[#1112 ] node: Fix race warning for GetObjectAndWritePayload

Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
[#1112 ] node: Add test for Range request for EC object
2024-05-07 14:47:21 +03:00 · 2024-05-07 14:47:21 +03:00 · 2024-05-07 14:47:21 +03:00 · 2024-05-07 14:47:21 +03:00 · 2024-05-07 14:47:21 +03:00 · 2024-05-07 11:36:11 +00:00
520 changed files with 21714 additions and 7535 deletions
--- a/.docker/Dockerfile.adm
+++ b/.docker/Dockerfile.adm
@ -1,4 +1,4 @@
-FROM golang:1.21 as builder
+FROM golang:1.22 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.docker/Dockerfile.ci
+++ b/.docker/Dockerfile.ci
@ -1,4 +1,4 @@
-FROM golang:1.21
+FROM golang:1.22

 WORKDIR /tmp

--- a/.docker/Dockerfile.cli
+++ b/.docker/Dockerfile.cli
@ -1,4 +1,4 @@
-FROM golang:1.21 as builder
+FROM golang:1.22 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.docker/Dockerfile.ir
+++ b/.docker/Dockerfile.ir
@ -1,4 +1,4 @@
-FROM golang:1.21 as builder
+FROM golang:1.22 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.docker/Dockerfile.storage
+++ b/.docker/Dockerfile.storage
@ -1,4 +1,4 @@
-FROM golang:1.21 as builder
+FROM golang:1.22 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
--- a/.forgejo/workflows/build.yml
+++ b/.forgejo/workflows/build.yml
@ -8,7 +8,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        go_versions: [ '1.20', '1.21' ]
+        go_versions: [ '1.21', '1.22' ]

    steps:
      - uses: actions/checkout@v3
--- a/.forgejo/workflows/dco.yml
+++ b/.forgejo/workflows/dco.yml
@ -13,9 +13,9 @@ jobs:
      - name: Setup Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.21'
+          go-version: '1.22'

      - name: Run commit format checker
-        uses: https://git.frostfs.info/TrueCloudLab/dco-go@v2
+        uses: https://git.frostfs.info/TrueCloudLab/dco-go@v3
        with:
          from: 'origin/${{ github.event.pull_request.base.ref }}'
--- a/.forgejo/workflows/pre-commit.yml
+++ b/.forgejo/workflows/pre-commit.yml
@ -0,0 +1,25 @@
+name: Pre-commit hooks
+on: [pull_request]
+
+jobs:
+  precommit:
+    name: Pre-commit
+    env:
+      # Skip pre-commit hooks which are executed by other actions.
+      SKIP: make-lint,go-staticcheck-repo-mod,go-unit-tests,gofumpt
+    runs-on: ubuntu-22.04
+    # If we use actions/setup-python from either Github or Gitea,
+    # the line above fails with a cryptic error about not being able to found python.
+    # So install everything manually.
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.22
+      - name: Set up Python
+        run: |
+          apt update
+          apt install -y pre-commit
+      - name: Run pre-commit
+        run: pre-commit run --color=always --hook-stage manual --all-files
--- a/.forgejo/workflows/tests.yml
+++ b/.forgejo/workflows/tests.yml
@ -11,7 +11,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.21'
+          go-version: '1.22'
          cache: true

      - name: Install linters
@ -25,7 +25,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        go_versions: [ '1.20', '1.21' ]
+        go_versions: [ '1.21', '1.22' ]
      fail-fast: false
    steps:
      - uses: actions/checkout@v3
@ -63,7 +63,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.21'
+          go-version: '1.22'
          cache: true

      - name: Install staticcheck
@ -71,3 +71,21 @@ jobs:

      - name: Run staticcheck
        run: make staticcheck-run
+
+  gopls:
+    name: gopls check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.21'
+          cache: true
+
+      - name: Install gopls
+        run: make gopls-install
+
+      - name: Run gopls
+        run: make gopls-run
--- a/.forgejo/workflows/vulncheck.yml
+++ b/.forgejo/workflows/vulncheck.yml
@ -13,7 +13,7 @@ jobs:
      - name: Setup Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.21'
+          go-version: '1.22'

      - name: Install govulncheck
        run: go install golang.org/x/vuln/cmd/govulncheck@latest
--- a/.gitlint
+++ b/.gitlint
@ -1,11 +0,0 @@
-[general]
-fail-without-commits=True
-regex-style-search=True
-contrib=CC1
-
-[title-match-regex]
-regex=^\[\#[0-9Xx]+\]\s
-
-[ignore-by-title]
-regex=^Release(.*)
-ignore=title-match-regex
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -2,13 +2,6 @@ ci:
  autofix_prs: false

 repos:
-  - repo: https://github.com/jorisroovers/gitlint
-    rev:  v0.19.1
-    hooks:
-      - id: gitlint
-        stages: [commit-msg]
-      - id: gitlint-ci
-
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
@ -23,7 +16,7 @@ repos:
    - id: trailing-whitespace
      args: [--markdown-linebreak-ext=md]
    - id: end-of-file-fixer
-      exclude: ".key$"
+      exclude: "(.key|.svg)$"

  - repo: https://github.com/shellcheck-py/shellcheck-py
    rev: v0.9.0.6
@ -42,7 +35,7 @@ repos:
    hooks:
       - id: go-unit-tests
         name: go unit tests
-         entry: make test
+         entry: make test GOFLAGS=''
         pass_filenames: false
         types: [go]
         language: system
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,37 @@ Changelog for FrostFS Node

 ## [Unreleased]

+### Added
+### Changed
+### Fixed
+### Removed
+### Updated
+
+## [v0.38.0]
+
+### Added
+- Add `trace_id` to logs in `frostfs-node` (#146)
+- Allow to forcefully remove container from IR (#733)
+- LOKI support (#740)
+- Allow sealing writecache (#569)
+- Support tree service in data evacuation (#947)
+- Use new policy engine mechanism for access control (#770, #804)
+- Log about active notary deposit waiting (#963)
+
+### Changed
+- Sort output in `frostfs-cli` subcommands (#333)
+- Send bootstrap query at each epoch tick (#721)
+- Do not retain garbage in fstree on systems supporting O_TMPFILE (#970)
+
+### Fixed
+- Handle synchronization failures better in tree service (#741)
+- Fix invalid batch size for iterator traversal in morph (#1000)
+
+### Updated
+- `neo-go` to `v0.105.0`
+
+## [v0.37.0]
+
 ### Added
 - Support impersonate bearer token (#229)
 - Change log level on SIGHUP for ir (#125)
--- a/66
+++ b/66
@ -7,9 +7,9 @@ VERSION ?= $(shell git describe --tags --dirty --match "v*" --always --abbrev=8
 HUB_IMAGE ?= truecloudlab/frostfs
 HUB_TAG ?= "$(shell echo ${VERSION} | sed 's/^v//')"

-GO_VERSION ?= 1.21
-LINT_VERSION ?= 1.55.2
-TRUECLOUDLAB_LINT_VERSION ?= 0.0.3
+GO_VERSION ?= 1.22
+LINT_VERSION ?= 1.56.1
+TRUECLOUDLAB_LINT_VERSION ?= 0.0.5
 PROTOC_VERSION ?= 25.0
 PROTOC_GEN_GO_VERSION ?= $(shell go list -f '{{.Version}}' -m google.golang.org/protobuf)
 PROTOGEN_FROSTFS_VERSION ?= $(shell go list -f '{{.Version}}' -m git.frostfs.info/TrueCloudLab/frostfs-api-go/v2)
@ -44,6 +44,14 @@ PROTOGEN_FROSTFS_DIR ?= $(PROTOBUF_DIR)/protogen-$(PROTOGEN_FROSTFS_VERSION)
 STATICCHECK_DIR ?= $(abspath $(BIN))/staticcheck
 STATICCHECK_VERSION_DIR ?= $(STATICCHECK_DIR)/$(STATICCHECK_VERSION)

+GOPLS_VERSION ?= v0.15.1
+GOPLS_DIR ?= $(abspath $(BIN))/gopls
+GOPLS_VERSION_DIR ?= $(GOPLS_DIR)/$(GOPLS_VERSION)
+
+FROSTFS_CONTRACTS_PATH=$(abspath ./../frostfs-contract)
+LOCODE_DB_PATH=$(abspath ./.cache/locode_db)
+LOCODE_DB_VERSION=v0.4.0
+
 .PHONY: help all images dep clean fmts fumpt imports test lint docker/lint
 		prepare-release debpackage pre-commit unpre-commit

@ -107,6 +115,7 @@ protoc:
 			--go-grpc_out=. --go-grpc_opt=paths=source_relative $$f; \
 	done

+# Install protoc
 protoc-install:
 	@rm -rf $(PROTOBUF_DIR)
 	@mkdir $(PROTOBUF_DIR)
@ -153,15 +162,18 @@ imports:
 	@echo "⇒ Processing goimports check"
 	@goimports -w cmd/ pkg/ misc/

+# Run gofumpt
 fumpt:
 	@echo "⇒ Processing gofumpt check"
 	@gofumpt -l -w cmd/ pkg/ misc/

 # Run Unit Test with go test
+test: GOFLAGS ?= "-count=1"
 test:
 	@echo "⇒ Running go test"
-	@go test ./... -count=1
+	@GOFLAGS="$(GOFLAGS)" go test ./...

+# Run pre-commit
 pre-commit-run:
 	@pre-commit run -a --hook-stage manual

@ -197,6 +209,21 @@ staticcheck-run:
 	fi
 	@$(STATICCHECK_VERSION_DIR)/staticcheck ./...

+# Install gopls
+gopls-install:
+	@rm -rf $(GOPLS_DIR)
+	@mkdir $(GOPLS_DIR)
+	@GOBIN=$(GOPLS_VERSION_DIR) go install golang.org/x/tools/gopls@$(GOPLS_VERSION)
+
+# Run gopls
+gopls-run:
+	@if [ ! -d "$(GOPLS_VERSION_DIR)" ]; then \
+		make gopls-install; \
+	fi
+	@if [[ $$(find . -type f -name "*.go" -print | xargs $(GOPLS_VERSION_DIR)/gopls check | tee /dev/tty | wc -l) -ne 0 ]]; then \
+		exit 1; \
+	fi
+
 # Run linters in Docker
 docker/lint:
 	docker run --rm -t \
@ -232,5 +259,36 @@ debpackage:
 			"Please see CHANGELOG.md for code changes for $(VERSION)"
 	dpkg-buildpackage --no-sign -b

+# Cleanup deb package build directories
 debclean:
 	dh clean
+
+# Download locode database
+locode-download:
+	mkdir -p $(TMP_DIR)
+	@wget -q -O ./$(TMP_DIR)/locode_db.gz 'https://git.frostfs.info/TrueCloudLab/frostfs-locode-db/releases/download/${LOCODE_DB_VERSION}/locode_db.gz'
+	gzip -dfk ./$(TMP_DIR)/locode_db.gz
+
+# Start dev environment
+env-up: all
+	docker compose -f dev/docker-compose.yml up -d
+	@if [ ! -d "$(FROSTFS_CONTRACTS_PATH)" ]; then \
+		echo "Frostfs contracts not found"; exit 1; \
+	fi
+	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph init --contracts ${FROSTFS_CONTRACTS_PATH}
+	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph refill-gas --storage-wallet ./dev/storage/wallet01.json --gas 10.0
+	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph refill-gas --storage-wallet ./dev/storage/wallet02.json --gas 10.0
+	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph refill-gas --storage-wallet ./dev/storage/wallet03.json --gas 10.0
+	${BIN}/frostfs-adm --config ./dev/adm/frostfs-adm.yml morph refill-gas --storage-wallet ./dev/storage/wallet04.json --gas 10.0
+	@if [ ! -f "$(LOCODE_DB_PATH)" ]; then \
+		make locode-download; \
+	fi
+	mkdir -p ./$(TMP_DIR)/state
+	mkdir -p ./$(TMP_DIR)/storage
+
+# Shutdown dev environment
+env-down:
+	docker compose -f dev/docker-compose.yml down
+	docker volume rm -f frostfs-node_neo-go
+	rm -rf ./$(TMP_DIR)/state
+	rm -rf ./$(TMP_DIR)/storage
--- a/README.md
+++ b/README.md
@ -49,7 +49,7 @@ The latest version of frostfs-node works with frostfs-contract

