DRAFT

After #1382 we have no need to use lambdas.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>

.forgejo/workflows/build.yml

@@ -1,6 +1,10 @@
 name: Build
 
-on: [pull_request]
+on:
+  pull_request:
+  push:
+    branches:
+      - master
 
 jobs:
   build:

.forgejo/workflows/pre-commit.yml

@@ -1,5 +1,10 @@
 name: Pre-commit hooks
-on: [pull_request]
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
 
 jobs:
   precommit:

.forgejo/workflows/tests.yml

@@ -1,5 +1,10 @@
 name: Tests and linters
-on: [pull_request]
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
 
 jobs:
   lint:

.forgejo/workflows/vulncheck.yml

@@ -1,5 +1,10 @@
 name: Vulncheck
-on: [pull_request]
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
 
 jobs:
   vulncheck:

CHANGELOG.md

@@ -9,6 +9,30 @@ Changelog for FrostFS Node
 ### Removed
 ### Updated
 
+## [v0.44.0] - 2024-25-11 - Rongbuk
+
+### Added
+- Allow to prioritize nodes during GET traversal via attributes (#1439)
+- Add metrics for the frostfsid cache (#1464)
+- Customize constant attributes attached to every tracing span (#1488)
+- Manage additional keys in the `frostfsid` contract (#1505)
+- Describe `--rule` flag in detail for `frostfs-cli ape-manager` subcommands (#1519)
+
+### Changed
+- Support richer interaction with the console in `frostfs-cli container policy-playground` (#1396)
+- Print address in base58 format in `frostfs-adm morph policy set-admin` (#1515)
+
+### Fixed
+- Fix EC object search (#1408)
+- Fix EC object put when one of the nodes is unavailable (#1427)
+
+### Removed
+- Drop most of the eACL-related code (#1425)
+- Remove `--basic-acl` flag from `frostfs-cli container create` (#1483)
+
+### Upgrading from v0.43.0
+The metabase schema has changed completely, resync is required.
+
 ## [v0.42.0]
 
 ### Added

CODEOWNERS

@@ -0,0 +1,3 @@
+.*          @TrueCloudLab/storage-core-committers @TrueCloudLab/storage-core-developers
+.forgejo/.* @potyarkin
+Makefile    @potyarkin

Makefile

@@ -66,6 +66,7 @@ $(BINS): $(DIRS) dep
 	@echo "⇒ Build $@"
 	CGO_ENABLED=0 \
 	go build -v -trimpath \
+	-gcflags "all=-N -l" \
 	-ldflags "-X $(REPO)/misc.Version=$(VERSION)" \
 	-o $@ ./cmd/$(notdir $@)
 

VERSION

@@ -1 +1 @@
-v0.42.0
+v0.44.0

cmd/frostfs-adm/internal/commonflags/flags.go

@@ -20,6 +20,7 @@ const (
 	AlphabetWalletsFlagDesc = "Path to alphabet wallets dir"
 
 	LocalDumpFlag                   = "local-dump"
+	ProtoConfigPath                 = "protocol"
 	ContractsInitFlag               = "contracts"
 	ContractsInitFlagDesc           = "Path to archive with compiled FrostFS contracts (the default is to fetch the latest release from the official repository)"
 	ContractsURLFlag                = "contracts-url"

cmd/frostfs-adm/internal/modules/metabase/upgrade.go

@@ -135,7 +135,7 @@ func createContainerInfoProvider(cli *client.Client) (container.InfoProvider, er
 	if err != nil {
 		return nil, fmt.Errorf("resolve container contract hash: %w", err)
 	}
-	cc, err := morphcontainer.NewFromMorph(cli, sh, 0, morphcontainer.TryNotary())
+	cc, err := morphcontainer.NewFromMorph(cli, sh, 0)
 	if err != nil {
 		return nil, fmt.Errorf("create morph container client: %w", err)
 	}

cmd/frostfs-adm/internal/modules/morph/ape/ape.go

@@ -5,35 +5,19 @@ import (
 	"encoding/json"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
-	"github.com/nspcc-dev/neo-go/pkg/util"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 
 const (
-	namespaceTarget   = "namespace"
-	containerTarget   = "container"
-	userTarget        = "user"
-	groupTarget       = "group"
-	jsonFlag          = "json"
-	jsonFlagDesc      = "Output rule chains in JSON format"
-	chainIDFlag       = "chain-id"
-	chainIDDesc       = "Rule chain ID"
-	ruleFlag          = "rule"
-	ruleFlagDesc      = "Rule chain in text format"
-	pathFlag          = "path"
-	pathFlagDesc      = "path to encoded chain in JSON or binary format"
-	targetNameFlag    = "target-name"
-	targetNameDesc    = "Resource name in APE resource name format"
-	targetTypeFlag    = "target-type"
-	targetTypeDesc    = "Resource type(container/namespace)"
-	addrAdminFlag     = "addr"
-	addrAdminDesc     = "The address of the admins wallet"
-	chainNameFlag     = "chain-name"
-	chainNameFlagDesc = "Chain name(ingress|s3)"
+	jsonFlag      = "json"
+	jsonFlagDesc  = "Output rule chains in JSON format"
+	addrAdminFlag = "addr"
+	addrAdminDesc = "The address of the admins wallet"
 )
 
 var (
@@ -101,17 +85,17 @@ func initAddRuleChainCmd() {
 	addRuleChainCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	addRuleChainCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 
-	addRuleChainCmd.Flags().String(targetTypeFlag, "", targetTypeDesc)
-	_ = addRuleChainCmd.MarkFlagRequired(targetTypeFlag)
-	addRuleChainCmd.Flags().String(targetNameFlag, "", targetNameDesc)
-	_ = addRuleChainCmd.MarkFlagRequired(targetNameFlag)
+	addRuleChainCmd.Flags().String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = addRuleChainCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	addRuleChainCmd.Flags().String(apeCmd.TargetNameFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = addRuleChainCmd.MarkFlagRequired(apeCmd.TargetNameFlag)
 
-	addRuleChainCmd.Flags().String(chainIDFlag, "", chainIDDesc)
-	_ = addRuleChainCmd.MarkFlagRequired(chainIDFlag)
-	addRuleChainCmd.Flags().StringArray(ruleFlag, []string{}, ruleFlagDesc)
-	addRuleChainCmd.Flags().String(pathFlag, "", pathFlagDesc)
-	addRuleChainCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
-	addRuleChainCmd.MarkFlagsMutuallyExclusive(ruleFlag, pathFlag)
+	addRuleChainCmd.Flags().String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
+	_ = addRuleChainCmd.MarkFlagRequired(apeCmd.ChainIDFlag)
+	addRuleChainCmd.Flags().StringArray(apeCmd.RuleFlag, []string{}, apeCmd.RuleFlagDesc)
+	addRuleChainCmd.Flags().String(apeCmd.PathFlag, "", apeCmd.PathFlagDesc)
+	addRuleChainCmd.Flags().String(apeCmd.ChainNameFlag, apeCmd.Ingress, apeCmd.ChainNameFlagDesc)
+	addRuleChainCmd.MarkFlagsMutuallyExclusive(apeCmd.RuleFlag, apeCmd.PathFlag)
 }
 
 func initRemoveRuleChainCmd() {
@@ -120,26 +104,25 @@ func initRemoveRuleChainCmd() {
 	removeRuleChainCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	removeRuleChainCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 
-	removeRuleChainCmd.Flags().String(targetTypeFlag, "", targetTypeDesc)
-	_ = removeRuleChainCmd.MarkFlagRequired(targetTypeFlag)
-	removeRuleChainCmd.Flags().String(targetNameFlag, "", targetNameDesc)
-	_ = removeRuleChainCmd.MarkFlagRequired(targetNameFlag)
-	removeRuleChainCmd.Flags().String(chainIDFlag, "", chainIDDesc)
-	removeRuleChainCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
+	removeRuleChainCmd.Flags().String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = removeRuleChainCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	removeRuleChainCmd.Flags().String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	_ = removeRuleChainCmd.MarkFlagRequired(apeCmd.TargetNameFlag)
+	removeRuleChainCmd.Flags().String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
+	removeRuleChainCmd.Flags().String(apeCmd.ChainNameFlag, apeCmd.Ingress, apeCmd.ChainNameFlagDesc)
 	removeRuleChainCmd.Flags().Bool(commonflags.AllFlag, false, "Remove all chains for target")
-	removeRuleChainCmd.MarkFlagsMutuallyExclusive(commonflags.AllFlag, chainIDFlag)
+	removeRuleChainCmd.MarkFlagsMutuallyExclusive(commonflags.AllFlag, apeCmd.ChainIDFlag)
 }
 
 func initListRuleChainsCmd() {
 	Cmd.AddCommand(listRuleChainsCmd)
 
 	listRuleChainsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	listRuleChainsCmd.Flags().StringP(targetTypeFlag, "t", "", targetTypeDesc)
-	_ = listRuleChainsCmd.MarkFlagRequired(targetTypeFlag)
-	listRuleChainsCmd.Flags().String(targetNameFlag, "", targetNameDesc)
-	_ = listRuleChainsCmd.MarkFlagRequired(targetNameFlag)
+	listRuleChainsCmd.Flags().StringP(apeCmd.TargetTypeFlag, "t", "", apeCmd.TargetTypeFlagDesc)
+	_ = listRuleChainsCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	listRuleChainsCmd.Flags().String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
 	listRuleChainsCmd.Flags().Bool(jsonFlag, false, jsonFlagDesc)
-	listRuleChainsCmd.Flags().String(chainNameFlag, ingress, chainNameFlagDesc)
+	listRuleChainsCmd.Flags().String(apeCmd.ChainNameFlag, apeCmd.Ingress, apeCmd.ChainNameFlagDesc)
 }
 
 func initSetAdminCmd() {
@@ -161,15 +144,15 @@ func initListTargetsCmd() {
 	Cmd.AddCommand(listTargetsCmd)
 
 	listTargetsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	listTargetsCmd.Flags().StringP(targetTypeFlag, "t", "", targetTypeDesc)
-	_ = listTargetsCmd.MarkFlagRequired(targetTypeFlag)
+	listTargetsCmd.Flags().StringP(apeCmd.TargetTypeFlag, "t", "", apeCmd.TargetTypeFlagDesc)
+	_ = listTargetsCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
 }
 
 func addRuleChain(cmd *cobra.Command, _ []string) {
-	chain := parseChain(cmd)
+	chain := apeCmd.ParseChain(cmd)
 	target := parseTarget(cmd)
 	pci, ac := newPolicyContractInterface(cmd)
-	h, vub, err := pci.AddMorphRuleChain(parseChainName(cmd), target, chain)
+	h, vub, err := pci.AddMorphRuleChain(apeCmd.ParseChainName(cmd), target, chain)
 	cmd.Println("Waiting for transaction to persist...")
 	_, err = ac.Wait(h, vub, err)
 	commonCmd.ExitOnErr(cmd, "add rule chain error: %w", err)
@@ -181,14 +164,14 @@ func removeRuleChain(cmd *cobra.Command, _ []string) {
 	pci, ac := newPolicyContractInterface(cmd)
 	removeAll, _ := cmd.Flags().GetBool(commonflags.AllFlag)
 	if removeAll {
-		h, vub, err := pci.RemoveMorphRuleChainsByTarget(parseChainName(cmd), target)
+		h, vub, err := pci.RemoveMorphRuleChainsByTarget(apeCmd.ParseChainName(cmd), target)
 		cmd.Println("Waiting for transaction to persist...")
 		_, err = ac.Wait(h, vub, err)
 		commonCmd.ExitOnErr(cmd, "remove rule chain error: %w", err)
 		cmd.Println("All chains for target removed successfully")
 	} else {
-		chainID := parseChainID(cmd)
-		h, vub, err := pci.RemoveMorphRuleChain(parseChainName(cmd), target, chainID)
+		chainID := apeCmd.ParseChainID(cmd)
+		h, vub, err := pci.RemoveMorphRuleChain(apeCmd.ParseChainName(cmd), target, chainID)
 		cmd.Println("Waiting for transaction to persist...")
 		_, err = ac.Wait(h, vub, err)
 		commonCmd.ExitOnErr(cmd, "remove rule chain error: %w", err)
@@ -199,7 +182,7 @@ func removeRuleChain(cmd *cobra.Command, _ []string) {
 func listRuleChains(cmd *cobra.Command, _ []string) {
 	target := parseTarget(cmd)
 	pci, _ := newPolicyContractReaderInterface(cmd)
-	chains, err := pci.ListMorphRuleChains(parseChainName(cmd), target)
+	chains, err := pci.ListMorphRuleChains(apeCmd.ParseChainName(cmd), target)
 	commonCmd.ExitOnErr(cmd, "list rule chains error: %w", err)
 	if len(chains) == 0 {
 		return
@@ -210,14 +193,14 @@ func listRuleChains(cmd *cobra.Command, _ []string) {
 		prettyJSONFormat(cmd, chains)
 	} else {
 		for _, c := range chains {
-			parseutil.PrintHumanReadableAPEChain(cmd, c)
+			apeCmd.PrintHumanReadableAPEChain(cmd, c)
 		}
 	}
 }
 
