[#951 ] adm: Check for error when reading contracts from archive

Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2024-06-06 15:25:51 +03:00
592 changed files with 9278 additions and 16849 deletions
--- a/.docker/Dockerfile.adm
+++ b/.docker/Dockerfile.adm
@ -1,4 +1,4 @@
-FROM golang:1.22 AS builder
+FROM golang:1.22 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.docker/Dockerfile.cli
+++ b/.docker/Dockerfile.cli
@ -1,4 +1,4 @@
-FROM golang:1.22 AS builder
+FROM golang:1.22 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.docker/Dockerfile.ir
+++ b/.docker/Dockerfile.ir
@ -1,4 +1,4 @@
-FROM golang:1.22 AS builder
+FROM golang:1.22 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.docker/Dockerfile.storage
+++ b/.docker/Dockerfile.storage
@ -1,4 +1,4 @@
-FROM golang:1.22 AS builder
+FROM golang:1.22 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.forgejo/workflows/build.yml
+++ b/.forgejo/workflows/build.yml
@ -8,7 +8,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        go_versions: [ '1.22', '1.23' ]
+        go_versions: [ '1.21', '1.22' ]

    steps:
      - uses: actions/checkout@v3
--- a/.forgejo/workflows/pre-commit.yml
+++ b/.forgejo/workflows/pre-commit.yml
@ -9,14 +9,14 @@ jobs:
      SKIP: make-lint,go-staticcheck-repo-mod,go-unit-tests,gofumpt
    runs-on: ubuntu-22.04
    # If we use actions/setup-python from either Github or Gitea,
-    # the line above fails with a cryptic error about not being able to find python.
+    # the line above fails with a cryptic error about not being able to found python.
    # So install everything manually.
    steps:
      - uses: actions/checkout@v3
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: 1.23
+          go-version: 1.22
      - name: Set up Python
        run: |
          apt update
--- a/.forgejo/workflows/tests.yml
+++ b/.forgejo/workflows/tests.yml
@ -11,7 +11,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.23'
+          go-version: '1.22'
          cache: true

      - name: Install linters
@ -25,7 +25,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        go_versions: [ '1.22', '1.23' ]
+        go_versions: [ '1.21', '1.22' ]
      fail-fast: false
    steps:
      - uses: actions/checkout@v3
@ -48,7 +48,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.22'
+          go-version: '1.21'
          cache: true

      - name: Run tests
@ -63,7 +63,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.23'
+          go-version: '1.22'
          cache: true

      - name: Install staticcheck
@ -81,7 +81,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.22'
+          go-version: '1.21'
          cache: true

      - name: Install gopls
@ -89,23 +89,3 @@ jobs:

      - name: Run gopls
        run: make gopls-run
-
-  fumpt:
-    name: Run gofumpt
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: '1.23'
-          cache: true
-
-      - name: Install gofumpt
-        run: make fumpt-install
-
-      - name: Run gofumpt
-        run: |
-          make fumpt
-          git diff --exit-code --quiet
--- a/.forgejo/workflows/vulncheck.yml
+++ b/.forgejo/workflows/vulncheck.yml
@ -13,7 +13,7 @@ jobs:
      - name: Setup Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.23'
+          go-version: '1.22'

      - name: Install govulncheck
        run: go install golang.org/x/vuln/cmd/govulncheck@latest
--- a/.golangci.yml
+++ b/.golangci.yml
@ -12,8 +12,7 @@ run:
 # output configuration options
 output:
  # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
-  formats:
-    - format: tab
+  format: tab

 # all available settings of specific linters
 linters-settings:
@ -38,10 +37,6 @@ linters-settings:
    alias:
      pkg: git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object
      alias: objectSDK
-  unused:
-    field-writes-are-uses: false
-    exported-fields-are-used: false
-    local-variables-are-used: false
  custom:
    truecloudlab-linters:
      path: bin/linters/external_linters.so
@ -71,7 +66,7 @@ linters:
    - bidichk
    - durationcheck
    - exhaustive
-    - copyloopvar
+    - exportloopref
    - gofmt
    - goimports
    - misspell
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,41 +9,6 @@ Changelog for FrostFS Node
 ### Removed
 ### Updated

-## [v0.42.0]
-
-### Added
- Add audit logs for gRPC requests (#1184)
- Add CLI command to convert eACL to APE (#1189)
- Add `--await` flag to `control set-status` (#60)
- `app_info` metric for binary version (#1154)
- `--quiet` flag for healthcheck command (#1209)
-
-### Changed
- Deprecate Container.SetEACL RPC (#1219)
-
-### Fixed
- Take groups into account during APE processing (#1190)
- Handle double SIGHUP correctly (#1145)
- Handle empty filenames in tree listing (#1074)
- Handle duplicate tree nodes in the split-brain scenario (#1234, #1251)
- Remove APE pre-check in Object.GET/HEAD/RANGE RPC (#1249)
- Delete EC gc marks and split info (#1257)
- Do not search for non-existent objects on deletion (#1261)
-
-### Updated
- Make putting EC chunks more robust (#1233)
-
-## [v0.41.0]
-
-### Added
- Support mTLS for morph client (#1170)
-
-### Fixed
- Update shard state metric during shard init (#1174)
- Handle ENOSPC in blobovnicza (#1166)
- Handle multiple split-infos for EC objects (#1163)
- Set `Disabled` mode as the default for components (#1168)
-
 ## [v0.40.0]

 ### Added
--- a/33
+++ b/33
@ -4,19 +4,20 @@ SHELL = bash
 REPO ?= $(shell go list -m)
 VERSION ?= $(shell git describe --tags --dirty --match "v*" --always --abbrev=8 2>/dev/null || cat VERSION 2>/dev/null || echo "develop")

-HUB_IMAGE ?= git.frostfs.info/truecloudlab/frostfs
+HUB_IMAGE ?= truecloudlab/frostfs
 HUB_TAG ?= "$(shell echo ${VERSION} | sed 's/^v//')"

 GO_VERSION ?= 1.22
-LINT_VERSION ?= 1.60.3
-TRUECLOUDLAB_LINT_VERSION ?= 0.0.7
+LINT_VERSION ?= 1.56.1
+TRUECLOUDLAB_LINT_VERSION ?= 0.0.5
 PROTOC_VERSION ?= 25.0
+PROTOC_GEN_GO_VERSION ?= $(shell go list -f '{{.Version}}' -m google.golang.org/protobuf)
 PROTOGEN_FROSTFS_VERSION ?= $(shell go list -f '{{.Version}}' -m git.frostfs.info/TrueCloudLab/frostfs-api-go/v2)
 PROTOC_OS_VERSION=osx-x86_64
 ifeq ($(shell uname), Linux)
 	PROTOC_OS_VERSION=linux-x86_64
 endif
-STATICCHECK_VERSION ?= 2024.1.1
+STATICCHECK_VERSION ?= 2023.1.6
 ARCH = amd64

 BIN = bin
@ -38,16 +39,13 @@ LINT_DIR = $(OUTPUT_LINT_DIR)/golangci-lint-$(LINT_VERSION)-v$(TRUECLOUDLAB_LINT
 TMP_DIR := .cache
 PROTOBUF_DIR ?= $(abspath $(BIN))/protobuf
 PROTOC_DIR ?= $(PROTOBUF_DIR)/protoc-v$(PROTOC_VERSION)
+PROTOC_GEN_GO_DIR ?= $(PROTOBUF_DIR)/protoc-gen-go-$(PROTOC_GEN_GO_VERSION)
 PROTOGEN_FROSTFS_DIR ?= $(PROTOBUF_DIR)/protogen-$(PROTOGEN_FROSTFS_VERSION)
 STATICCHECK_DIR ?= $(abspath $(BIN))/staticcheck
 STATICCHECK_VERSION_DIR ?= $(STATICCHECK_DIR)/$(STATICCHECK_VERSION)

 SOURCES = $(shell find . -type f -name "*.go" -print)

-GOFUMPT_VERSION ?= v0.7.0
-GOFUMPT_DIR ?= $(abspath $(BIN))/gofumpt
-GOFUMPT_VERSION_DIR ?= $(GOFUMPT_DIR)/$(GOFUMPT_VERSION)
-
 GOPLS_VERSION ?= v0.15.1
 GOPLS_DIR ?= $(abspath $(BIN))/gopls
 GOPLS_VERSION_DIR ?= $(GOPLS_DIR)/$(GOPLS_VERSION)
@ -105,15 +103,17 @@ export-metrics: dep

 # Regenerate proto files:
 protoc:
-	@if [ ! -d "$(PROTOC_DIR)" ] || [ ! -d "$(PROTOGEN_FROSTFS_DIR)" ]; then \
+	@if [ ! -d "$(PROTOC_DIR)" ] || [ ! -d "$(PROTOC_GEN_GO_DIR)" ] || [ ! -d "$(PROTOGEN_FROSTFS_DIR)" ]; then \
 		make protoc-install; \
 	fi
 	@for f in `find . -type f -name '*.proto' -not -path './bin/*'`; do \
 		echo "⇒ Processing $$f "; \
 		$(PROTOC_DIR)/bin/protoc \
 			--proto_path=.:$(PROTOC_DIR)/include:/usr/local/include \
+			--plugin=protoc-gen-go=$(PROTOC_GEN_GO_DIR)/protoc-gen-go \
 			--plugin=protoc-gen-go-frostfs=$(PROTOGEN_FROSTFS_DIR)/protogen \
 			--go-frostfs_out=. --go-frostfs_opt=paths=source_relative \
+			--go_out=. --go_opt=paths=source_relative \
 			--go-grpc_opt=require_unimplemented_servers=false \
 			--go-grpc_out=. --go-grpc_opt=paths=source_relative $$f; \
 	done
@ -126,6 +126,8 @@ protoc-install:
 	@wget -q -O $(PROTOBUF_DIR)/protoc-$(PROTOC_VERSION).zip 'https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION)-$(PROTOC_OS_VERSION).zip'
 	@unzip -q -o $(PROTOBUF_DIR)/protoc-$(PROTOC_VERSION).zip -d $(PROTOC_DIR)
 	@rm $(PROTOBUF_DIR)/protoc-$(PROTOC_VERSION).zip
+	@echo "⇒ Installing protoc-gen-go..."
+	@GOBIN=$(PROTOC_GEN_GO_DIR) go install -v google.golang.org/protobuf/...@$(PROTOC_GEN_GO_VERSION)
 	@echo "⇒ Instaling protogen FrostFS plugin..."
 	@GOBIN=$(PROTOGEN_FROSTFS_DIR) go install -mod=mod -v git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/util/protogen@$(PROTOGEN_FROSTFS_VERSION)

@ -163,19 +165,10 @@ imports:
 	@echo "⇒ Processing goimports check"
 	@goimports -w cmd/ pkg/ misc/

-# Install gofumpt
-fumpt-install:
-	@rm -rf $(GOFUMPT_DIR)
-	@mkdir $(GOFUMPT_DIR)
-	@GOBIN=$(GOFUMPT_VERSION_DIR) go install mvdan.cc/gofumpt@$(GOFUMPT_VERSION)
-
 # Run gofumpt
 fumpt:
-	@if [ ! -d "$(GOFUMPT_VERSION_DIR)" ]; then \
-		make fumpt-install; \
-	fi
 	@echo "⇒ Processing gofumpt check"
-	$(GOFUMPT_VERSION_DIR)/gofumpt -l -w cmd/ pkg/ misc/
+	@gofumpt -l -w cmd/ pkg/ misc/

 # Run Unit Test with go test
 test: GOFLAGS ?= "-count=1"
@ -197,7 +190,7 @@ lint-install:
 	@@make -C $(TMP_DIR)/linters lib CGO_ENABLED=1 OUT_DIR=$(OUTPUT_LINT_DIR)
 	@rm -rf $(TMP_DIR)/linters
 	@rmdir $(TMP_DIR) 2>/dev/null || true
-	@CGO_ENABLED=1 GOBIN=$(LINT_DIR) go install -trimpath github.com/golangci/golangci-lint/cmd/golangci-lint@v$(LINT_VERSION)
+	@CGO_ENABLED=1 GOBIN=$(LINT_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v$(LINT_VERSION)

 # Run linters
 lint:
--- a/README.md
+++ b/README.md
@ -7,8 +7,9 @@
 </p>

 ---
-[![Report](https://goreportcard.com/badge/git.frostfs.info/TrueCloudLab/frostfs-node)](https://goreportcard.com/report/git.frostfs.info/TrueCloudLab/frostfs-node)
-![Release (latest)](https://git.frostfs.info/TrueCloudLab/frostfs-node/badges/release.svg)
+[![Report](https://goreportcard.com/badge/github.com/TrueCloudLab/frostfs-node)](https://goreportcard.com/report/github.com/TrueCloudLab/frostfs-node)
+![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/TrueCloudLab/frostfs-node?sort=semver)
+![License](https://img.shields.io/github/license/TrueCloudLab/frostfs-node.svg?style=popout)

 # Overview

@ -32,8 +33,8 @@ manipulate large amounts of data without paying a prohibitive price.

 FrostFS has a native [gRPC API](https://git.frostfs.info/TrueCloudLab/frostfs-api) and has
 protocol gateways for popular protocols such as [AWS
-S3](https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw),
-[HTTP](https://git.frostfs.info/TrueCloudLab/frostfs-http-gw),
+S3](https://github.com/TrueCloudLab/frostfs-s3-gw),
+[HTTP](https://github.com/TrueCloudLab/frostfs-http-gw),
 [FUSE](https://wikipedia.org/wiki/Filesystem_in_Userspace) and
 [sFTP](https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol) allowing
 developers to integrate applications without rewriting their code.
@ -44,11 +45,11 @@ Now, we only support GNU/Linux on amd64 CPUs with AVX/AVX2 instructions. More
 platforms will be officially supported after release `1.0`.

 The latest version of frostfs-node works with frostfs-contract
-[v0.19.2](https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases/tag/v0.19.2).
+[v0.16.0](https://github.com/TrueCloudLab/frostfs-contract/releases/tag/v0.16.0).

 # Building

-To make all binaries you need Go 1.22+ and `make`:
+To make all binaries you need Go 1.21+ and `make`:
 ```
 make all
 ```
@ -70,7 +71,7 @@ make docker/bin/frostfs-<name> # build a specific binary

 ## Docker images

-To make docker images suitable for use in [frostfs-dev-env](https://git.frostfs.info/TrueCloudLab/frostfs-dev-env/) use:
+To make docker images suitable for use in [frostfs-dev-env](https://github.com/TrueCloudLab/frostfs-dev-env/) use:
 ```
 make images
 ```
@ -124,7 +125,7 @@ the feature/topic you are going to implement.

 # Credits

-FrostFS is maintained by [True Cloud Lab](https://git.frostfs.info/TrueCloudLab/) with the help and
+FrostFS is maintained by [True Cloud Lab](https://github.com/TrueCloudLab/) with the help and
 contributions from community members.

 Please see [CREDITS](CREDITS.md) for details.
--- a/2
+++ b/2
@ -1 +1 @@
-v0.42.0
+v0.40.0
--- a/cmd/frostfs-adm/README.md
+++ b/cmd/frostfs-adm/README.md
@ -56,8 +56,7 @@ credentials:     # passwords for consensus node / alphabet wallets
 #### Network deployment

 - `generate-alphabet` generates a set of wallets for consensus and
-  Alphabet nodes. The list of the name for alphabet wallets(no gaps between names allowed, order is important):
-  - az, buky, vedi, glagoli, dobro, yest, zhivete, dzelo, zemlja, izhe, izhei, gerv, kako, ljudi, mislete, nash, on, pokoj, rtsi, slovo, tverdo, uk
+  Alphabet nodes.

 - `init` initializes the sidechain by deploying smart contracts and
  setting provided FrostFS network configuration.
--- a/cmd/frostfs-adm/docs/deploy.md
+++ b/cmd/frostfs-adm/docs/deploy.md
@ -9,8 +9,8 @@ related configuration details.

 To follow this guide you need:
 - latest released version of [neo-go](https://github.com/nspcc-dev/neo-go/releases) (v0.97.2 at the moment),
- latest released version of [frostfs-adm](https://git.frostfs.info/TrueCloudLab/frostfs-node/releases) utility (v0.42.9 at the moment),
- latest released version of compiled [frostfs-contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases) (v0.19.2 at the moment).
+- latest released version of [frostfs-adm](https://github.com/TrueCloudLab/frostfs-node/releases) utility (v0.25.1 at the moment),
+- latest released version of compiled [frostfs-contract](https://github.com/TrueCloudLab/frostfs-contract/releases) (v0.11.0 at the moment).

