, w := range wallets {
-		signers = append(signers, actor.SignerAccount{
+			acc, err := GetWalletAccount(w, constants.CommitteeAccountName)
 			commonCmd.ExitOnErr(cmd, "can't find committee account: %w", err)
 			accounts = append(accounts, acc)
 		}
 		act, err = actor.New(c, []actor.SignerAccount{{
 			Signer: transaction.Signer{
-				Account: account[0].Contract.ScriptHash(),
+				Account: accounts[0].Contract.ScriptHash(),
 				Scopes:  transaction.Global,
 			},
-			Account: account[0],
+			Account: accounts[0],
-		})
+		}})
 	}
 	for _, w := range regularWallets {
 		if w == nil {
 			continue
 		}
 		account, err := w.GetAccount()
 		if err != nil {
 			return nil, err
 		}
 		accounts = append(accounts, account...)
 		signers = append(signers, actor.SignerAccount{
 			Signer: transaction.Signer{
 				Account: account[0].Contract.ScriptHash(),
 				Scopes:  transaction.Global,
 			},
 			Account: account[0],
 		})
 	}
 	act, err := actor.New(c, signers)
 	if err != nil {
 		return nil, err
 	}
 	return &LocalActor{
-		neoActor:   act,
+		neoActor: act,
-		accounts:   accounts,
+		accounts: accounts,
-		Invoker:    &act.Invoker,
+		Invoker:  &act.Invoker,
 		rpcInvoker: c,
 	}, nil
 }
@ -208,7 +167,3 @@ func (a *LocalActor) MakeUnsignedRun(_ []byte, _ []transaction.Attribute) (*tran
 func (a *LocalActor) MakeCall(_ util.Uint160, _ string, _ ...any) (*transaction.Transaction, error) {
 	panic("unimplemented")
 }
 func (a *LocalActor) GetRPCInvoker() invoker.RPCInvoke {
 	return a.rpcInvoker
 }
--- a/cmd/frostfs-adm/internal/modules/morph/helper/contract.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/contract.go
@ -15,7 +15,7 @@ import (
 func getFrostfsIDAdminFromContract(roInvoker *invoker.Invoker) (util.Uint160, bool, error) {
 	r := management.NewReader(roInvoker)
-	cs, err := GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return util.Uint160{}, false, fmt.Errorf("get nns contract: %w", err)
 	}
@ -62,7 +62,7 @@ func GetContractDeployData(c *InitializeContext, ctrName string, keysParam []any
 		// In case if NNS is updated multiple times, we can't calculate
 		// it's actual hash based on local data, thus query chain.
 		r := management.NewReader(c.ReadOnlyInvoker)
-		nnsCs, err := GetContractByID(r, 1)
+		nnsCs, err := r.GetContractByID(1)
 		if err != nil {
 			return nil, fmt.Errorf("get nns contract: %w", err)
 		}
@ -82,7 +82,7 @@ func GetContractDeployData(c *InitializeContext, ctrName string, keysParam []any
 			h, found, err = getFrostfsIDAdminFromContract(c.ReadOnlyInvoker)
 		}
 		if method != constants.UpdateMethodName || err == nil && !found {
-			h, found, err = getFrostfsIDAdmin(viper.GetViper())
+			h, found, err = GetFrostfsIDAdmin(viper.GetViper())
 		}
 		if err != nil {
 			return nil, err
@ -116,7 +116,7 @@ func GetContractDeployData(c *InitializeContext, ctrName string, keysParam []any
 	case constants.PolicyContract:
 		items = append(items, c.Contracts[constants.ProxyContract].Hash)
 	default:
-		panic("invalid contract name: " + ctrName)
+		panic(fmt.Sprintf("invalid contract name: %s", ctrName))
 	}
 	return items, nil
 }
@ -166,6 +166,5 @@ func DeployNNS(c *InitializeContext, method string) error {
 		return fmt.Errorf("can't send deploy transaction: %w", err)
 	}
 	c.Command.Println("NNS hash:", invokeHash.StringLE())
 	return c.AwaitTx()
 }
--- a/cmd/frostfs-adm/internal/modules/morph/helper/download.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/download.go
@ -14,8 +14,6 @@ import (
 	"github.com/spf13/cobra"
 )
 var errNoReleasesFound = errors.New("attempt to fetch contracts archive from the offitial repository failed: no releases found")
 func downloadContracts(cmd *cobra.Command, url string) (io.ReadCloser, error) {
 	cmd.Printf("Downloading contracts archive from '%s'\n", url)
@ -63,7 +61,7 @@ func downloadContractsFromRepository(cmd *cobra.Command) (io.ReadCloser, error)
 	}
 	if latestRelease == nil {
-		return nil, errNoReleasesFound
+		return nil, fmt.Errorf("attempt to fetch contracts archive from the offitial repository failed: no releases found")
 	}
 	cmd.Printf("Found release %s (%s)\n", latestRelease.TagName, latestRelease.Title)
--- a/cmd/frostfs-adm/internal/modules/morph/helper/frostfsid.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/frostfsid.go
@ -11,7 +11,7 @@ import (
 const frostfsIDAdminConfigKey = "frostfsid.admin"
-func getFrostfsIDAdmin(v *viper.Viper) (util.Uint160, bool, error) {
+func GetFrostfsIDAdmin(v *viper.Viper) (util.Uint160, bool, error) {
 	admin := v.GetString(frostfsIDAdminConfigKey)
 	if admin == "" {
 		return util.Uint160{}, false, nil
--- a/cmd/frostfs-adm/internal/modules/morph/helper/frostfsid_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/frostfsid_test.go
@ -1,53 +0,0 @@
 package helper
 import (
 	"encoding/hex"
 	"testing"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 )
 func TestFrostfsIDConfig(t *testing.T) {
 	pks := make([]*keys.PrivateKey, 4)
 	for i := range pks {
 		pk, err := keys.NewPrivateKey()
 		require.NoError(t, err)
 		pks[i] = pk
 	}
 	fmts := []string{
 		pks[0].GetScriptHash().StringLE(),
 		address.Uint160ToString(pks[1].GetScriptHash()),
 		hex.EncodeToString(pks[2].PublicKey().UncompressedBytes()),
 		hex.EncodeToString(pks[3].PublicKey().Bytes()),
 	}
 	for i := range fmts {
 		v := viper.New()
 		v.Set("frostfsid.admin", fmts[i])
 		actual, found, err := getFrostfsIDAdmin(v)
 		require.NoError(t, err)
 		require.True(t, found)
 		require.Equal(t, pks[i].GetScriptHash(), actual)
 	}
 	t.Run("bad key", func(t *testing.T) {
 		v := viper.New()
 		v.Set("frostfsid.admin", "abc")
 		_, found, err := getFrostfsIDAdmin(v)
 		require.Error(t, err)
 		require.True(t, found)
 	})
 	t.Run("missing key", func(t *testing.T) {
 		v := viper.New()
 		_, found, err := getFrostfsIDAdmin(v)
 		require.NoError(t, err)
 		require.False(t, found)
 	})
 }
--- a/cmd/frostfs-adm/internal/modules/morph/helper/initialize_ctx.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/initialize_ctx.go
@ -3,7 +3,6 @@ package helper
 import (
 	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
 	io2 "io"
 	"os"
@ -34,11 +33,6 @@ import (
 	"github.com/spf13/viper"
 )
 var (
 	errNegativeDuration = errors.New("epoch duration must be positive")
 	errNegativeSize     = errors.New("max object size must be positive")
 )
 type ContractState struct {
 	NEF         *nef.File
 	RawNEF      []byte
@ -134,12 +128,12 @@ func NewInitializeContext(cmd *cobra.Command, v *viper.Viper) (*InitializeContex
 		return nil, err
 	}
-	accounts, err := getSingleAccounts(wallets)
+	accounts, err := createWalletAccounts(wallets)
 	if err != nil {
 		return nil, err
 	}
-	cliCtx, err := defaultClientContext(c, committeeAcc)
+	cliCtx, err := DefaultClientContext(c, committeeAcc)
 	if err != nil {
 		return nil, fmt.Errorf("client context: %w", err)
 	}
@ -172,11 +166,11 @@ func validateInit(cmd *cobra.Command) error {
 		return nil
 	}
 	if viper.GetInt64(commonflags.EpochDurationInitFlag) <= 0 {
-		return errNegativeDuration
+		return fmt.Errorf("epoch duration must be positive")
 	}
 	if viper.GetInt64(commonflags.MaxObjectSizeInitFlag) <= 0 {
-		return errNegativeSize
+		return fmt.Errorf("max object size must be positive")
 	}
 	return nil
@ -191,7 +185,7 @@ func createClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet)
 		}
 		c, err = NewLocalClient(cmd, v, wallets, ldf.Value.String())
 	} else {
-		c, err = NewRemoteClient(v)
+		c, err = GetN3Client(v)
 	}
 	if err != nil {
 		return nil, fmt.Errorf("can't create N3 client: %w", err)
@ -211,7 +205,7 @@ func getContractsPath(cmd *cobra.Command, needContracts bool) (string, error) {
 	return ctrPath, nil
 }
-func getSingleAccounts(wallets []*wallet.Wallet) ([]*wallet.Account, error) {
+func createWalletAccounts(wallets []*wallet.Wallet) ([]*wallet.Account, error) {
 	accounts := make([]*wallet.Account, len(wallets))
 	for i, w := range wallets {
 		acc, err := GetWalletAccount(w, constants.SingleAccountName)
--- a/cmd/frostfs-adm/internal/modules/morph/helper/local_client.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/local_client.go
@ -8,7 +8,6 @@ import (
 	"sort"
 	"time"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/config"
@ -45,10 +44,11 @@ type LocalClient struct {
 	transactions []*transaction.Transaction
 	dumpPath     string
 	accounts     []*wallet.Account
 	maxGasInvoke int64
 }
 func NewLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet, dumpPath string) (*LocalClient, error) {
-	cfg, err := config.LoadFile(v.GetString(commonflags.ProtoConfigPath))
+	cfg, err := config.LoadFile(v.GetString(constants.ProtoConfigPath))
 	if err != nil {
 		return nil, err
 	}
@ -58,59 +58,17 @@ func NewLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet
 		return nil, err
 	}
-	go bc.Run()
+	m := smartcontract.GetDefaultHonestNodeCount(int(cfg.ProtocolConfiguration.ValidatorsCount))
 	accounts, err := getBlockSigningAccounts(cfg.ProtocolConfiguration, wallets)
 	if err != nil {
 		return nil, err
 	}
 	if cmd.Name() != "init" {
 		if err := restoreDump(bc, dumpPath); err != nil {
 			return nil, fmt.Errorf("restore dump: %w", err)
 		}
 	}
 	return &LocalClient{
 		bc:       bc,
 		dumpPath: dumpPath,
 		accounts: accounts,
 	}, nil
 }
 func restoreDump(bc *core.Blockchain, dumpPath string) error {
 	f, err := os.OpenFile(dumpPath, os.O_RDONLY, 0o600)
 	if err != nil {
 		return fmt.Errorf("can't open local dump: %w", err)
 	}
 	defer f.Close()
 	r := io.NewBinReaderFromIO(f)
 	var skip uint32
 	if bc.BlockHeight() != 0 {
 		skip = bc.BlockHeight() + 1
 	}
 	count := r.ReadU32LE() - skip
 	if err := chaindump.Restore(bc, r, skip, count, nil); err != nil {
 		return err
 	}
 	return nil
 }
 func getBlockSigningAccounts(cfg config.ProtocolConfiguration, wallets []*wallet.Wallet) ([]*wallet.Account, error) {
 	accounts := make([]*wallet.Account, len(wallets))
 	for i := range accounts {
-		acc, err := GetWalletAccount(wallets[i], constants.ConsensusAccountName)
+		accounts[i], err = GetWalletAccount(wallets[i], constants.ConsensusAccountName)
 		if err != nil {
 			return nil, err
 		}
 		accounts[i] = acc
 	}
 	indexMap := make(map[string]int)
-	for i, pub := range cfg.StandbyCommittee {
+	for i, pub := range cfg.ProtocolConfiguration.StandbyCommittee {
 		indexMap[pub] = i
 	}
@ -119,19 +77,45 @@ func getBlockSigningAccounts(cfg config.ProtocolConfiguration, wallets []*wallet
 		pj := accounts[j].PrivateKey().PublicKey().Bytes()
 		return indexMap[string(pi)] < indexMap[string(pj)]
 	})
-	sort.Slice(accounts[:cfg.ValidatorsCount], func(i, j int) bool {
+	sort.Slice(accounts[:cfg.ProtocolConfiguration.ValidatorsCount], func(i, j int) bool {
 		return accounts[i].PublicKey().Cmp(accounts[j].PublicKey()) == -1
 	})
-	m := smartcontract.GetDefaultHonestNodeCount(int(cfg.ValidatorsCount))
+	go bc.Run()
-	return accounts[:m], nil
+
 	if cmd.Name() != "init" {
 		f, err := os.OpenFile(dumpPath, os.O_RDONLY, 0o600)
 		if err != nil {
 			return nil, fmt.Errorf("can't open local dump: %w", err)
 		}
 		defer f.Close()
 		r := io.NewBinReaderFromIO(f)
 		var skip uint32
 		if bc.BlockHeight() != 0 {
 			skip = bc.BlockHeight() + 1
 		}
 		count := r.ReadU32LE() - skip
 		if err := chaindump.Restore(bc, r, skip, count, nil); err != nil {
 			return nil, fmt.Errorf("can't restore local dump: %w", err)
 		}
 	}
 	return &LocalClient{
 		bc:           bc,
 		dumpPath:     dumpPath,
 		accounts:     accounts[:m],
 		maxGasInvoke: 15_0000_0000,
 	}, nil
 }
 func (l *LocalClient) GetBlockCount() (uint32, error) {
 	return l.bc.BlockHeight(), nil
 }
-func (l *LocalClient) GetNativeContracts() ([]state.Contract, error) {
+func (l *LocalClient) GetNativeContracts() ([]state.NativeContract, error) {
 	return l.bc.GetNatives(), nil
 }
@ -145,6 +129,11 @@ func (l *LocalClient) GetApplicationLog(h util.Uint256, t *trigger.Type) (*resul
 	return &a, nil
 }
 func (l *LocalClient) GetCommittee() (keys.PublicKeys, error) {
 	// not used by `morph init` command
 	panic("unexpected call")
 }
 // InvokeFunction is implemented via `InvokeScript`.