 func setAdmin(cmd *cobra.Command, _ []string) {
 	s, _ := cmd.Flags().GetString(addrAdminFlag)
-	addr, err := util.Uint160DecodeStringLE(s)
+	addr, err := address.StringToUint160(s)
 	commonCmd.ExitOnErr(cmd, "can't decode admin addr: %w", err)
 	pci, ac := newPolicyContractInterface(cmd)
 	h, vub, err := pci.SetAdmin(addr)
@@ -231,12 +214,11 @@ func getAdmin(cmd *cobra.Command, _ []string) {
 	pci, _ := newPolicyContractReaderInterface(cmd)
 	addr, err := pci.GetAdmin()
 	commonCmd.ExitOnErr(cmd, "unable to get admin: %w", err)
-	cmd.Println(addr.StringLE())
+	cmd.Println(address.Uint160ToString(addr))
 }
 
 func listTargets(cmd *cobra.Command, _ []string) {
-	typ, err := parseTargetType(cmd)
-	commonCmd.ExitOnErr(cmd, "parse target type error: %w", err)
+	typ := apeCmd.ParseTargetType(cmd)
 	pci, inv := newPolicyContractReaderInterface(cmd)
 
 	sid, it, err := pci.ListTargetsIterator(typ)

cmd/frostfs-adm/internal/modules/morph/ape/ape_util.go

@@ -2,13 +2,12 @@ package ape
 
 import (
 	"errors"
-	"strings"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
-	parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 	morph "git.frostfs.info/TrueCloudLab/policy-engine/pkg/morph/policy"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
@@ -18,90 +17,29 @@ import (
 	"github.com/spf13/viper"
 )
 
-const (
-	ingress = "ingress"
-	s3      = "s3"
-)
-
-var mChainName = map[string]apechain.Name{
-	ingress: apechain.Ingress,
-	s3:      apechain.S3,
-}
-
-var (
-	errUnknownTargetType    = errors.New("unknown target type")
-	errChainIDCannotBeEmpty = errors.New("chain id cannot be empty")
-	errRuleIsNotParsed      = errors.New("rule is not passed")
-	errUnsupportedChainName = errors.New("unsupported chain name")
-)
+var errUnknownTargetType = errors.New("unknown target type")
 
 func parseTarget(cmd *cobra.Command) policyengine.Target {
-	name, _ := cmd.Flags().GetString(targetNameFlag)
-	typ, err := parseTargetType(cmd)
-
-	// interpret "root" namespace as empty
-	if typ == policyengine.Namespace && name == "root" {
-		name = ""
-	}
-
-	commonCmd.ExitOnErr(cmd, "read target type error: %w", err)
-
-	return policyengine.Target{
-		Name: name,
-		Type: typ,
-	}
-}
-
-func parseTargetType(cmd *cobra.Command) (policyengine.TargetType, error) {
-	typ, _ := cmd.Flags().GetString(targetTypeFlag)
+	typ := apeCmd.ParseTargetType(cmd)
+	name, _ := cmd.Flags().GetString(apeCmd.TargetNameFlag)
 	switch typ {
-	case namespaceTarget:
-		return policyengine.Namespace, nil
-	case containerTarget:
-		return policyengine.Container, nil
-	case userTarget:
-		return policyengine.User, nil
-	case groupTarget:
-		return policyengine.Group, nil
+	case policyengine.Namespace:
+		if name == "root" {
+			name = ""
+		}
+		return policyengine.NamespaceTarget(name)
+	case policyengine.Container:
+		var cnr cid.ID
+		commonCmd.ExitOnErr(cmd, "can't decode container ID: %w", cnr.DecodeString(name))
+		return policyengine.ContainerTarget(name)
+	case policyengine.User:
+		return policyengine.UserTarget(name)
+	case policyengine.Group:
+		return policyengine.GroupTarget(name)
+	default:
+		commonCmd.ExitOnErr(cmd, "read target type error: %w", errUnknownTargetType)
 	}
-	return -1, errUnknownTargetType
-}
-
-func parseChainID(cmd *cobra.Command) apechain.ID {
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
-	if chainID == "" {
-		commonCmd.ExitOnErr(cmd, "read chain id error: %w",
-			errChainIDCannotBeEmpty)
-	}
-	return apechain.ID(chainID)
-}
-
-func parseChain(cmd *cobra.Command) *apechain.Chain {
-	chain := new(apechain.Chain)
-
-	if rules, _ := cmd.Flags().GetStringArray(ruleFlag); len(rules) > 0 {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", parseutil.ParseAPEChain(chain, rules))
-	} else if encPath, _ := cmd.Flags().GetString(pathFlag); encPath != "" {
-		commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", parseutil.ParseAPEChainBinaryOrJSON(chain, encPath))
-	} else {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", errRuleIsNotParsed)
-	}
-
-	chain.ID = parseChainID(cmd)
-
-	cmd.Println("Parsed chain:")
-	parseutil.PrintHumanReadableAPEChain(cmd, chain)
-
-	return chain
-}
-
-func parseChainName(cmd *cobra.Command) apechain.Name {
-	chainName, _ := cmd.Flags().GetString(chainNameFlag)
-	apeChainName, ok := mChainName[strings.ToLower(chainName)]
-	if !ok {
-		commonCmd.ExitOnErr(cmd, "", errUnsupportedChainName)
-	}
-	return apeChainName
+	panic("unreachable")
 }
 
 // invokerAdapter adapats invoker.Invoker to ContractStorageInvoker interface.
@@ -115,16 +53,15 @@ func (n *invokerAdapter) GetRPCInvoker() invoker.RPCInvoke {
 }
 
 func newPolicyContractReaderInterface(cmd *cobra.Command) (*morph.ContractStorageReader, *invoker.Invoker) {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
 
 	inv := invoker.New(c, nil)
-	var ch util.Uint160
 	r := management.NewReader(inv)
 	nnsCs, err := helper.GetContractByID(r, 1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
 
-	ch, err = helper.NNSResolveHash(inv, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
+	ch, err := helper.NNSResolveHash(inv, nnsCs.Hash, helper.DomainOf(constants.PolicyContract))
 	commonCmd.ExitOnErr(cmd, "unable to resolve policy contract hash: %w", err)
 
 	invokerAdapter := &invokerAdapter{
@@ -136,7 +73,7 @@ func newPolicyContractReaderInterface(cmd *cobra.Command) (*morph.ContractStorag
 }
 
 func newPolicyContractInterface(cmd *cobra.Command) (*morph.ContractStorage, *helper.LocalActor) {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
 
 	ac, err := helper.NewLocalActor(cmd, c, constants.ConsensusAccountName)

cmd/frostfs-adm/internal/modules/morph/balance/balance.go

@@ -51,7 +51,7 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {
 		nmHash          util.Uint160
 	)
 
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	if err != nil {
 		return err
 	}

cmd/frostfs-adm/internal/modules/morph/config/config.go

@@ -26,7 +26,7 @@ import (
 const forceConfigSet = "force"
 
 func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}

cmd/frostfs-adm/internal/modules/morph/constants/const.go

@@ -4,7 +4,6 @@ import "time"
 
 const (
 	ConsensusAccountName = "consensus"
-	ProtoConfigPath      = "protocol"
 
 	// MaxAlphabetNodes is the maximum number of candidates allowed, which is currently limited by the size
 	// of the invocation script.

cmd/frostfs-adm/internal/modules/morph/container/container.go

@@ -76,7 +76,7 @@ func dumpContainers(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("invalid filename: %w", err)
 	}
 
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
@@ -157,7 +157,7 @@ func dumpSingleContainer(bw *io.BufBinWriter, ch util.Uint160, inv *invoker.Invo
 }
 
 func listContainers(cmd *cobra.Command, _ []string) error {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}

cmd/frostfs-adm/internal/modules/morph/contract/dump_hashes.go

@@ -36,7 +36,7 @@ type contractDumpInfo struct {
 }
 
 func dumpContractHashes(cmd *cobra.Command, _ []string) error {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}

cmd/frostfs-adm/internal/modules/morph/frostfsid/additional_keys.go

@@ -0,0 +1,83 @@
+package frostfsid
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+var (
+	frostfsidAddSubjectKeyCmd = &cobra.Command{
+		Use:   "add-subject-key",
+		Short: "Add a public key to the subject in frostfsid contract",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidAddSubjectKey,
+	}
+	frostfsidRemoveSubjectKeyCmd = &cobra.Command{
+		Use:   "remove-subject-key",
+		Short: "Remove a public key from the subject in frostfsid contract",
+		PreRun: func(cmd *cobra.Command, _ []string) {
+			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
+			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
+		},
+		Run: frostfsidRemoveSubjectKey,
+	}
+)
+
+func initFrostfsIDAddSubjectKeyCmd() {
+	Cmd.AddCommand(frostfsidAddSubjectKeyCmd)
+
+	ff := frostfsidAddSubjectKeyCmd.Flags()
+	ff.StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	ff.String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+
+	ff.String(subjectAddressFlag, "", "Subject address")
+	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectAddressFlag)
+
+	ff.String(subjectKeyFlag, "", "Public key to add")
+	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectKeyFlag)
+}
+
+func initFrostfsIDRemoveSubjectKeyCmd() {
+	Cmd.AddCommand(frostfsidRemoveSubjectKeyCmd)
+
+	ff := frostfsidRemoveSubjectKeyCmd.Flags()
+	ff.StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
+	ff.String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
+
+	ff.String(subjectAddressFlag, "", "Subject address")
+	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectAddressFlag)
+
+	ff.String(subjectKeyFlag, "", "Public key to remove")
+	_ = frostfsidAddSubjectKeyCmd.MarkFlagRequired(subjectKeyFlag)
+}
+
+func frostfsidAddSubjectKey(cmd *cobra.Command, _ []string) {
+	addr := getFrostfsIDSubjectAddress(cmd)
+	pub := getFrostfsIDSubjectKey(cmd)
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
+
+	ffsid.addCall(ffsid.roCli.AddSubjectKeyCall(addr, pub))
+
+	err = ffsid.sendWait()
+	commonCmd.ExitOnErr(cmd, "add subject key: %w", err)
+}
+
+func frostfsidRemoveSubjectKey(cmd *cobra.Command, _ []string) {
+	addr := getFrostfsIDSubjectAddress(cmd)
+	pub := getFrostfsIDSubjectKey(cmd)
+
+	ffsid, err := newFrostfsIDClient(cmd)
+	commonCmd.ExitOnErr(cmd, "init contract client: %w", err)
+
+	ffsid.addCall(ffsid.roCli.RemoveSubjectKeyCall(addr, pub))
+
+	err = ffsid.sendWait()
+	commonCmd.ExitOnErr(cmd, "remove subject key: %w", err)
+}

cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid.go

@@ -1,7 +1,6 @@
 package frostfsid
 
 import (
-	"errors"
 	"fmt"
 	"math/big"
 	"sort"
@@ -61,7 +60,6 @@ var (
 		Use:   "list-namespaces",
 		Short: "List all namespaces in frostfsid",
 		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListNamespaces,
@@ -91,7 +89,6 @@ var (
 		Use:   "list-subjects",
 		Short: "List subjects in namespace",
 		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListSubjects,
@@ -121,7 +118,6 @@ var (
 		Use:   "list-groups",
 		Short: "List groups in namespace",
 		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListGroups,
@@ -151,7 +147,6 @@ var (
 		Use:   "list-group-subjects",
 		Short: "List subjects in group",
 		PreRun: func(cmd *cobra.Command, _ []string) {
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
 		},
 		Run: frostfsidListGroupSubjects,
@@ -169,7 +164,6 @@ func initFrostfsIDCreateNamespaceCmd() {
 func initFrostfsIDListNamespacesCmd() {
 	Cmd.AddCommand(frostfsidListNamespacesCmd)
 	frostfsidListNamespacesCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	frostfsidListNamespacesCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 
 func initFrostfsIDCreateSubjectCmd() {
@@ -193,7 +187,6 @@ func initFrostfsIDListSubjectsCmd() {
 	frostfsidListSubjectsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidListSubjectsCmd.Flags().String(namespaceFlag, "", "Namespace to list subjects")
 	frostfsidListSubjectsCmd.Flags().Bool(includeNamesFlag, false, "Whether include subject name (require additional requests)")
-	frostfsidListSubjectsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 
 func initFrostfsIDCreateGroupCmd() {
@@ -217,7 +210,6 @@ func initFrostfsIDListGroupsCmd() {
 	Cmd.AddCommand(frostfsidListGroupsCmd)
 	frostfsidListGroupsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
 	frostfsidListGroupsCmd.Flags().String(namespaceFlag, "", "Namespace to list groups")
-	frostfsidListGroupsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 
 func initFrostfsIDAddSubjectToGroupCmd() {
@@ -242,7 +234,6 @@ func initFrostfsIDListGroupSubjectsCmd() {
 	frostfsidListGroupSubjectsCmd.Flags().String(namespaceFlag, "", "Namespace name")
 	frostfsidListGroupSubjectsCmd.Flags().Int64(groupIDFlag, 0, "Group id")
 	frostfsidListGroupSubjectsCmd.Flags().Bool(includeNamesFlag, false, "Whether include subject name (require additional requests)")
-	frostfsidListGroupSubjectsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 }
 
 func frostfsidCreateNamespace(cmd *cobra.Command, _ []string) {
@@ -497,10 +488,6 @@ func (f *frostfsidClient) sendWaitRes() (*state.AppExecResult, error) {
 	}
 	f.bw.Reset()
 
-	if len(f.wCtx.SentTxs) == 0 {
-		return nil, errors.New("no transactions to wait")
-	}
-
 	f.wCtx.Command.Println("Waiting for transactions to persist...")
 	return f.roCli.Wait(f.wCtx.SentTxs[0].Hash, f.wCtx.SentTxs[0].Vub, nil)
 }
@@ -522,7 +509,7 @@ func readIterator(inv *invoker.Invoker, iter *result.Iterator, batchSize int, se
 }
 
 func initInvoker(cmd *cobra.Command) (*invoker.Invoker, *state.Contract, util.Uint160) {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client: %w", err)
 
 	inv := invoker.New(c, nil)

cmd/frostfs-adm/internal/modules/morph/frostfsid/frostfsid_util_test.go

@@ -1,59 +1,12 @@
 package frostfsid
 
 import (
-	"encoding/hex"
 	"testing"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/internal/ape"
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
-	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 )
 
-func TestFrostfsIDConfig(t *testing.T) {
-	pks := make([]*keys.PrivateKey, 4)
-	for i := range pks {
-		pk, err := keys.NewPrivateKey()
-		require.NoError(t, err)
-		pks[i] = pk
-	}
-
-	fmts := []string{
-		pks[0].GetScriptHash().StringLE(),
-		address.Uint160ToString(pks[1].GetScriptHash()),
-		hex.EncodeToString(pks[2].PublicKey().UncompressedBytes()),
-		hex.EncodeToString(pks[3].PublicKey().Bytes()),
-	}
-
-	for i := range fmts {
-		v := viper.New()
-		v.Set("frostfsid.admin", fmts[i])
-
-		actual, found, err := helper.GetFrostfsIDAdmin(v)
-		require.NoError(t, err)
-		require.True(t, found)
-		require.Equal(t, pks[i].GetScriptHash(), actual)
-	}
-
-	t.Run("bad key", func(t *testing.T) {
-		v := viper.New()
-		v.Set("frostfsid.admin", "abc")
-
-		_, found, err := helper.GetFrostfsIDAdmin(v)
-		require.Error(t, err)
-		require.True(t, found)
-	})
-	t.Run("missing key", func(t *testing.T) {
-		v := viper.New()
-
-		_, found, err := helper.GetFrostfsIDAdmin(v)
-		require.NoError(t, err)
-		require.False(t, found)
-	})
-}
-
 func TestNamespaceRegexp(t *testing.T) {
 	for _, tc := range []struct {
 		name      string

cmd/frostfs-adm/internal/modules/morph/frostfsid/root.go

@@ -12,4 +12,6 @@ func init() {
 	initFrostfsIDAddSubjectToGroupCmd()
 	initFrostfsIDRemoveSubjectFromGroupCmd()
 	initFrostfsIDListGroupSubjectsCmd()
+	initFrostfsIDAddSubjectKeyCmd()
+	initFrostfsIDRemoveSubjectKeyCmd()
 }

cmd/frostfs-adm/internal/modules/morph/helper/actor.go

@@ -38,38 +38,24 @@ func NewLocalActor(cmd *cobra.Command, c actor.RPCActor, accName string) (*Local
 	walletDir := config.ResolveHomePath(viper.GetString(commonflags.AlphabetWalletsFlag))
 	var act *actor.Actor
 	var accounts []*wallet.Account
-	if walletDir == "" {
-		account, err := wallet.NewAccount()
-		commonCmd.ExitOnErr(cmd, "unable to create dummy account: %w", err)
-		act, err = actor.New(c, []actor.SignerAccount{{
-			Signer: transaction.Signer{
-				Account: account.Contract.ScriptHash(),
-				Scopes:  transaction.Global,
-			},
-			Account: account,
-		}})
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		wallets, err := GetAlphabetWallets(viper.GetViper(), walletDir)
-		commonCmd.ExitOnErr(cmd, "unable to get alphabet wallets: %w", err)
 
-		for _, w := range wallets {
-			acc, err := GetWalletAccount(w, accName)
-			commonCmd.ExitOnErr(cmd, fmt.Sprintf("can't find %s account: %%w", accName), err)
-			accounts = append(accounts, acc)
-		}
-		act, err = actor.New(c, []actor.SignerAccount{{
-			Signer: transaction.Signer{
-				Account: accounts[0].Contract.ScriptHash(),
-				Scopes:  transaction.Global,
-			},
-			Account: accounts[0],
-		}})
-		if err != nil {
-			return nil, err
-		}
+	wallets, err := GetAlphabetWallets(viper.GetViper(), walletDir)
+	commonCmd.ExitOnErr(cmd, "unable to get alphabet wallets: %w", err)
+
+	for _, w := range wallets {
+		acc, err := GetWalletAccount(w, accName)
+		commonCmd.ExitOnErr(cmd, fmt.Sprintf("can't find %s account: %%w", accName), err)
+		accounts = append(accounts, acc)
+	}
+	act, err = actor.New(c, []actor.SignerAccount{{
+		Signer: transaction.Signer{
+			Account: accounts[0].Contract.ScriptHash(),
+			Scopes:  transaction.Global,
+		},
+		Account: accounts[0],
+	}})
+	if err != nil {
+		return nil, err
 	}
 	return &LocalActor{
 		neoActor:   act,

cmd/frostfs-adm/internal/modules/morph/helper/contract.go

@@ -82,7 +82,7 @@ func GetContractDeployData(c *InitializeContext, ctrName string, keysParam []any
 			h, found, err = getFrostfsIDAdminFromContract(c.ReadOnlyInvoker)
 		}
 		if method != constants.UpdateMethodName || err == nil && !found {
-			h, found, err = GetFrostfsIDAdmin(viper.GetViper())
+			h, found, err = getFrostfsIDAdmin(viper.GetViper())
 		}
 		if err != nil {
 			return nil, err

cmd/frostfs-adm/internal/modules/morph/helper/frostfsid.go

@@ -11,7 +11,7 @@ import (
 
 const frostfsIDAdminConfigKey = "frostfsid.admin"
 
-func GetFrostfsIDAdmin(v *viper.Viper) (util.Uint160, bool, error) {
+func getFrostfsIDAdmin(v *viper.Viper) (util.Uint160, bool, error) {
 	admin := v.GetString(frostfsIDAdminConfigKey)
 	if admin == "" {
 		return util.Uint160{}, false, nil

cmd/frostfs-adm/internal/modules/morph/helper/frostfsid_test.go

@@ -0,0 +1,53 @@
+package helper
+
+import (
+	"encoding/hex"
+	"testing"
+
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
+	"github.com/spf13/viper"
+	"github.com/stretchr/testify/require"
+)
+
+func TestFrostfsIDConfig(t *testing.T) {
+	pks := make([]*keys.PrivateKey, 4)
+	for i := range pks {
+		pk, err := keys.NewPrivateKey()
+		require.NoError(t, err)
+		pks[i] = pk
+	}
+
+	fmts := []string{
+		pks[0].GetScriptHash().StringLE(),
+		address.Uint160ToString(pks[1].GetScriptHash()),
+		hex.EncodeToString(pks[2].PublicKey().UncompressedBytes()),
+		hex.EncodeToString(pks[3].PublicKey().Bytes()),
+	}
+
+	for i := range fmts {
+		v := viper.New()
+		v.Set("frostfsid.admin", fmts[i])
+
+		actual, found, err := getFrostfsIDAdmin(v)
+		require.NoError(t, err)
+		require.True(t, found)
+		require.Equal(t, pks[i].GetScriptHash(), actual)
+	}
+
+	t.Run("bad key", func(t *testing.T) {
+		v := viper.New()
+		v.Set("frostfsid.admin", "abc")
+
+		_, found, err := getFrostfsIDAdmin(v)
+		require.Error(t, err)
+		require.True(t, found)
+	})
+	t.Run("missing key", func(t *testing.T) {
+		v := viper.New()
+
+		_, found, err := getFrostfsIDAdmin(v)
+		require.NoError(t, err)
+		require.False(t, found)
+	})
+}

cmd/frostfs-adm/internal/modules/morph/helper/initialize_ctx.go

@@ -134,12 +134,12 @@ func NewInitializeContext(cmd *cobra.Command, v *viper.Viper) (*InitializeContex
 		return nil, err
 	}
 
-	accounts, err := createWalletAccounts(wallets)
+	accounts, err := getSingleAccounts(wallets)
 	if err != nil {
 		return nil, err
 	}
 
-	cliCtx, err := DefaultClientContext(c, committeeAcc)
+	cliCtx, err := defaultClientContext(c, committeeAcc)
 	if err != nil {
 		return nil, fmt.Errorf("client context: %w", err)
 	}
@@ -191,7 +191,7 @@ func createClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet)
 		}
 		c, err = NewLocalClient(cmd, v, wallets, ldf.Value.String())
 	} else {
-		c, err = GetN3Client(v)
+		c, err = NewRemoteClient(v)
 	}
 	if err != nil {
 		return nil, fmt.Errorf("can't create N3 client: %w", err)
@@ -211,7 +211,7 @@ func getContractsPath(cmd *cobra.Command, needContracts bool) (string, error) {
 	return ctrPath, nil
 }
 