 ## Step 1: Prepare network configuration

@ -64,11 +64,6 @@ alphabet-wallets: /home/user/deploy/alphabet-wallets
 wallet[0]: hunter2
 ```

-This command generates wallets with the following names:
- - az, buky, vedi, glagoli, dobro, yest, zhivete, dzelo, zemlja, izhe, izhei, gerv, kako, ljudi, mislete, nash, on, pokoj, rtsi, slovo, tverdo, uk
-
-No gaps between names allowed, order is important.
-
 Do not lose wallet files and network config. Store it in an encrypted backed up
 storage.

--- a/cmd/frostfs-adm/internal/modules/metabase/root.go
+++ b/cmd/frostfs-adm/internal/modules/metabase/root.go
@ -1,15 +0,0 @@
-package metabase
-
-import "github.com/spf13/cobra"
-
-// RootCmd is a root command of config section.
-var RootCmd = &cobra.Command{
-	Use:   "metabase",
-	Short: "Section for metabase commands",
-}
-
-func init() {
-	RootCmd.AddCommand(UpgradeCmd)
-
-	initUpgradeCommand()
-}
--- a/cmd/frostfs-adm/internal/modules/metabase/upgrade.go
+++ b/cmd/frostfs-adm/internal/modules/metabase/upgrade.go
@ -1,99 +0,0 @@
-package metabase
-
-import (
-	"errors"
-	"fmt"
-	"sync"
-	"time"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config"
-	engineconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/engine"
-	shardconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/engine/shard"
-	meta "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/metabase"
-	"github.com/spf13/cobra"
-	"golang.org/x/sync/errgroup"
-)
-
-const (
-	pathFlag      = "path"
-	noCompactFlag = "no-compact"
-)
-
-var errNoPathsFound = errors.New("no metabase paths found")
-
-var path string
-
-var UpgradeCmd = &cobra.Command{
-	Use:   "upgrade",
-	Short: "Upgrade metabase to latest version",
-	RunE:  upgrade,
-}
-
-func upgrade(cmd *cobra.Command, _ []string) error {
-	configFile, err := cmd.Flags().GetString(commonflags.ConfigFlag)
-	if err != nil {
-		return err
-	}
-	configDir, err := cmd.Flags().GetString(commonflags.ConfigDirFlag)
-	if err != nil {
-		return err
-	}
-	noCompact, _ := cmd.Flags().GetBool(noCompactFlag)
-	var paths []string
-	if path != "" {
-		paths = append(paths, path)
-	}
-	appCfg := config.New(configFile, configDir, config.EnvPrefix)
-	if err := engineconfig.IterateShards(appCfg, false, func(sc *shardconfig.Config) error {
-		paths = append(paths, sc.Metabase().Path())
-		return nil
-	}); err != nil {
-		return fmt.Errorf("failed to get metabase paths: %w", err)
-	}
-	if len(paths) == 0 {
-		return errNoPathsFound
-	}
-	cmd.Println("found", len(paths), "metabases:")
-	for i, path := range paths {
-		cmd.Println(i+1, ":", path)
-	}
-	result := make(map[string]bool)
-	var resultGuard sync.Mutex
-	eg, ctx := errgroup.WithContext(cmd.Context())
-	for _, path := range paths {
-		eg.Go(func() error {
-			var success bool
-			cmd.Println("upgrading metabase", path, "...")
-			if err := meta.Upgrade(ctx, path, !noCompact, func(a ...any) {
-				cmd.Println(append([]any{time.Now().Format(time.RFC3339), ":", path, ":"}, a...)...)
-			}); err != nil {
-				cmd.Println("error: failed to upgrade metabase", path, ":", err)
-			} else {
-				success = true
-				cmd.Println("metabase", path, "upgraded successfully")
-			}
-			resultGuard.Lock()
-			result[path] = success
-			resultGuard.Unlock()
-			return nil
-		})
-	}
-	if err := eg.Wait(); err != nil {
-		return err
-	}
-	for mb, ok := range result {
-		if ok {
-			cmd.Println(mb, ": success")
-		} else {
-			cmd.Println(mb, ": failed")
-		}
-	}
-	return nil
-}
-
-func initUpgradeCommand() {
-	flags := UpgradeCmd.Flags()
-	flags.StringVar(&path, pathFlag, "", "Path to metabase file")
-	flags.Bool(noCompactFlag, false, "Do not compact upgraded metabase file")
-}
--- a/cmd/frostfs-adm/internal/modules/morph/ape/ape_util.go
+++ b/cmd/frostfs-adm/internal/modules/morph/ape/ape_util.go
@ -38,12 +38,6 @@ var (
 func parseTarget(cmd *cobra.Command) policyengine.Target {
 	name, _ := cmd.Flags().GetString(targetNameFlag)
 	typ, err := parseTargetType(cmd)
-
-	// interpret "root" namespace as empty
-	if typ == policyengine.Namespace && name == "root" {
-		name = ""
-	}
-
 	commonCmd.ExitOnErr(cmd, "read target type error: %w", err)

 	return policyengine.Target{
@ -121,7 +115,7 @@ func newPolicyContractReaderInterface(cmd *cobra.Command) (*morph.ContractStorag
 	inv := invoker.New(c, nil)
 	var ch util.Uint160
 	r := management.NewReader(inv)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)

 	ch, err = helper.NNSResolveHash(inv, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
@ -144,7 +138,7 @@ func newPolicyContractInterface(cmd *cobra.Command) (*morph.ContractStorage, *he

 	var ch util.Uint160
 	r := management.NewReader(ac.Invoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)

 	ch, err = helper.NNSResolveHash(ac.Invoker, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
--- a/cmd/frostfs-adm/internal/modules/morph/balance/balance.go
+++ b/cmd/frostfs-adm/internal/modules/morph/balance/balance.go
@ -60,7 +60,7 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {

 	if dumpStorage || dumpAlphabet || dumpProxy {
 		r := management.NewReader(inv)
-		nnsCs, err = helper.GetContractByID(r, 1)
+		nnsCs, err = r.GetContractByID(1)
 		if err != nil {
 			return fmt.Errorf("can't get NNS contract info: %w", err)
 		}
--- a/cmd/frostfs-adm/internal/modules/morph/config/config.go
+++ b/cmd/frostfs-adm/internal/modules/morph/config/config.go
@ -34,7 +34,7 @@ func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
 	inv := invoker.New(c, nil)
 	r := management.NewReader(inv)

-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -93,7 +93,7 @@ func SetConfigCmd(cmd *cobra.Command, args []string) error {
 	}

 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -137,8 +137,6 @@ func SetConfigCmd(cmd *cobra.Command, args []string) error {
 	return wCtx.AwaitTx()
 }

-const maxECSum = 256
-
 func validateConfig(args map[string]any, forceFlag bool) error {
 	var sumEC int64
 	_, okData := args[netmap.MaxECDataCountConfig]
@ -149,34 +147,19 @@ func validateConfig(args map[string]any, forceFlag bool) error {
 	}

 	for k, v := range args {
-		switch k {
-		case netmap.ContainerFeeConfig, netmap.ContainerAliasFeeConfig,
-			netmap.EpochDurationConfig, netmap.IrCandidateFeeConfig,
-			netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig,
-			netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig:
-			value, ok := v.(int64)
-			if !ok {
-				return fmt.Errorf("%s has an invalid type. Expected type: int", k)
-			}
+		value, ok := v.(int64)
+		if !ok || value < 0 {
+			return fmt.Errorf("%s must be >= 0, got %v", k, v)
+		}

-			if value < 0 {
-				return fmt.Errorf("%s must be >= 0, got %v", k, v)
-			}
-
-			if k == netmap.MaxECDataCountConfig || k == netmap.MaxECParityCountConfig {
-				sumEC += value
-			}
-		case netmap.HomomorphicHashingDisabledKey, netmap.MaintenanceModeAllowedConfig:
-			_, ok := v.(bool)
-			if !ok {
-				return fmt.Errorf("%s has an invalid type. Expected type: bool", k)
-			}
+		if k == netmap.MaxECDataCountConfig || k == netmap.MaxECParityCountConfig {
+			sumEC += value
 		}
 	}

-	if sumEC > maxECSum && !forceFlag {
-		return fmt.Errorf("the sum of %s and %s must be <= %d, got %d",
-			netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig, maxECSum, sumEC)
+	if sumEC > 256 && !forceFlag {
+		return fmt.Errorf("the sum of %s and %s must be <= 256, got %d",
+			netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig, sumEC)
 	}
 	return nil
 }
--- a/cmd/frostfs-adm/internal/modules/morph/config/config_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/config/config_test.go
@ -1,34 +0,0 @@
-package config
-
-import (
-	"testing"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/netmap"
-	"github.com/stretchr/testify/require"
-)
-
-func Test_ValidateConfig(t *testing.T) {
-	testArgs := make(map[string]any)
-
-	testArgs[netmap.MaxECDataCountConfig] = int64(11)
-	require.Error(t, validateConfig(testArgs, false))
-
-	testArgs[netmap.MaxECParityCountConfig] = int64(256)
-	require.Error(t, validateConfig(testArgs, false))
-	require.NoError(t, validateConfig(testArgs, true))
-
-	testArgs[netmap.MaxECParityCountConfig] = int64(-1)
-	require.Error(t, validateConfig(testArgs, false))
-
-	testArgs[netmap.MaxECParityCountConfig] = int64(55)
-	require.NoError(t, validateConfig(testArgs, false))
-
-	testArgs[netmap.HomomorphicHashingDisabledKey] = "1"
-	require.Error(t, validateConfig(testArgs, false))
-
-	testArgs[netmap.HomomorphicHashingDisabledKey] = true
-	require.NoError(t, validateConfig(testArgs, false))
-
-	testArgs["not-well-known-configuration-key"] = "key"
-	require.NoError(t, validateConfig(testArgs, false))
-}
--- a/cmd/frostfs-adm/internal/modules/morph/container/container.go
+++ b/cmd/frostfs-adm/internal/modules/morph/container/container.go
@ -34,7 +34,7 @@ func getContainerContractHash(cmd *cobra.Command, inv *invoker.Invoker) (util.Ui
 	}
 	if err != nil {
 		r := management.NewReader(inv)
-		nnsCs, err := helper.GetContractByID(r, 1)
+		nnsCs, err := r.GetContractByID(1)
 		if err != nil {
 			return util.Uint160{}, fmt.Errorf("can't get NNS contract state: %w", err)
 		}
@ -304,7 +304,7 @@ func parseContainers(filename string) ([]Container, error) {

 func fetchContainerContractHash(wCtx *helper.InitializeContext) (util.Uint160, error) {
 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	if err != nil {
 		return util.Uint160{}, fmt.Errorf("can't get NNS contract state: %w", err)
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/contract/deploy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/contract/deploy.go
@ -79,7 +79,7 @@ func deployContractCmd(cmd *cobra.Command, args []string) error {
 	}

 	r := management.NewReader(c.ReadOnlyInvoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't fetch NNS contract state: %w", err)
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/contract/dump_hashes.go
+++ b/cmd/frostfs-adm/internal/modules/morph/contract/dump_hashes.go
@ -42,7 +42,7 @@ func dumpContractHashes(cmd *cobra.Command, _ []string) error {
 	}

 	r := management.NewReader(invoker.New(c, nil))
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return err
 	}
@ -68,7 +68,7 @@ func dumpContractHashes(cmd *cobra.Command, _ []string) error {

 	if irSize != 0 {
 		bw.Reset()
-		for i := range irSize {
+		for i := 0; i < irSize; i++ {
 			emit.AppCall(bw.BinWriter, cs.Hash, "resolve", callflag.ReadOnly,
 				helper.GetAlphabetNNSDomain(i),
 				int64(nns.TXT))
@ -79,7 +79,7 @@ func dumpContractHashes(cmd *cobra.Command, _ []string) error {
 			return fmt.Errorf("can't fetch info from NNS: %w", err)
 		}

-		for i := range irSize {
+		for i := 0; i < irSize; i++ {
 			info := contractDumpInfo{name: fmt.Sprintf("alphabet %d", i)}
 			if h, err := helper.ParseNNSResolveResult(alphaRes.Stack[i]); err == nil {
 				info.hash = h
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid.go
@ -3,32 +3,24 @@ package frostfsid
 import (
 	"errors"
 	"fmt"
-	"math/big"
 	"sort"

 	frostfsidclient "git.frostfs.info/TrueCloudLab/frostfs-contract/frostfsid/client"
-	frostfsidrpclient "git.frostfs.info/TrueCloudLab/frostfs-contract/rpcclient/frostfsid"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/io"
-	"github.com/nspcc-dev/neo-go/pkg/neorpc/result"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
-	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )

-const iteratorBatchSize = 1
-
 const (
 	namespaceFlag      = "namespace"
 	subjectNameFlag    = "subject-name"
@ -258,15 +250,12 @@ func frostfsidCreateNamespace(cmd *cobra.Command, _ []string) {
 }

 func frostfsidListNamespaces(cmd *cobra.Command, _ []string) {
-	inv, _, hash := initInvoker(cmd)
-	reader := frostfsidrpclient.NewReader(inv, hash)
-	sessionID, it, err := reader.ListNamespaces()
-	commonCmd.ExitOnErr(cmd, "can't get namespace: %w", err)
-	items, err := readIterator(inv, &it, iteratorBatchSize, sessionID)
-	commonCmd.ExitOnErr(cmd, "can't read iterator: %w", err)
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract invoker: %w", err)
+
+	namespaces, err := ffsid.roCli.ListNamespaces()
+	commonCmd.ExitOnErr(cmd, "list namespaces: %w", err)

-	namespaces, err := frostfsidclient.ParseNamespaces(items)
-	commonCmd.ExitOnErr(cmd, "can't parse namespace: %w", err)
 	sort.Slice(namespaces, func(i, j int) bool { return namespaces[i].Name < namespaces[j].Name })

 	for _, namespace := range namespaces {
@ -307,15 +296,14 @@ func frostfsidDeleteSubject(cmd *cobra.Command, _ []string) {
 }

 func frostfsidListSubjects(cmd *cobra.Command, _ []string) {
-	includeNames, _ := cmd.Flags().GetBool(includeNamesFlag)
 	ns := getFrostfsIDNamespace(cmd)
-	inv, _, hash := initInvoker(cmd)
-	reader := frostfsidrpclient.NewReader(inv, hash)
-	sessionID, it, err := reader.ListNamespaceSubjects(ns)
-	commonCmd.ExitOnErr(cmd, "can't get namespace: %w", err)
+	includeNames, _ := cmd.Flags().GetBool(includeNamesFlag)

-	subAddresses, err := frostfsidclient.UnwrapArrayOfUint160(readIterator(inv, &it, iteratorBatchSize, sessionID))
-	commonCmd.ExitOnErr(cmd, "can't unwrap: %w", err)
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract invoker: %w", err)
+
+	subAddresses, err := ffsid.roCli.ListNamespaceSubjects(ns)
+	commonCmd.ExitOnErr(cmd, "list subjects: %w", err)

 	sort.Slice(subAddresses, func(i, j int) bool { return subAddresses[i].Less(subAddresses[j]) })

@ -325,14 +313,8 @@ func frostfsidListSubjects(cmd *cobra.Command, _ []string) {
 			continue
 		}

-		sessionID, it, err := reader.ListSubjects()
-		commonCmd.ExitOnErr(cmd, "can't get subject: %w", err)
-
-		items, err := readIterator(inv, &it, iteratorBatchSize, sessionID)
-		commonCmd.ExitOnErr(cmd, "can't read iterator: %w", err)
-
-		subj, err := frostfsidclient.ParseSubject(items)
-		commonCmd.ExitOnErr(cmd, "can't parse subject: %w", err)
+		subj, err := ffsid.roCli.GetSubject(addr)
+		commonCmd.ExitOnErr(cmd, "get subject: %w", err)

 		cmd.Printf("%s (%s)\n", address.Uint160ToString(addr), subj.Name)
 	}
@ -367,17 +349,13 @@ func frostfsidDeleteGroup(cmd *cobra.Command, _ []string) {
 }

 func frostfsidListGroups(cmd *cobra.Command, _ []string) {
-	inv, _, hash := initInvoker(cmd)
 	ns := getFrostfsIDNamespace(cmd)

-	reader := frostfsidrpclient.NewReader(inv, hash)
-	sessionID, it, err := reader.ListGroups(ns)
-	commonCmd.ExitOnErr(cmd, "can't get namespace: %w", err)
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract invoker: %w", err)

-	items, err := readIterator(inv, &it, iteratorBatchSize, sessionID)
-	commonCmd.ExitOnErr(cmd, "can't list groups: %w", err)
-	groups, err := frostfsidclient.ParseGroups(items)
-	commonCmd.ExitOnErr(cmd, "can't parse groups: %w", err)
+	groups, err := ffsid.roCli.ListGroups(ns)
+	commonCmd.ExitOnErr(cmd, "list groups: %w", err)

 	sort.Slice(groups, func(i, j int) bool { return groups[i].Name < groups[j].Name })

@ -416,19 +394,12 @@ func frostfsidListGroupSubjects(cmd *cobra.Command, _ []string) {
 	ns := getFrostfsIDNamespace(cmd)
 	groupID := getFrostfsIDGroupID(cmd)
 	includeNames, _ := cmd.Flags().GetBool(includeNamesFlag)
-	inv, cs, hash := initInvoker(cmd)
-	_, err := helper.NNSResolveHash(inv, cs.Hash, helper.DomainOf(constants.FrostfsIDContract))
-	commonCmd.ExitOnErr(cmd, "can't get netmap contract hash: %w", err)

-	reader := frostfsidrpclient.NewReader(inv, hash)
-	sessionID, it, err := reader.ListGroupSubjects(ns, big.NewInt(groupID))
-	commonCmd.ExitOnErr(cmd, "can't list groups: %w", err)
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)

-	items, err := readIterator(inv, &it, iteratorBatchSize, sessionID)
-	commonCmd.ExitOnErr(cmd, "can't read iterator: %w", err)
-
-	subjects, err := frostfsidclient.UnwrapArrayOfUint160(items, err)
-	commonCmd.ExitOnErr(cmd, "can't unwrap: %w", err)
+	subjects, err := ffsid.roCli.ListGroupSubjects(ns, groupID)
+	commonCmd.ExitOnErr(cmd, "list group subjects: %w", err)

 	sort.Slice(subjects, func(i, j int) bool { return subjects[i].Less(subjects[j]) })

@ -438,10 +409,9 @@ func frostfsidListGroupSubjects(cmd *cobra.Command, _ []string) {
 			continue
 		}

-		items, err := reader.GetSubject(subjAddr)
-		commonCmd.ExitOnErr(cmd, "can't get subject: %w", err)
-		subj, err := frostfsidclient.ParseSubject(items)
-		commonCmd.ExitOnErr(cmd, "can't parse subject: %w", err)
+		subj, err := ffsid.roCli.GetSubject(subjAddr)
+		commonCmd.ExitOnErr(cmd, "get subject: %w", err)
+
 		cmd.Printf("%s (%s)\n", address.Uint160ToString(subjAddr), subj.Name)
 	}
 }
@ -456,11 +426,11 @@ type frostfsidClient struct {
 func newFrostfsIDClient(cmd *cobra.Command) (*frostfsidClient, error) {
 	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
-		return nil, fmt.Errorf("can't initialize context: %w", err)
+		return nil, fmt.Errorf("can't to initialize context: %w", err)
 	}

 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return nil, fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -504,35 +474,3 @@ func (f *frostfsidClient) sendWaitRes() (*state.AppExecResult, error) {
 	f.wCtx.Command.Println("Waiting for transactions to persist...")
 	return f.roCli.Wait(f.wCtx.SentTxs[0].Hash, f.wCtx.SentTxs[0].Vub, nil)