 func (l *LocalClient) InvokeFunction(h util.Uint160, method string, sPrm []smartcontract.Parameter, ss []transaction.Signer) (*result.Invoke, error) {
 	var err error
@ -237,7 +226,7 @@ func (l *LocalClient) CalculateNetworkFee(tx *transaction.Transaction) (int64, e
 					paramz = []manifest.Parameter{{Type: smartcontract.SignatureType}}
 				} else if nSigs, _, ok := vm.ParseMultiSigContract(w.VerificationScript); ok {
 					paramz = make([]manifest.Parameter, nSigs)
-					for j := range nSigs {
+					for j := 0; j < nSigs; j++ {
 						paramz[j] = manifest.Parameter{Type: smartcontract.SignatureType}
 					}
 				}
@ -308,7 +297,13 @@ func (l *LocalClient) InvokeScript(script []byte, signers []transaction.Signer)
 }
 func (l *LocalClient) SendRawTransaction(tx *transaction.Transaction) (util.Uint256, error) {
-	tx = tx.Copy()
+	// We need to test that transaction was formed correctly to catch as many errors as we can.
 	bs := tx.Bytes()
 	_, err := transaction.NewTransactionFromBytes(bs)
 	if err != nil {
 		return tx.Hash(), fmt.Errorf("invalid transaction: %w", err)
 	}
 	l.transactions = append(l.transactions, tx)
 	return tx.Hash(), nil
 }
--- a/cmd/frostfs-adm/internal/modules/morph/helper/n3client.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/n3client.go
@ -2,7 +2,6 @@ package helper
 import (
 	"context"
 	"crypto/tls"
 	"errors"
 	"fmt"
 	"time"
@ -10,6 +9,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/neorpc/result"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
@ -24,10 +24,15 @@ import (
 // Client represents N3 client interface capable of test-invoking scripts
 // and sending signed transactions to chain.
 type Client interface {
-	actor.RPCActor
+	invoker.RPCInvoke
-	GetNativeContracts() ([]state.Contract, error)
+	GetBlockCount() (uint32, error)
 	GetNativeContracts() ([]state.NativeContract, error)
 	GetApplicationLog(util.Uint256, *trigger.Type) (*result.ApplicationLog, error)
 	GetVersion() (*result.Version, error)
 	SendRawTransaction(*transaction.Transaction) (util.Uint256, error)
 	GetCommittee() (keys.PublicKeys, error)
 	CalculateNetworkFee(tx *transaction.Transaction) (int64, error)
 }
 type HashVUBPair struct {
@ -42,7 +47,7 @@ type ClientContext struct {
 	SentTxs         []HashVUBPair
 }
-func NewRemoteClient(v *viper.Viper) (Client, error) {
+func GetN3Client(v *viper.Viper) (Client, error) {
 	// number of opened connections
 	// by neo-go client per one host
 	const (
@ -55,23 +60,9 @@ func NewRemoteClient(v *viper.Viper) (Client, error) {
 	if endpoint == "" {
 		return nil, errors.New("missing endpoint")
 	}
 	var cfg *tls.Config
 	if rootCAs := v.GetStringSlice("tls.trusted_ca_list"); len(rootCAs) != 0 {
 		certFile := v.GetString("tls.certificate")
 		keyFile := v.GetString("tls.key")
 		tlsConfig, err := rpcclient.TLSClientConfig(rootCAs, certFile, keyFile)
 		if err != nil {
 			return nil, err
 		}
 		cfg = tlsConfig
 	}
 	c, err := rpcclient.New(ctx, endpoint, rpcclient.Options{
 		MaxConnsPerHost: maxConnsPerHost,
 		RequestTimeout:  requestTimeout,
 		TLSClientConfig: cfg,
 	})
 	if err != nil {
 		return nil, err
@ -82,14 +73,8 @@ func NewRemoteClient(v *viper.Viper) (Client, error) {
 	return c, nil
 }
-func defaultClientContext(c Client, committeeAcc *wallet.Account) (*ClientContext, error) {
+func DefaultClientContext(c Client, committeeAcc *wallet.Account) (*ClientContext, error) {
-	commAct, err := actor.New(c, []actor.SignerAccount{{
+	commAct, err := NewActor(c, committeeAcc)
 		Signer: transaction.Signer{
 			Account: committeeAcc.Contract.ScriptHash(),
 			Scopes:  transaction.Global,
 		},
 		Account: committeeAcc,
 	}})
 	if err != nil {
 		return nil, err
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/netmap.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/netmap.go
@ -29,14 +29,10 @@ var NetmapConfigKeys = []string{
 	netmap.MaintenanceModeAllowedConfig,
 }
 var errFailedToFetchListOfNetworkKeys = errors.New("can't fetch list of network config keys from the netmap contract")
 func GetDefaultNetmapContractConfigMap() map[string]any {
 	m := make(map[string]any)
 	m[netmap.EpochDurationConfig] = viper.GetInt64(commonflags.EpochDurationInitFlag)
 	m[netmap.MaxObjectSizeConfig] = viper.GetInt64(commonflags.MaxObjectSizeInitFlag)
 	m[netmap.MaxECDataCountConfig] = viper.GetInt64(commonflags.MaxECDataCountFlag)
 	m[netmap.MaxECParityCountConfig] = viper.GetInt64(commonflags.MaxECParityCounFlag)
 	m[netmap.ContainerFeeConfig] = viper.GetInt64(commonflags.ContainerFeeInitFlag)
 	m[netmap.ContainerAliasFeeConfig] = viper.GetInt64(commonflags.ContainerAliasFeeInitFlag)
 	m[netmap.IrCandidateFeeConfig] = viper.GetInt64(commonflags.CandidateFeeInitFlag)
@ -72,17 +68,13 @@ func InvalidConfigValueErr(key string) error {
 	return fmt.Errorf("invalid %s config value from netmap contract", key)
 }
-func EmitNewEpochCall(bw *io.BufBinWriter, wCtx *InitializeContext, nmHash util.Uint160, countEpoch int64) error {
+func EmitNewEpochCall(bw *io.BufBinWriter, wCtx *InitializeContext, nmHash util.Uint160) error {
 	if countEpoch <= 0 {
 		return errors.New("number of epochs cannot be less than 1")
 	}
 	curr, err := unwrap.Int64(wCtx.ReadOnlyInvoker.Call(nmHash, "epoch"))
 	if err != nil {
 		return errors.New("can't fetch current epoch from the netmap contract")
 	}
-	newEpoch := curr + countEpoch
+	newEpoch := curr + 1
 	wCtx.Command.Printf("Current epoch: %d, increase to %d.\n", curr, newEpoch)
 	// In NeoFS this is done via Notary contract. Here, however, we can form the
@ -93,7 +85,7 @@ func EmitNewEpochCall(bw *io.BufBinWriter, wCtx *InitializeContext, nmHash util.