 # Building

-To make all binaries you need Go 1.20+ and `make`:
+To make all binaries you need Go 1.21+ and `make`:
 ```
 make all
 ```
@ -76,6 +76,45 @@ To make docker images suitable for use in [frostfs-dev-env](https://github.com/T
 make images
 ```

+# Debugging
+
+## VSCode
+
+To run and debug single node cluster with VSCode:
+
+1. Clone and build [frostfs-contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract) repository to the same directory level as `frostfs-node`. For example:
+
+```
+/
+├── src
+    ├── frostfs-node
+    └── frostfs-contract
+```
+See `frostfs-contract`'s README.md for build instructions.
+
+2. Copy `launch.json` and `tasks.json` from `dev/.vscode-example` directory to `.vscode` directory. If you already have such files in `.vscode` directory, then merge them manually.
+
+3. Go to **Run and Debug** (`Ctrl+Shift+D`) and start `IR+Storage node` configuration.
+
+4. To create container and put object into it run (container and object IDs will be different):
+
+```
+./bin/frostfs-cli container create -r 127.0.0.1:8080 --wallet ./dev/wallet.json --policy "REP 1 IN X CBF 1 SELECT 1 FROM * AS X" --basic-acl public-read-write --await
+Enter password >  <- press ENTER, the is no password for wallet
+CID: CfPhEuHQ2PRvM4gfBQDC4dWZY3NccovyfcnEdiq2ixju
+
+./bin/frostfs-cli object put -r 127.0.0.1:8080 --wallet ./dev/wallet.json --file README.md --cid CfPhEuHQ2PRvM4gfBQDC4dWZY3NccovyfcnEdiq2ixju
+Enter password >
+ 4300 / 4300 [===========================================================================================================================================================================================================] 100.00% 0s
+[README.md] Object successfully stored
+  OID: 78sohnudVMnPsczXqsTUcvezosan2YDNVZwDE8Kq5YwU
+  CID: CfPhEuHQ2PRvM4gfBQDC4dWZY3NccovyfcnEdiq2ixju
+
+./bin/frostfs-cli object get -r 127.0.0.1:8080 --wallet ./dev/wallet.json --cid CfPhEuHQ2PRvM4gfBQDC4dWZY3NccovyfcnEdiq2ixju --oid 78sohnudVMnPsczXqsTUcvezosan2YDNVZwDE8Kq5YwU
+...
+
+```
+
 # Contributing

 Feel free to contribute to this project after reading the [contributing
--- a/2
+++ b/2
@ -1 +1 @@
-v0.36.0
+v0.38.0
--- a/cmd/frostfs-adm/docs/deploy.md
+++ b/cmd/frostfs-adm/docs/deploy.md
@ -34,6 +34,8 @@ alphabet-wallets: /home/user/deploy/alphabet-wallets
 network:
  max_object_size: 67108864
  epoch_duration: 240
+  max_ec_data_count: 12
+  max_ec_parity_count: 4
  fee:
    candidate: 0
    container: 0
--- a/cmd/frostfs-adm/internal/commonflags/flags.go
+++ b/cmd/frostfs-adm/internal/commonflags/flags.go
@ -11,4 +11,32 @@ const (
 	Verbose          = "verbose"
 	VerboseShorthand = "v"
 	VerboseUsage     = "Verbose output"
+
+	EndpointFlag      = "rpc-endpoint"
+	EndpointFlagDesc  = "N3 RPC node endpoint"
+	EndpointFlagShort = "r"
+
+	AlphabetWalletsFlag     = "alphabet-wallets"
+	AlphabetWalletsFlagDesc = "Path to alphabet wallets dir"
+
+	LocalDumpFlag                   = "local-dump"
+	ContractsInitFlag               = "contracts"
+	ContractsInitFlagDesc           = "Path to archive with compiled FrostFS contracts (the default is to fetch the latest release from the official repository)"
+	ContractsURLFlag                = "contracts-url"
+	ContractsURLFlagDesc            = "URL to archive with compiled FrostFS contracts"
+	EpochDurationInitFlag           = "network.epoch_duration"
+	MaxObjectSizeInitFlag           = "network.max_object_size"
+	MaxECDataCountFlag              = "network.max_ec_data_count"
+	MaxECParityCounFlag             = "network.max_ec_parity_count"
+	RefillGasAmountFlag             = "gas"
+	StorageWalletFlag               = "storage-wallet"
+	ContainerFeeInitFlag            = "network.fee.container"
+	ContainerAliasFeeInitFlag       = "network.fee.container_alias"
+	CandidateFeeInitFlag            = "network.fee.candidate"
+	WithdrawFeeInitFlag             = "network.fee.withdraw"
+	MaintenanceModeAllowedInitFlag  = "network.maintenance_mode_allowed"
+	HomomorphicHashDisabledInitFlag = "network.homomorphic_hash_disabled"
+	CustomZoneFlag                  = "domain"
+	AlphabetSizeFlag                = "size"
+	AllFlag                         = "all"
 )
--- a/cmd/frostfs-adm/internal/modules/config/config.go
+++ b/cmd/frostfs-adm/internal/modules/config/config.go
@ -21,6 +21,8 @@ type configTemplate struct {
 	CandidateFee            int
 	ContainerFee            int
 	ContainerAliasFee       int
+	MaxECDataCount          int
+	MaxECParityCount        int
 	WithdrawFee             int
 	Glagolitics             []string
 	HomomorphicHashDisabled bool
@ -31,6 +33,8 @@ alphabet-wallets: {{ .AlphabetDir}}
 network:
  max_object_size: {{ .MaxObjectSize}}
  epoch_duration: {{ .EpochDuration}}
+  max_ec_data_count: {{ .MaxECDataCount}}
+  max_ec_parity_count: {{ .MaxECParityCount}}
  homomorphic_hash_disabled: {{ .HomomorphicHashDisabled}}
  fee:
    candidate: {{ .CandidateFee}}
@ -106,6 +110,8 @@ func generateConfigExample(appDir string, credSize int) (string, error) {
 	tmpl := configTemplate{
 		Endpoint:                "https://neo.rpc.node:30333",
 		MaxObjectSize:           67108864,      // 64 MiB
+		MaxECDataCount:          12,            // Tested with 16-node networks, assuming 12 data + 4 parity nodes.
+		MaxECParityCount:        4,             // Maximum 4 parity chunks, typically <= 3 for most policies.
 		EpochDuration:           240,           // 1 hour with 15s per block
 		HomomorphicHashDisabled: false,         // object homomorphic hash is enabled
 		CandidateFee:            100_0000_0000, // 100.0 GAS (Fixed8)
--- a/cmd/frostfs-adm/internal/modules/config/config_test.go
+++ b/cmd/frostfs-adm/internal/modules/config/config_test.go
@ -27,6 +27,8 @@ func TestGenerateConfigExample(t *testing.T) {
 	require.Equal(t, "https://neo.rpc.node:30333", v.GetString("rpc-endpoint"))
 	require.Equal(t, filepath.Join(appDir, "alphabet-wallets"), v.GetString("alphabet-wallets"))
 	require.Equal(t, 67108864, v.GetInt("network.max_object_size"))
+	require.Equal(t, 12, v.GetInt("network.max_ec_data_count"))
+	require.Equal(t, 4, v.GetInt("network.max_ec_parity_count"))
 	require.Equal(t, 240, v.GetInt("network.epoch_duration"))
 	require.Equal(t, 10000000000, v.GetInt("network.fee.candidate"))
 	require.Equal(t, 1000, v.GetInt("network.fee.container"))
--- a/cmd/frostfs-adm/internal/modules/morph/ape/ape.go
+++ b/cmd/frostfs-adm/internal/modules/morph/ape/ape.go
@ -0,0 +1,268 @@
+package ape
+
+import (
+	"bytes"
+	"encoding/json"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+const (
+	namespaceTarget   = "namespace"
+	containerTarget   = "container"
+	userTarget        = "user"
+	groupTarget       = "group"
+	jsonFlag          = "json"
+	jsonFlagDesc      = "Output rule chains in JSON format"
+	chainIDFlag       = "chain-id"
+	chainIDDesc       = "Rule chain ID"
+	ruleFlag          = "rule"
+	ruleFlagDesc      = "Rule chain in text format"
+	pathFlag          = "path"
+	pathFlagDesc      = "path to encoded chain in JSON or binary format"
+	targetNameFlag    = "target-name"
+	targetNameDesc    = "Resource name in APE resource name format"
+	targetTypeFlag    = "target-type"
+	targetTypeDesc    = "Resource type(container/namespace)"
+	addrAdminFlag     = "addr"
+	addrAdminDesc     = "The address of the admins wallet"
+	chainNameFlag     = "chain-name"
+	chainNameFlagDesc = "Chain name(ingress|s3)"
+)
+
+var (
+	addRuleChainCmd = &cobra.Command{
+		Use:   "add-rule-chain",
+		Short: "Add rule chain",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+		},
+		Run: addRuleChain,
+	}
+
+	removeRuleChainCmd = &cobra.Command{
+		Use:   "rm-rule-chain",
+		Short: "Remove rule chain",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+		},
+		Run: removeRuleChain,
+	}
+
+	listRuleChainsCmd = &cobra.Command{
+		Use:   "list-rule-chains",
+		Short: "List rule chains",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: listRuleChains,
+	}
+
+	setAdminCmd = &cobra.Command{
+		Use:   "set-admin",
+		Short: "Set admin",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+		},
+		Run: setAdmin,
+	}
+
+	getAdminCmd = &cobra.Command{
+		Use:   "get-admin",
+		Short: "Get admin",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: getAdmin,
+	}
+
+	listTargetsCmd = &cobra.Command{
+		Use:   "list-targets",
+		Short: "List targets",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: listTargets,
+	}
+)
+
+func initAddRuleChainCmd() {
+	Cmd.AddCommand(addRuleChainCmd)
+
+	addRuleChainCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	addRuleChainCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+
+	addRuleChainCmd.Flags().String(targetTypeFlag, "", targetTypeDesc)
+	_ = addRuleChainCmd.MarkFlagRequired(targetTypeFlag)
+	addRuleChainCmd.Flags().String(targetNameFlag, "", targetNameDesc)
+	_ = addRuleChainCmd.MarkFlagRequired(targetNameFlag)
+
+	addRuleChainCmd.Flags().String(chainIDFlag, "", chainIDDesc)
+	_ = addRuleChainCmd.MarkFlagRequired(chainIDFlag)
+	addRuleChainCmd.Flags().StringArray(ruleFlag, []string{}, ruleFlagDesc)
+	addRuleChainCmd.Flags().String(pathFlag, "", pathFlagDesc)
+	addRuleChainCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
+	addRuleChainCmd.MarkFlagsMutuallyExclusive(ruleFlag, pathFlag)
+}
+
+func initRemoveRuleChainCmd() {
+	Cmd.AddCommand(removeRuleChainCmd)
+
+	removeRuleChainCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	removeRuleChainCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+
+	removeRuleChainCmd.Flags().String(targetTypeFlag, "", targetTypeDesc)
+	_ = removeRuleChainCmd.MarkFlagRequired(targetTypeFlag)
+	removeRuleChainCmd.Flags().String(targetNameFlag, "", targetNameDesc)
+	_ = removeRuleChainCmd.MarkFlagRequired(targetNameFlag)
+	removeRuleChainCmd.Flags().String(chainIDFlag, "", chainIDDesc)
+	removeRuleChainCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
+	removeRuleChainCmd.Flags().Bool(commonflags.AllFlag, false, "Remove all chains for target")
+	removeRuleChainCmd.MarkFlagsMutuallyExclusive(commonflags.AllFlag, chainIDFlag)
+}
+
+func initListRuleChainsCmd() {
+	Cmd.AddCommand(listRuleChainsCmd)
+
+	listRuleChainsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	listRuleChainsCmd.Flags().StringP(targetTypeFlag, "t", "", targetTypeDesc)
+	_ = listRuleChainsCmd.MarkFlagRequired(targetTypeFlag)
+	listRuleChainsCmd.Flags().String(targetNameFlag, "", targetNameDesc)
+	_ = listRuleChainsCmd.MarkFlagRequired(targetNameFlag)
+	listRuleChainsCmd.Flags().Bool(jsonFlag, false, jsonFlagDesc)
+	listRuleChainsCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
+}
+
+func initSetAdminCmd() {
+	Cmd.AddCommand(setAdminCmd)
+
+	setAdminCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	setAdminCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	setAdminCmd.Flags().String(addrAdminFlag, "", addrAdminDesc)
+	_ = setAdminCmd.MarkFlagRequired(addrAdminFlag)
+}
+
+func initGetAdminCmd() {
+	Cmd.AddCommand(getAdminCmd)
+
+	getAdminCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+}
+
+func initListTargetsCmd() {
+	Cmd.AddCommand(listTargetsCmd)
+
+	listTargetsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	listTargetsCmd.Flags().StringP(targetTypeFlag, "t", "", targetTypeDesc)
+	_ = listTargetsCmd.MarkFlagRequired(targetTypeFlag)
+}
+
+func addRuleChain(cmd *cobra.Command, _ []string) {
+	chain := parseChain(cmd)
+	target := parseTarget(cmd)
+	pci, ac := newPolicyContractInterface(cmd)
+	h, vub, err := pci.AddMorphRuleChain(parseChainName(cmd), target, chain)
+	cmd.Println("Waiting for transaction to persist...")
+	_, err = ac.Wait(h, vub, err)
+	commonCmd.ExitOnErr(cmd, "add rule chain error: %w", err)
+	cmd.Println("Rule chain added successfully")
+}
+
+func removeRuleChain(cmd *cobra.Command, _ []string) {
+	target := parseTarget(cmd)
+	pci, ac := newPolicyContractInterface(cmd)
+	removeAll, _ := cmd.Flags().GetBool(commonflags.AllFlag)
+	if removeAll {
+		h, vub, err := pci.RemoveMorphRuleChainsByTarget(parseChainName(cmd), target)
+		cmd.Println("Waiting for transaction to persist...")
+		_, err = ac.Wait(h, vub, err)
+		commonCmd.ExitOnErr(cmd, "remove rule chain error: %w", err)
+		cmd.Println("All chains for target removed successfully")
+	} else {
+		chainID := parseChainID(cmd)
+		h, vub, err := pci.RemoveMorphRuleChain(parseChainName(cmd), target, chainID)
+		cmd.Println("Waiting for transaction to persist...")
+		_, err = ac.Wait(h, vub, err)
+		commonCmd.ExitOnErr(cmd, "remove rule chain error: %w", err)
+		cmd.Println("Rule chain removed successfully")
+	}
+}
+
+func listRuleChains(cmd *cobra.Command, _ []string) {
+	target := parseTarget(cmd)
+	pci, _ := newPolicyContractReaderInterface(cmd)
+	chains, err := pci.ListMorphRuleChains(parseChainName(cmd), target)
+	commonCmd.ExitOnErr(cmd, "list rule chains error: %w", err)
+	if len(chains) == 0 {
+		return
+	}
+
+	toJSON, _ := cmd.Flags().GetBool(jsonFlag)
+	if toJSON {
+		prettyJSONFormat(cmd, chains)
+	} else {
+		for _, c := range chains {
+			parseutil.PrintHumanReadableAPEChain(cmd, c)
+		}
+	}
+}
+
+func setAdmin(cmd *cobra.Command, _ []string) {
+	s, _ := cmd.Flags().GetString(addrAdminFlag)
+	addr, err := util.Uint160DecodeStringLE(s)
+	commonCmd.ExitOnErr(cmd, "can't decode admin addr: %w", err)
+	pci, ac := newPolicyContractInterface(cmd)
+	h, vub, err := pci.SetAdmin(addr)
+	cmd.Println("Waiting for transaction to persist...")
+	_, err = ac.Wait(h, vub, err)
+	commonCmd.ExitOnErr(cmd, "can't set admin: %w", err)
+	cmd.Println("Admin set successfully")
+}
+
+func getAdmin(cmd *cobra.Command, _ []string) {
+	pci, _ := newPolicyContractReaderInterface(cmd)
+	addr, err := pci.GetAdmin()
+	commonCmd.ExitOnErr(cmd, "unable to get admin: %w", err)
+	cmd.Println(addr.StringLE())
+}
+
+func listTargets(cmd *cobra.Command, _ []string) {
+	typ, err := parseTargetType(cmd)
+	commonCmd.ExitOnErr(cmd, "parse target type error: %w", err)
+	pci, inv := newPolicyContractReaderInterface(cmd)
+
+	sid, it, err := pci.ListTargetsIterator(typ)
+	commonCmd.ExitOnErr(cmd, "list targets error: %w", err)
+	items, err := inv.TraverseIterator(sid, &it, 0)
+	for err == nil && len(items) != 0 {
+		for _, item := range items {
+			bts, err := item.TryBytes()
+			commonCmd.ExitOnErr(cmd, "list targets error: %w", err)
+			if len(bts) == 0 {
+				cmd.Println("(no name)")
+			} else {
+				cmd.Println(string(bts))
+			}
+		}
+		items, err = inv.TraverseIterator(sid, &it, 0)
+		commonCmd.ExitOnErr(cmd, "unable to list targets: %w", err)
+	}
+}
+
+func prettyJSONFormat(cmd *cobra.Command, chains []*apechain.Chain) {
+	wr := bytes.NewBufferString("")
+	data, err := json.Marshal(chains)
+	if err == nil {
+		err = json.Indent(wr, data, "", " ")
+	}
+	commonCmd.ExitOnErr(cmd, "print rule chain error: %w", err)
+	cmd.Println(wr)
+}
--- a/cmd/frostfs-adm/internal/modules/morph/ape/ape_util.go
+++ b/cmd/frostfs-adm/internal/modules/morph/ape/ape_util.go
@ -0,0 +1,133 @@
+package ape
+
+import (
+	"errors"
+	"strings"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
+	parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
+	policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
+	morph "git.frostfs.info/TrueCloudLab/policy-engine/pkg/morph/policy"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+const (
+	ingress = "ingress"
+	s3      = "s3"
+)
+
+var mChainName = map[string]apechain.Name{
+	ingress: apechain.Ingress,
+	s3:      apechain.S3,
+}
+
+var (
+	errUnknownTargetType    = errors.New("unknown target type")
+	errChainIDCannotBeEmpty = errors.New("chain id cannot be empty")
+	errRuleIsNotParsed      = errors.New("rule is not passed")
+	errUnsupportedChainName = errors.New("unsupported chain name")
+)
+
+func parseTarget(cmd *cobra.Command) policyengine.Target {
+	name, _ := cmd.Flags().GetString(targetNameFlag)
+	typ, err := parseTargetType(cmd)
+	commonCmd.ExitOnErr(cmd, "read target type error: %w", err)
+
+	return policyengine.Target{
+		Name: name,
+		Type: typ,
+	}
+}
+
+func parseTargetType(cmd *cobra.Command) (policyengine.TargetType, error) {
+	typ, _ := cmd.Flags().GetString(targetTypeFlag)
+	switch typ {
+	case namespaceTarget:
+		return policyengine.Namespace, nil
+	case containerTarget:
+		return policyengine.Container, nil
+	case userTarget:
+		return policyengine.User, nil
+	case groupTarget:
+		return policyengine.Group, nil
+	}
+	return -1, errUnknownTargetType
+}
+
+func parseChainID(cmd *cobra.Command) apechain.ID {
+	chainID, _ := cmd.Flags().GetString(chainIDFlag)
+	if chainID == "" {
+		commonCmd.ExitOnErr(cmd, "read chain id error: %w",
+			errChainIDCannotBeEmpty)
+	}
+	return apechain.ID(chainID)
+}
+
+func parseChain(cmd *cobra.Command) *apechain.Chain {
+	chain := new(apechain.Chain)
+
+	if rules, _ := cmd.Flags().GetStringArray(ruleFlag); len(rules) > 0 {
+		commonCmd.ExitOnErr(cmd, "parser error: %w", parseutil.ParseAPEChain(chain, rules))
+	} else if encPath, _ := cmd.Flags().GetString(pathFlag); encPath != "" {
+		commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", parseutil.ParseAPEChainBinaryOrJSON(chain, encPath))
+	} else {
+		commonCmd.ExitOnErr(cmd, "parser error: %w", errRuleIsNotParsed)
+	}
+
+	chain.ID = parseChainID(cmd)
+
+	cmd.Println("Parsed chain:")
+	parseutil.PrintHumanReadableAPEChain(cmd, chain)
+
+	return chain
+}
+
+func parseChainName(cmd *cobra.Command) apechain.Name {
+	chainName, _ := cmd.Flags().GetString(chainNameFlag)
+	apeChainName, ok := mChainName[strings.ToLower(chainName)]
+	if !ok {
+		commonCmd.ExitOnErr(cmd, "", errUnsupportedChainName)
+	}
+	return apeChainName
+}
+
+func newPolicyContractReaderInterface(cmd *cobra.Command) (*morph.ContractStorageReader, *invoker.Invoker) {
+	c, err := helper.GetN3Client(viper.GetViper())
+	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
+
+	inv := invoker.New(c, nil)
+	var ch util.Uint160
+	r := management.NewReader(inv)
+	nnsCs, err := r.GetContractByID(1)
+	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
+
+	ch, err = helper.NNSResolveHash(inv, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
+	commonCmd.ExitOnErr(cmd, "unable to resolve policy contract hash: %w", err)
+
+	return morph.NewContractStorageReader(inv, ch), inv
+}
+
+func newPolicyContractInterface(cmd *cobra.Command) (*morph.ContractStorage, *helper.LocalActor) {
+	c, err := helper.GetN3Client(viper.GetViper())
+	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
+
+	ac, err := helper.NewLocalActor(cmd, c)
+	commonCmd.ExitOnErr(cmd, "can't create actor: %w", err)
+
+	var ch util.Uint160
+	r := management.NewReader(ac.Invoker)
+	nnsCs, err := r.GetContractByID(1)
+	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
+
+	ch, err = helper.NNSResolveHash(ac.Invoker, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
+	commonCmd.ExitOnErr(cmd, "unable to resolve policy contract hash: %w", err)
+
+	return morph.NewContractStorage(ac, ch), ac
+}
--- a/cmd/frostfs-adm/internal/modules/morph/ape/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/ape/root.go
@ -0,0 +1,17 @@
+package ape
+
+import "github.com/spf13/cobra"
+
+var Cmd = &cobra.Command{
+	Use:   "ape",
+	Short: "Section for APE configuration commands",
+}
+
+func init() {
+	initAddRuleChainCmd()
+	initRemoveRuleChainCmd()
+	initListRuleChainsCmd()
+	initSetAdminCmd()
+	initGetAdminCmd()
+	initListTargetsCmd()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/balance/balance.go
+++ b/cmd/frostfs-adm/internal/modules/morph/balance/balance.go
@ -1,4 +1,4 @@
-package morph
+package balance

 import (
 	"crypto/elliptic"
@ -7,6 +7,8 @@ import (
 	"math/big"

 	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/noderoles"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
@ -49,7 +51,7 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {
 		nmHash          util.Uint160
 	)

-	c, err := getN3Client(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return err
 	}
@ -63,7 +65,7 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {
 			return fmt.Errorf("can't get NNS contract info: %w", err)
 		}

-		nmHash, err = nnsResolveHash(inv, nnsCs.Hash, netmapContract+".frostfs")
+		nmHash, err = helper.NNSResolveHash(inv, nnsCs.Hash, helper.DomainOf(constants.NetmapContract))
 		if err != nil {
 			return fmt.Errorf("can't get netmap contract hash: %w", err)
 		}
@ -136,7 +138,7 @@ func printStorageNodeBalances(cmd *cobra.Command, inv *invoker.Invoker, nmHash u
 }

 func printProxyContractBalance(cmd *cobra.Command, inv *invoker.Invoker, nnsHash util.Uint160) error {
-	h, err := nnsResolveHash(inv, nnsHash, proxyContract+".frostfs")
+	h, err := helper.NNSResolveHash(inv, nnsHash, helper.DomainOf(constants.ProxyContract))
 	if err != nil {
 		return fmt.Errorf("can't get hash of the proxy contract: %w", err)
 	}
@ -150,13 +152,13 @@ func printProxyContractBalance(cmd *cobra.Command, inv *invoker.Invoker, nnsHash
 	return nil
 }

-func printAlphabetContractBalances(cmd *cobra.Command, c Client, inv *invoker.Invoker, count int, nnsHash util.Uint160) error {
+func printAlphabetContractBalances(cmd *cobra.Command, c helper.Client, inv *invoker.Invoker, count int, nnsHash util.Uint160) error {
 	alphaList := make([]accBalancePair, count)

 	w := io.NewBufBinWriter()
 	for i := range alphaList {
 		emit.AppCall(w.BinWriter, nnsHash, "resolve", callflag.ReadOnly,
-			getAlphabetNNSDomain(i),
+			helper.GetAlphabetNNSDomain(i),
 			int64(nns.TXT))
 	}
 	if w.Err != nil {
@ -169,7 +171,7 @@ func printAlphabetContractBalances(cmd *cobra.Command, c Client, inv *invoker.In
 	}

 	for i := range alphaList {
-		h, err := parseNNSResolveResult(alphaRes.Stack[i])
+		h, err := helper.ParseNNSResolveResult(alphaRes.Stack[i])
 		if err != nil {
 			return fmt.Errorf("can't fetch the alphabet contract #%d hash: %w", i, err)
 		}
@ -184,7 +186,7 @@ func printAlphabetContractBalances(cmd *cobra.Command, c Client, inv *invoker.In
 	return nil
 }

-func fetchIRNodes(c Client, desigHash util.Uint160) ([]accBalancePair, error) {
+func fetchIRNodes(c helper.Client, desigHash util.Uint160) ([]accBalancePair, error) {
 	inv := invoker.New(c, nil)

 	height, err := c.GetBlockCount()
@ -192,7 +194,7 @@ func fetchIRNodes(c Client, desigHash util.Uint160) ([]accBalancePair, error) {
 		return nil, fmt.Errorf("can't get block height: %w", err)
 	}

-	arr, err := getDesignatedByRole(inv, desigHash, noderoles.NeoFSAlphabet, height)
+	arr, err := helper.GetDesignatedByRole(inv, desigHash, noderoles.NeoFSAlphabet, height)
 	if err != nil {
 		return nil, errors.New("can't fetch list of IR nodes from the netmap contract")
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/balance/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/balance/root.go
@ -0,0 +1,28 @@
+package balance
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var DumpCmd = &cobra.Command{
+	Use:   "dump-balances",
+	Short: "Dump GAS balances",
+	PreRun: func(cmd *cobra.Command, _ []string) {
+		_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+	},
+	RunE: dumpBalances,
+}
+
+func initDumpBalancesCmd() {
+	DumpCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	DumpCmd.Flags().BoolP(dumpBalancesStorageFlag, "s", false, "Dump balances of storage nodes from the current netmap")
+	DumpCmd.Flags().BoolP(dumpBalancesAlphabetFlag, "a", false, "Dump balances of alphabet contracts")
+	DumpCmd.Flags().BoolP(dumpBalancesProxyFlag, "p", false, "Dump balances of the proxy contract")
+	DumpCmd.Flags().Bool(dumpBalancesUseScriptHashFlag, false, "Use script-hash format for addresses")
+}
+
+func init() {
+	initDumpBalancesCmd()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/config/config.go
+++ b/cmd/frostfs-adm/internal/modules/morph/config/config.go
@ -1,4 +1,4 @@
-package morph
+package config

 import (
 	"bytes"
@ -10,6 +10,8 @@ import (
 	"strings"
 	"text/tabwriter"

+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/netmap"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
@ -24,7 +26,7 @@ import (
 const forceConfigSet = "force"

 func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
-	c, err := getN3Client(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@ -37,7 +39,7 @@ func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}

-	nmHash, err := nnsResolveHash(inv, cs.Hash, netmapContract+".frostfs")
+	nmHash, err := helper.NNSResolveHash(inv, cs.Hash, helper.DomainOf(constants.NetmapContract))
 	if err != nil {
 		return fmt.Errorf("can't get netmap contract hash: %w", err)
 	}
@ -50,7 +52,7 @@ func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
 	buf := bytes.NewBuffer(nil)
 	tw := tabwriter.NewWriter(buf, 0, 2, 2, ' ', 0)

-	m, err := parseConfigFromNetmapContract(arr)
+	m, err := helper.ParseConfigFromNetmapContract(arr)
 	if err != nil {
 		return err
 	}
@ -58,14 +60,15 @@ func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
 		switch k {
 		case netmap.ContainerFeeConfig, netmap.ContainerAliasFeeConfig,
 			netmap.EpochDurationConfig, netmap.IrCandidateFeeConfig,
-			netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig:
+			netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig,
+			netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig:
 			nbuf := make([]byte, 8)
 			copy(nbuf[:], v)
 			n := binary.LittleEndian.Uint64(nbuf)
 			_, _ = tw.Write([]byte(fmt.Sprintf("%s:\t%d (int)\n", k, n)))
 		case netmap.HomomorphicHashingDisabledKey, netmap.MaintenanceModeAllowedConfig:
 			if len(v) == 0 || len(v) > 1 {
-				return invalidConfigValueErr(k)
+				return helper.InvalidConfigValueErr(k)
 			}
 			_, _ = tw.Write([]byte(fmt.Sprintf("%s:\t%t (bool)\n", k, v[0] == 1)))
 		default:
@ -79,12 +82,12 @@ func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
 	return nil
 }

-func setConfigCmd(cmd *cobra.Command, args []string) error {
+func SetConfigCmd(cmd *cobra.Command, args []string) error {
 	if len(args) == 0 {
 		return errors.New("empty config pairs")
 	}

-	wCtx, err := newInitializeContext(cmd, viper.GetViper())
+	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't initialize context: %w", err)
 	}
@ -95,20 +98,28 @@ func setConfigCmd(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}

-	nmHash, err := nnsResolveHash(wCtx.ReadOnlyInvoker, cs.Hash, netmapContract+".frostfs")
+	nmHash, err := helper.NNSResolveHash(wCtx.ReadOnlyInvoker, cs.Hash, helper.DomainOf(constants.NetmapContract))
 	if err != nil {
 		return fmt.Errorf("can't get netmap contract hash: %w", err)
 	}

 	forceFlag, _ := cmd.Flags().GetBool(forceConfigSet)
-
 	bw := io.NewBufBinWriter()
+	prm := make(map[string]any)
 	for _, arg := range args {
 		k, v, err := parseConfigPair(arg, forceFlag)
 		if err != nil {
 			return err
 		}

+		prm[k] = v
+	}
+
+	if err := validateConfig(prm, forceFlag); err != nil {
+		return err
+	}
+
+	for k, v := range prm {
 		// In NeoFS this is done via Notary contract. Here, however, we can form the
 		// transaction locally. The first `nil` argument is required only for notary
 		// disabled environment which is not supported by that command.
@ -118,12 +129,39 @@ func setConfigCmd(cmd *cobra.Command, args []string) error {
 		}
 	}

-	err = wCtx.sendConsensusTx(bw.Bytes())
+	err = wCtx.SendConsensusTx(bw.Bytes())
 	if err != nil {
 		return err
 	}

-	return wCtx.awaitTx()
+	return wCtx.AwaitTx()
+}
+
+func validateConfig(args map[string]any, forceFlag bool) error {
+	var sumEC int64
+	_, okData := args[netmap.MaxECDataCountConfig]
+	_, okParity := args[netmap.MaxECParityCountConfig]
+	if okData != okParity {
+		return fmt.Errorf("both %s and %s must be present in the configuration",
+			netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig)
+	}
+
+	for k, v := range args {
+		value, ok := v.(int64)
+		if !ok || value < 0 {
+			return fmt.Errorf("%s must be >= 0, got %v", k, v)
+		}
+
+		if k == netmap.MaxECDataCountConfig || k == netmap.MaxECParityCountConfig {
+			sumEC += value
+		}
+	}
+
+	if sumEC > 256 && !forceFlag {
+		return fmt.Errorf("the sum of %s and %s must be <= 256, got %d",
+			netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig, sumEC)
+	}
+	return nil
 }

 func parseConfigPair(kvStr string, force bool) (key string, val any, err error) {
@ -138,7 +176,8 @@ func parseConfigPair(kvStr string, force bool) (key string, val any, err error)
 	switch key {
 	case netmap.ContainerFeeConfig, netmap.ContainerAliasFeeConfig,
 		netmap.EpochDurationConfig, netmap.IrCandidateFeeConfig,
-		netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig:
+		netmap.MaxObjectSizeConfig, netmap.WithdrawFeeConfig,
+		netmap.MaxECDataCountConfig, netmap.MaxECParityCountConfig:
 		val, err = strconv.ParseInt(valRaw, 10, 64)
 		if err != nil {
 			err = fmt.Errorf("could not parse %s's value '%s' as int: %w", key, valRaw, err)
@ -161,7 +200,3 @@ func parseConfigPair(kvStr string, force bool) (key string, val any, err error)

 	return
 }
-
-func invalidConfigValueErr(key string) error {
-	return fmt.Errorf("invalid %s config value from netmap contract", key)
-}
--- a/cmd/frostfs-adm/internal/modules/morph/config/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/config/root.go
@ -0,0 +1,46 @@
+package config
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var (
+	SetCmd = &cobra.Command{
+		Use:                   "set-config key1=val1 [key2=val2 ...]",
+		DisableFlagsInUseLine: true,
+		Short:                 "Add/update global config value in the FrostFS network",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Args: cobra.MinimumNArgs(1),
+		RunE: SetConfigCmd,
+	}
+
+	DumpCmd = &cobra.Command{
+		Use:   "dump-config",
+		Short: "Dump FrostFS network config",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		RunE: dumpNetworkConfig,
+	}
+)
+
+func initSetConfigCmd() {
+	SetCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	SetCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	SetCmd.Flags().Bool(forceConfigSet, false, "Force setting not well-known configuration key")
+	SetCmd.Flags().String(commonflags.LocalDumpFlag, "", "Path to the blocks dump file")
+}
+
+func initDumpNetworkConfigCmd() {
+	DumpCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+}
+
+func init() {
+	initSetConfigCmd()
+	initDumpNetworkConfigCmd()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/constants/const.go
+++ b/cmd/frostfs-adm/internal/modules/morph/constants/const.go
@ -0,0 +1,60 @@
+package constants
+
+import "time"
+
+const (
+	ConsensusAccountName = "consensus"
+	ProtoConfigPath      = "protocol"
+
+	// MaxAlphabetNodes is the maximum number of candidates allowed, which is currently limited by the size
+	// of the invocation script.
+	// See: https://github.com/nspcc-dev/neo-go/blob/740488f7f35e367eaa99a71c0a609c315fe2b0fc/pkg/core/transaction/witness.go#L10
+	MaxAlphabetNodes = 22
+
+	SingleAccountName    = "single"
+	CommitteeAccountName = "committee"
+
+	NNSContract        = "nns"
+	FrostfsContract    = "frostfs"    // not deployed in side-chain.
+	ProcessingContract = "processing" // not deployed in side-chain.
+	AlphabetContract   = "alphabet"
+	BalanceContract    = "balance"
+	ContainerContract  = "container"
+	FrostfsIDContract  = "frostfsid"
+	NetmapContract     = "netmap"
+	PolicyContract     = "policy"
+	ProxyContract      = "proxy"
+
+	ContractWalletFilename    = "contract.json"
+	ContractWalletPasswordKey = "contract"
+
+	FrostfsOpsEmail  = "ops@frostfs.info"
+	NNSRefreshDefVal = int64(3600)
+	NNSRetryDefVal   = int64(600)
+	NNSTtlDefVal     = int64(3600)
+
+	DefaultExpirationTime = 10 * 365 * 24 * time.Hour / time.Second
+
+	DeployMethodName = "deploy"
+	UpdateMethodName = "update"
+
+	TestContractPassword = "grouppass"
+)
+
+var (
+	ContractList = []string{
+		BalanceContract,
+		ContainerContract,
+		FrostfsIDContract,
+		NetmapContract,
+		PolicyContract,
+		ProxyContract,
+	}
+
+	FullContractList = append([]string{
+		FrostfsContract,
+		ProcessingContract,
+		NNSContract,
+		AlphabetContract,
+	}, ContractList...)
+)
--- a/cmd/frostfs-adm/internal/modules/morph/container/container.go
+++ b/cmd/frostfs-adm/internal/modules/morph/container/container.go
@ -1,12 +1,15 @@
-package morph
+package container

 import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"os"
+	"slices"
 	"sort"

+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
 	"github.com/nspcc-dev/neo-go/pkg/io"
@ -35,7 +38,7 @@ func getContainerContractHash(cmd *cobra.Command, inv *invoker.Invoker) (util.Ui
 		if err != nil {
 			return util.Uint160{}, fmt.Errorf("can't get NNS contract state: %w", err)
 		}
-		ch, err = nnsResolveHash(inv, nnsCs.Hash, containerContract+".frostfs")
+		ch, err = helper.NNSResolveHash(inv, nnsCs.Hash, helper.DomainOf(constants.ContainerContract))
 		if err != nil {
 			return util.Uint160{}, err
 		}
@ -73,7 +76,7 @@ func dumpContainers(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("invalid filename: %w", err)
 	}

-	c, err := getN3Client(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@ -163,7 +166,7 @@ func dumpSingleContainer(bw *io.BufBinWriter, ch util.Uint160, inv *invoker.Invo
 }

 func listContainers(cmd *cobra.Command, _ []string) error {
-	c, err := getN3Client(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@ -192,11 +195,11 @@ func restoreContainers(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("invalid filename: %w", err)
 	}

-	wCtx, err := newInitializeContext(cmd, viper.GetViper())
+	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
 		return err
 	}
-	defer wCtx.close()
+	defer wCtx.Close()

 	containers, err := parseContainers(filename)
 	if err != nil {
@ -218,10 +221,10 @@ func restoreContainers(cmd *cobra.Command, _ []string) error {
 		return err
 	}

-	return wCtx.awaitTx()
+	return wCtx.AwaitTx()
 }

-func restoreOrPutContainers(containers []Container, isOK func([]byte) bool, cmd *cobra.Command, wCtx *initializeContext, ch util.Uint160) error {
+func restoreOrPutContainers(containers []Container, isOK func([]byte) bool, cmd *cobra.Command, wCtx *helper.InitializeContext, ch util.Uint160) error {
 	bw := io.NewBufBinWriter()
 	for _, cnt := range containers {
 		hv := hash.Sha256(cnt.Value)
@ -245,7 +248,7 @@ func restoreOrPutContainers(containers []Container, isOK func([]byte) bool, cmd
 			panic(bw.Err)
 		}

-		if err := wCtx.sendConsensusTx(bw.Bytes()); err != nil {
+		if err := wCtx.SendConsensusTx(bw.Bytes()); err != nil {
 			return err
 		}
 	}
@ -261,7 +264,7 @@ func putContainer(bw *io.BufBinWriter, ch util.Uint160, cnt Container) {
 	}
 }

-func isContainerRestored(cmd *cobra.Command, wCtx *initializeContext, containerHash util.Uint160, bw *io.BufBinWriter, hashValue util.Uint256) (bool, error) {
+func isContainerRestored(cmd *cobra.Command, wCtx *helper.InitializeContext, containerHash util.Uint160, bw *io.BufBinWriter, hashValue util.Uint256) (bool, error) {
 	emit.AppCall(bw.BinWriter, containerHash, "get", callflag.All, hashValue.BytesBE())
 	res, err := wCtx.Client.InvokeScript(bw.Bytes(), nil)
 	if err != nil {
@ -299,14 +302,14 @@ func parseContainers(filename string) ([]Container, error) {
 	return containers, nil
 }

-func fetchContainerContractHash(wCtx *initializeContext) (util.Uint160, error) {
+func fetchContainerContractHash(wCtx *helper.InitializeContext) (util.Uint160, error) {
 	r := management.NewReader(wCtx.ReadOnlyInvoker)
 	nnsCs, err := r.GetContractByID(1)
 	if err != nil {
 		return util.Uint160{}, fmt.Errorf("can't get NNS contract state: %w", err)
 	}

-	ch, err := nnsResolveHash(wCtx.ReadOnlyInvoker, nnsCs.Hash, containerContract+".frostfs")
+	ch, err := helper.NNSResolveHash(wCtx.ReadOnlyInvoker, nnsCs.Hash, helper.DomainOf(constants.ContainerContract))
 	if err != nil {
 		return util.Uint160{}, fmt.Errorf("can't fetch container contract hash: %w", err)
 	}
@ -444,7 +447,7 @@ func getCIDFilterFunc(cmd *cobra.Command) (func([]byte) bool, error) {
 		var id cid.ID
 		id.SetSHA256(v)
 		idStr := id.EncodeToString()
-		n := sort.Search(len(rawIDs), func(i int) bool { return rawIDs[i] >= idStr })
-		return n < len(rawIDs) && rawIDs[n] == idStr
+		_, found := slices.BinarySearch(rawIDs, idStr)
+		return found
 	}, nil
 }
--- a/cmd/frostfs-adm/internal/modules/morph/container/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/container/root.go
@ -0,0 +1,68 @@
+package container
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+const (
+	containerDumpFlag     = "dump"
+	containerContractFlag = "container-contract"
+	containerIDsFlag      = "cid"
+)
+
+var (
+	DumpCmd = &cobra.Command{
+		Use:   "dump-containers",
+		Short: "Dump FrostFS containers to file",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		RunE: dumpContainers,
+	}
+
+	RestoreCmd = &cobra.Command{
+		Use:   "restore-containers",
+		Short: "Restore FrostFS containers from file",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		RunE: restoreContainers,
+	}
+
+	ListCmd = &cobra.Command{
+		Use:   "list-containers",
+		Short: "List FrostFS containers",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		RunE: listContainers,
+	}
+)
+
+func initListContainersCmd() {
+	ListCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	ListCmd.Flags().String(containerContractFlag, "", "Container contract hash (for networks without NNS)")
+}
+
+func initRestoreContainersCmd() {
+	RestoreCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	RestoreCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	RestoreCmd.Flags().String(containerDumpFlag, "", "File to restore containers from")
+	RestoreCmd.Flags().StringSlice(containerIDsFlag, nil, "Containers to restore")
+}
+
+func initDumpContainersCmd() {
+	DumpCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	DumpCmd.Flags().String(containerDumpFlag, "", "File where to save dumped containers")
+	DumpCmd.Flags().String(containerContractFlag, "", "Container contract hash (for networks without NNS)")
+	DumpCmd.Flags().StringSlice(containerIDsFlag, nil, "Containers to dump")
+}
+
+func init() {
+	initDumpContainersCmd()
+	initRestoreContainersCmd()
+	initListContainersCmd()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/contract/deploy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/contract/deploy.go
@ -1,4 +1,4 @@
-package morph
+package contract

 import (
 	"encoding/json"
@ -7,6 +7,9 @@ import (
 	"strings"

 	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"github.com/nspcc-dev/neo-go/cli/cmdargs"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
@ -23,10 +26,9 @@ import (
 const (
 	contractPathFlag = "contract"
 	updateFlag       = "update"
-	customZoneFlag   = "domain"
 )

-var deployCmd = &cobra.Command{
+var DeployCmd = &cobra.Command{
 	Use:   "deploy",
 	Short: "Deploy additional smart-contracts",
 	Long: `Deploy additional smart-contract which are not related to core.
@ -37,33 +39,33 @@ Compiled contract file name must contain '_contract.nef' suffix.
 Contract's manifest file name must be 'config.json'.
 NNS name is taken by stripping '_contract.nef' from the NEF file (similar to frostfs contracts).`,
 	PreRun: func(cmd *cobra.Command, _ []string) {
-		_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
-		_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
+		_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+		_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 	},
 	RunE: deployContractCmd,
 }

 func init() {
-	ff := deployCmd.Flags()
+	ff := DeployCmd.Flags()

-	ff.String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
-	_ = deployCmd.MarkFlagFilename(alphabetWalletsFlag)
+	ff.String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	_ = DeployCmd.MarkFlagFilename(commonflags.AlphabetWalletsFlag)

-	ff.StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
+	ff.StringP(commonflags.EndpointFlag, "r", "", commonflags.EndpointFlagDesc)
 	ff.String(contractPathFlag, "", "Path to the contract directory")
-	_ = deployCmd.MarkFlagFilename(contractPathFlag)
+	_ = DeployCmd.MarkFlagFilename(contractPathFlag)

 	ff.Bool(updateFlag, false, "Update an existing contract")
-	ff.String(customZoneFlag, "frostfs", "Custom zone for NNS")
+	ff.String(commonflags.CustomZoneFlag, "frostfs", "Custom zone for NNS")
 }

 func deployContractCmd(cmd *cobra.Command, args []string) error {
 	v := viper.GetViper()
-	c, err := newInitializeContext(cmd, v)
+	c, err := helper.NewInitializeContext(cmd, v)
 	if err != nil {
 		return fmt.Errorf("initialization error: %w", err)
 	}
-	defer c.close()
+	defer c.Close()

 	ctrPath, _ := cmd.Flags().GetString(contractPathFlag)
 	ctrName, err := probeContractName(ctrPath)
@ -71,7 +73,7 @@ func deployContractCmd(cmd *cobra.Command, args []string) error {
 		return err
 	}

-	cs, err := readContract(ctrPath, ctrName)
+	cs, err := helper.ReadContract(ctrPath, ctrName)
 	if err != nil {
 		return err
 	}
@ -83,17 +85,17 @@ func deployContractCmd(cmd *cobra.Command, args []string) error {
 	}

 	callHash := management.Hash
-	method := deployMethodName
-	zone, _ := cmd.Flags().GetString(customZoneFlag)
+	method := constants.DeployMethodName
+	zone, _ := cmd.Flags().GetString(commonflags.CustomZoneFlag)
 	domain := ctrName + "." + zone
 	isUpdate, _ := cmd.Flags().GetBool(updateFlag)
 	if isUpdate {
-		cs.Hash, err = nnsResolveHash(c.ReadOnlyInvoker, nnsCs.Hash, domain)
