CHANGELOG.md

@@ -9,30 +9,6 @@ Changelog for FrostFS Node
 ### Removed
 ### Updated
 
-## [v0.44.0] - 2024-25-11 - Rongbuk
-
-### Added
-- Allow to prioritize nodes during GET traversal via attributes (#1439)
-- Add metrics for the frostfsid cache (#1464)
-- Customize constant attributes attached to every tracing span (#1488)
-- Manage additional keys in the `frostfsid` contract (#1505)
-- Describe `--rule` flag in detail for `frostfs-cli ape-manager` subcommands (#1519)
-
-### Changed
-- Support richer interaction with the console in `frostfs-cli container policy-playground` (#1396)
-- Print address in base58 format in `frostfs-adm morph policy set-admin` (#1515)
-
-### Fixed
-- Fix EC object search (#1408)
-- Fix EC object put when one of the nodes is unavailable (#1427)
-
-### Removed
-- Drop most of the eACL-related code (#1425)
-- Remove `--basic-acl` flag from `frostfs-cli container create` (#1483)
-
-### Upgrading from v0.43.0
-The metabase schema has changed completely, resync is required.
-
 ## [v0.42.0]
 
 ### Added

VERSION

@@ -1 +1 @@
-v0.44.0
+v0.42.0

cmd/frostfs-adm/internal/modules/morph/ape/ape.go

@@ -8,7 +8,7 @@ import (
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -200,7 +200,7 @@ func listRuleChains(cmd *cobra.Command, _ []string) {
 
 func setAdmin(cmd *cobra.Command, _ []string) {
 	s, _ := cmd.Flags().GetString(addrAdminFlag)
-	addr, err := address.StringToUint160(s)
+	addr, err := util.Uint160DecodeStringLE(s)
 	commonCmd.ExitOnErr(cmd, "can't decode admin addr: %w", err)
 	pci, ac := newPolicyContractInterface(cmd)
 	h, vub, err := pci.SetAdmin(addr)
@@ -214,7 +214,7 @@ func getAdmin(cmd *cobra.Command, _ []string) {
 	pci, _ := newPolicyContractReaderInterface(cmd)
 	addr, err := pci.GetAdmin()
 	commonCmd.ExitOnErr(cmd, "unable to get admin: %w", err)
-	cmd.Println(address.Uint160ToString(addr))
+	cmd.Println(addr.StringLE())
 }
 
 func listTargets(cmd *cobra.Command, _ []string) {

cmd/frostfs-adm/internal/modules/morph/ape/ape_util.go

@@ -53,15 +53,16 @@ func (n *invokerAdapter) GetRPCInvoker() invoker.RPCInvoke {
 }
 
 func newPolicyContractReaderInterface(cmd *cobra.Command) (*morph.ContractStorageReader, *invoker.Invoker) {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
 
 	inv := invoker.New(c, nil)
+	var ch util.Uint160
 	r := management.NewReader(inv)
 	nnsCs, err := helper.GetContractByID(r, 1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
 
-	ch, err := helper.NNSResolveHash(inv, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
+	ch, err = helper.NNSResolveHash(inv, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
 	commonCmd.ExitOnErr(cmd, "unable to resolve policy contract hash: %w", err)
 
 	invokerAdapter := &invokerAdapter{
@@ -73,7 +74,7 @@ func newPolicyContractReaderInterface(cmd *cobra.Command) (*morph.ContractStorag
 }
 
 func newPolicyContractInterface(cmd *cobra.Command) (*morph.ContractStorage, *helper.LocalActor) {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
 
 	ac, err := helper.NewLocalActor(cmd, c, constants.ConsensusAccountName)

cmd/frostfs-adm/internal/modules/morph/balance/balance.go

@@ -51,7 +51,7 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {
 		nmHash          util.Uint160
 	)
 
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return err
 	}

cmd/frostfs-adm/internal/modules/morph/config/config.go

@@ -26,7 +26,7 @@ import (
 const forceConfigSet = "force"
 
 func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}

cmd/frostfs-adm/internal/modules/morph/container/container.go

@@ -76,7 +76,7 @@ func dumpContainers(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("invalid filename: %w", err)
 	}
 