 func GetNetConfigFromNetmapContract(roInvoker *invoker.Invoker) ([]stackitem.Item, error) {
 	r := management.NewReader(roInvoker)
-	cs, err := GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return nil, fmt.Errorf("get nns contract: %w", err)
 	}
@ -103,7 +95,7 @@ func GetNetConfigFromNetmapContract(roInvoker *invoker.Invoker) ([]stackitem.Ite
 	}
 	arr, err := unwrap.Array(roInvoker.Call(nmHash, "listConfig"))
 	if err != nil {
-		return nil, errFailedToFetchListOfNetworkKeys
+		return nil, fmt.Errorf("can't fetch list of network config keys from the netmap contract")
 	}
 	return arr, err
 }
--- a/cmd/frostfs-adm/internal/modules/morph/helper/util.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/util.go
@ -14,36 +14,14 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
-	"github.com/nspcc-dev/neo-go/cli/input"
+	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/viper"
 )
 func getRegularWallet(walletPath string) (*wallet.Wallet, error) {
 	w, err := wallet.NewWalletFromFile(walletPath)
 	if err != nil {
 		return nil, err
 	}
 	password, err := input.ReadPassword("Enter password for wallet:")
 	if err != nil {
 		return nil, fmt.Errorf("can't fetch password: %w", err)
 	}
 	for i := range w.Accounts {
 		if err = w.Accounts[i].Decrypt(password, keys.NEP2ScryptParams()); err != nil {
 			err = fmt.Errorf("can't unlock wallet: %w", err)
 			break
 		}
 	}
 	return w, err
 }
 func GetAlphabetWallets(v *viper.Viper, walletDir string) ([]*wallet.Wallet, error) {
 	wallets, err := openAlphabetWallets(v, walletDir)
 	if err != nil {
@ -62,51 +40,58 @@ func openAlphabetWallets(v *viper.Viper, walletDir string) ([]*wallet.Wallet, er
 		return nil, fmt.Errorf("can't read alphabet wallets dir: %w", err)
 	}
-	var wallets []*wallet.Wallet
+	var size int
-	var letter string
+loop:
-	for i := range constants.MaxAlphabetNodes {
+	for i := 0; i < len(walletFiles); i++ {
-		letter = innerring.GlagoliticLetter(i).String()
+		name := innerring.GlagoliticLetter(i).String() + ".json"
-		p := filepath.Join(walletDir, letter+".json")
+		for j := range walletFiles {
-		var w *wallet.Wallet
+			if walletFiles[j].Name() == name {
-		w, err = wallet.NewWalletFromFile(p)
+				size++
-		if err != nil {
+				continue loop
 			if errors.Is(err, os.ErrNotExist) {
 				err = nil
 			} else {
 				err = fmt.Errorf("can't open alphabet wallet: %w", err)
 			}
-			break
+		}
 		break
 	}
 	if size == 0 {
 		return nil, errors.New("alphabet wallets dir is empty (run `generate-alphabet` command first)")
 	}
 	wallets := make([]*wallet.Wallet, size)
 	for i := 0; i < size; i++ {
 		letter := innerring.GlagoliticLetter(i).String()
 		p := filepath.Join(walletDir, letter+".json")
 		w, err := wallet.NewWalletFromFile(p)
 		if err != nil {
 			return nil, fmt.Errorf("can't open wallet: %w", err)
 		}
-		var password string
+		password, err := config.GetPassword(v, letter)
 		password, err = config.GetPassword(v, letter)
 		if err != nil {
-			err = fmt.Errorf("can't fetch password: %w", err)
+			return nil, fmt.Errorf("can't fetch password: %w", err)
 			break
 		}
 		for i := range w.Accounts {
-			if err = w.Accounts[i].Decrypt(password, keys.NEP2ScryptParams()); err != nil {
+			if err := w.Accounts[i].Decrypt(password, keys.NEP2ScryptParams()); err != nil {
-				err = fmt.Errorf("can't unlock wallet: %w", err)
+				return nil, fmt.Errorf("can't unlock wallet: %w", err)
 				break
 			}
 		}
-		wallets = append(wallets, w)
+		wallets[i] = w
 	}
 	if err != nil {
 		return nil, fmt.Errorf("can't read wallet for letter '%s': %w", letter, err)
 	}
 	if len(wallets) == 0 {
 		err = errors.New("there are no alphabet wallets in dir (run `generate-alphabet` command first)")
 		if len(walletFiles) > 0 {
 			err = fmt.Errorf("use glagolitic names for wallets(run `print-alphabet`): %w", err)
 		}
 		return nil, err
 	}
 	return wallets, nil
 }
 func NewActor(c actor.RPCActor, committeeAcc *wallet.Account) (*actor.Actor, error) {
 	return actor.New(c, []actor.SignerAccount{{
 		Signer: transaction.Signer{
 			Account: committeeAcc.Contract.ScriptHash(),
 			Scopes:  transaction.Global,
 		},
 		Account: committeeAcc,
 	}})
 }
 func ReadContract(ctrPath, ctrName string) (*ContractState, error) {
 	rawNef, err := os.ReadFile(filepath.Join(ctrPath, ctrName+"_contract.nef"))
 	if err != nil {
@ -137,11 +122,11 @@ func readContractsFromArchive(file io.Reader, names []string) (map[string]*Contr
 	}
 	r := tar.NewReader(gr)
-	var h *tar.Header
+	for h, err := r.Next(); ; h, err = r.Next() {
-	for h, err = r.Next(); err == nil && h != nil; h, err = r.Next() {
+		if err != nil {
-		if h.Typeflag != tar.TypeReg {
+			break
 			continue
 		}
 		dir, _ := filepath.Split(h.Name)
 		ctrName := filepath.Base(dir)
@ -164,9 +149,6 @@ func readContractsFromArchive(file io.Reader, names []string) (map[string]*Contr
 		}
 		m[ctrName] = cs
 	}
 	if err != nil && err != io.EOF {
 		return nil, fmt.Errorf("can't read contracts from archive: %w", err)
 	}
 	for ctrName, cs := range m {
 		if cs.RawNEF == nil {
@ -193,18 +175,3 @@ func ParseGASAmount(s string) (fixedn.Fixed8, error) {
 	}
 	return gasAmount, nil
 }
 // GetContractByID retrieves a contract by its ID using the standard GetContractByID method.
 // However, if the returned state.Contract is nil, it returns an error indicating that the contract was not found.
 // See https://git.frostfs.info/TrueCloudLab/frostfs-node/issues/1210
 func GetContractByID(r *management.ContractReader, id int32) (*state.Contract, error) {
 	cs, err := r.GetContractByID(id)
 	if err != nil {
 		return nil, err
 	}
 	if cs == nil {
 		return nil, errors.New("contract not found")
 	}
 	return cs, nil
 }
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_nns.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_nns.go
@ -21,7 +21,7 @@ import (
 func setNNS(c *helper.InitializeContext) error {
 	r := management.NewReader(c.ReadOnlyInvoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	if err != nil {
 		return err
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_register.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_register.go
@ -100,7 +100,10 @@ func registerCandidates(c *helper.InitializeContext) error {
 	// Register candidates in batches in order to overcome the signers amount limit.
 	// See: https://github.com/nspcc-dev/neo-go/blob/master/pkg/core/transaction/transaction.go#L27
 	for i := 0; i < need; i += registerBatchSize {
-		start, end := i, min(i+registerBatchSize, need)
+		start, end := i, i+registerBatchSize
 		if end > need {
 			end = need
 		}
 		// This check is sound because transactions are accepted/rejected atomically.
 		if have >= end {
 			continue
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_roles.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_roles.go
@ -1,8 +1,6 @@
 package initialize
 import (
 	"fmt"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/noderoles"
 	"github.com/nspcc-dev/neo-go/pkg/io"
@ -31,14 +29,10 @@ func setNotaryAndAlphabetNodes(c *helper.InitializeContext) error {
 		callflag.States|callflag.AllowNotify, int64(noderoles.NeoFSAlphabet), pubs)
 	if err := c.SendCommitteeTx(w.Bytes(), false); err != nil {
-		return fmt.Errorf("send committee transaction: %w", err)
+		return err
 	}
-	err := c.AwaitTx()
+	return c.AwaitTx()
 	if err != nil {
 		err = fmt.Errorf("await committee transaction: %w", err)
 	}
 	return err
 }
 func setRolesFinished(c *helper.InitializeContext) (bool, error) {
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_test.go
@ -62,7 +62,7 @@ func testInitialize(t *testing.T, committeeSize int) {
 	v := viper.GetViper()
 	require.NoError(t, generateTestData(testdataDir, committeeSize))
-	v.Set(commonflags.ProtoConfigPath, filepath.Join(testdataDir, protoFileName))
+	v.Set(constants.ProtoConfigPath, filepath.Join(testdataDir, protoFileName))
 	// Set to the path or remove the next statement to download from the network.
 	require.NoError(t, Cmd.Flags().Set(commonflags.ContractsInitFlag, contractsPath))
@ -113,7 +113,7 @@ func generateTestData(dir string, size int) error {
 	}
 	var pubs []string
-	for i := range size {
+	for i := 0; i < size; i++ {
 		p := filepath.Join(dir, innerring.GlagoliticLetter(i).String()+".json")
 		w, err := wallet.NewWalletFromFile(p)
 		if err != nil {
@ -148,7 +148,7 @@ func generateTestData(dir string, size int) error {
 }
 func setTestCredentials(v *viper.Viper, size int) {
-	for i := range size {
+	for i := 0; i < size; i++ {
 		v.Set("credentials."+innerring.GlagoliticLetter(i).String(), strconv.FormatUint(uint64(i), 10))
 	}
 	v.Set("credentials.contract", constants.TestContractPassword)
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_transfer.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_transfer.go
@ -3,7 +3,6 @@ package initialize
 import (
 	"fmt"
 	"math/big"
 	"strings"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
@ -22,16 +21,13 @@ import (
 )
 const (
 	gasInitialTotalSupply = 30000000 * native.GASFactor
 	// initialAlphabetGASAmount represents the amount of GAS given to each alphabet node.
 	initialAlphabetGASAmount = 10_000 * native.GASFactor
 	// initialProxyGASAmount represents the amount of GAS given to a proxy contract.
 	initialProxyGASAmount = 50_000 * native.GASFactor
 )
 func initialCommitteeGASAmount(c *helper.InitializeContext, initialGasDistribution int64) int64 {
 	return (initialGasDistribution - initialAlphabetGASAmount*int64(len(c.Wallets))) / 2
 }
 func transferFunds(c *helper.InitializeContext) error {
 	ok, err := transferFundsFinished(c)
 	if ok || err != nil {
@ -41,11 +37,6 @@ func transferFunds(c *helper.InitializeContext) error {
 		return err
 	}
 	version, err := c.Client.GetVersion()
 	if err != nil {
 		return err
 	}
 	var transfers []transferTarget
 	for _, acc := range c.Accounts {
 		to := acc.Contract.ScriptHash()
@ -63,7 +54,7 @@ func transferFunds(c *helper.InitializeContext) error {
 		transferTarget{
 			Token:   gas.Hash,
 			Address: c.CommitteeAcc.Contract.ScriptHash(),
-			Amount:  initialCommitteeGASAmount(c, int64(version.Protocol.InitialGasDistribution)),
+			Amount:  (gasInitialTotalSupply - initialAlphabetGASAmount*int64(len(c.Wallets))) / 2,
 		},
 		transferTarget{
 			Token:   neo.Hash,
@ -84,26 +75,12 @@ func transferFunds(c *helper.InitializeContext) error {
 	return c.AwaitTx()
 }
 // transferFundsFinished checks balances of accounts we transfer GAS to.
 // The stage is considered finished if the balance is greater than the half of what we need to transfer.
 func transferFundsFinished(c *helper.InitializeContext) (bool, error) {
 	acc := c.Accounts[0]
 	r := nep17.NewReader(c.ReadOnlyInvoker, gas.Hash)
-	res, err := r.BalanceOf(c.ConsensusAcc.ScriptHash())
+	res, err := r.BalanceOf(acc.Contract.ScriptHash())
-	if err != nil {
+	return res.Cmp(big.NewInt(initialAlphabetGASAmount/2)) == 1, err
 		return false, err
 	}
 	version, err := c.Client.GetVersion()
 	if err != nil || res.Cmp(big.NewInt(int64(version.Protocol.InitialGasDistribution))) != -1 {
 		return false, err
 	}
 	res, err = r.BalanceOf(c.CommitteeAcc.ScriptHash())
 	if err != nil {
 		return false, err
 	}
 	return res != nil && res.Cmp(big.NewInt(initialCommitteeGASAmount(c, int64(version.Protocol.InitialGasDistribution)))) == 1, err
 }
 func transferGASToProxy(c *helper.InitializeContext) error {
@ -163,17 +140,5 @@ func createNEP17MultiTransferTx(c helper.Client, acc *wallet.Account, recipients
 	if err != nil {
 		return nil, fmt.Errorf("can't create actor: %w", err)
 	}
-	tx, err := act.MakeRun(w.Bytes())
+	return act.MakeRun(w.Bytes())
 	if err != nil {
 		sum := make(map[util.Uint160]int64)
 		for _, recipient := range recipients {
 			sum[recipient.Token] += recipient.Amount
 		}
 		detail := make([]string, 0, len(sum))
 		for _, value := range sum {
 			detail = append(detail, fmt.Sprintf("amount=%v", value))
 		}
 		err = fmt.Errorf("transfer failed: from=%s(%s) %s: %w", acc.Label, acc.Address, strings.Join(detail, " "), err)
 	}
 	return tx, err
 }
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/root.go
@ -2,6 +2,7 @@ package initialize
 import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@ -24,14 +25,12 @@ var Cmd = &cobra.Command{
 		_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		_ = viper.BindPFlag(commonflags.EpochDurationInitFlag, cmd.Flags().Lookup(epochDurationCLIFlag))
 		_ = viper.BindPFlag(commonflags.MaxObjectSizeInitFlag, cmd.Flags().Lookup(maxObjectSizeCLIFlag))
 		_ = viper.BindPFlag(commonflags.MaxECDataCountFlag, cmd.Flags().Lookup(commonflags.MaxECDataCountFlag))
 		_ = viper.BindPFlag(commonflags.MaxECParityCounFlag, cmd.Flags().Lookup(commonflags.MaxECParityCounFlag))
 		_ = viper.BindPFlag(commonflags.HomomorphicHashDisabledInitFlag, cmd.Flags().Lookup(homomorphicHashDisabledCLIFlag))
 		_ = viper.BindPFlag(commonflags.CandidateFeeInitFlag, cmd.Flags().Lookup(candidateFeeCLIFlag))
 		_ = viper.BindPFlag(commonflags.ContainerFeeInitFlag, cmd.Flags().Lookup(containerFeeCLIFlag))
 		_ = viper.BindPFlag(commonflags.ContainerAliasFeeInitFlag, cmd.Flags().Lookup(containerAliasFeeCLIFlag))
 		_ = viper.BindPFlag(commonflags.WithdrawFeeInitFlag, cmd.Flags().Lookup(withdrawFeeCLIFlag))
-		_ = viper.BindPFlag(commonflags.ProtoConfigPath, cmd.Flags().Lookup(commonflags.ProtoConfigPath))
+		_ = viper.BindPFlag(constants.ProtoConfigPath, cmd.Flags().Lookup(constants.ProtoConfigPath))
 	},
 	RunE: initializeSideChainCmd,
 }
@ -47,7 +46,7 @@ func initInitCmd() {
 	// Defaults are taken from neo-preodolenie.