+		cs.Hash, err = helper.NNSResolveHash(c.ReadOnlyInvoker, nnsCs.Hash, domain)
 		if err != nil {
 			return fmt.Errorf("can't fetch contract hash from NNS: %w", err)
 		}
 		callHash = cs.Hash
-		method = updateMethodName
+		method = constants.UpdateMethodName
 	} else {
 		cs.Hash = state.CreateContractHash(
 			c.CommitteeAcc.Contract.ScriptHash(),
@ -122,13 +124,13 @@ func deployContractCmd(cmd *cobra.Command, args []string) error {
 		panic(fmt.Errorf("BUG: can't create deployment script: %w", writer.Err))
 	}

-	if err := c.sendCommitteeTx(writer.Bytes(), false); err != nil {
+	if err := c.SendCommitteeTx(writer.Bytes(), false); err != nil {
 		return err
 	}
-	return c.awaitTx()
+	return c.AwaitTx()
 }

-func registerNNS(nnsCs *state.Contract, c *initializeContext, zone string, domain string, cs *contractState, writer *io.BufBinWriter) error {
+func registerNNS(nnsCs *state.Contract, c *helper.InitializeContext, zone string, domain string, cs *helper.ContractState, writer *io.BufBinWriter) error {
 	bw := io.NewBufBinWriter()
 	emit.Instruction(bw.BinWriter, opcode.INITSSLOT, []byte{1})
 	emit.AppCall(bw.BinWriter, nnsCs.Hash, "getPrice", callflag.All)
@ -138,7 +140,7 @@ func registerNNS(nnsCs *state.Contract, c *initializeContext, zone string, domai
 	start := bw.Len()
 	needRecord := false

-	ok, err := c.nnsRootRegistered(nnsCs.Hash, zone)
+	ok, err := c.NNSRootRegistered(nnsCs.Hash, zone)
 	if err != nil {
 		return err
 	} else if !ok {
@ -146,15 +148,17 @@ func registerNNS(nnsCs *state.Contract, c *initializeContext, zone string, domai

 		emit.AppCall(bw.BinWriter, nnsCs.Hash, "register", callflag.All,
 			zone, c.CommitteeAcc.Contract.ScriptHash(),
-			frostfsOpsEmail, int64(3600), int64(600), int64(defaultExpirationTime), int64(3600))
+			constants.FrostfsOpsEmail, constants.NNSRefreshDefVal, constants.NNSRetryDefVal,
+			int64(constants.DefaultExpirationTime), constants.NNSTtlDefVal)
 		emit.Opcodes(bw.BinWriter, opcode.ASSERT)

 		emit.AppCall(bw.BinWriter, nnsCs.Hash, "register", callflag.All,
 			domain, c.CommitteeAcc.Contract.ScriptHash(),
-			frostfsOpsEmail, int64(3600), int64(600), int64(defaultExpirationTime), int64(3600))
+			constants.FrostfsOpsEmail, constants.NNSRefreshDefVal, constants.NNSRetryDefVal,
+			int64(constants.DefaultExpirationTime), constants.NNSTtlDefVal)
 		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 	} else {
-		s, ok, err := c.nnsRegisterDomainScript(nnsCs.Hash, cs.Hash, domain)
+		s, ok, err := c.NNSRegisterDomainScript(nnsCs.Hash, cs.Hash, domain)
 		if err != nil {
 			return err
 		}
--- a/cmd/frostfs-adm/internal/modules/morph/contract/dump_hashes.go
+++ b/cmd/frostfs-adm/internal/modules/morph/contract/dump_hashes.go
@ -1,4 +1,4 @@
-package morph
+package contract

 import (
 	"bytes"
@ -8,11 +8,15 @@ import (
 	"text/tabwriter"

 	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	morphClient "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
@ -32,7 +36,7 @@ type contractDumpInfo struct {
 }

 func dumpContractHashes(cmd *cobra.Command, _ []string) error {
-	c, err := getN3Client(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@ -43,16 +47,16 @@ func dumpContractHashes(cmd *cobra.Command, _ []string) error {
 		return err
 	}

-	zone, _ := cmd.Flags().GetString(customZoneFlag)
+	zone, _ := cmd.Flags().GetString(commonflags.CustomZoneFlag)
 	if zone != "" {
 		return dumpCustomZoneHashes(cmd, cs.Hash, zone, c)
 	}

-	infos := []contractDumpInfo{{name: nnsContract, hash: cs.Hash}}
+	infos := []contractDumpInfo{{name: constants.NNSContract, hash: cs.Hash}}

 	irSize := 0
 	for ; irSize < lastGlagoliticLetter; irSize++ {
-		ok, err := nnsIsAvailable(c, cs.Hash, getAlphabetNNSDomain(irSize))
+		ok, err := helper.NNSIsAvailable(c, cs.Hash, helper.GetAlphabetNNSDomain(irSize))
 		if err != nil {
 			return err
 		} else if ok {
@ -66,7 +70,7 @@ func dumpContractHashes(cmd *cobra.Command, _ []string) error {
 		bw.Reset()
 		for i := 0; i < irSize; i++ {
 			emit.AppCall(bw.BinWriter, cs.Hash, "resolve", callflag.ReadOnly,
-				getAlphabetNNSDomain(i),
+				helper.GetAlphabetNNSDomain(i),
 				int64(nns.TXT))
 		}

@ -77,17 +81,17 @@ func dumpContractHashes(cmd *cobra.Command, _ []string) error {

 		for i := 0; i < irSize; i++ {
 			info := contractDumpInfo{name: fmt.Sprintf("alphabet %d", i)}
-			if h, err := parseNNSResolveResult(alphaRes.Stack[i]); err == nil {
+			if h, err := helper.ParseNNSResolveResult(alphaRes.Stack[i]); err == nil {
 				info.hash = h
 			}
 			infos = append(infos, info)
 		}
 	}

-	for _, ctrName := range contractList {
+	for _, ctrName := range constants.ContractList {
 		bw.Reset()
 		emit.AppCall(bw.BinWriter, cs.Hash, "resolve", callflag.ReadOnly,
-			ctrName+".frostfs", int64(nns.TXT))
+			helper.DomainOf(ctrName), int64(nns.TXT))

 		res, err := c.InvokeScript(bw.Bytes(), nil)
 		if err != nil {
@ -96,7 +100,7 @@ func dumpContractHashes(cmd *cobra.Command, _ []string) error {

 		info := contractDumpInfo{name: ctrName}
 		if len(res.Stack) != 0 {
-			if h, err := parseNNSResolveResult(res.Stack[0]); err == nil {
+			if h, err := helper.ParseNNSResolveResult(res.Stack[0]); err == nil {
 				info.hash = h
 			}
 		}
@ -109,7 +113,7 @@ func dumpContractHashes(cmd *cobra.Command, _ []string) error {
 	return nil
 }

-func dumpCustomZoneHashes(cmd *cobra.Command, nnsHash util.Uint160, zone string, c Client) error {
+func dumpCustomZoneHashes(cmd *cobra.Command, nnsHash util.Uint160, zone string, c helper.Client) error {
 	const nnsMaxTokens = 100

 	inv := invoker.New(c, nil)
@ -131,7 +135,7 @@ func dumpCustomZoneHashes(cmd *cobra.Command, nnsHash util.Uint160, zone string,
 			return
 		}

-		h, err := nnsResolveHash(inv, nnsHash, string(bs))
+		h, err := helper.NNSResolveHash(inv, nnsHash, string(bs))
 		if err != nil {
 			cmd.PrintErrf("Could not resolve name %s: %v\n", string(bs), err)
 			return
@ -143,7 +147,12 @@ func dumpCustomZoneHashes(cmd *cobra.Command, nnsHash util.Uint160, zone string,
 		})
 	}

-	sessionID, iter, err := unwrap.SessionIterator(inv.Call(nnsHash, "tokens"))
+	script, err := smartcontract.CreateCallAndPrefetchIteratorScript(nnsHash, "tokens", nnsMaxTokens)
+	if err != nil {
+		return fmt.Errorf("create prefetch script: %w", err)
+	}
+
+	arr, sessionID, iter, err := unwrap.ArrayAndSessionIterator(inv.Run(script))
 	if err != nil {
 		if errors.Is(err, unwrap.ErrNoSessionID) {
 			items, err := unwrap.Array(inv.CallAndExpandIterator(nnsHash, "tokens", nnsMaxTokens))
@ -160,16 +169,20 @@ func dumpCustomZoneHashes(cmd *cobra.Command, nnsHash util.Uint160, zone string,
 			return err
 		}
 	} else {
+		for i := range arr {
+			processItem(arr[i])
+		}
+
 		defer func() {
 			_ = inv.TerminateSession(sessionID)
 		}()

-		items, err := inv.TraverseIterator(sessionID, &iter, nnsMaxTokens)
+		items, err := inv.TraverseIterator(sessionID, &iter, 0)
 		for err == nil && len(items) != 0 {
 			for i := range items {
 				processItem(items[i])
 			}
-			items, err = inv.TraverseIterator(sessionID, &iter, nnsMaxTokens)
+			items, err = inv.TraverseIterator(sessionID, &iter, 0)
 		}
 		if err != nil {
 			return fmt.Errorf("error during NNS domains iteration: %w", err)
@ -214,7 +227,7 @@ func printContractInfo(cmd *cobra.Command, infos []contractDumpInfo) {
 	cmd.Print(buf.String())
 }

-func fillContractVersion(cmd *cobra.Command, c Client, infos []contractDumpInfo) {
+func fillContractVersion(cmd *cobra.Command, c helper.Client, infos []contractDumpInfo) {
 	bw := io.NewBufBinWriter()
 	sub := io.NewBufBinWriter()
 	for i := range infos {
--- a/cmd/frostfs-adm/internal/modules/morph/contract/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/contract/root.go
@ -0,0 +1,45 @@
+package contract
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var (
+	DumpHashesCmd = &cobra.Command{
+		Use:   "dump-hashes",
+		Short: "Dump deployed contract hashes",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		RunE: dumpContractHashes,
+	}
+	UpdateCmd = &cobra.Command{
+		Use:   "update-contracts",
+		Short: "Update FrostFS contracts",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		RunE: updateContracts,
+	}
+)
+
+func initDumpContractHashesCmd() {
+	DumpHashesCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	DumpHashesCmd.Flags().String(commonflags.CustomZoneFlag, "", "Custom zone to search.")
+}
+
+func initUpdateContractsCmd() {
+	UpdateCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	UpdateCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	UpdateCmd.Flags().String(commonflags.ContractsInitFlag, "", commonflags.ContractsInitFlagDesc)
+	UpdateCmd.Flags().String(commonflags.ContractsURLFlag, "", commonflags.ContractsURLFlagDesc)
+	UpdateCmd.MarkFlagsMutuallyExclusive(commonflags.ContractsInitFlag, commonflags.ContractsURLFlag)
+}
+
+func init() {
+	initDumpContractHashesCmd()
+	initUpdateContractsCmd()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/contract/update.go
+++ b/cmd/frostfs-adm/internal/modules/morph/contract/update.go
@ -0,0 +1,197 @@
+package contract
+
+import (
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"strings"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-contract/common"
+	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
+	morphClient "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	io2 "github.com/nspcc-dev/neo-go/pkg/io"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
+	neoUtil "github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
+	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var errMissingNNSRecord = errors.New("missing NNS record")
+
+func updateContracts(cmd *cobra.Command, _ []string) error {
+	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
+	if err != nil {
+		return fmt.Errorf("initialization error: %w", err)
+	}
+
+	if err := helper.DeployNNS(wCtx, constants.UpdateMethodName); err != nil {
+		return err
+	}
+
+	return updateContractsInternal(wCtx)
+}
+
+func updateContractsInternal(c *helper.InitializeContext) error {
+	alphaCs := c.GetContract(constants.AlphabetContract)
+
+	nnsCs, err := c.NNSContractState()
+	if err != nil {
+		return err
+	}
+	nnsHash := nnsCs.Hash
+
+	w := io2.NewBufBinWriter()
+
+	// Update script size for a single-node committee is close to the maximum allowed size of 65535.
+	// Because of this we want to reuse alphabet contract NEF and manifest for different updates.
+	// The generated script is as following.
+	// 1. Initialize static slot for alphabet NEF.
+	// 2. Store NEF into the static slot.
+	// 3. Push parameters for each alphabet contract on stack.
+	// 4. Add contract group to the manifest.
+	// 5. For each alphabet contract, invoke `update` using parameters on stack and
+	//    NEF from step 2 and manifest from step 4.
+	emit.Instruction(w.BinWriter, opcode.INITSSLOT, []byte{1})
+	emit.Bytes(w.BinWriter, alphaCs.RawNEF)
+	emit.Opcodes(w.BinWriter, opcode.STSFLD0)
+
+	keysParam, err := deployAlphabetAccounts(c, nnsHash, w, alphaCs)
+	if err != nil {
+		return err
+	}
+
+	w.Reset()
+
+	if err = deployOrUpdateContracts(c, w, nnsHash, keysParam); err != nil {
+		return err
+	}
+
+	groupKey := c.ContractWallet.Accounts[0].PrivateKey().PublicKey()
+	_, _, err = c.EmitUpdateNNSGroupScript(w, nnsHash, groupKey)
+	if err != nil {
+		return err
+	}
+	c.Command.Printf("NNS: Set %s -> %s\n", morphClient.NNSGroupKeyName, hex.EncodeToString(groupKey.Bytes()))
+
+	emit.Opcodes(w.BinWriter, opcode.LDSFLD0)
+	emit.Int(w.BinWriter, 1)
+	emit.Opcodes(w.BinWriter, opcode.PACK)
+	emit.AppCallNoArgs(w.BinWriter, nnsHash, "setPrice", callflag.All)
+
+	if err := c.SendCommitteeTx(w.Bytes(), false); err != nil {
+		return err
+	}
+	return c.AwaitTx()
+}
+
+func deployAlphabetAccounts(c *helper.InitializeContext, nnsHash neoUtil.Uint160, w *io2.BufBinWriter, alphaCs *helper.ContractState) ([]any, error) {
+	var keysParam []any
+
+	baseGroups := alphaCs.Manifest.Groups
+
+	// alphabet contracts should be deployed by individual nodes to get different hashes.
+	for i, acc := range c.Accounts {
+		ctrHash, err := helper.NNSResolveHash(c.ReadOnlyInvoker, nnsHash, helper.GetAlphabetNNSDomain(i))
+		if err != nil {
+			return nil, fmt.Errorf("can't resolve hash for contract update: %w", err)
+		}
+
+		keysParam = append(keysParam, acc.PrivateKey().PublicKey().Bytes())
+
+		params := c.GetAlphabetDeployItems(i, len(c.Wallets))
+		emit.Array(w.BinWriter, params...)
+
+		alphaCs.Manifest.Groups = baseGroups
+		err = helper.AddManifestGroup(c.ContractWallet, ctrHash, alphaCs)
+		if err != nil {
+			return nil, fmt.Errorf("can't sign manifest group: %v", err)
+		}
+
+		emit.Bytes(w.BinWriter, alphaCs.RawManifest)
+		emit.Opcodes(w.BinWriter, opcode.LDSFLD0)
+		emit.Int(w.BinWriter, 3)
+		emit.Opcodes(w.BinWriter, opcode.PACK)
+		emit.AppCallNoArgs(w.BinWriter, ctrHash, constants.UpdateMethodName, callflag.All)
+	}
+	if err := c.SendCommitteeTx(w.Bytes(), false); err != nil {
+		if !strings.Contains(err.Error(), common.ErrAlreadyUpdated) {
+			return nil, err
+		}
+		c.Command.Println("Alphabet contracts are already updated.")
+	}
+
+	return keysParam, nil
+}
+
+func deployOrUpdateContracts(c *helper.InitializeContext, w *io2.BufBinWriter, nnsHash neoUtil.Uint160, keysParam []any) error {
+	emit.Instruction(w.BinWriter, opcode.INITSSLOT, []byte{1})
+	emit.AppCall(w.BinWriter, nnsHash, "getPrice", callflag.All)
+	emit.Opcodes(w.BinWriter, opcode.STSFLD0)
+	emit.AppCall(w.BinWriter, nnsHash, "setPrice", callflag.All, 1)
+
+	for _, ctrName := range constants.ContractList {
+		cs := c.GetContract(ctrName)
+
+		method := constants.UpdateMethodName
+		ctrHash, err := helper.NNSResolveHash(c.ReadOnlyInvoker, nnsHash, helper.DomainOf(ctrName))
+		if err != nil {
+			if errors.Is(err, errMissingNNSRecord) {
+				// if contract not found we deploy it instead of update
+				method = constants.DeployMethodName
+			} else {
+				return fmt.Errorf("can't resolve hash for contract update: %w", err)
+			}
+		}
+
+		err = helper.AddManifestGroup(c.ContractWallet, ctrHash, cs)
+		if err != nil {
+			return fmt.Errorf("can't sign manifest group: %v", err)
+		}
+
+		invokeHash := management.Hash
+		if method == constants.UpdateMethodName {
+			invokeHash = ctrHash
+		}
+
+		args, err := helper.GetContractDeployData(c, ctrName, keysParam, constants.UpdateMethodName)
+		if err != nil {
+			return fmt.Errorf("%s: getting update params: %v", ctrName, err)
+		}
+		params := helper.GetContractDeployParameters(cs, args)
+		res, err := c.CommitteeAct.MakeCall(invokeHash, method, params...)
+		if err != nil {
+			if method != constants.UpdateMethodName || !strings.Contains(err.Error(), common.ErrAlreadyUpdated) {
+				return fmt.Errorf("deploy contract: %w", err)
+			}
+			c.Command.Printf("%s contract is already updated.\n", ctrName)
+			continue
+		}
+
+		w.WriteBytes(res.Script)
+
+		if method == constants.DeployMethodName {
+			// same actions are done in InitializeContext.setNNS, can be unified
+			domain := ctrName + ".frostfs"
+			script, ok, err := c.NNSRegisterDomainScript(nnsHash, cs.Hash, domain)
+			if err != nil {
+				return err
+			}
+			if !ok {
+				w.WriteBytes(script)
+				emit.AppCall(w.BinWriter, nnsHash, "deleteRecords", callflag.All, domain, int64(nns.TXT))
+				emit.AppCall(w.BinWriter, nnsHash, "addRecord", callflag.All,
+					domain, int64(nns.TXT), cs.Hash.StringLE())
+				emit.AppCall(w.BinWriter, nnsHash, "addRecord", callflag.All,
+					domain, int64(nns.TXT), address.Uint160ToString(cs.Hash))
+			}
+			c.Command.Printf("NNS: Set %s -> %s\n", domain, cs.Hash.StringLE())
+		}
+	}
+	return nil
+}
--- a/cmd/frostfs-adm/internal/modules/morph/epoch.go
+++ b/cmd/frostfs-adm/internal/modules/morph/epoch.go
@ -1,67 +0,0 @@
-package morph
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-
-	"github.com/nspcc-dev/neo-go/pkg/io"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
-	"github.com/nspcc-dev/neo-go/pkg/util"
-	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-func forceNewEpochCmd(cmd *cobra.Command, _ []string) error {
-	wCtx, err := newInitializeContext(cmd, viper.GetViper())
-	if err != nil {
-		return fmt.Errorf("can't to initialize context: %w", err)
-	}
-
-	r := management.NewReader(wCtx.ReadOnlyInvoker)
-	cs, err := r.GetContractByID(1)
-	if err != nil {
-		return fmt.Errorf("can't get NNS contract info: %w", err)
-	}
-
-	nmHash, err := nnsResolveHash(wCtx.ReadOnlyInvoker, cs.Hash, netmapContract+".frostfs")
-	if err != nil {
-		return fmt.Errorf("can't get netmap contract hash: %w", err)
-	}
-
-	bw := io.NewBufBinWriter()
-	if err := emitNewEpochCall(bw, wCtx, nmHash); err != nil {
-		return err
-	}
-
-	if err := wCtx.sendConsensusTx(bw.Bytes()); err != nil {
-		return err
-	}
-
-	if err := wCtx.awaitTx(); err != nil {
-		if strings.Contains(err.Error(), "invalid epoch") {
-			cmd.Println("Epoch has already ticked.")
-			return nil
-		}
-		return err
-	}
-	return nil
-}
-
-func emitNewEpochCall(bw *io.BufBinWriter, wCtx *initializeContext, nmHash util.Uint160) error {
-	curr, err := unwrap.Int64(wCtx.ReadOnlyInvoker.Call(nmHash, "epoch"))
-	if err != nil {
-		return errors.New("can't fetch current epoch from the netmap contract")
-	}
-
-	newEpoch := curr + 1
-	wCtx.Command.Printf("Current epoch: %d, increase to %d.\n", curr, newEpoch)
-
-	// In NeoFS this is done via Notary contract. Here, however, we can form the
-	// transaction locally.
-	emit.AppCall(bw.BinWriter, nmHash, "newEpoch", callflag.All, newEpoch)
-	return bw.Err
-}
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid.go
@ -0,0 +1,475 @@
+package frostfsid
+
+import (
+	"errors"
+	"fmt"
+	"sort"
+
+	frostfsidclient "git.frostfs.info/TrueCloudLab/frostfs-contract/frostfsid/client"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/nspcc-dev/neo-go/pkg/core/state"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/nspcc-dev/neo-go/pkg/io"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+const (
+	namespaceFlag      = "namespace"
+	subjectNameFlag    = "subject-name"
+	subjectKeyFlag     = "subject-key"
+	subjectAddressFlag = "subject-address"
+	includeNamesFlag   = "include-names"
+	groupNameFlag      = "group-name"
+	groupIDFlag        = "group-id"
+
+	rootNamespacePlaceholder = "<root>"
+)
+
+var (
+	Cmd = &cobra.Command{
+		Use:   "frostfsid",
+		Short: "Section for frostfsid interactions commands",
+	}
+
+	frostfsidCreateNamespaceCmd = &cobra.Command{
+		Use:   "create-namespace",
+		Short: "Create new namespace in frostfsid contract",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidCreateNamespace,
+	}
+
+	frostfsidListNamespacesCmd = &cobra.Command{
+		Use:   "list-namespaces",
+		Short: "List all namespaces in frostfsid",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidListNamespaces,
+	}
+
+	frostfsidCreateSubjectCmd = &cobra.Command{
+		Use:   "create-subject",
+		Short: "Create subject in frostfsid contract",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidCreateSubject,
+	}
+
+	frostfsidDeleteSubjectCmd = &cobra.Command{
+		Use:   "delete-subject",
+		Short: "Delete subject from frostfsid contract",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidDeleteSubject,
+	}
+
+	frostfsidListSubjectsCmd = &cobra.Command{
+		Use:   "list-subjects",
+		Short: "List subjects in namespace",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidListSubjects,
+	}
+
+	frostfsidCreateGroupCmd = &cobra.Command{
+		Use:   "create-group",
+		Short: "Create group in frostfsid contract",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidCreateGroup,
+	}
+
+	frostfsidDeleteGroupCmd = &cobra.Command{
+		Use:   "delete-group",
+		Short: "Delete group from frostfsid contract",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidDeleteGroup,
+	}
+
+	frostfsidListGroupsCmd = &cobra.Command{
+		Use:   "list-groups",
+		Short: "List groups in namespace",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidListGroups,
+	}
+
+	frostfsidAddSubjectToGroupCmd = &cobra.Command{
+		Use:   "add-subject-to-group",
+		Short: "Add subject to group",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidAddSubjectToGroup,
+	}
+
+	frostfsidRemoveSubjectFromGroupCmd = &cobra.Command{
+		Use:   "remove-subject-from-group",
+		Short: "Remove subject from group",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidRemoveSubjectFromGroup,
+	}
+
+	frostfsidListGroupSubjectsCmd = &cobra.Command{
+		Use:   "list-group-subjects",
+		Short: "List subjects in group",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidListGroupSubjects,
+	}
+)
+
+func initFrostfsIDCreateNamespaceCmd() {
+	Cmd.AddCommand(frostfsidCreateNamespaceCmd)
+	frostfsidCreateNamespaceCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidCreateNamespaceCmd.Flags().String(namespaceFlag, "", "Namespace name to create")
+	frostfsidCreateNamespaceCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	_ = frostfsidCreateNamespaceCmd.MarkFlagRequired(namespaceFlag)
+}
+
+func initFrostfsIDListNamespacesCmd() {
+	Cmd.AddCommand(frostfsidListNamespacesCmd)
+	frostfsidListNamespacesCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidListNamespacesCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+}
+
+func initFrostfsIDCreateSubjectCmd() {
+	Cmd.AddCommand(frostfsidCreateSubjectCmd)
+	frostfsidCreateSubjectCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidCreateSubjectCmd.Flags().String(namespaceFlag, "", "Namespace where create subject")
+	frostfsidCreateSubjectCmd.Flags().String(subjectNameFlag, "", "Subject name, must be unique in namespace")
+	frostfsidCreateSubjectCmd.Flags().String(subjectKeyFlag, "", "Subject hex-encoded public key")
+	frostfsidCreateSubjectCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+}
+
+func initFrostfsIDDeleteSubjectCmd() {
+	Cmd.AddCommand(frostfsidDeleteSubjectCmd)
+	frostfsidDeleteSubjectCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidDeleteSubjectCmd.Flags().String(subjectAddressFlag, "", "Subject address")
+	frostfsidDeleteSubjectCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+}
+
+func initFrostfsIDListSubjectsCmd() {
+	Cmd.AddCommand(frostfsidListSubjectsCmd)
+	frostfsidListSubjectsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidListSubjectsCmd.Flags().String(namespaceFlag, "", "Namespace to list subjects")
+	frostfsidListSubjectsCmd.Flags().Bool(includeNamesFlag, false, "Whether include subject name (require additional requests)")
+	frostfsidListSubjectsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+}
+
+func initFrostfsIDCreateGroupCmd() {
+	Cmd.AddCommand(frostfsidCreateGroupCmd)
+	frostfsidCreateGroupCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidCreateGroupCmd.Flags().String(namespaceFlag, "", "Namespace where create group")
+	frostfsidCreateGroupCmd.Flags().String(groupNameFlag, "", "Group name, must be unique in namespace")
+	frostfsidCreateGroupCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+}
+
+func initFrostfsIDDeleteGroupCmd() {
+	Cmd.AddCommand(frostfsidDeleteGroupCmd)
+	frostfsidDeleteGroupCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidDeleteGroupCmd.Flags().String(namespaceFlag, "", "Namespace to delete group")
+	frostfsidDeleteGroupCmd.Flags().Int64(groupIDFlag, 0, "Group id")
+	frostfsidDeleteGroupCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+}
+
+func initFrostfsIDListGroupsCmd() {
+	Cmd.AddCommand(frostfsidListGroupsCmd)
+	frostfsidListGroupsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidListGroupsCmd.Flags().String(namespaceFlag, "", "Namespace to list groups")
+	frostfsidListGroupsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+}
+
+func initFrostfsIDAddSubjectToGroupCmd() {
+	Cmd.AddCommand(frostfsidAddSubjectToGroupCmd)
+	frostfsidAddSubjectToGroupCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidAddSubjectToGroupCmd.Flags().String(subjectAddressFlag, "", "Subject address")
+	frostfsidAddSubjectToGroupCmd.Flags().Int64(groupIDFlag, 0, "Group id")
+	frostfsidAddSubjectToGroupCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+}
+
+func initFrostfsIDRemoveSubjectFromGroupCmd() {
+	Cmd.AddCommand(frostfsidRemoveSubjectFromGroupCmd)
+	frostfsidRemoveSubjectFromGroupCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidRemoveSubjectFromGroupCmd.Flags().String(subjectAddressFlag, "", "Subject address")
+	frostfsidRemoveSubjectFromGroupCmd.Flags().Int64(groupIDFlag, 0, "Group id")
+	frostfsidRemoveSubjectFromGroupCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+}
+
+func initFrostfsIDListGroupSubjectsCmd() {
+	Cmd.AddCommand(frostfsidListGroupSubjectsCmd)
+	frostfsidListGroupSubjectsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	frostfsidListGroupSubjectsCmd.Flags().String(namespaceFlag, "", "Namespace name")
+	frostfsidListGroupSubjectsCmd.Flags().Int64(groupIDFlag, 0, "Group id")
+	frostfsidListGroupSubjectsCmd.Flags().Bool(includeNamesFlag, false, "Whether include subject name (require additional requests)")
+	frostfsidListGroupSubjectsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+}
+
+func frostfsidCreateNamespace(cmd *cobra.Command, _ []string) {
+	ns := getFrostfsIDNamespace(cmd)
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
+
+	ffsid.addCall(ffsid.roCli.CreateNamespaceCall(ns))
+
+	err = ffsid.sendWait()
+	commonCmd.ExitOnErr(cmd, "create namespace error: %w", err)
+}
+
+func frostfsidListNamespaces(cmd *cobra.Command, _ []string) {
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract invoker: %w", err)
+
+	namespaces, err := ffsid.roCli.ListNamespaces()
+	commonCmd.ExitOnErr(cmd, "list namespaces: %w", err)
+
+	sort.Slice(namespaces, func(i, j int) bool { return namespaces[i].Name < namespaces[j].Name })
+
+	for _, namespace := range namespaces {
+		if namespace.Name == "" {
+			namespace.Name = rootNamespacePlaceholder
+		}
+		cmd.Printf("%s\n", namespace.Name)
+	}
+}
+
+func frostfsidCreateSubject(cmd *cobra.Command, _ []string) {
+	ns := getFrostfsIDNamespace(cmd)
+	subjName := getFrostfsIDSubjectName(cmd)
+	subjKey := getFrostfsIDSubjectKey(cmd)
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
+
+	ffsid.addCall(ffsid.roCli.CreateSubjectCall(ns, subjKey))
+	if subjName != "" {
+		ffsid.addCall(ffsid.roCli.SetSubjectNameCall(subjKey.GetScriptHash(), subjName))
+	}
+
+	err = ffsid.sendWait()
+	commonCmd.ExitOnErr(cmd, "create subject: %w", err)
+}
+
+func frostfsidDeleteSubject(cmd *cobra.Command, _ []string) {
+	subjectAddress := getFrostfsIDSubjectAddress(cmd)
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
+
+	ffsid.addCall(ffsid.roCli.DeleteSubjectCall(subjectAddress))
+
+	err = ffsid.sendWait()
+	commonCmd.ExitOnErr(cmd, "delete subject error: %w", err)
+}
+
+func frostfsidListSubjects(cmd *cobra.Command, _ []string) {
+	ns := getFrostfsIDNamespace(cmd)
+	includeNames, _ := cmd.Flags().GetBool(includeNamesFlag)
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract invoker: %w", err)
+
+	subAddresses, err := ffsid.roCli.ListNamespaceSubjects(ns)
+	commonCmd.ExitOnErr(cmd, "list subjects: %w", err)
+
+	sort.Slice(subAddresses, func(i, j int) bool { return subAddresses[i].Less(subAddresses[j]) })
+
+	for _, addr := range subAddresses {
+		if !includeNames {
+			cmd.Println(address.Uint160ToString(addr))
+			continue
+		}
+
+		subj, err := ffsid.roCli.GetSubject(addr)
+		commonCmd.ExitOnErr(cmd, "get subject: %w", err)
+
+		cmd.Printf("%s (%s)\n", address.Uint160ToString(addr), subj.Name)
+	}
+}
+
+func frostfsidCreateGroup(cmd *cobra.Command, _ []string) {
+	ns := getFrostfsIDNamespace(cmd)
+	groupName := getFrostfsIDGroupName(cmd)
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
+
+	ffsid.addCall(ffsid.roCli.CreateGroupCall(ns, groupName))
+
+	groupID, err := ffsid.roCli.ParseGroupID(ffsid.sendWaitRes())
+	commonCmd.ExitOnErr(cmd, "create group: %w", err)
+
+	cmd.Printf("group '%s' created with id: %d\n", groupName, groupID)
+}
+
+func frostfsidDeleteGroup(cmd *cobra.Command, _ []string) {
+	ns := getFrostfsIDNamespace(cmd)
+	groupID := getFrostfsIDGroupID(cmd)
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
+
+	ffsid.addCall(ffsid.roCli.DeleteGroupCall(ns, groupID))
+
+	err = ffsid.sendWait()
+	commonCmd.ExitOnErr(cmd, "delete group error: %w", err)
+}
+
+func frostfsidListGroups(cmd *cobra.Command, _ []string) {
+	ns := getFrostfsIDNamespace(cmd)
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract invoker: %w", err)
+
+	groups, err := ffsid.roCli.ListGroups(ns)
+	commonCmd.ExitOnErr(cmd, "list groups: %w", err)
+
+	sort.Slice(groups, func(i, j int) bool { return groups[i].Name < groups[j].Name })
+
+	for _, group := range groups {
+		cmd.Printf("%s (%d)\n", group.Name, group.ID)
+	}
+}
+
+func frostfsidAddSubjectToGroup(cmd *cobra.Command, _ []string) {
+	subjectAddress := getFrostfsIDSubjectAddress(cmd)
+	groupID := getFrostfsIDGroupID(cmd)
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
+
+	ffsid.addCall(ffsid.roCli.AddSubjectToGroupCall(subjectAddress, groupID))
+
+	err = ffsid.sendWait()
+	commonCmd.ExitOnErr(cmd, "add subject to group error: %w", err)
+}
+
+func frostfsidRemoveSubjectFromGroup(cmd *cobra.Command, _ []string) {
+	subjectAddress := getFrostfsIDSubjectAddress(cmd)
+	groupID := getFrostfsIDGroupID(cmd)
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
+
+	ffsid.addCall(ffsid.roCli.RemoveSubjectFromGroupCall(subjectAddress, groupID))
+
+	err = ffsid.sendWait()
+	commonCmd.ExitOnErr(cmd, "remove subject from group error: %w", err)
+}
+
+func frostfsidListGroupSubjects(cmd *cobra.Command, _ []string) {
+	ns := getFrostfsIDNamespace(cmd)
+	groupID := getFrostfsIDGroupID(cmd)
+	includeNames, _ := cmd.Flags().GetBool(includeNamesFlag)
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
+
+	subjects, err := ffsid.roCli.ListGroupSubjects(ns, groupID)
+	commonCmd.ExitOnErr(cmd, "list group subjects: %w", err)
+
+	sort.Slice(subjects, func(i, j int) bool { return subjects[i].Less(subjects[j]) })
+
+	for _, subjAddr := range subjects {
+		if !includeNames {
+			cmd.Println(address.Uint160ToString(subjAddr))
+			continue
+		}
+
+		subj, err := ffsid.roCli.GetSubject(subjAddr)
+		commonCmd.ExitOnErr(cmd, "get subject: %w", err)
+
+		cmd.Printf("%s (%s)\n", address.Uint160ToString(subjAddr), subj.Name)
+	}
+}
+
+type frostfsidClient struct {
+	bw           *io.BufBinWriter
+	contractHash util.Uint160
+	roCli        *frostfsidclient.Client // client can be used only for waiting tx, parsing and forming method params
+	wCtx         *helper.InitializeContext
+}
+
+func newFrostfsIDClient(cmd *cobra.Command) (*frostfsidClient, error) {
+	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
+	if err != nil {
+		return nil, fmt.Errorf("can't to initialize context: %w", err)
+	}
+
+	r := management.NewReader(wCtx.ReadOnlyInvoker)
+	cs, err := r.GetContractByID(1)
+	if err != nil {
+		return nil, fmt.Errorf("can't get NNS contract info: %w", err)
+	}
+
+	ffsidHash, err := helper.NNSResolveHash(wCtx.ReadOnlyInvoker, cs.Hash, helper.DomainOf(constants.FrostfsIDContract))
+	if err != nil {
+		return nil, fmt.Errorf("can't get proxy contract hash: %w", err)
+	}
+
+	return &frostfsidClient{
+		bw:           io.NewBufBinWriter(),
+		contractHash: ffsidHash,
+		roCli:        frostfsidclient.NewSimple(wCtx.CommitteeAct, ffsidHash),
+		wCtx:         wCtx,
+	}, nil
+}
+
+func (f *frostfsidClient) addCall(method string, args []any) {
+	emit.AppCall(f.bw.BinWriter, f.contractHash, method, callflag.All, args...)
+}
+
+func (f *frostfsidClient) sendWait() error {
+	if err := f.wCtx.SendConsensusTx(f.bw.Bytes()); err != nil {
+		return err
+	}
+	f.bw.Reset()
+
+	return f.wCtx.AwaitTx()
+}
+
+func (f *frostfsidClient) sendWaitRes() (*state.AppExecResult, error) {
+	if err := f.wCtx.SendConsensusTx(f.bw.Bytes()); err != nil {
+		return nil, err
+	}
+	f.bw.Reset()
+
+	if len(f.wCtx.SentTxs) == 0 {
+		return nil, errors.New("no transactions to wait")
+	}
+
+	f.wCtx.Command.Println("Waiting for transactions to persist...")
+	return f.roCli.Wait(f.wCtx.SentTxs[0].Hash, f.wCtx.SentTxs[0].Vub, nil)
+}
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid_util.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid_util.go
@ -0,0 +1,77 @@
+package frostfsid
+
+import (
+	"errors"
+	"fmt"
+
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/internal/ape"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/spf13/cobra"
+)
+
+func getFrostfsIDSubjectKey(cmd *cobra.Command) *keys.PublicKey {
+	subjKeyHex, _ := cmd.Flags().GetString(subjectKeyFlag)
+	subjKey, err := keys.NewPublicKeyFromString(subjKeyHex)
+	commonCmd.ExitOnErr(cmd, "invalid subject key: %w", err)
+	return subjKey
+}
+
+func getFrostfsIDSubjectAddress(cmd *cobra.Command) util.Uint160 {
+	subjAddress, _ := cmd.Flags().GetString(subjectAddressFlag)
+	subjAddr, err := address.StringToUint160(subjAddress)
+	commonCmd.ExitOnErr(cmd, "invalid subject address: %w", err)
+	return subjAddr
+}
+
+func getFrostfsIDSubjectName(cmd *cobra.Command) string {
+	subjectName, _ := cmd.Flags().GetString(subjectNameFlag)
+
+	if subjectName == "" {
+		return ""
+	}
+
+	if !ape.SubjectNameRegexp.MatchString(subjectName) {
+		commonCmd.ExitOnErr(cmd, "invalid subject name: %w",
+			fmt.Errorf("name must match regexp: %s", ape.SubjectNameRegexp.String()))
+	}
+
+	return subjectName
+}
+
+func getFrostfsIDGroupName(cmd *cobra.Command) string {
+	groupName, _ := cmd.Flags().GetString(groupNameFlag)
+
+	if !ape.GroupNameRegexp.MatchString(groupName) {
+		commonCmd.ExitOnErr(cmd, "invalid group name: %w",
+			fmt.Errorf("name must match regexp: %s", ape.GroupNameRegexp.String()))
+	}
+
+	return groupName
+}
+
+func getFrostfsIDGroupID(cmd *cobra.Command) int64 {
+	groupID, _ := cmd.Flags().GetInt64(groupIDFlag)
+	if groupID <= 0 {
+		commonCmd.ExitOnErr(cmd, "invalid group id: %w",
+			errors.New("group id must be positive integer"))
+	}
+
+	return groupID
+}
+
+func getFrostfsIDNamespace(cmd *cobra.Command) string {
+	ns, _ := cmd.Flags().GetString(namespaceFlag)
+	if ns == rootNamespacePlaceholder {
+		ns = ""
+	}
+
+	if !ape.NamespaceNameRegexp.MatchString(ns) {
+		commonCmd.ExitOnErr(cmd, "invalid namespace: %w",
+			fmt.Errorf("name must match regexp: %s", ape.NamespaceNameRegexp.String()))
+	}
+
+	return ns
+}
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid_util_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid_util_test.go
@ -0,0 +1,174 @@
+package frostfsid
+
+import (
+	"encoding/hex"
+	"testing"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/internal/ape"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/spf13/viper"
+	"github.com/stretchr/testify/require"
+)
+
+func TestFrostfsIDConfig(t *testing.T) {
+	pks := make([]*keys.PrivateKey, 4)
+	for i := range pks {
+		pk, err := keys.NewPrivateKey()
+		require.NoError(t, err)
+		pks[i] = pk
+	}
+
+	fmts := []string{
+		pks[0].GetScriptHash().StringLE(),
+		address.Uint160ToString(pks[1].GetScriptHash()),
+		hex.EncodeToString(pks[2].PublicKey().UncompressedBytes()),
+		hex.EncodeToString(pks[3].PublicKey().Bytes()),
+	}
+
+	for i := range fmts {
+		v := viper.New()
+		v.Set("frostfsid.admin", fmts[i])
+
+		actual, found, err := helper.GetFrostfsIDAdmin(v)
+		require.NoError(t, err)
+		require.True(t, found)
+		require.Equal(t, pks[i].GetScriptHash(), actual)
+	}
+
+	t.Run("bad key", func(t *testing.T) {
+		v := viper.New()
+		v.Set("frostfsid.admin", "abc")
+
+		_, found, err := helper.GetFrostfsIDAdmin(v)
+		require.Error(t, err)
+		require.True(t, found)
+	})
+	t.Run("missing key", func(t *testing.T) {
+		v := viper.New()
+
+		_, found, err := helper.GetFrostfsIDAdmin(v)
+		require.NoError(t, err)
+		require.False(t, found)
+	})
+}
+
+func TestNamespaceRegexp(t *testing.T) {
+	for _, tc := range []struct {
+		name      string
+		namespace string
+		matched   bool
+	}{
+		{
+			name:      "root empty ns",
+			namespace: "",
+			matched:   true,
+		},
+		{
+			name:      "simple valid ns",
+			namespace: "my-namespace-123",
+			matched:   true,
+		},
+		{
+			name:      "root placeholder",
+			namespace: "<root>",
+			matched:   false,
+		},
+		{
+			name:      "too long",
+			namespace: "abcdefghijklmnopkrstuvwxyzabcdefghijklmnopkrstuvwxyz",
+			matched:   false,
+		},
+		{
+			name:      "start with hyphen",
+			namespace: "-ns",
+			matched:   false,
+		},
+		{
+			name:      "end with hyphen",
+			namespace: "ns-",
+			matched:   false,
+		},
+		{
+			name:      "with spaces",
+			namespace: "ns ns",
+			matched:   false,
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			require.Equal(t, tc.matched, ape.NamespaceNameRegexp.MatchString(tc.namespace))
+		})
+	}
+}
+
+func TestSubjectNameRegexp(t *testing.T) {
+	for _, tc := range []struct {
+		name    string
+		subject string
+		matched bool
+	}{
+		{
+			name:    "empty",
+			subject: "",
+			matched: false,
+		},
+		{
+			name:    "invalid",
+			subject: "invalid{name}",
+			matched: false,
+		},
+		{
+			name:    "too long",
+			subject: "abcdefghijklmnopkrstuvwxyzabcdefghijklmnopkrstuvwxyzabcdefghijklmnopkrstuvwxyz",
+			matched: false,
+		},
+		{
+			name:    "valid",
+			subject: "valid_name.012345@6789",
+			matched: true,
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			require.Equal(t, tc.matched, ape.SubjectNameRegexp.MatchString(tc.subject))
+		})
+	}
+}
+
+func TestSubjectGroupRegexp(t *testing.T) {
+	for _, tc := range []struct {
+		name    string
+		subject string
+		matched bool
+	}{
+		{
+			name:    "empty",
+			subject: "",
+			matched: false,
+		},
+		{
+			name:    "invalid",
+			subject: "invalid{name}",
+			matched: false,
+		},
+		{
+			name:    "too long",
+			subject: "abcdefghijklmnopkrstuvwxyzabcdefghijklmnopkrstuvwxyzabcdefghijklmnopkrstuvwxyzabcdefghijklmnopkrstuvwxyzabcdefghijklmnopkrstuvwxyz",
+			matched: false,
+		},
+		{
+			name:    "long",
+			subject: "abcdefghijklmnopkrstuvwxyzabcdefghijklmnopkrstuvwxyzabcdefghijklmnopkrstuvwxyz",
+			matched: true,
+		},
+		{
+			name:    "valid",
+			subject: "valid_name.012345@6789",
+			matched: true,
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			require.Equal(t, tc.matched, ape.GroupNameRegexp.MatchString(tc.subject))
+		})
+	}
+}
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid/root.go
@ -0,0 +1,15 @@
+package frostfsid
+
+func init() {
+	initFrostfsIDCreateNamespaceCmd()
+	initFrostfsIDListNamespacesCmd()
+	initFrostfsIDCreateSubjectCmd()
+	initFrostfsIDDeleteSubjectCmd()
+	initFrostfsIDListSubjectsCmd()
+	initFrostfsIDCreateGroupCmd()
+	initFrostfsIDDeleteGroupCmd()
+	initFrostfsIDListGroupsCmd()
+	initFrostfsIDAddSubjectToGroupCmd()
+	initFrostfsIDRemoveSubjectFromGroupCmd()
+	initFrostfsIDListGroupSubjectsCmd()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/frostfsid_util_test.go
@ -1,53 +0,0 @@
-package morph
-
-import (
-	"encoding/hex"
-	"testing"
-
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
-	"github.com/spf13/viper"
-	"github.com/stretchr/testify/require"
-)
-
-func TestFrostfsIDConfig(t *testing.T) {
-	pks := make([]*keys.PrivateKey, 4)
-	for i := range pks {
-		pk, err := keys.NewPrivateKey()
-		require.NoError(t, err)
-		pks[i] = pk
-	}
-
-	fmts := []string{
-		pks[0].GetScriptHash().StringLE(),
-		address.Uint160ToString(pks[1].GetScriptHash()),
-		hex.EncodeToString(pks[2].PublicKey().UncompressedBytes()),
-		hex.EncodeToString(pks[3].PublicKey().Bytes()),
-	}
-
-	for i := range fmts {
-		v := viper.New()
-		v.Set("frostfsid.admin", fmts[i])
-
-		actual, found, err := getFrostfsIDAdmin(v)
-		require.NoError(t, err)
-		require.True(t, found)
-		require.Equal(t, pks[i].GetScriptHash(), actual)
-	}
-
-	t.Run("bad key", func(t *testing.T) {
-		v := viper.New()
-		v.Set("frostfsid.admin", "abc")
-
-		_, found, err := getFrostfsIDAdmin(v)
-		require.Error(t, err)
-		require.True(t, found)
-	})
-	t.Run("missing key", func(t *testing.T) {
-		v := viper.New()
-
-		_, found, err := getFrostfsIDAdmin(v)
-		require.NoError(t, err)
-		require.False(t, found)
-	})
-}
--- a/cmd/frostfs-adm/internal/modules/morph/generate/generate.go
+++ b/cmd/frostfs-adm/internal/modules/morph/generate/generate.go
@ -1,4 +1,4 @@
-package morph
+package generate

 import (
 	"errors"
@ -6,11 +6,13 @@ import (
 	"os"
 	"path/filepath"

+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/gas"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
@ -24,33 +26,27 @@ import (
 	"golang.org/x/sync/errgroup"
 )

-const (
-	singleAccountName    = "single"
-	committeeAccountName = "committee"
-	consensusAccountName = "consensus"
-)
-
-func generateAlphabetCreds(cmd *cobra.Command, _ []string) error {
+func AlphabetCreds(cmd *cobra.Command, _ []string) error {
 	// alphabet size is not part of the config
-	size, err := cmd.Flags().GetUint(alphabetSizeFlag)
+	size, err := cmd.Flags().GetUint(commonflags.AlphabetSizeFlag)
 	if err != nil {
 		return err
 	}
 	if size == 0 {
 		return errors.New("size must be > 0")
 	}
-	if size > maxAlphabetNodes {
-		return ErrTooManyAlphabetNodes
+	if size > constants.MaxAlphabetNodes {
+		return helper.ErrTooManyAlphabetNodes
 	}

 	v := viper.GetViper()
-	walletDir := config.ResolveHomePath(viper.GetString(alphabetWalletsFlag))