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@@ -157,7 +157,7 @@ func dumpSingleContainer(bw *io.BufBinWriter, ch util.Uint160, inv *invoker.Invo
 }
 
 func listContainers(cmd *cobra.Command, _ []string) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}

cmd/frostfs-adm/internal/modules/morph/contract/dump_hashes.go

@@ -36,7 +36,7 @@ type contractDumpInfo struct {
 }
 
 func dumpContractHashes(cmd *cobra.Command, _ []string) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}

cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid.go

@@ -1,6 +1,7 @@
 package frostfsid
 
 import (
+	"errors"
 	"fmt"
 	"math/big"
 	"sort"
@@ -60,6 +61,7 @@ var (
 		Use:   "list-namespaces",
 		Short: "List all namespaces in frostfsid",
 		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListNamespaces,
@@ -89,6 +91,7 @@ var (
 		Use:   "list-subjects",
 		Short: "List subjects in namespace",
 		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListSubjects,
@@ -118,6 +121,7 @@ var (
 		Use:   "list-groups",
 		Short: "List groups in namespace",
 		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListGroups,
@@ -147,6 +151,7 @@ var (
 		Use:   "list-group-subjects",
 		Short: "List subjects in group",
 		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListGroupSubjects,
@@ -164,6 +169,7 @@ func initFrostfsIDCreateNamespaceCmd() {
 func initFrostfsIDListNamespacesCmd() {
 	Cmd.AddCommand(frostfsidListNamespacesCmd)
 	frostfsidListNamespacesCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidListNamespacesCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 
 func initFrostfsIDCreateSubjectCmd() {
@@ -187,6 +193,7 @@ func initFrostfsIDListSubjectsCmd() {
 	frostfsidListSubjectsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidListSubjectsCmd.Flags().String(namespaceFlag, "", "Namespace to list subjects")
 	frostfsidListSubjectsCmd.Flags().Bool(includeNamesFlag, false, "Whether include subject name (require additional requests)")
+	frostfsidListSubjectsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 
 func initFrostfsIDCreateGroupCmd() {
@@ -210,6 +217,7 @@ func initFrostfsIDListGroupsCmd() {
 	Cmd.AddCommand(frostfsidListGroupsCmd)
 	frostfsidListGroupsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidListGroupsCmd.Flags().String(namespaceFlag, "", "Namespace to list groups")
+	frostfsidListGroupsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 
 func initFrostfsIDAddSubjectToGroupCmd() {
@@ -234,6 +242,7 @@ func initFrostfsIDListGroupSubjectsCmd() {
 	frostfsidListGroupSubjectsCmd.Flags().String(namespaceFlag, "", "Namespace name")
 	frostfsidListGroupSubjectsCmd.Flags().Int64(groupIDFlag, 0, "Group id")
 	frostfsidListGroupSubjectsCmd.Flags().Bool(includeNamesFlag, false, "Whether include subject name (require additional requests)")
+	frostfsidListGroupSubjectsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 
 func frostfsidCreateNamespace(cmd *cobra.Command, _ []string) {
@@ -488,6 +497,10 @@ func (f *frostfsidClient) sendWaitRes() (*state.AppExecResult, error) {
 	}
 	f.bw.Reset()
 
+	if len(f.wCtx.SentTxs) == 0 {
+		return nil, errors.New("no transactions to wait")
+	}
+
 	f.wCtx.Command.Println("Waiting for transactions to persist...")
 	return f.roCli.Wait(f.wCtx.SentTxs[0].Hash, f.wCtx.SentTxs[0].Vub, nil)
 }
@@ -509,7 +522,7 @@ func readIterator(inv *invoker.Invoker, iter *result.Iterator, batchSize int, se
 }
 
 func initInvoker(cmd *cobra.Command) (*invoker.Invoker, *state.Contract, util.Uint160) {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client: %w", err)
 
 	inv := invoker.New(c, nil)

cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid_util_test.go

@@ -1,12 +1,59 @@
 package frostfsid
 
 import (
+	"encoding/hex"
 	"testing"
 
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/internal/ape"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 )
 