 	Cmd.Flags().Uint64(containerFeeCLIFlag, 1000, "Container registration fee")
 	Cmd.Flags().Uint64(containerAliasFeeCLIFlag, 500, "Container alias fee")
-	Cmd.Flags().String(commonflags.ProtoConfigPath, "", "Path to the consensus node configuration")
+	Cmd.Flags().String(constants.ProtoConfigPath, "", "Path to the consensus node configuration")
 	Cmd.Flags().String(commonflags.LocalDumpFlag, "", "Path to the blocks dump file")
 	Cmd.MarkFlagsMutuallyExclusive(commonflags.ContractsInitFlag, commonflags.ContractsURLFlag)
 }
--- a/cmd/frostfs-adm/internal/modules/morph/netmap/epoch.go
+++ b/cmd/frostfs-adm/internal/modules/morph/netmap/epoch.go
@ -12,16 +12,14 @@ import (
 	"github.com/spf13/viper"
 )
 const deltaFlag = "delta"
 func ForceNewEpochCmd(cmd *cobra.Command, _ []string) error {
 	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
-		return fmt.Errorf("can't initialize context: %w", err)
+		return fmt.Errorf("can't to initialize context: %w", err)
 	}
 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -32,8 +30,7 @@ func ForceNewEpochCmd(cmd *cobra.Command, _ []string) error {
 	}
 	bw := io.NewBufBinWriter()
-	delta, _ := cmd.Flags().GetInt64(deltaFlag)
+	if err := helper.EmitNewEpochCall(bw, wCtx, nmHash); err != nil {
 	if err := helper.EmitNewEpochCall(bw, wCtx, nmHash, delta); err != nil {
 		return err
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/netmap/netmap_candidates.go
+++ b/cmd/frostfs-adm/internal/modules/morph/netmap/netmap_candidates.go
@ -13,13 +13,13 @@ import (
 )
 func listNetmapCandidatesNodes(cmd *cobra.Command, _ []string) {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client: %w", err)
 	inv := invoker.New(c, nil)
 	r := management.NewReader(inv)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract info: %w", err)
 	nmHash, err := helper.NNSResolveHash(inv, cs.Hash, helper.DomainOf(constants.NetmapContract))
--- a/cmd/frostfs-adm/internal/modules/morph/netmap/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/netmap/root.go
@ -12,6 +12,7 @@ var (
 		Short: "List netmap candidates nodes",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 		},
 		Run: listNetmapCandidatesNodes,
 	}
@ -34,7 +35,6 @@ func initForceNewEpochCmd() {
 	ForceNewEpoch.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	ForceNewEpoch.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	ForceNewEpoch.Flags().String(commonflags.LocalDumpFlag, "", "Path to the blocks dump file")
 	ForceNewEpoch.Flags().Int64(deltaFlag, 1, "Number of epochs to increase the current epoch")
 }
 func init() {
--- a/cmd/frostfs-adm/internal/modules/morph/nns/domains.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/domains.go
@ -1,93 +0,0 @@
 package nns
 import (
 	"math/big"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 func initRegisterCmd() {
 	Cmd.AddCommand(registerCmd)
 	registerCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	registerCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	registerCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
 	registerCmd.Flags().String(nnsEmailFlag, constants.FrostfsOpsEmail, "Domain owner email")
 	registerCmd.Flags().Int64(nnsRefreshFlag, constants.NNSRefreshDefVal, "SOA record REFRESH parameter")
 	registerCmd.Flags().Int64(nnsRetryFlag, constants.NNSRetryDefVal, "SOA record RETRY parameter")
 	registerCmd.Flags().Int64(nnsExpireFlag, int64(constants.DefaultExpirationTime), "SOA record EXPIRE parameter")
 	registerCmd.Flags().Int64(nnsTTLFlag, constants.NNSTtlDefVal, "SOA record TTL parameter")
 	registerCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
 	_ = cobra.MarkFlagRequired(registerCmd.Flags(), nnsNameFlag)
 }
 func registerDomain(cmd *cobra.Command, _ []string) {
 	c, actor := nnsWriter(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	email, _ := cmd.Flags().GetString(nnsEmailFlag)
 	refresh, _ := cmd.Flags().GetInt64(nnsRefreshFlag)
 	retry, _ := cmd.Flags().GetInt64(nnsRetryFlag)
 	expire, _ := cmd.Flags().GetInt64(nnsExpireFlag)
 	ttl, _ := cmd.Flags().GetInt64(nnsTTLFlag)
 	h, vub, err := c.Register(name, actor.Sender(), email, big.NewInt(refresh),
 		big.NewInt(retry), big.NewInt(expire), big.NewInt(ttl))
 	commonCmd.ExitOnErr(cmd, "unable to register domain: %w", err)
 	cmd.Println("Waiting for transaction to persist...")
 	_, err = actor.Wait(h, vub, err)
 	commonCmd.ExitOnErr(cmd, "register domain error: %w", err)
 	cmd.Println("Domain registered successfully")
 }
 func initDeleteCmd() {
 	Cmd.AddCommand(deleteCmd)
 	deleteCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	deleteCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	deleteCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
 	deleteCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
 	_ = cobra.MarkFlagRequired(deleteCmd.Flags(), nnsNameFlag)
 }
 func deleteDomain(cmd *cobra.Command, _ []string) {
 	c, actor := nnsWriter(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	h, vub, err := c.DeleteDomain(name)
 	_, err = actor.Wait(h, vub, err)
 	commonCmd.ExitOnErr(cmd, "delete domain error: %w", err)
 	cmd.Println("Domain deleted successfully")
 }
 func initSetAdminCmd() {
 	Cmd.AddCommand(setAdminCmd)
 	setAdminCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	setAdminCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	setAdminCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
 	setAdminCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
 	setAdminCmd.Flags().String(commonflags.AdminWalletPath, "", commonflags.AdminWalletUsage)
 	_ = setAdminCmd.MarkFlagRequired(commonflags.AdminWalletPath)
 	_ = cobra.MarkFlagRequired(setAdminCmd.Flags(), nnsNameFlag)
 }
 func setAdmin(cmd *cobra.Command, _ []string) {
 	c, actor := nnsWriter(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	w, err := wallet.NewWalletFromFile(viper.GetString(commonflags.AdminWalletPath))
 	commonCmd.ExitOnErr(cmd, "can't get admin wallet: %w", err)
 	h, vub, err := c.SetAdmin(name, w.GetAccount(w.GetChangeAddress()).ScriptHash())
 	_, err = actor.Wait(h, vub, err)
 	commonCmd.ExitOnErr(cmd, "Set admin error: %w", err)
 	cmd.Println("Set admin successfully")
 }
--- a/cmd/frostfs-adm/internal/modules/morph/nns/helper.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/helper.go
@ -1,67 +1,25 @@
 package nns
 import (
 	"errors"
 	client "git.frostfs.info/TrueCloudLab/frostfs-contract/rpcclient/nns"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
-func nnsWriter(cmd *cobra.Command) (*client.Contract, *helper.LocalActor) {
+func getRPCClient(cmd *cobra.Command) (*client.Contract, *helper.LocalActor, util.Uint160) {
 	v := viper.GetViper()
-	c, err := helper.NewRemoteClient(v)
+	c, err := helper.GetN3Client(v)
 	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
-	alphabetWalletPath := config.ResolveHomePath(v.GetString(commonflags.AlphabetWalletsFlag))
+	ac, err := helper.NewLocalActor(cmd, c)
 	walletPath := config.ResolveHomePath(v.GetString(commonflags.WalletPath))
 	adminWalletPath := config.ResolveHomePath(v.GetString(commonflags.AdminWalletPath))
 	var (
 		alphabet       *helper.AlphabetWallets
 		regularWallets []*helper.RegularWallets
 	)
 	if alphabetWalletPath != "" {
 		alphabet = &helper.AlphabetWallets{Path: alphabetWalletPath, Label: constants.ConsensusAccountName}
 	}
 	if walletPath != "" {
 		regularWallets = append(regularWallets, &helper.RegularWallets{Path: walletPath})
 	}
 	if adminWalletPath != "" {
 		regularWallets = append(regularWallets, &helper.RegularWallets{Path: adminWalletPath})
 	}
 	if alphabet == nil && regularWallets == nil {
 		commonCmd.ExitOnErr(cmd, "", errors.New("no wallets provided"))
 	}
 	ac, err := helper.NewLocalActor(c, alphabet, regularWallets...)
 	commonCmd.ExitOnErr(cmd, "can't create actor: %w", err)
 	r := management.NewReader(ac.Invoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
-	return client.New(ac, nnsCs.Hash), ac
+	return client.New(ac, nnsCs.Hash), ac, nnsCs.Hash
 }
 func nnsReader(cmd *cobra.Command) (*client.ContractReader, *invoker.Invoker) {
 	c, err := helper.NewRemoteClient(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
 	inv := invoker.New(c, nil)
 	r := management.NewReader(inv)
 	nnsCs, err := helper.GetContractByID(r, 1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
 	return client.NewReader(inv, nnsCs.Hash), inv
 }
--- a/cmd/frostfs-adm/internal/modules/morph/nns/record.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/record.go
@ -8,6 +8,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	"github.com/spf13/cobra"
 )
@ -19,7 +20,6 @@ func initAddRecordCmd() {
 	addRecordCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
 	addRecordCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
 	addRecordCmd.Flags().String(nnsRecordDataFlag, "", nnsRecordDataFlagDesc)
 	addRecordCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
 	_ = cobra.MarkFlagRequired(addRecordCmd.Flags(), nnsNameFlag)
 	_ = cobra.MarkFlagRequired(addRecordCmd.Flags(), nnsRecordTypeFlag)
@ -29,6 +29,7 @@ func initAddRecordCmd() {
 func initGetRecordsCmd() {
 	Cmd.AddCommand(getRecordsCmd)
 	getRecordsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	getRecordsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	getRecordsCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
 	getRecordsCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
@ -41,28 +42,13 @@ func initDelRecordsCmd() {
 	delRecordsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	delRecordsCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
 	delRecordsCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
 	delRecordsCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
 	_ = cobra.MarkFlagRequired(delRecordsCmd.Flags(), nnsNameFlag)
 	_ = cobra.MarkFlagRequired(delRecordsCmd.Flags(), nnsRecordTypeFlag)
 }
 func initDelRecordCmd() {
 	Cmd.AddCommand(delRecordCmd)
 	delRecordCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	delRecordCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	delRecordCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
 	delRecordCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
 	delRecordCmd.Flags().String(nnsRecordDataFlag, "", nnsRecordDataFlagDesc)
 	delRecordCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, "", commonflags.WalletPathUsage)
 	_ = cobra.MarkFlagRequired(delRecordCmd.Flags(), nnsNameFlag)
 	_ = cobra.MarkFlagRequired(delRecordCmd.Flags(), nnsRecordTypeFlag)
 	_ = cobra.MarkFlagRequired(delRecordCmd.Flags(), nnsRecordDataFlag)
 }
 func addRecord(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
+	c, actor, _ := getRPCClient(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	data, _ := cmd.Flags().GetString(nnsRecordDataFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
@ -78,16 +64,16 @@ func addRecord(cmd *cobra.Command, _ []string) {
 }
 func getRecords(cmd *cobra.Command, _ []string) {
-	c, inv := nnsReader(cmd)
+	c, act, hash := getRPCClient(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
 	if recordType == "" {
-		sid, r, err := c.GetAllRecords(name)
+		sid, r, err := unwrap.SessionIterator(act.Invoker.Call(hash, "getAllRecords", name))
 		commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
 		defer func() {
-			_ = inv.TerminateSession(sid)
+			_ = act.Invoker.TerminateSession(sid)
 		}()
-		items, err := inv.TraverseIterator(sid, &r, 0)
+		items, err := act.Invoker.TraverseIterator(sid, &r, 0)
 		commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
 		for len(items) != 0 {
 			for j := range items {
@ -98,7 +84,7 @@ func getRecords(cmd *cobra.Command, _ []string) {
 					recordTypeToString(nns.RecordType(rs[1].Value().(*big.Int).Int64())),
 					string(bs))
 			}
-			items, err = inv.TraverseIterator(sid, &r, 0)
+			items, err = act.Invoker.TraverseIterator(sid, &r, 0)
 			commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
 		}
 	} else {
@ -115,7 +101,7 @@ func getRecords(cmd *cobra.Command, _ []string) {
 }
 func delRecords(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
+	c, actor, _ := getRPCClient(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
 	typ, err := getRecordType(recordType)
@ -129,22 +115,6 @@ func delRecords(cmd *cobra.Command, _ []string) {
 	cmd.Println("Records removed successfully")
 }
 func delRecord(cmd *cobra.Command, _ []string) {
 	c, actor := nnsWriter(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	data, _ := cmd.Flags().GetString(nnsRecordDataFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
 	typ, err := getRecordType(recordType)
 	commonCmd.ExitOnErr(cmd, "unable to parse record type: %w", err)
 	h, vub, err := c.DeleteRecord(name, typ, data)
 	commonCmd.ExitOnErr(cmd, "unable to delete record: %w", err)
 	cmd.Println("Waiting for transaction to persist...")