-func createWalletAccounts(wallets []*wallet.Wallet) ([]*wallet.Account, error) {
+func getSingleAccounts(wallets []*wallet.Wallet) ([]*wallet.Account, error) {
 	accounts := make([]*wallet.Account, len(wallets))
 	for i, w := range wallets {
 		acc, err := GetWalletAccount(w, constants.SingleAccountName)

cmd/frostfs-adm/internal/modules/morph/helper/local_client.go

@@ -8,6 +8,7 @@ import (
 	"sort"
 	"time"
 
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/config"
@@ -47,7 +48,7 @@ type LocalClient struct {
 }
 
 func NewLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet, dumpPath string) (*LocalClient, error) {
-	cfg, err := config.LoadFile(v.GetString(constants.ProtoConfigPath))
+	cfg, err := config.LoadFile(v.GetString(commonflags.ProtoConfigPath))
 	if err != nil {
 		return nil, err
 	}
@@ -57,17 +58,59 @@ func NewLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet
 		return nil, err
 	}
 
-	m := smartcontract.GetDefaultHonestNodeCount(int(cfg.ProtocolConfiguration.ValidatorsCount))
-	accounts := make([]*wallet.Account, len(wallets))
-	for i := range accounts {
-		accounts[i], err = GetWalletAccount(wallets[i], constants.ConsensusAccountName)
-		if err != nil {
-			return nil, err
+	go bc.Run()
+
+	accounts, err := getBlockSigningAccounts(cfg.ProtocolConfiguration, wallets)
+	if err != nil {
+		return nil, err
+	}
+
+	if cmd.Name() != "init" {
+		if err := restoreDump(bc, dumpPath); err != nil {
+			return nil, fmt.Errorf("restore dump: %w", err)
 		}
 	}
 
+	return &LocalClient{
+		bc:       bc,
+		dumpPath: dumpPath,
+		accounts: accounts,
+	}, nil
+}
+
+func restoreDump(bc *core.Blockchain, dumpPath string) error {
+	f, err := os.OpenFile(dumpPath, os.O_RDONLY, 0o600)
+	if err != nil {
+		return fmt.Errorf("can't open local dump: %w", err)
+	}
+	defer f.Close()
+
+	r := io.NewBinReaderFromIO(f)
+
+	var skip uint32
+	if bc.BlockHeight() != 0 {
+		skip = bc.BlockHeight() + 1
+	}
+
+	count := r.ReadU32LE() - skip
+	if err := chaindump.Restore(bc, r, skip, count, nil); err != nil {
+		return err
+	}
+	return nil
+}
+
+func getBlockSigningAccounts(cfg config.ProtocolConfiguration, wallets []*wallet.Wallet) ([]*wallet.Account, error) {
+	accounts := make([]*wallet.Account, len(wallets))
+	for i := range accounts {
+		acc, err := GetWalletAccount(wallets[i], constants.ConsensusAccountName)
+		if err != nil {
+			return nil, err
+		}
+		accounts[i] = acc
+	}
+
 	indexMap := make(map[string]int)
-	for i, pub := range cfg.ProtocolConfiguration.StandbyCommittee {
+	for i, pub := range cfg.StandbyCommittee {
 		indexMap[pub] = i
 	}
 
@@ -76,37 +119,12 @@ func NewLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet
 		pj := accounts[j].PrivateKey().PublicKey().Bytes()
 		return indexMap[string(pi)] < indexMap[string(pj)]
 	})
-	sort.Slice(accounts[:cfg.ProtocolConfiguration.ValidatorsCount], func(i, j int) bool {
+	sort.Slice(accounts[:cfg.ValidatorsCount], func(i, j int) bool {
 		return accounts[i].PublicKey().Cmp(accounts[j].PublicKey()) == -1
 	})
 
-	go bc.Run()
-
-	if cmd.Name() != "init" {
-		f, err := os.OpenFile(dumpPath, os.O_RDONLY, 0o600)
-		if err != nil {
-			return nil, fmt.Errorf("can't open local dump: %w", err)
-		}
-		defer f.Close()
-
-		r := io.NewBinReaderFromIO(f)
-
-		var skip uint32
-		if bc.BlockHeight() != 0 {
-			skip = bc.BlockHeight() + 1
-		}
-
-		count := r.ReadU32LE() - skip
-		if err := chaindump.Restore(bc, r, skip, count, nil); err != nil {
-			return nil, fmt.Errorf("can't restore local dump: %w", err)
-		}
-	}
-
-	return &LocalClient{
-		bc:       bc,
-		dumpPath: dumpPath,
-		accounts: accounts[:m],
-	}, nil
+	m := smartcontract.GetDefaultHonestNodeCount(int(cfg.ValidatorsCount))
+	return accounts[:m], nil
 }
 
 func (l *LocalClient) GetBlockCount() (uint32, error) {
@@ -127,11 +145,6 @@ func (l *LocalClient) GetApplicationLog(h util.Uint256, t *trigger.Type) (*resul
 	return &a, nil
 }
 
-func (l *LocalClient) GetCommittee() (keys.PublicKeys, error) {
-	// not used by `morph init` command
-	panic("unexpected call")
-}
-
 // InvokeFunction is implemented via `InvokeScript`.
 func (l *LocalClient) InvokeFunction(h util.Uint160, method string, sPrm []smartcontract.Parameter, ss []transaction.Signer) (*result.Invoke, error) {
 	var err error
@@ -295,13 +308,7 @@ func (l *LocalClient) InvokeScript(script []byte, signers []transaction.Signer)
 }
 
 func (l *LocalClient) SendRawTransaction(tx *transaction.Transaction) (util.Uint256, error) {
-	// We need to test that transaction was formed correctly to catch as many errors as we can.
-	bs := tx.Bytes()
-	_, err := transaction.NewTransactionFromBytes(bs)
-	if err != nil {
-		return tx.Hash(), fmt.Errorf("invalid transaction: %w", err)
-	}
-
+	tx = tx.Copy()
 	l.transactions = append(l.transactions, tx)
 	return tx.Hash(), nil
 }

cmd/frostfs-adm/internal/modules/morph/helper/n3client.go

@@ -10,7 +10,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/neorpc/result"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
@@ -25,15 +24,10 @@ import (
 // Client represents N3 client interface capable of test-invoking scripts
 // and sending signed transactions to chain.
 type Client interface {
-	invoker.RPCInvoke
+	actor.RPCActor
 
-	GetBlockCount() (uint32, error)
 	GetNativeContracts() ([]state.Contract, error)
 	GetApplicationLog(util.Uint256, *trigger.Type) (*result.ApplicationLog, error)
-	GetVersion() (*result.Version, error)
-	SendRawTransaction(*transaction.Transaction) (util.Uint256, error)
-	GetCommittee() (keys.PublicKeys, error)
-	CalculateNetworkFee(tx *transaction.Transaction) (int64, error)
 }
 
 type HashVUBPair struct {
@@ -48,7 +42,7 @@ type ClientContext struct {
 	SentTxs         []HashVUBPair
 }
 
-func GetN3Client(v *viper.Viper) (Client, error) {
+func NewRemoteClient(v *viper.Viper) (Client, error) {
 	// number of opened connections
 	// by neo-go client per one host
 	const (
@@ -88,8 +82,14 @@ func GetN3Client(v *viper.Viper) (Client, error) {
 	return c, nil
 }
 
-func DefaultClientContext(c Client, committeeAcc *wallet.Account) (*ClientContext, error) {
-	commAct, err := NewActor(c, committeeAcc)
+func defaultClientContext(c Client, committeeAcc *wallet.Account) (*ClientContext, error) {
+	commAct, err := actor.New(c, []actor.SignerAccount{{
+		Signer: transaction.Signer{
+			Account: committeeAcc.Contract.ScriptHash(),
+			Scopes:  transaction.Global,
+		},
+		Account: committeeAcc,
+	}})
 	if err != nil {
 		return nil, err
 	}

cmd/frostfs-adm/internal/modules/morph/helper/util.go

@@ -15,10 +15,8 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
-	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/viper"
@@ -87,16 +85,6 @@ func openAlphabetWallets(v *viper.Viper, walletDir string) ([]*wallet.Wallet, er
 	return wallets, nil
 }
 
-func NewActor(c actor.RPCActor, committeeAcc *wallet.Account) (*actor.Actor, error) {
-	return actor.New(c, []actor.SignerAccount{{
-		Signer: transaction.Signer{
-			Account: committeeAcc.Contract.ScriptHash(),
-			Scopes:  transaction.Global,
-		},
-		Account: committeeAcc,
-	}})
-}
-
 func ReadContract(ctrPath, ctrName string) (*ContractState, error) {
 	rawNef, err := os.ReadFile(filepath.Join(ctrPath, ctrName+"_contract.nef"))
 	if err != nil {

cmd/frostfs-adm/internal/modules/morph/initialize/initialize_test.go

@@ -62,7 +62,7 @@ func testInitialize(t *testing.T, committeeSize int) {
 	v := viper.GetViper()
 
 	require.NoError(t, generateTestData(testdataDir, committeeSize))
-	v.Set(constants.ProtoConfigPath, filepath.Join(testdataDir, protoFileName))
+	v.Set(commonflags.ProtoConfigPath, filepath.Join(testdataDir, protoFileName))
 
 	// Set to the path or remove the next statement to download from the network.
 	require.NoError(t, Cmd.Flags().Set(commonflags.ContractsInitFlag, contractsPath))

cmd/frostfs-adm/internal/modules/morph/initialize/root.go

@@ -2,7 +2,6 @@ package initialize
 
 import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -32,7 +31,7 @@ var Cmd = &cobra.Command{
 		_ = viper.BindPFlag(commonflags.ContainerFeeInitFlag, cmd.Flags().Lookup(containerFeeCLIFlag))
 		_ = viper.BindPFlag(commonflags.ContainerAliasFeeInitFlag, cmd.Flags().Lookup(containerAliasFeeCLIFlag))
 		_ = viper.BindPFlag(commonflags.WithdrawFeeInitFlag, cmd.Flags().Lookup(withdrawFeeCLIFlag))
-		_ = viper.BindPFlag(constants.ProtoConfigPath, cmd.Flags().Lookup(constants.ProtoConfigPath))
+		_ = viper.BindPFlag(commonflags.ProtoConfigPath, cmd.Flags().Lookup(commonflags.ProtoConfigPath))
 	},
 	RunE: initializeSideChainCmd,
 }
@@ -48,7 +47,7 @@ func initInitCmd() {
 	// Defaults are taken from neo-preodolenie.
 	Cmd.Flags().Uint64(containerFeeCLIFlag, 1000, "Container registration fee")
 	Cmd.Flags().Uint64(containerAliasFeeCLIFlag, 500, "Container alias fee")
-	Cmd.Flags().String(constants.ProtoConfigPath, "", "Path to the consensus node configuration")
+	Cmd.Flags().String(commonflags.ProtoConfigPath, "", "Path to the consensus node configuration")
 	Cmd.Flags().String(commonflags.LocalDumpFlag, "", "Path to the blocks dump file")
 	Cmd.MarkFlagsMutuallyExclusive(commonflags.ContractsInitFlag, commonflags.ContractsURLFlag)
 }

cmd/frostfs-adm/internal/modules/morph/netmap/netmap_candidates.go

@@ -13,7 +13,7 @@ import (
 )
 
 func listNetmapCandidatesNodes(cmd *cobra.Command, _ []string) {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client: %w", err)
 
 	inv := invoker.New(c, nil)

cmd/frostfs-adm/internal/modules/morph/netmap/root.go

@@ -12,7 +12,6 @@ var (
 		Short: "List netmap candidates nodes",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(commonflags.EndpointFlag, cmd.Flags().Lookup(commonflags.EndpointFlag))
-			_ = viper.BindPFlag(commonflags.AlphabetWalletsFlag, cmd.Flags().Lookup(commonflags.AlphabetWalletsFlag))
 		},
 		Run: listNetmapCandidatesNodes,
 	}

cmd/frostfs-adm/internal/modules/morph/nns/domains.go

@@ -24,7 +24,7 @@ func initRegisterCmd() {
 }
 
 func registerDomain(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
+	c, actor := nnsWriter(cmd)
 