+func TestFrostfsIDConfig(t *testing.T) {
+	pks := make([]*keys.PrivateKey, 4)
+	for i := range pks {
+		pk, err := keys.NewPrivateKey()
+		require.NoError(t, err)
+		pks[i] = pk
+	}
+
+	fmts := []string{
+		pks[0].GetScriptHash().StringLE(),
+		address.Uint160ToString(pks[1].GetScriptHash()),
+		hex.EncodeToString(pks[2].PublicKey().UncompressedBytes()),
+		hex.EncodeToString(pks[3].PublicKey().Bytes()),
+	}
+
+	for i := range fmts {
+		v := viper.New()
+		v.Set("frostfsid.admin", fmts[i])
+
+		actual, found, err := helper.GetFrostfsIDAdmin(v)
+		require.NoError(t, err)
+		require.True(t, found)
+		require.Equal(t, pks[i].GetScriptHash(), actual)
+	}
+
+	t.Run("bad key", func(t *testing.T) {
+		v := viper.New()
+		v.Set("frostfsid.admin", "abc")
+
+		_, found, err := helper.GetFrostfsIDAdmin(v)
+		require.Error(t, err)
+		require.True(t, found)
+	})
+	t.Run("missing key", func(t *testing.T) {
+		v := viper.New()
+
+		_, found, err := helper.GetFrostfsIDAdmin(v)
+		require.NoError(t, err)
+		require.False(t, found)
+	})
+}
+
 func TestNamespaceRegexp(t *testing.T) {
 	for _, tc := range []struct {
 		name      string

cmd/frostfs-adm/internal/modules/morph/helper/actor.go

@@ -38,7 +38,20 @@ func NewLocalActor(cmd *cobra.Command, c actor.RPCActor, accName string) (*Local
 	walletDir := config.ResolveHomePath(viper.GetString(commonflags.AlphabetWalletsFlag))
 	var act *actor.Actor
 	var accounts []*wallet.Account
-
+	if walletDir == "" {
+		account, err := wallet.NewAccount()
+		commonCmd.ExitOnErr(cmd, "unable to create dummy account: %w", err)
+		act, err = actor.New(c, []actor.SignerAccount{{
+			Signer: transaction.Signer{
+				Account: account.Contract.ScriptHash(),
+				Scopes:  transaction.Global,
+			},
+			Account: account,
+		}})
+		if err != nil {
+			return nil, err
+		}
+	} else {
 		wallets, err := GetAlphabetWallets(viper.GetViper(), walletDir)
 		commonCmd.ExitOnErr(cmd, "unable to get alphabet wallets: %w", err)
 
@@ -57,6 +70,7 @@ func NewLocalActor(cmd *cobra.Command, c actor.RPCActor, accName string) (*Local
 		if err != nil {
 			return nil, err
 		}
+	}
 	return &LocalActor{
 		neoActor:   act,
 		accounts:   accounts,

cmd/frostfs-adm/internal/modules/morph/helper/contract.go

@@ -82,7 +82,7 @@ func GetContractDeployData(c *InitializeContext, ctrName string, keysParam []any
 			h, found, err = getFrostfsIDAdminFromContract(c.ReadOnlyInvoker)
 		}
 		if method != constants.UpdateMethodName || err == nil && !found {
-			h, found, err = getFrostfsIDAdmin(viper.GetViper())
+			h, found, err = GetFrostfsIDAdmin(viper.GetViper())
 		}
 		if err != nil {
 			return nil, err

cmd/frostfs-adm/internal/modules/morph/helper/frostfsid.go

@@ -11,7 +11,7 @@ import (
 
 const frostfsIDAdminConfigKey = "frostfsid.admin"
 
-func getFrostfsIDAdmin(v *viper.Viper) (util.Uint160, bool, error) {
+func GetFrostfsIDAdmin(v *viper.Viper) (util.Uint160, bool, error) {
 	admin := v.GetString(frostfsIDAdminConfigKey)
 	if admin == "" {
 		return util.Uint160{}, false, nil

cmd/frostfs-adm/internal/modules/morph/helper/frostfsid_test.go

@@ -1,53 +0,0 @@
-package helper
-
-import (
-	"encoding/hex"
-	"testing"
-
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
-	"github.com/spf13/viper"
-	"github.com/stretchr/testify/require"
-)
-
-func TestFrostfsIDConfig(t *testing.T) {
-	pks := make([]*keys.PrivateKey, 4)
-	for i := range pks {
-		pk, err := keys.NewPrivateKey()
-		require.NoError(t, err)
-		pks[i] = pk
-	}
-
-	fmts := []string{
-		pks[0].GetScriptHash().StringLE(),
-		address.Uint160ToString(pks[1].GetScriptHash()),
-		hex.EncodeToString(pks[2].PublicKey().UncompressedBytes()),
-		hex.EncodeToString(pks[3].PublicKey().Bytes()),
-	}
-
-	for i := range fmts {
-		v := viper.New()
-		v.Set("frostfsid.admin", fmts[i])
-
-		actual, found, err := getFrostfsIDAdmin(v)
-		require.NoError(t, err)
-		require.True(t, found)
-		require.Equal(t, pks[i].GetScriptHash(), actual)
-	}
-
-	t.Run("bad key", func(t *testing.T) {
-		v := viper.New()
-		v.Set("frostfsid.admin", "abc")
-
-		_, found, err := getFrostfsIDAdmin(v)
-		require.Error(t, err)
-		require.True(t, found)
-	})
-	t.Run("missing key", func(t *testing.T) {
-		v := viper.New()
-
-		_, found, err := getFrostfsIDAdmin(v)
-		require.NoError(t, err)
-		require.False(t, found)
-	})
-}