+	walletDir := config.ResolveHomePath(viper.GetString(commonflags.AlphabetWalletsFlag))
 	pwds, err := initializeWallets(v, walletDir, int(size))
 	if err != nil {
 		return err
 	}

-	_, err = initializeContractWallet(v, walletDir)
+	_, err = helper.InitializeContractWallet(v, walletDir)
 	if err != nil {
 		return err
 	}
@ -87,7 +83,7 @@ func initializeWallets(v *viper.Viper, walletDir string, size int) ([]string, er
 		if err != nil {
 			return nil, fmt.Errorf("can't create wallet: %w", err)
 		}
-		if err := w.CreateAccount(singleAccountName, password); err != nil {
+		if err := w.CreateAccount(constants.SingleAccountName, password); err != nil {
 			return nil, fmt.Errorf("can't create account: %w", err)
 		}

@ -106,10 +102,10 @@ func initializeWallets(v *viper.Viper, walletDir string, size int) ([]string, er
 		i := i
 		ps := pubs.Copy()
 		errG.Go(func() error {
-			if err := addMultisigAccount(wallets[i], majCount, committeeAccountName, passwords[i], ps); err != nil {
+			if err := addMultisigAccount(wallets[i], majCount, constants.CommitteeAccountName, passwords[i], ps); err != nil {
 				return fmt.Errorf("can't create committee account: %w", err)
 			}
-			if err := addMultisigAccount(wallets[i], bftCount, consensusAccountName, passwords[i], ps); err != nil {
+			if err := addMultisigAccount(wallets[i], bftCount, constants.ConsensusAccountName, passwords[i], ps); err != nil {
 				return fmt.Errorf("can't create consentus account: %w", err)
 			}
 			if err := wallets[i].SavePretty(); err != nil {
@ -144,7 +140,7 @@ func generateStorageCreds(cmd *cobra.Command, _ []string) error {

 func refillGas(cmd *cobra.Command, gasFlag string, createWallet bool) (err error) {
 	// storage wallet path is not part of the config
-	storageWalletPath, _ := cmd.Flags().GetString(storageWalletFlag)
+	storageWalletPath, _ := cmd.Flags().GetString(commonflags.StorageWalletFlag)
 	// wallet address is not part of the config
 	walletAddress, _ := cmd.Flags().GetString(walletAddressFlag)

@ -157,7 +153,7 @@ func refillGas(cmd *cobra.Command, gasFlag string, createWallet bool) (err error
 		}
 	} else {
 		if storageWalletPath == "" {
-			return fmt.Errorf("missing wallet path (use '--%s <out.json>')", storageWalletFlag)
+			return fmt.Errorf("missing wallet path (use '--%s <out.json>')", commonflags.StorageWalletFlag)
 		}

 		var w *wallet.Wallet
@ -182,7 +178,7 @@ func refillGas(cmd *cobra.Command, gasFlag string, createWallet bool) (err error
 			}

 			if label == "" {
-				label = singleAccountName
+				label = constants.SingleAccountName
 			}

 			if err := w.CreateAccount(label, password); err != nil {
@ -195,12 +191,12 @@ func refillGas(cmd *cobra.Command, gasFlag string, createWallet bool) (err error

 	gasStr := viper.GetString(gasFlag)

-	gasAmount, err := parseGASAmount(gasStr)
+	gasAmount, err := helper.ParseGASAmount(gasStr)
 	if err != nil {
 		return err
 	}

-	wCtx, err := newInitializeContext(cmd, viper.GetViper())
+	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
 		return err
 	}
@ -213,20 +209,9 @@ func refillGas(cmd *cobra.Command, gasFlag string, createWallet bool) (err error
 		return fmt.Errorf("BUG: invalid transfer arguments: %w", bw.Err)
 	}

-	if err := wCtx.sendCommitteeTx(bw.Bytes(), false); err != nil {
+	if err := wCtx.SendCommitteeTx(bw.Bytes(), false); err != nil {
 		return err
 	}

-	return wCtx.awaitTx()
-}
-
-func parseGASAmount(s string) (fixedn.Fixed8, error) {
-	gasAmount, err := fixedn.Fixed8FromString(s)
-	if err != nil {
-		return 0, fmt.Errorf("invalid GAS amount %s: %w", s, err)
-	}
-	if gasAmount <= 0 {
-		return 0, fmt.Errorf("GAS amount must be positive (got %d)", gasAmount)
-	}
-	return gasAmount, nil
+	return wCtx.AwaitTx()
 }
--- a/cmd/frostfs-adm/internal/modules/morph/generate/generate_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/generate/generate_test.go
@ -1,4 +1,4 @@
-package morph
+package generate

 import (
 	"bytes"
@ -10,6 +10,8 @@ import (
 	"sync"
 	"testing"

+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
 	"github.com/nspcc-dev/neo-go/cli/input"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
@ -20,57 +22,55 @@ import (
 	"golang.org/x/term"
 )

-const testContractPassword = "grouppass"
-
 func TestGenerateAlphabet(t *testing.T) {
 	const size = 4

 	walletDir := t.TempDir()
 	buf := setupTestTerminal(t)

-	cmd := generateAlphabetCmd
+	cmd := GenerateAlphabetCmd
 	v := viper.GetViper()

 	t.Run("zero size", func(t *testing.T) {
 		buf.Reset()
-		v.Set(alphabetWalletsFlag, walletDir)
-		require.NoError(t, cmd.Flags().Set(alphabetSizeFlag, "0"))
+		v.Set(commonflags.AlphabetWalletsFlag, walletDir)
+		require.NoError(t, cmd.Flags().Set(commonflags.AlphabetSizeFlag, "0"))
 		buf.WriteString("pass\r")
-		require.Error(t, generateAlphabetCreds(cmd, nil))
+		require.Error(t, AlphabetCreds(cmd, nil))
 	})
 	t.Run("no password provided", func(t *testing.T) {
 		buf.Reset()
-		v.Set(alphabetWalletsFlag, walletDir)
-		require.NoError(t, cmd.Flags().Set(alphabetSizeFlag, "1"))
-		require.Error(t, generateAlphabetCreds(cmd, nil))
+		v.Set(commonflags.AlphabetWalletsFlag, walletDir)
+		require.NoError(t, cmd.Flags().Set(commonflags.AlphabetSizeFlag, "1"))
+		require.Error(t, AlphabetCreds(cmd, nil))
 	})
 	t.Run("missing directory", func(t *testing.T) {
 		buf.Reset()
 		dir := filepath.Join(os.TempDir(), "notexist."+strconv.FormatUint(rand.Uint64(), 10))
-		v.Set(alphabetWalletsFlag, dir)
-		require.NoError(t, cmd.Flags().Set(alphabetSizeFlag, "1"))
+		v.Set(commonflags.AlphabetWalletsFlag, dir)
+		require.NoError(t, cmd.Flags().Set(commonflags.AlphabetSizeFlag, "1"))
 		buf.WriteString("pass\r")
-		require.Error(t, generateAlphabetCreds(cmd, nil))
+		require.Error(t, AlphabetCreds(cmd, nil))
 	})
 	t.Run("no password for contract group wallet", func(t *testing.T) {
 		buf.Reset()
-		v.Set(alphabetWalletsFlag, walletDir)
-		require.NoError(t, cmd.Flags().Set(alphabetSizeFlag, strconv.FormatUint(size, 10)))
+		v.Set(commonflags.AlphabetWalletsFlag, walletDir)
+		require.NoError(t, cmd.Flags().Set(commonflags.AlphabetSizeFlag, strconv.FormatUint(size, 10)))
 		for i := uint64(0); i < size; i++ {
 			buf.WriteString(strconv.FormatUint(i, 10) + "\r")
 		}
-		require.Error(t, generateAlphabetCreds(cmd, nil))
+		require.Error(t, AlphabetCreds(cmd, nil))
 	})

 	buf.Reset()
-	v.Set(alphabetWalletsFlag, walletDir)
-	require.NoError(t, generateAlphabetCmd.Flags().Set(alphabetSizeFlag, strconv.FormatUint(size, 10)))
+	v.Set(commonflags.AlphabetWalletsFlag, walletDir)
+	require.NoError(t, GenerateAlphabetCmd.Flags().Set(commonflags.AlphabetSizeFlag, strconv.FormatUint(size, 10)))
 	for i := uint64(0); i < size; i++ {
 		buf.WriteString(strconv.FormatUint(i, 10) + "\r")
 	}

-	buf.WriteString(testContractPassword + "\r")
-	require.NoError(t, generateAlphabetCreds(generateAlphabetCmd, nil))
+	buf.WriteString(constants.TestContractPassword + "\r")
+	require.NoError(t, AlphabetCreds(GenerateAlphabetCmd, nil))

 	var wg sync.WaitGroup
 	for i := uint64(0); i < size; i++ {
@ -87,12 +87,12 @@ func TestGenerateAlphabet(t *testing.T) {
 				err := a.Decrypt(strconv.FormatUint(i, 10), keys.NEP2ScryptParams())
 				require.NoError(t, err, "can't decrypt account")
 				switch a.Label {
-				case consensusAccountName:
+				case constants.ConsensusAccountName:
 					require.Equal(t, smartcontract.GetDefaultHonestNodeCount(size), len(a.Contract.Parameters))
-				case committeeAccountName:
+				case constants.CommitteeAccountName:
 					require.Equal(t, smartcontract.GetMajorityHonestNodeCount(size), len(a.Contract.Parameters))
 				default:
-					require.Equal(t, singleAccountName, a.Label)
+					require.Equal(t, constants.SingleAccountName, a.Label)
 				}
 			}
 		}()
@ -100,11 +100,11 @@ func TestGenerateAlphabet(t *testing.T) {
 	wg.Wait()

 	t.Run("check contract group wallet", func(t *testing.T) {
-		p := filepath.Join(walletDir, contractWalletFilename)
+		p := filepath.Join(walletDir, constants.ContractWalletFilename)
 		w, err := wallet.NewWalletFromFile(p)
 		require.NoError(t, err, "contract wallet doesn't exist")
 		require.Equal(t, 1, len(w.Accounts), "contract wallet must have 1 accout")
-		require.NoError(t, w.Accounts[0].Decrypt(testContractPassword, keys.NEP2ScryptParams()))
+		require.NoError(t, w.Accounts[0].Decrypt(constants.TestContractPassword, keys.NEP2ScryptParams()))
 	})
 }

--- a/cmd/frostfs-adm/internal/modules/morph/generate/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/generate/root.go
@ -0,0 +1,76 @@
+package generate
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+const (
+	storageWalletLabelFlag = "label"
+	storageGasCLIFlag      = "initial-gas"
+	storageGasConfigFlag   = "storage.initial_gas"
+	walletAddressFlag      = "wallet-address"
+)
+
+var (
+	GenerateStorageCmd = &cobra.Command{
+		Use:   "generate-storage-wallet",
+		Short: "Generate storage node wallet for the morph network",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(storageGasConfigFlag, cmd.Flags().Lookup(storageGasCLIFlag))
+		},
+		RunE: generateStorageCreds,
+	}
+	RefillGasCmd = &cobra.Command{
+		Use:   "refill-gas",
+		Short: "Refill GAS of storage node's wallet in the morph network",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.RefillGasAmountFlag, cmd.Flags().Lookup(commonflags.RefillGasAmountFlag))
+		},
+		RunE: func(cmd *cobra.Command, _ []string) error {
+			return refillGas(cmd, commonflags.RefillGasAmountFlag, false)
+		},
+	}
+	GenerateAlphabetCmd = &cobra.Command{
+		Use:   "generate-alphabet",
+		Short: "Generate alphabet wallets for consensus nodes of the morph network",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			// PreRun fixes https://github.com/spf13/viper/issues/233
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+		},
+		RunE: AlphabetCreds,
+	}
+)
+
+func initRefillGasCmd() {
+	RefillGasCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	RefillGasCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	RefillGasCmd.Flags().String(commonflags.StorageWalletFlag, "", "Path to storage node wallet")
+	RefillGasCmd.Flags().String(walletAddressFlag, "", "Address of wallet")
+	RefillGasCmd.Flags().String(commonflags.RefillGasAmountFlag, "", "Additional amount of GAS to transfer")
+	RefillGasCmd.MarkFlagsMutuallyExclusive(walletAddressFlag, commonflags.StorageWalletFlag)
+}
+
+func initGenerateStorageCmd() {
+	GenerateStorageCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	GenerateStorageCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	GenerateStorageCmd.Flags().String(commonflags.StorageWalletFlag, "", "Path to new storage node wallet")
+	GenerateStorageCmd.Flags().String(storageGasCLIFlag, "", "Initial amount of GAS to transfer")
+	GenerateStorageCmd.Flags().StringP(storageWalletLabelFlag, "l", "", "Wallet label")
+}
+
+func initGenerateAlphabetCmd() {
+	GenerateAlphabetCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	GenerateAlphabetCmd.Flags().Uint(commonflags.AlphabetSizeFlag, 7, "Amount of alphabet wallets to generate")
+}
+
+func init() {
+	initRefillGasCmd()
+	initGenerateStorageCmd()
+	initGenerateAlphabetCmd()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/group.go
+++ b/cmd/frostfs-adm/internal/modules/morph/group.go
@ -1,106 +0,0 @@
-package morph
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-	"path/filepath"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract/manifest"
-	"github.com/nspcc-dev/neo-go/pkg/util"
-	"github.com/nspcc-dev/neo-go/pkg/wallet"
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-const (
-	contractWalletFilename    = "contract.json"
-	contractWalletPasswordKey = "contract"
-)
-
-func initializeContractWallet(v *viper.Viper, walletDir string) (*wallet.Wallet, error) {
-	password, err := config.GetPassword(v, contractWalletPasswordKey)
-	if err != nil {
-		return nil, err
-	}
-
-	w, err := wallet.NewWallet(filepath.Join(walletDir, contractWalletFilename))
-	if err != nil {
-		return nil, err
-	}
-
-	acc, err := wallet.NewAccount()
-	if err != nil {
-		return nil, err
-	}
-
-	err = acc.Encrypt(password, keys.NEP2ScryptParams())
-	if err != nil {
-		return nil, err
-	}
-
-	w.AddAccount(acc)
-	if err := w.SavePretty(); err != nil {
-		return nil, err
-	}
-
-	return w, nil
-}
-
-func openContractWallet(v *viper.Viper, cmd *cobra.Command, walletDir string) (*wallet.Wallet, error) {
-	p := filepath.Join(walletDir, contractWalletFilename)
-	w, err := wallet.NewWalletFromFile(p)
-	if err != nil {
-		if !os.IsNotExist(err) {
-			return nil, fmt.Errorf("can't open wallet: %w", err)
-		}
-
-		cmd.Printf("Contract group wallet is missing, initialize at %s\n", p)
-		return initializeContractWallet(v, walletDir)
-	}
-
-	password, err := config.GetPassword(v, contractWalletPasswordKey)
-	if err != nil {
-		return nil, err
-	}
-
-	for i := range w.Accounts {
-		if err := w.Accounts[i].Decrypt(password, keys.NEP2ScryptParams()); err != nil {
-			return nil, fmt.Errorf("can't unlock wallet: %w", err)
-		}
-	}
-
-	return w, nil
-}
-
-func (c *initializeContext) addManifestGroup(h util.Uint160, cs *contractState) error {
-	priv := c.ContractWallet.Accounts[0].PrivateKey()
-	pub := priv.PublicKey()
-
-	sig := priv.Sign(h.BytesBE())
-	found := false
-
-	for i := range cs.Manifest.Groups {
-		if cs.Manifest.Groups[i].PublicKey.Equal(pub) {
-			cs.Manifest.Groups[i].Signature = sig
-			found = true
-			break
-		}
-	}
-	if !found {
-		cs.Manifest.Groups = append(cs.Manifest.Groups, manifest.Group{
-			PublicKey: pub,
-			Signature: sig,
-		})
-	}
-
-	data, err := json.Marshal(cs.Manifest)
-	if err != nil {
-		return err
-	}
-
-	cs.RawManifest = data
-	return nil
-}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/actor.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/actor.go
@ -0,0 +1,169 @@
+package helper
+
+import (
+	"fmt"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/google/uuid"
+	"github.com/nspcc-dev/neo-go/pkg/core/state"
+	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
+	"github.com/nspcc-dev/neo-go/pkg/neorpc/result"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract/context"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
+	"github.com/nspcc-dev/neo-go/pkg/wallet"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+// LocalActor is a kludge, do not use it outside of the morph commands.
+type LocalActor struct {
+	neoActor *actor.Actor
+	accounts []*wallet.Account
+	Invoker  *invoker.Invoker
+}
+
+// NewLocalActor create LocalActor with accounts form provided wallets.
+// In case of empty wallets provided created actor with dummy account only for read operation.
+func NewLocalActor(cmd *cobra.Command, c actor.RPCActor) (*LocalActor, error) {
+	walletDir := config.ResolveHomePath(viper.GetString(commonflags.AlphabetWalletsFlag))
+	var act *actor.Actor
+	var accounts []*wallet.Account
+	if walletDir == "" {
+		account, err := wallet.NewAccount()
+		commonCmd.ExitOnErr(cmd, "unable to create dummy account: %w", err)
+		act, err = actor.New(c, []actor.SignerAccount{{
+			Signer: transaction.Signer{
+				Account: account.Contract.ScriptHash(),
+				Scopes:  transaction.Global,
+			},
+			Account: account,
+		}})
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		wallets, err := GetAlphabetWallets(viper.GetViper(), walletDir)
+		commonCmd.ExitOnErr(cmd, "unable to get alphabet wallets: %w", err)
+
+		for _, w := range wallets {
+			acc, err := GetWalletAccount(w, constants.CommitteeAccountName)
+			commonCmd.ExitOnErr(cmd, "can't find committee account: %w", err)
+			accounts = append(accounts, acc)
+		}
+		act, err = actor.New(c, []actor.SignerAccount{{
+			Signer: transaction.Signer{
+				Account: accounts[0].Contract.ScriptHash(),
+				Scopes:  transaction.Global,
+			},
+			Account: accounts[0],
+		}})
+		if err != nil {
+			return nil, err
+		}
+	}
+	return &LocalActor{
+		neoActor: act,
+		accounts: accounts,
+		Invoker:  &act.Invoker,
+	}, nil
+}
+
+func (a *LocalActor) SendCall(contract util.Uint160, method string, params ...any) (util.Uint256, uint32, error) {
+	tx, err := a.neoActor.MakeCall(contract, method, params...)
+	if err != nil {
+		return util.Uint256{}, 0, err
+	}
+	err = a.resign(tx)
+	if err != nil {
+		return util.Uint256{}, 0, err
+	}
+	return a.neoActor.Send(tx)
+}
+
+func (a *LocalActor) SendRun(script []byte) (util.Uint256, uint32, error) {
+	tx, err := a.neoActor.MakeRun(script)
+	if err != nil {
+		return util.Uint256{}, 0, err
+	}
+	err = a.resign(tx)
+	if err != nil {
+		return util.Uint256{}, 0, err
+	}
+	return a.neoActor.Send(tx)
+}
+
+// resign is used to sign tx with committee accounts.
+// Inside the methods `MakeCall` and `SendRun` of the NeoGO's actor transaction is signing by committee account,
+// because actor uses committee wallet.
+// But it is not enough, need to sign with another committee accounts.
+func (a *LocalActor) resign(tx *transaction.Transaction) error {
+	if len(a.accounts[0].Contract.Parameters) > 1 {
+		// Use parameter context to avoid dealing with signature order.
+		network := a.neoActor.GetNetwork()
+		pc := context.NewParameterContext("", network, tx)
+		h := a.accounts[0].Contract.ScriptHash()
+		for _, acc := range a.accounts {
+			priv := acc.PrivateKey()
+			sign := priv.SignHashable(uint32(network), tx)
+			if err := pc.AddSignature(h, acc.Contract, priv.PublicKey(), sign); err != nil {
+				return fmt.Errorf("can't add signature: %w", err)
+			}
+			if len(pc.Items[h].Signatures) == len(acc.Contract.Parameters) {
+				break
+			}
+		}
+
+		w, err := pc.GetWitness(h)
+		if err != nil {
+			return fmt.Errorf("incomplete signature: %w", err)
+		}
+		tx.Scripts[0] = *w
+	}
+	return nil
+}
+
+func (a *LocalActor) Wait(h util.Uint256, vub uint32, err error) (*state.AppExecResult, error) {
+	return a.neoActor.Wait(h, vub, err)
+}
+
+func (a *LocalActor) Sender() util.Uint160 {
+	return a.neoActor.Sender()
+}
+
+func (a *LocalActor) Call(contract util.Uint160, operation string, params ...any) (*result.Invoke, error) {
+	return a.neoActor.Call(contract, operation, params...)
+}
+
+func (a *LocalActor) CallAndExpandIterator(_ util.Uint160, _ string, _ int, _ ...any) (*result.Invoke, error) {
+	panic("unimplemented")
+}
+
+func (a *LocalActor) TerminateSession(_ uuid.UUID) error {
+	panic("unimplemented")
+}
+
+func (a *LocalActor) TraverseIterator(sessionID uuid.UUID, iterator *result.Iterator, num int) ([]stackitem.Item, error) {
+	return a.neoActor.TraverseIterator(sessionID, iterator, num)
+}
+
+func (a *LocalActor) MakeRun(_ []byte) (*transaction.Transaction, error) {
+	panic("unimplemented")
+}
+
+func (a *LocalActor) MakeUnsignedCall(_ util.Uint160, _ string, _ []transaction.Attribute, _ ...any) (*transaction.Transaction, error) {
+	panic("unimplemented")
+}
+
+func (a *LocalActor) MakeUnsignedRun(_ []byte, _ []transaction.Attribute) (*transaction.Transaction, error) {
+	panic("unimplemented")
+}
+
+func (a *LocalActor) MakeCall(_ util.Uint160, _ string, _ ...any) (*transaction.Transaction, error) {
+	panic("unimplemented")
+}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/contract.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/contract.go
@ -0,0 +1,170 @@
+package helper
+
+import (
+	"fmt"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
+	"github.com/spf13/viper"
+)
+
+func getFrostfsIDAdminFromContract(roInvoker *invoker.Invoker) (util.Uint160, bool, error) {
+	r := management.NewReader(roInvoker)
+	cs, err := r.GetContractByID(1)
+	if err != nil {
+		return util.Uint160{}, false, fmt.Errorf("get nns contract: %w", err)
+	}
+	fidHash, err := NNSResolveHash(roInvoker, cs.Hash, DomainOf(constants.FrostfsIDContract))
+	if err != nil {
+		return util.Uint160{}, false, fmt.Errorf("resolve frostfsid contract hash: %w", err)
+	}
+	item, err := unwrap.Item(roInvoker.Call(fidHash, "getAdmin"))
+	if err != nil {
+		return util.Uint160{}, false, fmt.Errorf("getAdmin: %w", err)
+	}
+	if _, ok := item.(stackitem.Null); ok {
+		return util.Uint160{}, false, nil
+	}
+
+	bs, err := item.TryBytes()
+	if err != nil {
+		return util.Uint160{}, true, fmt.Errorf("getAdmin: decode result: %w", err)
+	}
+	h, err := util.Uint160DecodeBytesBE(bs)
+	if err != nil {
+		return util.Uint160{}, true, fmt.Errorf("getAdmin: decode result: %w", err)
+	}
+	return h, true, nil
+}
+
+func GetContractDeployData(c *InitializeContext, ctrName string, keysParam []any, method string) ([]any, error) {
+	items := make([]any, 0, 6)
+
+	switch ctrName {
+	case constants.FrostfsContract:
+		items = append(items,
+			c.Contracts[constants.ProcessingContract].Hash,
+			keysParam,
+			smartcontract.Parameter{})
+	case constants.ProcessingContract:
+		items = append(items, c.Contracts[constants.FrostfsContract].Hash)
+		return items[1:], nil // no notary info
+	case constants.BalanceContract:
+		items = append(items,
+			c.Contracts[constants.NetmapContract].Hash,
+			c.Contracts[constants.ContainerContract].Hash)
+	case constants.ContainerContract:
+		// In case if NNS is updated multiple times, we can't calculate
+		// it's actual hash based on local data, thus query chain.
+		r := management.NewReader(c.ReadOnlyInvoker)
+		nnsCs, err := r.GetContractByID(1)
+		if err != nil {
+			return nil, fmt.Errorf("get nns contract: %w", err)
+		}
+		items = append(items,
+			c.Contracts[constants.NetmapContract].Hash,
+			c.Contracts[constants.BalanceContract].Hash,
+			c.Contracts[constants.FrostfsIDContract].Hash,
+			nnsCs.Hash,
+			"container")
+	case constants.FrostfsIDContract:
+		var (
+			h     util.Uint160
+			found bool
+			err   error
+		)
+		if method == constants.UpdateMethodName {
+			h, found, err = getFrostfsIDAdminFromContract(c.ReadOnlyInvoker)
+		}
+		if method != constants.UpdateMethodName || err == nil && !found {
+			h, found, err = GetFrostfsIDAdmin(viper.GetViper())
+		}
+		if err != nil {
+			return nil, err
+		}
+
+		if found {
+			items = append(items, h)
+		} else {
+			items = append(items, c.Contracts[constants.ProxyContract].Hash)
+		}
+	case constants.NetmapContract:
+		md := GetDefaultNetmapContractConfigMap()
+		if method == constants.UpdateMethodName {
+			if err := MergeNetmapConfig(c.ReadOnlyInvoker, md); err != nil {
+				return nil, err
+			}
+		}
+
+		var configParam []any
+		for k, v := range md {
+			configParam = append(configParam, k, v)
+		}
+
+		items = append(items,
+			c.Contracts[constants.BalanceContract].Hash,
+			c.Contracts[constants.ContainerContract].Hash,
+			keysParam,
+			configParam)
+	case constants.ProxyContract:
+		items = nil
+	case constants.PolicyContract:
+		items = append(items, c.Contracts[constants.ProxyContract].Hash)
+	default:
+		panic("invalid contract name: " + ctrName)
+	}
+	return items, nil
+}
+
+func GetContractDeployParameters(cs *ContractState, deployData []any) []any {
+	return []any{cs.RawNEF, cs.RawManifest, deployData}
+}
+
+func DeployNNS(c *InitializeContext, method string) error {
+	cs := c.GetContract(constants.NNSContract)
+	h := cs.Hash
+
+	nnsCs, err := c.NNSContractState()
+	if err != nil {
+		return err
+	}
+	if nnsCs != nil {
+		if nnsCs.NEF.Checksum == cs.NEF.Checksum {
+			if method == constants.DeployMethodName {
+				c.Command.Println("NNS contract is already deployed.")
+			} else {
+				c.Command.Println("NNS contract is already updated.")
+			}
+			return nil
+		}
+		h = nnsCs.Hash
+	}
+
+	err = AddManifestGroup(c.ContractWallet, h, cs)
+	if err != nil {
+		return fmt.Errorf("can't sign manifest group: %v", err)
+	}
+
+	params := GetContractDeployParameters(cs, nil)
+
+	invokeHash := management.Hash
+	if method == constants.UpdateMethodName {
+		invokeHash = nnsCs.Hash
+	}
+
+	tx, err := c.CommitteeAct.MakeCall(invokeHash, method, params...)
+	if err != nil {
+		return fmt.Errorf("failed to create deploy tx for %s: %w", constants.NNSContract, err)
+	}
+
+	if err := c.MultiSignAndSend(tx, constants.CommitteeAccountName); err != nil {
+		return fmt.Errorf("can't send deploy transaction: %w", err)
+	}
+
+	return c.AwaitTx()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/download.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/download.go
@ -0,0 +1,83 @@
+package helper
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"strings"
+	"time"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/spf13/cobra"
+)
+
+var errNoReleasesFound = errors.New("attempt to fetch contracts archive from the offitial repository failed: no releases found")
+
+func downloadContracts(cmd *cobra.Command, url string) (io.ReadCloser, error) {
+	cmd.Printf("Downloading contracts archive from '%s'\n", url)
+
+	// HTTP client with connect timeout
+	client := http.Client{
+		Transport: &http.Transport{
+			DialContext: (&net.Dialer{
+				Timeout: 10 * time.Second,
+			}).DialContext,
+		},
+	}
+
+	ctx, cancel := context.WithTimeout(cmd.Context(), 60*time.Second)
+	defer cancel()
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
+	if err != nil {
+		return nil, fmt.Errorf("can't create request: %w", err)
+	}
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("can't fetch contracts archive: %w", err)
+	}
+	return resp.Body, nil
+}
+
+func downloadContractsFromRepository(cmd *cobra.Command) (io.ReadCloser, error) {
+	client, err := gitea.NewClient("https://git.frostfs.info")
+	if err != nil {
+		return nil, fmt.Errorf("can't initialize repository client: %w", err)
+	}
+
+	releases, _, err := client.ListReleases("TrueCloudLab", "frostfs-contract", gitea.ListReleasesOptions{})
+	if err != nil {
+		return nil, fmt.Errorf("can't fetch release information: %w", err)
+	}
+
+	var latestRelease *gitea.Release
+	for _, r := range releases {
+		if !r.IsDraft && !r.IsPrerelease {
+			latestRelease = r
+			break
+		}
+	}
+
+	if latestRelease == nil {
+		return nil, errNoReleasesFound
+	}
+
+	cmd.Printf("Found release %s (%s)\n", latestRelease.TagName, latestRelease.Title)
+
+	var url string
+	for _, a := range latestRelease.Attachments {
+		if strings.HasPrefix(a.Name, "frostfs-contract") {
+			url = a.DownloadURL
+			break
+		}
+	}
+	if url == "" {
+		return nil, errors.New("can't find contracts archive in the latest release")
+	}
+
+	return downloadContracts(cmd, url)
+}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/frostfsid.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/frostfsid.go
@ -1,4 +1,4 @@
-package morph
+package helper

 import (
 	"fmt"
@ -9,7 +9,9 @@ import (
 	"github.com/spf13/viper"
 )

-func getFrostfsIDAdmin(v *viper.Viper) (util.Uint160, bool, error) {
+const frostfsIDAdminConfigKey = "frostfsid.admin"
+
+func GetFrostfsIDAdmin(v *viper.Viper) (util.Uint160, bool, error) {
 	admin := v.GetString(frostfsIDAdminConfigKey)
 	if admin == "" {
 		return util.Uint160{}, false, nil
--- a/cmd/frostfs-adm/internal/modules/morph/helper/group.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/group.go
@ -0,0 +1,39 @@
+package helper
+
+import (
+	"encoding/json"
+
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract/manifest"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/nspcc-dev/neo-go/pkg/wallet"
+)
+
+func AddManifestGroup(cw *wallet.Wallet, h util.Uint160, cs *ContractState) error {
+	priv := cw.Accounts[0].PrivateKey()
+	pub := priv.PublicKey()
+
+	sig := priv.Sign(h.BytesBE())
+	found := false
+
+	for i := range cs.Manifest.Groups {
+		if cs.Manifest.Groups[i].PublicKey.Equal(pub) {
+			cs.Manifest.Groups[i].Signature = sig
+			found = true
+			break
+		}
+	}
+	if !found {
+		cs.Manifest.Groups = append(cs.Manifest.Groups, manifest.Group{
+			PublicKey: pub,
+			Signature: sig,
+		})
+	}
+
+	data, err := json.Marshal(cs.Manifest)
+	if err != nil {
+		return err
+	}
+
+	cs.RawManifest = data
+	return nil
+}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/initialize.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/initialize.go
@ -0,0 +1,223 @@
+package helper
+
+import (
+	"errors"
+	"fmt"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
+	nns2 "github.com/nspcc-dev/neo-go/pkg/rpcclient/nns"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
+	"github.com/nspcc-dev/neo-go/pkg/vm/vmstate"
+	"github.com/nspcc-dev/neo-go/pkg/wallet"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var ErrTooManyAlphabetNodes = fmt.Errorf("too many alphabet nodes (maximum allowed is %d)", constants.MaxAlphabetNodes)
+
+func AwaitTx(cmd *cobra.Command, c Client, txs []HashVUBPair) error {
+	cmd.Println("Waiting for transactions to persist...")
+
+	at := trigger.Application
+
+	var retErr error
+
+loop:
+	for i := range txs {
+		var it int
+		var pollInterval time.Duration
+		var pollIntervalChanged bool
+		for {
+			// We must fetch current height before application log, to avoid race condition.
+			currBlock, err := c.GetBlockCount()
+			if err != nil {
+				return fmt.Errorf("can't fetch current block height: %w", err)
+			}
+			res, err := c.GetApplicationLog(txs[i].Hash, &at)
+			if err == nil {
+				if retErr == nil && len(res.Executions) > 0 && res.Executions[0].VMState != vmstate.Halt {
+					retErr = fmt.Errorf("tx %d persisted in %s state: %s",
+						i, res.Executions[0].VMState, res.Executions[0].FaultException)
+				}
+				continue loop
+			}
+			if txs[i].Vub < currBlock {
+				return fmt.Errorf("tx was not persisted: Vub=%d, height=%d", txs[i].Vub, currBlock)
+			}
+
+			pollInterval, pollIntervalChanged = NextPollInterval(it, pollInterval)
+			if pollIntervalChanged && viper.GetBool(commonflags.Verbose) {
+				cmd.Printf("Pool interval to check transaction persistence changed: %s\n", pollInterval.String())
+			}
+
+			timer := time.NewTimer(pollInterval)
+			select {
+			case <-cmd.Context().Done():
+				return cmd.Context().Err()
+			case <-timer.C:
+			}
+
+			it++
+		}
+	}
+
+	return retErr
+}
+
+func NextPollInterval(it int, previous time.Duration) (time.Duration, bool) {
+	const minPollInterval = 1 * time.Second
+	const maxPollInterval = 16 * time.Second
+	const changeAfter = 5
+	if it == 0 {
+		return minPollInterval, true
+	}
+	if it%changeAfter != 0 {
+		return previous, false
+	}
+	nextInterval := previous * 2
+	if nextInterval > maxPollInterval {
+		return maxPollInterval, previous != maxPollInterval
+	}
+	return nextInterval, true
+}
+
+func GetWalletAccount(w *wallet.Wallet, typ string) (*wallet.Account, error) {
+	for i := range w.Accounts {
+		if w.Accounts[i].Label == typ {
+			return w.Accounts[i], nil
+		}
+	}
+	return nil, fmt.Errorf("account for '%s' not found", typ)
+}
+
+func GetComitteAcc(cmd *cobra.Command, v *viper.Viper) *wallet.Account {
+	walletDir := config.ResolveHomePath(viper.GetString(commonflags.AlphabetWalletsFlag))
+	wallets, err := GetAlphabetWallets(v, walletDir)
+	commonCmd.ExitOnErr(cmd, "unable to get alphabet wallets: %w", err)
+
+	committeeAcc, err := GetWalletAccount(wallets[0], constants.CommitteeAccountName)
+	commonCmd.ExitOnErr(cmd, "can't find committee account: %w", err)
+	return committeeAcc
+}
+
+func NNSResolve(inv *invoker.Invoker, nnsHash util.Uint160, domain string) (stackitem.Item, error) {
+	return unwrap.Item(inv.Call(nnsHash, "resolve", domain, int64(nns.TXT)))
+}
+
+// ParseNNSResolveResult parses the result of resolving NNS record.
+// It works with multiple formats (corresponding to multiple NNS versions).
+// If array of hashes is provided, it returns only the first one.
+func ParseNNSResolveResult(res stackitem.Item) (util.Uint160, error) {
+	arr, ok := res.Value().([]stackitem.Item)
+	if !ok {
+		arr = []stackitem.Item{res}
+	}
+	if _, ok := res.Value().(stackitem.Null); ok || len(arr) == 0 {
+		return util.Uint160{}, errors.New("NNS record is missing")
+	}
+	for i := range arr {
+		bs, err := arr[i].TryBytes()
+		if err != nil {
+			continue
+		}
+
+		// We support several formats for hash encoding, this logic should be maintained in sync
+		// with NNSResolve from pkg/morph/client/nns.go
+		h, err := util.Uint160DecodeStringLE(string(bs))
+		if err == nil {
+			return h, nil
+		}
+
+		h, err = address.StringToUint160(string(bs))
+		if err == nil {
+			return h, nil
+		}
+	}
+	return util.Uint160{}, errors.New("no valid hashes are found")
+}
+
+// NNSResolveHash Returns errMissingNNSRecord if invocation fault exception contains "token not found".
+func NNSResolveHash(inv *invoker.Invoker, nnsHash util.Uint160, domain string) (util.Uint160, error) {
+	item, err := NNSResolve(inv, nnsHash, domain)
+	if err != nil {
+		return util.Uint160{}, err
+	}
+	return ParseNNSResolveResult(item)
+}
+
+func DomainOf(contract string) string {
+	return contract + ".frostfs"
+}
+
+func NNSResolveKey(inv *invoker.Invoker, nnsHash util.Uint160, domain string) (*keys.PublicKey, error) {
+	res, err := NNSResolve(inv, nnsHash, domain)
+	if err != nil {
+		return nil, err
+	}
+	if _, ok := res.Value().(stackitem.Null); ok {
+		return nil, errors.New("NNS record is missing")
+	}
+	arr, ok := res.Value().([]stackitem.Item)
+	if !ok {
+		return nil, errors.New("API of the NNS contract method `resolve` has changed")
+	}
+	for i := range arr {
+		var bs []byte
+		bs, err = arr[i].TryBytes()
+		if err != nil {
+			continue
+		}
+
+		return keys.NewPublicKeyFromString(string(bs))
+	}
+	return nil, errors.New("no valid keys are found")
+}
+
+func NNSIsAvailable(c Client, nnsHash util.Uint160, name string) (bool, error) {
+	switch c.(type) {
+	case *rpcclient.Client:
+		inv := invoker.New(c, nil)
+		reader := nns2.NewReader(inv, nnsHash)
+		return reader.IsAvailable(name)
+	default:
+		b, err := unwrap.Bool(InvokeFunction(c, nnsHash, "isAvailable", []any{name}, nil))
+		if err != nil {
+			return false, fmt.Errorf("`isAvailable`: invalid response: %w", err)
+		}
+
+		return b, nil
+	}
+}
+
+func CheckNotaryEnabled(c Client) error {
+	ns, err := c.GetNativeContracts()
+	if err != nil {
+		return fmt.Errorf("can't get native contract hashes: %w", err)
+	}
+
+	notaryEnabled := false
+	nativeHashes := make(map[string]util.Uint160, len(ns))
+	for i := range ns {
+		if ns[i].Manifest.Name == nativenames.Notary {
+			notaryEnabled = true
+		}
+		nativeHashes[ns[i].Manifest.Name] = ns[i].Hash
+	}
+	if !notaryEnabled {
+		return errors.New("notary contract must be enabled")
+	}
+	return nil
+}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/initialize_ctx.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/initialize_ctx.go
@ -0,0 +1,553 @@
+package helper
+
+import (
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"fmt"
+	io2 "io"
+	"os"
+	"path/filepath"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
+	"github.com/nspcc-dev/neo-go/pkg/core/state"
+	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/io"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract/context"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract/manifest"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract/nef"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
+	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
+	"github.com/nspcc-dev/neo-go/pkg/vm/vmstate"
+	"github.com/nspcc-dev/neo-go/pkg/wallet"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var (
+	errNegativeDuration = errors.New("epoch duration must be positive")
+	errNegativeSize     = errors.New("max object size must be positive")
+)
+
+type ContractState struct {
+	NEF         *nef.File
+	RawNEF      []byte
+	Manifest    *manifest.Manifest
+	RawManifest []byte
+	Hash        util.Uint160
+}
+
+type Cache struct {
+	NNSCs    *state.Contract
+	GroupKey *keys.PublicKey
+}
+
+type InitializeContext struct {
+	ClientContext
+	Cache
+	// CommitteeAcc is used for retrieving the committee address and the verification script.
+	CommitteeAcc *wallet.Account
+	// ConsensusAcc is used for retrieving the committee address and the verification script.
+	ConsensusAcc *wallet.Account
+	Wallets      []*wallet.Wallet
+	// ContractWallet is a wallet for providing the contract group signature.
+	ContractWallet *wallet.Wallet
+	// Accounts contains simple signature accounts in the same order as in Wallets.
+	Accounts     []*wallet.Account
+	Contracts    map[string]*ContractState
+	Command      *cobra.Command
+	ContractPath string
+	ContractURL  string
+}
+
+func (cs *ContractState) Parse() error {
+	nf, err := nef.FileFromBytes(cs.RawNEF)
+	if err != nil {
+		return fmt.Errorf("can't parse NEF file: %w", err)
+	}
+
+	m := new(manifest.Manifest)
+	if err := json.Unmarshal(cs.RawManifest, m); err != nil {
+		return fmt.Errorf("can't parse manifest file: %w", err)
+	}
+
+	cs.NEF = &nf
+	cs.Manifest = m
+	return nil
+}
+
+func NewInitializeContext(cmd *cobra.Command, v *viper.Viper) (*InitializeContext, error) {
+	walletDir := config.ResolveHomePath(viper.GetString(commonflags.AlphabetWalletsFlag))
+	wallets, err := GetAlphabetWallets(v, walletDir)
+	if err != nil {
+		return nil, err
+	}
+
+	needContracts := cmd.Name() == "update-contracts" || cmd.Name() == "init"
+
+	var w *wallet.Wallet
+	w, err = getWallet(cmd, v, needContracts, walletDir)
+	if err != nil {
+		return nil, err
+	}
+
+	c, err := createClient(cmd, v, wallets)
+	if err != nil {
+		return nil, err
+	}
+
+	committeeAcc, err := GetWalletAccount(wallets[0], constants.CommitteeAccountName)
+	if err != nil {
+		return nil, fmt.Errorf("can't find committee account: %w", err)
+	}
+
+	consensusAcc, err := GetWalletAccount(wallets[0], constants.ConsensusAccountName)
+	if err != nil {
+		return nil, fmt.Errorf("can't find consensus account: %w", err)
+	}
+
+	if err := validateInit(cmd); err != nil {
+		return nil, err
+	}
+
+	ctrPath, err := getContractsPath(cmd, needContracts)
+	if err != nil {
+		return nil, err
+	}
+
+	var ctrURL string
+	if needContracts {
+		ctrURL, _ = cmd.Flags().GetString(commonflags.ContractsURLFlag)
+	}
+
+	if err := CheckNotaryEnabled(c); err != nil {
+		return nil, err
+	}
+
+	accounts, err := createWalletAccounts(wallets)
+	if err != nil {
+		return nil, err
+	}
+
+	cliCtx, err := DefaultClientContext(c, committeeAcc)
+	if err != nil {
+		return nil, fmt.Errorf("client context: %w", err)
+	}
+
+	initCtx := &InitializeContext{
+		ClientContext:  *cliCtx,
+		ConsensusAcc:   consensusAcc,
+		CommitteeAcc:   committeeAcc,
+		ContractWallet: w,
+		Wallets:        wallets,
+		Accounts:       accounts,
+		Command:        cmd,
+		Contracts:      make(map[string]*ContractState),
+		ContractPath:   ctrPath,
+		ContractURL:    ctrURL,
+	}
+
+	if needContracts {
+		err := readContracts(initCtx, constants.FullContractList)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return initCtx, nil
+}
+
+func validateInit(cmd *cobra.Command) error {
+	if cmd.Name() != "init" {
+		return nil
+	}
+	if viper.GetInt64(commonflags.EpochDurationInitFlag) <= 0 {
+		return errNegativeDuration
+	}
+
+	if viper.GetInt64(commonflags.MaxObjectSizeInitFlag) <= 0 {
+		return errNegativeSize
+	}
+
+	return nil
+}
+
+func createClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet) (Client, error) {
+	var c Client
+	var err error
+	if ldf := cmd.Flags().Lookup(commonflags.LocalDumpFlag); ldf != nil && ldf.Changed {
+		if cmd.Flags().Changed(commonflags.EndpointFlag) {
+			return nil, fmt.Errorf("`%s` and `%s` flags are mutually exclusive", commonflags.EndpointFlag, commonflags.LocalDumpFlag)
+		}
+		c, err = NewLocalClient(cmd, v, wallets, ldf.Value.String())
+	} else {
+		c, err = GetN3Client(v)
+	}
+	if err != nil {
+		return nil, fmt.Errorf("can't create N3 client: %w", err)
+	}
+	return c, nil
+}
+
+func getContractsPath(cmd *cobra.Command, needContracts bool) (string, error) {
+	if !needContracts {
+		return "", nil
+	}
+
+	ctrPath, err := cmd.Flags().GetString(commonflags.ContractsInitFlag)
+	if err != nil {
+		return "", fmt.Errorf("invalid contracts path: %w", err)
+	}
+	return ctrPath, nil
+}
+
+func createWalletAccounts(wallets []*wallet.Wallet) ([]*wallet.Account, error) {
+	accounts := make([]*wallet.Account, len(wallets))
+	for i, w := range wallets {
+		acc, err := GetWalletAccount(w, constants.SingleAccountName)
+		if err != nil {
+			return nil, fmt.Errorf("wallet %s is invalid (no single account): %w", w.Path(), err)
+		}
+		accounts[i] = acc
+	}
+	return accounts, nil
+}
+
+func readContracts(c *InitializeContext, names []string) error {
+	var (
+		fi  os.FileInfo
+		err error
+	)
+	if c.ContractPath != "" {
+		fi, err = os.Stat(c.ContractPath)
+		if err != nil {
+			return fmt.Errorf("invalid contracts path: %w", err)
+		}
+	}
+
+	if c.ContractPath != "" && fi.IsDir() {
+		for _, ctrName := range names {
+			cs, err := ReadContract(filepath.Join(c.ContractPath, ctrName), ctrName)
+			if err != nil {
+				return err
+			}
+			c.Contracts[ctrName] = cs
+		}
+	} else {
+		var r io2.ReadCloser
+		if c.ContractPath != "" {
+			r, err = os.Open(c.ContractPath)
+		} else if c.ContractURL != "" {
+			r, err = downloadContracts(c.Command, c.ContractURL)
+		} else {
+			r, err = downloadContractsFromRepository(c.Command)
+		}
+		if err != nil {
+			return fmt.Errorf("can't open contracts archive: %w", err)
+		}
+		defer r.Close()
+
+		m, err := readContractsFromArchive(r, names)
+		if err != nil {
+			return err
+		}
+		for _, name := range names {
+			if err := m[name].Parse(); err != nil {
+				return err
+			}
+			c.Contracts[name] = m[name]
+		}
+	}
+
+	for _, ctrName := range names {