 }
-
-func readIterator(inv *invoker.Invoker, iter *result.Iterator, batchSize int, sessionID uuid.UUID) ([]stackitem.Item, error) {
-	var shouldStop bool
-	res := make([]stackitem.Item, 0)
-	for !shouldStop {
-		items, err := inv.TraverseIterator(sessionID, iter, batchSize)
-		if err != nil {
-			return nil, err
-		}
-
-		res = append(res, items...)
-		shouldStop = len(items) < batchSize
-	}
-
-	return res, nil
-}
-
-func initInvoker(cmd *cobra.Command) (*invoker.Invoker, *state.Contract, util.Uint160) {
-	c, err := helper.GetN3Client(viper.GetViper())
-	commonCmd.ExitOnErr(cmd, "can't create N3 client: %w", err)
-
-	inv := invoker.New(c, nil)
-	r := management.NewReader(inv)
-
-	cs, err := r.GetContractByID(1)
-	commonCmd.ExitOnErr(cmd, "can't get NNS contract info: %w", err)
-
-	nmHash, err := helper.NNSResolveHash(inv, cs.Hash, helper.DomainOf(constants.FrostfsIDContract))
-	commonCmd.ExitOnErr(cmd, "can't get netmap contract hash: %w", err)
-
-	return inv, cs, nmHash
-}
--- a/cmd/frostfs-adm/internal/modules/morph/generate/generate.go
+++ b/cmd/frostfs-adm/internal/modules/morph/generate/generate.go
@ -73,6 +73,7 @@ func initializeWallets(v *viper.Viper, walletDir string, size int) ([]string, er
 			return nil, fmt.Errorf("can't fetch password: %w", err)
 		}

+		i := i
 		errG.Go(func() error {
 			p := filepath.Join(walletDir, innerring.GlagoliticLetter(i).String()+".json")
 			f, err := os.OpenFile(p, os.O_CREATE, 0o644)
@ -106,6 +107,7 @@ func initializeWallets(v *viper.Viper, walletDir string, size int) ([]string, er
 	// Create consensus account with 2*N/3+1 multi-signature.
 	bftCount := smartcontract.GetDefaultHonestNodeCount(size)
 	for i := range wallets {
+		i := i
 		ps := pubs.Copy()
 		errG.Go(func() error {
 			if err := addMultisigAccount(wallets[i], majCount, constants.CommitteeAccountName, passwords[i], ps); err != nil {
--- a/cmd/frostfs-adm/internal/modules/morph/helper/contract.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/contract.go
@ -15,7 +15,7 @@ import (

 func getFrostfsIDAdminFromContract(roInvoker *invoker.Invoker) (util.Uint160, bool, error) {
 	r := management.NewReader(roInvoker)
-	cs, err := GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return util.Uint160{}, false, fmt.Errorf("get nns contract: %w", err)
 	}
@ -62,7 +62,7 @@ func GetContractDeployData(c *InitializeContext, ctrName string, keysParam []any
 		// In case if NNS is updated multiple times, we can't calculate
 		// it's actual hash based on local data, thus query chain.
 		r := management.NewReader(c.ReadOnlyInvoker)
-		nnsCs, err := GetContractByID(r, 1)
+		nnsCs, err := r.GetContractByID(1)
 		if err != nil {
 			return nil, fmt.Errorf("get nns contract: %w", err)
 		}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/local_client.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/local_client.go
@ -224,7 +224,7 @@ func (l *LocalClient) CalculateNetworkFee(tx *transaction.Transaction) (int64, e
 					paramz = []manifest.Parameter{{Type: smartcontract.SignatureType}}
 				} else if nSigs, _, ok := vm.ParseMultiSigContract(w.VerificationScript); ok {
 					paramz = make([]manifest.Parameter, nSigs)
-					for j := range nSigs {
+					for j := 0; j < nSigs; j++ {
 						paramz[j] = manifest.Parameter{Type: smartcontract.SignatureType}
 					}
 				}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/n3client.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/n3client.go
@ -2,7 +2,6 @@ package helper

 import (
 	"context"
-	"crypto/tls"
 	"errors"
 	"fmt"
 	"time"
@ -61,23 +60,9 @@ func GetN3Client(v *viper.Viper) (Client, error) {
 	if endpoint == "" {
 		return nil, errors.New("missing endpoint")
 	}
-
-	var cfg *tls.Config
-	if rootCAs := v.GetStringSlice("tls.trusted_ca_list"); len(rootCAs) != 0 {
-		certFile := v.GetString("tls.certificate")
-		keyFile := v.GetString("tls.key")
-
-		tlsConfig, err := rpcclient.TLSClientConfig(rootCAs, certFile, keyFile)
-		if err != nil {
-			return nil, err
-		}
-
-		cfg = tlsConfig
-	}
 	c, err := rpcclient.New(ctx, endpoint, rpcclient.Options{
 		MaxConnsPerHost: maxConnsPerHost,
 		RequestTimeout:  requestTimeout,
-		TLSClientConfig: cfg,
 	})
 	if err != nil {
 		return nil, err
--- a/cmd/frostfs-adm/internal/modules/morph/helper/netmap.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/netmap.go
@ -72,17 +72,13 @@ func InvalidConfigValueErr(key string) error {
 	return fmt.Errorf("invalid %s config value from netmap contract", key)
 }

-func EmitNewEpochCall(bw *io.BufBinWriter, wCtx *InitializeContext, nmHash util.Uint160, countEpoch int64) error {
-	if countEpoch <= 0 {
-		return errors.New("number of epochs cannot be less than 1")
-	}
-
+func EmitNewEpochCall(bw *io.BufBinWriter, wCtx *InitializeContext, nmHash util.Uint160) error {
 	curr, err := unwrap.Int64(wCtx.ReadOnlyInvoker.Call(nmHash, "epoch"))
 	if err != nil {
 		return errors.New("can't fetch current epoch from the netmap contract")
 	}

-	newEpoch := curr + countEpoch
+	newEpoch := curr + 1
 	wCtx.Command.Printf("Current epoch: %d, increase to %d.\n", curr, newEpoch)

 	// In NeoFS this is done via Notary contract. Here, however, we can form the
@ -93,7 +89,7 @@ func EmitNewEpochCall(bw *io.BufBinWriter, wCtx *InitializeContext, nmHash util.

 func GetNetConfigFromNetmapContract(roInvoker *invoker.Invoker) ([]stackitem.Item, error) {
 	r := management.NewReader(roInvoker)
-	cs, err := GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return nil, fmt.Errorf("get nns contract: %w", err)
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/util.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/util.go
@ -14,12 +14,10 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
-	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/viper"
 )
@ -42,48 +40,45 @@ func openAlphabetWallets(v *viper.Viper, walletDir string) ([]*wallet.Wallet, er
 		return nil, fmt.Errorf("can't read alphabet wallets dir: %w", err)
 	}

-	var wallets []*wallet.Wallet
-	var letter string
-	for i := range constants.MaxAlphabetNodes {
-		letter = innerring.GlagoliticLetter(i).String()
-		p := filepath.Join(walletDir, letter+".json")
-		var w *wallet.Wallet
-		w, err = wallet.NewWalletFromFile(p)
-		if err != nil {
-			if errors.Is(err, os.ErrNotExist) {
-				err = nil
-			} else {
-				err = fmt.Errorf("can't open wallet: %w", err)
+	var size int
+loop:
+	for i := 0; i < len(walletFiles); i++ {
+		name := innerring.GlagoliticLetter(i).String() + ".json"
+		for j := range walletFiles {
+			if walletFiles[j].Name() == name {
+				size++
+				continue loop
 			}
-			break
+		}
+		break
+	}
+	if size == 0 {
+		return nil, errors.New("alphabet wallets dir is empty (run `generate-alphabet` command first)")
+	}
+
+	wallets := make([]*wallet.Wallet, size)
+	for i := 0; i < size; i++ {
+		letter := innerring.GlagoliticLetter(i).String()
+		p := filepath.Join(walletDir, letter+".json")
+		w, err := wallet.NewWalletFromFile(p)
+		if err != nil {
+			return nil, fmt.Errorf("can't open wallet: %w", err)
 		}

-		var password string
-		password, err = config.GetPassword(v, letter)
+		password, err := config.GetPassword(v, letter)
 		if err != nil {
-			err = fmt.Errorf("can't fetch password: %w", err)
-			break
+			return nil, fmt.Errorf("can't fetch password: %w", err)
 		}

 		for i := range w.Accounts {
-			if err = w.Accounts[i].Decrypt(password, keys.NEP2ScryptParams()); err != nil {
-				err = fmt.Errorf("can't unlock wallet: %w", err)
-				break
+			if err := w.Accounts[i].Decrypt(password, keys.NEP2ScryptParams()); err != nil {
+				return nil, fmt.Errorf("can't unlock wallet: %w", err)
 			}
 		}

-		wallets = append(wallets, w)
-	}
-	if err != nil {
-		return nil, fmt.Errorf("can't read wallet for letter '%s': %w", letter, err)
-	}
-	if len(wallets) == 0 {
-		err = errors.New("there are no alphabet wallets in dir (run `generate-alphabet` command first)")
-		if len(walletFiles) > 0 {
-			err = fmt.Errorf("use glagolitic names for wallets(run `print-alphabet`): %w", err)
-		}
-		return nil, err
+		wallets[i] = w
 	}
+
 	return wallets, nil
 }

@ -183,18 +178,3 @@ func ParseGASAmount(s string) (fixedn.Fixed8, error) {
 	}
 	return gasAmount, nil
 }
-
-// GetContractByID retrieves a contract by its ID using the standard GetContractByID method.
-// However, if the returned state.Contract is nil, it returns an error indicating that the contract was not found.
-// See https://git.frostfs.info/TrueCloudLab/frostfs-node/issues/1210
-func GetContractByID(r *management.ContractReader, id int32) (*state.Contract, error) {
-	cs, err := r.GetContractByID(id)
-	if err != nil {
-		return nil, err
-	}
-
-	if cs == nil {
-		return nil, errors.New("contract not found")
-	}
-	return cs, nil
-}
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_nns.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_nns.go
@ -21,7 +21,7 @@ import (

 func setNNS(c *helper.InitializeContext) error {
 	r := management.NewReader(c.ReadOnlyInvoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	if err != nil {
 		return err
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_roles.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_roles.go
@ -1,8 +1,6 @@
 package initialize

 import (
-	"fmt"
-
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/noderoles"
 	"github.com/nspcc-dev/neo-go/pkg/io"
@ -31,14 +29,10 @@ func setNotaryAndAlphabetNodes(c *helper.InitializeContext) error {
 		callflag.States|callflag.AllowNotify, int64(noderoles.NeoFSAlphabet), pubs)

 	if err := c.SendCommitteeTx(w.Bytes(), false); err != nil {
-		return fmt.Errorf("send committee transaction: %w", err)
+		return err
 	}

-	err := c.AwaitTx()
-	if err != nil {
-		err = fmt.Errorf("await committee transaction: %w", err)
-	}
-	return err
+	return c.AwaitTx()
 }

 func setRolesFinished(c *helper.InitializeContext) (bool, error) {
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_test.go
@ -113,7 +113,7 @@ func generateTestData(dir string, size int) error {
 	}

 	var pubs []string
-	for i := range size {
+	for i := 0; i < size; i++ {
 		p := filepath.Join(dir, innerring.GlagoliticLetter(i).String()+".json")
 		w, err := wallet.NewWalletFromFile(p)
 		if err != nil {
@ -148,7 +148,7 @@ func generateTestData(dir string, size int) error {
 }

 func setTestCredentials(v *viper.Viper, size int) {
-	for i := range size {
+	for i := 0; i < size; i++ {
 		v.Set("credentials."+innerring.GlagoliticLetter(i).String(), strconv.FormatUint(uint64(i), 10))
 	}
 	v.Set("credentials.contract", constants.TestContractPassword)
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_transfer.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_transfer.go
@ -3,7 +3,6 @@ package initialize
 import (
 	"fmt"
 	"math/big"
-	"strings"

 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
@ -29,10 +28,6 @@ const (
 	initialProxyGASAmount = 50_000 * native.GASFactor
 )

-func initialCommitteeGASAmount(c *helper.InitializeContext) int64 {
-	return (gasInitialTotalSupply - initialAlphabetGASAmount*int64(len(c.Wallets))) / 2
-}
-
 func transferFunds(c *helper.InitializeContext) error {
 	ok, err := transferFundsFinished(c)
 	if ok || err != nil {
@ -59,7 +54,7 @@ func transferFunds(c *helper.InitializeContext) error {
 		transferTarget{
 			Token:   gas.Hash,
 			Address: c.CommitteeAcc.Contract.ScriptHash(),
-			Amount:  initialCommitteeGASAmount(c),
+			Amount:  (gasInitialTotalSupply - initialAlphabetGASAmount*int64(len(c.Wallets))) / 2,
 		},
 		transferTarget{
 			Token:   neo.Hash,
@ -80,19 +75,12 @@ func transferFunds(c *helper.InitializeContext) error {
 	return c.AwaitTx()
 }

-// transferFundsFinished checks balances of accounts we transfer GAS to.
-// The stage is considered finished if the balance is greater than the half of what we need to transfer.
 func transferFundsFinished(c *helper.InitializeContext) (bool, error) {
 	acc := c.Accounts[0]

 	r := nep17.NewReader(c.ReadOnlyInvoker, gas.Hash)
 	res, err := r.BalanceOf(acc.Contract.ScriptHash())
-	if err != nil || res.Cmp(big.NewInt(initialAlphabetGASAmount/2)) != 1 {
-		return false, err
-	}
-
-	res, err = r.BalanceOf(c.CommitteeAcc.ScriptHash())
-	return res != nil && res.Cmp(big.NewInt(initialCommitteeGASAmount(c)/2)) == 1, err
+	return res.Cmp(big.NewInt(initialAlphabetGASAmount/2)) == 1, err
 }

 func transferGASToProxy(c *helper.InitializeContext) error {
@ -152,17 +140,5 @@ func createNEP17MultiTransferTx(c helper.Client, acc *wallet.Account, recipients
 	if err != nil {
 		return nil, fmt.Errorf("can't create actor: %w", err)
 	}
-	tx, err := act.MakeRun(w.Bytes())
-	if err != nil {
-		sum := make(map[util.Uint160]int64)
-		for _, recipient := range recipients {
-			sum[recipient.Token] += recipient.Amount
-		}
-		detail := make([]string, 0, len(sum))
-		for _, value := range sum {
-			detail = append(detail, fmt.Sprintf("amount=%v", value))
-		}
-		err = fmt.Errorf("transfer failed: from=%s(%s) %s: %w", acc.Label, acc.Address, strings.Join(detail, " "), err)
-	}
-	return tx, err
+	return act.MakeRun(w.Bytes())
 }
--- a/cmd/frostfs-adm/internal/modules/morph/netmap/epoch.go
+++ b/cmd/frostfs-adm/internal/modules/morph/netmap/epoch.go
@ -12,16 +12,14 @@ import (
 	"github.com/spf13/viper"
 )

-const deltaFlag = "delta"
-
 func ForceNewEpochCmd(cmd *cobra.Command, _ []string) error {
 	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
-		return fmt.Errorf("can't initialize context: %w", err)
+		return fmt.Errorf("can't to initialize context: %w", err)
 	}

 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -32,8 +30,7 @@ func ForceNewEpochCmd(cmd *cobra.Command, _ []string) error {
 	}

 	bw := io.NewBufBinWriter()
-	delta, _ := cmd.Flags().GetInt64(deltaFlag)
-	if err := helper.EmitNewEpochCall(bw, wCtx, nmHash, delta); err != nil {
+	if err := helper.EmitNewEpochCall(bw, wCtx, nmHash); err != nil {
 		return err
 	}

--- a/cmd/frostfs-adm/internal/modules/morph/netmap/netmap_candidates.go
+++ b/cmd/frostfs-adm/internal/modules/morph/netmap/netmap_candidates.go
@ -19,7 +19,7 @@ func listNetmapCandidatesNodes(cmd *cobra.Command, _ []string) {
 	inv := invoker.New(c, nil)
 	r := management.NewReader(inv)

-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract info: %w", err)

 	nmHash, err := helper.NNSResolveHash(inv, cs.Hash, helper.DomainOf(constants.NetmapContract))
--- a/cmd/frostfs-adm/internal/modules/morph/netmap/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/netmap/root.go
@ -35,7 +35,6 @@ func initForceNewEpochCmd() {
 	ForceNewEpoch.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	ForceNewEpoch.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	ForceNewEpoch.Flags().String(commonflags.LocalDumpFlag, "", "Path to the blocks dump file")
-	ForceNewEpoch.Flags().Int64(deltaFlag, 1, "Number of epochs to increase the current epoch")
 }

 func init() {
--- a/cmd/frostfs-adm/internal/modules/morph/nns/helper.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/helper.go
@ -19,7 +19,7 @@ func getRPCClient(cmd *cobra.Command) (*client.Contract, *helper.LocalActor, uti
 	commonCmd.ExitOnErr(cmd, "can't create actor: %w", err)

 	r := management.NewReader(ac.Invoker)
-	nnsCs, err := helper.GetContractByID(r, 1)
+	nnsCs, err := r.GetContractByID(1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
 	return client.New(ac, nnsCs.Hash), ac, nnsCs.Hash
 }
--- a/cmd/frostfs-adm/internal/modules/morph/nns/register.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/register.go
@ -42,23 +42,3 @@ func registerDomain(cmd *cobra.Command, _ []string) {
 	commonCmd.ExitOnErr(cmd, "register domain error: %w", err)
 	cmd.Println("Domain registered successfully")
 }
-
-func initDeleteCmd() {
-	Cmd.AddCommand(deleteCmd)
-	deleteCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	deleteCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-	deleteCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
-
-	_ = cobra.MarkFlagRequired(deleteCmd.Flags(), nnsNameFlag)
-}
-
-func deleteDomain(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
-
-	name, _ := cmd.Flags().GetString(nnsNameFlag)
-	h, vub, err := c.DeleteDomain(name)
-
-	_, err = actor.Wait(h, vub, err)
-	commonCmd.ExitOnErr(cmd, "delete domain error: %w", err)
-	cmd.Println("Domain deleted successfully")
-}
--- a/cmd/frostfs-adm/internal/modules/morph/nns/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/root.go
@ -42,15 +42,6 @@ var (
 		},
 		Run: registerDomain,
 	}
-	deleteCmd = &cobra.Command{
-		Use:   "delete",
-		Short: "Delete a domain by name",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
-		},
-		Run: deleteDomain,
-	}
 	renewCmd = &cobra.Command{
 		Use:   "renew",
 		Short: "Increases domain expiration date",
@ -100,7 +91,6 @@ var (
 func init() {
 	initTokensCmd()
 	initRegisterCmd()
-	initDeleteCmd()
 	initRenewCmd()
 	initUpdateCmd()
 	initAddRecordCmd()
--- a/cmd/frostfs-adm/internal/modules/morph/nns/tokens.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/tokens.go
@ -1,25 +1,15 @@
 package nns

 import (
-	"math/big"
-	"strings"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