cmd/frostfs-adm/internal/modules/morph/helper/initialize_ctx.go

@@ -134,12 +134,12 @@ func NewInitializeContext(cmd *cobra.Command, v *viper.Viper) (*InitializeContex
 		return nil, err
 	}
 
-	accounts, err := getSingleAccounts(wallets)
+	accounts, err := createWalletAccounts(wallets)
 	if err != nil {
 		return nil, err
 	}
 
-	cliCtx, err := defaultClientContext(c, committeeAcc)
+	cliCtx, err := DefaultClientContext(c, committeeAcc)
 	if err != nil {
 		return nil, fmt.Errorf("client context: %w", err)
 	}
@@ -191,7 +191,7 @@ func createClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet)
 		}
 		c, err = NewLocalClient(cmd, v, wallets, ldf.Value.String())
 	} else {
-		c, err = NewRemoteClient(v)
+		c, err = GetN3Client(v)
 	}
 	if err != nil {
 		return nil, fmt.Errorf("can't create N3 client: %w", err)
@@ -211,7 +211,7 @@ func getContractsPath(cmd *cobra.Command, needContracts bool) (string, error) {
 	return ctrPath, nil
 }
 
-func getSingleAccounts(wallets []*wallet.Wallet) ([]*wallet.Account, error) {
+func createWalletAccounts(wallets []*wallet.Wallet) ([]*wallet.Account, error) {
 	accounts := make([]*wallet.Account, len(wallets))
 	for i, w := range wallets {
 		acc, err := GetWalletAccount(w, constants.SingleAccountName)

cmd/frostfs-adm/internal/modules/morph/helper/local_client.go

@@ -58,30 +58,35 @@ func NewLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet
 		return nil, err
 	}
 
-	go bc.Run()
+	m := smartcontract.GetDefaultHonestNodeCount(int(cfg.ProtocolConfiguration.ValidatorsCount))
-
+	accounts := make([]*wallet.Account, len(wallets))
-	accounts, err := getBlockSigningAccounts(cfg.ProtocolConfiguration, wallets)
+	for i := range accounts {
+		accounts[i], err = GetWalletAccount(wallets[i], constants.ConsensusAccountName)
 		if err != nil {
 			return nil, err
 		}
+	}
+
+	indexMap := make(map[string]int)
+	for i, pub := range cfg.ProtocolConfiguration.StandbyCommittee {
+		indexMap[pub] = i
+	}
+
+	sort.Slice(accounts, func(i, j int) bool {
+		pi := accounts[i].PrivateKey().PublicKey().Bytes()
+		pj := accounts[j].PrivateKey().PublicKey().Bytes()
+		return indexMap[string(pi)] < indexMap[string(pj)]
+	})
+	sort.Slice(accounts[:cfg.ProtocolConfiguration.ValidatorsCount], func(i, j int) bool {
+		return accounts[i].PublicKey().Cmp(accounts[j].PublicKey()) == -1
+	})
+
+	go bc.Run()
 
 	if cmd.Name() != "init" {
-		if err := restoreDump(bc, dumpPath); err != nil {
-			return nil, fmt.Errorf("restore dump: %w", err)
-		}
-	}
-
-	return &LocalClient{
-		bc:       bc,
-		dumpPath: dumpPath,
-		accounts: accounts,
-	}, nil
-}
-
-func restoreDump(bc *core.Blockchain, dumpPath string) error {
 		f, err := os.OpenFile(dumpPath, os.O_RDONLY, 0o600)
 		if err != nil {
-		return fmt.Errorf("can't open local dump: %w", err)
+			return nil, fmt.Errorf("can't open local dump: %w", err)
 		}
 		defer f.Close()
 