 	_, err = actor.Wait(h, vub, err)
 	commonCmd.ExitOnErr(cmd, "delete records error: %w", err)
 	cmd.Println("Record removed successfully")
 }
 func getRecordType(recordType string) (*big.Int, error) {
 	switch strings.ToUpper(recordType) {
 	case "A":
--- a/cmd/frostfs-adm/internal/modules/morph/nns/register.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/register.go
@ -0,0 +1,44 @@
 package nns
 import (
 	"math/big"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/spf13/cobra"
 )
 func initRegisterCmd() {
 	Cmd.AddCommand(registerCmd)
 	registerCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	registerCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	registerCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
 	registerCmd.Flags().String(nnsEmailFlag, constants.FrostfsOpsEmail, "Domain owner email")
 	registerCmd.Flags().Int64(nnsRefreshFlag, constants.NNSRefreshDefVal, "SOA record REFRESH parameter")
 	registerCmd.Flags().Int64(nnsRetryFlag, constants.NNSRetryDefVal, "SOA record RETRY parameter")
 	registerCmd.Flags().Int64(nnsExpireFlag, int64(constants.DefaultExpirationTime), "SOA record EXPIRE parameter")
 	registerCmd.Flags().Int64(nnsTTLFlag, constants.NNSTtlDefVal, "SOA record TTL parameter")
 	_ = cobra.MarkFlagRequired(registerCmd.Flags(), nnsNameFlag)
 }
 func registerDomain(cmd *cobra.Command, _ []string) {
 	c, actor, _ := getRPCClient(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	email, _ := cmd.Flags().GetString(nnsEmailFlag)
 	refresh, _ := cmd.Flags().GetInt64(nnsRefreshFlag)
 	retry, _ := cmd.Flags().GetInt64(nnsRetryFlag)
 	expire, _ := cmd.Flags().GetInt64(nnsExpireFlag)
 	ttl, _ := cmd.Flags().GetInt64(nnsTTLFlag)
 	h, vub, err := c.Register(name, actor.Sender(), email, big.NewInt(refresh),
 		big.NewInt(retry), big.NewInt(expire), big.NewInt(ttl))
 	commonCmd.ExitOnErr(cmd, "unable to register domain: %w", err)
 	cmd.Println("Waiting for transaction to persist...")
 	_, err = actor.Wait(h, vub, err)
 	commonCmd.ExitOnErr(cmd, "register domain error: %w", err)
 	cmd.Println("Domain registered successfully")
 }
--- a/cmd/frostfs-adm/internal/modules/morph/nns/renew.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/renew.go
@ -14,7 +14,7 @@ func initRenewCmd() {
 }
 func renewDomain(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
+	c, actor, _ := getRPCClient(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	h, vub, err := c.Renew(name)
 	commonCmd.ExitOnErr(cmd, "unable to renew domain: %w", err)
--- a/cmd/frostfs-adm/internal/modules/morph/nns/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/root.go
@ -39,20 +39,9 @@ var (
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
 		},
 		Run: registerDomain,
 	}
 	deleteCmd = &cobra.Command{
 		Use:   "delete",
 		Short: "Delete a domain by name",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
 		},
 		Run: deleteDomain,
 	}
 	renewCmd = &cobra.Command{
 		Use:   "renew",
 		Short: "Increases domain expiration date",
@ -77,7 +66,6 @@ var (
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
 		},
 		Run: addRecord,
 	}
@ -95,42 +83,17 @@ var (
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
 		},
 		Run: delRecords,
 	}
 	delRecordCmd = &cobra.Command{
 		Use:   "delete-record",
 		Short: "Removes domain record with the specified type and data",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
 		},
 		Run: delRecord,
 	}
 	setAdminCmd = &cobra.Command{
 		Use:   "set-admin",
 		Short: "Sets admin for domain",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.WalletPath, cmd.Flags().Lookup(commonflags.WalletPath))
 			_ = viper.BindPFlag(commonflags.AdminWalletPath, cmd.Flags().Lookup(commonflags.AdminWalletPath))
 		},
 		Run: setAdmin,
 	}
 )
 func init() {
 	initTokensCmd()
 	initRegisterCmd()
 	initDeleteCmd()
 	initRenewCmd()
 	initUpdateCmd()
 	initAddRecordCmd()
 	initGetRecordsCmd()
 	initDelRecordsCmd()
 	initDelRecordCmd()
 	initSetAdminCmd()
 }
--- a/cmd/frostfs-adm/internal/modules/morph/nns/tokens.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/tokens.go
@ -1,65 +1,24 @@
 package nns
 import (
 	"math/big"
 	"strings"
 	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
 	client "git.frostfs.info/TrueCloudLab/frostfs-contract/rpcclient/nns"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/spf13/cobra"
 )
 const (
 	verboseDesc = "Include additional information about CNAME record."
 )
 func initTokensCmd() {
 	Cmd.AddCommand(tokensCmd)
 	tokensCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	tokensCmd.Flags().BoolP(commonflags.Verbose, commonflags.VerboseShorthand, false, verboseDesc)
+	tokensCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 func listTokens(cmd *cobra.Command, _ []string) {
-	c, _ := nnsReader(cmd)
+	c, _, _ := getRPCClient(cmd)
 	it, err := c.Tokens()
 	commonCmd.ExitOnErr(cmd, "unable to get tokens: %w", err)
 	for toks, err := it.Next(10); err == nil && len(toks) > 0; toks, err = it.Next(10) {
 		for _, token := range toks {
-			output := string(token)
+			cmd.Println(string(token))
 			if verbose, _ := cmd.Flags().GetBool(commonflags.Verbose); verbose {
 				cname, err := getCnameRecord(c, token)
 				commonCmd.ExitOnErr(cmd, "", err)
 				if cname != "" {
 					output += " (CNAME: " + cname + ")"
 				}
 			}
 			cmd.Println(output)
 		}
 	}
 }
 func getCnameRecord(c *client.ContractReader, token []byte) (string, error) {
 	items, err := c.GetRecords(string(token), big.NewInt(int64(nns.CNAME)))
 	// GetRecords returns the error "not an array" if the domain does not contain records.
 	if err != nil && strings.Contains(err.Error(), "not an array") {
 		return "", nil
 	}
 	if err != nil {
 		return "", err
 	}
 	if len(items) == 0 {
 		return "", nil
 	}
 	record, err := items[0].TryBytes()
 	if err != nil {
 		return "", err
 	}
 	return string(record), nil
 }
--- a/cmd/frostfs-adm/internal/modules/morph/nns/update.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/update.go
@ -30,7 +30,7 @@ func initUpdateCmd() {
 }
 func updateSOA(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
+	c, actor, _ := getRPCClient(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	email, _ := cmd.Flags().GetString(nnsEmailFlag)
--- a/cmd/frostfs-adm/internal/modules/morph/node/remove.go
+++ b/cmd/frostfs-adm/internal/modules/morph/node/remove.go
@ -37,7 +37,7 @@ func RemoveNodesCmd(cmd *cobra.Command, args []string) error {
 	defer wCtx.Close()
 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -53,7 +53,7 @@ func RemoveNodesCmd(cmd *cobra.Command, args []string) error {
 			int64(netmapcontract.NodeStateOffline), nodeKeys[i].Bytes())
 	}
-	if err := helper.EmitNewEpochCall(bw, wCtx, nmHash, 1); err != nil {
+	if err := helper.EmitNewEpochCall(bw, wCtx, nmHash); err != nil {
 		return err
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/notary/notary.go
+++ b/cmd/frostfs-adm/internal/modules/morph/notary/notary.go
@ -1,9 +1,9 @@
 package notary
 import (
 	"errors"
 	"fmt"
 	"math/big"
 	"strconv"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
@ -31,8 +31,6 @@ const (
 	notaryDepositTillFlag = "till"
 )
 var errInvalidNotaryDepositLifetime = errors.New("notary deposit lifetime must be a positive integer")
 func depositNotary(cmd *cobra.Command, _ []string) error {
 	w, err := openWallet(cmd)
 	if err != nil {
@ -40,8 +38,7 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 	}
 	accHash := w.GetChangeAddress()
-	addr, _ := cmd.Flags().GetString(walletAccountFlag)
+	if addr, err := cmd.Flags().GetString(walletAccountFlag); err == nil {
 	if addr != "" {
 		accHash, err = address.StringToUint160(addr)
 		if err != nil {
 			return fmt.Errorf("invalid address: %s", addr)
@ -53,7 +50,7 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("can't find account for %s", accHash)
 	}
-	prompt := fmt.Sprintf("Enter password for %s > ", address.Uint160ToString(accHash))
+	prompt := fmt.Sprintf("Enter password for %s >", address.Uint160ToString(accHash))
 	pass, err := input.ReadPassword(prompt)
 	if err != nil {
 		return fmt.Errorf("can't get password: %v", err)
@ -73,16 +70,23 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 		return err
 	}
-	till, _ := cmd.Flags().GetInt64(notaryDepositTillFlag)
+	till := int64(defaultNotaryDepositLifetime)
-	if till <= 0 {
+	tillStr, err := cmd.Flags().GetString(notaryDepositTillFlag)
-		return errInvalidNotaryDepositLifetime
+	if err != nil {
 		return err
 	}
 	if tillStr != "" {
 		till, err = strconv.ParseInt(tillStr, 10, 64)
 		if err != nil || till <= 0 {
 			return fmt.Errorf("notary deposit lifetime must be a positive integer")
 		}
 	}
 	return transferGas(cmd, acc, accHash, gasAmount, till)
 }
 func transferGas(cmd *cobra.Command, acc *wallet.Account, accHash util.Uint160, gasAmount fixedn.Fixed8, till int64) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return err
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/notary/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/notary/root.go
@ -20,7 +20,7 @@ func initDepositoryNotaryCmd() {
 	DepositCmd.Flags().String(commonflags.StorageWalletFlag, "", "Path to storage node wallet")
 	DepositCmd.Flags().String(walletAccountFlag, "", "Wallet account address")
 	DepositCmd.Flags().String(commonflags.RefillGasAmountFlag, "", "Amount of GAS to deposit")
-	DepositCmd.Flags().Int64(notaryDepositTillFlag, defaultNotaryDepositLifetime, "Notary deposit duration in blocks")
+	DepositCmd.Flags().String(notaryDepositTillFlag, "", "Notary deposit duration in blocks")
 }
 func init() {
--- a/cmd/frostfs-adm/internal/modules/morph/policy/policy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/policy/policy.go
@ -2,7 +2,6 @@ package policy
 import (
 	"bytes"
 	"errors"
 	"fmt"
 	"strconv"
 	"strings"
@ -25,19 +24,17 @@ const (
 	setFeeParam       = "FeePerByte"
 )
 var errInvalidParameterFormat = errors.New("invalid parameter format, must be Parameter=Value")
 func SetPolicyCmd(cmd *cobra.Command, args []string) error {
 	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