-	client "git.frostfs.info/TrueCloudLab/frostfs-contract/rpcclient/nns"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/spf13/cobra"
 )

-const (
-	verboseDesc = "Include additional information about CNAME record."
-)
-
 func initTokensCmd() {
 	Cmd.AddCommand(tokensCmd)
 	tokensCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	tokensCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
-	tokensCmd.Flags().BoolP(commonflags.Verbose, commonflags.VerboseShorthand, false, verboseDesc)
 }

 func listTokens(cmd *cobra.Command, _ []string) {
@ -28,39 +18,7 @@ func listTokens(cmd *cobra.Command, _ []string) {
 	commonCmd.ExitOnErr(cmd, "unable to get tokens: %w", err)
 	for toks, err := it.Next(10); err == nil && len(toks) > 0; toks, err = it.Next(10) {
 		for _, token := range toks {
-			output := string(token)
-			if verbose, _ := cmd.Flags().GetBool(commonflags.Verbose); verbose {
-				cname, err := getCnameRecord(c, token)
-				commonCmd.ExitOnErr(cmd, "", err)
-				if cname != "" {
-					output += " (CNAME: " + cname + ")"
-				}
-			}
-			cmd.Println(output)
+			cmd.Println(string(token))
 		}
 	}
 }
-
-func getCnameRecord(c *client.Contract, token []byte) (string, error) {
-	items, err := c.GetRecords(string(token), big.NewInt(int64(nns.CNAME)))
-
-	// GetRecords returns the error "not an array" if the domain does not contain records.
-	if err != nil && strings.Contains(err.Error(), "not an array") {
-		return "", nil
-	}
-
-	if err != nil {
-		return "", err
-	}
-
-	if len(items) == 0 {
-		return "", nil
-	}
-
-	record, err := items[0].TryBytes()
-	if err != nil {
-		return "", err
-	}
-
-	return string(record), nil
-}
--- a/cmd/frostfs-adm/internal/modules/morph/node/remove.go
+++ b/cmd/frostfs-adm/internal/modules/morph/node/remove.go
@ -37,7 +37,7 @@ func RemoveNodesCmd(cmd *cobra.Command, args []string) error {
 	defer wCtx.Close()

 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
@ -53,7 +53,7 @@ func RemoveNodesCmd(cmd *cobra.Command, args []string) error {
 			int64(netmapcontract.NodeStateOffline), nodeKeys[i].Bytes())
 	}

-	if err := helper.EmitNewEpochCall(bw, wCtx, nmHash, 1); err != nil {
+	if err := helper.EmitNewEpochCall(bw, wCtx, nmHash); err != nil {
 		return err
 	}

--- a/cmd/frostfs-adm/internal/modules/morph/policy/policy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/policy/policy.go
@ -30,7 +30,7 @@ var errInvalidParameterFormat = errors.New("invalid parameter format, must be Pa
 func SetPolicyCmd(cmd *cobra.Command, args []string) error {
 	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
-		return fmt.Errorf("can't initialize context: %w", err)
+		return fmt.Errorf("can't to initialize context: %w", err)
 	}

 	bw := io.NewBufBinWriter()
--- a/cmd/frostfs-adm/internal/modules/morph/proxy/proxy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/proxy/proxy.go
@ -39,11 +39,11 @@ func removeProxyAccount(cmd *cobra.Command, _ []string) {
 func processAccount(cmd *cobra.Command, addr util.Uint160, method string) error {
 	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
-		return fmt.Errorf("can't initialize context: %w", err)
+		return fmt.Errorf("can't to initialize context: %w", err)
 	}

 	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := helper.GetContractByID(r, 1)
+	cs, err := r.GetContractByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/proxy/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/proxy/root.go
@ -30,13 +30,11 @@ var (
 func initProxyAddAccount() {
 	AddAccountCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	AddAccountCmd.Flags().String(accountAddressFlag, "", "Wallet address string")
-	AddAccountCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }

 func initProxyRemoveAccount() {
 	RemoveAccountCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	RemoveAccountCmd.Flags().String(accountAddressFlag, "", "Wallet address string")
-	RemoveAccountCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }

 func init() {
--- a/cmd/frostfs-adm/internal/modules/root.go
+++ b/cmd/frostfs-adm/internal/modules/root.go
@ -5,7 +5,6 @@ import (

 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/metabase"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/storagecfg"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/misc"
@ -42,7 +41,6 @@ func init() {
 	rootCmd.AddCommand(config.RootCmd)
 	rootCmd.AddCommand(morph.RootCmd)
 	rootCmd.AddCommand(storagecfg.RootCmd)
-	rootCmd.AddCommand(metabase.RootCmd)

 	rootCmd.AddCommand(autocomplete.Command("frostfs-adm"))
 	rootCmd.AddCommand(gendoc.Command(rootCmd, gendoc.Options{}))
--- a/cmd/frostfs-cli/internal/client/client.go
+++ b/cmd/frostfs-cli/internal/client/client.go
@ -2,13 +2,10 @@ package internal

 import (
 	"bytes"
-	"cmp"
 	"context"
 	"errors"
 	"fmt"
 	"io"
-	"os"
-	"slices"
 	"sort"
 	"strings"

@ -17,6 +14,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	containerSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 	objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@ -191,6 +189,54 @@ func DeleteContainer(ctx context.Context, prm DeleteContainerPrm) (res DeleteCon
 	return
 }

+// EACLPrm groups parameters of EACL operation.
+type EACLPrm struct {
+	Client       *client.Client
+	ClientParams client.PrmContainerEACL
+}
+
+// EACLRes groups the resulting values of EACL operation.
+type EACLRes struct {
+	cliRes *client.ResContainerEACL
+}
+
+// EACL returns requested eACL table.
+func (x EACLRes) EACL() eacl.Table {
+	return x.cliRes.Table()
+}
+
+// EACL reads eACL table from FrostFS by container ID.
+//
+// Returns any error which prevented the operation from completing correctly in error return.
+func EACL(ctx context.Context, prm EACLPrm) (res EACLRes, err error) {
+	res.cliRes, err = prm.Client.ContainerEACL(ctx, prm.ClientParams)
+
+	return
+}
+
+// SetEACLPrm groups parameters of SetEACL operation.
+type SetEACLPrm struct {
+	Client       *client.Client
+	ClientParams client.PrmContainerSetEACL
+}
+
+// SetEACLRes groups the resulting values of SetEACL operation.
+type SetEACLRes struct{}
+
+// SetEACL requests to save an eACL table in FrostFS.
+//
+// Operation is asynchronous and no guaranteed even in the absence of errors.
+// The required time is also not predictable.
+//
+// Success can be verified by reading by container identifier.
+//
+// Returns any error which prevented the operation from completing correctly in error return.
+func SetEACL(ctx context.Context, prm SetEACLPrm) (res SetEACLRes, err error) {
+	_, err = prm.Client.ContainerSetEACL(ctx, prm.ClientParams)
+
+	return
+}
+
 // NetworkInfoPrm groups parameters of NetworkInfo operation.
 type NetworkInfoPrm struct {
 	Client       *client.Client
@ -565,6 +611,13 @@ type HeadObjectPrm struct {
 	commonObjectPrm
 	objectAddressPrm
 	rawPrm
+
+	mainOnly bool
+}
+
+// SetMainOnlyFlag sets flag to get only main fields of an object header in terms of FrostFS API.
+func (x *HeadObjectPrm) SetMainOnlyFlag(v bool) {
+	x.mainOnly = v
 }

 // HeadObjectRes groups the resulting values of HeadObject operation.
@ -659,7 +712,7 @@ func SearchObjects(ctx context.Context, prm SearchObjectsPrm) (*SearchObjectsRes

 	for {
 		n, ok = rdr.Read(buf)
-		for i := range n {
+		for i := 0; i < n; i++ {
 			list = append(list, buf[i])
 		}
 		if !ok {
@ -839,65 +892,3 @@ func SyncContainerSettings(ctx context.Context, prm SyncContainerPrm) (*SyncCont

 	return new(SyncContainerRes), nil
 }
-
-// PatchObjectPrm groups parameters of PatchObject operation.
-type PatchObjectPrm struct {
-	commonObjectPrm
-	objectAddressPrm
-
-	NewAttributes []objectSDK.Attribute
-
-	ReplaceAttribute bool
-
-	PayloadPatches []PayloadPatch
-}
-
-type PayloadPatch struct {
-	Range objectSDK.Range
-
-	PayloadPath string
-}
-
-type PatchRes struct {
-	OID oid.ID
-}
-
-func Patch(ctx context.Context, prm PatchObjectPrm) (*PatchRes, error) {
-	patchPrm := client.PrmObjectPatch{
-		XHeaders:    prm.xHeaders,
-		BearerToken: prm.bearerToken,
-		Session:     prm.sessionToken,
-		Address:     prm.objAddr,
-	}
-
-	slices.SortFunc(prm.PayloadPatches, func(a, b PayloadPatch) int {
-		return cmp.Compare(a.Range.GetOffset(), b.Range.GetOffset())
-	})
-
-	patcher, err := prm.cli.ObjectPatchInit(ctx, patchPrm)
-	if err != nil {
-		return nil, fmt.Errorf("init payload reading: %w", err)
-	}
-
-	if patcher.PatchAttributes(ctx, prm.NewAttributes, prm.ReplaceAttribute) {
-		for _, pp := range prm.PayloadPatches {
-			payloadFile, err := os.OpenFile(pp.PayloadPath, os.O_RDONLY, os.ModePerm)
-			if err != nil {
-				return nil, err
-			}
-			applied := patcher.PatchPayload(ctx, &pp.Range, payloadFile)
-			_ = payloadFile.Close()
-			if !applied {
-				break
-			}
-		}
-	}
-
-	res, err := patcher.Close(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return &PatchRes{
-		OID: res.ObjectID(),
-	}, nil
-}
--- a/cmd/frostfs-cli/internal/commonflags/flags.go
+++ b/cmd/frostfs-cli/internal/commonflags/flags.go
@ -50,13 +50,6 @@ const (

 	TracingFlag      = "trace"
 	TracingFlagUsage = "Generate trace ID and print it."
-
-	AwaitFlag      = "await"
-	AwaitFlagUsage = "Wait for the operation to complete"
-
-	QuietFlag          = "quiet"
-	QuietFlagShorthand = "q"
-	QuietFlagUsage     = "Print nothing and exit with non-zero code on failure"
 )

 // Init adds common flags to the command:
--- a/cmd/frostfs-cli/internal/key/key_test.go
+++ b/cmd/frostfs-cli/internal/key/key_test.go
@ -24,8 +24,6 @@ var testCmd = &cobra.Command{
 }

 func Test_getOrGenerate(t *testing.T) {
-	t.Cleanup(viper.Reset)
-
 	dir := t.TempDir()

 	wallPath := filepath.Join(dir, "wallet.json")
--- a/cmd/frostfs-cli/modules/bearer/create.go
+++ b/cmd/frostfs-cli/modules/bearer/create.go
@ -15,12 +15,10 @@ import (
 	eaclSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
 )

 const (
 	eaclFlag           = "eacl"
-	apeFlag            = "ape"
 	issuedAtFlag       = "issued-at"
 	notValidBeforeFlag = "not-valid-before"
 	ownerFlag          = "owner"
@ -39,17 +37,10 @@ In this case --` + commonflags.RPC + ` flag should be specified and the epoch in
 is set to current epoch + n.
 `,
 	Run: createToken,
-	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
-		ff := cmd.Flags()
-
-		_ = viper.BindPFlag(commonflags.WalletPath, ff.Lookup(commonflags.WalletPath))
-		_ = viper.BindPFlag(commonflags.Account, ff.Lookup(commonflags.Account))
-	},
 }

 func init() {
-	createCmd.Flags().StringP(eaclFlag, "e", "", "Path to the extended ACL table (mutually exclusive with --impersonate and --ape flag)")
-	createCmd.Flags().StringP(apeFlag, "a", "", "Path to the JSON-encoded APE override (mutually exclusive with --impersonate and --eacl flag)")
+	createCmd.Flags().StringP(eaclFlag, "e", "", "Path to the extended ACL table (mutually exclusive with --impersonate flag)")
 	createCmd.Flags().StringP(issuedAtFlag, "i", "+0", "Epoch to issue token at")
 	createCmd.Flags().StringP(notValidBeforeFlag, "n", "+0", "Not valid before epoch")
 	createCmd.Flags().StringP(commonflags.ExpireAt, "x", "", "The last active epoch for the token")
@ -58,15 +49,13 @@ func init() {
 	createCmd.Flags().Bool(jsonFlag, false, "Output token in JSON")
 	createCmd.Flags().Bool(impersonateFlag, false, "Mark token as impersonate to consider the token signer as the request owner (mutually exclusive with --eacl flag)")
 	createCmd.Flags().StringP(commonflags.RPC, commonflags.RPCShorthand, commonflags.RPCDefault, commonflags.RPCUsage)
-	createCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, commonflags.WalletPathDefault, commonflags.WalletPathUsage)
-	createCmd.Flags().StringP(commonflags.Account, commonflags.AccountShorthand, commonflags.AccountDefault, commonflags.AccountUsage)

-	createCmd.MarkFlagsMutuallyExclusive(eaclFlag, apeFlag, impersonateFlag)
+	createCmd.MarkFlagsMutuallyExclusive(eaclFlag, impersonateFlag)

 	_ = cobra.MarkFlagFilename(createCmd.Flags(), eaclFlag)
-	_ = cobra.MarkFlagFilename(createCmd.Flags(), apeFlag)

 	_ = cobra.MarkFlagRequired(createCmd.Flags(), commonflags.ExpireAt)
+	_ = cobra.MarkFlagRequired(createCmd.Flags(), ownerFlag)
 	_ = cobra.MarkFlagRequired(createCmd.Flags(), outFlag)
 }

@ -107,16 +96,16 @@ func createToken(cmd *cobra.Command, _ []string) {
 			fmt.Errorf("expiration epoch is less than not-valid-before epoch: %d < %d", exp, nvb))
 	}

+	ownerStr, _ := cmd.Flags().GetString(ownerFlag)
+
+	var ownerID user.ID
+	commonCmd.ExitOnErr(cmd, "can't parse recipient: %w", ownerID.DecodeString(ownerStr))
+
 	var b bearer.Token
 	b.SetExp(exp)
 	b.SetNbf(nvb)
 	b.SetIat(iat)
-
-	if ownerStr, _ := cmd.Flags().GetString(ownerFlag); ownerStr != "" {
-		var ownerID user.ID
-		commonCmd.ExitOnErr(cmd, "can't parse recipient: %w", ownerID.DecodeString(ownerStr))
-		b.ForUser(ownerID)
-	}
+	b.ForUser(ownerID)

 	impersonate, _ := cmd.Flags().GetBool(impersonateFlag)
 	b.SetImpersonate(impersonate)
@ -130,14 +119,6 @@ func createToken(cmd *cobra.Command, _ []string) {
 		b.SetEACLTable(*table)
 	}

-	apePath, _ := cmd.Flags().GetString(apeFlag)
-	if apePath != "" {
-		var apeOverride bearer.APEOverride
-		raw, err := os.ReadFile(apePath)
-		commonCmd.ExitOnErr(cmd, "can't read APE rules: %w", err)
-		commonCmd.ExitOnErr(cmd, "can't parse APE rules: %w", json.Unmarshal(raw, &apeOverride))
-		b.SetAPEOverride(apeOverride)
-	}
 	var data []byte

 	toJSON, _ := cmd.Flags().GetBool(jsonFlag)
--- a/cmd/frostfs-cli/modules/bearer/generate_override.go
+++ b/cmd/frostfs-cli/modules/bearer/generate_override.go
@ -1,115 +0,0 @@
-package bearer
-
-import (
-	"errors"
-	"fmt"
-	"os"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
-	parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	apeSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
-	cidSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
-	"github.com/spf13/cobra"
-)
-
-var (
-	errChainIDCannotBeEmpty = errors.New("chain id cannot be empty")
-	errRuleIsNotParsed      = errors.New("rule is not passed")
-)
-
-const (
-	chainIDFlag    = "chain-id"
-	chainIDHexFlag = "chain-id-hex"
-	ruleFlag       = "rule"
-	pathFlag       = "path"
-	outputFlag     = "output"
-)
-
-var generateAPEOverrideCmd = &cobra.Command{
-	Use:   "generate-ape-override",
-	Short: "Generate APE override.",
-	Long: `Generate APE override by target and APE chains. Util command.
-
-Generated APE override can be dumped to a file in JSON format that is passed to
-"create" command.
-`,
-	Run: genereateAPEOverride,
-}
-
-func genereateAPEOverride(cmd *cobra.Command, _ []string) {
-	c := parseChain(cmd)
-
-	targetCID, _ := cmd.Flags().GetString(commonflags.CIDFlag)
-	var cid cidSDK.ID
-	commonCmd.ExitOnErr(cmd, "invalid cid format: %w", cid.DecodeString(targetCID))
-
-	override := &bearer.APEOverride{
-		Target: apeSDK.ChainTarget{
-			TargetType: apeSDK.TargetTypeContainer,
-			Name:       targetCID,
-		},
-		Chains: []apeSDK.Chain{
-			{
-				Raw: c.Bytes(),
-			},
-		},
-	}
-
-	overrideMarshalled, err := override.MarshalJSON()
-	commonCmd.ExitOnErr(cmd, "failed to marshal APE override: %w", err)
-
-	outputPath, _ := cmd.Flags().GetString(outputFlag)
-	if outputPath != "" {
-		err := os.WriteFile(outputPath, []byte(overrideMarshalled), 0o644)
-		commonCmd.ExitOnErr(cmd, "dump error: %w", err)
-	} else {
-		fmt.Print("\n")
-		fmt.Println(string(overrideMarshalled))
-	}
-}
-
-func init() {
-	ff := generateAPEOverrideCmd.Flags()
-
-	ff.StringP(commonflags.CIDFlag, "", "", "Target container ID.")
-	_ = cobra.MarkFlagRequired(createCmd.Flags(), commonflags.CIDFlag)
-
-	ff.StringArray(ruleFlag, []string{}, "Rule statement")
-	ff.String(pathFlag, "", "Path to encoded chain in JSON or binary format")
-	ff.String(chainIDFlag, "", "Assign ID to the parsed chain")
-	ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")
-
-	ff.String(outputFlag, "", "Output path to dump result JSON-encoded APE override")
-	_ = cobra.MarkFlagFilename(createCmd.Flags(), outputFlag)
-}
-
-func parseChainID(cmd *cobra.Command) apechain.ID {
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
-	if chainID == "" {
-		commonCmd.ExitOnErr(cmd, "read chain id error: %w",
-			errChainIDCannotBeEmpty)
-	}
-	return apechain.ID(chainID)
-}
-
-func parseChain(cmd *cobra.Command) *apechain.Chain {
-	chain := new(apechain.Chain)
-
-	if rules, _ := cmd.Flags().GetStringArray(ruleFlag); len(rules) > 0 {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", parseutil.ParseAPEChain(chain, rules))
-	} else if encPath, _ := cmd.Flags().GetString(pathFlag); encPath != "" {
-		commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", parseutil.ParseAPEChainBinaryOrJSON(chain, encPath))
-	} else {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", errRuleIsNotParsed)
-	}
-
-	chain.ID = parseChainID(cmd)
-
-	cmd.Println("Parsed chain:")
-	parseutil.PrintHumanReadableAPEChain(cmd, chain)
-
-	return chain
-}
--- a/cmd/frostfs-cli/modules/bearer/root.go
+++ b/cmd/frostfs-cli/modules/bearer/root.go
@ -11,5 +11,4 @@ var Cmd = &cobra.Command{

 func init() {
 	Cmd.AddCommand(createCmd)
-	Cmd.AddCommand(generateAPEOverrideCmd)
 }
--- a/cmd/frostfs-cli/modules/container/create.go
+++ b/cmd/frostfs-cli/modules/container/create.go