@@ -94,37 +99,15 @@ func restoreDump(bc *core.Blockchain, dumpPath string) error {
 
 		count := r.ReadU32LE() - skip
 		if err := chaindump.Restore(bc, r, skip, count, nil); err != nil {
-		return err
+			return nil, fmt.Errorf("can't restore local dump: %w", err)
 		}
-	return nil
-}
-
-func getBlockSigningAccounts(cfg config.ProtocolConfiguration, wallets []*wallet.Wallet) ([]*wallet.Account, error) {
-	accounts := make([]*wallet.Account, len(wallets))
-	for i := range accounts {
-		acc, err := GetWalletAccount(wallets[i], constants.ConsensusAccountName)
-		if err != nil {
-			return nil, err
-		}
-		accounts[i] = acc
 	}
 
-	indexMap := make(map[string]int)
+	return &LocalClient{
-	for i, pub := range cfg.StandbyCommittee {
+		bc:       bc,
-		indexMap[pub] = i
+		dumpPath: dumpPath,
-	}
+		accounts: accounts[:m],
-
+	}, nil
-	sort.Slice(accounts, func(i, j int) bool {
-		pi := accounts[i].PrivateKey().PublicKey().Bytes()
-		pj := accounts[j].PrivateKey().PublicKey().Bytes()
-		return indexMap[string(pi)] < indexMap[string(pj)]
-	})
-	sort.Slice(accounts[:cfg.ValidatorsCount], func(i, j int) bool {
-		return accounts[i].PublicKey().Cmp(accounts[j].PublicKey()) == -1
-	})
-
-	m := smartcontract.GetDefaultHonestNodeCount(int(cfg.ValidatorsCount))
-	return accounts[:m], nil
 }
 
 func (l *LocalClient) GetBlockCount() (uint32, error) {
@@ -145,6 +128,11 @@ func (l *LocalClient) GetApplicationLog(h util.Uint256, t *trigger.Type) (*resul
 	return &a, nil
 }
 
+func (l *LocalClient) GetCommittee() (keys.PublicKeys, error) {
+	// not used by `morph init` command
+	panic("unexpected call")
+}
+
 // InvokeFunction is implemented via `InvokeScript`.
 func (l *LocalClient) InvokeFunction(h util.Uint160, method string, sPrm []smartcontract.Parameter, ss []transaction.Signer) (*result.Invoke, error) {
 	var err error
@@ -308,7 +296,13 @@ func (l *LocalClient) InvokeScript(script []byte, signers []transaction.Signer)
 }
 
 func (l *LocalClient) SendRawTransaction(tx *transaction.Transaction) (util.Uint256, error) {
-	tx = tx.Copy()
+	// We need to test that transaction was formed correctly to catch as many errors as we can.
+	bs := tx.Bytes()
+	_, err := transaction.NewTransactionFromBytes(bs)
+	if err != nil {
+		return tx.Hash(), fmt.Errorf("invalid transaction: %w", err)
+	}
+
 	l.transactions = append(l.transactions, tx)
 	return tx.Hash(), nil
 }

cmd/frostfs-adm/internal/modules/morph/helper/n3client.go

@@ -10,6 +10,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/neorpc/result"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
@@ -24,10 +25,15 @@ import (
 // Client represents N3 client interface capable of test-invoking scripts
 // and sending signed transactions to chain.
 type Client interface {
-	actor.RPCActor
+	invoker.RPCInvoke
 
+	GetBlockCount() (uint32, error)
 	GetNativeContracts() ([]state.Contract, error)
 	GetApplicationLog(util.Uint256, *trigger.Type) (*result.ApplicationLog, error)
+	GetVersion() (*result.Version, error)
+	SendRawTransaction(*transaction.Transaction) (util.Uint256, error)
+	GetCommittee() (keys.PublicKeys, error)
+	CalculateNetworkFee(tx *transaction.Transaction) (int64, error)
 }
 
 type HashVUBPair struct {
@@ -42,7 +48,7 @@ type ClientContext struct {
 	SentTxs         []HashVUBPair
 }
 
-func NewRemoteClient(v *viper.Viper) (Client, error) {
+func GetN3Client(v *viper.Viper) (Client, error) {
 	// number of opened connections
 	// by neo-go client per one host
 	const (
@@ -82,14 +88,8 @@ func NewRemoteClient(v *viper.Viper) (Client, error) {
 	return c, nil
 }
 