+		if ctrName != constants.AlphabetContract {
+			cs := c.Contracts[ctrName]
+			cs.Hash = state.CreateContractHash(c.CommitteeAcc.Contract.ScriptHash(),
+				cs.NEF.Checksum, cs.Manifest.Name)
+		}
+	}
+	return nil
+}
+
+func (c *InitializeContext) Close() {
+	if local, ok := c.Client.(*LocalClient); ok {
+		err := local.Dump()
+		if err != nil {
+			c.Command.PrintErrf("Can't write dump: %v\n", err)
+			os.Exit(1)
+		}
+	}
+}
+
+func (c *InitializeContext) AwaitTx() error {
+	return c.ClientContext.AwaitTx(c.Command)
+}
+
+func (c *InitializeContext) NNSContractState() (*state.Contract, error) {
+	if c.NNSCs != nil {
+		return c.NNSCs, nil
+	}
+
+	r := management.NewReader(c.ReadOnlyInvoker)
+	cs, err := r.GetContractByID(1)
+	if err != nil {
+		return nil, err
+	}
+
+	c.NNSCs = cs
+	return cs, nil
+}
+
+func (c *InitializeContext) GetSigner(tryGroup bool, acc *wallet.Account) transaction.Signer {
+	if tryGroup && c.GroupKey != nil {
+		return transaction.Signer{
+			Account:       acc.Contract.ScriptHash(),
+			Scopes:        transaction.CustomGroups,
+			AllowedGroups: keys.PublicKeys{c.GroupKey},
+		}
+	}
+
+	signer := transaction.Signer{
+		Account: acc.Contract.ScriptHash(),
+		Scopes:  transaction.Global, // Scope is important, as we have nested call to container contract.
+	}
+
+	if !tryGroup {
+		return signer
+	}
+
+	nnsCs, err := c.NNSContractState()
+	if err != nil {
+		return signer
+	}
+
+	groupKey, err := NNSResolveKey(c.ReadOnlyInvoker, nnsCs.Hash, client.NNSGroupKeyName)
+	if err == nil {
+		c.GroupKey = groupKey
+
+		signer.Scopes = transaction.CustomGroups
+		signer.AllowedGroups = keys.PublicKeys{groupKey}
+	}
+	return signer
+}
+
+// SendCommitteeTx creates transaction from script, signs it by committee nodes and sends it to RPC.
+// If tryGroup is false, global scope is used for the signer (useful when
+// working with native contracts).
+func (c *InitializeContext) SendCommitteeTx(script []byte, tryGroup bool) error {
+	return c.sendMultiTx(script, tryGroup, false)
+}
+
+// SendConsensusTx creates transaction from script, signs it by alphabet nodes and sends it to RPC.
+// Not that because this is used only after the contracts were initialized and deployed,
+// we always try to have a group scope.
+func (c *InitializeContext) SendConsensusTx(script []byte) error {
+	return c.sendMultiTx(script, true, true)
+}
+
+func (c *InitializeContext) sendMultiTx(script []byte, tryGroup bool, withConsensus bool) error {
+	var act *actor.Actor
+	var err error
+
+	withConsensus = withConsensus && !c.ConsensusAcc.Contract.ScriptHash().Equals(c.CommitteeAcc.ScriptHash())
+	if tryGroup {
+		// Even for consensus signatures we need the committee to pay.
+		signers := make([]actor.SignerAccount, 1, 2)
+		signers[0] = actor.SignerAccount{
+			Signer:  c.GetSigner(tryGroup, c.CommitteeAcc),
+			Account: c.CommitteeAcc,
+		}
+		if withConsensus {
+			signers = append(signers, actor.SignerAccount{
+				Signer:  c.GetSigner(tryGroup, c.ConsensusAcc),
+				Account: c.ConsensusAcc,
+			})
+		}
+		act, err = actor.New(c.Client, signers)
+	} else {
+		if withConsensus {
+			panic("BUG: should never happen")
+		}
+		act, err = c.CommitteeAct, nil
+	}
+	if err != nil {
+		return fmt.Errorf("could not create actor: %w", err)
+	}
+
+	tx, err := act.MakeUnsignedRun(script, []transaction.Attribute{{Type: transaction.HighPriority}})
+	if err != nil {
+		return fmt.Errorf("could not perform test invocation: %w", err)
+	}
+
+	if err := c.MultiSign(tx, constants.CommitteeAccountName); err != nil {
+		return err
+	}
+	if withConsensus {
+		if err := c.MultiSign(tx, constants.ConsensusAccountName); err != nil {
+			return err
+		}
+	}
+
+	return c.SendTx(tx, c.Command, false)
+}
+
+func (c *InitializeContext) MultiSignAndSend(tx *transaction.Transaction, accType string) error {
+	if err := c.MultiSign(tx, accType); err != nil {
+		return err
+	}
+
+	return c.SendTx(tx, c.Command, false)
+}
+
+func (c *InitializeContext) MultiSign(tx *transaction.Transaction, accType string) error {
+	version, err := c.Client.GetVersion()
+	if err != nil {
+		// error appears only if client
+		// has not been initialized
+		panic(err)
+	}
+	network := version.Protocol.Network
+
+	// Use parameter context to avoid dealing with signature order.
+	pc := context.NewParameterContext("", network, tx)
+	h := c.CommitteeAcc.Contract.ScriptHash()
+	if accType == constants.ConsensusAccountName {
+		h = c.ConsensusAcc.Contract.ScriptHash()
+	}
+	for _, w := range c.Wallets {
+		acc, err := GetWalletAccount(w, accType)
+		if err != nil {
+			return fmt.Errorf("can't find %s wallet account: %w", accType, err)
+		}
+
+		priv := acc.PrivateKey()
+		sign := priv.SignHashable(uint32(network), tx)
+		if err := pc.AddSignature(h, acc.Contract, priv.PublicKey(), sign); err != nil {
+			return fmt.Errorf("can't add signature: %w", err)
+		}
+		if len(pc.Items[h].Signatures) == len(acc.Contract.Parameters) {
+			break
+		}
+	}
+
+	w, err := pc.GetWitness(h)
+	if err != nil {
+		return fmt.Errorf("incomplete signature: %w", err)
+	}
+
+	for i := range tx.Signers {
+		if tx.Signers[i].Account == h {
+			if i < len(tx.Scripts) {
+				tx.Scripts[i] = *w
+			} else if i == len(tx.Scripts) {
+				tx.Scripts = append(tx.Scripts, *w)
+			} else {
+				panic("BUG: invalid signing order")
+			}
+			return nil
+		}
+	}
+
+	return fmt.Errorf("%s account was not found among transaction signers", accType)
+}
+
+// EmitUpdateNNSGroupScript emits script for updating group key stored in NNS.
+// First return value is true iff the key is already there and nothing should be done.
+// Second return value is true iff a domain registration code was emitted.
+func (c *InitializeContext) EmitUpdateNNSGroupScript(bw *io.BufBinWriter, nnsHash util.Uint160, pub *keys.PublicKey) (bool, bool, error) {
+	isAvail, err := NNSIsAvailable(c.Client, nnsHash, client.NNSGroupKeyName)
+	if err != nil {
+		return false, false, err
+	}
+
+	if !isAvail {
+		currentPub, err := NNSResolveKey(c.ReadOnlyInvoker, nnsHash, client.NNSGroupKeyName)
+		if err != nil {
+			return false, false, err
+		}
+
+		if pub.Equal(currentPub) {
+			return true, false, nil
+		}
+	}
+
+	if isAvail {
+		emit.AppCall(bw.BinWriter, nnsHash, "register", callflag.All,
+			client.NNSGroupKeyName, c.CommitteeAcc.Contract.ScriptHash(),
+			constants.FrostfsOpsEmail, constants.NNSRefreshDefVal, constants.NNSRetryDefVal,
+			int64(constants.DefaultExpirationTime), constants.NNSTtlDefVal)
+		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
+	}
+
+	emit.AppCall(bw.BinWriter, nnsHash, "deleteRecords", callflag.All, "group.frostfs", int64(nns.TXT))
+	emit.AppCall(bw.BinWriter, nnsHash, "addRecord", callflag.All,
+		"group.frostfs", int64(nns.TXT), hex.EncodeToString(pub.Bytes()))
+
+	return false, isAvail, nil
+}
+
+func (c *InitializeContext) NNSRegisterDomainScript(nnsHash, expectedHash util.Uint160, domain string) ([]byte, bool, error) {
+	ok, err := NNSIsAvailable(c.Client, nnsHash, domain)
+	if err != nil {
+		return nil, false, err
+	}
+
+	if ok {
+		bw := io.NewBufBinWriter()
+		emit.AppCall(bw.BinWriter, nnsHash, "register", callflag.All,
+			domain, c.CommitteeAcc.Contract.ScriptHash(),
+			constants.FrostfsOpsEmail, constants.NNSRefreshDefVal, constants.NNSRetryDefVal,
+			int64(constants.DefaultExpirationTime), constants.NNSTtlDefVal)
+		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
+
+		if bw.Err != nil {
+			panic(bw.Err)
+		}
+		return bw.Bytes(), false, nil
+	}
+
+	s, err := NNSResolveHash(c.ReadOnlyInvoker, nnsHash, domain)
+	if err != nil {
+		return nil, false, err
+	}
+	return nil, s == expectedHash, nil
+}
+
+func (c *InitializeContext) NNSRootRegistered(nnsHash util.Uint160, zone string) (bool, error) {
+	res, err := c.CommitteeAct.Call(nnsHash, "isAvailable", "name."+zone)
+	if err != nil {
+		return false, err
+	}
+
+	return res.State == vmstate.Halt.String(), nil
+}
+
+func (c *InitializeContext) IsUpdated(ctrHash util.Uint160, cs *ContractState) bool {
+	r := management.NewReader(c.ReadOnlyInvoker)
+	realCs, err := r.GetContract(ctrHash)
+	return err == nil && realCs != nil && realCs.NEF.Checksum == cs.NEF.Checksum
+}
+
+func (c *InitializeContext) GetContract(ctrName string) *ContractState {
+	return c.Contracts[ctrName]
+}
+
+func (c *InitializeContext) GetAlphabetDeployItems(i, n int) []any {
+	items := make([]any, 5)
+	items[0] = c.Contracts[constants.NetmapContract].Hash
+	items[1] = c.Contracts[constants.ProxyContract].Hash
+	items[2] = innerring.GlagoliticLetter(i).String()
+	items[3] = int64(i)
+	items[4] = int64(n)
+	return items
+}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/initialize_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/initialize_test.go
@ -0,0 +1,43 @@
+package helper
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestNextPollInterval(t *testing.T) {
+	var pollInterval time.Duration
+	var iteration int
+
+	pollInterval, hasChanged := NextPollInterval(iteration, pollInterval)
+	require.True(t, hasChanged)
+	require.Equal(t, time.Second, pollInterval)
+
+	iteration = 4
+	pollInterval, hasChanged = NextPollInterval(iteration, pollInterval)
+	require.False(t, hasChanged)
+	require.Equal(t, time.Second, pollInterval)
+
+	iteration = 5
+	pollInterval, hasChanged = NextPollInterval(iteration, pollInterval)
+	require.True(t, hasChanged)
+	require.Equal(t, 2*time.Second, pollInterval)
+
+	iteration = 10
+	pollInterval, hasChanged = NextPollInterval(iteration, pollInterval)
+	require.True(t, hasChanged)
+	require.Equal(t, 4*time.Second, pollInterval)
+
+	iteration = 20
+	pollInterval = 32 * time.Second
+	pollInterval, hasChanged = NextPollInterval(iteration, pollInterval)
+	require.True(t, hasChanged) // from 32s to 16s
+	require.Equal(t, 16*time.Second, pollInterval)
+
+	pollInterval = 16 * time.Second
+	pollInterval, hasChanged = NextPollInterval(iteration, pollInterval)
+	require.False(t, hasChanged)
+	require.Equal(t, 16*time.Second, pollInterval)
+}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/local_client.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/local_client.go
@ -1,4 +1,4 @@
-package morph
+package helper

 import (
 	"crypto/elliptic"
@ -8,6 +8,7 @@ import (
 	"sort"
 	"time"

+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/config"
 	"github.com/nspcc-dev/neo-go/pkg/core"
@ -38,16 +39,15 @@ import (
 	"go.uber.org/zap"
 )

-type localClient struct {
+type LocalClient struct {
 	bc           *core.Blockchain
 	transactions []*transaction.Transaction
 	dumpPath     string
 	accounts     []*wallet.Account
-	maxGasInvoke int64
 }

-func newLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet, dumpPath string) (*localClient, error) {
-	cfg, err := config.LoadFile(v.GetString(protoConfigPath))
+func NewLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet, dumpPath string) (*LocalClient, error) {
+	cfg, err := config.LoadFile(v.GetString(constants.ProtoConfigPath))
 	if err != nil {
 		return nil, err
 	}
@ -60,7 +60,7 @@ func newLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet
 	m := smartcontract.GetDefaultHonestNodeCount(int(cfg.ProtocolConfiguration.ValidatorsCount))
 	accounts := make([]*wallet.Account, len(wallets))
 	for i := range accounts {
-		accounts[i], err = getWalletAccount(wallets[i], consensusAccountName)
+		accounts[i], err = GetWalletAccount(wallets[i], constants.ConsensusAccountName)
 		if err != nil {
 			return nil, err
 		}
@ -102,23 +102,22 @@ func newLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet
 		}
 	}

-	return &localClient{
-		bc:           bc,
-		dumpPath:     dumpPath,
-		accounts:     accounts[:m],
-		maxGasInvoke: 15_0000_0000,
+	return &LocalClient{
+		bc:       bc,
+		dumpPath: dumpPath,
+		accounts: accounts[:m],
 	}, nil
 }

-func (l *localClient) GetBlockCount() (uint32, error) {
+func (l *LocalClient) GetBlockCount() (uint32, error) {
 	return l.bc.BlockHeight(), nil
 }

-func (l *localClient) GetNativeContracts() ([]state.NativeContract, error) {
+func (l *LocalClient) GetNativeContracts() ([]state.NativeContract, error) {
 	return l.bc.GetNatives(), nil
 }

-func (l *localClient) GetApplicationLog(h util.Uint256, t *trigger.Type) (*result.ApplicationLog, error) {
+func (l *LocalClient) GetApplicationLog(h util.Uint256, t *trigger.Type) (*result.ApplicationLog, error) {
 	aer, err := l.bc.GetAppExecResults(h, *t)
 	if err != nil {
 		return nil, err
@ -128,13 +127,13 @@ func (l *localClient) GetApplicationLog(h util.Uint256, t *trigger.Type) (*resul
 	return &a, nil
 }

-func (l *localClient) GetCommittee() (keys.PublicKeys, error) {
+func (l *LocalClient) GetCommittee() (keys.PublicKeys, error) {
 	// not used by `morph init` command
 	panic("unexpected call")
 }

 // InvokeFunction is implemented via `InvokeScript`.
-func (l *localClient) InvokeFunction(h util.Uint160, method string, sPrm []smartcontract.Parameter, ss []transaction.Signer) (*result.Invoke, error) {
+func (l *LocalClient) InvokeFunction(h util.Uint160, method string, sPrm []smartcontract.Parameter, ss []transaction.Signer) (*result.Invoke, error) {
 	var err error

 	pp := make([]any, len(sPrm))
@ -145,21 +144,21 @@ func (l *localClient) InvokeFunction(h util.Uint160, method string, sPrm []smart
 		}
 	}

-	return invokeFunction(l, h, method, pp, ss)
+	return InvokeFunction(l, h, method, pp, ss)
 }

-func (l *localClient) TerminateSession(_ uuid.UUID) (bool, error) {
+func (l *LocalClient) TerminateSession(_ uuid.UUID) (bool, error) {
 	// not used by `morph init` command
 	panic("unexpected call")
 }

-func (l *localClient) TraverseIterator(_, _ uuid.UUID, _ int) ([]stackitem.Item, error) {
+func (l *LocalClient) TraverseIterator(_, _ uuid.UUID, _ int) ([]stackitem.Item, error) {
 	// not used by `morph init` command
 	panic("unexpected call")
 }

 // GetVersion return default version.
-func (l *localClient) GetVersion() (*result.Version, error) {
+func (l *LocalClient) GetVersion() (*result.Version, error) {
 	c := l.bc.GetConfig()
 	return &result.Version{
 		Protocol: result.Protocol{
@ -180,7 +179,7 @@ func (l *localClient) GetVersion() (*result.Version, error) {
 	}, nil
 }

-func (l *localClient) InvokeContractVerify(util.Uint160, []smartcontract.Parameter, []transaction.Signer, ...transaction.Witness) (*result.Invoke, error) {
+func (l *LocalClient) InvokeContractVerify(util.Uint160, []smartcontract.Parameter, []transaction.Signer, ...transaction.Witness) (*result.Invoke, error) {
 	// not used by `morph init` command
 	panic("unexpected call")
 }
@ -188,7 +187,7 @@ func (l *localClient) InvokeContractVerify(util.Uint160, []smartcontract.Paramet
 // CalculateNetworkFee calculates network fee for the given transaction.
 // Copied from neo-go with minor corrections (no need to support non-notary mode):
 // https://github.com/nspcc-dev/neo-go/blob/v0.103.0/pkg/services/rpcsrv/server.go#L911
-func (l *localClient) CalculateNetworkFee(tx *transaction.Transaction) (int64, error) {
+func (l *LocalClient) CalculateNetworkFee(tx *transaction.Transaction) (int64, error) {
 	// Avoid setting hash for this tx: server code doesn't touch client transaction.
 	data := tx.Bytes()
 	tx, err := transaction.NewTransactionFromBytes(data)
@ -259,7 +258,7 @@ func (l *localClient) CalculateNetworkFee(tx *transaction.Transaction) (int64, e
 	return netFee, nil
 }

-func (l *localClient) InvokeScript(script []byte, signers []transaction.Signer) (*result.Invoke, error) {
+func (l *LocalClient) InvokeScript(script []byte, signers []transaction.Signer) (*result.Invoke, error) {
 	lastBlock, err := l.bc.GetBlock(l.bc.CurrentBlockHash())
 	if err != nil {
 		return nil, err
@ -295,7 +294,7 @@ func (l *localClient) InvokeScript(script []byte, signers []transaction.Signer)
 	}, nil
 }

-func (l *localClient) SendRawTransaction(tx *transaction.Transaction) (util.Uint256, error) {
+func (l *LocalClient) SendRawTransaction(tx *transaction.Transaction) (util.Uint256, error) {
 	// We need to test that transaction was formed correctly to catch as many errors as we can.
 	bs := tx.Bytes()
 	_, err := transaction.NewTransactionFromBytes(bs)
@ -307,7 +306,7 @@ func (l *localClient) SendRawTransaction(tx *transaction.Transaction) (util.Uint
 	return tx.Hash(), nil
 }

-func (l *localClient) putTransactions() error {
+func (l *LocalClient) putTransactions() error {
 	// 1. Prepare new block.
 	lastBlock, err := l.bc.GetBlock(l.bc.CurrentBlockHash())
 	if err != nil {
@ -349,7 +348,7 @@ func (l *localClient) putTransactions() error {
 	return l.bc.AddBlock(b)
 }

-func invokeFunction(c Client, h util.Uint160, method string, parameters []any, signers []transaction.Signer) (*result.Invoke, error) {
+func InvokeFunction(c Client, h util.Uint160, method string, parameters []any, signers []transaction.Signer) (*result.Invoke, error) {
 	w := io.NewBufBinWriter()
 	emit.Array(w.BinWriter, parameters...)
 	emit.AppCallNoArgs(w.BinWriter, h, method, callflag.All)
@ -361,7 +360,7 @@ func invokeFunction(c Client, h util.Uint160, method string, parameters []any, s

 var errGetDesignatedByRoleResponse = errors.New("`getDesignatedByRole`: invalid response")

-func getDesignatedByRole(inv *invoker.Invoker, h util.Uint160, role noderoles.Role, u uint32) (keys.PublicKeys, error) {
+func GetDesignatedByRole(inv *invoker.Invoker, h util.Uint160, role noderoles.Role, u uint32) (keys.PublicKeys, error) {
 	arr, err := unwrap.Array(inv.Call(h, "getDesignatedByRole", int64(role), int64(u)))
 	if err != nil {
 		return nil, errGetDesignatedByRoleResponse
@ -382,7 +381,7 @@ func getDesignatedByRole(inv *invoker.Invoker, h util.Uint160, role noderoles.Ro
 	return pubs, nil
 }

-func (l *localClient) dump() (err error) {
+func (l *LocalClient) Dump() (err error) {
 	defer l.bc.Close()

 	f, err := os.Create(l.dumpPath)
--- a/cmd/frostfs-adm/internal/modules/morph/helper/n3client.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/n3client.go
@ -1,4 +1,4 @@
-package morph
+package helper

 import (
 	"context"
@ -6,6 +6,7 @@ import (
 	"fmt"
 	"time"

+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
@ -34,19 +35,19 @@ type Client interface {
 	CalculateNetworkFee(tx *transaction.Transaction) (int64, error)
 }

-type hashVUBPair struct {
-	hash util.Uint256
-	vub  uint32
+type HashVUBPair struct {
+	Hash util.Uint256
+	Vub  uint32
 }

-type clientContext struct {
+type ClientContext struct {
 	Client          Client           // a raw neo-go client OR a local chain implementation
 	CommitteeAct    *actor.Actor     // committee actor with the Global witness scope
 	ReadOnlyInvoker *invoker.Invoker // R/O contract invoker, does not contain any signer
-	SentTxs         []hashVUBPair
+	SentTxs         []HashVUBPair
 }

-func getN3Client(v *viper.Viper) (Client, error) {
+func GetN3Client(v *viper.Viper) (Client, error) {
 	// number of opened connections
 	// by neo-go client per one host
 	const (
@ -55,7 +56,7 @@ func getN3Client(v *viper.Viper) (Client, error) {
 	)

 	ctx := context.Background()
-	endpoint := v.GetString(endpointFlag)
+	endpoint := v.GetString(commonflags.EndpointFlag)
 	if endpoint == "" {
 		return nil, errors.New("missing endpoint")
 	}
@ -72,26 +73,20 @@ func getN3Client(v *viper.Viper) (Client, error) {
 	return c, nil
 }

-func defaultClientContext(c Client, committeeAcc *wallet.Account) (*clientContext, error) {
-	commAct, err := actor.New(c, []actor.SignerAccount{{
-		Signer: transaction.Signer{
-			Account: committeeAcc.Contract.ScriptHash(),
-			Scopes:  transaction.Global,
-		},
-		Account: committeeAcc,
-	}})
+func DefaultClientContext(c Client, committeeAcc *wallet.Account) (*ClientContext, error) {
+	commAct, err := NewActor(c, committeeAcc)
 	if err != nil {
 		return nil, err
 	}

-	return &clientContext{
+	return &ClientContext{
 		Client:          c,
 		CommitteeAct:    commAct,
 		ReadOnlyInvoker: invoker.New(c, nil),
 	}, nil
 }

-func (c *clientContext) sendTx(tx *transaction.Transaction, cmd *cobra.Command, await bool) error {
+func (c *ClientContext) SendTx(tx *transaction.Transaction, cmd *cobra.Command, await bool) error {
 	h, err := c.Client.SendRawTransaction(tx)
 	if err != nil {
 		return err
@ -101,10 +96,27 @@ func (c *clientContext) sendTx(tx *transaction.Transaction, cmd *cobra.Command,
 		return fmt.Errorf("sent and actual tx hashes mismatch:\n\tsent: %v\n\tactual: %v", tx.Hash().StringLE(), h.StringLE())
 	}

-	c.SentTxs = append(c.SentTxs, hashVUBPair{hash: h, vub: tx.ValidUntilBlock})
+	c.SentTxs = append(c.SentTxs, HashVUBPair{Hash: h, Vub: tx.ValidUntilBlock})

 	if await {
-		return c.awaitTx(cmd)
+		return c.AwaitTx(cmd)
 	}
 	return nil
 }
+
+func (c *ClientContext) AwaitTx(cmd *cobra.Command) error {
+	if len(c.SentTxs) == 0 {
+		return nil
+	}
+
+	if local, ok := c.Client.(*LocalClient); ok {
+		if err := local.putTransactions(); err != nil {
+			return fmt.Errorf("can't persist transactions: %w", err)
+		}
+	}
+
+	err := AwaitTx(cmd, c.Client, c.SentTxs)
+	c.SentTxs = c.SentTxs[:0]
+
+	return err
+}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/netmap.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/netmap.go
@ -0,0 +1,125 @@
+package helper
+
+import (
+	"errors"
+	"fmt"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/netmap"
+	"github.com/nspcc-dev/neo-go/pkg/io"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
+	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
+	"github.com/spf13/viper"
+)
+
+var NetmapConfigKeys = []string{
+	netmap.EpochDurationConfig,
+	netmap.MaxObjectSizeConfig,
+	netmap.ContainerFeeConfig,
+	netmap.ContainerAliasFeeConfig,
+	netmap.IrCandidateFeeConfig,
+	netmap.WithdrawFeeConfig,
+	netmap.HomomorphicHashingDisabledKey,
+	netmap.MaintenanceModeAllowedConfig,
+}
+
+var errFailedToFetchListOfNetworkKeys = errors.New("can't fetch list of network config keys from the netmap contract")
+
+func GetDefaultNetmapContractConfigMap() map[string]any {
+	m := make(map[string]any)
+	m[netmap.EpochDurationConfig] = viper.GetInt64(commonflags.EpochDurationInitFlag)
+	m[netmap.MaxObjectSizeConfig] = viper.GetInt64(commonflags.MaxObjectSizeInitFlag)
+	m[netmap.MaxECDataCountConfig] = viper.GetInt64(commonflags.MaxECDataCountFlag)
+	m[netmap.MaxECParityCountConfig] = viper.GetInt64(commonflags.MaxECParityCounFlag)
+	m[netmap.ContainerFeeConfig] = viper.GetInt64(commonflags.ContainerFeeInitFlag)
+	m[netmap.ContainerAliasFeeConfig] = viper.GetInt64(commonflags.ContainerAliasFeeInitFlag)
+	m[netmap.IrCandidateFeeConfig] = viper.GetInt64(commonflags.CandidateFeeInitFlag)
+	m[netmap.WithdrawFeeConfig] = viper.GetInt64(commonflags.WithdrawFeeInitFlag)
+	m[netmap.HomomorphicHashingDisabledKey] = viper.GetBool(commonflags.HomomorphicHashDisabledInitFlag)
+	m[netmap.MaintenanceModeAllowedConfig] = viper.GetBool(commonflags.MaintenanceModeAllowedInitFlag)
+	return m
+}
+
+func ParseConfigFromNetmapContract(arr []stackitem.Item) (map[string][]byte, error) {
+	m := make(map[string][]byte, len(arr))
+	for _, param := range arr {
+		tuple, ok := param.Value().([]stackitem.Item)
+		if !ok || len(tuple) != 2 {
+			return nil, errors.New("invalid ListConfig response from netmap contract")
+		}
+
+		k, err := tuple[0].TryBytes()
+		if err != nil {
+			return nil, errors.New("invalid config key from netmap contract")
+		}
+
+		v, err := tuple[1].TryBytes()
+		if err != nil {
+			return nil, InvalidConfigValueErr(string(k))
+		}
+		m[string(k)] = v
+	}
+	return m, nil
+}
+
+func InvalidConfigValueErr(key string) error {
+	return fmt.Errorf("invalid %s config value from netmap contract", key)
+}
+
+func EmitNewEpochCall(bw *io.BufBinWriter, wCtx *InitializeContext, nmHash util.Uint160) error {
+	curr, err := unwrap.Int64(wCtx.ReadOnlyInvoker.Call(nmHash, "epoch"))
+	if err != nil {
+		return errors.New("can't fetch current epoch from the netmap contract")
+	}
+
+	newEpoch := curr + 1
+	wCtx.Command.Printf("Current epoch: %d, increase to %d.\n", curr, newEpoch)
+
+	// In NeoFS this is done via Notary contract. Here, however, we can form the
+	// transaction locally.
+	emit.AppCall(bw.BinWriter, nmHash, "newEpoch", callflag.All, newEpoch)
+	return bw.Err
+}
+
+func GetNetConfigFromNetmapContract(roInvoker *invoker.Invoker) ([]stackitem.Item, error) {
+	r := management.NewReader(roInvoker)
+	cs, err := r.GetContractByID(1)
+	if err != nil {
+		return nil, fmt.Errorf("get nns contract: %w", err)
+	}
+	nmHash, err := NNSResolveHash(roInvoker, cs.Hash, DomainOf(constants.NetmapContract))
+	if err != nil {
+		return nil, fmt.Errorf("can't get netmap contract hash: %w", err)
+	}
+	arr, err := unwrap.Array(roInvoker.Call(nmHash, "listConfig"))
+	if err != nil {
+		return nil, errFailedToFetchListOfNetworkKeys
+	}
+	return arr, err
+}
+
+func MergeNetmapConfig(roInvoker *invoker.Invoker, md map[string]any) error {
+	arr, err := GetNetConfigFromNetmapContract(roInvoker)
+	if err != nil {
+		return err
+	}
+	m, err := ParseConfigFromNetmapContract(arr)
+	if err != nil {
+		return err
+	}
+	for k, v := range m {
+		for _, key := range NetmapConfigKeys {
+			if k == key {
+				md[k] = v
+				break
+			}
+		}
+	}
+	return nil
+}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/util.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/util.go
@ -0,0 +1,177 @@
+package helper
+
+import (
+	"archive/tar"
+	"compress/gzip"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
+	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
+	"github.com/nspcc-dev/neo-go/pkg/wallet"
+	"github.com/spf13/viper"
+)
+
+func GetAlphabetWallets(v *viper.Viper, walletDir string) ([]*wallet.Wallet, error) {
+	wallets, err := openAlphabetWallets(v, walletDir)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(wallets) > constants.MaxAlphabetNodes {
+		return nil, ErrTooManyAlphabetNodes
+	}
+	return wallets, nil
+}
+
+func openAlphabetWallets(v *viper.Viper, walletDir string) ([]*wallet.Wallet, error) {
+	walletFiles, err := os.ReadDir(walletDir)
+	if err != nil {
+		return nil, fmt.Errorf("can't read alphabet wallets dir: %w", err)
+	}
+
+	var size int
+loop:
+	for i := 0; i < len(walletFiles); i++ {
+		name := innerring.GlagoliticLetter(i).String() + ".json"
+		for j := range walletFiles {
+			if walletFiles[j].Name() == name {
+				size++
+				continue loop
+			}
+		}
+		break
+	}
+	if size == 0 {
+		return nil, errors.New("alphabet wallets dir is empty (run `generate-alphabet` command first)")
+	}
+
+	wallets := make([]*wallet.Wallet, size)
+	for i := 0; i < size; i++ {
+		letter := innerring.GlagoliticLetter(i).String()
+		p := filepath.Join(walletDir, letter+".json")
+		w, err := wallet.NewWalletFromFile(p)
+		if err != nil {
+			return nil, fmt.Errorf("can't open wallet: %w", err)
+		}
+
+		password, err := config.GetPassword(v, letter)
+		if err != nil {
+			return nil, fmt.Errorf("can't fetch password: %w", err)
+		}
+
+		for i := range w.Accounts {
+			if err := w.Accounts[i].Decrypt(password, keys.NEP2ScryptParams()); err != nil {
+				return nil, fmt.Errorf("can't unlock wallet: %w", err)
+			}
+		}
+
+		wallets[i] = w
+	}
+
+	return wallets, nil
+}
+
+func NewActor(c actor.RPCActor, committeeAcc *wallet.Account) (*actor.Actor, error) {
+	return actor.New(c, []actor.SignerAccount{{
+		Signer: transaction.Signer{
+			Account: committeeAcc.Contract.ScriptHash(),
+			Scopes:  transaction.Global,
+		},
+		Account: committeeAcc,
+	}})
+}
+
+func ReadContract(ctrPath, ctrName string) (*ContractState, error) {
+	rawNef, err := os.ReadFile(filepath.Join(ctrPath, ctrName+"_contract.nef"))
+	if err != nil {
+		return nil, fmt.Errorf("can't read NEF file for %s contract: %w", ctrName, err)
+	}
+	rawManif, err := os.ReadFile(filepath.Join(ctrPath, "config.json"))
+	if err != nil {
+		return nil, fmt.Errorf("can't read manifest file for %s contract: %w", ctrName, err)
+	}
+
+	cs := &ContractState{
+		RawNEF:      rawNef,
+		RawManifest: rawManif,
+	}
+
+	return cs, cs.Parse()
+}
+
+func readContractsFromArchive(file io.Reader, names []string) (map[string]*ContractState, error) {
+	m := make(map[string]*ContractState, len(names))
+	for i := range names {
+		m[names[i]] = new(ContractState)
+	}
+
+	gr, err := gzip.NewReader(file)
+	if err != nil {
+		return nil, fmt.Errorf("contracts file must be tar.gz archive: %w", err)
+	}
+
+	r := tar.NewReader(gr)
+	for h, err := r.Next(); ; h, err = r.Next() {
+		if err != nil {
+			break
+		}
+
+		dir, _ := filepath.Split(h.Name)
+		ctrName := filepath.Base(dir)
+
+		cs, ok := m[ctrName]
+		if !ok {
+			continue
+		}
+
+		switch {
+		case strings.HasSuffix(h.Name, filepath.Join(ctrName, ctrName+"_contract.nef")):
+			cs.RawNEF, err = io.ReadAll(r)
+			if err != nil {
+				return nil, fmt.Errorf("can't read NEF file for %s contract: %w", ctrName, err)
+			}
+		case strings.HasSuffix(h.Name, "config.json"):
+			cs.RawManifest, err = io.ReadAll(r)
+			if err != nil {
+				return nil, fmt.Errorf("can't read manifest file for %s contract: %w", ctrName, err)
+			}
+		}
+		m[ctrName] = cs
+	}
+
+	for ctrName, cs := range m {
+		if cs.RawNEF == nil {
+			return nil, fmt.Errorf("NEF for %s contract wasn't found", ctrName)
+		}
+		if cs.RawManifest == nil {
+			return nil, fmt.Errorf("manifest for %s contract wasn't found", ctrName)
+		}
+	}
+	return m, nil
+}
+
+func GetAlphabetNNSDomain(i int) string {
+	return constants.AlphabetContract + strconv.FormatUint(uint64(i), 10) + ".frostfs"
+}
+
+func ParseGASAmount(s string) (fixedn.Fixed8, error) {
+	gasAmount, err := fixedn.Fixed8FromString(s)
+	if err != nil {
+		return 0, fmt.Errorf("invalid GAS amount %s: %w", s, err)
+	}
+	if gasAmount <= 0 {
+		return 0, fmt.Errorf("GAS amount must be positive (got %d)", gasAmount)
+	}
+	return gasAmount, nil
+}
--- a/cmd/frostfs-adm/internal/modules/morph/helper/wallet.go
+++ b/cmd/frostfs-adm/internal/modules/morph/helper/wallet.go
@ -0,0 +1,76 @@
+package helper
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/wallet"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+func InitializeContractWallet(v *viper.Viper, walletDir string) (*wallet.Wallet, error) {
+	password, err := config.GetPassword(v, constants.ContractWalletPasswordKey)
+	if err != nil {
+		return nil, err
+	}
+
+	w, err := wallet.NewWallet(filepath.Join(walletDir, constants.ContractWalletFilename))
+	if err != nil {
+		return nil, err
+	}
+
+	acc, err := wallet.NewAccount()
+	if err != nil {
+		return nil, err
+	}
+
+	err = acc.Encrypt(password, keys.NEP2ScryptParams())
+	if err != nil {
+		return nil, err
+	}
+
+	w.AddAccount(acc)
+	if err := w.SavePretty(); err != nil {
+		return nil, err
+	}
+
+	return w, nil
+}
+
+func openContractWallet(v *viper.Viper, cmd *cobra.Command, walletDir string) (*wallet.Wallet, error) {
+	p := filepath.Join(walletDir, constants.ContractWalletFilename)
+	w, err := wallet.NewWalletFromFile(p)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			return nil, fmt.Errorf("can't open wallet: %w", err)
+		}
+
+		cmd.Printf("Contract group wallet is missing, initialize at %s\n", p)
+		return InitializeContractWallet(v, walletDir)
+	}
+
+	password, err := config.GetPassword(v, constants.ContractWalletPasswordKey)
+	if err != nil {
+		return nil, err
+	}
+
+	for i := range w.Accounts {
+		if err := w.Accounts[i].Decrypt(password, keys.NEP2ScryptParams()); err != nil {
+			return nil, fmt.Errorf("can't unlock wallet: %w", err)
+		}
+	}
+
+	return w, nil
+}
+
+func getWallet(cmd *cobra.Command, v *viper.Viper, needContracts bool, walletDir string) (*wallet.Wallet, error) {
+	if !needContracts {
+		return nil, nil
+	}
+	return openContractWallet(v, cmd, walletDir)
+}
--- a/cmd/frostfs-adm/internal/modules/morph/initialize.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize.go
@ -1,530 +0,0 @@
-package morph
-
-import (
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-	"time"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
-	morphClient "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
-	"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
-	"github.com/nspcc-dev/neo-go/pkg/core/state"
-	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
-	"github.com/nspcc-dev/neo-go/pkg/util"
-	"github.com/nspcc-dev/neo-go/pkg/vm/vmstate"
-	"github.com/nspcc-dev/neo-go/pkg/wallet"
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-const (
-	// maxAlphabetNodes is the maximum number of candidates allowed, which is currently limited by the size
-	// of the invocation script.
-	// See: https://github.com/nspcc-dev/neo-go/blob/740488f7f35e367eaa99a71c0a609c315fe2b0fc/pkg/core/transaction/witness.go#L10
-	maxAlphabetNodes = 22
-)
-
-type cache struct {
-	nnsCs    *state.Contract
-	groupKey *keys.PublicKey
-}
-
-type initializeContext struct {
-	clientContext
-	cache
-	// CommitteeAcc is used for retrieving the committee address and the verification script.
-	CommitteeAcc *wallet.Account
-	// ConsensusAcc is used for retrieving the committee address and the verification script.
-	ConsensusAcc *wallet.Account
-	Wallets      []*wallet.Wallet
-	// ContractWallet is a wallet for providing the contract group signature.
-	ContractWallet *wallet.Wallet
-	// Accounts contains simple signature accounts in the same order as in Wallets.
-	Accounts     []*wallet.Account
-	Contracts    map[string]*contractState
-	Command      *cobra.Command
-	ContractPath string
-}
-
-var ErrTooManyAlphabetNodes = fmt.Errorf("too many alphabet nodes (maximum allowed is %d)", maxAlphabetNodes)
-
-func initializeSideChainCmd(cmd *cobra.Command, _ []string) error {
-	initCtx, err := newInitializeContext(cmd, viper.GetViper())
-	if err != nil {
-		return fmt.Errorf("initialization error: %w", err)
-	}
-	defer initCtx.close()
-
-	// 1. Transfer funds to committee accounts.
-	cmd.Println("Stage 1: transfer GAS to alphabet nodes.")
-	if err := initCtx.transferFunds(); err != nil {
-		return err
-	}
-
-	cmd.Println("Stage 2: set notary and alphabet nodes in designate contract.")
-	if err := initCtx.setNotaryAndAlphabetNodes(); err != nil {
-		return err
-	}
-
-	// 3. Deploy NNS contract.
-	cmd.Println("Stage 3: deploy NNS contract.")
-	if err := initCtx.deployNNS(deployMethodName); err != nil {
-		return err
-	}
-
-	// 4. Deploy NeoFS contracts.
-	cmd.Println("Stage 4: deploy NeoFS contracts.")
-	if err := initCtx.deployContracts(); err != nil {
-		return err
-	}
-
-	cmd.Println("Stage 4.1: Transfer GAS to proxy contract.")
-	if err := initCtx.transferGASToProxy(); err != nil {
-		return err
-	}
-
-	cmd.Println("Stage 5: register candidates.")
-	if err := initCtx.registerCandidates(); err != nil {
-		return err
-	}
-
-	cmd.Println("Stage 6: transfer NEO to alphabet contracts.")
-	if err := initCtx.transferNEOToAlphabetContracts(); err != nil {
-		return err
-	}
-
-	cmd.Println("Stage 7: set addresses in NNS.")
-	return initCtx.setNNS()
-}
-
-func (c *initializeContext) close() {
-	if local, ok := c.Client.(*localClient); ok {
-		err := local.dump()
-		if err != nil {
-			c.Command.PrintErrf("Can't write dump: %v\n", err)
-			os.Exit(1)
-		}
-	}
-}
-
-func newInitializeContext(cmd *cobra.Command, v *viper.Viper) (*initializeContext, error) {
-	walletDir := config.ResolveHomePath(viper.GetString(alphabetWalletsFlag))
-	wallets, err := openAlphabetWallets(v, walletDir)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(wallets) > maxAlphabetNodes {
-		return nil, ErrTooManyAlphabetNodes
-	}
-
-	needContracts := cmd.Name() == "update-contracts" || cmd.Name() == "init"
-
-	var w *wallet.Wallet
-	w, err = getWallet(cmd, v, needContracts, walletDir)
-	if err != nil {
-		return nil, err
-	}
-
-	c, err := createClient(cmd, v, wallets)
-	if err != nil {
-		return nil, err
-	}
-
-	committeeAcc, err := getWalletAccount(wallets[0], committeeAccountName)
-	if err != nil {
-		return nil, fmt.Errorf("can't find committee account: %w", err)
-	}
-
-	consensusAcc, err := getWalletAccount(wallets[0], consensusAccountName)
-	if err != nil {
-		return nil, fmt.Errorf("can't find consensus account: %w", err)
-	}
-
-	if err := validateInit(cmd); err != nil {
-		return nil, err
-	}
-
-	ctrPath, err := getContractsPath(cmd, needContracts)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := checkNotaryEnabled(c); err != nil {
-		return nil, err
-	}
-
-	accounts, err := createWalletAccounts(wallets)
-	if err != nil {
-		return nil, err
-	}
-
-	cliCtx, err := defaultClientContext(c, committeeAcc)
-	if err != nil {
-		return nil, fmt.Errorf("client context: %w", err)
-	}
-
-	initCtx := &initializeContext{
-		clientContext:  *cliCtx,
-		ConsensusAcc:   consensusAcc,
-		CommitteeAcc:   committeeAcc,
-		ContractWallet: w,
-		Wallets:        wallets,
-		Accounts:       accounts,
-		Command:        cmd,
-		Contracts:      make(map[string]*contractState),
-		ContractPath:   ctrPath,
-	}
-
-	if needContracts {
-		err := initCtx.readContracts(fullContractList)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	return initCtx, nil
-}
-
-func validateInit(cmd *cobra.Command) error {
-	if cmd.Name() != "init" {
-		return nil
-	}
-	if viper.GetInt64(epochDurationInitFlag) <= 0 {
-		return fmt.Errorf("epoch duration must be positive")
-	}
-
-	if viper.GetInt64(maxObjectSizeInitFlag) <= 0 {
-		return fmt.Errorf("max object size must be positive")
-	}
-
-	return nil
-}
-
-func createClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet) (Client, error) {
-	var c Client
-	var err error
-	if ldf := cmd.Flags().Lookup(localDumpFlag); ldf != nil && ldf.Changed {
-		if cmd.Flags().Changed(endpointFlag) {
-			return nil, fmt.Errorf("`%s` and `%s` flags are mutually exclusive", endpointFlag, localDumpFlag)
-		}
-		c, err = newLocalClient(cmd, v, wallets, ldf.Value.String())
-	} else {
-		c, err = getN3Client(v)
-	}
-	if err != nil {
-		return nil, fmt.Errorf("can't create N3 client: %w", err)
-	}
-	return c, nil
-}
-
-func getWallet(cmd *cobra.Command, v *viper.Viper, needContracts bool, walletDir string) (*wallet.Wallet, error) {
-	if !needContracts {
-		return nil, nil
-	}
-	return openContractWallet(v, cmd, walletDir)
-}
-
-func getContractsPath(cmd *cobra.Command, needContracts bool) (string, error) {
-	if !needContracts {
-		return "", nil
-	}
-
-	ctrPath, err := cmd.Flags().GetString(contractsInitFlag)
-	if err != nil {
-		return "", fmt.Errorf("invalid contracts path: %w", err)
-	}
-	return ctrPath, nil
-}
-
-func createWalletAccounts(wallets []*wallet.Wallet) ([]*wallet.Account, error) {
-	accounts := make([]*wallet.Account, len(wallets))
-	for i, w := range wallets {
-		acc, err := getWalletAccount(w, singleAccountName)
-		if err != nil {
-			return nil, fmt.Errorf("wallet %s is invalid (no single account): %w", w.Path(), err)
-		}
-		accounts[i] = acc
-	}
-	return accounts, nil
-}
-
-func openAlphabetWallets(v *viper.Viper, walletDir string) ([]*wallet.Wallet, error) {
-	walletFiles, err := os.ReadDir(walletDir)
-	if err != nil {
-		return nil, fmt.Errorf("can't read alphabet wallets dir: %w", err)
-	}
-
-	var size int
-loop:
-	for i := 0; i < len(walletFiles); i++ {
-		name := innerring.GlagoliticLetter(i).String() + ".json"
-		for j := range walletFiles {
-			if walletFiles[j].Name() == name {
-				size++
-				continue loop
-			}
-		}
-		break
-	}
-	if size == 0 {
-		return nil, errors.New("alphabet wallets dir is empty (run `generate-alphabet` command first)")
-	}
-
-	wallets := make([]*wallet.Wallet, size)
-	for i := 0; i < size; i++ {
-		letter := innerring.GlagoliticLetter(i).String()
-		p := filepath.Join(walletDir, letter+".json")
-		w, err := wallet.NewWalletFromFile(p)
-		if err != nil {
-			return nil, fmt.Errorf("can't open wallet: %w", err)
-		}
-
-		password, err := config.GetPassword(v, letter)
-		if err != nil {
-			return nil, fmt.Errorf("can't fetch password: %w", err)
-		}
-
-		for i := range w.Accounts {
-			if err := w.Accounts[i].Decrypt(password, keys.NEP2ScryptParams()); err != nil {
-				return nil, fmt.Errorf("can't unlock wallet: %w", err)
-			}
-		}
-
-		wallets[i] = w
-	}
-
-	return wallets, nil
-}
-
-func (c *initializeContext) awaitTx() error {
-	return c.clientContext.awaitTx(c.Command)
-}
-
-func (c *initializeContext) nnsContractState() (*state.Contract, error) {
-	if c.nnsCs != nil {
-		return c.nnsCs, nil
-	}
-
-	r := management.NewReader(c.ReadOnlyInvoker)
-	cs, err := r.GetContractByID(1)
-	if err != nil {
-		return nil, err
-	}
-
-	c.nnsCs = cs
-	return cs, nil
-}
-
-func (c *initializeContext) getSigner(tryGroup bool, acc *wallet.Account) transaction.Signer {
-	if tryGroup && c.groupKey != nil {
-		return transaction.Signer{
-			Account:       acc.Contract.ScriptHash(),
-			Scopes:        transaction.CustomGroups,
-			AllowedGroups: keys.PublicKeys{c.groupKey},
-		}
-	}
-
-	signer := transaction.Signer{
-		Account: acc.Contract.ScriptHash(),
-		Scopes:  transaction.Global, // Scope is important, as we have nested call to container contract.
-	}
-
-	if !tryGroup {
-		return signer
-	}
-
-	nnsCs, err := c.nnsContractState()
-	if err != nil {
-		return signer
-	}
-
-	groupKey, err := nnsResolveKey(c.ReadOnlyInvoker, nnsCs.Hash, morphClient.NNSGroupKeyName)
-	if err == nil {
-		c.groupKey = groupKey
-
-		signer.Scopes = transaction.CustomGroups
-		signer.AllowedGroups = keys.PublicKeys{groupKey}