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	email, _ := cmd.Flags().GetString(nnsEmailFlag)
@@ -53,7 +53,7 @@ func initDeleteCmd() {
 }
 
 func deleteDomain(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
+	c, actor := nnsWriter(cmd)
 
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	h, vub, err := c.DeleteDomain(name)

cmd/frostfs-adm/internal/modules/morph/nns/helper.go

@@ -5,15 +5,15 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/constants"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/helper"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
-	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 
-func getRPCClient(cmd *cobra.Command) (*client.Contract, *helper.LocalActor, util.Uint160) {
+func nnsWriter(cmd *cobra.Command) (*client.Contract, *helper.LocalActor) {
 	v := viper.GetViper()
-	c, err := helper.GetN3Client(v)
+	c, err := helper.NewRemoteClient(v)
 	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
 
 	ac, err := helper.NewLocalActor(cmd, c, constants.CommitteeAccountName)
@@ -22,5 +22,17 @@ func getRPCClient(cmd *cobra.Command) (*client.Contract, *helper.LocalActor, uti
 	r := management.NewReader(ac.Invoker)
 	nnsCs, err := helper.GetContractByID(r, 1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
-	return client.New(ac, nnsCs.Hash), ac, nnsCs.Hash
+	return client.New(ac, nnsCs.Hash), ac
+}
+
+func nnsReader(cmd *cobra.Command) (*client.ContractReader, *invoker.Invoker) {
+	c, err := helper.NewRemoteClient(viper.GetViper())
+	commonCmd.ExitOnErr(cmd, "unable to create NEO rpc client: %w", err)
+
+	inv := invoker.New(c, nil)
+	r := management.NewReader(inv)
+	nnsCs, err := helper.GetContractByID(r, 1)
+	commonCmd.ExitOnErr(cmd, "can't get NNS contract state: %w", err)
+
+	return client.NewReader(inv, nnsCs.Hash), inv
 }

cmd/frostfs-adm/internal/modules/morph/nns/record.go

@@ -8,7 +8,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-contract/nns"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	"github.com/spf13/cobra"
 )
@@ -29,7 +28,6 @@ func initAddRecordCmd() {
 func initGetRecordsCmd() {
 	Cmd.AddCommand(getRecordsCmd)
 	getRecordsCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	getRecordsCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	getRecordsCmd.Flags().String(nnsNameFlag, "", nnsNameFlagDesc)
 	getRecordsCmd.Flags().String(nnsRecordTypeFlag, "", nnsRecordTypeFlagDesc)
 
@@ -61,7 +59,7 @@ func initDelRecordCmd() {
 }
 
 func addRecord(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
+	c, actor := nnsWriter(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	data, _ := cmd.Flags().GetString(nnsRecordDataFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
@@ -77,16 +75,16 @@ func addRecord(cmd *cobra.Command, _ []string) {
 }
 
 func getRecords(cmd *cobra.Command, _ []string) {
-	c, act, hash := getRPCClient(cmd)
+	c, inv := nnsReader(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
 	if recordType == "" {
-		sid, r, err := unwrap.SessionIterator(act.Invoker.Call(hash, "getAllRecords", name))
+		sid, r, err := c.GetAllRecords(name)
 		commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
 		defer func() {
-			_ = act.Invoker.TerminateSession(sid)
+			_ = inv.TerminateSession(sid)
 		}()
-		items, err := act.Invoker.TraverseIterator(sid, &r, 0)
+		items, err := inv.TraverseIterator(sid, &r, 0)
 		commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
 		for len(items) != 0 {
 			for j := range items {
@@ -97,7 +95,7 @@ func getRecords(cmd *cobra.Command, _ []string) {
 					recordTypeToString(nns.RecordType(rs[1].Value().(*big.Int).Int64())),
 					string(bs))
 			}
-			items, err = act.Invoker.TraverseIterator(sid, &r, 0)
+			items, err = inv.TraverseIterator(sid, &r, 0)
 			commonCmd.ExitOnErr(cmd, "unable to get records: %w", err)
 		}
 	} else {
@@ -114,7 +112,7 @@ func getRecords(cmd *cobra.Command, _ []string) {
 }
 
 func delRecords(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
+	c, actor := nnsWriter(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)
 	typ, err := getRecordType(recordType)
@@ -129,7 +127,7 @@ func delRecords(cmd *cobra.Command, _ []string) {
 }
 
 func delRecord(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
+	c, actor := nnsWriter(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	data, _ := cmd.Flags().GetString(nnsRecordDataFlag)
 	recordType, _ := cmd.Flags().GetString(nnsRecordTypeFlag)

cmd/frostfs-adm/internal/modules/morph/nns/renew.go

@@ -14,7 +14,7 @@ func initRenewCmd() {
 }
 
 func renewDomain(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
+	c, actor := nnsWriter(cmd)
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	h, vub, err := c.Renew(name)
 	commonCmd.ExitOnErr(cmd, "unable to renew domain: %w", err)

cmd/frostfs-adm/internal/modules/morph/nns/tokens.go

@@ -18,12 +18,11 @@ const (
 func initTokensCmd() {
 	Cmd.AddCommand(tokensCmd)
 	tokensCmd.Flags().StringP(commonflags.EndpointFlag, commonflags.EndpointFlagShort, "", commonflags.EndpointFlagDesc)
-	tokensCmd.Flags().String(commonflags.AlphabetWalletsFlag, "", commonflags.AlphabetWalletsFlagDesc)
 	tokensCmd.Flags().BoolP(commonflags.Verbose, commonflags.VerboseShorthand, false, verboseDesc)
 }
 
 func listTokens(cmd *cobra.Command, _ []string) {
-	c, _, _ := getRPCClient(cmd)
+	c, _ := nnsReader(cmd)
 	it, err := c.Tokens()
 	commonCmd.ExitOnErr(cmd, "unable to get tokens: %w", err)
 	for toks, err := it.Next(10); err == nil && len(toks) > 0; toks, err = it.Next(10) {
@@ -41,7 +40,7 @@ func listTokens(cmd *cobra.Command, _ []string) {
 	}
 }
 
-func getCnameRecord(c *client.Contract, token []byte) (string, error) {
+func getCnameRecord(c *client.ContractReader, token []byte) (string, error) {
 	items, err := c.GetRecords(string(token), big.NewInt(int64(nns.CNAME)))
 
 	// GetRecords returns the error "not an array" if the domain does not contain records.

cmd/frostfs-adm/internal/modules/morph/nns/update.go

@@ -30,7 +30,7 @@ func initUpdateCmd() {
 }
 
 func updateSOA(cmd *cobra.Command, _ []string) {
-	c, actor, _ := getRPCClient(cmd)
+	c, actor := nnsWriter(cmd)
 
 	name, _ := cmd.Flags().GetString(nnsNameFlag)
 	email, _ := cmd.Flags().GetString(nnsEmailFlag)

cmd/frostfs-adm/internal/modules/morph/notary/notary.go

@@ -89,7 +89,7 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 }
 
 func transferGas(cmd *cobra.Command, acc *wallet.Account, accHash util.Uint160, gasAmount fixedn.Fixed8, till int64) error {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	if err != nil {
 		return err
 	}

cmd/frostfs-adm/internal/modules/morph/policy/policy.go

@@ -62,7 +62,7 @@ func SetPolicyCmd(cmd *cobra.Command, args []string) error {
 }
 
 func dumpPolicyCmd(cmd *cobra.Command, _ []string) error {
-	c, err := helper.GetN3Client(viper.GetViper())
+	c, err := helper.NewRemoteClient(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client:", err)
 
 	inv := invoker.New(c, nil)

cmd/frostfs-cli/internal/client/client.go

@@ -9,7 +9,6 @@ import (
 	"io"
 	"os"
 	"slices"
-	"sort"
 	"strings"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/accounting"
@@ -78,13 +77,31 @@ func ListContainers(ctx context.Context, prm ListContainersPrm) (res ListContain
 // SortedIDList returns sorted list of identifiers of user's containers.
 func (x ListContainersRes) SortedIDList() []cid.ID {
 	list := x.cliRes.Containers()
-	sort.Slice(list, func(i, j int) bool {
-		lhs, rhs := list[i].EncodeToString(), list[j].EncodeToString()
-		return strings.Compare(lhs, rhs) < 0
+	slices.SortFunc(list, func(lhs, rhs cid.ID) int {
+		return strings.Compare(lhs.EncodeToString(), rhs.EncodeToString())
 	})
 	return list
 }
 
+func ListContainersStream(ctx context.Context, prm ListContainersPrm, processCnr func(id cid.ID) bool) (err error) {
+	cliPrm := &client.PrmContainerListStream{
+		XHeaders: prm.XHeaders,
+		OwnerID:  prm.OwnerID,
+		Session:  prm.Session,
+	}
+	rdr, err := prm.cli.ContainerListInit(ctx, *cliPrm)
+	if err != nil {
+		return fmt.Errorf("init container list: %w", err)
+	}
+
+	err = rdr.Iterate(processCnr)
+	if err != nil {
+		return fmt.Errorf("read container list: %w", err)
+	}
+
+	return
+}
+
 // PutContainerPrm groups parameters of PutContainer operation.
 type PutContainerPrm struct {
 	Client       *client.Client

cmd/frostfs-cli/modules/ape_manager/add_chain.go

@@ -1,44 +1,19 @@
 package apemanager
 
 import (
-	"encoding/hex"
-	"errors"
+	"fmt"
 
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	apeSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
 	client_sdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
+	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 	"github.com/spf13/cobra"
 )
 
-const (
-	chainIDFlag    = "chain-id"
-	chainIDHexFlag = "chain-id-hex"
-	ruleFlag       = "rule"
-	pathFlag       = "path"
-)
-
-const (
-	targetNameFlag = "target-name"
-	targetNameDesc = "Resource name in APE resource name format"
-	targetTypeFlag = "target-type"
-	targetTypeDesc = "Resource type(container/namespace)"
-)
-
-const (
-	namespaceTarget = "namespace"
-	containerTarget = "container"
-	userTarget      = "user"
-	groupTarget     = "group"
-)
-
-var errUnknownTargetType = errors.New("unknown target type")
-
 var addCmd = &cobra.Command{
 	Use:   "add",
 	Short: "Add rule chain for a target",
@@ -49,55 +24,28 @@ var addCmd = &cobra.Command{
 }
 
 func parseTarget(cmd *cobra.Command) (ct apeSDK.ChainTarget) {
-	typ, _ := cmd.Flags().GetString(targetTypeFlag)
-	name, _ := cmd.Flags().GetString(targetNameFlag)
+	t := apeCmd.ParseTarget(cmd)
 