-		return fmt.Errorf("can't initialize context: %w", err)
+		return fmt.Errorf("can't to initialize context: %w", err)
 	}
 	bw := io.NewBufBinWriter()
 	for i := range args {
 		k, v, found := strings.Cut(args[i], "=")
 		if !found {
-			return errInvalidParameterFormat
+			return fmt.Errorf("invalid parameter format, must be Parameter=Value")
 		}
 		switch k {
@ -48,7 +45,7 @@ func SetPolicyCmd(cmd *cobra.Command, args []string) error {
 		value, err := strconv.ParseUint(v, 10, 32)
 		if err != nil {
-			return fmt.Errorf("can't parse parameter value '%s': %w", args[i], err)
+			return fmt.Errorf("can't parse parameter value '%s': %w", args[1], err)
 		}
 		emit.AppCall(bw.BinWriter, policy.Hash, "set"+k, callflag.All, int64(value))
@ -62,7 +59,7 @@ func SetPolicyCmd(cmd *cobra.Command, args []string) error {
 }
 func dumpPolicyCmd(cmd *cobra.Command, _ []string) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client:", err)
 	inv := invoker.New(c, nil)
--- a/cmd/frostfs-adm/internal/modules/morph/policy/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/policy/root.go
@ -16,7 +16,7 @@ var (
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		RunE: SetPolicyCmd,
-		ValidArgsFunction: func(_ *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {
+		ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 			return []string{"ExecFeeFactor=", "StoragePrice=", "FeePerByte="}, cobra.ShellCompDirectiveNoSpace
 		},
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/proxy/proxy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/proxy/proxy.go
@ -20,39 +20,30 @@ const (
 	accountAddressFlag = "account"
 )
 func parseAddresses(cmd *cobra.Command) []util.Uint160 {
 	var addrs []util.Uint160
 	accs, _ := cmd.Flags().GetStringArray(accountAddressFlag)
 	for _, acc := range accs {
 		addr, err := address.StringToUint160(acc)
 		commonCmd.ExitOnErr(cmd, "invalid account: %w", err)
 		addrs = append(addrs, addr)
 	}
 	return addrs
 }
 func addProxyAccount(cmd *cobra.Command, _ []string) {
-	addrs := parseAddresses(cmd)
+	acc, _ := cmd.Flags().GetString(accountAddressFlag)
-	err := processAccount(cmd, addrs, "addAccount")
+	addr, err := address.StringToUint160(acc)
 	commonCmd.ExitOnErr(cmd, "invalid account: %w", err)
 	err = processAccount(cmd, addr, "addAccount")
 	commonCmd.ExitOnErr(cmd, "processing error: %w", err)
 }
 func removeProxyAccount(cmd *cobra.Command, _ []string) {
-	addrs := parseAddresses(cmd)
+	acc, _ := cmd.Flags().GetString(accountAddressFlag)
-	err := processAccount(cmd, addrs, "removeAccount")
+	addr, err := address.StringToUint160(acc)
 	commonCmd.ExitOnErr(cmd, "invalid account: %w", err)
 	err = processAccount(cmd, addr, "removeAccount")
 	commonCmd.ExitOnErr(cmd, "processing error: %w", err)
 }
-func processAccount(cmd *cobra.Command, addrs []util.Uint160, method string) error {
+func processAccount(cmd *cobra.Command, addr util.Uint160, method string) error {
 	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
-		return fmt.Errorf("can't initialize context: %w", err)
+		return fmt.Errorf("can't to initialize context: %w", err)
 	}
 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -63,9 +54,7 @@ func processAccount(cmd *cobra.Command, addrs []util.Uint160, method string) err
 	}
 	bw := io.NewBufBinWriter()
-	for _, addr := range addrs {
+	emit.AppCall(bw.BinWriter, proxyHash, method, callflag.All, addr)
 		emit.AppCall(bw.BinWriter, proxyHash, method, callflag.All, addr)
 	}
 	if err := wCtx.SendConsensusTx(bw.Bytes()); err != nil {
 		return err
--- a/cmd/frostfs-adm/internal/modules/morph/proxy/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/proxy/root.go
@ -29,16 +29,12 @@ var (
 func initProxyAddAccount() {
 	AddAccountCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	AddAccountCmd.Flags().StringArray(accountAddressFlag, nil, "Wallet address string")
+	AddAccountCmd.Flags().String(accountAddressFlag, "", "Wallet address string")
 	_ = AddAccountCmd.MarkFlagRequired(accountAddressFlag)
 	AddAccountCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 func initProxyRemoveAccount() {
 	RemoveAccountCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	RemoveAccountCmd.Flags().StringArray(accountAddressFlag, nil, "Wallet address string")
+	RemoveAccountCmd.Flags().String(accountAddressFlag, "", "Wallet address string")
 	_ = AddAccountCmd.MarkFlagRequired(accountAddressFlag)
 	RemoveAccountCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 func init() {
--- a/cmd/frostfs-adm/internal/modules/root.go
+++ b/cmd/frostfs-adm/internal/modules/root.go
@ -5,7 +5,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/metabase"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/storagecfg"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/misc"
@ -42,7 +41,6 @@ func init() {
 	rootCmd.AddCommand(config.RootCmd)
 	rootCmd.AddCommand(morph.RootCmd)
 	rootCmd.AddCommand(storagecfg.RootCmd)
 	rootCmd.AddCommand(metabase.RootCmd)
 	rootCmd.AddCommand(autocomplete.Command("frostfs-adm"))
 	rootCmd.AddCommand(gendoc.Command(rootCmd, gendoc.Options{}))
--- a/cmd/frostfs-adm/internal/modules/storagecfg/config.go
+++ b/cmd/frostfs-adm/internal/modules/storagecfg/config.go
@ -61,8 +61,6 @@ storage:
          depth: 1  # max depth of object tree storage in key-value DB
          width: 4   # max width of object tree storage in key-value DB
          opened_cache_capacity: 50  # maximum number of opened database files
          opened_cache_ttl: 5m  # ttl for opened database file
          opened_cache_exp_interval: 15s  # cache cleanup interval for expired blobovnicza's
      gc:
        remover_batch_size: 200  # number of objects to be removed by the garbage collector
--- a/cmd/frostfs-adm/internal/modules/storagecfg/root.go
+++ b/cmd/frostfs-adm/internal/modules/storagecfg/root.go
@ -11,7 +11,6 @@ import (
 	"net/url"
 	"os"
 	"path/filepath"
 	"slices"
 	"strconv"
 	"strings"
 	"text/template"
@ -106,7 +105,7 @@ func storageConfig(cmd *cobra.Command, args []string) {
 		fatalOnErr(errors.New("can't find account in wallet"))
 	}
-	c.Wallet.Password, err = input.ReadPassword(fmt.Sprintf("Enter password for %s > ", c.Wallet.Account))
+	c.Wallet.Password, err = input.ReadPassword(fmt.Sprintf("Account password for %s: ", c.Wallet.Account))
 	fatalOnErr(err)
 	err = acc.Decrypt(c.Wallet.Password, keys.NEP2ScryptParams())
@ -411,7 +410,8 @@ func initClient(rpc []string) *rpcclient.Client {
 	var c *rpcclient.Client
 	var err error
-	shuffled := slices.Clone(rpc)
+	shuffled := make([]string, len(rpc))
 	copy(shuffled, rpc)
 	rand.Shuffle(len(shuffled), func(i, j int) { shuffled[i], shuffled[j] = shuffled[j], shuffled[i] })
 	for _, endpoint := range shuffled {
--- a/cmd/frostfs-cli/docs/sessions.md
+++ b/cmd/frostfs-cli/docs/sessions.md
@ -72,3 +72,4 @@ All other `object` sub-commands support only static sessions (2).
 List of commands supporting sessions (static only):
 - `create`
 - `delete`
 - `set-eacl`
--- a/cmd/frostfs-cli/internal/client/client.go
+++ b/cmd/frostfs-cli/internal/client/client.go
@ -2,27 +2,25 @@ package internal
 import (
 	"bytes"
 	"cmp"
 	"context"
 	"errors"
 	"fmt"
 	"io"
-	"os"
+	"sort"
-	"slices"
+	"strings"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/accounting"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/checksum"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	containerSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 	objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/version"
 )
 var errMissingHeaderInResponse = errors.New("missing header in response")
 // BalanceOfPrm groups parameters of BalanceOf operation.
 type BalanceOfPrm struct {
 	commonPrm
@ -76,29 +74,13 @@ func ListContainers(ctx context.Context, prm ListContainersPrm) (res ListContain
 // SortedIDList returns sorted list of identifiers of user's containers.
 func (x ListContainersRes) SortedIDList() []cid.ID {
 	list := x.cliRes.Containers()
-	slices.SortFunc(list, cid.ID.Cmp)
+	sort.Slice(list, func(i, j int) bool {
 		lhs, rhs := list[i].EncodeToString(), list[j].EncodeToString()
 		return strings.Compare(lhs, rhs) < 0
 	})
 	return list
 }
 func ListContainersStream(ctx context.Context, prm ListContainersPrm, processCnr func(id cid.ID) bool) (err error) {
 	cliPrm := &client.PrmContainerListStream{
 		XHeaders: prm.XHeaders,
 		OwnerID:  prm.OwnerID,
 		Session:  prm.Session,
 	}
 	rdr, err := prm.cli.ContainerListInit(ctx, *cliPrm)
 	if err != nil {
 		return fmt.Errorf("init container list: %w", err)
 	}
 	err = rdr.Iterate(processCnr)
 	if err != nil {
 		return fmt.Errorf("read container list: %w", err)
 	}
 	return
 }
 // PutContainerPrm groups parameters of PutContainer operation.
 type PutContainerPrm struct {
 	Client       *client.Client
@ -205,6 +187,54 @@ func DeleteContainer(ctx context.Context, prm DeleteContainerPrm) (res DeleteCon
 	return
 }
 // EACLPrm groups parameters of EACL operation.
 type EACLPrm struct {
 	Client       *client.Client
 	ClientParams client.PrmContainerEACL
 }
 // EACLRes groups the resulting values of EACL operation.
 type EACLRes struct {
 	cliRes *client.ResContainerEACL
 }
 // EACL returns requested eACL table.
 func (x EACLRes) EACL() eacl.Table {
 	return x.cliRes.Table()
 }
 // EACL reads eACL table from FrostFS by container ID.
 //
 // Returns any error which prevented the operation from completing correctly in error return.
 func EACL(ctx context.Context, prm EACLPrm) (res EACLRes, err error) {
 	res.cliRes, err = prm.Client.ContainerEACL(ctx, prm.ClientParams)
 	return
 }
 // SetEACLPrm groups parameters of SetEACL operation.
 type SetEACLPrm struct {
 	Client       *client.Client
 	ClientParams client.PrmContainerSetEACL
 }
 // SetEACLRes groups the resulting values of SetEACL operation.
 type SetEACLRes struct{}
 // SetEACL requests to save an eACL table in FrostFS.
 //
 // Operation is asynchronous and no guaranteed even in the absence of errors.
 // The required time is also not predictable.
 //
 // Success can be verified by reading by container identifier.