-	}
-	return signer
-}
-
-func (c *clientContext) awaitTx(cmd *cobra.Command) error {
-	if len(c.SentTxs) == 0 {
-		return nil
-	}
-
-	if local, ok := c.Client.(*localClient); ok {
-		if err := local.putTransactions(); err != nil {
-			return fmt.Errorf("can't persist transactions: %w", err)
-		}
-	}
-
-	err := awaitTx(cmd, c.Client, c.SentTxs)
-	c.SentTxs = c.SentTxs[:0]
-
-	return err
-}
-
-func awaitTx(cmd *cobra.Command, c Client, txs []hashVUBPair) error {
-	cmd.Println("Waiting for transactions to persist...")
-
-	at := trigger.Application
-
-	var retErr error
-
-loop:
-	for i := range txs {
-		var it int
-		var pollInterval time.Duration
-		var pollIntervalChanged bool
-		for {
-			// We must fetch current height before application log, to avoid race condition.
-			currBlock, err := c.GetBlockCount()
-			if err != nil {
-				return fmt.Errorf("can't fetch current block height: %w", err)
-			}
-			res, err := c.GetApplicationLog(txs[i].hash, &at)
-			if err == nil {
-				if retErr == nil && len(res.Executions) > 0 && res.Executions[0].VMState != vmstate.Halt {
-					retErr = fmt.Errorf("tx %d persisted in %s state: %s",
-						i, res.Executions[0].VMState, res.Executions[0].FaultException)
-				}
-				continue loop
-			}
-			if txs[i].vub < currBlock {
-				return fmt.Errorf("tx was not persisted: vub=%d, height=%d", txs[i].vub, currBlock)
-			}
-
-			pollInterval, pollIntervalChanged = nextPollInterval(it, pollInterval)
-			if pollIntervalChanged && viper.GetBool(commonflags.Verbose) {
-				cmd.Printf("Pool interval to check transaction persistence changed: %s\n", pollInterval.String())
-			}
-
-			timer := time.NewTimer(pollInterval)
-			select {
-			case <-cmd.Context().Done():
-				return cmd.Context().Err()
-			case <-timer.C:
-			}
-
-			it++
-		}
-	}
-
-	return retErr
-}
-
-func nextPollInterval(it int, previous time.Duration) (time.Duration, bool) {
-	const minPollInterval = 1 * time.Second
-	const maxPollInterval = 16 * time.Second
-	const changeAfter = 5
-	if it == 0 {
-		return minPollInterval, true
-	}
-	if it%changeAfter != 0 {
-		return previous, false
-	}
-	nextInterval := previous * 2
-	if nextInterval > maxPollInterval {
-		return maxPollInterval, previous != maxPollInterval
-	}
-	return nextInterval, true
-}
-
-// sendCommitteeTx creates transaction from script, signs it by committee nodes and sends it to RPC.
-// If tryGroup is false, global scope is used for the signer (useful when
-// working with native contracts).
-func (c *initializeContext) sendCommitteeTx(script []byte, tryGroup bool) error {
-	return c.sendMultiTx(script, tryGroup, false)
-}
-
-// sendConsensusTx creates transaction from script, signs it by alphabet nodes and sends it to RPC.
-// Not that because this is used only after the contracts were initialized and deployed,
-// we always try to have a group scope.
-func (c *initializeContext) sendConsensusTx(script []byte) error {
-	return c.sendMultiTx(script, true, true)
-}
-
-func (c *initializeContext) sendMultiTx(script []byte, tryGroup bool, withConsensus bool) error {
-	var act *actor.Actor
-	var err error
-
-	withConsensus = withConsensus && !c.ConsensusAcc.Contract.ScriptHash().Equals(c.CommitteeAcc.ScriptHash())
-	if tryGroup {
-		// Even for consensus signatures we need the committee to pay.
-		signers := make([]actor.SignerAccount, 1, 2)
-		signers[0] = actor.SignerAccount{
-			Signer:  c.getSigner(tryGroup, c.CommitteeAcc),
-			Account: c.CommitteeAcc,
-		}
-		if withConsensus {
-			signers = append(signers, actor.SignerAccount{
-				Signer:  c.getSigner(tryGroup, c.ConsensusAcc),
-				Account: c.ConsensusAcc,
-			})
-		}
-		act, err = actor.New(c.Client, signers)
-	} else {
-		if withConsensus {
-			panic("BUG: should never happen")
-		}
-		act, err = c.CommitteeAct, nil
-	}
-	if err != nil {
-		return fmt.Errorf("could not create actor: %w", err)
-	}
-
-	tx, err := act.MakeUnsignedRun(script, []transaction.Attribute{{Type: transaction.HighPriority}})
-	if err != nil {
-		return fmt.Errorf("could not perform test invocation: %w", err)
-	}
-
-	if err := c.multiSign(tx, committeeAccountName); err != nil {
-		return err
-	}
-	if withConsensus {
-		if err := c.multiSign(tx, consensusAccountName); err != nil {
-			return err
-		}
-	}
-
-	return c.sendTx(tx, c.Command, false)
-}
-
-func getWalletAccount(w *wallet.Wallet, typ string) (*wallet.Account, error) {
-	for i := range w.Accounts {
-		if w.Accounts[i].Label == typ {
-			return w.Accounts[i], nil
-		}
-	}
-	return nil, fmt.Errorf("account for '%s' not found", typ)
-}
-
-func checkNotaryEnabled(c Client) error {
-	ns, err := c.GetNativeContracts()
-	if err != nil {
-		return fmt.Errorf("can't get native contract hashes: %w", err)
-	}
-
-	notaryEnabled := false
-	nativeHashes := make(map[string]util.Uint160, len(ns))
-	for i := range ns {
-		if ns[i].Manifest.Name == nativenames.Notary {
-			notaryEnabled = true
-		}
-		nativeHashes[ns[i].Manifest.Name] = ns[i].Hash
-	}
-	if !notaryEnabled {
-		return errors.New("notary contract must be enabled")
-	}
-	return nil
-}
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize.go
@ -0,0 +1,59 @@
+package initialize
+
+import (
+	"fmt"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+func initializeSideChainCmd(cmd *cobra.Command, _ []string) error {
+	initCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
+	if err != nil {
+		return fmt.Errorf("initialization error: %w", err)
+	}
+	defer initCtx.Close()
+
+	// 1. Transfer funds to committee accounts.
+	cmd.Println("Stage 1: transfer GAS to alphabet nodes.")
+	if err := transferFunds(initCtx); err != nil {
+		return err
+	}
+
+	cmd.Println("Stage 2: set notary and alphabet nodes in designate contract.")
+	if err := setNotaryAndAlphabetNodes(initCtx); err != nil {
+		return err
+	}
+
+	// 3. Deploy NNS contract.
+	cmd.Println("Stage 3: deploy NNS contract.")
+	if err := helper.DeployNNS(initCtx, constants.DeployMethodName); err != nil {
+		return err
+	}
+
+	// 4. Deploy NeoFS contracts.
+	cmd.Println("Stage 4: deploy NeoFS contracts.")
+	if err := deployContracts(initCtx); err != nil {
+		return err
+	}
+
+	cmd.Println("Stage 4.1: Transfer GAS to proxy contract.")
+	if err := transferGASToProxy(initCtx); err != nil {
+		return err
+	}
+
+	cmd.Println("Stage 5: register candidates.")
+	if err := registerCandidates(initCtx); err != nil {
+		return err
+	}
+
+	cmd.Println("Stage 6: transfer NEO to alphabet contracts.")
+	if err := transferNEOToAlphabetContracts(initCtx); err != nil {
+		return err
+	}
+
+	cmd.Println("Stage 7: set addresses in NNS.")
+	return setNNS(initCtx)
+}
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_deploy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_deploy.go
@ -0,0 +1,80 @@
+package initialize
+
+import (
+	"fmt"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
+	"github.com/nspcc-dev/neo-go/pkg/core/state"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
+)
+
+func deployContracts(c *helper.InitializeContext) error {
+	alphaCs := c.GetContract(constants.AlphabetContract)
+
+	var keysParam []any
+
+	baseGroups := alphaCs.Manifest.Groups
+
+	// alphabet contracts should be deployed by individual nodes to get different hashes.
+	for i, acc := range c.Accounts {
+		ctrHash := state.CreateContractHash(acc.Contract.ScriptHash(), alphaCs.NEF.Checksum, alphaCs.Manifest.Name)
+		if c.IsUpdated(ctrHash, alphaCs) {
+			c.Command.Printf("Alphabet contract #%d is already deployed.\n", i)
+			continue
+		}
+
+		alphaCs.Manifest.Groups = baseGroups
+		err := helper.AddManifestGroup(c.ContractWallet, ctrHash, alphaCs)
+		if err != nil {
+			return fmt.Errorf("can't sign manifest group: %v", err)
+		}
+
+		keysParam = append(keysParam, acc.PrivateKey().PublicKey().Bytes())
+		params := helper.GetContractDeployParameters(alphaCs, c.GetAlphabetDeployItems(i, len(c.Wallets)))
+
+		act, err := actor.NewSimple(c.Client, acc)
+		if err != nil {
+			return fmt.Errorf("could not create actor: %w", err)
+		}
+
+		txHash, vub, err := act.SendCall(management.Hash, constants.DeployMethodName, params...)
+		if err != nil {
+			return fmt.Errorf("can't deploy alphabet #%d contract: %w", i, err)
+		}
+
+		c.SentTxs = append(c.SentTxs, helper.HashVUBPair{Hash: txHash, Vub: vub})
+	}
+
+	for _, ctrName := range constants.ContractList {
+		cs := c.GetContract(ctrName)
+
+		ctrHash := cs.Hash
+		if c.IsUpdated(ctrHash, cs) {
+			c.Command.Printf("%s contract is already deployed.\n", ctrName)
+			continue
+		}
+
+		err := helper.AddManifestGroup(c.ContractWallet, ctrHash, cs)
+		if err != nil {
+			return fmt.Errorf("can't sign manifest group: %v", err)
+		}
+
+		args, err := helper.GetContractDeployData(c, ctrName, keysParam, constants.DeployMethodName)
+		if err != nil {
+			return fmt.Errorf("%s: getting deploy params: %v", ctrName, err)
+		}
+		params := helper.GetContractDeployParameters(cs, args)
+		res, err := c.CommitteeAct.MakeCall(management.Hash, constants.DeployMethodName, params...)
+		if err != nil {
+			return fmt.Errorf("can't deploy %s contract: %w", ctrName, err)
+		}
+
+		if err := c.SendCommitteeTx(res.Script, false); err != nil {
+			return err
+		}
+	}
+
+	return c.AwaitTx()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_nns.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_nns.go
@ -0,0 +1,135 @@
+package initialize
+
+import (
+	"encoding/hex"
+	"fmt"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
+	morphClient "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
+	"github.com/nspcc-dev/neo-go/pkg/core/state"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/nspcc-dev/neo-go/pkg/io"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
+	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
+)
+
+func setNNS(c *helper.InitializeContext) error {
+	r := management.NewReader(c.ReadOnlyInvoker)
+	nnsCs, err := r.GetContractByID(1)
+	if err != nil {
+		return err
+	}
+
+	ok, err := c.NNSRootRegistered(nnsCs.Hash, "frostfs")
+	if err != nil {
+		return err
+	} else if !ok {
+		bw := io.NewBufBinWriter()
+		emit.AppCall(bw.BinWriter, nnsCs.Hash, "register", callflag.All,
+			"frostfs", c.CommitteeAcc.Contract.ScriptHash(),
+			constants.FrostfsOpsEmail, constants.NNSRefreshDefVal, constants.NNSRetryDefVal,
+			int64(constants.DefaultExpirationTime), constants.NNSTtlDefVal)
+		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
+		if err := c.SendCommitteeTx(bw.Bytes(), true); err != nil {
+			return fmt.Errorf("can't add domain root to NNS: %w", err)
+		}
+		if err := c.AwaitTx(); err != nil {
+			return err
+		}
+	}
+
+	alphaCs := c.GetContract(constants.AlphabetContract)
+	for i, acc := range c.Accounts {
+		alphaCs.Hash = state.CreateContractHash(acc.Contract.ScriptHash(), alphaCs.NEF.Checksum, alphaCs.Manifest.Name)
+
+		domain := helper.GetAlphabetNNSDomain(i)
+		if err := nnsRegisterDomain(c, nnsCs.Hash, alphaCs.Hash, domain); err != nil {
+			return err
+		}
+		c.Command.Printf("NNS: Set %s -> %s\n", domain, alphaCs.Hash.StringLE())
+	}
+
+	for _, ctrName := range constants.ContractList {
+		cs := c.GetContract(ctrName)
+
+		domain := ctrName + ".frostfs"
+		if err := nnsRegisterDomain(c, nnsCs.Hash, cs.Hash, domain); err != nil {
+			return err
+		}
+		c.Command.Printf("NNS: Set %s -> %s\n", domain, cs.Hash.StringLE())
+	}
+
+	groupKey := c.ContractWallet.Accounts[0].PrivateKey().PublicKey()
+	err = updateNNSGroup(c, nnsCs.Hash, groupKey)
+	if err != nil {
+		return err
+	}
+	c.Command.Printf("NNS: Set %s -> %s\n", morphClient.NNSGroupKeyName, hex.EncodeToString(groupKey.Bytes()))
+
+	return c.AwaitTx()
+}
+
+func updateNNSGroup(c *helper.InitializeContext, nnsHash util.Uint160, pub *keys.PublicKey) error {
+	bw := io.NewBufBinWriter()
+	keyAlreadyAdded, domainRegCodeEmitted, err := c.EmitUpdateNNSGroupScript(bw, nnsHash, pub)
+	if keyAlreadyAdded || err != nil {
+		return err
+	}
+
+	script := bw.Bytes()
+	if domainRegCodeEmitted {
+		w := io.NewBufBinWriter()
+		emit.Instruction(w.BinWriter, opcode.INITSSLOT, []byte{1})
+		wrapRegisterScriptWithPrice(w, nnsHash, script)
+		script = w.Bytes()
+	}
+
+	return c.SendCommitteeTx(script, true)
+}
+
+// wrapRegisterScriptWithPrice wraps a given script with `getPrice`/`setPrice` calls for NNS.
+// It is intended to be used for a single transaction, and not as a part of other scripts.
+// It is assumed that script already contains static slot initialization code, the first one
+// (with index 0) is used to store the price.
+func wrapRegisterScriptWithPrice(w *io.BufBinWriter, nnsHash util.Uint160, s []byte) {
+	if len(s) == 0 {
+		return
+	}
+
+	emit.AppCall(w.BinWriter, nnsHash, "getPrice", callflag.All)
+	emit.Opcodes(w.BinWriter, opcode.STSFLD0)
+	emit.AppCall(w.BinWriter, nnsHash, "setPrice", callflag.All, 1)
+
+	w.WriteBytes(s)
+
+	emit.Opcodes(w.BinWriter, opcode.LDSFLD0, opcode.PUSH1, opcode.PACK)
+	emit.AppCallNoArgs(w.BinWriter, nnsHash, "setPrice", callflag.All)
+
+	if w.Err != nil {
+		panic(fmt.Errorf("BUG: can't wrap register script: %w", w.Err))
+	}
+}
+
+func nnsRegisterDomain(c *helper.InitializeContext, nnsHash, expectedHash util.Uint160, domain string) error {
+	script, ok, err := c.NNSRegisterDomainScript(nnsHash, expectedHash, domain)
+	if ok || err != nil {
+		return err
+	}
+
+	w := io.NewBufBinWriter()
+	emit.Instruction(w.BinWriter, opcode.INITSSLOT, []byte{1})
+	wrapRegisterScriptWithPrice(w, nnsHash, script)
+
+	emit.AppCall(w.BinWriter, nnsHash, "deleteRecords", callflag.All, domain, int64(nns.TXT))
+	emit.AppCall(w.BinWriter, nnsHash, "addRecord", callflag.All,
+		domain, int64(nns.TXT), expectedHash.StringLE())
+	emit.AppCall(w.BinWriter, nnsHash, "addRecord", callflag.All,
+		domain, int64(nns.TXT), address.Uint160ToString(expectedHash))
+	return c.SendCommitteeTx(w.Bytes(), true)
+}
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_register.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_register.go
@ -1,10 +1,12 @@
-package morph
+package initialize

 import (
 	"errors"
 	"fmt"
 	"math/big"

+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"github.com/nspcc-dev/neo-go/pkg/core/native"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
@ -27,8 +29,8 @@ const (
 	registerBatchSize        = transaction.MaxAttributes - 1
 )

-func (c *initializeContext) registerCandidateRange(start, end int) error {
-	regPrice, err := c.getCandidateRegisterPrice()
+func registerCandidateRange(c *helper.InitializeContext, start, end int) error {
+	regPrice, err := getCandidateRegisterPrice(c)
 	if err != nil {
 		return fmt.Errorf("can't fetch registration price: %w", err)
 	}
@ -45,7 +47,7 @@ func (c *initializeContext) registerCandidateRange(start, end int) error {
 	}

 	signers := []actor.SignerAccount{{
-		Signer:  c.getSigner(false, c.CommitteeAcc),
+		Signer:  c.GetSigner(false, c.CommitteeAcc),
 		Account: c.CommitteeAcc,
 	}}
 	for _, acc := range c.Accounts[start:end] {
@ -67,7 +69,7 @@ func (c *initializeContext) registerCandidateRange(start, end int) error {
 	if err != nil {
 		return fmt.Errorf("can't create tx: %w", err)
 	}
-	if err := c.multiSign(tx, committeeAccountName); err != nil {
+	if err := c.MultiSign(tx, constants.CommitteeAccountName); err != nil {
 		return fmt.Errorf("can't sign a transaction: %w", err)
 	}

@ -78,10 +80,10 @@ func (c *initializeContext) registerCandidateRange(start, end int) error {
 		}
 	}

-	return c.sendTx(tx, c.Command, true)
+	return c.SendTx(tx, c.Command, true)
 }

-func (c *initializeContext) registerCandidates() error {
+func registerCandidates(c *helper.InitializeContext) error {
 	cc, err := unwrap.Array(c.ReadOnlyInvoker.Call(neo.Hash, "getCandidates"))
 	if err != nil {
 		return fmt.Errorf("`getCandidates`: %w", err)
@ -98,15 +100,12 @@ func (c *initializeContext) registerCandidates() error {
 	// Register candidates in batches in order to overcome the signers amount limit.
 	// See: https://github.com/nspcc-dev/neo-go/blob/master/pkg/core/transaction/transaction.go#L27
 	for i := 0; i < need; i += registerBatchSize {
-		start, end := i, i+registerBatchSize
-		if end > need {
-			end = need
-		}
+		start, end := i, min(i+registerBatchSize, need)
 		// This check is sound because transactions are accepted/rejected atomically.
 		if have >= end {
 			continue
 		}
-		if err := c.registerCandidateRange(start, end); err != nil {
+		if err := registerCandidateRange(c, start, end); err != nil {
 			return fmt.Errorf("registering candidates %d..%d: %q", start, end-1, err)
 		}
 	}
@ -114,15 +113,15 @@ func (c *initializeContext) registerCandidates() error {
 	return nil
 }

-func (c *initializeContext) transferNEOToAlphabetContracts() error {
+func transferNEOToAlphabetContracts(c *helper.InitializeContext) error {
 	neoHash := neo.Hash

-	ok, err := c.transferNEOFinished(neoHash)
+	ok, err := transferNEOFinished(c, neoHash)
 	if ok || err != nil {
 		return err
 	}

-	cs := c.getContract(alphabetContract)
+	cs := c.GetContract(constants.AlphabetContract)
 	amount := initialAlphabetNEOAmount / len(c.Wallets)

 	bw := io.NewBufBinWriter()
@ -133,14 +132,14 @@ func (c *initializeContext) transferNEOToAlphabetContracts() error {
 		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 	}

-	if err := c.sendCommitteeTx(bw.Bytes(), false); err != nil {
+	if err := c.SendCommitteeTx(bw.Bytes(), false); err != nil {
 		return err
 	}

-	return c.awaitTx()
+	return c.AwaitTx()
 }

-func (c *initializeContext) transferNEOFinished(neoHash util.Uint160) (bool, error) {
+func transferNEOFinished(c *helper.InitializeContext, neoHash util.Uint160) (bool, error) {
 	r := nep17.NewReader(c.ReadOnlyInvoker, neoHash)
 	bal, err := r.BalanceOf(c.CommitteeAcc.Contract.ScriptHash())
 	return bal.Cmp(big.NewInt(native.NEOTotalSupply)) == -1, err
@ -148,7 +147,7 @@ func (c *initializeContext) transferNEOFinished(neoHash util.Uint160) (bool, err

 var errGetPriceInvalid = errors.New("`getRegisterPrice`: invalid response")

-func (c *initializeContext) getCandidateRegisterPrice() (int64, error) {
+func getCandidateRegisterPrice(c *helper.InitializeContext) (int64, error) {
 	switch c.Client.(type) {
 	case *rpcclient.Client:
 		inv := invoker.New(c.Client, nil)
@ -156,7 +155,7 @@ func (c *initializeContext) getCandidateRegisterPrice() (int64, error) {
 		return reader.GetRegisterPrice()
 	default:
 		neoHash := neo.Hash
-		res, err := invokeFunction(c.Client, neoHash, "getRegisterPrice", nil, nil)
+		res, err := helper.InvokeFunction(c.Client, neoHash, "getRegisterPrice", nil, nil)
 		if err != nil {
 			return 0, err
 		}
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_roles.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_roles.go
@ -1,6 +1,7 @@
-package morph
+package initialize

 import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/noderoles"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/rolemgmt"
@ -8,8 +9,8 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 )

-func (c *initializeContext) setNotaryAndAlphabetNodes() error {
-	if ok, err := c.setRolesFinished(); ok || err != nil {
+func setNotaryAndAlphabetNodes(c *helper.InitializeContext) error {
+	if ok, err := setRolesFinished(c); ok || err != nil {
 		if err == nil {
 			c.Command.Println("Stage 2: already performed.")
 		}
@ -27,19 +28,19 @@ func (c *initializeContext) setNotaryAndAlphabetNodes() error {
 	emit.AppCall(w.BinWriter, rolemgmt.Hash, "designateAsRole",
 		callflag.States|callflag.AllowNotify, int64(noderoles.NeoFSAlphabet), pubs)

-	if err := c.sendCommitteeTx(w.Bytes(), false); err != nil {
+	if err := c.SendCommitteeTx(w.Bytes(), false); err != nil {
 		return err
 	}

-	return c.awaitTx()
+	return c.AwaitTx()
 }

-func (c *initializeContext) setRolesFinished() (bool, error) {
+func setRolesFinished(c *helper.InitializeContext) (bool, error) {
 	height, err := c.Client.GetBlockCount()
 	if err != nil {
 		return false, err
 	}

-	pubs, err := getDesignatedByRole(c.ReadOnlyInvoker, rolemgmt.Hash, noderoles.NeoFSAlphabet, height)
+	pubs, err := helper.GetDesignatedByRole(c.ReadOnlyInvoker, rolemgmt.Hash, noderoles.NeoFSAlphabet, height)
 	return len(pubs) == len(c.Wallets), err
 }
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_test.go
@ -1,4 +1,4 @@
-package morph
+package initialize

 import (
 	"encoding/hex"
@ -9,6 +9,14 @@ import (
 	"testing"
 	"time"

+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	cmdConfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/config"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/generate"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/netmap"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/node"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/policy"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
 	"github.com/nspcc-dev/neo-go/pkg/config"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
@ -42,10 +50,10 @@ func TestInitialize(t *testing.T) {
 		testInitialize(t, 16)
 	})
 	t.Run("max nodes", func(t *testing.T) {
-		testInitialize(t, maxAlphabetNodes)
+		testInitialize(t, constants.MaxAlphabetNodes)
 	})
 	t.Run("too many nodes", func(t *testing.T) {
-		require.ErrorIs(t, generateTestData(t, t.TempDir(), maxAlphabetNodes+1), ErrTooManyAlphabetNodes)
+		require.ErrorIs(t, generateTestData(t.TempDir(), constants.MaxAlphabetNodes+1), helper.ErrTooManyAlphabetNodes)
 	})
 }

@ -53,54 +61,54 @@ func testInitialize(t *testing.T, committeeSize int) {
 	testdataDir := t.TempDir()
 	v := viper.GetViper()

-	require.NoError(t, generateTestData(t, testdataDir, committeeSize))
-	v.Set(protoConfigPath, filepath.Join(testdataDir, protoFileName))
+	require.NoError(t, generateTestData(testdataDir, committeeSize))
+	v.Set(constants.ProtoConfigPath, filepath.Join(testdataDir, protoFileName))

 	// Set to the path or remove the next statement to download from the network.
-	require.NoError(t, initCmd.Flags().Set(contractsInitFlag, contractsPath))
+	require.NoError(t, Cmd.Flags().Set(commonflags.ContractsInitFlag, contractsPath))

 	dumpPath := filepath.Join(testdataDir, "out")
-	require.NoError(t, initCmd.Flags().Set(localDumpFlag, dumpPath))
-	v.Set(alphabetWalletsFlag, testdataDir)
-	v.Set(epochDurationInitFlag, 1)
-	v.Set(maxObjectSizeInitFlag, 1024)
+	require.NoError(t, Cmd.Flags().Set(commonflags.LocalDumpFlag, dumpPath))
+	v.Set(commonflags.AlphabetWalletsFlag, testdataDir)
+	v.Set(commonflags.EpochDurationInitFlag, 1)
+	v.Set(commonflags.MaxObjectSizeInitFlag, 1024)

 	setTestCredentials(v, committeeSize)
-	require.NoError(t, initializeSideChainCmd(initCmd, nil))
+	require.NoError(t, initializeSideChainCmd(Cmd, nil))

 	t.Run("force-new-epoch", func(t *testing.T) {
-		require.NoError(t, forceNewEpoch.Flags().Set(localDumpFlag, dumpPath))
-		require.NoError(t, forceNewEpochCmd(forceNewEpoch, nil))
+		require.NoError(t, netmap.ForceNewEpoch.Flags().Set(commonflags.LocalDumpFlag, dumpPath))
+		require.NoError(t, netmap.ForceNewEpochCmd(netmap.ForceNewEpoch, nil))
 	})
 	t.Run("set-config", func(t *testing.T) {
-		require.NoError(t, setConfig.Flags().Set(localDumpFlag, dumpPath))
-		require.NoError(t, setConfigCmd(setConfig, []string{"MaintenanceModeAllowed=true"}))
+		require.NoError(t, cmdConfig.SetCmd.Flags().Set(commonflags.LocalDumpFlag, dumpPath))
+		require.NoError(t, cmdConfig.SetConfigCmd(cmdConfig.SetCmd, []string{"MaintenanceModeAllowed=true"}))
 	})
 	t.Run("set-policy", func(t *testing.T) {
-		require.NoError(t, setPolicy.Flags().Set(localDumpFlag, dumpPath))
-		require.NoError(t, setPolicyCmd(setPolicy, []string{"ExecFeeFactor=1"}))
+		require.NoError(t, policy.Set.Flags().Set(commonflags.LocalDumpFlag, dumpPath))
+		require.NoError(t, policy.SetPolicyCmd(policy.Set, []string{"ExecFeeFactor=1"}))
 	})
 	t.Run("remove-node", func(t *testing.T) {
 		pk, err := keys.NewPrivateKey()
 		require.NoError(t, err)

 		pub := hex.EncodeToString(pk.PublicKey().Bytes())
-		require.NoError(t, removeNodes.Flags().Set(localDumpFlag, dumpPath))
-		require.NoError(t, removeNodesCmd(removeNodes, []string{pub}))
+		require.NoError(t, node.RemoveCmd.Flags().Set(commonflags.LocalDumpFlag, dumpPath))
+		require.NoError(t, node.RemoveNodesCmd(node.RemoveCmd, []string{pub}))
 	})
 }

-func generateTestData(t *testing.T, dir string, size int) error {
+func generateTestData(dir string, size int) error {
 	v := viper.GetViper()
-	v.Set(alphabetWalletsFlag, dir)
+	v.Set(commonflags.AlphabetWalletsFlag, dir)

 	sizeStr := strconv.FormatUint(uint64(size), 10)
-	if err := generateAlphabetCmd.Flags().Set(alphabetSizeFlag, sizeStr); err != nil {
+	if err := generate.GenerateAlphabetCmd.Flags().Set(commonflags.AlphabetSizeFlag, sizeStr); err != nil {
 		return err
 	}

 	setTestCredentials(v, size)
-	if err := generateAlphabetCreds(generateAlphabetCmd, nil); err != nil {
+	if err := generate.AlphabetCreds(generate.GenerateAlphabetCmd, nil); err != nil {
 		return err
 	}

@ -112,7 +120,7 @@ func generateTestData(t *testing.T, dir string, size int) error {
 			return fmt.Errorf("wallet doesn't exist: %w", err)
 		}
 		for _, acc := range w.Accounts {
-			if acc.Label == singleAccountName {
+			if acc.Label == constants.SingleAccountName {
 				pub, ok := vm.ParseSignatureContract(acc.Contract.Script)
 				if !ok {
 					return fmt.Errorf("could not parse signature script for %s", acc.Address)
@ -143,40 +151,5 @@ func setTestCredentials(v *viper.Viper, size int) {
 	for i := 0; i < size; i++ {
 		v.Set("credentials."+innerring.GlagoliticLetter(i).String(), strconv.FormatUint(uint64(i), 10))
 	}
-	v.Set("credentials.contract", testContractPassword)
-}
-
-func TestNextPollInterval(t *testing.T) {
-	var pollInterval time.Duration
-	var iteration int
-
-	pollInterval, hasChanged := nextPollInterval(iteration, pollInterval)
-	require.True(t, hasChanged)
-	require.Equal(t, time.Second, pollInterval)
-
-	iteration = 4
-	pollInterval, hasChanged = nextPollInterval(iteration, pollInterval)
-	require.False(t, hasChanged)
-	require.Equal(t, time.Second, pollInterval)
-
-	iteration = 5
-	pollInterval, hasChanged = nextPollInterval(iteration, pollInterval)
-	require.True(t, hasChanged)
-	require.Equal(t, 2*time.Second, pollInterval)
-
-	iteration = 10
-	pollInterval, hasChanged = nextPollInterval(iteration, pollInterval)
-	require.True(t, hasChanged)
-	require.Equal(t, 4*time.Second, pollInterval)
-
-	iteration = 20
-	pollInterval = 32 * time.Second
-	pollInterval, hasChanged = nextPollInterval(iteration, pollInterval)
-	require.True(t, hasChanged) // from 32s to 16s
-	require.Equal(t, 16*time.Second, pollInterval)
-
-	pollInterval = 16 * time.Second
-	pollInterval, hasChanged = nextPollInterval(iteration, pollInterval)
-	require.False(t, hasChanged)
-	require.Equal(t, 16*time.Second, pollInterval)
+	v.Set("credentials.contract", constants.TestContractPassword)
 }
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_transfer.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/initialize_transfer.go
@ -1,9 +1,11 @@
-package morph
+package initialize

 import (
 	"fmt"
 	"math/big"

+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"github.com/nspcc-dev/neo-go/pkg/core/native"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/io"
@ -12,7 +14,6 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/neo"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/nep17"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
-	scContext "github.com/nspcc-dev/neo-go/pkg/smartcontract/context"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
@ -27,8 +28,8 @@ const (
 	initialProxyGASAmount = 50_000 * native.GASFactor
 )

-func (c *initializeContext) transferFunds() error {
-	ok, err := c.transferFundsFinished()
+func transferFunds(c *helper.InitializeContext) error {
+	ok, err := transferFundsFinished(c)
 	if ok || err != nil {
 		if err == nil {
 			c.Command.Println("Stage 1: already performed.")
@ -67,14 +68,14 @@ func (c *initializeContext) transferFunds() error {
 		return fmt.Errorf("can't create transfer transaction: %w", err)
 	}

-	if err := c.multiSignAndSend(tx, consensusAccountName); err != nil {
+	if err := c.MultiSignAndSend(tx, constants.ConsensusAccountName); err != nil {
 		return fmt.Errorf("can't send transfer transaction: %w", err)
 	}

-	return c.awaitTx()
+	return c.AwaitTx()
 }

-func (c *initializeContext) transferFundsFinished() (bool, error) {
+func transferFundsFinished(c *helper.InitializeContext) (bool, error) {
 	acc := c.Accounts[0]

 	r := nep17.NewReader(c.ReadOnlyInvoker, gas.Hash)
@ -82,68 +83,8 @@ func (c *initializeContext) transferFundsFinished() (bool, error) {
 	return res.Cmp(big.NewInt(initialAlphabetGASAmount/2)) == 1, err
 }

-func (c *initializeContext) multiSignAndSend(tx *transaction.Transaction, accType string) error {
-	if err := c.multiSign(tx, accType); err != nil {
-		return err
-	}
-
-	return c.sendTx(tx, c.Command, false)
-}
-
-func (c *initializeContext) multiSign(tx *transaction.Transaction, accType string) error {
-	version, err := c.Client.GetVersion()
-	if err != nil {
-		// error appears only if client
-		// has not been initialized
-		panic(err)
-	}
-	network := version.Protocol.Network
-
-	// Use parameter context to avoid dealing with signature order.
-	pc := scContext.NewParameterContext("", network, tx)
-	h := c.CommitteeAcc.Contract.ScriptHash()
-	if accType == consensusAccountName {
-		h = c.ConsensusAcc.Contract.ScriptHash()
-	}
-	for _, w := range c.Wallets {
-		acc, err := getWalletAccount(w, accType)
-		if err != nil {
-			return fmt.Errorf("can't find %s wallet account: %w", accType, err)
-		}
-
-		priv := acc.PrivateKey()
-		sign := priv.SignHashable(uint32(network), tx)
-		if err := pc.AddSignature(h, acc.Contract, priv.PublicKey(), sign); err != nil {
-			return fmt.Errorf("can't add signature: %w", err)
-		}
-		if len(pc.Items[h].Signatures) == len(acc.Contract.Parameters) {
-			break
-		}
-	}
-
-	w, err := pc.GetWitness(h)
-	if err != nil {
-		return fmt.Errorf("incomplete signature: %w", err)
-	}
-
-	for i := range tx.Signers {
-		if tx.Signers[i].Account == h {
-			if i < len(tx.Scripts) {
-				tx.Scripts[i] = *w
-			} else if i == len(tx.Scripts) {
-				tx.Scripts = append(tx.Scripts, *w)
-			} else {
-				panic("BUG: invalid signing order")
-			}
-			return nil
-		}
-	}
-
-	return fmt.Errorf("%s account was not found among transaction signers", accType)
-}
-
-func (c *initializeContext) transferGASToProxy() error {
-	proxyCs := c.getContract(proxyContract)
+func transferGASToProxy(c *helper.InitializeContext) error {
+	proxyCs := c.GetContract(constants.ProxyContract)

 	r := nep17.NewReader(c.ReadOnlyInvoker, gas.Hash)
 	bal, err := r.BalanceOf(proxyCs.Hash)
@ -160,11 +101,11 @@ func (c *initializeContext) transferGASToProxy() error {
 		return err
 	}

-	if err := c.multiSignAndSend(tx, committeeAccountName); err != nil {
+	if err := c.MultiSignAndSend(tx, constants.CommitteeAccountName); err != nil {
 		return err
 	}

-	return c.awaitTx()
+	return c.AwaitTx()
 }

 type transferTarget struct {
@ -174,7 +115,7 @@ type transferTarget struct {
 	Data    any
 }

-func createNEP17MultiTransferTx(c Client, acc *wallet.Account, recipients []transferTarget) (*transaction.Transaction, error) {
+func createNEP17MultiTransferTx(c helper.Client, acc *wallet.Account, recipients []transferTarget) (*transaction.Transaction, error) {
 	from := acc.Contract.ScriptHash()

 	w := io.NewBufBinWriter()
--- a/cmd/frostfs-adm/internal/modules/morph/initialize/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize/root.go
@ -0,0 +1,58 @@
+package initialize
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+const (
+	maxObjectSizeCLIFlag           = "max-object-size"
+	epochDurationCLIFlag           = "epoch-duration"
+	containerFeeCLIFlag            = "container-fee"
+	containerAliasFeeCLIFlag       = "container-alias-fee"
+	candidateFeeCLIFlag            = "candidate-fee"
+	homomorphicHashDisabledCLIFlag = "homomorphic-disabled"
+	withdrawFeeCLIFlag             = "withdraw-fee"
+)
+
+var Cmd = &cobra.Command{
+	Use:   "init",
+	Short: "Initialize side chain network with smart-contracts and network settings",
+	PreRun: func(cmd *cobra.Command, _ []string) {
+		_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+		_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		_ = viper.BindPFlag(commonflags.EpochDurationInitFlag, cmd.Flags().Lookup(epochDurationCLIFlag))
+		_ = viper.BindPFlag(commonflags.MaxObjectSizeInitFlag, cmd.Flags().Lookup(maxObjectSizeCLIFlag))
+		_ = viper.BindPFlag(commonflags.MaxECDataCountFlag, cmd.Flags().Lookup(commonflags.MaxECDataCountFlag))
+		_ = viper.BindPFlag(commonflags.MaxECParityCounFlag, cmd.Flags().Lookup(commonflags.MaxECParityCounFlag))
+		_ = viper.BindPFlag(commonflags.HomomorphicHashDisabledInitFlag, cmd.Flags().Lookup(homomorphicHashDisabledCLIFlag))
+		_ = viper.BindPFlag(commonflags.CandidateFeeInitFlag, cmd.Flags().Lookup(candidateFeeCLIFlag))
+		_ = viper.BindPFlag(commonflags.ContainerFeeInitFlag, cmd.Flags().Lookup(containerFeeCLIFlag))
+		_ = viper.BindPFlag(commonflags.ContainerAliasFeeInitFlag, cmd.Flags().Lookup(containerAliasFeeCLIFlag))
+		_ = viper.BindPFlag(commonflags.WithdrawFeeInitFlag, cmd.Flags().Lookup(withdrawFeeCLIFlag))
+		_ = viper.BindPFlag(constants.ProtoConfigPath, cmd.Flags().Lookup(constants.ProtoConfigPath))
+	},
+	RunE: initializeSideChainCmd,
+}
+
+func initInitCmd() {
+	Cmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	Cmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	Cmd.Flags().String(commonflags.ContractsInitFlag, "", commonflags.ContractsInitFlagDesc)
+	Cmd.Flags().String(commonflags.ContractsURLFlag, "", commonflags.ContractsURLFlagDesc)
+	Cmd.Flags().Uint(epochDurationCLIFlag, 240, "Amount of side chain blocks in one FrostFS epoch")
+	Cmd.Flags().Uint(maxObjectSizeCLIFlag, 67108864, "Max single object size in bytes")
+	Cmd.Flags().Bool(homomorphicHashDisabledCLIFlag, false, "Disable object homomorphic hashing")
+	// Defaults are taken from neo-preodolenie.
+	Cmd.Flags().Uint64(containerFeeCLIFlag, 1000, "Container registration fee")
+	Cmd.Flags().Uint64(containerAliasFeeCLIFlag, 500, "Container alias fee")
+	Cmd.Flags().String(constants.ProtoConfigPath, "", "Path to the consensus node configuration")
+	Cmd.Flags().String(commonflags.LocalDumpFlag, "", "Path to the blocks dump file")
+	Cmd.MarkFlagsMutuallyExclusive(commonflags.ContractsInitFlag, commonflags.ContractsURLFlag)
+}
+
+func init() {
+	initInitCmd()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go
@ -1,617 +0,0 @@
-package morph
-
-import (
-	"archive/tar"
-	"compress/gzip"
-	"encoding/hex"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-contract/common"
-	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
-	morphClient "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/netmap"
-	"github.com/nspcc-dev/neo-go/pkg/core/state"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
-	io2 "github.com/nspcc-dev/neo-go/pkg/io"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract/manifest"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract/nef"
-	"github.com/nspcc-dev/neo-go/pkg/util"
-	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
-	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
-	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
-	"github.com/spf13/viper"
-)
-
-const (
-	nnsContract        = "nns"
-	frostfsContract    = "frostfs"    // not deployed in side-chain.
-	processingContract = "processing" // not deployed in side-chain.
-	alphabetContract   = "alphabet"
-	balanceContract    = "balance"
-	containerContract  = "container"
-	frostfsIDContract  = "frostfsid"
-	netmapContract     = "netmap"
-	policyContract     = "policy"
-	proxyContract      = "proxy"
-)
-
-const frostfsIDAdminConfigKey = "frostfsid.admin"
-
-var (
-	contractList = []string{
-		balanceContract,
-		containerContract,
-		frostfsIDContract,
-		netmapContract,
-		policyContract,
-		proxyContract,
-	}
-
-	fullContractList = append([]string{
-		frostfsContract,
-		processingContract,
-		nnsContract,
-		alphabetContract,
-	}, contractList...)
-
-	netmapConfigKeys = []string{
-		netmap.EpochDurationConfig,
-		netmap.MaxObjectSizeConfig,
-		netmap.ContainerFeeConfig,
-		netmap.ContainerAliasFeeConfig,
-		netmap.IrCandidateFeeConfig,
-		netmap.WithdrawFeeConfig,
-		netmap.HomomorphicHashingDisabledKey,
-		netmap.MaintenanceModeAllowedConfig,
-	}
-)
-
-type contractState struct {
-	NEF         *nef.File
-	RawNEF      []byte
-	Manifest    *manifest.Manifest
-	RawManifest []byte
-	Hash        util.Uint160
-}
-
-const (
-	updateMethodName = "update"
-	deployMethodName = "deploy"
-)
-
-func (c *initializeContext) deployNNS(method string) error {
-	cs := c.getContract(nnsContract)
-	h := cs.Hash
-
-	nnsCs, err := c.nnsContractState()
-	if err != nil {
-		return err
-	}
-	if nnsCs != nil {
-		if nnsCs.NEF.Checksum == cs.NEF.Checksum {
-			if method == deployMethodName {
-				c.Command.Println("NNS contract is already deployed.")
-			} else {
-				c.Command.Println("NNS contract is already updated.")
-			}
-			return nil
-		}
-		h = nnsCs.Hash
-	}
-
-	err = c.addManifestGroup(h, cs)
-	if err != nil {
-		return fmt.Errorf("can't sign manifest group: %v", err)
-	}
-
-	params := getContractDeployParameters(cs, nil)
-
-	invokeHash := management.Hash
-	if method == updateMethodName {
-		invokeHash = nnsCs.Hash
-	}
-
-	tx, err := c.CommitteeAct.MakeCall(invokeHash, method, params...)
-	if err != nil {
-		return fmt.Errorf("failed to create deploy tx for %s: %w", nnsContract, err)
-	}
-
-	if err := c.multiSignAndSend(tx, committeeAccountName); err != nil {
-		return fmt.Errorf("can't send deploy transaction: %w", err)
-	}
-
-	return c.awaitTx()
-}
-
-func (c *initializeContext) updateContracts() error {
-	alphaCs := c.getContract(alphabetContract)
-
-	nnsCs, err := c.nnsContractState()
-	if err != nil {
-		return err
-	}
-	nnsHash := nnsCs.Hash
-
-	w := io2.NewBufBinWriter()
-
-	// Update script size for a single-node committee is close to the maximum allowed size of 65535.
-	// Because of this we want to reuse alphabet contract NEF and manifest for different updates.
-	// The generated script is as following.
-	// 1. Initialize static slot for alphabet NEF.
-	// 2. Store NEF into the static slot.
-	// 3. Push parameters for each alphabet contract on stack.
-	// 4. Add contract group to the manifest.
-	// 5. For each alphabet contract, invoke `update` using parameters on stack and
-	//    NEF from step 2 and manifest from step 4.
-	emit.Instruction(w.BinWriter, opcode.INITSSLOT, []byte{1})
-	emit.Bytes(w.BinWriter, alphaCs.RawNEF)
-	emit.Opcodes(w.BinWriter, opcode.STSFLD0)
-
-	keysParam, err := c.deployAlphabetAccounts(nnsHash, w, alphaCs)
-	if err != nil {
-		return err
-	}
-
-	w.Reset()
-
-	if err = c.deployOrUpdateContracts(w, nnsHash, keysParam); err != nil {
-		return err
-	}
-
-	groupKey := c.ContractWallet.Accounts[0].PrivateKey().PublicKey()
-	_, _, err = c.emitUpdateNNSGroupScript(w, nnsHash, groupKey)
-	if err != nil {
-		return err
-	}
-	c.Command.Printf("NNS: Set %s -> %s\n", morphClient.NNSGroupKeyName, hex.EncodeToString(groupKey.Bytes()))
-
-	emit.Opcodes(w.BinWriter, opcode.LDSFLD0)
-	emit.Int(w.BinWriter, 1)
-	emit.Opcodes(w.BinWriter, opcode.PACK)
-	emit.AppCallNoArgs(w.BinWriter, nnsHash, "setPrice", callflag.All)
-
-	if err := c.sendCommitteeTx(w.Bytes(), false); err != nil {
-		return err
-	}
-	return c.awaitTx()
-}
-
-func (c *initializeContext) deployOrUpdateContracts(w *io2.BufBinWriter, nnsHash util.Uint160, keysParam []any) error {
-	emit.Instruction(w.BinWriter, opcode.INITSSLOT, []byte{1})
-	emit.AppCall(w.BinWriter, nnsHash, "getPrice", callflag.All)
-	emit.Opcodes(w.BinWriter, opcode.STSFLD0)
-	emit.AppCall(w.BinWriter, nnsHash, "setPrice", callflag.All, 1)
-
-	for _, ctrName := range contractList {
-		cs := c.getContract(ctrName)
-
-		method := updateMethodName
-		ctrHash, err := nnsResolveHash(c.ReadOnlyInvoker, nnsHash, ctrName+".frostfs")
-		if err != nil {
-			if errors.Is(err, errMissingNNSRecord) {
-				// if contract not found we deploy it instead of update
-				method = deployMethodName
-			} else {
-				return fmt.Errorf("can't resolve hash for contract update: %w", err)
-			}
-		}
-
-		err = c.addManifestGroup(ctrHash, cs)
-		if err != nil {
-			return fmt.Errorf("can't sign manifest group: %v", err)
-		}
-
-		invokeHash := management.Hash
-		if method == updateMethodName {
-			invokeHash = ctrHash
-		}
-
-		params := getContractDeployParameters(cs, c.getContractDeployData(ctrName, keysParam, updateMethodName))
-		res, err := c.CommitteeAct.MakeCall(invokeHash, method, params...)
-		if err != nil {
-			if method != updateMethodName || !strings.Contains(err.Error(), common.ErrAlreadyUpdated) {
-				return fmt.Errorf("deploy contract: %w", err)
-			}
-			c.Command.Printf("%s contract is already updated.\n", ctrName)
-			continue
-		}
-
-		w.WriteBytes(res.Script)
-
-		if method == deployMethodName {
-			// same actions are done in initializeContext.setNNS, can be unified
-			domain := ctrName + ".frostfs"
-			script, ok, err := c.nnsRegisterDomainScript(nnsHash, cs.Hash, domain)
-			if err != nil {
-				return err
-			}