-func defaultClientContext(c Client, committeeAcc *wallet.Account) (*ClientContext, error) {
+func DefaultClientContext(c Client, committeeAcc *wallet.Account) (*ClientContext, error) {
-	commAct, err := actor.New(c, []actor.SignerAccount{{
+	commAct, err := NewActor(c, committeeAcc)
-		Signer: transaction.Signer{
-			Account: committeeAcc.Contract.ScriptHash(),
-			Scopes:  transaction.Global,
-		},
-		Account: committeeAcc,
-	}})
 	if err != nil {
 		return nil, err
 	}

cmd/frostfs-adm/internal/modules/morph/helper/util.go

@@ -15,8 +15,10 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
+	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/viper"
@@ -85,6 +87,16 @@ func openAlphabetWallets(v *viper.Viper, walletDir string) ([]*wallet.Wallet, er
 	return wallets, nil
 }
 
+func NewActor(c actor.RPCActor, committeeAcc *wallet.Account) (*actor.Actor, error) {
+	return actor.New(c, []actor.SignerAccount{{
+		Signer: transaction.Signer{
+			Account: committeeAcc.Contract.ScriptHash(),
+			Scopes:  transaction.Global,
+		},
+		Account: committeeAcc,
+	}})
+}
+
 func ReadContract(ctrPath, ctrName string) (*ContractState, error) {
 	rawNef, err := os.ReadFile(filepath.Join(ctrPath, ctrName+"_contract.nef"))
 	if err != nil {

cmd/frostfs-adm/internal/modules/morph/netmap/netmap_candidates.go

@@ -13,7 +13,7 @@ import (
 )
 
 func listNetmapCandidatesNodes(cmd *cobra.Command, _ []string) {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client: %w", err)
 
 	inv := invoker.New(c, nil)

cmd/frostfs-adm/internal/modules/morph/netmap/root.go

@@ -12,6 +12,7 @@ var (
 		Short: "List netmap candidates nodes",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 		},
 		Run: listNetmapCandidatesNodes,
 	}

cmd/frostfs-adm/internal/modules/morph/nns/domains.go

@@ -24,7 +24,7 @@ func initRegisterCmd() {
 }
 
 func registerDomain(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
+	c, actor, _ := getRPCClient(cmd)
 
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	email, _ := cmd.Flags().GetString(nnsEmailFlag)
@@ -53,7 +53,7 @@ func initDeleteCmd() {
 }
 
 func deleteDomain(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
+	c, actor, _ := getRPCClient(cmd)
 
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	h, vub, err := c.DeleteDomain(name)

cmd/frostfs-adm/internal/modules/morph/nns/helper.go

@@ -5,15 +5,15 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
+	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 
-func nnsWriter(cmd *cobra.Command) (*client.Contract, *helper.LocalActor) {
+func getRPCClient(cmd *cobra.Command) (*client.Contract, *helper.LocalActor, util.Uint160) {
 	v := viper.GetViper()
-	c, err := helper.NewRemoteClient(v)
+	c, err := helper.GetN3Client(v)
 	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
 
 	ac, err := helper.NewLocalActor(cmd, c, constants.CommitteeAccountName)
@@ -22,17 +22,5 @@ func nnsWriter(cmd *cobra.Command) (*client.Contract, *helper.LocalActor) {
 	r := management.NewReader(ac.Invoker)
 	nnsCs, err := helper.GetContractByID(r, 1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
-	return client.New(ac, nnsCs.Hash), ac
+	return client.New(ac, nnsCs.Hash), ac, nnsCs.Hash
-}
-
-func nnsReader(cmd *cobra.Command) (*client.ContractReader, *invoker.Invoker) {
-	c, err := helper.NewRemoteClient(viper.GetViper())
-	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
-
-	inv := invoker.New(c, nil)
-	r := management.NewReader(inv)
-	nnsCs, err := helper.GetContractByID(r, 1)
-	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
-
-	return client.NewReader(inv, nnsCs.Hash), inv
 }

cmd/frostfs-adm/internal/modules/morph/nns/record.go

@@ -8,6 +8,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	"github.com/spf13/cobra"
 )
@@ -28,6 +29,7 @@ func initAddRecordCmd() {
 func initGetRecordsCmd() {
 	Cmd.AddCommand(getRecordsCmd)
 	getRecordsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	getRecordsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	getRecordsCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
 	getRecordsCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
 