-	ct.Name = name
+	ct.Name = t.Name
 
-	switch typ {
-	case namespaceTarget:
+	switch t.Type {
+	case engine.Namespace:
 		ct.TargetType = apeSDK.TargetTypeNamespace
-	case containerTarget:
-		var cnr cid.ID
-		commonCmd.ExitOnErr(cmd, "can't decode container ID: %w", cnr.DecodeString(name))
+	case engine.Container:
 		ct.TargetType = apeSDK.TargetTypeContainer
-	case userTarget:
+	case engine.User:
 		ct.TargetType = apeSDK.TargetTypeUser
-	case groupTarget:
+	case engine.Group:
 		ct.TargetType = apeSDK.TargetTypeGroup
 	default:
-		commonCmd.ExitOnErr(cmd, "read target type error: %w", errUnknownTargetType)
+		commonCmd.ExitOnErr(cmd, "conversion error: %w", fmt.Errorf("unknown type '%c'", t.Type))
 	}
 	return ct
 }
 
 func parseChain(cmd *cobra.Command) apeSDK.Chain {
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
-	hexEncoded, _ := cmd.Flags().GetBool(chainIDHexFlag)
-
-	chainIDRaw := []byte(chainID)
-
-	if hexEncoded {
-		var err error
-		chainIDRaw, err = hex.DecodeString(chainID)
-		commonCmd.ExitOnErr(cmd, "can't decode chain ID as hex: %w", err)
-	}
-
-	chain := new(apechain.Chain)
-	chain.ID = apechain.ID(chainIDRaw)
-
-	if rules, _ := cmd.Flags().GetStringArray(ruleFlag); len(rules) > 0 {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", util.ParseAPEChain(chain, rules))
-	} else if encPath, _ := cmd.Flags().GetString(pathFlag); encPath != "" {
-		commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", util.ParseAPEChainBinaryOrJSON(chain, encPath))
-	} else {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", errors.New("rule is not passed"))
-	}
-
-	cmd.Println("Parsed chain:")
-	util.PrintHumanReadableAPEChain(cmd, chain)
-
-	serialized := chain.Bytes()
+	c := apeCmd.ParseChain(cmd)
+	serialized := c.Bytes()
 	return apeSDK.Chain{
 		Raw: serialized,
 	}
@@ -126,13 +74,13 @@ func initAddCmd() {
 	commonflags.Init(addCmd)
 
 	ff := addCmd.Flags()
-	ff.StringArray(ruleFlag, []string{}, "Rule statement")
-	ff.String(pathFlag, "", "Path to encoded chain in JSON or binary format")
-	ff.String(chainIDFlag, "", "Assign ID to the parsed chain")
-	ff.String(targetNameFlag, "", targetNameDesc)
-	ff.String(targetTypeFlag, "", targetTypeDesc)
-	_ = addCmd.MarkFlagRequired(targetTypeFlag)
-	ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")
+	ff.StringArray(apeCmd.RuleFlag, []string{}, apeCmd.RuleFlagDesc)
+	ff.String(apeCmd.PathFlag, "", apeCmd.PathFlagDesc)
+	ff.String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
+	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = addCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	ff.Bool(apeCmd.ChainIDHexFlag, false, apeCmd.ChainIDHexFlagDesc)
 
-	addCmd.MarkFlagsMutuallyExclusive(pathFlag, ruleFlag)
+	addCmd.MarkFlagsMutuallyExclusive(apeCmd.PathFlag, apeCmd.RuleFlag)
 }

cmd/frostfs-cli/modules/ape_manager/list_chain.go

@@ -4,8 +4,8 @@ import (
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	apeutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	client_sdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	"github.com/spf13/cobra"
@@ -35,7 +35,7 @@ func list(cmd *cobra.Command, _ []string) {
 	for _, respChain := range resp.Chains {
 		var chain apechain.Chain
 		commonCmd.ExitOnErr(cmd, "decode error: %w", chain.DecodeBytes(respChain.Raw))
-		apeutil.PrintHumanReadableAPEChain(cmd, &chain)
+		apeCmd.PrintHumanReadableAPEChain(cmd, &chain)
 	}
 }
 
@@ -43,7 +43,7 @@ func initListCmd() {
 	commonflags.Init(listCmd)
 
 	ff := listCmd.Flags()
-	ff.String(targetNameFlag, "", targetNameDesc)
-	ff.String(targetTypeFlag, "", targetTypeDesc)
-	_ = listCmd.MarkFlagRequired(targetTypeFlag)
+	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = listCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
 }

cmd/frostfs-cli/modules/ape_manager/remove_chain.go

@@ -1,29 +1,23 @@
 package apemanager
 
 import (
-	"encoding/hex"
-	"errors"
-
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	client_sdk "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
 	"github.com/spf13/cobra"
 )
 
-var (
-	errEmptyChainID = errors.New("chain id cannot be empty")
-
-	removeCmd = &cobra.Command{
-		Use:   "remove",
-		Short: "Remove rule chain for a target",
-		Run:   remove,
-		PersistentPreRun: func(cmd *cobra.Command, _ []string) {
-			commonflags.Bind(cmd)
-		},
-	}
-)
+var removeCmd = &cobra.Command{
+	Use:   "remove",
+	Short: "Remove rule chain for a target",
+	Run:   remove,
+	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
+		commonflags.Bind(cmd)
+	},
+}
 
 func remove(cmd *cobra.Command, _ []string) {
 	target := parseTarget(cmd)
@@ -31,19 +25,9 @@ func remove(cmd *cobra.Command, _ []string) {
 	key := key.Get(cmd)
 	cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
 
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
-	if chainID == "" {
-		commonCmd.ExitOnErr(cmd, "read chain id error: %w", errEmptyChainID)
-	}
+	chainID := apeCmd.ParseChainID(cmd)
 	chainIDRaw := []byte(chainID)
 
-	hexEncoded, _ := cmd.Flags().GetBool(chainIDHexFlag)
-	if hexEncoded {
-		var err error
-		chainIDRaw, err = hex.DecodeString(chainID)
-		commonCmd.ExitOnErr(cmd, "can't decode chain ID as hex: %w", err)
-	}
-
 	_, err := cli.APEManagerRemoveChain(cmd.Context(), client_sdk.PrmAPEManagerRemoveChain{
 		ChainTarget: target,
 		ChainID:     chainIDRaw,
@@ -58,9 +42,10 @@ func initRemoveCmd() {
 	commonflags.Init(removeCmd)
 
 	ff := removeCmd.Flags()
-	ff.String(targetNameFlag, "", targetNameDesc)
-	ff.String(targetTypeFlag, "", targetTypeDesc)
-	_ = removeCmd.MarkFlagRequired(targetTypeFlag)
-	ff.String(chainIDFlag, "", "Chain id")
-	ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")
+	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = removeCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	ff.String(apeCmd.ChainIDFlag, "", apeCmd.ChainIDFlagDesc)
+	_ = removeCmd.MarkFlagRequired(apeCmd.ChainIDFlag)
+	ff.Bool(apeCmd.ChainIDHexFlag, false, apeCmd.ChainIDHexFlagDesc)
 }

cmd/frostfs-cli/modules/bearer/generate_override.go

@@ -1,31 +1,20 @@
 package bearer
 
 import (
-	"errors"
 	"fmt"
 	"os"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
-	parseutil "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	apeSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	cidSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	"github.com/spf13/cobra"
 )
 
-var (
-	errChainIDCannotBeEmpty = errors.New("chain id cannot be empty")
-	errRuleIsNotParsed      = errors.New("rule is not passed")
-)
-
 const (
-	chainIDFlag    = "chain-id"
-	chainIDHexFlag = "chain-id-hex"
-	ruleFlag       = "rule"
-	pathFlag       = "path"
-	outputFlag     = "output"
+	outputFlag = "output"
 )
 
 var generateAPEOverrideCmd = &cobra.Command{
@@ -40,7 +29,7 @@ Generated APE override can be dumped to a file in JSON format that is passed to
 }
 
 func genereateAPEOverride(cmd *cobra.Command, _ []string) {
-	c := parseChain(cmd)
+	c := apeCmd.ParseChain(cmd)
 
 	targetCID, _ := cmd.Flags().GetString(commonflags.CIDFlag)
 	var cid cidSDK.ID
@@ -77,39 +66,11 @@ func init() {
 	ff.StringP(commonflags.CIDFlag, "", "", "Target container ID.")
 	_ = cobra.MarkFlagRequired(createCmd.Flags(), commonflags.CIDFlag)
 
-	ff.StringArray(ruleFlag, []string{}, "Rule statement")
-	ff.String(pathFlag, "", "Path to encoded chain in JSON or binary format")
-	ff.String(chainIDFlag, "", "Assign ID to the parsed chain")
-	ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")
+	ff.StringArray(apeCmd.RuleFlag, []string{}, "Rule statement")
+	ff.String(apeCmd.PathFlag, "", "Path to encoded chain in JSON or binary format")
+	ff.String(apeCmd.ChainIDFlag, "", "Assign ID to the parsed chain")
+	ff.Bool(apeCmd.ChainIDHexFlag, false, "Flag to parse chain ID as hex")
 
 	ff.String(outputFlag, "", "Output path to dump result JSON-encoded APE override")
 	_ = cobra.MarkFlagFilename(createCmd.Flags(), outputFlag)
 }
-
-func parseChainID(cmd *cobra.Command) apechain.ID {
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
-	if chainID == "" {
-		commonCmd.ExitOnErr(cmd, "read chain id error: %w",
-			errChainIDCannotBeEmpty)
-	}
-	return apechain.ID(chainID)
-}
-
-func parseChain(cmd *cobra.Command) *apechain.Chain {
-	chain := new(apechain.Chain)
-
-	if rules, _ := cmd.Flags().GetStringArray(ruleFlag); len(rules) > 0 {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", parseutil.ParseAPEChain(chain, rules))
-	} else if encPath, _ := cmd.Flags().GetString(pathFlag); encPath != "" {
-		commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", parseutil.ParseAPEChainBinaryOrJSON(chain, encPath))
-	} else {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", errRuleIsNotParsed)
-	}
-
-	chain.ID = parseChainID(cmd)
-
-	cmd.Println("Parsed chain:")
-	parseutil.PrintHumanReadableAPEChain(cmd, chain)
-
-	return chain
-}

cmd/frostfs-cli/modules/container/list.go

@@ -6,8 +6,11 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
 	containerSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/spf13/cobra"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 )
 
 // flags of list command.
@@ -51,44 +54,60 @@ var listContainersCmd = &cobra.Command{
 
 		var prm internalclient.ListContainersPrm
 		prm.SetClient(cli)
-		prm.Account = idUser
-
-		res, err := internalclient.ListContainers(cmd.Context(), prm)
-		commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
-
+		prm.OwnerID = idUser
 		prmGet := internalclient.GetContainerPrm{
 			Client: cli,
 		}
+		var containerIDs []cid.ID
+
+		err := internalclient.ListContainersStream(cmd.Context(), prm, func(id cid.ID) bool {
+			printContainer(cmd, prmGet, id)
+			return false
+		})
+		if err == nil {
+			return
+		}
+
+		if e, ok := status.FromError(err); ok && e.Code() == codes.Unimplemented {
+			res, err := internalclient.ListContainers(cmd.Context(), prm)
+			commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
+			containerIDs = res.SortedIDList()
+		} else {
+			commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
+		}
 
-		containerIDs := res.SortedIDList()
 		for _, cnrID := range containerIDs {
-			if flagVarListName == "" && !flagVarListPrintAttr {
-				cmd.Println(cnrID.String())
-				continue
-			}
-
-			prmGet.ClientParams.ContainerID = &cnrID
-			res, err := internalclient.GetContainer(cmd.Context(), prmGet)
-			if err != nil {
-				cmd.Printf("  failed to read attributes: %v\n", err)
-				continue
-			}
-
-			cnr := res.Container()
-			if cnrName := containerSDK.Name(cnr); flagVarListName != "" && cnrName != flagVarListName {
-				continue
-			}
-			cmd.Println(cnrID.String())
-
-			if flagVarListPrintAttr {
-				cnr.IterateUserAttributes(func(key, val string) {
-					cmd.Printf("  %s: %s\n", key, val)
-				})
-			}
+			printContainer(cmd, prmGet, cnrID)
 		}
 	},
 }
 
+func printContainer(cmd *cobra.Command, prmGet internalclient.GetContainerPrm, id cid.ID) {
+	if flagVarListName == "" && !flagVarListPrintAttr {
+		cmd.Println(id.String())
+		return
+	}
+
+	prmGet.ClientParams.ContainerID = &id
+	res, err := internalclient.GetContainer(cmd.Context(), prmGet)
+	if err != nil {
+		cmd.Printf("  failed to read attributes: %v\n", err)
+		return
+	}
+
+	cnr := res.Container()
+	if cnrName := containerSDK.Name(cnr); flagVarListName != "" && cnrName != flagVarListName {
+		return
+	}
+	cmd.Println(id.String())
+
+	if flagVarListPrintAttr {
+		cnr.IterateUserAttributes(func(key, val string) {
+			cmd.Printf("  %s: %s\n", key, val)
+		})
+	}
+}
+
 func initContainerListContainersCmd() {
 	commonflags.Init(listContainersCmd)
 

cmd/frostfs-cli/modules/control/add_rule.go

@@ -1,23 +1,14 @@
 package control
 
 import (
-	"encoding/hex"
-	"errors"
-
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
-	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	"github.com/spf13/cobra"
 )
 