-			if !ok {
-				w.WriteBytes(script)
-				emit.AppCall(w.BinWriter, nnsHash, "deleteRecords", callflag.All, domain, int64(nns.TXT))
-				emit.AppCall(w.BinWriter, nnsHash, "addRecord", callflag.All,
-					domain, int64(nns.TXT), cs.Hash.StringLE())
-				emit.AppCall(w.BinWriter, nnsHash, "addRecord", callflag.All,
-					domain, int64(nns.TXT), address.Uint160ToString(cs.Hash))
-			}
-			c.Command.Printf("NNS: Set %s -> %s\n", domain, cs.Hash.StringLE())
-		}
-	}
-	return nil
-}
-
-func (c *initializeContext) deployAlphabetAccounts(nnsHash util.Uint160, w *io2.BufBinWriter, alphaCs *contractState) ([]any, error) {
-	var keysParam []any
-
-	baseGroups := alphaCs.Manifest.Groups
-
-	// alphabet contracts should be deployed by individual nodes to get different hashes.
-	for i, acc := range c.Accounts {
-		ctrHash, err := nnsResolveHash(c.ReadOnlyInvoker, nnsHash, getAlphabetNNSDomain(i))
-		if err != nil {
-			return nil, fmt.Errorf("can't resolve hash for contract update: %w", err)
-		}
-
-		keysParam = append(keysParam, acc.PrivateKey().PublicKey().Bytes())
-
-		params := c.getAlphabetDeployItems(i, len(c.Wallets))
-		emit.Array(w.BinWriter, params...)
-
-		alphaCs.Manifest.Groups = baseGroups
-		err = c.addManifestGroup(ctrHash, alphaCs)
-		if err != nil {
-			return nil, fmt.Errorf("can't sign manifest group: %v", err)
-		}
-
-		emit.Bytes(w.BinWriter, alphaCs.RawManifest)
-		emit.Opcodes(w.BinWriter, opcode.LDSFLD0)
-		emit.Int(w.BinWriter, 3)
-		emit.Opcodes(w.BinWriter, opcode.PACK)
-		emit.AppCallNoArgs(w.BinWriter, ctrHash, updateMethodName, callflag.All)
-	}
-	if err := c.sendCommitteeTx(w.Bytes(), false); err != nil {
-		if !strings.Contains(err.Error(), common.ErrAlreadyUpdated) {
-			return nil, err
-		}
-		c.Command.Println("Alphabet contracts are already updated.")
-	}
-
-	return keysParam, nil
-}
-
-func (c *initializeContext) deployContracts() error {
-	alphaCs := c.getContract(alphabetContract)
-
-	var keysParam []any
-
-	baseGroups := alphaCs.Manifest.Groups
-
-	// alphabet contracts should be deployed by individual nodes to get different hashes.
-	for i, acc := range c.Accounts {
-		ctrHash := state.CreateContractHash(acc.Contract.ScriptHash(), alphaCs.NEF.Checksum, alphaCs.Manifest.Name)
-		if c.isUpdated(ctrHash, alphaCs) {
-			c.Command.Printf("Alphabet contract #%d is already deployed.\n", i)
-			continue
-		}
-
-		alphaCs.Manifest.Groups = baseGroups
-		err := c.addManifestGroup(ctrHash, alphaCs)
-		if err != nil {
-			return fmt.Errorf("can't sign manifest group: %v", err)
-		}
-
-		keysParam = append(keysParam, acc.PrivateKey().PublicKey().Bytes())
-		params := getContractDeployParameters(alphaCs, c.getAlphabetDeployItems(i, len(c.Wallets)))
-
-		act, err := actor.NewSimple(c.Client, acc)
-		if err != nil {
-			return fmt.Errorf("could not create actor: %w", err)
-		}
-
-		txHash, vub, err := act.SendCall(management.Hash, deployMethodName, params...)
-		if err != nil {
-			return fmt.Errorf("can't deploy alphabet #%d contract: %w", i, err)
-		}
-
-		c.SentTxs = append(c.SentTxs, hashVUBPair{hash: txHash, vub: vub})
-	}
-
-	for _, ctrName := range contractList {
-		cs := c.getContract(ctrName)
-
-		ctrHash := cs.Hash
-		if c.isUpdated(ctrHash, cs) {
-			c.Command.Printf("%s contract is already deployed.\n", ctrName)
-			continue
-		}
-
-		err := c.addManifestGroup(ctrHash, cs)
-		if err != nil {
-			return fmt.Errorf("can't sign manifest group: %v", err)
-		}
-
-		params := getContractDeployParameters(cs, c.getContractDeployData(ctrName, keysParam, deployMethodName))
-		res, err := c.CommitteeAct.MakeCall(management.Hash, deployMethodName, params...)
-		if err != nil {
-			return fmt.Errorf("can't deploy %s contract: %w", ctrName, err)
-		}
-
-		if err := c.sendCommitteeTx(res.Script, false); err != nil {
-			return err
-		}
-	}
-
-	return c.awaitTx()
-}
-
-func (c *initializeContext) isUpdated(ctrHash util.Uint160, cs *contractState) bool {
-	r := management.NewReader(c.ReadOnlyInvoker)
-	realCs, err := r.GetContract(ctrHash)
-	return err == nil && realCs != nil && realCs.NEF.Checksum == cs.NEF.Checksum
-}
-
-func (c *initializeContext) getContract(ctrName string) *contractState {
-	return c.Contracts[ctrName]
-}
-
-func (c *initializeContext) readContracts(names []string) error {
-	var (
-		fi  os.FileInfo
-		err error
-	)
-	if c.ContractPath != "" {
-		fi, err = os.Stat(c.ContractPath)
-		if err != nil {
-			return fmt.Errorf("invalid contracts path: %w", err)
-		}
-	}
-
-	if c.ContractPath != "" && fi.IsDir() {
-		for _, ctrName := range names {
-			cs, err := readContract(filepath.Join(c.ContractPath, ctrName), ctrName)
-			if err != nil {
-				return err
-			}
-			c.Contracts[ctrName] = cs
-		}
-	} else {
-		var r io.ReadCloser
-		if c.ContractPath == "" {
-			return errors.New("contracts flag is missing")
-		}
-		r, err = os.Open(c.ContractPath)
-		if err != nil {
-			return fmt.Errorf("can't open contracts archive: %w", err)
-		}
-		defer r.Close()
-
-		m, err := readContractsFromArchive(r, names)
-		if err != nil {
-			return err
-		}
-		for _, name := range names {
-			if err := m[name].parse(); err != nil {
-				return err
-			}
-			c.Contracts[name] = m[name]
-		}
-	}
-
-	for _, ctrName := range names {
-		if ctrName != alphabetContract {
-			cs := c.Contracts[ctrName]
-			cs.Hash = state.CreateContractHash(c.CommitteeAcc.Contract.ScriptHash(),
-				cs.NEF.Checksum, cs.Manifest.Name)
-		}
-	}
-	return nil
-}
-
-func readContract(ctrPath, ctrName string) (*contractState, error) {
-	rawNef, err := os.ReadFile(filepath.Join(ctrPath, ctrName+"_contract.nef"))
-	if err != nil {
-		return nil, fmt.Errorf("can't read NEF file for %s contract: %w", ctrName, err)
-	}
-	rawManif, err := os.ReadFile(filepath.Join(ctrPath, "config.json"))
-	if err != nil {
-		return nil, fmt.Errorf("can't read manifest file for %s contract: %w", ctrName, err)
-	}
-
-	cs := &contractState{
-		RawNEF:      rawNef,
-		RawManifest: rawManif,
-	}
-
-	return cs, cs.parse()
-}
-
-func (cs *contractState) parse() error {
-	nf, err := nef.FileFromBytes(cs.RawNEF)
-	if err != nil {
-		return fmt.Errorf("can't parse NEF file: %w", err)
-	}
-
-	m := new(manifest.Manifest)
-	if err := json.Unmarshal(cs.RawManifest, m); err != nil {
-		return fmt.Errorf("can't parse manifest file: %w", err)
-	}
-
-	cs.NEF = &nf
-	cs.Manifest = m
-	return nil
-}
-
-func readContractsFromArchive(file io.Reader, names []string) (map[string]*contractState, error) {
-	m := make(map[string]*contractState, len(names))
-	for i := range names {
-		m[names[i]] = new(contractState)
-	}
-
-	gr, err := gzip.NewReader(file)
-	if err != nil {
-		return nil, fmt.Errorf("contracts file must be tar.gz archive: %w", err)
-	}
-
-	r := tar.NewReader(gr)
-	for h, err := r.Next(); ; h, err = r.Next() {
-		if err != nil {
-			break
-		}
-
-		dir, _ := filepath.Split(h.Name)
-		ctrName := filepath.Base(dir)
-
-		cs, ok := m[ctrName]
-		if !ok {
-			continue
-		}
-
-		switch {
-		case strings.HasSuffix(h.Name, filepath.Join(ctrName, ctrName+"_contract.nef")):
-			cs.RawNEF, err = io.ReadAll(r)
-			if err != nil {
-				return nil, fmt.Errorf("can't read NEF file for %s contract: %w", ctrName, err)
-			}
-		case strings.HasSuffix(h.Name, "config.json"):
-			cs.RawManifest, err = io.ReadAll(r)
-			if err != nil {
-				return nil, fmt.Errorf("can't read manifest file for %s contract: %w", ctrName, err)
-			}
-		}
-		m[ctrName] = cs
-	}
-
-	for ctrName, cs := range m {
-		if cs.RawNEF == nil {
-			return nil, fmt.Errorf("NEF for %s contract wasn't found", ctrName)
-		}
-		if cs.RawManifest == nil {
-			return nil, fmt.Errorf("manifest for %s contract wasn't found", ctrName)
-		}
-	}
-	return m, nil
-}
-
-func getContractDeployParameters(cs *contractState, deployData []any) []any {
-	return []any{cs.RawNEF, cs.RawManifest, deployData}
-}
-
-func (c *initializeContext) getContractDeployData(ctrName string, keysParam []any, method string) []any {
-	items := make([]any, 0, 6)
-
-	switch ctrName {
-	case frostfsContract:
-		items = append(items,
-			c.Contracts[processingContract].Hash,
-			keysParam,
-			smartcontract.Parameter{})
-	case processingContract:
-		items = append(items, c.Contracts[frostfsContract].Hash)
-		return items[1:] // no notary info
-	case balanceContract:
-		items = append(items,
-			c.Contracts[netmapContract].Hash,
-			c.Contracts[containerContract].Hash)
-	case containerContract:
-		// In case if NNS is updated multiple times, we can't calculate
-		// it's actual hash based on local data, thus query chain.
-		r := management.NewReader(c.ReadOnlyInvoker)
-		nnsCs, err := r.GetContractByID(1)
-		if err != nil {
-			panic("NNS is not yet deployed")
-		}
-		items = append(items,
-			c.Contracts[netmapContract].Hash,
-			c.Contracts[balanceContract].Hash,
-			c.Contracts[frostfsIDContract].Hash,
-			nnsCs.Hash,
-			"container")
-	case frostfsIDContract:
-		h, found, err := getFrostfsIDAdmin(viper.GetViper())
-		if err != nil {
-			panic(err)
-		}
-
-		if found {
-			items = append(items, h)
-		} else {
-			items = append(items, nil)
-		}
-	case netmapContract:
-		md := getDefaultNetmapContractConfigMap()
-		if method == updateMethodName {
-			arr, err := c.getNetConfigFromNetmapContract()
-			if err != nil {
-				panic(err)
-			}
-			m, err := parseConfigFromNetmapContract(arr)
-			if err != nil {
-				panic(err)
-			}
-			for k, v := range m {
-				for _, key := range netmapConfigKeys {
-					if k == key {
-						md[k] = v
-						break
-					}
-				}
-			}
-		}
-
-		var configParam []any
-		for k, v := range md {
-			configParam = append(configParam, k, v)
-		}
-
-		items = append(items,
-			c.Contracts[balanceContract].Hash,
-			c.Contracts[containerContract].Hash,
-			keysParam,
-			configParam)
-	case proxyContract:
-		items = nil
-	case policyContract:
-		items = []any{nil}
-	default:
-		panic(fmt.Sprintf("invalid contract name: %s", ctrName))
-	}
-	return items
-}
-
-func (c *initializeContext) getNetConfigFromNetmapContract() ([]stackitem.Item, error) {
-	r := management.NewReader(c.ReadOnlyInvoker)
-	cs, err := r.GetContractByID(1)
-	if err != nil {
-		return nil, fmt.Errorf("NNS is not yet deployed: %w", err)
-	}
-	nmHash, err := nnsResolveHash(c.ReadOnlyInvoker, cs.Hash, netmapContract+".frostfs")
-	if err != nil {
-		return nil, fmt.Errorf("can't get netmap contract hash: %w", err)
-	}
-	arr, err := unwrap.Array(c.ReadOnlyInvoker.Call(nmHash, "listConfig"))
-	if err != nil {
-		return nil, fmt.Errorf("can't fetch list of network config keys from the netmap contract")
-	}
-	return arr, err
-}
-
-func (c *initializeContext) getAlphabetDeployItems(i, n int) []any {
-	items := make([]any, 5)
-	items[0] = c.Contracts[netmapContract].Hash
-	items[1] = c.Contracts[proxyContract].Hash
-	items[2] = innerring.GlagoliticLetter(i).String()
-	items[3] = int64(i)
-	items[4] = int64(n)
-	return items
-}
--- a/cmd/frostfs-adm/internal/modules/morph/initialize_nns.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize_nns.go
@ -1,305 +0,0 @@
-package morph
-
-import (
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"strconv"
-	"time"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
-	morphClient "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
-	"github.com/nspcc-dev/neo-go/pkg/core/state"
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
-	"github.com/nspcc-dev/neo-go/pkg/io"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
-	nnsClient "github.com/nspcc-dev/neo-go/pkg/rpcclient/nns"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
-	"github.com/nspcc-dev/neo-go/pkg/util"
-	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
-	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
-	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
-	"github.com/nspcc-dev/neo-go/pkg/vm/vmstate"
-)
-
-const defaultExpirationTime = 10 * 365 * 24 * time.Hour / time.Second
-
-const frostfsOpsEmail = "ops@frostfs.info"
-
-func (c *initializeContext) setNNS() error {
-	r := management.NewReader(c.ReadOnlyInvoker)
-	nnsCs, err := r.GetContractByID(1)
-	if err != nil {
-		return err
-	}
-
-	ok, err := c.nnsRootRegistered(nnsCs.Hash, "frostfs")
-	if err != nil {
-		return err
-	} else if !ok {
-		bw := io.NewBufBinWriter()
-		emit.AppCall(bw.BinWriter, nnsCs.Hash, "register", callflag.All,
-			"frostfs", c.CommitteeAcc.Contract.ScriptHash(),
-			frostfsOpsEmail, int64(3600), int64(600), int64(defaultExpirationTime), int64(3600))
-		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
-		if err := c.sendCommitteeTx(bw.Bytes(), true); err != nil {
-			return fmt.Errorf("can't add domain root to NNS: %w", err)
-		}
-		if err := c.awaitTx(); err != nil {
-			return err
-		}
-	}
-
-	alphaCs := c.getContract(alphabetContract)
-	for i, acc := range c.Accounts {
-		alphaCs.Hash = state.CreateContractHash(acc.Contract.ScriptHash(), alphaCs.NEF.Checksum, alphaCs.Manifest.Name)
-
-		domain := getAlphabetNNSDomain(i)
-		if err := c.nnsRegisterDomain(nnsCs.Hash, alphaCs.Hash, domain); err != nil {
-			return err
-		}
-		c.Command.Printf("NNS: Set %s -> %s\n", domain, alphaCs.Hash.StringLE())
-	}
-
-	for _, ctrName := range contractList {
-		cs := c.getContract(ctrName)
-
-		domain := ctrName + ".frostfs"
-		if err := c.nnsRegisterDomain(nnsCs.Hash, cs.Hash, domain); err != nil {
-			return err
-		}
-		c.Command.Printf("NNS: Set %s -> %s\n", domain, cs.Hash.StringLE())
-	}
-
-	groupKey := c.ContractWallet.Accounts[0].PrivateKey().PublicKey()
-	err = c.updateNNSGroup(nnsCs.Hash, groupKey)
-	if err != nil {
-		return err
-	}
-	c.Command.Printf("NNS: Set %s -> %s\n", morphClient.NNSGroupKeyName, hex.EncodeToString(groupKey.Bytes()))
-
-	return c.awaitTx()
-}
-
-func (c *initializeContext) updateNNSGroup(nnsHash util.Uint160, pub *keys.PublicKey) error {
-	bw := io.NewBufBinWriter()
-	keyAlreadyAdded, domainRegCodeEmitted, err := c.emitUpdateNNSGroupScript(bw, nnsHash, pub)
-	if keyAlreadyAdded || err != nil {
-		return err
-	}
-
-	script := bw.Bytes()
-	if domainRegCodeEmitted {
-		w := io.NewBufBinWriter()
-		emit.Instruction(w.BinWriter, opcode.INITSSLOT, []byte{1})
-		wrapRegisterScriptWithPrice(w, nnsHash, script)
-		script = w.Bytes()
-	}
-
-	return c.sendCommitteeTx(script, true)
-}
-
-// emitUpdateNNSGroupScript emits script for updating group key stored in NNS.
-// First return value is true iff the key is already there and nothing should be done.
-// Second return value is true iff a domain registration code was emitted.
-func (c *initializeContext) emitUpdateNNSGroupScript(bw *io.BufBinWriter, nnsHash util.Uint160, pub *keys.PublicKey) (bool, bool, error) {
-	isAvail, err := nnsIsAvailable(c.Client, nnsHash, morphClient.NNSGroupKeyName)
-	if err != nil {
-		return false, false, err
-	}
-
-	if !isAvail {
-		currentPub, err := nnsResolveKey(c.ReadOnlyInvoker, nnsHash, morphClient.NNSGroupKeyName)
-		if err != nil {
-			return false, false, err
-		}
-
-		if pub.Equal(currentPub) {
-			return true, false, nil
-		}
-	}
-
-	if isAvail {
-		emit.AppCall(bw.BinWriter, nnsHash, "register", callflag.All,
-			morphClient.NNSGroupKeyName, c.CommitteeAcc.Contract.ScriptHash(),
-			frostfsOpsEmail, int64(3600), int64(600), int64(defaultExpirationTime), int64(3600))
-		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
-	}
-
-	emit.AppCall(bw.BinWriter, nnsHash, "deleteRecords", callflag.All, "group.frostfs", int64(nns.TXT))
-	emit.AppCall(bw.BinWriter, nnsHash, "addRecord", callflag.All,
-		"group.frostfs", int64(nns.TXT), hex.EncodeToString(pub.Bytes()))
-
-	return false, isAvail, nil
-}
-
-func getAlphabetNNSDomain(i int) string {
-	return alphabetContract + strconv.FormatUint(uint64(i), 10) + ".frostfs"
-}
-
-// wrapRegisterScriptWithPrice wraps a given script with `getPrice`/`setPrice` calls for NNS.
-// It is intended to be used for a single transaction, and not as a part of other scripts.
-// It is assumed that script already contains static slot initialization code, the first one
-// (with index 0) is used to store the price.
-func wrapRegisterScriptWithPrice(w *io.BufBinWriter, nnsHash util.Uint160, s []byte) {
-	if len(s) == 0 {
-		return
-	}
-
-	emit.AppCall(w.BinWriter, nnsHash, "getPrice", callflag.All)
-	emit.Opcodes(w.BinWriter, opcode.STSFLD0)
-	emit.AppCall(w.BinWriter, nnsHash, "setPrice", callflag.All, 1)
-
-	w.WriteBytes(s)
-
-	emit.Opcodes(w.BinWriter, opcode.LDSFLD0, opcode.PUSH1, opcode.PACK)
-	emit.AppCallNoArgs(w.BinWriter, nnsHash, "setPrice", callflag.All)
-
-	if w.Err != nil {
-		panic(fmt.Errorf("BUG: can't wrap register script: %w", w.Err))
-	}
-}
-
-func (c *initializeContext) nnsRegisterDomainScript(nnsHash, expectedHash util.Uint160, domain string) ([]byte, bool, error) {
-	ok, err := nnsIsAvailable(c.Client, nnsHash, domain)
-	if err != nil {
-		return nil, false, err
-	}
-
-	if ok {
-		bw := io.NewBufBinWriter()
-		emit.AppCall(bw.BinWriter, nnsHash, "register", callflag.All,
-			domain, c.CommitteeAcc.Contract.ScriptHash(),
-			frostfsOpsEmail, int64(3600), int64(600), int64(defaultExpirationTime), int64(3600))
-		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
-
-		if bw.Err != nil {
-			panic(bw.Err)
-		}
-		return bw.Bytes(), false, nil
-	}
-
-	s, err := nnsResolveHash(c.ReadOnlyInvoker, nnsHash, domain)
-	if err != nil {
-		return nil, false, err
-	}
-	return nil, s == expectedHash, nil
-}
-
-func (c *initializeContext) nnsRegisterDomain(nnsHash, expectedHash util.Uint160, domain string) error {
-	script, ok, err := c.nnsRegisterDomainScript(nnsHash, expectedHash, domain)
-	if ok || err != nil {
-		return err
-	}
-
-	w := io.NewBufBinWriter()
-	emit.Instruction(w.BinWriter, opcode.INITSSLOT, []byte{1})
-	wrapRegisterScriptWithPrice(w, nnsHash, script)
-
-	emit.AppCall(w.BinWriter, nnsHash, "deleteRecords", callflag.All, domain, int64(nns.TXT))
-	emit.AppCall(w.BinWriter, nnsHash, "addRecord", callflag.All,
-		domain, int64(nns.TXT), expectedHash.StringLE())
-	emit.AppCall(w.BinWriter, nnsHash, "addRecord", callflag.All,
-		domain, int64(nns.TXT), address.Uint160ToString(expectedHash))
-	return c.sendCommitteeTx(w.Bytes(), true)
-}
-
-func (c *initializeContext) nnsRootRegistered(nnsHash util.Uint160, zone string) (bool, error) {
-	res, err := c.CommitteeAct.Call(nnsHash, "isAvailable", "name."+zone)
-	if err != nil {
-		return false, err
-	}
-
-	return res.State == vmstate.Halt.String(), nil
-}
-
-var errMissingNNSRecord = errors.New("missing NNS record")
-
-// Returns errMissingNNSRecord if invocation fault exception contains "token not found".
-func nnsResolveHash(inv *invoker.Invoker, nnsHash util.Uint160, domain string) (util.Uint160, error) {
-	item, err := nnsResolve(inv, nnsHash, domain)
-	if err != nil {
-		return util.Uint160{}, err
-	}
-	return parseNNSResolveResult(item)
-}
-
-func nnsResolve(inv *invoker.Invoker, nnsHash util.Uint160, domain string) (stackitem.Item, error) {
-	return unwrap.Item(inv.Call(nnsHash, "resolve", domain, int64(nns.TXT)))
-}
-
-func nnsResolveKey(inv *invoker.Invoker, nnsHash util.Uint160, domain string) (*keys.PublicKey, error) {
-	res, err := nnsResolve(inv, nnsHash, domain)
-	if err != nil {
-		return nil, err
-	}
-	if _, ok := res.Value().(stackitem.Null); ok {
-		return nil, errors.New("NNS record is missing")
-	}
-	arr, ok := res.Value().([]stackitem.Item)
-	if !ok {
-		return nil, errors.New("API of the NNS contract method `resolve` has changed")
-	}
-	for i := range arr {
-		var bs []byte
-		bs, err = arr[i].TryBytes()
-		if err != nil {
-			continue
-		}
-
-		return keys.NewPublicKeyFromString(string(bs))
-	}
-	return nil, errors.New("no valid keys are found")
-}
-
-// parseNNSResolveResult parses the result of resolving NNS record.
-// It works with multiple formats (corresponding to multiple NNS versions).
-// If array of hashes is provided, it returns only the first one.
-func parseNNSResolveResult(res stackitem.Item) (util.Uint160, error) {
-	arr, ok := res.Value().([]stackitem.Item)
-	if !ok {
-		arr = []stackitem.Item{res}
-	}
-	if _, ok := res.Value().(stackitem.Null); ok || len(arr) == 0 {
-		return util.Uint160{}, errors.New("NNS record is missing")
-	}
-	for i := range arr {
-		bs, err := arr[i].TryBytes()
-		if err != nil {
-			continue
-		}
-
-		// We support several formats for hash encoding, this logic should be maintained in sync
-		// with nnsResolve from pkg/morph/client/nns.go
-		h, err := util.Uint160DecodeStringLE(string(bs))
-		if err == nil {
-			return h, nil
-		}
-
-		h, err = address.StringToUint160(string(bs))
-		if err == nil {
-			return h, nil
-		}
-	}
-	return util.Uint160{}, errors.New("no valid hashes are found")
-}
-
-func nnsIsAvailable(c Client, nnsHash util.Uint160, name string) (bool, error) {
-	switch c.(type) {
-	case *rpcclient.Client:
-		inv := invoker.New(c, nil)
-		reader := nnsClient.NewReader(inv, nnsHash)
-		return reader.IsAvailable(name)
-	default:
-		b, err := unwrap.Bool(invokeFunction(c, nnsHash, "isAvailable", []any{name}, nil))
-		if err != nil {
-			return false, fmt.Errorf("`isAvailable`: invalid response: %w", err)
-		}
-
-		return b, nil
-	}
-}
--- a/cmd/frostfs-adm/internal/modules/morph/netmap/epoch.go
+++ b/cmd/frostfs-adm/internal/modules/morph/netmap/epoch.go
@ -0,0 +1,45 @@
+package netmap
+
+import (
+	"fmt"
+	"strings"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
+	"github.com/nspcc-dev/neo-go/pkg/io"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+func ForceNewEpochCmd(cmd *cobra.Command, _ []string) error {
+	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
+	if err != nil {
+		return fmt.Errorf("can't to initialize context: %w", err)
+	}
+
+	r := management.NewReader(wCtx.ReadOnlyInvoker)
+	cs, err := r.GetContractByID(1)
+	if err != nil {
+		return fmt.Errorf("can't get NNS contract info: %w", err)
+	}
+
+	nmHash, err := helper.NNSResolveHash(wCtx.ReadOnlyInvoker, cs.Hash, helper.DomainOf(constants.NetmapContract))
+	if err != nil {
+		return fmt.Errorf("can't get netmap contract hash: %w", err)
+	}
+
+	bw := io.NewBufBinWriter()
+	if err := helper.EmitNewEpochCall(bw, wCtx, nmHash); err != nil {
+		return err
+	}
+
+	if err = wCtx.SendConsensusTx(bw.Bytes()); err == nil {
+		err = wCtx.AwaitTx()
+	}
+	if err != nil && strings.Contains(err.Error(), "invalid epoch") {
+		cmd.Println("Epoch has already ticked.")
+		return nil
+	}
+	return err
+}
--- a/cmd/frostfs-adm/internal/modules/morph/netmap/netmap_candidates.go
+++ b/cmd/frostfs-adm/internal/modules/morph/netmap/netmap_candidates.go
@ -1,7 +1,9 @@
-package morph
+package netmap

 import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/netmap"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
@ -11,7 +13,7 @@ import (
 )

 func listNetmapCandidatesNodes(cmd *cobra.Command, _ []string) {
-	c, err := getN3Client(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client: %w", err)

 	inv := invoker.New(c, nil)
@ -20,7 +22,7 @@ func listNetmapCandidatesNodes(cmd *cobra.Command, _ []string) {
 	cs, err := r.GetContractByID(1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract info: %w", err)

-	nmHash, err := nnsResolveHash(inv, cs.Hash, netmapContract+".frostfs")
+	nmHash, err := helper.NNSResolveHash(inv, cs.Hash, helper.DomainOf(constants.NetmapContract))
 	commonCmd.ExitOnErr(cmd, "can't get netmap contract hash: %w", err)

 	res, err := inv.Call(nmHash, "netmapCandidates")
--- a/cmd/frostfs-adm/internal/modules/morph/netmap/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/netmap/root.go
@ -0,0 +1,43 @@
+package netmap
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var (
+	CandidatesCmd = &cobra.Command{
+		Use:   "netmap-candidates",
+		Short: "List netmap candidates nodes",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+		},
+		Run: listNetmapCandidatesNodes,
+	}
+	ForceNewEpoch = &cobra.Command{
+		Use:   "force-new-epoch",
+		Short: "Create new FrostFS epoch event in the side chain",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		RunE: ForceNewEpochCmd,
+	}
+)
+
+func initNetmapCandidatesCmd() {
+	CandidatesCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+}
+
+func initForceNewEpochCmd() {
+	ForceNewEpoch.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	ForceNewEpoch.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	ForceNewEpoch.Flags().String(commonflags.LocalDumpFlag, "", "Path to the blocks dump file")
+}
+
+func init() {
+	initNetmapCandidatesCmd()
+	initForceNewEpochCmd()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/netmap_util.go
+++ b/cmd/frostfs-adm/internal/modules/morph/netmap_util.go
@ -1,44 +0,0 @@
-package morph
-
-import (
-	"errors"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/netmap"
-	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
-	"github.com/spf13/viper"
-)
-
-func getDefaultNetmapContractConfigMap() map[string]any {
-	m := make(map[string]any)
-	m[netmap.EpochDurationConfig] = viper.GetInt64(epochDurationInitFlag)
-	m[netmap.MaxObjectSizeConfig] = viper.GetInt64(maxObjectSizeInitFlag)
-	m[netmap.ContainerFeeConfig] = viper.GetInt64(containerFeeInitFlag)
-	m[netmap.ContainerAliasFeeConfig] = viper.GetInt64(containerAliasFeeInitFlag)
-	m[netmap.IrCandidateFeeConfig] = viper.GetInt64(candidateFeeInitFlag)
-	m[netmap.WithdrawFeeConfig] = viper.GetInt64(withdrawFeeInitFlag)
-	m[netmap.HomomorphicHashingDisabledKey] = viper.GetBool(homomorphicHashDisabledInitFlag)
-	m[netmap.MaintenanceModeAllowedConfig] = viper.GetBool(maintenanceModeAllowedInitFlag)
-	return m
-}
-
-func parseConfigFromNetmapContract(arr []stackitem.Item) (map[string][]byte, error) {
-	m := make(map[string][]byte, len(arr))
-	for _, param := range arr {
-		tuple, ok := param.Value().([]stackitem.Item)
-		if !ok || len(tuple) != 2 {
-			return nil, errors.New("invalid ListConfig response from netmap contract")
-		}
-
-		k, err := tuple[0].TryBytes()
-		if err != nil {
-			return nil, errors.New("invalid config key from netmap contract")
-		}
-
-		v, err := tuple[1].TryBytes()
-		if err != nil {
-			return nil, invalidConfigValueErr(string(k))
-		}
-		m[string(k)] = v
-	}
-	return m, nil
-}
--- a/cmd/frostfs-adm/internal/modules/morph/nns/helper.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/helper.go
@ -0,0 +1,25 @@
+package nns
+
+import (
+	client "git.frostfs.info/TrueCloudLab/frostfs-contract/rpcclient/nns"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+func getRPCClient(cmd *cobra.Command) (*client.Contract, *helper.LocalActor, util.Uint160) {
+	v := viper.GetViper()
+	c, err := helper.GetN3Client(v)
+	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
+
+	ac, err := helper.NewLocalActor(cmd, c)
+	commonCmd.ExitOnErr(cmd, "can't create actor: %w", err)
+
+	r := management.NewReader(ac.Invoker)
+	nnsCs, err := r.GetContractByID(1)
+	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
+	return client.New(ac, nnsCs.Hash), ac, nnsCs.Hash
+}
--- a/cmd/frostfs-adm/internal/modules/morph/nns/record.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/record.go
@ -0,0 +1,148 @@
+package nns
+
+import (
+	"errors"
+	"math/big"
+	"strings"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
+	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
+	"github.com/spf13/cobra"
+)
+
+func initAddRecordCmd() {
+	Cmd.AddCommand(addRecordCmd)
+	addRecordCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	addRecordCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	addRecordCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
+	addRecordCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
+	addRecordCmd.Flags().String(nnsRecordDataFlag, "", nnsRecordDataFlagDesc)
+
+	_ = cobra.MarkFlagRequired(addRecordCmd.Flags(), nnsNameFlag)
+	_ = cobra.MarkFlagRequired(addRecordCmd.Flags(), nnsRecordTypeFlag)
+	_ = cobra.MarkFlagRequired(addRecordCmd.Flags(), nnsRecordDataFlag)
+}
+
+func initGetRecordsCmd() {
+	Cmd.AddCommand(getRecordsCmd)
+	getRecordsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	getRecordsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	getRecordsCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
+	getRecordsCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
+
+	_ = cobra.MarkFlagRequired(getRecordsCmd.Flags(), nnsNameFlag)
+}
+
+func initDelRecordsCmd() {
+	Cmd.AddCommand(delRecordsCmd)
+	delRecordsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	delRecordsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	delRecordsCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
+	delRecordsCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
+
+	_ = cobra.MarkFlagRequired(delRecordsCmd.Flags(), nnsNameFlag)
+	_ = cobra.MarkFlagRequired(delRecordsCmd.Flags(), nnsRecordTypeFlag)
+}
+
+func addRecord(cmd *cobra.Command, _ []string) {
+	c, actor, _ := getRPCClient(cmd)
+	name, _ := cmd.Flags().GetString(nnsNameFlag)
+	data, _ := cmd.Flags().GetString(nnsRecordDataFlag)
+	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
+	typ, err := getRecordType(recordType)
+	commonCmd.ExitOnErr(cmd, "unable to parse record type: %w", err)
+	h, vub, err := c.AddRecord(name, typ, data)
+	commonCmd.ExitOnErr(cmd, "unable to add record: %w", err)
+
+	cmd.Println("Waiting for transaction to persist...")
+	_, err = actor.Wait(h, vub, err)
+	commonCmd.ExitOnErr(cmd, "renew domain error: %w", err)
+	cmd.Println("Record added successfully")
+}
+
+func getRecords(cmd *cobra.Command, _ []string) {
+	c, act, hash := getRPCClient(cmd)
+	name, _ := cmd.Flags().GetString(nnsNameFlag)
+	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
+	if recordType == "" {
+		sid, r, err := unwrap.SessionIterator(act.Invoker.Call(hash, "getAllRecords", name))
+		commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
+		defer func() {
+			_ = act.Invoker.TerminateSession(sid)
+		}()
+		items, err := act.Invoker.TraverseIterator(sid, &r, 0)
+		commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
+		for len(items) != 0 {
+			for j := range items {
+				rs := items[j].Value().([]stackitem.Item)
+				bs, err := rs[2].TryBytes()
+				commonCmd.ExitOnErr(cmd, "unable to parse record state: %w", err)
+				cmd.Printf("%s %s\n",
+					recordTypeToString(nns.RecordType(rs[1].Value().(*big.Int).Int64())),
+					string(bs))
+			}
+			items, err = act.Invoker.TraverseIterator(sid, &r, 0)
+			commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
+		}
+	} else {
+		typ, err := getRecordType(recordType)
+		commonCmd.ExitOnErr(cmd, "unable to parse record type: %w", err)
+		items, err := c.GetRecords(name, typ)
+		commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
+		for _, item := range items {
+			record, err := item.TryBytes()
+			commonCmd.ExitOnErr(cmd, "unable to parse response: %w", err)
+			cmd.Println(string(record))
+		}
+	}
+}
+
+func delRecords(cmd *cobra.Command, _ []string) {
+	c, actor, _ := getRPCClient(cmd)
+	name, _ := cmd.Flags().GetString(nnsNameFlag)
+	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
+	typ, err := getRecordType(recordType)
+	commonCmd.ExitOnErr(cmd, "unable to parse record type: %w", err)
+	h, vub, err := c.DeleteRecords(name, typ)
+	commonCmd.ExitOnErr(cmd, "unable to delete records: %w", err)
+
+	cmd.Println("Waiting for transaction to persist...")
+	_, err = actor.Wait(h, vub, err)
+	commonCmd.ExitOnErr(cmd, "delete records error: %w", err)
+	cmd.Println("Records removed successfully")
+}
+
+func getRecordType(recordType string) (*big.Int, error) {
+	switch strings.ToUpper(recordType) {
+	case "A":
+		return big.NewInt(int64(nns.A)), nil
+	case "CNAME":
+		return big.NewInt(int64(nns.CNAME)), nil
+	case "SOA":
+		return big.NewInt(int64(nns.SOA)), nil
+	case "TXT":
+		return big.NewInt(int64(nns.TXT)), nil
+	case "AAAA":
+		return big.NewInt(int64(nns.AAAA)), nil
+	}
+	return nil, errors.New("unsupported record type")
+}
+
+func recordTypeToString(rt nns.RecordType) string {
+	switch rt {
+	case nns.A:
+		return "A"
+	case nns.CNAME:
+		return "CNAME"
+	case nns.SOA:
+		return "SOA"
+	case nns.TXT:
+		return "TXT"
+	case nns.AAAA:
+		return "AAAA"
+	}
+	return ""
+}
--- a/cmd/frostfs-adm/internal/modules/morph/nns/register.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/register.go
@ -0,0 +1,44 @@
+package nns
+
+import (
+	"math/big"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/spf13/cobra"
+)
+
+func initRegisterCmd() {
+	Cmd.AddCommand(registerCmd)
+	registerCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	registerCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	registerCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
+	registerCmd.Flags().String(nnsEmailFlag, constants.FrostfsOpsEmail, "Domain owner email")
+	registerCmd.Flags().Int64(nnsRefreshFlag, constants.NNSRefreshDefVal, "SOA record REFRESH parameter")
+	registerCmd.Flags().Int64(nnsRetryFlag, constants.NNSRetryDefVal, "SOA record RETRY parameter")
+	registerCmd.Flags().Int64(nnsExpireFlag, int64(constants.DefaultExpirationTime), "SOA record EXPIRE parameter")
+	registerCmd.Flags().Int64(nnsTTLFlag, constants.NNSTtlDefVal, "SOA record TTL parameter")
+
+	_ = cobra.MarkFlagRequired(registerCmd.Flags(), nnsNameFlag)
+}
+
+func registerDomain(cmd *cobra.Command, _ []string) {
+	c, actor, _ := getRPCClient(cmd)
+
+	name, _ := cmd.Flags().GetString(nnsNameFlag)
+	email, _ := cmd.Flags().GetString(nnsEmailFlag)
+	refresh, _ := cmd.Flags().GetInt64(nnsRefreshFlag)
+	retry, _ := cmd.Flags().GetInt64(nnsRetryFlag)
+	expire, _ := cmd.Flags().GetInt64(nnsExpireFlag)
+	ttl, _ := cmd.Flags().GetInt64(nnsTTLFlag)
+
+	h, vub, err := c.Register(name, actor.Sender(), email, big.NewInt(refresh),
+		big.NewInt(retry), big.NewInt(expire), big.NewInt(ttl))
+	commonCmd.ExitOnErr(cmd, "unable to register domain: %w", err)
+
+	cmd.Println("Waiting for transaction to persist...")
+	_, err = actor.Wait(h, vub, err)
+	commonCmd.ExitOnErr(cmd, "register domain error: %w", err)
+	cmd.Println("Domain registered successfully")
+}
--- a/cmd/frostfs-adm/internal/modules/morph/nns/renew.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/renew.go
@ -0,0 +1,26 @@
+package nns
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/spf13/cobra"
+)
+
+func initRenewCmd() {
+	Cmd.AddCommand(renewCmd)
+	renewCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	renewCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	renewCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
+}
+
+func renewDomain(cmd *cobra.Command, _ []string) {
+	c, actor, _ := getRPCClient(cmd)
+	name, _ := cmd.Flags().GetString(nnsNameFlag)
+	h, vub, err := c.Renew(name)
+	commonCmd.ExitOnErr(cmd, "unable to renew domain: %w", err)
+
+	cmd.Println("Waiting for transaction to persist...")
+	_, err = actor.Wait(h, vub, err)
+	commonCmd.ExitOnErr(cmd, "renew domain error: %w", err)
+	cmd.Println("Domain renewed successfully")
+}
--- a/cmd/frostfs-adm/internal/modules/morph/nns/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/root.go
@ -0,0 +1,99 @@
+package nns
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+const (
+	nnsNameFlag           = "name"
+	nnsNameFlagDesc       = "Domain name"
+	nnsEmailFlag          = "email"
+	nnsRefreshFlag        = "refresh"
+	nnsRetryFlag          = "retry"
+	nnsExpireFlag         = "expire"
+	nnsTTLFlag            = "ttl"
+	nnsRecordTypeFlag     = "type"
+	nnsRecordTypeFlagDesc = "Domain name service record type(A|CNAME|SOA|TXT)"
+	nnsRecordDataFlag     = "data"
+	nnsRecordDataFlagDesc = "Domain name service record data"
+)
+
+var (
+	Cmd = &cobra.Command{
+		Use:   "nns",
+		Short: "Section for Neo Name Service (NNS)",
+	}
+	tokensCmd = &cobra.Command{
+		Use:   "tokens",
+		Short: "List all registered domain names",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: listTokens,
+	}
+	registerCmd = &cobra.Command{
+		Use:   "register",
+		Short: "Registers a new domain",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+		},
+		Run: registerDomain,
+	}
+	renewCmd = &cobra.Command{
+		Use:   "renew",
+		Short: "Increases domain expiration date",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+		},
+		Run: renewDomain,
+	}
+	updateCmd = &cobra.Command{
+		Use:   "update",
+		Short: "Updates soa record",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+		},
+		Run: updateSOA,
+	}
+	addRecordCmd = &cobra.Command{
+		Use:   "add-record",
+		Short: "Adds a new record of the specified type to the provided domain",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+		},
+		Run: addRecord,
+	}
+	getRecordsCmd = &cobra.Command{
+		Use:   "get-records",
+		Short: "Returns domain record of the specified type",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: getRecords,
+	}
+	delRecordsCmd = &cobra.Command{
+		Use:   "delete-records",
+		Short: "Removes domain records with the specified type",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+		},
+		Run: delRecords,
+	}
+)
+
+func init() {
+	initTokensCmd()
+	initRegisterCmd()
+	initRenewCmd()
+	initUpdateCmd()
+	initAddRecordCmd()
+	initGetRecordsCmd()
+	initDelRecordsCmd()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/nns/tokens.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/tokens.go
@ -0,0 +1,24 @@
+package nns
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/spf13/cobra"
+)
+
+func initTokensCmd() {
+	Cmd.AddCommand(tokensCmd)
+	tokensCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	tokensCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+}
+
+func listTokens(cmd *cobra.Command, _ []string) {
+	c, _, _ := getRPCClient(cmd)
+	it, err := c.Tokens()
+	commonCmd.ExitOnErr(cmd, "unable to get tokens: %w", err)
+	for toks, err := it.Next(10); err == nil && len(toks) > 0; toks, err = it.Next(10) {
+		for _, token := range toks {
+			cmd.Println(string(token))
+		}
+	}
+}
--- a/cmd/frostfs-adm/internal/modules/morph/nns/update.go
+++ b/cmd/frostfs-adm/internal/modules/morph/nns/update.go
@ -0,0 +1,50 @@
+package nns
+
+import (
+	"math/big"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/spf13/cobra"
+)
+
+func initUpdateCmd() {
+	Cmd.AddCommand(updateCmd)
+	updateCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	updateCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	updateCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
+	updateCmd.Flags().String(nnsEmailFlag, constants.FrostfsOpsEmail, "Domain owner email")
+	updateCmd.Flags().Int64(nnsRefreshFlag, constants.NNSRefreshDefVal,
+		"The number of seconds between update requests from secondary and slave name servers")
+	updateCmd.Flags().Int64(nnsRetryFlag, constants.NNSRetryDefVal,
+		"The number of seconds the secondary or slave will wait before retrying when the last attempt has failed")
+	updateCmd.Flags().Int64(nnsExpireFlag, int64(constants.DefaultExpirationTime),
+		"The number of seconds a master or slave will wait before considering the data stale "+
+			"if it cannot reach the primary name server")
+	updateCmd.Flags().Int64(nnsTTLFlag, constants.NNSTtlDefVal,
+		"The number of seconds a domain name is cached locally before expiration and return to authoritative "+
+			"nameservers for updated information")
+
+	_ = cobra.MarkFlagRequired(updateCmd.Flags(), nnsNameFlag)
+}
+
+func updateSOA(cmd *cobra.Command, _ []string) {
+	c, actor, _ := getRPCClient(cmd)
+
+	name, _ := cmd.Flags().GetString(nnsNameFlag)
+	email, _ := cmd.Flags().GetString(nnsEmailFlag)
+	refresh, _ := cmd.Flags().GetInt64(nnsRefreshFlag)
+	retry, _ := cmd.Flags().GetInt64(nnsRetryFlag)
+	expire, _ := cmd.Flags().GetInt64(nnsExpireFlag)
+	ttl, _ := cmd.Flags().GetInt64(nnsTTLFlag)
+
+	h, vub, err := c.UpdateSOA(name, email, big.NewInt(refresh),
+		big.NewInt(retry), big.NewInt(expire), big.NewInt(ttl))
+	commonCmd.ExitOnErr(cmd, "unable to send transaction: %w", err)
+
+	cmd.Println("Waiting for transaction to persist...")
+	_, err = actor.Wait(h, vub, err)
+	commonCmd.ExitOnErr(cmd, "register domain error: %w", err)
+	cmd.Println("SOA records updated successfully")
+}
--- a/cmd/frostfs-adm/internal/modules/morph/node/remove.go
+++ b/cmd/frostfs-adm/internal/modules/morph/node/remove.go
@ -1,10 +1,12 @@
-package morph
+package node

 import (
 	"errors"
 	"fmt"

 	netmapcontract "git.frostfs.info/TrueCloudLab/frostfs-contract/netmap"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
@ -14,7 +16,7 @@ import (
 	"github.com/spf13/viper"
 )

-func removeNodesCmd(cmd *cobra.Command, args []string) error {
+func RemoveNodesCmd(cmd *cobra.Command, args []string) error {
 	if len(args) == 0 {
 		return errors.New("at least one node key must be provided")
 	}
@ -28,11 +30,11 @@ func removeNodesCmd(cmd *cobra.Command, args []string) error {
 		}
 	}

-	wCtx, err := newInitializeContext(cmd, viper.GetViper())
+	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't initialize context: %w", err)
 	}
-	defer wCtx.close()
+	defer wCtx.Close()

 	r := management.NewReader(wCtx.ReadOnlyInvoker)
 	cs, err := r.GetContractByID(1)
@ -40,7 +42,7 @@ func removeNodesCmd(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}

-	nmHash, err := nnsResolveHash(wCtx.ReadOnlyInvoker, cs.Hash, netmapContract+".frostfs")
+	nmHash, err := helper.NNSResolveHash(wCtx.ReadOnlyInvoker, cs.Hash, helper.DomainOf(constants.NetmapContract))
 	if err != nil {
 		return fmt.Errorf("can't get netmap contract hash: %w", err)