 //
 // Returns any error which prevented the operation from completing correctly in error return.
 func SetEACL(ctx context.Context, prm SetEACLPrm) (res SetEACLRes, err error) {
 	_, err = prm.Client.ContainerSetEACL(ctx, prm.ClientParams)
 	return
 }
 // NetworkInfoPrm groups parameters of NetworkInfo operation.
 type NetworkInfoPrm struct {
 	Client       *client.Client
@ -323,7 +353,7 @@ type PutObjectPrm struct {
 	rdr io.Reader
-	headerCallback func()
+	headerCallback func(*objectSDK.Object)
 	prepareLocally bool
 }
@ -340,7 +370,7 @@ func (x *PutObjectPrm) SetPayloadReader(rdr io.Reader) {
 // SetHeaderCallback sets callback which is called on the object after the header is received
 // but before the payload is written.
-func (x *PutObjectPrm) SetHeaderCallback(f func()) {
+func (x *PutObjectPrm) SetHeaderCallback(f func(*objectSDK.Object)) {
 	x.headerCallback = f
 }
@ -409,7 +439,7 @@ func PutObject(ctx context.Context, prm PutObjectPrm) (*PutObjectRes, error) {
 	if wrt.WriteHeader(ctx, *prm.hdr) {
 		if prm.headerCallback != nil {
-			prm.headerCallback()
+			prm.headerCallback(prm.hdr)
 		}
 		sz := prm.hdr.PayloadSize()
@ -579,6 +609,13 @@ type HeadObjectPrm struct {
 	commonObjectPrm
 	objectAddressPrm
 	rawPrm
 	mainOnly bool
 }
 // SetMainOnlyFlag sets flag to get only main fields of an object header in terms of FrostFS API.
 func (x *HeadObjectPrm) SetMainOnlyFlag(v bool) {
 	x.mainOnly = v
 }
 // HeadObjectRes groups the resulting values of HeadObject operation.
@ -617,7 +654,7 @@ func HeadObject(ctx context.Context, prm HeadObjectPrm) (*HeadObjectRes, error)
 	var hdr objectSDK.Object
 	if !res.ReadHeader(&hdr) {
-		return nil, errMissingHeaderInResponse
+		return nil, fmt.Errorf("missing header in response")
 	}
 	return &HeadObjectRes{
@ -673,7 +710,9 @@ func SearchObjects(ctx context.Context, prm SearchObjectsPrm) (*SearchObjectsRes
 	for {
 		n, ok = rdr.Read(buf)
-		list = append(list, buf[:n]...)
+		for i := 0; i < n; i++ {
 			list = append(list, buf[i])
 		}
 		if !ok {
 			break
 		}
@ -684,7 +723,10 @@ func SearchObjects(ctx context.Context, prm SearchObjectsPrm) (*SearchObjectsRes
 		return nil, fmt.Errorf("read object list: %w", err)
 	}
-	slices.SortFunc(list, oid.ID.Cmp)
+	sort.Slice(list, func(i, j int) bool {
 		lhs, rhs := list[i].EncodeToString(), list[j].EncodeToString()
 		return strings.Compare(lhs, rhs) < 0
 	})
 	return &SearchObjectsRes{
 		ids: list,
@ -848,65 +890,3 @@ func SyncContainerSettings(ctx context.Context, prm SyncContainerPrm) (*SyncCont
 	return new(SyncContainerRes), nil
 }
 // PatchObjectPrm groups parameters of PatchObject operation.
 type PatchObjectPrm struct {
 	commonObjectPrm
 	objectAddressPrm
 	NewAttributes []objectSDK.Attribute
 	ReplaceAttribute bool
 	PayloadPatches []PayloadPatch
 }
 type PayloadPatch struct {
 	Range objectSDK.Range
 	PayloadPath string
 }
 type PatchRes struct {
 	OID oid.ID
 }
 func Patch(ctx context.Context, prm PatchObjectPrm) (*PatchRes, error) {
 	patchPrm := client.PrmObjectPatch{
 		XHeaders:    prm.xHeaders,
 		BearerToken: prm.bearerToken,
 		Session:     prm.sessionToken,
 		Address:     prm.objAddr,
 	}
 	slices.SortFunc(prm.PayloadPatches, func(a, b PayloadPatch) int {
 		return cmp.Compare(a.Range.GetOffset(), b.Range.GetOffset())
 	})
 	patcher, err := prm.cli.ObjectPatchInit(ctx, patchPrm)
 	if err != nil {
 		return nil, fmt.Errorf("init payload reading: %w", err)
 	}
 	if patcher.PatchAttributes(ctx, prm.NewAttributes, prm.ReplaceAttribute) {
 		for _, pp := range prm.PayloadPatches {
 			payloadFile, err := os.OpenFile(pp.PayloadPath, os.O_RDONLY, os.ModePerm)
 			if err != nil {
 				return nil, err
 			}
 			applied := patcher.PatchPayload(ctx, &pp.Range, payloadFile)
 			_ = payloadFile.Close()
 			if !applied {
 				break
 			}
 		}
 	}
 	res, err := patcher.Close(ctx)
 	if err != nil {
 		return nil, err
 	}
 	return &PatchRes{
 		OID: res.ObjectID(),
 	}, nil
 }
--- a/cmd/frostfs-cli/internal/client/sdk.go
+++ b/cmd/frostfs-cli/internal/client/sdk.go
@ -58,7 +58,6 @@ func GetSDKClient(ctx context.Context, cmd *cobra.Command, key *ecdsa.PrivateKey
 		GRPCDialOptions: []grpc.DialOption{
 			grpc.WithChainUnaryInterceptor(tracing.NewUnaryClientInteceptor()),
 			grpc.WithChainStreamInterceptor(tracing.NewStreamClientInterceptor()),
 			grpc.WithDefaultCallOptions(grpc.WaitForReady(true)),
 		},
 	}
 	if timeout := viper.GetDuration(commonflags.Timeout); timeout > 0 {
--- a/cmd/frostfs-cli/internal/common/tracing.go
+++ b/cmd/frostfs-cli/internal/common/tracing.go
@ -2,7 +2,7 @@ package common
 import (
 	"context"
-	"slices"
+	"sort"
 	"strings"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
@ -45,11 +45,15 @@ func StartClientCommandSpan(cmd *cobra.Command) {
 	})
 	commonCmd.ExitOnErr(cmd, "init tracing: %w", err)
-	var components []string
+	var components sort.StringSlice
 	for c := cmd; c != nil; c = c.Parent() {
 		components = append(components, c.Name())
 	}
-	slices.Reverse(components)
+	for i, j := 0, len(components)-1; i < j; {
 		components.Swap(i, j)
 		i++
 		j--
 	}
 	operation := strings.Join(components, ".")
 	ctx, span := tracing.StartSpanFromContext(cmd.Context(), operation)
--- a/cmd/frostfs-cli/internal/commonflags/flags.go
+++ b/cmd/frostfs-cli/internal/commonflags/flags.go
@ -11,9 +11,9 @@ import (
 // values and their usage descriptions.
 const (
 	GenerateKey          = "generate-key"
-	GenerateKeyShorthand = "g"
+	generateKeyShorthand = "g"
-	GenerateKeyDefault   = false
+	generateKeyDefault   = false
-	GenerateKeyUsage     = "Generate new private key"
+	generateKeyUsage     = "Generate new private key"
 	WalletPath          = "wallet"
 	WalletPathShorthand = "w"
@ -50,13 +50,6 @@ const (
 	TracingFlag      = "trace"
 	TracingFlagUsage = "Generate trace ID and print it."
 	AwaitFlag      = "await"
 	AwaitFlagUsage = "Wait for the operation to complete"
 	QuietFlag          = "quiet"
 	QuietFlagShorthand = "q"
 	QuietFlagUsage     = "Print nothing and exit with non-zero code on failure"
 )
 // Init adds common flags to the command:
@ -79,7 +72,7 @@ func Init(cmd *cobra.Command) {
 func InitWithoutRPC(cmd *cobra.Command) {
 	ff := cmd.Flags()
-	ff.BoolP(GenerateKey, GenerateKeyShorthand, GenerateKeyDefault, GenerateKeyUsage)
+	ff.BoolP(GenerateKey, generateKeyShorthand, generateKeyDefault, generateKeyUsage)
 	ff.StringP(WalletPath, WalletPathShorthand, WalletPathDefault, WalletPathUsage)
 	ff.StringP(Account, AccountShorthand, AccountDefault, AccountUsage)
 }
--- a/cmd/frostfs-cli/internal/key/key_test.go
+++ b/cmd/frostfs-cli/internal/key/key_test.go
@ -24,8 +24,6 @@ var testCmd = &cobra.Command{
 }
 func Test_getOrGenerate(t *testing.T) {
 	t.Cleanup(viper.Reset)
 	dir := t.TempDir()
 	wallPath := filepath.Join(dir, "wallet.json")
--- a/cmd/frostfs-cli/modules/accounting/balance.go
+++ b/cmd/frostfs-cli/modules/accounting/balance.go
@ -23,7 +23,7 @@ var accountingBalanceCmd = &cobra.Command{
 	Use:   "balance",
 	Short: "Get internal balance of FrostFS account",
 	Long:  `Get internal balance of FrostFS account`,
-	Run: func(cmd *cobra.Command, _ []string) {
+	Run: func(cmd *cobra.Command, args []string) {
 		var idUser user.ID
 		pk := key.GetOrGenerate(cmd)
--- a/cmd/frostfs-cli/modules/accounting/root.go
+++ b/cmd/frostfs-cli/modules/accounting/root.go
@ -11,7 +11,7 @@ var Cmd = &cobra.Command{
 	Use:   "accounting",
 	Short: "Operations with accounts and balances",
 	Long:  `Operations with accounts and balances`,
-	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
+	PersistentPreRun: func(cmd *cobra.Command, args []string) {
 		flags := cmd.Flags()
 		_ = viper.BindPFlag(commonflags.WalletPath, flags.Lookup(commonflags.WalletPath))
--- a/cmd/frostfs-cli/modules/ape_manager/add_chain.go
+++ b/cmd/frostfs-cli/modules/ape_manager/add_chain.go
@ -1,86 +0,0 @@
 package apemanager
 import (
 	"fmt"
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	apeSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
 	client_sdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 	"github.com/spf13/cobra"
 )
 var addCmd = &cobra.Command{
 	Use:   "add",
 	Short: "Add rule chain for a target",
 	Run:   add,
 	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
 		commonflags.Bind(cmd)
 	},
 }
 func parseTarget(cmd *cobra.Command) (ct apeSDK.ChainTarget) {
 	t := apeCmd.ParseTarget(cmd)
 	ct.Name = t.Name
 	switch t.Type {
 	case engine.Namespace:
 		ct.TargetType = apeSDK.TargetTypeNamespace
 	case engine.Container:
 		ct.TargetType = apeSDK.TargetTypeContainer
 	case engine.User:
 		ct.TargetType = apeSDK.TargetTypeUser
 	case engine.Group:
 		ct.TargetType = apeSDK.TargetTypeGroup
 	default:
 		commonCmd.ExitOnErr(cmd, "conversion error: %w", fmt.Errorf("unknown type '%c'", t.Type))
 	}
 	return ct
 }
 func parseChain(cmd *cobra.Command) apeSDK.Chain {
 	c := apeCmd.ParseChain(cmd)
 	serialized := c.Bytes()
 	return apeSDK.Chain{
 		Raw: serialized,
 	}
 }
 func add(cmd *cobra.Command, _ []string) {
 	c := parseChain(cmd)
 	target := parseTarget(cmd)
 	key := key.Get(cmd)
 	cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
 	res, err := cli.APEManagerAddChain(cmd.Context(), client_sdk.PrmAPEManagerAddChain{
 		ChainTarget: target,
 		Chain:       c,
 	})
 	commonCmd.ExitOnErr(cmd, "add chain error: %w", err)
 	cmd.Println("Rule has been added.")