@ -139,7 +139,7 @@ It will be stored in sidechain when inner ring will accepts it.`,
 				},
 			}

-			for range awaitTimeout {
+			for i := 0; i < awaitTimeout; i++ {
 				time.Sleep(1 * time.Second)

 				_, err := internalclient.GetContainer(cmd.Context(), getPrm)
--- a/cmd/frostfs-cli/modules/container/delete.go
+++ b/cmd/frostfs-cli/modules/container/delete.go
@ -110,7 +110,7 @@ Only owner of the container has a permission to remove container.`,
 				},
 			}

-			for range awaitTimeout {
+			for i := 0; i < awaitTimeout; i++ {
 				time.Sleep(1 * time.Second)

 				_, err := internalclient.GetContainer(cmd.Context(), getPrm)
--- a/cmd/frostfs-cli/modules/container/get_eacl.go
+++ b/cmd/frostfs-cli/modules/container/get_eacl.go
@ -0,0 +1,68 @@
+package container
+
+import (
+	"os"
+
+	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
+	"github.com/spf13/cobra"
+)
+
+var getExtendedACLCmd = &cobra.Command{
+	Use:   "get-eacl",
+	Short: "Get extended ACL table of container",
+	Long:  `Get extended ACL table of container`,
+	Run: func(cmd *cobra.Command, _ []string) {
+		id := parseContainerID(cmd)
+		pk := key.GetOrGenerate(cmd)
+		cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
+
+		eaclPrm := internalclient.EACLPrm{
+			Client: cli,
+			ClientParams: client.PrmContainerEACL{
+				ContainerID: &id,
+			},
+		}
+
+		res, err := internalclient.EACL(cmd.Context(), eaclPrm)
+		commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
+
+		eaclTable := res.EACL()
+
+		if containerPathTo == "" {
+			cmd.Println("eACL: ")
+			common.PrettyPrintJSON(cmd, &eaclTable, "eACL")
+
+			return
+		}
+
+		var data []byte
+
+		if containerJSON {
+			data, err = eaclTable.MarshalJSON()
+			commonCmd.ExitOnErr(cmd, "can't encode to JSON: %w", err)
+		} else {
+			data, err = eaclTable.Marshal()
+			commonCmd.ExitOnErr(cmd, "can't encode to binary: %w", err)
+		}
+
+		cmd.Println("dumping data to file:", containerPathTo)
+
+		err = os.WriteFile(containerPathTo, data, 0o644)
+		commonCmd.ExitOnErr(cmd, "could not write eACL to file: %w", err)
+	},
+}
+
+func initContainerGetEACLCmd() {
+	commonflags.Init(getExtendedACLCmd)
+
+	flags := getExtendedACLCmd.Flags()
+
+	flags.StringVar(&containerID, commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
+	flags.StringVar(&containerPathTo, "to", "", "Path to dump encoded container (default: binary encoded)")
+	flags.BoolVar(&containerJSON, commonflags.JSON, false, "Encode EACL table in json format")
+}
--- a/cmd/frostfs-cli/modules/container/list.go
+++ b/cmd/frostfs-cli/modules/container/list.go
@ -1,6 +1,9 @@
 package container

 import (
+	"strings"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
@ -67,6 +70,7 @@ var listContainersCmd = &cobra.Command{
 				continue
 			}

+			cnrID := cnrID
 			prmGet.ClientParams.ContainerID = &cnrID
 			res, err := internalclient.GetContainer(cmd.Context(), prmGet)
 			if err != nil {
@ -81,8 +85,12 @@ var listContainersCmd = &cobra.Command{
 			cmd.Println(cnrID.String())

 			if flagVarListPrintAttr {
-				cnr.IterateUserAttributes(func(key, val string) {
-					cmd.Printf("  %s: %s\n", key, val)
+				cnr.IterateAttributes(func(key, val string) {
+					if !strings.HasPrefix(key, container.SysAttributePrefix) && !strings.HasPrefix(key, container.SysAttributePrefixNeoFS) {
+						// FIXME(@cthulhu-rider): https://git.frostfs.info/TrueCloudLab/frostfs-sdk-go/issues/97
+						//	Use dedicated method to skip system attributes.
+						cmd.Printf("  %s: %s\n", key, val)
+					}
 				})
 			}
 		}
--- a/cmd/frostfs-cli/modules/container/list_objects.go
+++ b/cmd/frostfs-cli/modules/container/list_objects.go
@ -1,6 +1,9 @@
 package container

 import (
+	"strings"
+
+	v2object "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
@ -64,8 +67,14 @@ var listContainerObjectsCmd = &cobra.Command{

 				resHead, err := internalclient.HeadObject(cmd.Context(), prmHead)
 				if err == nil {
-					for _, attr := range resHead.Header().UserAttributes() {
-						cmd.Printf("  %s: %s\n", attr.Key(), attr.Value())
+					attrs := resHead.Header().Attributes()
+					for i := range attrs {
+						attrKey := attrs[i].Key()
+						if !strings.HasPrefix(attrKey, v2object.SysAttributePrefix) && !strings.HasPrefix(attrKey, v2object.SysAttributePrefixNeoFS) {
+							// FIXME(@cthulhu-rider): https://git.frostfs.info/TrueCloudLab/frostfs-sdk-go/issues/97
+							//	Use dedicated method to skip system attributes.
+							cmd.Printf("  %s: %s\n", attrKey, attrs[i].Value())
+						}
 					}
 				} else {
 					cmd.Printf("  failed to read attributes: %v\n", err)
--- a/cmd/frostfs-cli/modules/container/root.go
+++ b/cmd/frostfs-cli/modules/container/root.go
@ -25,6 +25,8 @@ func init() {
 		deleteContainerCmd,
 		listContainerObjectsCmd,
 		getContainerInfoCmd,
+		getExtendedACLCmd,
+		setExtendedACLCmd,
 		containerNodesCmd,
 		policyPlaygroundCmd,
 	}
@ -36,6 +38,8 @@ func init() {
 	initContainerDeleteCmd()
 	initContainerListObjectsCmd()
 	initContainerInfoCmd()
+	initContainerGetEACLCmd()
+	initContainerSetEACLCmd()
 	initContainerNodesCmd()
 	initContainerPolicyPlaygroundCmd()

@ -49,6 +53,7 @@ func init() {
 	}{
 		{createContainerCmd, "PUT"},
 		{deleteContainerCmd, "DELETE"},
+		{setExtendedACLCmd, "SETEACL"},
 	} {
 		commonflags.InitSession(el.cmd, "container "+el.verb)
 	}
--- a/cmd/frostfs-cli/modules/container/set_eacl.go
+++ b/cmd/frostfs-cli/modules/container/set_eacl.go
@ -0,0 +1,108 @@
+package container
+
+import (
+	"bytes"
+	"errors"
+	"time"
+
+	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
+	"github.com/spf13/cobra"
+)
+
+var flagVarsSetEACL struct {
+	noPreCheck bool
+
+	srcPath string
+}
+
+var setExtendedACLCmd = &cobra.Command{
+	Use:   "set-eacl",
+	Short: "Set new extended ACL table for container",
+	Long: `Set new extended ACL table for container.
+Container ID in EACL table will be substituted with ID from the CLI.`,
+	Run: func(cmd *cobra.Command, _ []string) {
+		id := parseContainerID(cmd)
+		eaclTable := common.ReadEACL(cmd, flagVarsSetEACL.srcPath)
+
+		tok := getSession(cmd)
+
+		eaclTable.SetCID(id)
+
+		pk := key.GetOrGenerate(cmd)
+		cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
+
+		if !flagVarsSetEACL.noPreCheck {
+			cmd.Println("Checking the ability to modify access rights in the container...")
+
+			extendable, err := internalclient.IsACLExtendable(cmd.Context(), cli, id)
+			commonCmd.ExitOnErr(cmd, "Extensibility check failure: %w", err)
+
+			if !extendable {
+				commonCmd.ExitOnErr(cmd, "", errors.New("container ACL is immutable"))
+			}
+
+			cmd.Println("ACL extension is enabled in the container, continue processing.")
+		}
+
+		setEACLPrm := internalclient.SetEACLPrm{
+			Client: cli,
+			ClientParams: client.PrmContainerSetEACL{
+				Table:   eaclTable,
+				Session: tok,
+			},
+		}
+
+		_, err := internalclient.SetEACL(cmd.Context(), setEACLPrm)
+		commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
+
+		if containerAwait {
+			exp, err := eaclTable.Marshal()
+			commonCmd.ExitOnErr(cmd, "broken EACL table: %w", err)
+
+			cmd.Println("awaiting...")
+
+			getEACLPrm := internalclient.EACLPrm{
+				Client: cli,
+				ClientParams: client.PrmContainerEACL{
+					ContainerID: &id,
+				},
+			}
+
+			for i := 0; i < awaitTimeout; i++ {
+				time.Sleep(1 * time.Second)
+
+				res, err := internalclient.EACL(cmd.Context(), getEACLPrm)
+				if err == nil {
+					// compare binary values because EACL could have been set already
+					table := res.EACL()
+					got, err := table.Marshal()
+					if err != nil {
+						continue
+					}
+
+					if bytes.Equal(exp, got) {
+						cmd.Println("EACL has been persisted on sidechain")
+						return
+					}
+				}
+			}
+
+			commonCmd.ExitOnErr(cmd, "", errSetEACLTimeout)
+		}
+	},
+}
+
+func initContainerSetEACLCmd() {
+	commonflags.Init(setExtendedACLCmd)
+
+	flags := setExtendedACLCmd.Flags()
+	flags.StringVar(&containerID, commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
+	flags.StringVar(&flagVarsSetEACL.srcPath, "table", "", "path to file with JSON or binary encoded EACL table")
+	flags.BoolVar(&containerAwait, "await", false, "block execution until EACL is persisted")
+	flags.BoolVar(&flagVarsSetEACL.noPreCheck, "no-precheck", false, "do not pre-check the extensibility of the container ACL")
+}
--- a/cmd/frostfs-cli/modules/container/util.go
+++ b/cmd/frostfs-cli/modules/container/util.go
@ -18,8 +18,9 @@ const (
 )

 var (
-	errCreateTimeout = errors.New("timeout: container has not been persisted on sidechain")
-	errDeleteTimeout = errors.New("timeout: container has not been removed from sidechain")
+	errCreateTimeout  = errors.New("timeout: container has not been persisted on sidechain")
+	errDeleteTimeout  = errors.New("timeout: container has not been removed from sidechain")
+	errSetEACLTimeout = errors.New("timeout: EACL has not been persisted on sidechain")
 )

 func parseContainerID(cmd *cobra.Command) cid.ID {
--- a/cmd/frostfs-cli/modules/control/evacuation.go
+++ b/cmd/frostfs-cli/modules/control/evacuation.go
@ -20,10 +20,6 @@ const (
 	awaitFlag      = "await"
 	noProgressFlag = "no-progress"
 	scopeFlag      = "scope"
-	repOneOnlyFlag = "rep-one-only"
-
-	containerWorkerCountFlag = "container-worker-count"
-	objectWorkerCountFlag    = "object-worker-count"

 	scopeAll     = "all"
 	scopeObjects = "objects"
@ -68,18 +64,12 @@ func startEvacuateShard(cmd *cobra.Command, _ []string) {
 	pk := key.Get(cmd)

 	ignoreErrors, _ := cmd.Flags().GetBool(ignoreErrorsFlag)
-	containerWorkerCount, _ := cmd.Flags().GetUint32(containerWorkerCountFlag)
-	objectWorkerCount, _ := cmd.Flags().GetUint32(objectWorkerCountFlag)
-	repOneOnly, _ := cmd.Flags().GetBool(repOneOnlyFlag)

 	req := &control.StartShardEvacuationRequest{
 		Body: &control.StartShardEvacuationRequest_Body{
-			Shard_ID:             getShardIDList(cmd),
-			IgnoreErrors:         ignoreErrors,
-			Scope:                getEvacuationScope(cmd),
-			ContainerWorkerCount: containerWorkerCount,
-			ObjectWorkerCount:    objectWorkerCount,
-			RepOneOnly:           repOneOnly,
+			Shard_ID:     getShardIDList(cmd),
+			IgnoreErrors: ignoreErrors,
+			Scope:        getEvacuationScope(cmd),
 		},
 	}

@ -381,9 +371,6 @@ func initControlStartEvacuationShardCmd() {
 	flags.String(scopeFlag, scopeAll, fmt.Sprintf("Evacuation scope; possible values: %s, %s, %s", scopeTrees, scopeObjects, scopeAll))
 	flags.Bool(awaitFlag, false, "Block execution until evacuation is completed")
 	flags.Bool(noProgressFlag, false, fmt.Sprintf("Print progress if %s provided", awaitFlag))
-	flags.Uint32(containerWorkerCountFlag, 0, "Count of concurrent container evacuation workers")
-	flags.Uint32(objectWorkerCountFlag, 0, "Count of concurrent object evacuation workers")
-	flags.Bool(repOneOnlyFlag, false, "Evacuate objects only from containers with policy 'REP 1 ...'")

 	startEvacuationShardCmd.MarkFlagsMutuallyExclusive(shardIDFlag, shardAllFlag)
 }
--- a/cmd/frostfs-cli/modules/control/healthcheck.go
+++ b/cmd/frostfs-cli/modules/control/healthcheck.go
@ -1,10 +1,7 @@
 package control

 import (
-	"os"
-
 	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
@ -27,7 +24,6 @@ func initControlHealthCheckCmd() {

 	flags := healthCheckCmd.Flags()
 	flags.Bool(healthcheckIRFlag, false, "Communicate with IR node")
-	flags.BoolP(commonflags.QuietFlag, commonflags.QuietFlagShorthand, false, commonflags.QuietFlagUsage)
 	_ = flags.MarkDeprecated(healthcheckIRFlag, "for health check of inner ring nodes, use the 'control ir healthcheck' command instead.")
 }

@ -54,12 +50,6 @@ func healthCheck(cmd *cobra.Command, args []string) {
 	commonCmd.ExitOnErr(cmd, "rpc error: %w", err)

 	verifyResponse(cmd, resp.GetSignature(), resp.GetBody())
-	if quietFlag, _ := cmd.Flags().GetBool(commonflags.QuietFlag); quietFlag {
-		if resp.GetBody().GetHealthStatus() == control.HealthStatus_READY {
-			return
-		}
-		os.Exit(1)
-	}

 	cmd.Printf("Network status: %s\n", resp.GetBody().GetNetmapStatus())
 	cmd.Printf("Health status: %s\n", resp.GetBody().GetHealthStatus())
--- a/cmd/frostfs-cli/modules/control/ir_healthcheck.go
+++ b/cmd/frostfs-cli/modules/control/ir_healthcheck.go
@ -1,10 +1,7 @@
 package control

 import (
-	"os"
-
 	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	ircontrol "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/ir"
@ -21,8 +18,6 @@ var irHealthCheckCmd = &cobra.Command{

 func initControlIRHealthCheckCmd() {
 	initControlFlags(irHealthCheckCmd)
-	flags := irHealthCheckCmd.Flags()
-	flags.BoolP(commonflags.QuietFlag, commonflags.QuietFlagShorthand, false, commonflags.QuietFlagUsage)
 }

 func irHealthCheck(cmd *cobra.Command, _ []string) {
@ -44,12 +39,6 @@ func irHealthCheck(cmd *cobra.Command, _ []string) {
 	commonCmd.ExitOnErr(cmd, "rpc error: %w", err)

 	verifyResponse(cmd, resp.GetSignature(), resp.GetBody())
-	if quietFlag, _ := cmd.Flags().GetBool(commonflags.QuietFlag); quietFlag {
-		if resp.GetBody().GetHealthStatus() == ircontrol.HealthStatus_READY {
-			return
-		}
-		os.Exit(1)
-	}

 	cmd.Printf("Health status: %s\n", resp.GetBody().GetHealthStatus())
 }
--- a/cmd/frostfs-cli/modules/control/list_targets.go
+++ b/cmd/frostfs-cli/modules/control/list_targets.go
@ -13,8 +13,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"github.com/spf13/cobra"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 )

 const (
@ -54,10 +52,6 @@ func listTargets(cmd *cobra.Command, _ []string) {
 		resp, err = control.ListTargetsLocalOverrides(client, req)
 		return err
 	})
-	if err != nil && status.Code(err) == codes.NotFound {
-		cmd.Println("Local overrides are not defined for any target.")
-		return
-	}
 	commonCmd.ExitOnErr(cmd, "rpc error: %w", err)

 	verifyResponse(cmd, resp.GetSignature(), resp.GetBody())
--- a/cmd/frostfs-cli/modules/control/rebuild_shards.go
+++ b/cmd/frostfs-cli/modules/control/rebuild_shards.go
@ -1,88 +0,0 @@
-package control
-
-import (
-	"fmt"
-
-	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
-	"github.com/mr-tron/base58"
-	"github.com/spf13/cobra"
-)
-
-const (
-	fillPercentFlag = "fill_percent"
-)
-
-var shardsRebuildCmd = &cobra.Command{
-	Use:   "rebuild",
-	Short: "Rebuild shards",
-	Long:  "Rebuild reclaims storage occupied by dead objects and adjusts the storage structure according to the configuration (for blobovnicza only now)",
-	Run:   shardsRebuild,
-}
-
-func shardsRebuild(cmd *cobra.Command, _ []string) {
-	pk := key.Get(cmd)
-
-	req := &control.StartShardRebuildRequest{
-		Body: &control.StartShardRebuildRequest_Body{
-			Shard_ID:          getShardIDList(cmd),
-			TargetFillPercent: getFillPercentValue(cmd),
-			ConcurrencyLimit:  getConcurrencyValue(cmd),
-		},
-	}
-
-	signRequest(cmd, pk, req)
-
-	cli := getClient(cmd, pk)
-
-	var resp *control.StartShardRebuildResponse
-	var err error
-	err = cli.ExecRaw(func(client *rawclient.Client) error {
-		resp, err = control.StartShardRebuild(client, req)
-		return err
-	})
-	commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
-
-	verifyResponse(cmd, resp.GetSignature(), resp.GetBody())
-
-	var success, failed uint
-	for _, res := range resp.GetBody().GetResults() {
-		if res.GetSuccess() {
-			success++
-			cmd.Printf("Shard %s: OK\n", base58.Encode(res.GetShard_ID()))
-		} else {
-			failed++
-			cmd.Printf("Shard %s: failed with error %q\n", base58.Encode(res.GetShard_ID()), res.GetError())
-		}
-	}
-	cmd.Printf("Total: %d success, %d failed\n", success, failed)
-}
-
-func getFillPercentValue(cmd *cobra.Command) uint32 {
-	v, _ := cmd.Flags().GetUint32(fillPercentFlag)
-	if v <= 0 || v > 100 {
-		commonCmd.ExitOnErr(cmd, "invalid fill_percent value", fmt.Errorf("fill_percent value must be (0, 100], current value: %d", v))
-	}
-	return v
-}
-
-func getConcurrencyValue(cmd *cobra.Command) uint32 {
-	v, _ := cmd.Flags().GetUint32(concurrencyFlag)
-	if v <= 0 || v > 10000 {
-		commonCmd.ExitOnErr(cmd, "invalid concurrency value", fmt.Errorf("concurrency value must be (0, 10 000], current value: %d", v))
-	}
-	return v
-}
-
-func initControlShardRebuildCmd() {
-	initControlFlags(shardsRebuildCmd)
-
-	flags := shardsRebuildCmd.Flags()
-	flags.StringSlice(shardIDFlag, nil, "List of shard IDs in base58 encoding")
-	flags.Bool(shardAllFlag, false, "Process all shards")
-	flags.Uint32(fillPercentFlag, 80, "Target fill percent to reclaim space")
-	flags.Uint32(concurrencyFlag, 20, "Maximum count of concurrently rebuilding files")
-	setShardModeCmd.MarkFlagsMutuallyExclusive(shardIDFlag, shardAllFlag)
-}
--- a/cmd/frostfs-cli/modules/control/set_netmap_status.go
+++ b/cmd/frostfs-cli/modules/control/set_netmap_status.go
@ -1,10 +1,7 @@
 package control

 import (
-	"crypto/ecdsa"
-	"errors"
 	"fmt"
-	"time"

 	rawclient "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
@ -12,7 +9,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	"github.com/spf13/cobra"
 )

@ -22,13 +18,8 @@ const (
 	netmapStatusOnline      = "online"
 	netmapStatusOffline     = "offline"
 	netmapStatusMaintenance = "maintenance"
-
-	maxSetStatusMaxWaitTime = 30 * time.Minute