 	}
@ -51,13 +53,13 @@ func removeNodesCmd(cmd *cobra.Command, args []string) error {
 			int64(netmapcontract.NodeStateOffline), nodeKeys[i].Bytes())
 	}

-	if err := emitNewEpochCall(bw, wCtx, nmHash); err != nil {
+	if err := helper.EmitNewEpochCall(bw, wCtx, nmHash); err != nil {
 		return err
 	}

-	if err := wCtx.sendConsensusTx(bw.Bytes()); err != nil {
+	if err := wCtx.SendConsensusTx(bw.Bytes()); err != nil {
 		return err
 	}

-	return wCtx.awaitTx()
+	return wCtx.AwaitTx()
 }
--- a/cmd/frostfs-adm/internal/modules/morph/node/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/node/root.go
@ -0,0 +1,28 @@
+package node
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var RemoveCmd = &cobra.Command{
+	Use:   "remove-nodes key1 [key2 [...]]",
+	Short: "Remove storage nodes from the netmap",
+	Long:  `Move nodes to the Offline state in the candidates list and tick an epoch to update the netmap`,
+	PreRun: func(cmd *cobra.Command, _ []string) {
+		_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+		_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+	},
+	RunE: RemoveNodesCmd,
+}
+
+func initRemoveNodesCmd() {
+	RemoveCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	RemoveCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	RemoveCmd.Flags().String(commonflags.LocalDumpFlag, "", "Path to the blocks dump file")
+}
+
+func init() {
+	initRemoveNodesCmd()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/notary/notary.go
+++ b/cmd/frostfs-adm/internal/modules/morph/notary/notary.go
@ -1,10 +1,13 @@
-package morph
+package notary

 import (
+	"errors"
 	"fmt"
 	"math/big"
 	"strconv"

+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"github.com/nspcc-dev/neo-go/cli/input"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
@ -20,9 +23,16 @@ import (
 	"github.com/spf13/viper"
 )

-// defaultNotaryDepositLifetime is an amount of blocks notary deposit stays valid.
-// https://github.com/nspcc-dev/neo-go/blob/master/pkg/core/native/notary.go#L48
-const defaultNotaryDepositLifetime = 5760
+const (
+	// defaultNotaryDepositLifetime is an amount of blocks notary deposit stays valid.
+	// https://github.com/nspcc-dev/neo-go/blob/master/pkg/core/native/notary.go#L48
+	defaultNotaryDepositLifetime = 5760
+
+	walletAccountFlag     = "account"
+	notaryDepositTillFlag = "till"
+)
+
+var errInvalidNotaryDepositLifetime = errors.New("notary deposit lifetime must be a positive integer")

 func depositNotary(cmd *cobra.Command, _ []string) error {
 	w, err := openWallet(cmd)
@ -54,11 +64,11 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("can't unlock account: %v", err)
 	}

-	gasStr, err := cmd.Flags().GetString(refillGasAmountFlag)
+	gasStr, err := cmd.Flags().GetString(commonflags.RefillGasAmountFlag)
 	if err != nil {
 		return err
 	}
-	gasAmount, err := parseGASAmount(gasStr)
+	gasAmount, err := helper.ParseGASAmount(gasStr)
 	if err != nil {
 		return err
 	}
@ -71,7 +81,7 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 	if tillStr != "" {
 		till, err = strconv.ParseInt(tillStr, 10, 64)
 		if err != nil || till <= 0 {
-			return fmt.Errorf("notary deposit lifetime must be a positive integer")
+			return errInvalidNotaryDepositLifetime
 		}
 	}

@ -79,12 +89,12 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 }

 func transferGas(cmd *cobra.Command, acc *wallet.Account, accHash util.Uint160, gasAmount fixedn.Fixed8, till int64) error {
-	c, err := getN3Client(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	if err != nil {
 		return err
 	}

-	if err := checkNotaryEnabled(c); err != nil {
+	if err := helper.CheckNotaryEnabled(c); err != nil {
 		return err
 	}

@ -116,15 +126,15 @@ func transferGas(cmd *cobra.Command, acc *wallet.Account, accHash util.Uint160,
 		return fmt.Errorf("could not send tx: %w", err)
 	}

-	return awaitTx(cmd, c, []hashVUBPair{{hash: txHash, vub: vub}})
+	return helper.AwaitTx(cmd, c, []helper.HashVUBPair{{Hash: txHash, Vub: vub}})
 }

 func openWallet(cmd *cobra.Command) (*wallet.Wallet, error) {
-	p, err := cmd.Flags().GetString(storageWalletFlag)
+	p, err := cmd.Flags().GetString(commonflags.StorageWalletFlag)
 	if err != nil {
 		return nil, err
 	} else if p == "" {
-		return nil, fmt.Errorf("missing wallet path (use '--%s <out.json>')", storageWalletFlag)
+		return nil, fmt.Errorf("missing wallet path (use '--%s <out.json>')", commonflags.StorageWalletFlag)
 	}

 	w, err := wallet.NewWalletFromFile(p)
--- a/cmd/frostfs-adm/internal/modules/morph/notary/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/notary/root.go
@ -0,0 +1,28 @@
+package notary
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var DepositCmd = &cobra.Command{
+	Use:   "deposit-notary",
+	Short: "Deposit GAS for notary service",
+	PreRun: func(cmd *cobra.Command, _ []string) {
+		_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+	},
+	RunE: depositNotary,
+}
+
+func initDepositoryNotaryCmd() {
+	DepositCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	DepositCmd.Flags().String(commonflags.StorageWalletFlag, "", "Path to storage node wallet")
+	DepositCmd.Flags().String(walletAccountFlag, "", "Wallet account address")
+	DepositCmd.Flags().String(commonflags.RefillGasAmountFlag, "", "Amount of GAS to deposit")
+	DepositCmd.Flags().String(notaryDepositTillFlag, "", "Notary deposit duration in blocks")
+}
+
+func init() {
+	initDepositoryNotaryCmd()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/policy/policy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/policy/policy.go
@ -1,12 +1,14 @@
-package morph
+package policy

 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"strconv"
 	"strings"
 	"text/tabwriter"

+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
@ -23,8 +25,10 @@ const (
 	setFeeParam       = "FeePerByte"
 )

-func setPolicyCmd(cmd *cobra.Command, args []string) error {
-	wCtx, err := newInitializeContext(cmd, viper.GetViper())
+var errInvalidParameterFormat = errors.New("invalid parameter format, must be Parameter=Value")
+
+func SetPolicyCmd(cmd *cobra.Command, args []string) error {
+	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't to initialize context: %w", err)
 	}
@ -33,7 +37,7 @@ func setPolicyCmd(cmd *cobra.Command, args []string) error {
 	for i := range args {
 		k, v, found := strings.Cut(args[i], "=")
 		if !found {
-			return fmt.Errorf("invalid parameter format, must be Parameter=Value")
+			return errInvalidParameterFormat
 		}

 		switch k {
@ -50,15 +54,15 @@ func setPolicyCmd(cmd *cobra.Command, args []string) error {
 		emit.AppCall(bw.BinWriter, policy.Hash, "set"+k, callflag.All, int64(value))
 	}

-	if err := wCtx.sendCommitteeTx(bw.Bytes(), false); err != nil {
+	if err := wCtx.SendCommitteeTx(bw.Bytes(), false); err != nil {
 		return err
 	}

-	return wCtx.awaitTx()
+	return wCtx.AwaitTx()
 }

 func dumpPolicyCmd(cmd *cobra.Command, _ []string) error {
-	c, err := getN3Client(viper.GetViper())
+	c, err := helper.GetN3Client(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client:", err)

 	inv := invoker.New(c, nil)
--- a/cmd/frostfs-adm/internal/modules/morph/policy/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/policy/root.go
@ -0,0 +1,47 @@
+package policy
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var (
+	Set = &cobra.Command{
+		Use:                   "set-policy [ExecFeeFactor=<n1>] [StoragePrice=<n2>] [FeePerByte=<n3>]",
+		DisableFlagsInUseLine: true,
+		Short:                 "Set global policy values",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		RunE: SetPolicyCmd,
+		ValidArgsFunction: func(_ *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {
+			return []string{"ExecFeeFactor=", "StoragePrice=", "FeePerByte="}, cobra.ShellCompDirectiveNoSpace
+		},
+	}
+
+	Dump = &cobra.Command{
+		Use:   "dump-policy",
+		Short: "Dump FrostFS policy",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		RunE: dumpPolicyCmd,
+	}
+)
+
+func initSetPolicyCmd() {
+	Set.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+	Set.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	Set.Flags().String(commonflags.LocalDumpFlag, "", "Path to the blocks dump file")
+}
+
+func initDumpPolicyCmd() {
+	Dump.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+}
+
+func init() {
+	initSetPolicyCmd()
+	initDumpPolicyCmd()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/proxy/proxy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/proxy/proxy.go
@ -0,0 +1,70 @@
+package proxy
+
+import (
+	"fmt"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/nspcc-dev/neo-go/pkg/io"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
+	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+const (
+	accountAddressFlag = "account"
+)
+
+func addProxyAccount(cmd *cobra.Command, _ []string) {
+	acc, _ := cmd.Flags().GetString(accountAddressFlag)
+	addr, err := address.StringToUint160(acc)
+	commonCmd.ExitOnErr(cmd, "invalid account: %w", err)
+	err = processAccount(cmd, addr, "addAccount")
+	commonCmd.ExitOnErr(cmd, "processing error: %w", err)
+}
+
+func removeProxyAccount(cmd *cobra.Command, _ []string) {
+	acc, _ := cmd.Flags().GetString(accountAddressFlag)
+	addr, err := address.StringToUint160(acc)
+	commonCmd.ExitOnErr(cmd, "invalid account: %w", err)
+	err = processAccount(cmd, addr, "removeAccount")
+	commonCmd.ExitOnErr(cmd, "processing error: %w", err)
+}
+
+func processAccount(cmd *cobra.Command, addr util.Uint160, method string) error {
+	wCtx, err := helper.NewInitializeContext(cmd, viper.GetViper())
+	if err != nil {
+		return fmt.Errorf("can't to initialize context: %w", err)
+	}
+
+	r := management.NewReader(wCtx.ReadOnlyInvoker)
+	cs, err := r.GetContractByID(1)
+	if err != nil {
+		return fmt.Errorf("can't get NNS contract info: %w", err)
+	}
+
+	proxyHash, err := helper.NNSResolveHash(wCtx.ReadOnlyInvoker, cs.Hash, helper.DomainOf(constants.ProxyContract))
+	if err != nil {
+		return fmt.Errorf("can't get proxy contract hash: %w", err)
+	}
+
+	bw := io.NewBufBinWriter()
+	emit.AppCall(bw.BinWriter, proxyHash, method, callflag.All, addr)
+
+	if err := wCtx.SendConsensusTx(bw.Bytes()); err != nil {
+		return err
+	}
+
+	if err = wCtx.AwaitTx(); err != nil {
+		return err
+	}
+
+	cmd.Println("Proxy contract has been updated")
+
+	return nil
+}
--- a/cmd/frostfs-adm/internal/modules/morph/proxy/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/proxy/root.go
@ -0,0 +1,43 @@
+package proxy
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var (
+	AddAccountCmd = &cobra.Command{
+		Use:   "proxy-add-account",
+		Short: "Adds account to proxy contract",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: addProxyAccount,
+	}
+	RemoveAccountCmd = &cobra.Command{
+		Use:   "proxy-remove-account",
+		Short: "Remove from proxy contract",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: removeProxyAccount,
+	}
+)
+
+func initProxyAddAccount() {
+	AddAccountCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	AddAccountCmd.Flags().String(accountAddressFlag, "", "Wallet address string")
+}
+
+func initProxyRemoveAccount() {
+	RemoveAccountCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	RemoveAccountCmd.Flags().String(accountAddressFlag, "", "Wallet address string")
+}
+
+func init() {
+	initProxyAddAccount()
+	initProxyRemoveAccount()
+}
--- a/cmd/frostfs-adm/internal/modules/morph/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/root.go
@ -1,406 +1,54 @@
 package morph

 import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/ape"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/balance"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/config"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/contract"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/frostfsid"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/generate"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/initialize"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/netmap"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/nns"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/node"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/notary"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/policy"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/proxy"
 	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
 )

-const (
-	alphabetWalletsFlag             = "alphabet-wallets"
-	alphabetSizeFlag                = "size"
-	endpointFlag                    = "rpc-endpoint"
-	storageWalletFlag               = "storage-wallet"
-	storageWalletLabelFlag          = "label"
-	storageGasCLIFlag               = "initial-gas"
-	storageGasConfigFlag            = "storage.initial_gas"
-	contractsInitFlag               = "contracts"
-	maxObjectSizeInitFlag           = "network.max_object_size"
-	maxObjectSizeCLIFlag            = "max-object-size"
-	epochDurationInitFlag           = "network.epoch_duration"
-	epochDurationCLIFlag            = "epoch-duration"
-	containerFeeInitFlag            = "network.fee.container"
-	containerAliasFeeInitFlag       = "network.fee.container_alias"
-	containerFeeCLIFlag             = "container-fee"
-	containerAliasFeeCLIFlag        = "container-alias-fee"
-	candidateFeeInitFlag            = "network.fee.candidate"
-	candidateFeeCLIFlag             = "candidate-fee"
-	homomorphicHashDisabledInitFlag = "network.homomorphic_hash_disabled"
-	maintenanceModeAllowedInitFlag  = "network.maintenance_mode_allowed"
-	homomorphicHashDisabledCLIFlag  = "homomorphic-disabled"
-	withdrawFeeInitFlag             = "network.fee.withdraw"
-	withdrawFeeCLIFlag              = "withdraw-fee"
-	containerDumpFlag               = "dump"
-	containerContractFlag           = "container-contract"
-	containerIDsFlag                = "cid"
-	refillGasAmountFlag             = "gas"
-	walletAccountFlag               = "account"
-	notaryDepositTillFlag           = "till"
-	localDumpFlag                   = "local-dump"
-	protoConfigPath                 = "protocol"
-	walletAddressFlag               = "wallet-address"
-)
-
-var (
-	// RootCmd is a root command of config section.
-	RootCmd = &cobra.Command{
-		Use:   "morph",
-		Short: "Section for morph network configuration commands",
-	}
-
-	generateAlphabetCmd = &cobra.Command{
-		Use:   "generate-alphabet",
-		Short: "Generate alphabet wallets for consensus nodes of the morph network",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			// PreRun fixes https://github.com/spf13/viper/issues/233
-			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
-		},
-		RunE: generateAlphabetCreds,
-	}
-
-	initCmd = &cobra.Command{
-		Use:   "init",
-		Short: "Initialize side chain network with smart-contracts and network settings",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-			_ = viper.BindPFlag(epochDurationInitFlag, cmd.Flags().Lookup(epochDurationCLIFlag))
-			_ = viper.BindPFlag(maxObjectSizeInitFlag, cmd.Flags().Lookup(maxObjectSizeCLIFlag))
-			_ = viper.BindPFlag(homomorphicHashDisabledInitFlag, cmd.Flags().Lookup(homomorphicHashDisabledCLIFlag))
-			_ = viper.BindPFlag(candidateFeeInitFlag, cmd.Flags().Lookup(candidateFeeCLIFlag))
-			_ = viper.BindPFlag(containerFeeInitFlag, cmd.Flags().Lookup(containerFeeCLIFlag))
-			_ = viper.BindPFlag(containerAliasFeeInitFlag, cmd.Flags().Lookup(containerAliasFeeCLIFlag))
-			_ = viper.BindPFlag(withdrawFeeInitFlag, cmd.Flags().Lookup(withdrawFeeCLIFlag))
-			_ = viper.BindPFlag(protoConfigPath, cmd.Flags().Lookup(protoConfigPath))
-		},
-		RunE: initializeSideChainCmd,
-	}
-
-	generateStorageCmd = &cobra.Command{
-		Use:   "generate-storage-wallet",
-		Short: "Generate storage node wallet for the morph network",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-			_ = viper.BindPFlag(storageGasConfigFlag, cmd.Flags().Lookup(storageGasCLIFlag))
-		},
-		RunE: generateStorageCreds,
-	}
-
-	refillGasCmd = &cobra.Command{
-		Use:   "refill-gas",
-		Short: "Refill GAS of storage node's wallet in the morph network",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-			_ = viper.BindPFlag(refillGasAmountFlag, cmd.Flags().Lookup(refillGasAmountFlag))
-		},
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return refillGas(cmd, refillGasAmountFlag, false)
-		},
-	}
-
-	forceNewEpoch = &cobra.Command{
-		Use:   "force-new-epoch",
-		Short: "Create new FrostFS epoch event in the side chain",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-		},
-		RunE: forceNewEpochCmd,
-	}
-
-	removeNodes = &cobra.Command{
-		Use:   "remove-nodes key1 [key2 [...]]",
-		Short: "Remove storage nodes from the netmap",
-		Long:  `Move nodes to the Offline state in the candidates list and tick an epoch to update the netmap`,
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-		},
-		RunE: removeNodesCmd,
-	}
-
-	setConfig = &cobra.Command{
-		Use:                   "set-config key1=val1 [key2=val2 ...]",
-		DisableFlagsInUseLine: true,
-		Short:                 "Add/update global config value in the FrostFS network",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-		},
-		Args: cobra.MinimumNArgs(1),
-		RunE: setConfigCmd,
-	}
-
-	setPolicy = &cobra.Command{
-		Use:                   "set-policy [ExecFeeFactor=<n1>] [StoragePrice=<n2>] [FeePerByte=<n3>]",
-		DisableFlagsInUseLine: true,
-		Short:                 "Set global policy values",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-		},
-		RunE: setPolicyCmd,
-		ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-			return []string{"ExecFeeFactor=", "StoragePrice=", "FeePerByte="}, cobra.ShellCompDirectiveNoSpace
-		},
-	}
-
-	dumpPolicy = &cobra.Command{
-		Use:   "dump-policy",
-		Short: "Dump FrostFS policy",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-		},
-		RunE: dumpPolicyCmd,
-	}
-
-	dumpContractHashesCmd = &cobra.Command{
-		Use:   "dump-hashes",
-		Short: "Dump deployed contract hashes",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-		},
-		RunE: dumpContractHashes,
-	}
-
-	dumpNetworkConfigCmd = &cobra.Command{
-		Use:   "dump-config",
-		Short: "Dump FrostFS network config",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-		},
-		RunE: dumpNetworkConfig,
-	}
-
-	dumpBalancesCmd = &cobra.Command{
-		Use:   "dump-balances",
-		Short: "Dump GAS balances",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-		},
-		RunE: dumpBalances,
-	}
-
-	updateContractsCmd = &cobra.Command{
-		Use:   "update-contracts",
-		Short: "Update FrostFS contracts",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-		},
-		RunE: updateContracts,
-	}
-
-	dumpContainersCmd = &cobra.Command{
-		Use:   "dump-containers",
-		Short: "Dump FrostFS containers to file",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-		},
-		RunE: dumpContainers,
-	}
-
-	restoreContainersCmd = &cobra.Command{
-		Use:   "restore-containers",
-		Short: "Restore FrostFS containers from file",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-		},
-		RunE: restoreContainers,
-	}
-
-	listContainersCmd = &cobra.Command{
-		Use:   "list-containers",
-		Short: "List FrostFS containers",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-		},
-		RunE: listContainers,
-	}
-
-	depositNotaryCmd = &cobra.Command{
-		Use:   "deposit-notary",
-		Short: "Deposit GAS for notary service",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-		},
-		RunE: depositNotary,
-	}
-
-	netmapCandidatesCmd = &cobra.Command{
-		Use:   "netmap-candidates",
-		Short: "List netmap candidates nodes",
-		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
-			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
-		},
-		Run: listNetmapCandidatesNodes,
-	}
-)
+// RootCmd is a root command of config section.
+var RootCmd = &cobra.Command{
+	Use:   "morph",
+	Short: "Section for morph network configuration commands",
+}

 func init() {
-	initGenerateAlphabetCmd()
-	initInitCmd()
-	initDeployCmd()
-	initGenerateStorageCmd()
-	initForceNewEpochCmd()
-	initRemoveNodesCmd()
-	initSetPolicyCmd()
-	initDumpPolicyCmd()
-	initDumpContractHashesCmd()
-	initDumpNetworkConfigCmd()
-	initSetConfigCmd()
-	initDumpBalancesCmd()
-	initUpdateContractsCmd()
-	initDumpContainersCmd()
-	initRestoreContainersCmd()
-	initListContainersCmd()
-	initRefillGasCmd()
-	initDepositoryNotaryCmd()
-	initNetmapCandidatesCmd()
-}
+	RootCmd.AddCommand(generate.RefillGasCmd)
+	RootCmd.AddCommand(initialize.Cmd)
+	RootCmd.AddCommand(contract.DeployCmd)
+	RootCmd.AddCommand(generate.GenerateStorageCmd)
+	RootCmd.AddCommand(netmap.ForceNewEpoch)
+	RootCmd.AddCommand(node.RemoveCmd)
+	RootCmd.AddCommand(policy.Set)
+	RootCmd.AddCommand(policy.Dump)
+	RootCmd.AddCommand(contract.DumpHashesCmd)
+	RootCmd.AddCommand(config.SetCmd)
+	RootCmd.AddCommand(config.DumpCmd)
+	RootCmd.AddCommand(balance.DumpCmd)
+	RootCmd.AddCommand(contract.UpdateCmd)
+	RootCmd.AddCommand(container.ListCmd)
+	RootCmd.AddCommand(container.RestoreCmd)
+	RootCmd.AddCommand(container.DumpCmd)
+	RootCmd.AddCommand(generate.GenerateAlphabetCmd)
+	RootCmd.AddCommand(notary.DepositCmd)
+	RootCmd.AddCommand(netmap.CandidatesCmd)

-func initNetmapCandidatesCmd() {
-	RootCmd.AddCommand(netmapCandidatesCmd)
-	netmapCandidatesCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-}
+	RootCmd.AddCommand(ape.Cmd)
+	RootCmd.AddCommand(proxy.AddAccountCmd)
+	RootCmd.AddCommand(proxy.RemoveAccountCmd)

-func initDepositoryNotaryCmd() {
-	RootCmd.AddCommand(depositNotaryCmd)
-	depositNotaryCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-	depositNotaryCmd.Flags().String(storageWalletFlag, "", "Path to storage node wallet")
-	depositNotaryCmd.Flags().String(walletAccountFlag, "", "Wallet account address")
-	depositNotaryCmd.Flags().String(refillGasAmountFlag, "", "Amount of GAS to deposit")
-	depositNotaryCmd.Flags().String(notaryDepositTillFlag, "", "Notary deposit duration in blocks")
-}
-
-func initRefillGasCmd() {
-	RootCmd.AddCommand(refillGasCmd)
-	refillGasCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
-	refillGasCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-	refillGasCmd.Flags().String(storageWalletFlag, "", "Path to storage node wallet")
-	refillGasCmd.Flags().String(walletAddressFlag, "", "Address of wallet")
-	refillGasCmd.Flags().String(refillGasAmountFlag, "", "Additional amount of GAS to transfer")
-	refillGasCmd.MarkFlagsMutuallyExclusive(walletAddressFlag, storageWalletFlag)
-}
-
-func initListContainersCmd() {
-	RootCmd.AddCommand(listContainersCmd)
-	listContainersCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-	listContainersCmd.Flags().String(containerContractFlag, "", "Container contract hash (for networks without NNS)")
-}
-
-func initRestoreContainersCmd() {
-	RootCmd.AddCommand(restoreContainersCmd)
-	restoreContainersCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
-	restoreContainersCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-	restoreContainersCmd.Flags().String(containerDumpFlag, "", "File to restore containers from")
-	restoreContainersCmd.Flags().StringSlice(containerIDsFlag, nil, "Containers to restore")
-}
-
-func initDumpContainersCmd() {
-	RootCmd.AddCommand(dumpContainersCmd)
-	dumpContainersCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-	dumpContainersCmd.Flags().String(containerDumpFlag, "", "File where to save dumped containers")
-	dumpContainersCmd.Flags().String(containerContractFlag, "", "Container contract hash (for networks without NNS)")
-	dumpContainersCmd.Flags().StringSlice(containerIDsFlag, nil, "Containers to dump")
-}
-
-func initUpdateContractsCmd() {
-	RootCmd.AddCommand(updateContractsCmd)
-	updateContractsCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
-	updateContractsCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-	updateContractsCmd.Flags().String(contractsInitFlag, "", "Path to archive with compiled FrostFS contracts")
-	_ = updateContractsCmd.MarkFlagRequired(contractsInitFlag)
-}
-
-func initDumpBalancesCmd() {
-	RootCmd.AddCommand(dumpBalancesCmd)
-	dumpBalancesCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-	dumpBalancesCmd.Flags().BoolP(dumpBalancesStorageFlag, "s", false, "Dump balances of storage nodes from the current netmap")
-	dumpBalancesCmd.Flags().BoolP(dumpBalancesAlphabetFlag, "a", false, "Dump balances of alphabet contracts")
-	dumpBalancesCmd.Flags().BoolP(dumpBalancesProxyFlag, "p", false, "Dump balances of the proxy contract")
-	dumpBalancesCmd.Flags().Bool(dumpBalancesUseScriptHashFlag, false, "Use script-hash format for addresses")
-}
-
-func initSetConfigCmd() {
-	RootCmd.AddCommand(setConfig)
-	setConfig.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
-	setConfig.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-	setConfig.Flags().Bool(forceConfigSet, false, "Force setting not well-known configuration key")
-	setConfig.Flags().String(localDumpFlag, "", "Path to the blocks dump file")
-}
-
-func initDumpNetworkConfigCmd() {
-	RootCmd.AddCommand(dumpNetworkConfigCmd)
-	dumpNetworkConfigCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-}
-
-func initDumpContractHashesCmd() {
-	RootCmd.AddCommand(dumpContractHashesCmd)
-	dumpContractHashesCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-	dumpContractHashesCmd.Flags().String(customZoneFlag, "", "Custom zone to search.")
-}
-
-func initSetPolicyCmd() {
-	RootCmd.AddCommand(setPolicy)
-	setPolicy.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
-	setPolicy.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-	setPolicy.Flags().String(localDumpFlag, "", "Path to the blocks dump file")
-}
-
-func initDumpPolicyCmd() {
-	RootCmd.AddCommand(dumpPolicy)
-	dumpPolicy.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-}
-
-func initRemoveNodesCmd() {
-	RootCmd.AddCommand(removeNodes)
-	removeNodes.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
-	removeNodes.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-	removeNodes.Flags().String(localDumpFlag, "", "Path to the blocks dump file")
-}
-
-func initForceNewEpochCmd() {
-	RootCmd.AddCommand(forceNewEpoch)
-	forceNewEpoch.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
-	forceNewEpoch.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-	forceNewEpoch.Flags().String(localDumpFlag, "", "Path to the blocks dump file")
-}
-
-func initGenerateStorageCmd() {
-	RootCmd.AddCommand(generateStorageCmd)
-	generateStorageCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
-	generateStorageCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-	generateStorageCmd.Flags().String(storageWalletFlag, "", "Path to new storage node wallet")
-	generateStorageCmd.Flags().String(storageGasCLIFlag, "", "Initial amount of GAS to transfer")
-	generateStorageCmd.Flags().StringP(storageWalletLabelFlag, "l", "", "Wallet label")
-}
-
-func initInitCmd() {
-	RootCmd.AddCommand(initCmd)
-	initCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
-	initCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
-	initCmd.Flags().String(contractsInitFlag, "", "Path to archive with compiled FrostFS contracts")
-	_ = initCmd.MarkFlagRequired(contractsInitFlag)
-	initCmd.Flags().Uint(epochDurationCLIFlag, 240, "Amount of side chain blocks in one FrostFS epoch")
-	initCmd.Flags().Uint(maxObjectSizeCLIFlag, 67108864, "Max single object size in bytes")
-	initCmd.Flags().Bool(homomorphicHashDisabledCLIFlag, false, "Disable object homomorphic hashing")
-	// Defaults are taken from neo-preodolenie.
-	initCmd.Flags().Uint64(containerFeeCLIFlag, 1000, "Container registration fee")
-	initCmd.Flags().Uint64(containerAliasFeeCLIFlag, 500, "Container alias fee")
-	initCmd.Flags().String(protoConfigPath, "", "Path to the consensus node configuration")
-	initCmd.Flags().String(localDumpFlag, "", "Path to the blocks dump file")
-}
-
-func initGenerateAlphabetCmd() {
-	RootCmd.AddCommand(generateAlphabetCmd)
-	generateAlphabetCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
-	generateAlphabetCmd.Flags().Uint(alphabetSizeFlag, 7, "Amount of alphabet wallets to generate")
-}
-
-func initDeployCmd() {
-	RootCmd.AddCommand(deployCmd)
+	RootCmd.AddCommand(frostfsid.Cmd)
+	RootCmd.AddCommand(nns.Cmd)
 }
--- a/cmd/frostfs-adm/internal/modules/morph/update.go
+++ b/cmd/frostfs-adm/internal/modules/morph/update.go
@ -1,21 +0,0 @@
-package morph
-
-import (
-	"fmt"
-
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-func updateContracts(cmd *cobra.Command, _ []string) error {
-	wCtx, err := newInitializeContext(cmd, viper.GetViper())
-	if err != nil {
-		return fmt.Errorf("initialization error: %w", err)
-	}
-
-	if err := wCtx.deployNNS(updateMethodName); err != nil {
-		return err
-	}
-
-	return wCtx.updateContracts()
-}
--- a/cmd/frostfs-adm/internal/modules/storagecfg/config.go
+++ b/cmd/frostfs-adm/internal/modules/storagecfg/config.go
@ -61,6 +61,8 @@ storage:
          depth: 1  # max depth of object tree storage in key-value DB
          width: 4   # max width of object tree storage in key-value DB
          opened_cache_capacity: 50  # maximum number of opened database files
+          opened_cache_ttl: 5m  # ttl for opened database file
+          opened_cache_exp_interval: 15s  # cache cleanup interval for expired blobovnicza's

      gc:
        remover_batch_size: 200  # number of objects to be removed by the garbage collector
--- a/cmd/frostfs-cli/docs/policy.md
+++ b/cmd/frostfs-cli/docs/policy.md
@ -0,0 +1,119 @@
+# How manage local Access Policy Engine (APE) override of the node
+
+## Overview
+APE is a replacement for eACL. Each rule can restrict somehow access to the object/container or list of them.
+Here is a simple representation for the rule:
+`<status>[:status_detail] <action>... <condition>... <resource>...`
+
+Rule start with `status`(with or without details), contains list of actions(which this rule regulate) or conditions
+(which can be under resource or request) and ends with list of resources.
+
+Resource is the combination of namespace, identificator of the FrostFS container/object and wildcard `*`.
+
+For object it can be represented as:
+- `namespace/cid/oid` object in the container of the namespace
+- `namespace/cid/*` all objects in the container of the namespace
+- `namespace/*` all objects in the namespace
+- `*` all objects
+- `/*` all object in the `root` namespace
+- `/cid/*` all objects in the container of the `root` namespace
+- `/cid/oid` object in the container of the `root` namespace
+
+For container it can be represented as:
+- `namespace/cid` container in the namespace
+- `namespace/*` all containers in the namespace
+- `*` all containers
+- `/cid` container in the `root` namespace
+- `/*` all containers in the `root` namespace
+
+Actions is a regular operations upon FrostFS containers/objects. Like `Object.Put`, `Container.Get` etc.
+You can use `Object.*`, `Container.*` that implies all actions.
+
+In status section it is possible to use `allow`, `deny` or `deny:QuotaLimitReached` actions.
+
+If a statement does not contain lexeme `any`, field `Any` is set to `false` by default. Otherwise, it is set
+to `true`. Optionally, `all` can be used - it also sets `Any=false`.
+
+It is prohibited to mix operation under FrostFS container and object in one rule.
+The same statement is equal for conditions and resources - one rule is for one type of items.
+
+## Add rule
+Local rule can be added with the command `frostfs-cli control add-rule`:
+```shell
+@:~$ frostfs-cli control add-rule --endpoint s04.frostfs.devenv:8081 -c cnt_create_cfg.yml \
+--address NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM --cid SeHNpifDH2Fc4scNBphrbmrKi96QXj2HzYJkhSGuytH \
+--chain-id TestPolicy \
+--rule "allow Object.Get Object.Head /*" --rule "deny Container.Put *"
+Parsed chain:
+Chain ID: TestPolicy
+     HEX: 54657374506f6c696379
+Rules:
+
+	Status: Allowed
+	Any: false
+	Conditions:
+	Actions:	Inverted:false
+		GetObject
+		HeadObject
+	Resources:	Inverted:false
+		native:object//*
+
+	Status: Access denied
+	Any: false
+	Conditions:
+	Actions:	Inverted:false
+		PutContainer
+	Resources:	Inverted:false
+		native:container/*
+
+Rule has been added.
+@:~$
+```
+## List rules
+Local rules can be listed with command `frostfs-cli control list-rules`:
+```shell
+@:~$ frostfs-cli control list-rules --endpoint s04.frostfs.devenv:8081 --address NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM \
+--cid SeHNpifDH2Fc4scNBphrbmrKi96QXj2HzYJkhSGuytH -w wallets/wallet.json
+Enter password >
+Chain ID: TestPolicy
+     HEX: 54657374506f6c696379
+Rules:
+
+	Status: Allowed
+	Any: false
+...
+@:~$
+```
+
+## Get rule
+Rules can be retrieved with `frostfs-cli control get-rule`:
+```shell
+@:~$ frostfs-cli control get-rule --endpoint s04.frostfs.devenv:8081 -c cnt_create_cfg.yml \
+--address NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM --cid SeHNpifDH2Fc4scNBphrbmrKi96QXj2HzYJkhSGuytH \
+--chain-id TestPolicy
+Parsed chain (chain id hex: '54657374506f6c696379'):
+Chain ID: TestPolicy
+     HEX: 54657374506f6c696379
+Rules:
+
+	Status: Allowed
+	Any: false
+...
+@:~$
+```
+
+## Remove rule
+To remove rule need to use command `frostfs-cli control remove-rule`:
+```shell
+@:~$ frostfs-cli control remove-rule --endpoint s04.frostfs.devenv:8081 -c cnt_create_cfg.yml \
+--address NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM --cid SeHNpifDH2Fc4scNBphrbmrKi96QXj2HzYJkhSGuytH --chain-id TestPolicy
+Rule has been removed.
+@:~$ frostfs-cli control get-rule --endpoint s04.frostfs.devenv:8081 -c cnt_create_cfg.yml \
+--address NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM --cid SeHNpifDH2Fc4scNBphrbmrKi96QXj2HzYJkhSGuytH --chain-id TestPolicy
+rpc error: rpc error: code = NotFound desc = chain not found
+@:~$ frostfs-cli control list-rules --endpoint s04.frostfs.devenv:8081 \
+--address NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM --cid SeHNpifDH2Fc4scNBphrbmrKi96QXj2HzYJkhSGuytH -w wallets/wallet.json
+Enter password >
+Local overrides are not defined for the container.
+@:~$
+```
--- a/cmd/frostfs-cli/internal/client/client.go
+++ b/cmd/frostfs-cli/internal/client/client.go
@ -21,6 +21,8 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/version"
 )

+var errMissingHeaderInResponse = errors.New("missing header in response")
+
 // BalanceOfPrm groups parameters of BalanceOf operation.
 type BalanceOfPrm struct {
 	commonPrm
@ -353,7 +355,7 @@ type PutObjectPrm struct {

 	rdr io.Reader

-	headerCallback func(*objectSDK.Object)
+	headerCallback func()

 	prepareLocally bool
 }
@ -370,7 +372,7 @@ func (x *PutObjectPrm) SetPayloadReader(rdr io.Reader) {

 // SetHeaderCallback sets callback which is called on the object after the header is received
 // but before the payload is written.
-func (x *PutObjectPrm) SetHeaderCallback(f func(*objectSDK.Object)) {
+func (x *PutObjectPrm) SetHeaderCallback(f func()) {
 	x.headerCallback = f
 }

@ -439,7 +441,7 @@ func PutObject(ctx context.Context, prm PutObjectPrm) (*PutObjectRes, error) {

 	if wrt.WriteHeader(ctx, *prm.hdr) {
 		if prm.headerCallback != nil {
-			prm.headerCallback(prm.hdr)
+			prm.headerCallback()
 		}

 		sz := prm.hdr.PayloadSize()
@ -654,7 +656,7 @@ func HeadObject(ctx context.Context, prm HeadObjectPrm) (*HeadObjectRes, error)
 	var hdr objectSDK.Object

 	if !res.ReadHeader(&hdr) {
-		return nil, fmt.Errorf("missing header in response")
+		return nil, errMissingHeaderInResponse
 	}

 	return &HeadObjectRes{
--- a/cmd/frostfs-cli/internal/client/sdk.go
+++ b/cmd/frostfs-cli/internal/client/sdk.go
@ -34,6 +34,10 @@ func GetSDKClientByFlag(cmd *cobra.Command, key *ecdsa.PrivateKey, endpointFlag
 func getSDKClientByFlag(cmd *cobra.Command, key *ecdsa.PrivateKey, endpointFlag string) (*client.Client, error) {
 	var addr network.Address

+	if len(viper.GetString(endpointFlag)) == 0 {
+		return nil, fmt.Errorf("%s is not defined", endpointFlag)
+	}
+
 	err := addr.FromString(viper.GetString(endpointFlag))
 	if err != nil {
 		return nil, fmt.Errorf("%v: %w", errInvalidEndpoint, err)
--- a/cmd/frostfs-cli/modules/accounting/balance.go
+++ b/cmd/frostfs-cli/modules/accounting/balance.go
@ -23,7 +23,7 @@ var accountingBalanceCmd = &cobra.Command{
 	Use:   "balance",
 	Short: "Get internal balance of FrostFS account",
 	Long:  `Get internal balance of FrostFS account`,
-	Run: func(cmd *cobra.Command, args []string) {
+	Run: func(cmd *cobra.Command, _ []string) {
 		var idUser user.ID

 		pk := key.GetOrGenerate(cmd)
--- a/cmd/frostfs-cli/modules/accounting/root.go
+++ b/cmd/frostfs-cli/modules/accounting/root.go
@ -11,7 +11,7 @@ var Cmd = &cobra.Command{
 	Use:   "accounting",
 	Short: "Operations with accounts and balances",
 	Long:  `Operations with accounts and balances`,
-	PersistentPreRun: func(cmd *cobra.Command, args []string) {
+	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
 		flags := cmd.Flags()

 		_ = viper.BindPFlag(commonflags.WalletPath, flags.Lookup(commonflags.WalletPath))
--- a/cmd/frostfs-cli/modules/container/create.go
+++ b/cmd/frostfs-cli/modules/container/create.go
@ -38,7 +38,7 @@ var createContainerCmd = &cobra.Command{
 	Short: "Create new container",
 	Long: `Create new container and register it in the FrostFS.
 It will be stored in sidechain when inner ring will accepts it.`,
-	Run: func(cmd *cobra.Command, args []string) {
+	Run: func(cmd *cobra.Command, _ []string) {
 		placementPolicy, err := parseContainerPolicy(cmd, containerPolicy)
 		commonCmd.ExitOnErr(cmd, "", err)

@ -58,13 +58,27 @@ It will be stored in sidechain when inner ring will accepts it.`,
 				"use --force option to skip this check: %w", err)

 			for i, nodes := range nodesByRep {
-				if placementPolicy.ReplicaNumberByIndex(i) > uint32(len(nodes)) {
-					commonCmd.ExitOnErr(cmd, "", fmt.Errorf(
-						"the number of nodes '%d' in selector is not enough for the number of replicas '%d', "+
-							"use --force option to skip this check",
-						len(nodes),
-						placementPolicy.ReplicaNumberByIndex(i),
-					))
+				if repNum := placementPolicy.ReplicaDescriptor(i).NumberOfObjects(); repNum > 0 {
+					if repNum > uint32(len(nodes)) {
+						commonCmd.ExitOnErr(cmd, "", fmt.Errorf(
+							"the number of nodes '%d' in selector is not enough for the number of replicas '%d', "+
+								"use --force option to skip this check",
+							len(nodes),
+							repNum,
+						))
+					}
+				} else if ecParts := placementPolicy.ReplicaDescriptor(i).TotalECPartCount(); ecParts > 0 {
+					if ecParts > uint32(len(nodes)) {
+						commonCmd.ExitOnErr(cmd, "", fmt.Errorf(
+							"the number of nodes '%d' in selector is not enough for EC placement '%d.%d', "+
+								"use --force option to skip this check",
+							len(nodes),
+							placementPolicy.ReplicaDescriptor(i).GetECDataCount(),
+							placementPolicy.ReplicaDescriptor(i).GetECParityCount(),
+						))
+					}
+				} else {
+					commonCmd.ExitOnErr(cmd, "%w", errors.New("no replication policy is set"))
 				}
 			}
 		}
@ -113,7 +127,7 @@ It will be stored in sidechain when inner ring will accepts it.`,

 		id := res.ID()

-		cmd.Println("container ID:", id)
+		cmd.Println("CID:", id)

 		if containerAwait {
 			cmd.Println("awaiting...")
--- a/cmd/frostfs-cli/modules/container/delete.go
+++ b/cmd/frostfs-cli/modules/container/delete.go
@ -20,7 +20,7 @@ var deleteContainerCmd = &cobra.Command{
 	Short: "Delete existing container",
 	Long: `Delete existing container.
 Only owner of the container has a permission to remove container.`,
-	Run: func(cmd *cobra.Command, args []string) {
+	Run: func(cmd *cobra.Command, _ []string) {
 		id := parseContainerID(cmd)

 		tok := getSession(cmd)
--- a/cmd/frostfs-cli/modules/container/get.go
+++ b/cmd/frostfs-cli/modules/container/get.go
@ -33,7 +33,7 @@ var getContainerInfoCmd = &cobra.Command{
 	Use:   "get",
 	Short: "Get container field info",
 	Long:  `Get container field info`,
-	Run: func(cmd *cobra.Command, args []string) {
+	Run: func(cmd *cobra.Command, _ []string) {
 		cnr, _ := getContainer(cmd)

 		prettyPrintContainer(cmd, cnr, containerJSON)
@ -83,7 +83,7 @@ func prettyPrintContainer(cmd *cobra.Command, cnr container.Container, jsonEncod

 	var id cid.ID
 	container.CalculateID(&id, cnr)
-	cmd.Println("container ID:", id)
+	cmd.Println("CID:", id)

 	cmd.Println("owner ID:", cnr.Owner())

--- a/cmd/frostfs-cli/modules/container/get_eacl.go
+++ b/cmd/frostfs-cli/modules/container/get_eacl.go
@ -16,7 +16,7 @@ var getExtendedACLCmd = &cobra.Command{
 	Use:   "get-eacl",
 	Short: "Get extended ACL table of container",
 	Long:  `Get extended ACL table of container`,
-	Run: func(cmd *cobra.Command, args []string) {
+	Run: func(cmd *cobra.Command, _ []string) {
 		id := parseContainerID(cmd)
 		pk := key.GetOrGenerate(cmd)
 		cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
--- a/cmd/frostfs-cli/modules/container/list.go
+++ b/cmd/frostfs-cli/modules/container/list.go
@ -31,7 +31,7 @@ var listContainersCmd = &cobra.Command{
 	Use:   "list",
 	Short: "List all created containers",
 	Long:  "List all created containers",
-	Run: func(cmd *cobra.Command, args []string) {
+	Run: func(cmd *cobra.Command, _ []string) {
 		var idUser user.ID

 		key := key.GetOrGenerate(cmd)
--- a/Show more
+++ b/Show more