@@ -59,7 +61,7 @@ func initDelRecordCmd() {
 }
 
 func addRecord(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
+	c, actor, _ := getRPCClient(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	data, _ := cmd.Flags().GetString(nnsRecordDataFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
@@ -75,16 +77,16 @@ func addRecord(cmd *cobra.Command, _ []string) {
 }
 
 func getRecords(cmd *cobra.Command, _ []string) {
-	c, inv := nnsReader(cmd)
+	c, act, hash := getRPCClient(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
 	if recordType == "" {
-		sid, r, err := c.GetAllRecords(name)
+		sid, r, err := unwrap.SessionIterator(act.Invoker.Call(hash, "getAllRecords", name))
 		commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
 		defer func() {
-			_ = inv.TerminateSession(sid)
+			_ = act.Invoker.TerminateSession(sid)
 		}()
-		items, err := inv.TraverseIterator(sid, &r, 0)
+		items, err := act.Invoker.TraverseIterator(sid, &r, 0)
 		commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
 		for len(items) != 0 {
 			for j := range items {
@@ -95,7 +97,7 @@ func getRecords(cmd *cobra.Command, _ []string) {
 					recordTypeToString(nns.RecordType(rs[1].Value().(*big.Int).Int64())),
 					string(bs))
 			}
-			items, err = inv.TraverseIterator(sid, &r, 0)
+			items, err = act.Invoker.TraverseIterator(sid, &r, 0)
 			commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
 		}
 	} else {
@@ -112,7 +114,7 @@ func getRecords(cmd *cobra.Command, _ []string) {
 }
 
 func delRecords(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
+	c, actor, _ := getRPCClient(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
 	typ, err := getRecordType(recordType)
@@ -127,7 +129,7 @@ func delRecords(cmd *cobra.Command, _ []string) {
 }
 
 func delRecord(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
+	c, actor, _ := getRPCClient(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	data, _ := cmd.Flags().GetString(nnsRecordDataFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)

cmd/frostfs-adm/internal/modules/morph/nns/renew.go

@@ -14,7 +14,7 @@ func initRenewCmd() {
 }
 
 func renewDomain(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
+	c, actor, _ := getRPCClient(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	h, vub, err := c.Renew(name)
 	commonCmd.ExitOnErr(cmd, "unable to renew domain: %w", err)

cmd/frostfs-adm/internal/modules/morph/nns/tokens.go

@@ -18,11 +18,12 @@ const (
 func initTokensCmd() {
 	Cmd.AddCommand(tokensCmd)
 	tokensCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	tokensCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	tokensCmd.Flags().BoolP(commonflags.Verbose, commonflags.VerboseShorthand, false, verboseDesc)
 }
 
 func listTokens(cmd *cobra.Command, _ []string) {
-	c, _ := nnsReader(cmd)
+	c, _, _ := getRPCClient(cmd)
 	it, err := c.Tokens()
 	commonCmd.ExitOnErr(cmd, "unable to get tokens: %w", err)
 	for toks, err := it.Next(10); err == nil && len(toks) > 0; toks, err = it.Next(10) {
@@ -40,7 +41,7 @@ func listTokens(cmd *cobra.Command, _ []string) {
 	}
 }
 
-func getCnameRecord(c *client.ContractReader, token []byte) (string, error) {
+func getCnameRecord(c *client.Contract, token []byte) (string, error) {
 	items, err := c.GetRecords(string(token), big.NewInt(int64(nns.CNAME)))
 
 	// GetRecords returns the error "not an array" if the domain does not contain records.

cmd/frostfs-adm/internal/modules/morph/nns/update.go

@@ -30,7 +30,7 @@ func initUpdateCmd() {
 }
 
 func updateSOA(cmd *cobra.Command, _ []string) {
-	c, actor := nnsWriter(cmd)
+	c, actor, _ := getRPCClient(cmd)
 