-	setStatusWaitTimeout    = 30 * time.Second
 )

-var errNetmapStatusAwaitFailed = errors.New("netmap status hasn't changed for 30 minutes")
-
 var setNetmapStatusCmd = &cobra.Command{
 	Use:   "set-status",
 	Short: "Set status of the storage node in FrostFS network map",
@ -52,8 +43,6 @@ func initControlSetNetmapStatusCmd() {

 	flags.BoolP(commonflags.ForceFlag, commonflags.ForceFlagShorthand, false,
 		"Force turning to local maintenance")
-
-	flags.Bool(commonflags.AwaitFlag, false, commonflags.AwaitFlagUsage)
 }

 func setNetmapStatus(cmd *cobra.Command, _ []string) {
@ -67,27 +56,22 @@ func setNetmapStatus(cmd *cobra.Command, _ []string) {
 		}
 	}

-	await, _ := cmd.Flags().GetBool(commonflags.AwaitFlag)
-	var targetStatus control.NetmapStatus
 	switch st, _ := cmd.Flags().GetString(netmapStatusFlag); st {
 	default:
 		commonCmd.ExitOnErr(cmd, "", fmt.Errorf("unsupported status %s", st))
 	case netmapStatusOnline:
 		body.SetStatus(control.NetmapStatus_ONLINE)
 		printIgnoreForce(control.NetmapStatus_ONLINE)
-		targetStatus = control.NetmapStatus_ONLINE
 	case netmapStatusOffline:
 		body.SetStatus(control.NetmapStatus_OFFLINE)
 		printIgnoreForce(control.NetmapStatus_OFFLINE)
-		targetStatus = control.NetmapStatus_OFFLINE
 	case netmapStatusMaintenance:
 		body.SetStatus(control.NetmapStatus_MAINTENANCE)

 		if force {
-			body.SetForceMaintenance(true)
+			body.SetForceMaintenance()
 			common.PrintVerbose(cmd, "Local maintenance will be forced.")
 		}
-		targetStatus = control.NetmapStatus_MAINTENANCE
 	}

 	req := new(control.SetNetmapStatusRequest)
@ -108,52 +92,4 @@ func setNetmapStatus(cmd *cobra.Command, _ []string) {
 	verifyResponse(cmd, resp.GetSignature(), resp.GetBody())

 	cmd.Println("Network status update request successfully sent.")
-
-	if await {
-		awaitSetNetmapStatus(cmd, pk, cli, targetStatus)
-	}
-}
-
-func awaitSetNetmapStatus(cmd *cobra.Command, pk *ecdsa.PrivateKey, cli *client.Client, targetStatus control.NetmapStatus) {
-	req := &control.GetNetmapStatusRequest{
-		Body: &control.GetNetmapStatusRequest_Body{},
-	}
-	signRequest(cmd, pk, req)
-	var epoch uint64
-	var status control.NetmapStatus
-	startTime := time.Now()
-	cmd.Println("Wait until epoch and netmap status change...")
-	for {
-		var resp *control.GetNetmapStatusResponse
-		var err error
-		err = cli.ExecRaw(func(client *rawclient.Client) error {
-			resp, err = control.GetNetmapStatus(client, req)
-			return err
-		})
-		commonCmd.ExitOnErr(cmd, "failed to get current netmap status: %w", err)
-
-		if epoch == 0 {
-			epoch = resp.GetBody().GetEpoch()
-		}
-
-		status = resp.GetBody().GetStatus()
-		if resp.GetBody().GetEpoch() > epoch {
-			epoch = resp.GetBody().GetEpoch()
-			cmd.Printf("Epoch changed to %d\n", resp.GetBody().GetEpoch())
-		}
-
-		if status == targetStatus {
-			break
-		}
-
-		if time.Since(startTime) > maxSetStatusMaxWaitTime {
-			commonCmd.ExitOnErr(cmd, "failed to wait netmap status: %w", errNetmapStatusAwaitFailed)
-			return
-		}
-
-		time.Sleep(setStatusWaitTimeout)
-
-		cmd.Printf("Current netmap status '%s', target status '%s'\n", status.String(), targetStatus.String())
-	}
-	cmd.Printf("Netmap status changed to '%s' successfully.\n", status.String())
 }
--- a/cmd/frostfs-cli/modules/control/shards.go
+++ b/cmd/frostfs-cli/modules/control/shards.go
@ -19,7 +19,6 @@ func initControlShardsCmd() {
 	shardsCmd.AddCommand(doctorCmd)
 	shardsCmd.AddCommand(writecacheShardCmd)
 	shardsCmd.AddCommand(shardsDetachCmd)
-	shardsCmd.AddCommand(shardsRebuildCmd)

 	initControlShardsListCmd()
 	initControlSetShardModeCmd()
@ -29,5 +28,4 @@ func initControlShardsCmd() {
 	initControlDoctorCmd()
 	initControlShardsWritecacheCmd()
 	initControlShardsDetachCmd()
-	initControlShardRebuildCmd()
 }
--- a/cmd/frostfs-cli/modules/control/shards_list.go
+++ b/cmd/frostfs-cli/modules/control/shards_list.go
@ -61,18 +61,17 @@ func listShards(cmd *cobra.Command, _ []string) {
 	}
 }

-func prettyPrintShardsJSON(cmd *cobra.Command, ii []control.ShardInfo) {
+func prettyPrintShardsJSON(cmd *cobra.Command, ii []*control.ShardInfo) {
 	out := make([]map[string]any, 0, len(ii))
 	for _, i := range ii {
 		out = append(out, map[string]any{
-			"shard_id":               base58.Encode(i.GetShard_ID()),
-			"mode":                   shardModeToString(i.GetMode()),
-			"metabase":               i.GetMetabasePath(),
-			"blobstor":               i.GetBlobstor(),
-			"writecache":             i.GetWritecachePath(),
-			"pilorama":               i.GetPiloramaPath(),
-			"error_count":            i.GetErrorCount(),
-			"evacuation_in_progress": i.GetEvacuationInProgress(),
+			"shard_id":    base58.Encode(i.GetShard_ID()),
+			"mode":        shardModeToString(i.GetMode()),
+			"metabase":    i.GetMetabasePath(),
+			"blobstor":    i.GetBlobstor(),
+			"writecache":  i.GetWritecachePath(),
+			"pilorama":    i.GetPiloramaPath(),
+			"error_count": i.GetErrorCount(),
 		})
 	}

@ -81,10 +80,10 @@ func prettyPrintShardsJSON(cmd *cobra.Command, ii []control.ShardInfo) {
 	enc.SetIndent("", "  ")
 	commonCmd.ExitOnErr(cmd, "cannot shard info to JSON: %w", enc.Encode(out))

-	cmd.Print(buf.String()) // pretty printer emits newline, so no need for Println
+	cmd.Print(buf.String()) // pretty printer emits newline, to no need for Println
 }

-func prettyPrintShards(cmd *cobra.Command, ii []control.ShardInfo) {
+func prettyPrintShards(cmd *cobra.Command, ii []*control.ShardInfo) {
 	for _, i := range ii {
 		pathPrinter := func(name, path string) string {
 			if path == "" {
@ -106,8 +105,7 @@ func prettyPrintShards(cmd *cobra.Command, ii []control.ShardInfo) {
 			sb.String()+
 			pathPrinter("Write-cache", i.GetWritecachePath())+
 			pathPrinter("Pilorama", i.GetPiloramaPath())+
-			fmt.Sprintf("Error count: %d\n", i.GetErrorCount())+
-			fmt.Sprintf("Evacuation in progress: %t\n", i.GetEvacuationInProgress()),
+			fmt.Sprintf("Error count: %d\n", i.GetErrorCount()),
 			base58.Encode(i.GetShard_ID()),
 			shardModeToString(i.GetMode()),
 		)
@ -123,7 +121,7 @@ func shardModeToString(m control.ShardMode) string {
 	return "unknown"
 }

-func sortShardsByID(ii []control.ShardInfo) {
+func sortShardsByID(ii []*control.ShardInfo) {
 	sort.Slice(ii, func(i, j int) bool {
 		return bytes.Compare(ii[i].GetShard_ID(), ii[j].GetShard_ID()) < 0
 	})
--- a/cmd/frostfs-cli/modules/control/shards_set_mode.go
+++ b/cmd/frostfs-cli/modules/control/shards_set_mode.go
@ -117,10 +117,10 @@ func setShardMode(cmd *cobra.Command, _ []string) {
 	req.SetBody(body)

 	body.SetMode(mode)
-	body.SetShard_ID(getShardIDList(cmd))
+	body.SetShardIDList(getShardIDList(cmd))

 	reset, _ := cmd.Flags().GetBool(shardClearErrorsFlag)
-	body.SetResetErrorCounter(reset)
+	body.ClearErrorCounter(reset)

 	signRequest(cmd, pk, req)

--- a/cmd/frostfs-cli/modules/control/util.go
+++ b/cmd/frostfs-cli/modules/control/util.go
@ -44,7 +44,7 @@ func verifyResponse(cmd *cobra.Command,
 		GetSign() []byte
 	},
 	body interface {
-		MarshalProtobuf([]byte) []byte
+		StableMarshal([]byte) []byte
 	},
 ) {
 	if sigControl == nil {
@ -60,7 +60,7 @@ func verifyResponse(cmd *cobra.Command,
 	var sig frostfscrypto.Signature
 	commonCmd.ExitOnErr(cmd, "can't read signature: %w", sig.ReadFromV2(sigV2))

-	if !sig.Verify(body.MarshalProtobuf(nil)) {
+	if !sig.Verify(body.StableMarshal(nil)) {
 		commonCmd.ExitOnErr(cmd, "", errors.New("invalid response signature"))
 	}
 }
--- a/cmd/frostfs-cli/modules/control/writecache.go
+++ b/cmd/frostfs-cli/modules/control/writecache.go
@ -9,12 +9,6 @@ import (
 	"github.com/spf13/cobra"
 )

-const (
-	asyncFlag       = "async"
-	restoreModeFlag = "restore-mode"
-	shrinkFlag      = "shrink"
-)
-
 var writecacheShardCmd = &cobra.Command{
 	Use:   "writecache",
 	Short: "Operations with storage node's write-cache",
@ -32,16 +26,10 @@ func sealWritecache(cmd *cobra.Command, _ []string) {
 	pk := key.Get(cmd)

 	ignoreErrors, _ := cmd.Flags().GetBool(ignoreErrorsFlag)
-	async, _ := cmd.Flags().GetBool(asyncFlag)
-	restoreMode, _ := cmd.Flags().GetBool(restoreModeFlag)
-	shrink, _ := cmd.Flags().GetBool(shrinkFlag)

 	req := &control.SealWriteCacheRequest{Body: &control.SealWriteCacheRequest_Body{
 		Shard_ID:     getShardIDList(cmd),
 		IgnoreErrors: ignoreErrors,
-		Async:        async,
-		RestoreMode:  restoreMode,
-		Shrink:       shrink,
 	}}

 	signRequest(cmd, pk, req)
@ -80,9 +68,6 @@ func initControlShardsWritecacheCmd() {
 	ff.StringSlice(shardIDFlag, nil, "List of shard IDs in base58 encoding")
 	ff.Bool(shardAllFlag, false, "Process all shards")
 	ff.Bool(ignoreErrorsFlag, true, "Skip invalid/unreadable objects")
-	ff.Bool(asyncFlag, false, "Run operation in background")
-	ff.Bool(restoreModeFlag, false, "Restore writecache's mode after sealing")
-	ff.Bool(shrinkFlag, false, "Shrink writecache's internal storage")

 	sealWritecacheShardCmd.MarkFlagsMutuallyExclusive(shardIDFlag, shardAllFlag)
 }
--- a/cmd/frostfs-cli/modules/netmap/nodeinfo.go
+++ b/cmd/frostfs-cli/modules/netmap/nodeinfo.go
@ -49,14 +49,14 @@ func prettyPrintNodeInfo(cmd *cobra.Command, i netmap.NodeInfo) {
 	cmd.Println("key:", hex.EncodeToString(i.PublicKey()))

 	var stateWord string
-	switch i.Status() {
+	switch {
 	default:
 		stateWord = "<undefined>"
-	case netmap.Online:
+	case i.IsOnline():
 		stateWord = "online"
-	case netmap.Offline:
+	case i.IsOffline():
 		stateWord = "offline"
-	case netmap.Maintenance:
+	case i.IsMaintenance():
 		stateWord = "maintenance"
 	}

--- a/cmd/frostfs-cli/modules/object/head.go
+++ b/cmd/frostfs-cli/modules/object/head.go
@ -38,6 +38,7 @@ func initObjectHeadCmd() {
 	_ = objectHeadCmd.MarkFlagRequired(commonflags.OIDFlag)

 	flags.String(fileFlag, "", "File to write header to. Default: stdout.")
+	flags.Bool("main-only", false, "Return only main fields")
 	flags.Bool(commonflags.JSON, false, "Marshal output in JSON")
 	flags.Bool("proto", false, "Marshal output in Protobuf")
 	flags.Bool(rawFlag, false, rawFlagDesc)
@ -48,6 +49,7 @@ func getObjectHeader(cmd *cobra.Command, _ []string) {
 	var obj oid.ID

 	objAddr := readObjectAddress(cmd, &cnr, &obj)
+	mainOnly, _ := cmd.Flags().GetBool("main-only")
 	pk := key.GetOrGenerate(cmd)

 	cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
@ -60,6 +62,7 @@ func getObjectHeader(cmd *cobra.Command, _ []string) {
 	raw, _ := cmd.Flags().GetBool(rawFlag)
 	prm.SetRawFlag(raw)
 	prm.SetAddress(objAddr)
+	prm.SetMainOnlyFlag(mainOnly)

 	res, err := internalclient.HeadObject(cmd.Context(), prm)
 	if err != nil {
--- a/cmd/frostfs-cli/modules/object/nodes.go
+++ b/cmd/frostfs-cli/modules/object/nodes.go
@ -30,14 +30,10 @@ import (
 )

 const (
-	verifyPresenceAllFlag       = "verify-presence-all"
-	preferInternalAddressesFlag = "prefer-internal-addresses"
+	verifyPresenceAllFlag = "verify-presence-all"
 )

-var (
-	errNoAvailableEndpoint    = errors.New("failed to create client: no available endpoint")
-	errMalformedComplexObject = errors.New("object consists of EC and non EC parts")
-)
+var errNoAvailableEndpoint = errors.New("failed to create client: no available endpoint")

 type phyObject struct {
 	containerID               cid.ID
@ -98,7 +94,6 @@ func initObjectNodesCmd() {

 	flags.Bool(verifyPresenceAllFlag, false, "Verify the actual presence of the object on all netmap nodes.")
 	flags.Bool(commonflags.JSON, false, "Print information about the object placement as json.")
-	flags.Bool(preferInternalAddressesFlag, false, "Use internal addresses first to get object info.")
 }

 func objectNodes(cmd *cobra.Command, _ []string) {
@ -172,7 +167,7 @@ func getComplexObjectParts(cmd *cobra.Command, cnrID cid.ID, objID oid.ID, cli *
 func getCompexObjectMembers(cmd *cobra.Command, cnrID cid.ID, objID oid.ID, cli *client.Client, prmHead internalclient.HeadObjectPrm, errSplitInfo *objectSDK.SplitInfoError) []oid.ID {
 	splitInfo := errSplitInfo.SplitInfo()

-	if members, ok := tryGetSplitMembersByLinkingObject(cmd, splitInfo, prmHead, cnrID); ok {
+	if members, ok := tryGetSplitMembersByLinkingObject(cmd, splitInfo, prmHead, cnrID, false); ok {
 		return members
 	}

@ -185,63 +180,29 @@ func getCompexObjectMembers(cmd *cobra.Command, cnrID cid.ID, objID oid.ID, cli

 func flattenComplexMembersIfECContainer(cmd *cobra.Command, cnrID cid.ID, members []oid.ID, prmHead internalclient.HeadObjectPrm) []phyObject {
 	result := make([]phyObject, 0, len(members))
-	var hasNonEC, hasEC bool
-	var resultGuard sync.Mutex
-
-	if len(members) == 0 {
-		return result
-	}
-
+	var addrObj oid.Address
+	addrObj.SetContainer(cnrID)
 	prmHead.SetRawFlag(true) // to get an error instead of whole object
+	for _, partObjID := range members {
+		addrObj.SetObject(partObjID)
+		prmHead.SetAddress(addrObj)

-	eg, egCtx := errgroup.WithContext(cmd.Context())
-	for idx := range len(members) {
-		partObjID := members[idx]
-
-		eg.Go(func() error {
-			partHeadPrm := prmHead
-			var partAddr oid.Address
-			partAddr.SetContainer(cnrID)
-			partAddr.SetObject(partObjID)
-			partHeadPrm.SetAddress(partAddr)
-
-			obj, err := internalclient.HeadObject(egCtx, partHeadPrm)
-			if err != nil {
-				var ecInfoError *objectSDK.ECInfoError
-				if errors.As(err, &ecInfoError) {
-					resultGuard.Lock()
-					defer resultGuard.Unlock()
-					result = append(result, getECObjectChunks(cmd, cnrID, partObjID, ecInfoError)...)
-					hasEC = true
-					return nil
-				}
-				return err
+		_, err := internalclient.HeadObject(cmd.Context(), prmHead)
+		var ecInfoError *objectSDK.ECInfoError
+		if errors.As(err, &ecInfoError) {
+			chunks := getECObjectChunks(cmd, cnrID, partObjID, ecInfoError)
+			result = append(result, chunks...)
+			continue
+		} else if err == nil { // not EC object, so all members must be phy objects
+			for _, member := range members {
+				result = append(result, phyObject{
+					containerID: cnrID,
+					objectID:    member,
+				})
 			}
-
-			if obj.Header().Type() != objectSDK.TypeRegular {
-				commonCmd.ExitOnErr(cmd, "failed to flatten parts of complex object: %w", fmt.Errorf("object '%s' with type '%s' is not supported as part of complex object", partAddr, obj.Header().Type()))
-			}
-
-			if len(obj.Header().Children()) > 0 {
-				// linking object is not data object, so skip it
-				return nil
-			}
-
-			resultGuard.Lock()
-			defer resultGuard.Unlock()
-			result = append(result, phyObject{
-				containerID: cnrID,
-				objectID:    partObjID,
-			})
-			hasNonEC = true
-
-			return nil
-		})
-	}
-
-	commonCmd.ExitOnErr(cmd, "failed to flatten parts of complex object: %w", eg.Wait())
-	if hasEC && hasNonEC {
-		commonCmd.ExitOnErr(cmd, "failed to flatten parts of complex object: %w", errMalformedComplexObject)
+			break
+		}
+		commonCmd.ExitOnErr(cmd, "failed to read EC chunk of complex object: %w", err)
 	}
 	return result
 }
@ -393,6 +354,8 @@ func getActualPlacement(cmd *cobra.Command, netmap *netmapSDK.NetMap, pk *ecdsa.

 	eg, egCtx := errgroup.WithContext(cmd.Context())
 	for _, cand := range candidates {
+		cand := cand
+
 		eg.Go(func() error {
 			cli, err := createClient(egCtx, cmd, cand, pk)
 			if err != nil {
@ -403,6 +366,7 @@ func getActualPlacement(cmd *cobra.Command, netmap *netmapSDK.NetMap, pk *ecdsa.
 			}

 			for _, object := range objects {
+				object := object
 				eg.Go(func() error {
 					stored, err := isObjectStoredOnNode(egCtx, cmd, object.containerID, object.objectID, cli, pk)
 					resultMtx.Lock()
@ -446,20 +410,11 @@ func getNodesToCheckObjectExistance(cmd *cobra.Command, netmap *netmapSDK.NetMap
 func createClient(ctx context.Context, cmd *cobra.Command, candidate netmapSDK.NodeInfo, pk *ecdsa.PrivateKey) (*client.Client, error) {
 	var cli *client.Client
 	var addresses []string
-	if preferInternal, _ := cmd.Flags().GetBool(preferInternalAddressesFlag); preferInternal {
-		candidate.IterateNetworkEndpoints(func(s string) bool {
-			addresses = append(addresses, s)
-			return false
-		})
-		addresses = append(addresses, candidate.ExternalAddresses()...)
-	} else {
-		addresses = append(addresses, candidate.ExternalAddresses()...)
-		candidate.IterateNetworkEndpoints(func(s string) bool {
-			addresses = append(addresses, s)
-			return false
-		})
-	}
-
+	candidate.IterateNetworkEndpoints(func(s string) bool {
+		addresses = append(addresses, s)
+		return false
+	})
+	addresses = append(addresses, candidate.ExternalAddresses()...)
 	var lastErr error
 	for _, address := range addresses {
 		var networkAddr network.Address
@ -503,6 +458,7 @@ func isObjectStoredOnNode(ctx context.Context, cmd *cobra.Command, cnrID cid.ID,
 	if errors.As(err, &notFound) || errors.As(err, &removed) {
 		return false, nil
 	}
+	cmd.Printf("failed to get object %s from client\n", objID.EncodeToString())
 	return false, err
 }

--- a/cmd/frostfs-cli/modules/object/patch.go
+++ b/cmd/frostfs-cli/modules/object/patch.go
@ -1,151 +0,0 @@
-package object
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-
-	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-	objectSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
-	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
-	"github.com/spf13/cobra"