 	cmd.Println("Chain ID: ", string(res.ChainID))
 }
 func initAddCmd() {
 	commonflags.Init(addCmd)
 	ff := addCmd.Flags()
 	ff.StringArray(apeCmd.RuleFlag, []string{}, apeCmd.RuleFlagDesc)
 	ff.String(apeCmd.PathFlag, "", apeCmd.PathFlagDesc)
 	ff.String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
 	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
 	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
 	_ = addCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
 	ff.Bool(apeCmd.ChainIDHexFlag, false, apeCmd.ChainIDHexFlagDesc)
 	addCmd.MarkFlagsMutuallyExclusive(apeCmd.PathFlag, apeCmd.RuleFlag)
 }
--- a/cmd/frostfs-cli/modules/ape_manager/list_chain.go
+++ b/cmd/frostfs-cli/modules/ape_manager/list_chain.go
@ -1,49 +0,0 @@
 package apemanager
 import (
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	client_sdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	"github.com/spf13/cobra"
 )
 var listCmd = &cobra.Command{
 	Use:   "list",
 	Short: "List rule chains defined on target",
 	Run:   list,
 	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
 		commonflags.Bind(cmd)
 	},
 }
 func list(cmd *cobra.Command, _ []string) {
 	target := parseTarget(cmd)
 	key := key.Get(cmd)
 	cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
 	resp, err := cli.APEManagerListChains(cmd.Context(),
 		client_sdk.PrmAPEManagerListChains{
 			ChainTarget: target,
 		})
 	commonCmd.ExitOnErr(cmd, "list chains call error: %w", err)
 	for _, respChain := range resp.Chains {
 		var chain apechain.Chain
 		commonCmd.ExitOnErr(cmd, "decode error: %w", chain.DecodeBytes(respChain.Raw))
 		apeCmd.PrintHumanReadableAPEChain(cmd, &chain)
 	}
 }
 func initListCmd() {
 	commonflags.Init(listCmd)
 	ff := listCmd.Flags()
 	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
 	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
 	_ = listCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
 }
--- a/cmd/frostfs-cli/modules/ape_manager/remove_chain.go
+++ b/cmd/frostfs-cli/modules/ape_manager/remove_chain.go
@ -1,51 +0,0 @@
 package apemanager
 import (
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	client_sdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	"github.com/spf13/cobra"
 )
 var removeCmd = &cobra.Command{
 	Use:   "remove",
 	Short: "Remove rule chain for a target",
 	Run:   remove,
 	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
 		commonflags.Bind(cmd)
 	},
 }
 func remove(cmd *cobra.Command, _ []string) {
 	target := parseTarget(cmd)
 	key := key.Get(cmd)
 	cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
 	chainID := apeCmd.ParseChainID(cmd)
 	chainIDRaw := []byte(chainID)
 	_, err := cli.APEManagerRemoveChain(cmd.Context(), client_sdk.PrmAPEManagerRemoveChain{
 		ChainTarget: target,
 		ChainID:     chainIDRaw,
 	})
 	commonCmd.ExitOnErr(cmd, "remove chain error: %w", err)
 	cmd.Println("\nRule has been removed.")
 }
 func initRemoveCmd() {
 	commonflags.Init(removeCmd)
 	ff := removeCmd.Flags()
 	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
 	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
 	_ = removeCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
 	ff.String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
 	_ = removeCmd.MarkFlagRequired(apeCmd.ChainIDFlag)
 	ff.Bool(apeCmd.ChainIDHexFlag, false, apeCmd.ChainIDHexFlagDesc)
 }
--- a/cmd/frostfs-cli/modules/ape_manager/root.go
+++ b/cmd/frostfs-cli/modules/ape_manager/root.go
@ -1,21 +0,0 @@
 package apemanager
 import (
 	"github.com/spf13/cobra"
 )
 var Cmd = &cobra.Command{
 	Use:   "ape-manager",
 	Short: "Operations with APE manager",
 	Long:  `Operations with APE manager`,
 }
 func init() {
 	Cmd.AddCommand(addCmd)
 	Cmd.AddCommand(removeCmd)
 	Cmd.AddCommand(listCmd)
 	initAddCmd()
 	initRemoveCmd()
 	initListCmd()
 }
--- a/cmd/frostfs-cli/modules/bearer/create.go
+++ b/cmd/frostfs-cli/modules/bearer/create.go
@ -15,12 +15,10 @@ import (
 	eaclSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 const (
 	eaclFlag           = "eacl"
 	apeFlag            = "ape"
 	issuedAtFlag       = "issued-at"
 	notValidBeforeFlag = "not-valid-before"
 	ownerFlag          = "owner"
@ -39,17 +37,10 @@ In this case --` + commonflags.RPC + ` flag should be specified and the epoch in
 is set to current epoch + n.
 `,
 	Run: createToken,
 	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
 		ff := cmd.Flags()
 		_ = viper.BindPFlag(commonflags.WalletPath, ff.Lookup(commonflags.WalletPath))
 		_ = viper.BindPFlag(commonflags.Account, ff.Lookup(commonflags.Account))
 	},
 }
 func init() {
-	createCmd.Flags().StringP(eaclFlag, "e", "", "Path to the extended ACL table (mutually exclusive with --impersonate and --ape flag)")
+	createCmd.Flags().StringP(eaclFlag, "e", "", "Path to the extended ACL table (mutually exclusive with --impersonate flag)")
 	createCmd.Flags().StringP(apeFlag, "a", "", "Path to the JSON-encoded APE override (mutually exclusive with --impersonate and --eacl flag)")
 	createCmd.Flags().StringP(issuedAtFlag, "i", "+0", "Epoch to issue token at")
 	createCmd.Flags().StringP(notValidBeforeFlag, "n", "+0", "Not valid before epoch")
 	createCmd.Flags().StringP(commonflags.ExpireAt, "x", "", "The last active epoch for the token")
@ -58,15 +49,13 @@ func init() {
 	createCmd.Flags().Bool(jsonFlag, false, "Output token in JSON")
 	createCmd.Flags().Bool(impersonateFlag, false, "Mark token as impersonate to consider the token signer as the request owner (mutually exclusive with --eacl flag)")
 	createCmd.Flags().StringP(commonflags.RPC, commonflags.RPCShorthand, commonflags.RPCDefault, commonflags.RPCUsage)
 	createCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, commonflags.WalletPathDefault, commonflags.WalletPathUsage)
 	createCmd.Flags().StringP(commonflags.Account, commonflags.AccountShorthand, commonflags.AccountDefault, commonflags.AccountUsage)
-	createCmd.MarkFlagsMutuallyExclusive(eaclFlag, apeFlag, impersonateFlag)
+	createCmd.MarkFlagsMutuallyExclusive(eaclFlag, impersonateFlag)
 	_ = cobra.MarkFlagFilename(createCmd.Flags(), eaclFlag)
 	_ = cobra.MarkFlagFilename(createCmd.Flags(), apeFlag)
 	_ = cobra.MarkFlagRequired(createCmd.Flags(), commonflags.ExpireAt)
 	_ = cobra.MarkFlagRequired(createCmd.Flags(), ownerFlag)
 	_ = cobra.MarkFlagRequired(createCmd.Flags(), outFlag)
 }
@ -107,16 +96,16 @@ func createToken(cmd *cobra.Command, _ []string) {
 			fmt.Errorf("expiration epoch is less than not-valid-before epoch: %d < %d", exp, nvb))
 	}
 	ownerStr, _ := cmd.Flags().GetString(ownerFlag)
 	var ownerID user.ID
 	commonCmd.ExitOnErr(cmd, "can't parse recipient: %w", ownerID.DecodeString(ownerStr))
 	var b bearer.Token
 	b.SetExp(exp)
 	b.SetNbf(nvb)
 	b.SetIat(iat)
-
+	b.ForUser(ownerID)
 	if ownerStr, _ := cmd.Flags().GetString(ownerFlag); ownerStr != "" {
 		var ownerID user.ID
 		commonCmd.ExitOnErr(cmd, "can't parse recipient: %w", ownerID.DecodeString(ownerStr))
 		b.ForUser(ownerID)
 	}
 	impersonate, _ := cmd.Flags().GetBool(impersonateFlag)
 	b.SetImpersonate(impersonate)
@ -130,14 +119,6 @@ func createToken(cmd *cobra.Command, _ []string) {
 		b.SetEACLTable(*table)
 	}
 	apePath, _ := cmd.Flags().GetString(apeFlag)
 	if apePath != "" {
 		var apeOverride bearer.APEOverride
 		raw, err := os.ReadFile(apePath)
 		commonCmd.ExitOnErr(cmd, "can't read APE rules: %w", err)
 		commonCmd.ExitOnErr(cmd, "can't parse APE rules: %w", json.Unmarshal(raw, &apeOverride))
 		b.SetAPEOverride(apeOverride)
 	}
 	var data []byte
 	toJSON, _ := cmd.Flags().GetBool(jsonFlag)
--- a/cmd/frostfs-cli/modules/bearer/generate_override.go
+++ b/cmd/frostfs-cli/modules/bearer/generate_override.go
@ -1,76 +0,0 @@
 package bearer
 import (
 	"fmt"
 	"os"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	apeSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	cidSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"github.com/spf13/cobra"
 )
 const (
 	outputFlag = "output"
 )
 var generateAPEOverrideCmd = &cobra.Command{
 	Use:   "generate-ape-override",
 	Short: "Generate APE override.",
 	Long: `Generate APE override by target and APE chains. Util command.
 Generated APE override can be dumped to a file in JSON format that is passed to
 "create" command.
 `,
 	Run: genereateAPEOverride,
 }
 func genereateAPEOverride(cmd *cobra.Command, _ []string) {
 	c := apeCmd.ParseChain(cmd)
 	targetCID, _ := cmd.Flags().GetString(commonflags.CIDFlag)
 	var cid cidSDK.ID
 	commonCmd.ExitOnErr(cmd, "invalid cid format: %w", cid.DecodeString(targetCID))
 	override := &bearer.APEOverride{
 		Target: apeSDK.ChainTarget{
 			TargetType: apeSDK.TargetTypeContainer,
 			Name:       targetCID,
 		},
 		Chains: []apeSDK.Chain{
 			{
 				Raw: c.Bytes(),
 			},
 		},
 	}
 	overrideMarshalled, err := override.MarshalJSON()
 	commonCmd.ExitOnErr(cmd, "failed to marshal APE override: %w", err)
 	outputPath, _ := cmd.Flags().GetString(outputFlag)
 	if outputPath != "" {
 		err := os.WriteFile(outputPath, overrideMarshalled, 0o644)
 		commonCmd.ExitOnErr(cmd, "dump error: %w", err)
 	} else {
 		fmt.Print("\n")
 		fmt.Println(string(overrideMarshalled))
 	}
 }
 func init() {
 	ff := generateAPEOverrideCmd.Flags()
 	ff.StringP(commonflags.CIDFlag, "", "", "Target container ID.")
 	_ = cobra.MarkFlagRequired(createCmd.Flags(), commonflags.CIDFlag)
 	ff.StringArray(apeCmd.RuleFlag, []string{}, "Rule statement")
 	ff.String(apeCmd.PathFlag, "", "Path to encoded chain in JSON or binary format")
 	ff.String(apeCmd.ChainIDFlag, "", "Assign ID to the parsed chain")
 	ff.Bool(apeCmd.ChainIDHexFlag, false, "Flag to parse chain ID as hex")
 	ff.String(outputFlag, "", "Output path to dump result JSON-encoded APE override")
 	_ = cobra.MarkFlagFilename(createCmd.Flags(), outputFlag)
 }
--- a/cmd/frostfs-cli/modules/bearer/root.go
+++ b/cmd/frostfs-cli/modules/bearer/root.go
@ -11,5 +11,4 @@ var Cmd = &cobra.Command{
 func init() {
 	Cmd.AddCommand(createCmd)
 	Cmd.AddCommand(generateAPEOverrideCmd)
 }
--- a/Show more
+++ b/Show more
`@ -1,4 +1,4 @@`
	`FROM golang:1.23`	`FROM golang:1.21`

	`WORKDIR /tmp`	`WORKDIR /tmp`