-const (
-	ruleFlag = "rule"
-	pathFlag = "path"
-)
-
 var addRuleCmd = &cobra.Command{
 	Use:   "add-rule",
 	Short: "Add local override",
@@ -31,41 +22,12 @@ control add-rule --endpoint ... -w ... --address ... --chain-id ChainID --cid ..
 	Run: addRule,
 }
 
-func parseChain(cmd *cobra.Command) *apechain.Chain {
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
-	hexEncoded, _ := cmd.Flags().GetBool(chainIDHexFlag)
-
-	chainIDRaw := []byte(chainID)
-
-	if hexEncoded {
-		var err error
-		chainIDRaw, err = hex.DecodeString(chainID)
-		commonCmd.ExitOnErr(cmd, "can't decode chain ID as hex: %w", err)
-	}
-
-	chain := new(apechain.Chain)
-	chain.ID = apechain.ID(chainIDRaw)
-
-	if rules, _ := cmd.Flags().GetStringArray(ruleFlag); len(rules) > 0 {
-		commonCmd.ExitOnErr(cmd, "parser error: %w", util.ParseAPEChain(chain, rules))
-	} else if encPath, _ := cmd.Flags().GetString(pathFlag); encPath != "" {
-		commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", util.ParseAPEChainBinaryOrJSON(chain, encPath))
-	} else {
-		commonCmd.ExitOnErr(cmd, "parser error", errors.New("rule is not passed"))
-	}
-
-	cmd.Println("Parsed chain:")
-	util.PrintHumanReadableAPEChain(cmd, chain)
-
-	return chain
-}
-
 func addRule(cmd *cobra.Command, _ []string) {
 	pk := key.Get(cmd)
 
 	target := parseTarget(cmd)
 
-	parsed := parseChain(cmd)
+	parsed := apeCmd.ParseChain(cmd)
 
 	req := &control.AddChainLocalOverrideRequest{
 		Body: &control.AddChainLocalOverrideRequest_Body{
@@ -94,13 +56,13 @@ func initControlAddRuleCmd() {
 	initControlFlags(addRuleCmd)
 
 	ff := addRuleCmd.Flags()
-	ff.StringArray(ruleFlag, []string{}, "Rule statement")
-	ff.String(pathFlag, "", "Path to encoded chain in JSON or binary format")
-	ff.String(chainIDFlag, "", "Assign ID to the parsed chain")
-	ff.String(targetNameFlag, "", targetNameDesc)
-	ff.String(targetTypeFlag, "", targetTypeDesc)
-	_ = addRuleCmd.MarkFlagRequired(targetTypeFlag)
-	ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")
+	ff.StringArray(apeCmd.RuleFlag, []string{}, "Rule statement")
+	ff.String(apeCmd.PathFlag, "", "Path to encoded chain in JSON or binary format")
+	ff.String(apeCmd.ChainIDFlag, "", "Assign ID to the parsed chain")
+	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = addRuleCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
+	ff.Bool(apeCmd.ChainIDHexFlag, false, "Flag to parse chain ID as hex")
 
-	addRuleCmd.MarkFlagsMutuallyExclusive(pathFlag, ruleFlag)
+	addRuleCmd.MarkFlagsMutuallyExclusive(apeCmd.PathFlag, apeCmd.RuleFlag)
 }

cmd/frostfs-cli/modules/control/evacuate_shard.go

@@ -1,56 +0,0 @@
-package control
-
-import (
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
-	"github.com/spf13/cobra"
-)
-
-const ignoreErrorsFlag = "no-errors"
-
-var evacuateShardCmd = &cobra.Command{
-	Use:        "evacuate",
-	Short:      "Evacuate objects from shard",
-	Long:       "Evacuate objects from shard to other shards",
-	Run:        evacuateShard,
-	Deprecated: "use frostfs-cli control shards evacuation start",
-}
-
-func evacuateShard(cmd *cobra.Command, _ []string) {
-	pk := key.Get(cmd)
-
-	req := &control.EvacuateShardRequest{Body: new(control.EvacuateShardRequest_Body)}
-	req.Body.Shard_ID = getShardIDList(cmd)
-	req.Body.IgnoreErrors, _ = cmd.Flags().GetBool(ignoreErrorsFlag)
-
-	signRequest(cmd, pk, req)
-
-	cli := getClient(cmd, pk)
-
-	var resp *control.EvacuateShardResponse
-	var err error
-	err = cli.ExecRaw(func(client *client.Client) error {
-		resp, err = control.EvacuateShard(client, req)
-		return err
-	})
-	commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
-
-	cmd.Printf("Objects moved: %d\n", resp.GetBody().GetCount())
-
-	verifyResponse(cmd, resp.GetSignature(), resp.GetBody())
-
-	cmd.Println("Shard has successfully been evacuated.")
-}
-
-func initControlEvacuateShardCmd() {
-	initControlFlags(evacuateShardCmd)
-
-	flags := evacuateShardCmd.Flags()
-	flags.StringSlice(shardIDFlag, nil, "List of shard IDs in base58 encoding")
-	flags.Bool(shardAllFlag, false, "Process all shards")
-	flags.Bool(ignoreErrorsFlag, false, "Skip invalid/unreadable objects")
-
-	evacuateShardCmd.MarkFlagsMutuallyExclusive(shardIDFlag, shardAllFlag)
-}

cmd/frostfs-cli/modules/control/evacuation.go

@@ -17,10 +17,11 @@ import (
 )
 
 const (
-	awaitFlag      = "await"
-	noProgressFlag = "no-progress"
-	scopeFlag      = "scope"
-	repOneOnlyFlag = "rep-one-only"
+	awaitFlag        = "await"
+	noProgressFlag   = "no-progress"
+	scopeFlag        = "scope"
+	repOneOnlyFlag   = "rep-one-only"
+	ignoreErrorsFlag = "no-errors"
 
 	containerWorkerCountFlag = "container-worker-count"
 	objectWorkerCountFlag    = "object-worker-count"

cmd/frostfs-cli/modules/control/get_rule.go

@@ -4,8 +4,8 @@ import (
 	"encoding/hex"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apecmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
@@ -24,8 +24,8 @@ func getRule(cmd *cobra.Command, _ []string) {
 
 	target := parseTarget(cmd)
 
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
-	hexEncoded, _ := cmd.Flags().GetBool(chainIDHexFlag)
+	chainID, _ := cmd.Flags().GetString(apecmd.ChainIDFlag)
+	hexEncoded, _ := cmd.Flags().GetBool(apecmd.ChainIDHexFlag)
 
 	if hexEncoded {
 		chainIDBytes, err := hex.DecodeString(chainID)
@@ -56,16 +56,16 @@ func getRule(cmd *cobra.Command, _ []string) {
 
 	var chain apechain.Chain
 	commonCmd.ExitOnErr(cmd, "decode error: %w", chain.DecodeBytes(resp.GetBody().GetChain()))
-	util.PrintHumanReadableAPEChain(cmd, &chain)
+	apecmd.PrintHumanReadableAPEChain(cmd, &chain)
 }
 
 func initControGetRuleCmd() {
 	initControlFlags(getRuleCmd)
 
 	ff := getRuleCmd.Flags()
-	ff.String(targetNameFlag, "", targetNameDesc)
-	ff.String(targetTypeFlag, "", targetTypeDesc)
-	_ = getRuleCmd.MarkFlagRequired(targetTypeFlag)
-	ff.String(chainIDFlag, "", "Chain id")
-	ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")
+	ff.String(apecmd.TargetNameFlag, "", apecmd.TargetNameFlagDesc)
+	ff.String(apecmd.TargetTypeFlag, "", apecmd.TargetTypeFlagDesc)
+	_ = getRuleCmd.MarkFlagRequired(apecmd.TargetTypeFlag)
+	ff.String(apecmd.ChainIDFlag, "", "Chain id")
+	ff.Bool(apecmd.ChainIDHexFlag, false, "Flag to parse chain ID as hex")
 }

cmd/frostfs-cli/modules/control/list_rules.go

@@ -1,18 +1,16 @@
 package control
 
 import (
-	"errors"
 	"fmt"
 	"strings"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
-	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
-	"github.com/nspcc-dev/neo-go/cli/input"
+	policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 	"github.com/spf13/cobra"
 )
 
@@ -23,65 +21,25 @@ var listRulesCmd = &cobra.Command{
 	Run:   listRules,
 }
 
-const (
-	defaultNamespace = "root"
-	namespaceTarget  = "namespace"
-	containerTarget  = "container"
-	userTarget       = "user"
-	groupTarget      = "group"
-)
-
-const (
-	targetNameFlag = "target-name"
-	targetNameDesc = "Resource name in APE resource name format"
-	targetTypeFlag = "target-type"
-	targetTypeDesc = "Resource type(container/namespace)"
-)
-
-var (
-	errSettingDefaultValueWasDeclined = errors.New("setting default value was declined")
-	errUnknownTargetType              = errors.New("unknown target type")
-)
+var engineToControlSvcType = map[policyengine.TargetType]control.ChainTarget_TargetType{
+	policyengine.Namespace: control.ChainTarget_NAMESPACE,
+	policyengine.Container: control.ChainTarget_CONTAINER,
+	policyengine.User:      control.ChainTarget_USER,
+	policyengine.Group:     control.ChainTarget_GROUP,
+}
 
 func parseTarget(cmd *cobra.Command) *control.ChainTarget {
-	typ, _ := cmd.Flags().GetString(targetTypeFlag)
-	name, _ := cmd.Flags().GetString(targetNameFlag)
-	switch typ {
-	case namespaceTarget:
-		if name == "" {
-			ln, err := input.ReadLine(fmt.Sprintf("Target name is not set. Confirm to use %s namespace (n|Y)> ", defaultNamespace))
-			commonCmd.ExitOnErr(cmd, "read line error: %w", err)
-			ln = strings.ToLower(ln)
-			if len(ln) > 0 && (ln[0] == 'n') {
-				commonCmd.ExitOnErr(cmd, "read namespace error: %w", errSettingDefaultValueWasDeclined)
-			}
-			name = defaultNamespace
-		}
-		return &control.ChainTarget{
-			Name: name,
-			Type: control.ChainTarget_NAMESPACE,
-		}
-	case containerTarget:
-		var cnr cid.ID
-		commonCmd.ExitOnErr(cmd, "can't decode container ID: %w", cnr.DecodeString(name))
-		return &control.ChainTarget{
-			Name: name,
-			Type: control.ChainTarget_CONTAINER,
-		}
-	case userTarget:
-		return &control.ChainTarget{
-			Name: name,
-			Type: control.ChainTarget_USER,
-		}
-	case groupTarget:
-		return &control.ChainTarget{
-			Name: name,
-			Type: control.ChainTarget_GROUP,
-		}
-	default:
-		commonCmd.ExitOnErr(cmd, "read target type error: %w", errUnknownTargetType)
+	target := apeCmd.ParseTarget(cmd)
+
+	typ, ok := engineToControlSvcType[target.Type]
+	if !ok {
+		commonCmd.ExitOnErr(cmd, "%w", fmt.Errorf("unknown type '%c", target.Type))
+	}
+
+	return &control.ChainTarget{
+		Name: target.Name,
+		Type: typ,
 	}
-	return nil
 }
 
 func listRules(cmd *cobra.Command, _ []string) {
@@ -117,7 +75,7 @@ func listRules(cmd *cobra.Command, _ []string) {
 	for _, c := range chains {
 		var chain apechain.Chain
 		commonCmd.ExitOnErr(cmd, "decode error: %w", chain.DecodeBytes(c))
-		util.PrintHumanReadableAPEChain(cmd, &chain)
+		apeCmd.PrintHumanReadableAPEChain(cmd, &chain)
 	}
 }
 