-)
-
-const (
-	newAttrsFlagName     = "new-attrs"
-	replaceAttrsFlagName = "replace-attrs"
-	rangeFlagName        = "range"
-	payloadFlagName      = "payload"
-)
-
-var objectPatchCmd = &cobra.Command{
-	Use:   "patch",
-	Run:   patch,
-	Short: "Patch FrostFS object",
-	Long:  "Patch FrostFS object. Each range passed to the command requires to pass a corresponding patch payload.",
-	Example: `
-frostfs-cli -c config.yml -r 127.0.0.1:8080 object patch --cid <CID> --oid <OID> --new-attrs 'key1=val1,key2=val2' --replace-attrs
-frostfs-cli -c config.yml -r 127.0.0.1:8080 object patch --cid <CID> --oid <OID> --range offX:lnX --payload /path/to/payloadX --range offY:lnY --payload /path/to/payloadY
-frostfs-cli -c config.yml -r 127.0.0.1:8080 object patch --cid <CID> --oid <OID> --new-attrs 'key1=val1,key2=val2' --replace-attrs --range offX:lnX --payload /path/to/payload
-`,
-}
-
-func initObjectPatchCmd() {
-	commonflags.Init(objectPatchCmd)
-	initFlagSession(objectPatchCmd, "PATCH")
-
-	flags := objectPatchCmd.Flags()
-
-	flags.String(commonflags.CIDFlag, "", commonflags.CIDFlagUsage)
-	_ = objectRangeCmd.MarkFlagRequired(commonflags.CIDFlag)
-
-	flags.String(commonflags.OIDFlag, "", commonflags.OIDFlagUsage)
-	_ = objectRangeCmd.MarkFlagRequired(commonflags.OIDFlag)
-
-	flags.String(newAttrsFlagName, "", "New object attributes in form of Key1=Value1,Key2=Value2")
-	flags.Bool(replaceAttrsFlagName, false, "Replace object attributes by new ones.")
-	flags.StringSlice(rangeFlagName, []string{}, "Range to which patch payload is applied. Format: offset:length")
-	flags.StringSlice(payloadFlagName, []string{}, "Path to file with patch payload.")
-}
-
-func patch(cmd *cobra.Command, _ []string) {
-	var cnr cid.ID
-	var obj oid.ID
-
-	objAddr := readObjectAddress(cmd, &cnr, &obj)
-
-	ranges, err := getRangeSlice(cmd)
-	commonCmd.ExitOnErr(cmd, "", err)
-
-	payloads := patchPayloadPaths(cmd)
-
-	if len(ranges) != len(payloads) {
-		commonCmd.ExitOnErr(cmd, "", fmt.Errorf("the number of ranges and payloads are not equal: ranges = %d, payloads = %d", len(ranges), len(payloads)))
-	}
-
-	newAttrs, err := parseNewObjectAttrs(cmd)
-	commonCmd.ExitOnErr(cmd, "can't parse new object attributes: %w", err)
-	replaceAttrs, _ := cmd.Flags().GetBool(replaceAttrsFlagName)
-
-	pk := key.GetOrGenerate(cmd)
-
-	cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
-
-	var prm internalclient.PatchObjectPrm
-	prm.SetClient(cli)
-	Prepare(cmd, &prm)
-	ReadOrOpenSession(cmd, &prm, pk, cnr, nil)
-
-	prm.SetAddress(objAddr)
-	prm.NewAttributes = newAttrs
-	prm.ReplaceAttribute = replaceAttrs
-
-	for i := range ranges {
-		prm.PayloadPatches = append(prm.PayloadPatches, internalclient.PayloadPatch{
-			Range:       ranges[i],
-			PayloadPath: payloads[i],
-		})
-	}
-
-	res, err := internalclient.Patch(cmd.Context(), prm)
-	if err != nil {
-		commonCmd.ExitOnErr(cmd, "can't patch the object: %w", err)
-	}
-	cmd.Println("Patched object ID: ", res.OID.EncodeToString())
-}
-
-func parseNewObjectAttrs(cmd *cobra.Command) ([]objectSDK.Attribute, error) {
-	var rawAttrs []string
-
-	raw := cmd.Flag(newAttrsFlagName).Value.String()
-	if len(raw) != 0 {
-		rawAttrs = strings.Split(raw, ",")
-	}
-
-	attrs := make([]objectSDK.Attribute, len(rawAttrs), len(rawAttrs)+2) // name + timestamp attributes
-	for i := range rawAttrs {
-		k, v, found := strings.Cut(rawAttrs[i], "=")
-		if !found {
-			return nil, fmt.Errorf("invalid attribute format: %s", rawAttrs[i])
-		}
-		attrs[i].SetKey(k)
-		attrs[i].SetValue(v)
-	}
-	return attrs, nil
-}
-
-func getRangeSlice(cmd *cobra.Command) ([]objectSDK.Range, error) {
-	v, _ := cmd.Flags().GetStringSlice(rangeFlagName)
-	if len(v) == 0 {
-		return []objectSDK.Range{}, nil
-	}
-	rs := make([]objectSDK.Range, len(v))
-	for i := range v {
-		before, after, found := strings.Cut(v[i], rangeSep)
-		if !found {
-			return nil, fmt.Errorf("invalid range specifier: %s", v[i])
-		}
-
-		offset, err := strconv.ParseUint(before, 10, 64)
-		if err != nil {
-			return nil, fmt.Errorf("invalid '%s' range offset specifier: %w", v[i], err)
-		}
-		length, err := strconv.ParseUint(after, 10, 64)
-		if err != nil {
-			return nil, fmt.Errorf("invalid '%s' range length specifier: %w", v[i], err)
-		}
-
-		rs[i].SetOffset(offset)
-		rs[i].SetLength(length)
-	}
-	return rs, nil
-}
-
-func patchPayloadPaths(cmd *cobra.Command) []string {
-	v, _ := cmd.Flags().GetStringSlice(payloadFlagName)
-	return v
-}
--- a/cmd/frostfs-cli/modules/object/root.go
+++ b/cmd/frostfs-cli/modules/object/root.go
@ -29,7 +29,6 @@ func init() {
 		objectRangeCmd,
 		objectLockCmd,
 		objectNodesCmd,
-		objectPatchCmd,
 	}

 	Cmd.AddCommand(objectChildCommands...)
@ -40,7 +39,6 @@ func init() {
 	}

 	initObjectPutCmd()
-	initObjectPatchCmd()
 	initObjectDeleteCmd()
 	initObjectGetCmd()
 	initObjectSearchCmd()
--- a/cmd/frostfs-cli/modules/object/util.go
+++ b/cmd/frostfs-cli/modules/object/util.go
@ -306,8 +306,6 @@ func finalizeSession(cmd *cobra.Command, dst SessionPrm, tok *session.Object, ke
 	case *internal.PutObjectPrm:
 		common.PrintVerbose(cmd, "Binding session to object PUT...")
 		tok.ForVerb(session.VerbObjectPut)
-	case *internal.PatchObjectPrm:
-		tok.ForVerb(session.VerbObjectPatch)
 	case *internal.DeleteObjectPrm:
 		common.PrintVerbose(cmd, "Binding session to object DELETE...")
 		tok.ForVerb(session.VerbObjectDelete)
@ -356,7 +354,7 @@ func collectObjectRelatives(cmd *cobra.Command, cli *client.Client, cnr cid.ID,

 	Prepare(cmd, &prmHead)

-	o, err := internal.HeadObject(cmd.Context(), prmHead)
+	_, err := internal.HeadObject(cmd.Context(), prmHead)

 	var errSplit *objectSDK.SplitInfoError
 	var errEC *objectSDK.ECInfoError
@ -366,15 +364,12 @@ func collectObjectRelatives(cmd *cobra.Command, cli *client.Client, cnr cid.ID,
 		commonCmd.ExitOnErr(cmd, "failed to get raw object header: %w", err)
 	case err == nil:
 		common.PrintVerbose(cmd, "Raw header received - object is singular.")
-		if ech := o.Header().ECHeader(); ech != nil {
-			commonCmd.ExitOnErr(cmd, "Lock EC chunk failed: %w", errors.ErrUnsupported)
-		}
 		return nil
 	case errors.As(err, &errSplit):
 		common.PrintVerbose(cmd, "Split information received - object is virtual.")
 		splitInfo := errSplit.SplitInfo()

-		if members, ok := tryGetSplitMembersByLinkingObject(cmd, splitInfo, prmHead, cnr); ok {
+		if members, ok := tryGetSplitMembersByLinkingObject(cmd, splitInfo, prmHead, cnr, true); ok {
 			return members
 		}

@ -390,7 +385,7 @@ func collectObjectRelatives(cmd *cobra.Command, cli *client.Client, cnr cid.ID,
 	return nil
 }

-func tryGetSplitMembersByLinkingObject(cmd *cobra.Command, splitInfo *objectSDK.SplitInfo, prmHead internal.HeadObjectPrm, cnr cid.ID) ([]oid.ID, bool) {
+func tryGetSplitMembersByLinkingObject(cmd *cobra.Command, splitInfo *objectSDK.SplitInfo, prmHead internal.HeadObjectPrm, cnr cid.ID, withLinking bool) ([]oid.ID, bool) {
 	// collect split chain by the descending ease of operations (ease is evaluated heuristically).
 	// If any approach fails, we don't try the next since we assume that it will fail too.

@ -411,7 +406,10 @@ func tryGetSplitMembersByLinkingObject(cmd *cobra.Command, splitInfo *objectSDK.

 			common.PrintVerbose(cmd, "Received split members from the linking object: %v", children)

-			return append(children, idLinking), true
+			if withLinking {
+				return append(children, idLinking), true
+			}
+			return children, true
 		}

 		// linking object is not required for
--- a/cmd/frostfs-cli/modules/tree/add.go
+++ b/cmd/frostfs-cli/modules/tree/add.go
@ -47,10 +47,9 @@ func add(cmd *cobra.Command, _ []string) {
 	meta, err := parseMeta(cmd)
 	commonCmd.ExitOnErr(cmd, "meta data parsing: %w", err)

-	ctx, cancel := contextWithTimeout(cmd)
-	defer cancel()
+	ctx := cmd.Context()

-	cli, err := _client()
+	cli, err := _client(ctx)
 	commonCmd.ExitOnErr(cmd, "failed to create client: %w", err)

 	rawCID := make([]byte, sha256.Size)
@ -73,18 +72,18 @@ func add(cmd *cobra.Command, _ []string) {
 	commonCmd.ExitOnErr(cmd, "signing message: %w", tree.SignMessage(req, pk))

 	resp, err := cli.Add(ctx, req)
-	commonCmd.ExitOnErr(cmd, "failed to call add: %w", err)
+	commonCmd.ExitOnErr(cmd, "failed to cal add: %w", err)

 	cmd.Println("Node ID: ", resp.GetBody().GetNodeId())
 }

-func parseMeta(cmd *cobra.Command) ([]tree.KeyValue, error) {
+func parseMeta(cmd *cobra.Command) ([]*tree.KeyValue, error) {
 	raws, _ := cmd.Flags().GetStringSlice(metaFlagKey)
 	if len(raws) == 0 {
 		return nil, nil
 	}

-	pairs := make([]tree.KeyValue, 0, len(raws))
+	pairs := make([]*tree.KeyValue, 0, len(raws))
 	for i := range raws {
 		k, v, found := strings.Cut(raws[i], "=")
 		if !found {
@ -95,7 +94,7 @@ func parseMeta(cmd *cobra.Command) ([]tree.KeyValue, error) {
 		pair.Key = k
 		pair.Value = []byte(v)

-		pairs = append(pairs, pair)
+		pairs = append(pairs, &pair)
 	}

 	return pairs, nil
--- a/cmd/frostfs-cli/modules/tree/add_by_path.go
+++ b/cmd/frostfs-cli/modules/tree/add_by_path.go
@ -50,10 +50,9 @@ func addByPath(cmd *cobra.Command, _ []string) {
 	commonCmd.ExitOnErr(cmd, "decode container ID string: %w", err)

 	tid, _ := cmd.Flags().GetString(treeIDFlagKey)
-	ctx, cancel := contextWithTimeout(cmd)
-	defer cancel()
+	ctx := cmd.Context()

-	cli, err := _client()
+	cli, err := _client(ctx)
 	commonCmd.ExitOnErr(cmd, "failed to create client: %w", err)

 	rawCID := make([]byte, sha256.Size)
--- a/cmd/frostfs-cli/modules/tree/client.go
+++ b/cmd/frostfs-cli/modules/tree/client.go
@ -3,14 +3,13 @@ package tree
 import (
 	"context"
 	"strings"
+	"time"

-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/network"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/tree"
 	metrics "git.frostfs.info/TrueCloudLab/frostfs-observability/metrics/grpc"
 	tracing "git.frostfs.info/TrueCloudLab/frostfs-observability/tracing/grpc"
-	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
@ -18,7 +17,7 @@ import (

 // _client returns grpc Tree service client. Should be removed
 // after making Tree API public.
-func _client() (tree.TreeServiceClient, error) {
+func _client(ctx context.Context) (tree.TreeServiceClient, error) {
 	var netAddr network.Address
 	err := netAddr.FromString(viper.GetString(commonflags.RPC))
 	if err != nil {
@ -26,6 +25,7 @@ func _client() (tree.TreeServiceClient, error) {
 	}

 	opts := []grpc.DialOption{
+		grpc.WithBlock(),
 		grpc.WithChainUnaryInterceptor(
 			metrics.NewUnaryClientInterceptor(),
 			tracing.NewUnaryClientInteceptor(),
@ -40,14 +40,12 @@ func _client() (tree.TreeServiceClient, error) {
 		opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
 	}

-	cc, err := grpc.NewClient(netAddr.URIAddr(), opts...)
+	// a default connection establishing timeout
+	const defaultClientConnectTimeout = time.Second * 2
+
+	ctx, cancel := context.WithTimeout(ctx, defaultClientConnectTimeout)
+	cc, err := grpc.DialContext(ctx, netAddr.URIAddr(), opts...)
+	cancel()
+
 	return tree.NewTreeServiceClient(cc), err
 }
-
-func contextWithTimeout(cmd *cobra.Command) (context.Context, context.CancelFunc) {
-	if timeout := viper.GetDuration(commonflags.Timeout); timeout > 0 {
-		common.PrintVerbose(cmd, "Set request timeout to %s.", timeout)
-		return context.WithTimeout(cmd.Context(), timeout)
-	}
-	return context.WithTimeout(cmd.Context(), commonflags.TimeoutDefault)
-}
--- a/cmd/frostfs-cli/modules/tree/get_by_path.go
+++ b/cmd/frostfs-cli/modules/tree/get_by_path.go
@ -50,10 +50,9 @@ func getByPath(cmd *cobra.Command, _ []string) {
 	commonCmd.ExitOnErr(cmd, "decode container ID string: %w", err)

 	tid, _ := cmd.Flags().GetString(treeIDFlagKey)
-	ctx, cancel := contextWithTimeout(cmd)
-	defer cancel()
+	ctx := cmd.Context()

-	cli, err := _client()
+	cli, err := _client(ctx)
 	commonCmd.ExitOnErr(cmd, "failed to create client: %w", err)

 	rawCID := make([]byte, sha256.Size)
--- a/cmd/frostfs-cli/modules/tree/get_op_log.go
+++ b/cmd/frostfs-cli/modules/tree/get_op_log.go
@ -44,10 +44,9 @@ func getOpLog(cmd *cobra.Command, _ []string) {
 	commonCmd.ExitOnErr(cmd, "decode container ID string: %w", err)

 	tid, _ := cmd.Flags().GetString(treeIDFlagKey)
-	ctx, cancel := contextWithTimeout(cmd)
-	defer cancel()
+	ctx := cmd.Context()

-	cli, err := _client()
+	cli, err := _client(ctx)
 	commonCmd.ExitOnErr(cmd, "failed to create client: %w", err)

 	rawCID := make([]byte, sha256.Size)
--- a/cmd/frostfs-cli/modules/tree/healthcheck.go
+++ b/cmd/frostfs-cli/modules/tree/healthcheck.go
@ -26,10 +26,9 @@ func initHealthcheckCmd() {

 func healthcheck(cmd *cobra.Command, _ []string) {
 	pk := key.GetOrGenerate(cmd)
-	ctx, cancel := contextWithTimeout(cmd)
-	defer cancel()
+	ctx := cmd.Context()

-	cli, err := _client()
+	cli, err := _client(ctx)
 	commonCmd.ExitOnErr(cmd, "failed to create client: %w", err)

 	req := &tree.HealthcheckRequest{
--- a/cmd/frostfs-cli/modules/tree/list.go
+++ b/cmd/frostfs-cli/modules/tree/list.go
@ -38,10 +38,9 @@ func list(cmd *cobra.Command, _ []string) {
 	err := cnr.DecodeString(cidString)
 	commonCmd.ExitOnErr(cmd, "decode container ID string: %w", err)

-	ctx, cancel := contextWithTimeout(cmd)
-	defer cancel()
+	ctx := cmd.Context()

-	cli, err := _client()
+	cli, err := _client(ctx)
 	commonCmd.ExitOnErr(cmd, "failed to create client: %w", err)

 	rawCID := make([]byte, sha256.Size)
--- a/cmd/frostfs-cli/modules/tree/move.go
+++ b/cmd/frostfs-cli/modules/tree/move.go
@ -45,10 +45,9 @@ func move(cmd *cobra.Command, _ []string) {
 	err := cnr.DecodeString(cidString)
 	commonCmd.ExitOnErr(cmd, "decode container ID string: %w", err)

-	ctx, cancel := contextWithTimeout(cmd)
-	defer cancel()
+	ctx := cmd.Context()

-	cli, err := _client()
+	cli, err := _client(ctx)
 	commonCmd.ExitOnErr(cmd, "failed to create client: %w", err)

 	rawCID := make([]byte, sha256.Size)
@ -67,7 +66,7 @@ func move(cmd *cobra.Command, _ []string) {
 		Body: &tree.GetSubTreeRequest_Body{
 			ContainerId: rawCID,
 			TreeId:      tid,
-			RootId:      []uint64{nid},
+			RootId:      nid,
 			Depth:       1,
 			BearerToken: bt,
 		},
@ -76,7 +75,7 @@ func move(cmd *cobra.Command, _ []string) {
 	resp, err := cli.GetSubTree(ctx, subTreeReq)
 	commonCmd.ExitOnErr(cmd, "rpc call: %w", err)

-	var meta []tree.KeyValue
+	var meta []*tree.KeyValue
 	subtreeResp, err := resp.Recv()
 	for ; err == nil; subtreeResp, err = resp.Recv() {
 		meta = subtreeResp.GetBody().GetMeta()
--- a/cmd/frostfs-cli/modules/tree/remove.go
+++ b/cmd/frostfs-cli/modules/tree/remove.go
@ -41,10 +41,9 @@ func remove(cmd *cobra.Command, _ []string) {
 	err := cnr.DecodeString(cidString)
 	commonCmd.ExitOnErr(cmd, "decode container ID string: %w", err)

-	ctx, cancel := contextWithTimeout(cmd)
-	defer cancel()
+	ctx := cmd.Context()

-	cli, err := _client()
+	cli, err := _client(ctx)
 	commonCmd.ExitOnErr(cmd, "failed to create client: %w", err)

 	rawCID := make([]byte, sha256.Size)
--- a/cmd/frostfs-cli/modules/tree/root.go
+++ b/cmd/frostfs-cli/modules/tree/root.go
@ -49,7 +49,6 @@ const (
 	heightFlagKey = "height"
 	countFlagKey  = "count"
 	depthFlagKey  = "depth"
-	orderFlagKey  = "ordered"
 )

 func initCTID(cmd *cobra.Command) {
--- a/cmd/frostfs-cli/modules/tree/subtree.go
+++ b/cmd/frostfs-cli/modules/tree/subtree.go
@ -30,7 +30,6 @@ func initGetSubtreeCmd() {
 	ff := getSubtreeCmd.Flags()
 	ff.Uint64(rootIDFlagKey, 0, "Root ID to traverse from.")
 	ff.Uint32(depthFlagKey, 10, "Traversal depth.")
-	ff.Bool(orderFlagKey, false, "Sort output by ascending FileName.")

 	_ = getSubtreeCmd.MarkFlagRequired(commonflags.CIDFlag)
 	_ = getSubtreeCmd.MarkFlagRequired(treeIDFlagKey)
@ -46,10 +45,9 @@ func getSubTree(cmd *cobra.Command, _ []string) {
 	err := cnr.DecodeString(cidString)
 	commonCmd.ExitOnErr(cmd, "decode container ID string: %w", err)

-	ctx, cancel := contextWithTimeout(cmd)
-	defer cancel()
+	ctx := cmd.Context()

-	cli, err := _client()
+	cli, err := _client(ctx)
 	commonCmd.ExitOnErr(cmd, "failed to create client: %w", err)

 	rawCID := make([]byte, sha256.Size)
@ -61,13 +59,6 @@ func getSubTree(cmd *cobra.Command, _ []string) {

 	depth, _ := cmd.Flags().GetUint32(depthFlagKey)

-	order, _ := cmd.Flags().GetBool(orderFlagKey)
-
-	bodyOrder := tree.GetSubTreeRequest_Body_Order_None
-	if order {
-		bodyOrder = tree.GetSubTreeRequest_Body_Order_Asc
-	}
-
 	var bt []byte
 	if t := common.ReadBearerToken(cmd, bearerFlagKey); t != nil {
 		bt = t.Marshal()
@ -77,12 +68,9 @@ func getSubTree(cmd *cobra.Command, _ []string) {
 		Body: &tree.GetSubTreeRequest_Body{
 			ContainerId: rawCID,
 			TreeId:      tid,
-			RootId:      []uint64{rid},
+			RootId:      rid,
 			Depth:       depth,
 			BearerToken: bt,
-			OrderBy: &tree.GetSubTreeRequest_Body_Order{
-				Direction: bodyOrder,
-			},
 		},
 	}

@ -95,15 +83,10 @@ func getSubTree(cmd *cobra.Command, _ []string) {
 	for ; err == nil; subtreeResp, err = resp.Recv() {
 		b := subtreeResp.GetBody()

-		if len(b.GetNodeId()) == 1 {
-			cmd.Printf("Node ID: %d\n", b.GetNodeId())
-			cmd.Println("\tParent ID: ", b.GetParentId())
-			cmd.Println("\tTimestamp: ", b.GetTimestamp())
-		} else {