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	email, _ := cmd.Flags().GetString(nnsEmailFlag)

cmd/frostfs-adm/internal/modules/morph/notary/notary.go

@@ -89,7 +89,7 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 }
 
 func transferGas(cmd *cobra.Command, acc *wallet.Account, accHash util.Uint160, gasAmount fixedn.Fixed8, till int64) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return err
 	}

cmd/frostfs-adm/internal/modules/morph/policy/policy.go

@@ -62,7 +62,7 @@ func SetPolicyCmd(cmd *cobra.Command, args []string) error {
 }
 
 func dumpPolicyCmd(cmd *cobra.Command, _ []string) error {
-	c, err := helper.NewRemoteClient(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client:", err)
 
 	inv := invoker.New(c, nil)

cmd/internal/common/ape/flags.go

@@ -2,6 +2,7 @@ package ape
 
 const (
 	RuleFlag           = "rule"
+	RuleFlagDesc       = "Rule statement"
 	PathFlag           = "path"
 	PathFlagDesc       = "Path to encoded chain in JSON or binary format"
 	TargetNameFlag     = "target-name"
@@ -16,64 +17,3 @@ const (
 	ChainNameFlagDesc  = "Chain name(ingress|s3)"
 	AllFlag            = "all"
 )
-
-const RuleFlagDesc = `Defines an Access Policy Engine (APE) rule in the format:
-    <status>[:status_detail] <action>... <condition>... <resource>...
-
-Status:
-  - allow                   Permits specified actions
-  - deny                    Prohibits specified actions
-  - deny:QuotaLimitReached  Denies access due to quota limits
-
-Actions:
-    Object operations:
-    - Object.Put, Object.Get, etc.
-    - Object.*     (all object operations)
-    Container operations:
-    - Container.Put, Container.Get, etc.
-    - Container.*  (all container operations)
-
-Conditions:
-    ResourceCondition:
-      Format: ResourceCondition:"key"=value, "key"!=value
-        Reserved properties (use '\' before '$'):
-        - $Object:version
-        - $Object:objectID
-        - $Object:containerID
-        - $Object:ownerID
-        - $Object:creationEpoch
-        - $Object:payloadLength
-        - $Object:payloadHash
-        - $Object:objectType
-        - $Object:homomorphicHash
-
-RequestCondition:
-    Format: RequestCondition:"key"=value, "key"!=value
-      Reserved properties (use '\' before '$'):
-        - $Actor:publicKey
-        - $Actor:role
-
-      Example:
-        ResourceCondition:"check_key"!="check_value" RequestCondition:"$Actor:role"=others
-
-Resources:
-    For objects:
-      - namespace/cid/oid    (specific object)
-      - namespace/cid/*      (all objects in container)
-      - namespace/*          (all objects in namespace)
-      - *                    (all objects)
-      - /*                   (all objects in root namespace)
-      - /cid/*               (all objects in root container)
-      - /cid/oid             (specific object in root container)
-
-    For containers:
-      - namespace/cid        (specific container)
-      - namespace/*          (all containers in namespace)
-      - *                    (all containers)
-      - /cid                 (root container)
-      - /*                   (all root containers)
-
-Notes:
-    - Cannot mix object and container operations in one rule
-    - Default behavior is Any=false unless 'any' is specified
-    - Use 'all' keyword to explicitly set Any=false`

cmd/internal/common/exit.go

@@ -26,7 +26,6 @@ func ExitOnErr(cmd *cobra.Command, errFmt string, err error) {
 		_ = iota
 		internal
 		aclDenied
-		apemanagerDenied
 	)
 
 	var (
@@ -34,7 +33,6 @@ func ExitOnErr(cmd *cobra.Command, errFmt string, err error) {
 
 		internalErr = new(sdkstatus.ServerInternal)
 		accessErr   = new(sdkstatus.ObjectAccessDenied)
-		apemanagerErr = new(sdkstatus.APEManagerAccessDenied)
 	)
 
 	switch {
@@ -43,9 +41,6 @@ func ExitOnErr(cmd *cobra.Command, errFmt string, err error) {
 	case errors.As(err, &accessErr):
 		code = aclDenied
 		err = fmt.Errorf("%w: %s", err, accessErr.Reason())
-	case errors.As(err, &apemanagerErr):
-		code = apemanagerDenied
-		err = fmt.Errorf("%w: %s", err, apemanagerErr.Reason())
 	default:
 		code = internal
 	}

go.mod

@@ -4,7 +4,7 @@ go 1.22
 
 require (
 	code.gitea.io/sdk/gitea v0.17.1
-	git.frostfs.info/TrueCloudLab/frostfs-contract v0.21.0-rc.4
+	git.frostfs.info/TrueCloudLab/frostfs-contract v0.20.0
 	git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0
 	git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb5c0d
 	git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20241112082307-f17779933e88