-			cmd.Printf("Node IDs: %v\n", b.GetNodeId())
-			cmd.Println("\tParent IDs: ", b.GetParentId())
-			cmd.Println("\tTimestamps: ", b.GetTimestamp())
-		}
+		cmd.Printf("Node ID: %d\n", b.GetNodeId())
+
+		cmd.Println("\tParent ID: ", b.GetParentId())
+		cmd.Println("\tTimestamp: ", b.GetTimestamp())

 		if meta := b.GetMeta(); len(meta) > 0 {
 			cmd.Println("\tMeta pairs: ")
--- a/cmd/frostfs-cli/modules/util/acl.go
+++ b/cmd/frostfs-cli/modules/util/acl.go
@ -33,7 +33,7 @@ func PrettyPrintTableBACL(cmd *cobra.Command, bacl *acl.Basic) {
 	fmt.Fprintln(w, strings.Join(bits, "\t"))
 	// Footer
 	footer := []string{"X F"}
-	for range 7 {
+	for i := 0; i < 7; i++ {
 		footer = append(footer, "U S O B")
 	}
 	fmt.Fprintln(w, strings.Join(footer, "\t"))
--- a/cmd/frostfs-cli/modules/util/ape.go
+++ b/cmd/frostfs-cli/modules/util/ape.go
@ -239,8 +239,6 @@ func parseAction(lexeme string) ([]string, bool, error) {
 		return []string{nativeschema.MethodRangeObject}, true, nil
 	case "object.hash":
 		return []string{nativeschema.MethodHashObject}, true, nil
-	case "object.patch":
-		return []string{nativeschema.MethodPatchObject}, true, nil
 	case "object.*":
 		return []string{
 			nativeschema.MethodPutObject,
@ -248,9 +246,7 @@ func parseAction(lexeme string) ([]string, bool, error) {
 			nativeschema.MethodHeadObject,
 			nativeschema.MethodDeleteObject,
 			nativeschema.MethodSearchObject,
-			nativeschema.MethodRangeObject,
 			nativeschema.MethodHashObject,
-			nativeschema.MethodPatchObject,
 		}, true, nil
 	case "container.put":
 		return []string{nativeschema.MethodPutContainer}, false, nil
@ -258,6 +254,10 @@ func parseAction(lexeme string) ([]string, bool, error) {
 		return []string{nativeschema.MethodDeleteContainer}, false, nil
 	case "container.get":
 		return []string{nativeschema.MethodGetContainer}, false, nil
+	case "container.setcontainereacl":
+		return []string{nativeschema.MethodSetContainerEACL}, false, nil
+	case "container.getcontainereacl":
+		return []string{nativeschema.MethodGetContainerEACL}, false, nil
 	case "container.list":
 		return []string{nativeschema.MethodListContainers}, false, nil
 	case "container.*":
@ -265,6 +265,8 @@ func parseAction(lexeme string) ([]string, bool, error) {
 			nativeschema.MethodPutContainer,
 			nativeschema.MethodDeleteContainer,
 			nativeschema.MethodGetContainer,
+			nativeschema.MethodSetContainerEACL,
+			nativeschema.MethodGetContainerEACL,
 			nativeschema.MethodListContainers,
 		}, false, nil
 	default:
@ -277,7 +279,7 @@ func parseResource(lexeme string, isObj bool) (string, error) {
 		if isObj {
 			if lexeme == "*" {
 				return nativeschema.ResourceFormatAllObjects, nil
-			} else if lexeme == "/*" || lexeme == "root/*" {
+			} else if lexeme == "/*" {
 				return nativeschema.ResourceFormatRootObjects, nil
 			} else if strings.HasPrefix(lexeme, "/") {
 				lexeme = lexeme[1:]
--- a/cmd/frostfs-cli/modules/util/ape_test.go
+++ b/cmd/frostfs-cli/modules/util/ape_test.go
@ -26,7 +26,7 @@ func TestParseAPERule(t *testing.T) {
 			},
 		},
 		{
-			name: "Valid rule for all objects in implicit root namespace",
+			name: "Valid rule for all objects in root namespace",
 			rule: "allow Object.Put /*",
 			expectRule: policyengine.Rule{
 				Status:    policyengine.Allow,
@ -34,15 +34,6 @@ func TestParseAPERule(t *testing.T) {
 				Resources: policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootObjects}},
 			},
 		},
-		{
-			name: "Valid rule for all objects in explicit root namespace",
-			rule: "allow Object.Put root/*",
-			expectRule: policyengine.Rule{
-				Status:    policyengine.Allow,
-				Actions:   policyengine.Actions{Names: []string{nativeschema.MethodPutObject}},
-				Resources: policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootObjects}},
-			},
-		},
 		{
 			name: "Valid rule for all objects in root namespace and container",
 			rule: "allow Object.Put /cid/*",
--- a/cmd/frostfs-cli/modules/util/convert_eacl.go
+++ b/cmd/frostfs-cli/modules/util/convert_eacl.go
@ -6,17 +6,9 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	apeutil "git.frostfs.info/TrueCloudLab/frostfs-node/internal/ape"
-	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	"github.com/spf13/cobra"
 )

-const (
-	fromFlagStr = "from"
-	toFlagStr   = "to"
-	apeFlagStr  = "ape"
-)
-
 var convertEACLCmd = &cobra.Command{
 	Use:   "eacl",
 	Short: "Convert representation of extended ACL table",
@ -26,35 +18,24 @@ var convertEACLCmd = &cobra.Command{
 func initConvertEACLCmd() {
 	flags := convertEACLCmd.Flags()

-	flags.String(fromFlagStr, "", "File with JSON or binary encoded extended ACL table")
-	_ = convertEACLCmd.MarkFlagFilename(fromFlagStr)
-	_ = convertEACLCmd.MarkFlagRequired(fromFlagStr)
+	flags.String("from", "", "File with JSON or binary encoded extended ACL table")
+	_ = convertEACLCmd.MarkFlagFilename("from")
+	_ = convertEACLCmd.MarkFlagRequired("from")

-	flags.String(toFlagStr, "", "File to dump extended ACL table (default: binary encoded)")
+	flags.String("to", "", "File to dump extended ACL table (default: binary encoded)")
 	flags.Bool(commonflags.JSON, false, "Dump extended ACL table in JSON encoding")
-
-	flags.Bool(apeFlagStr, false, "Dump converted eACL table to APE chain format")
-
-	convertEACLCmd.MarkFlagsMutuallyExclusive(apeFlagStr, commonflags.JSON)
 }

 func convertEACLTable(cmd *cobra.Command, _ []string) {
-	pathFrom := cmd.Flag(fromFlagStr).Value.String()
-	to := cmd.Flag(toFlagStr).Value.String()
+	pathFrom := cmd.Flag("from").Value.String()
+	to := cmd.Flag("to").Value.String()
 	jsonFlag, _ := cmd.Flags().GetBool(commonflags.JSON)
-	apeFlag, _ := cmd.Flags().GetBool(apeFlagStr)

 	table := common.ReadEACL(cmd, pathFrom)

 	var data []byte
 	var err error
-
-	if apeFlag {
-		var ch *chain.Chain
-		ch, err = apeutil.ConvertEACLToAPE(table)
-		commonCmd.ExitOnErr(cmd, "convert eACL table to APE chain error: %w", err)
-		data = ch.Bytes()
-	} else if jsonFlag || len(to) == 0 {
+	if jsonFlag || len(to) == 0 {
 		data, err = table.MarshalJSON()
 		commonCmd.ExitOnErr(cmd, "can't JSON encode extended ACL table: %w", err)
 	} else {
--- a/cmd/frostfs-cli/modules/util/locode.go
+++ b/cmd/frostfs-cli/modules/util/locode.go
@ -0,0 +1,18 @@
+package util
+
+import (
+	"github.com/spf13/cobra"
+)
+
+// locode section.
+var locodeCmd = &cobra.Command{
+	Use:   "locode",
+	Short: "Working with FrostFS UN/LOCODE database",
+}
+
+func initLocodeCmd() {
+	locodeCmd.AddCommand(locodeGenerateCmd, locodeInfoCmd)
+
+	initUtilLocodeInfoCmd()
+	initUtilLocodeGenerateCmd()
+}
--- a/cmd/frostfs-cli/modules/util/locode_generate.go
+++ b/cmd/frostfs-cli/modules/util/locode_generate.go
@ -0,0 +1,96 @@
+package util
+
+import (
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	locodedb "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/locode/db"
+	airportsdb "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/locode/db/airports"
+	locodebolt "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/locode/db/boltdb"
+	continentsdb "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/locode/db/continents/geojson"
+	csvlocode "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/locode/table/csv"
+	"github.com/spf13/cobra"
+)
+
+type namesDB struct {
+	*airportsdb.DB
+	*csvlocode.Table
+}
+
+const (
+	locodeGenerateInputFlag      = "in"
+	locodeGenerateSubDivFlag     = "subdiv"
+	locodeGenerateAirportsFlag   = "airports"
+	locodeGenerateCountriesFlag  = "countries"
+	locodeGenerateContinentsFlag = "continents"
+	locodeGenerateOutputFlag     = "out"
+)
+
+var (
+	locodeGenerateInPaths        []string
+	locodeGenerateSubDivPath     string
+	locodeGenerateAirportsPath   string
+	locodeGenerateCountriesPath  string
+	locodeGenerateContinentsPath string
+	locodeGenerateOutPath        string
+
+	locodeGenerateCmd = &cobra.Command{
+		Use:   "generate",
+		Short: "Generate UN/LOCODE database for FrostFS",
+		Run: func(cmd *cobra.Command, _ []string) {
+			locodeDB := csvlocode.New(
+				csvlocode.Prm{
+					Path:       locodeGenerateInPaths[0],
+					SubDivPath: locodeGenerateSubDivPath,
+				},
+				csvlocode.WithExtraPaths(locodeGenerateInPaths[1:]...),
+			)
+
+			airportDB := airportsdb.New(airportsdb.Prm{
+				AirportsPath:  locodeGenerateAirportsPath,
+				CountriesPath: locodeGenerateCountriesPath,
+			})
+
+			continentsDB := continentsdb.New(continentsdb.Prm{
+				Path: locodeGenerateContinentsPath,
+			})
+
+			targetDB := locodebolt.New(locodebolt.Prm{
+				Path: locodeGenerateOutPath,
+			})
+
+			err := targetDB.Open()
+			commonCmd.ExitOnErr(cmd, "", err)
+
+			defer targetDB.Close()
+
+			names := &namesDB{
+				DB:    airportDB,
+				Table: locodeDB,
+			}
+
+			err = locodedb.FillDatabase(locodeDB, airportDB, continentsDB, names, targetDB)
+			commonCmd.ExitOnErr(cmd, "", err)
+		},
+	}
+)
+
+func initUtilLocodeGenerateCmd() {
+	flags := locodeGenerateCmd.Flags()
+
+	flags.StringSliceVar(&locodeGenerateInPaths, locodeGenerateInputFlag, nil, "List of paths to UN/LOCODE tables (csv)")
+	_ = locodeGenerateCmd.MarkFlagRequired(locodeGenerateInputFlag)
+
+	flags.StringVar(&locodeGenerateSubDivPath, locodeGenerateSubDivFlag, "", "Path to UN/LOCODE subdivision database (csv)")
+	_ = locodeGenerateCmd.MarkFlagRequired(locodeGenerateSubDivFlag)
+
+	flags.StringVar(&locodeGenerateAirportsPath, locodeGenerateAirportsFlag, "", "Path to OpenFlights airport database (csv)")
+	_ = locodeGenerateCmd.MarkFlagRequired(locodeGenerateAirportsFlag)
+
+	flags.StringVar(&locodeGenerateCountriesPath, locodeGenerateCountriesFlag, "", "Path to OpenFlights country database (csv)")
+	_ = locodeGenerateCmd.MarkFlagRequired(locodeGenerateCountriesFlag)
+
+	flags.StringVar(&locodeGenerateContinentsPath, locodeGenerateContinentsFlag, "", "Path to continent polygons (GeoJSON)")
+	_ = locodeGenerateCmd.MarkFlagRequired(locodeGenerateContinentsFlag)
+
+	flags.StringVar(&locodeGenerateOutPath, locodeGenerateOutputFlag, "", "Target path for generated database")
+	_ = locodeGenerateCmd.MarkFlagRequired(locodeGenerateOutputFlag)
+}
--- a/cmd/frostfs-cli/modules/util/locode_info.go
+++ b/cmd/frostfs-cli/modules/util/locode_info.go
@ -0,0 +1,56 @@
+package util
+
+import (
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	locodedb "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/locode/db"
+	locodebolt "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/locode/db/boltdb"
+	"github.com/spf13/cobra"
+)
+
+const (
+	locodeInfoDBFlag   = "db"
+	locodeInfoCodeFlag = "locode"
+)
+
+var (
+	locodeInfoDBPath string
+	locodeInfoCode   string
+
+	locodeInfoCmd = &cobra.Command{
+		Use:   "info",
+		Short: "Print information about UN/LOCODE from FrostFS database",
+		Run: func(cmd *cobra.Command, _ []string) {
+			targetDB := locodebolt.New(locodebolt.Prm{
+				Path: locodeInfoDBPath,
+			}, locodebolt.ReadOnly())
+
+			err := targetDB.Open()
+			commonCmd.ExitOnErr(cmd, "", err)
+
+			defer targetDB.Close()
+
+			record, err := locodedb.LocodeRecord(targetDB, locodeInfoCode)
+			commonCmd.ExitOnErr(cmd, "", err)
+
+			cmd.Printf("Country: %s\n", record.CountryName())
+			cmd.Printf("Location: %s\n", record.LocationName())
+			cmd.Printf("Continent: %s\n", record.Continent())
+			if subDivCode := record.SubDivCode(); subDivCode != "" {
+				cmd.Printf("Subdivision: [%s] %s\n", subDivCode, record.SubDivName())
+			}
+
+			geoPoint := record.GeoPoint()
+			cmd.Printf("Coordinates: %0.2f, %0.2f\n", geoPoint.Latitude(), geoPoint.Longitude())
+		},
+	}
+)
+
+func initUtilLocodeInfoCmd() {
+	flags := locodeInfoCmd.Flags()
+
+	flags.StringVar(&locodeInfoDBPath, locodeInfoDBFlag, "", "Path to FrostFS UN/LOCODE database")
+	_ = locodeInfoCmd.MarkFlagRequired(locodeInfoDBFlag)
+
+	flags.StringVar(&locodeInfoCode, locodeInfoCodeFlag, "", "UN/LOCODE")
+	_ = locodeInfoCmd.MarkFlagRequired(locodeInfoCodeFlag)
+}
--- a/cmd/frostfs-cli/modules/util/root.go
+++ b/cmd/frostfs-cli/modules/util/root.go
@ -23,9 +23,11 @@ func init() {
 		signCmd,
 		convertCmd,
 		keyerCmd,
+		locodeCmd,
 	)

 	initSignCmd()
 	initConvertCmd()
 	initKeyerCmd()
+	initLocodeCmd()
 }
--- a/cmd/frostfs-ir/config.go
+++ b/cmd/frostfs-ir/config.go
@ -7,7 +7,6 @@ import (

 	configViper "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/config"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/internal/logs"
-	control "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control/ir"
 	"github.com/spf13/viper"
 	"go.uber.org/zap"
 )
@ -36,58 +35,28 @@ func reloadConfig() error {
 		return err
 	}
 	cmode.Store(cfg.GetBool("node.kludge_compatibility_mode"))
-	audit.Store(cfg.GetBool("audit.enabled"))
 	err = logPrm.SetLevelString(cfg.GetString("logger.level"))
 	if err != nil {
 		return err
 	}
-	logPrm.PrependTimestamp = cfg.GetBool("logger.timestamp")
-
 	return logPrm.Reload()
 }

 func watchForSignal(cancel func()) {
 	ch := make(chan os.Signal, 1)
-	signal.Notify(ch, syscall.SIGINT, syscall.SIGTERM)
-
-	sighupCh := make(chan os.Signal, 1)
-	signal.Notify(sighupCh, syscall.SIGHUP)
+	signal.Notify(ch, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)

 	for {
 		select {
-		// signals causing application to shut down should have priority over
-		// reconfiguration signal
-		case <-ch:
-			log.Info(logs.FrostFSNodeTerminationSignalHasBeenReceivedStopping)
-			cancel()
-			shutdown()
-			log.Info(logs.FrostFSNodeTerminationSignalProcessingIsComplete)
-			return
-		case err := <-intErr: // internal application error
+		case err := <-intErr:
 			log.Info(logs.FrostFSIRInternalError, zap.String("msg", err.Error()))
 			cancel()
 			shutdown()
 			return
-		default:
-			// block until any signal is receieved
-			select {
-			case <-ch:
-				log.Info(logs.FrostFSNodeTerminationSignalHasBeenReceivedStopping)
-				cancel()
-				shutdown()
-				log.Info(logs.FrostFSNodeTerminationSignalProcessingIsComplete)
-				return
-			case err := <-intErr: // internal application error
-				log.Info(logs.FrostFSIRInternalError, zap.String("msg", err.Error()))
-				cancel()
-				shutdown()
-				return
-			case <-sighupCh:
+		case sig := <-ch:
+			switch sig {
+			case syscall.SIGHUP:
 				log.Info(logs.FrostFSNodeSIGHUPHasBeenReceivedRereadingConfiguration)
-				if !innerRing.CompareAndSwapHealthStatus(control.HealthStatus_READY, control.HealthStatus_RECONFIGURING) {
-					log.Info(logs.FrostFSNodeSIGHUPSkip)
-					break
-				}
 				err := reloadConfig()
 				if err != nil {
 					log.Error(logs.FrostFSNodeConfigurationReading, zap.Error(err))
@ -99,8 +68,13 @@ func watchForSignal(cancel func()) {
 				if err != nil {
 					log.Error(logs.FrostFSNodeConfigurationReading, zap.Error(err))
 				}
-				innerRing.CompareAndSwapHealthStatus(control.HealthStatus_RECONFIGURING, control.HealthStatus_READY)
 				log.Info(logs.FrostFSNodeConfigurationHasBeenReloadedSuccessfully)
+			case syscall.SIGTERM, syscall.SIGINT:
+				log.Info(logs.FrostFSNodeTerminationSignalHasBeenReceivedStopping)
+				cancel()
+				shutdown()
+				log.Info(logs.FrostFSNodeTerminationSignalProcessingIsComplete)
+				return
 			}
 		}
 	}
--- a/cmd/frostfs-ir/defaults.go
+++ b/cmd/frostfs-ir/defaults.go
@ -9,7 +9,6 @@ import (
 func defaultConfiguration(cfg *viper.Viper) {
 	cfg.SetDefault("logger.level", "info")
 	cfg.SetDefault("logger.destination", "stdout")
-	cfg.SetDefault("logger.timestamp", false)

 	setPprofDefaults(cfg)

@ -46,8 +45,6 @@ func defaultConfiguration(cfg *viper.Viper) {
 	cfg.SetDefault("governance.disable", false)

 	cfg.SetDefault("node.kludge_compatibility_mode", false)
-
-	cfg.SetDefault("audit.enabled", false)
 }

 func setControlDefaults(cfg *viper.Viper) {
--- a/cmd/frostfs-ir/main.go
+++ b/cmd/frostfs-ir/main.go
@ -9,11 +9,10 @@ import (
 	"sync/atomic"

 	"git.frostfs.info/TrueCloudLab/frostfs-node/internal/logs"
-	irMetrics "git.frostfs.info/TrueCloudLab/frostfs-node/internal/metrics"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/misc"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
+	irMetrics "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/metrics"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/sdnotify"
 	"github.com/spf13/viper"
 	"go.uber.org/zap"
 )
@ -40,7 +39,6 @@ var (
 	configFile *string
 	configDir  *string
 	cmode      = &atomic.Bool{}
-	audit      = &atomic.Bool{}
 )

 func exitErr(err error) {
@ -79,8 +77,6 @@ func main() {
 	)
 	exitErr(err)
 	logPrm.SamplingHook = metrics.LogMetrics().GetSamplingHook()
-	logPrm.PrependTimestamp = cfg.GetBool("logger.timestamp")
-
 	log, err = logger.NewLogger(logPrm)
 	exitErr(err)

@ -91,9 +87,8 @@ func main() {

 	metricsCmp = newMetricsComponent()
 	metricsCmp.init()
-	audit.Store(cfg.GetBool("audit.enabled"))

-	innerRing, err = innerring.New(ctx, log, cfg, intErr, metrics, cmode, audit)
+	innerRing, err = innerring.New(ctx, log, cfg, intErr, metrics, cmode)
 	exitErr(err)

 	pprofCmp.start()
@ -127,8 +122,4 @@ func shutdown() {
 			zap.String("error", err.Error()),
 		)
 	}
-
-	if err := sdnotify.ClearStatus(); err != nil {
-		log.Error(logs.FailedToReportStatusToSystemd, zap.Error(err))
-	}
 }
--- a/Show more
+++ b/Show more