@@ -125,7 +83,7 @@ func initControlListRulesCmd() {
 	initControlFlags(listRulesCmd)
 
 	ff := listRulesCmd.Flags()
-	ff.String(targetNameFlag, "", targetNameDesc)
-	ff.String(targetTypeFlag, "", targetTypeDesc)
-	_ = listRulesCmd.MarkFlagRequired(targetTypeFlag)
+	ff.String(apeCmd.TargetNameFlag, "", apeCmd.TargetNameFlagDesc)
+	ff.String(apeCmd.TargetTypeFlag, "", apeCmd.TargetTypeFlagDesc)
+	_ = listRulesCmd.MarkFlagRequired(apeCmd.TargetTypeFlag)
 }

cmd/frostfs-cli/modules/control/list_targets.go

@@ -2,26 +2,20 @@ package control
 
 import (
 	"bytes"
-	"crypto/sha256"
 	"fmt"
 	"strconv"
 	"text/tabwriter"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
 
-const (
-	chainNameFlag      = "chain-name"
-	chainNameFlagUsage = "Chain name(ingress|s3)"
-)
-
 var listTargetsCmd = &cobra.Command{
 	Use:   "list-targets",
 	Short: "List local targets",
@@ -32,15 +26,11 @@ var listTargetsCmd = &cobra.Command{
 func listTargets(cmd *cobra.Command, _ []string) {
 	pk := key.Get(cmd)
 
-	var cnr cid.ID
-	chainName, _ := cmd.Flags().GetString(chainNameFlag)
-
-	rawCID := make([]byte, sha256.Size)
-	cnr.Encode(rawCID)
+	chainName := apeCmd.ParseChainName(cmd)
 
 	req := &control.ListTargetsLocalOverridesRequest{
 		Body: &control.ListTargetsLocalOverridesRequest_Body{
-			ChainName: chainName,
+			ChainName: string(chainName),
 		},
 	}
 
@@ -82,7 +72,7 @@ func initControlListTargetsCmd() {
 	initControlFlags(listTargetsCmd)
 
 	ff := listTargetsCmd.Flags()
-	ff.String(chainNameFlag, "", chainNameFlagUsage)
+	ff.String(apeCmd.ChainNameFlag, "", apeCmd.ChainNameFlagDesc)
 
-	_ = cobra.MarkFlagRequired(ff, chainNameFlag)
+	_ = cobra.MarkFlagRequired(ff, apeCmd.ChainNameFlag)
 }

cmd/frostfs-cli/modules/control/remove_rule.go

@@ -6,17 +6,12 @@ import (
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apecmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/control"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/rpc/client"
 	"github.com/spf13/cobra"
 )
 
-const (
-	chainIDFlag    = "chain-id"
-	chainIDHexFlag = "chain-id-hex"
-	allFlag        = "all"
-)
-
 var (
 	errEmptyChainID = errors.New("chain id cannot be empty")
 
@@ -30,8 +25,8 @@ var (
 
 func removeRule(cmd *cobra.Command, _ []string) {
 	pk := key.Get(cmd)
-	hexEncoded, _ := cmd.Flags().GetBool(chainIDHexFlag)
-	removeAll, _ := cmd.Flags().GetBool(allFlag)
+	hexEncoded, _ := cmd.Flags().GetBool(apecmd.ChainIDHexFlag)
+	removeAll, _ := cmd.Flags().GetBool(apecmd.AllFlag)
 	if removeAll {
 		req := &control.RemoveChainLocalOverridesByTargetRequest{
 			Body: &control.RemoveChainLocalOverridesByTargetRequest_Body{
@@ -52,7 +47,7 @@ func removeRule(cmd *cobra.Command, _ []string) {
 		return
 	}
 
-	chainID, _ := cmd.Flags().GetString(chainIDFlag)
+	chainID, _ := cmd.Flags().GetString(apecmd.ChainIDFlag)
 	if chainID == "" {
 		commonCmd.ExitOnErr(cmd, "read chain id error: %w", errEmptyChainID)
 	}
@@ -92,11 +87,11 @@ func initControlRemoveRuleCmd() {
 	initControlFlags(removeRuleCmd)
 
 	ff := removeRuleCmd.Flags()
-	ff.String(targetNameFlag, "", targetNameDesc)
-	ff.String(targetTypeFlag, "", targetTypeDesc)
-	_ = removeRuleCmd.MarkFlagRequired(targetTypeFlag)
-	ff.String(chainIDFlag, "", "Chain id")
-	ff.Bool(chainIDHexFlag, false, "Flag to parse chain ID as hex")
-	ff.Bool(allFlag, false, "Remove all chains")
-	removeRuleCmd.MarkFlagsMutuallyExclusive(allFlag, chainIDFlag)
+	ff.String(apecmd.TargetNameFlag, "", apecmd.TargetNameFlagDesc)
+	ff.String(apecmd.TargetTypeFlag, "", apecmd.TargetTypeFlagDesc)
+	_ = removeRuleCmd.MarkFlagRequired(apecmd.TargetTypeFlag)
+	ff.String(apecmd.ChainIDFlag, "", apecmd.ChainIDFlagDesc)
+	ff.Bool(apecmd.ChainIDHexFlag, false, apecmd.ChainIDHexFlagDesc)
+	ff.Bool(apecmd.AllFlag, false, "Remove all chains")
+	removeRuleCmd.MarkFlagsMutuallyExclusive(apecmd.AllFlag, apecmd.ChainIDFlag)
 }

cmd/frostfs-cli/modules/control/shards.go

@@ -13,7 +13,6 @@ var shardsCmd = &cobra.Command{
 func initControlShardsCmd() {
 	shardsCmd.AddCommand(listShardsCmd)
 	shardsCmd.AddCommand(setShardModeCmd)
-	shardsCmd.AddCommand(evacuateShardCmd)
 	shardsCmd.AddCommand(evacuationShardCmd)
 	shardsCmd.AddCommand(flushCacheCmd)
 	shardsCmd.AddCommand(doctorCmd)
@@ -23,7 +22,6 @@ func initControlShardsCmd() {
 
 	initControlShardsListCmd()
 	initControlSetShardModeCmd()
-	initControlEvacuateShardCmd()
 	initControlEvacuationShardCmd()
 	initControlFlushCacheCmd()
 	initControlDoctorCmd()

cmd/frostfs-cli/modules/object/hash.go

@@ -9,7 +9,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/checksum"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"github.com/spf13/cobra"
@@ -43,6 +42,8 @@ func initObjectHashCmd() {
 	_ = objectHashCmd.MarkFlagRequired(commonflags.OIDFlag)
 
 	flags.String("range", "", "Range to take hash from in the form offset1:length1,...")
+	_ = objectHashCmd.MarkFlagRequired("range")
+
 	flags.String("type", hashSha256, "Hash type. Either 'sha256' or 'tz'")
 	flags.String(getRangeHashSaltFlag, "", "Salt in hex format")
 }
@@ -66,36 +67,6 @@ func getObjectHash(cmd *cobra.Command, _ []string) {
 	pk := key.GetOrGenerate(cmd)
 	cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
 
-	tz := typ == hashTz
-	fullHash := len(ranges) == 0
-	if fullHash {
-		var headPrm internalclient.HeadObjectPrm
-		headPrm.SetClient(cli)
-		Prepare(cmd, &headPrm)
-		headPrm.SetAddress(objAddr)
-
-		// get hash of full payload through HEAD (may be user can do it through dedicated command?)
-		res, err := internalclient.HeadObject(cmd.Context(), headPrm)
-		commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
-
-		var cs checksum.Checksum
-		var csSet bool
-
-		if tz {
-			cs, csSet = res.Header().PayloadHomomorphicHash()
-		} else {
-			cs, csSet = res.Header().PayloadChecksum()
-		}
-
-		if csSet {
-			cmd.Println(hex.EncodeToString(cs.Value()))
-		} else {
-			cmd.Println("Missing checksum in object header.")
-		}
-
-		return
-	}
-
 	var hashPrm internalclient.HashPayloadRangesPrm
 	hashPrm.SetClient(cli)
 	Prepare(cmd, &hashPrm)
@@ -104,7 +75,7 @@ func getObjectHash(cmd *cobra.Command, _ []string) {
 	hashPrm.SetSalt(salt)
 	hashPrm.SetRanges(ranges)
 
-	if tz {
+	if typ == hashTz {
 		hashPrm.TZ()
 	}
 

cmd/frostfs-cli/modules/object/nodes.go

@@ -1,15 +1,12 @@
 package object
 
 import (
-	"bytes"
-	"cmp"
 	"context"
 	"crypto/ecdsa"
 	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
-	"slices"
 	"sync"
 
 	internalclient "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
@@ -507,7 +504,6 @@ func isObjectStoredOnNode(ctx context.Context, cmd *cobra.Command, cnrID cid.ID,
 }
 
 func printPlacement(cmd *cobra.Command, objID oid.ID, objects []phyObject, result *objectNodesResult) {
-	normilizeObjectNodesResult(objects, result)
 	if json, _ := cmd.Flags().GetBool(commonflags.JSON); json {
 		printObjectNodesAsJSON(cmd, objID, objects, result)
 	} else {
@@ -515,34 +511,6 @@ func printPlacement(cmd *cobra.Command, objID oid.ID, objects []phyObject, resul
 	}
 }
 
-func normilizeObjectNodesResult(objects []phyObject, result *objectNodesResult) {
-	slices.SortFunc(objects, func(lhs, rhs phyObject) int {
-		if lhs.ecHeader == nil && rhs.ecHeader == nil {
-			return bytes.Compare(lhs.objectID[:], rhs.objectID[:])
-		}
-		if lhs.ecHeader == nil {
-			return -1
-		}
-		if rhs.ecHeader == nil {
-			return 1
-		}
-		if lhs.ecHeader.parent == rhs.ecHeader.parent {
-			return cmp.Compare(lhs.ecHeader.index, rhs.ecHeader.index)
-		}
-		return bytes.Compare(lhs.ecHeader.parent[:], rhs.ecHeader.parent[:])
-	})
-	for _, obj := range objects {
-		op := result.placements[obj.objectID]
-		slices.SortFunc(op.confirmedNodes, func(lhs, rhs netmapSDK.NodeInfo) int {
-			return bytes.Compare(lhs.PublicKey(), rhs.PublicKey())
-		})
-		slices.SortFunc(op.requiredNodes, func(lhs, rhs netmapSDK.NodeInfo) int {
-			return bytes.Compare(lhs.PublicKey(), rhs.PublicKey())
-		})
-		result.placements[obj.objectID] = op
-	}
-}
-
 func printObjectNodesAsText(cmd *cobra.Command, objID oid.ID, objects []phyObject, result *objectNodesResult) {
 	fmt.Fprintf(cmd.OutOrStdout(), "Object %s stores payload in %d data objects:\n", objID.EncodeToString(), len(objects))
 

cmd/frostfs-cli/modules/util/convert_eacl.go

@@ -6,7 +6,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
-	apeutil "git.frostfs.info/TrueCloudLab/frostfs-node/internal/ape"
+	apeutil "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/ape"
 	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
 	"github.com/spf13/cobra"
 )

cmd/frostfs-ir/httpcomponent.go

@@ -77,7 +77,7 @@ func (c *httpComponent) reload(ctx context.Context) {
 		log.Info(ctx, c.name+" config updated")
 		if err := c.shutdown(ctx); err != nil {
 			log.Debug(ctx, logs.FrostFSIRCouldNotShutdownHTTPServer,
-				zap.String("error", err.Error()),
+				zap.Error(err),
 			)
 		} else {
 			c.init(ctx)

cmd/frostfs-ir/main.go

@@ -119,12 +119,12 @@ func shutdown(ctx context.Context) {
 	innerRing.Stop(ctx)
 	if err := metricsCmp.shutdown(ctx); err != nil {
 		log.Debug(ctx, logs.FrostFSIRCouldNotShutdownHTTPServer,
-			zap.String("error", err.Error()),
+			zap.Error(err),
 		)
 	}
 	if err := pprofCmp.shutdown(ctx); err != nil {
 		log.Debug(ctx, logs.FrostFSIRCouldNotShutdownHTTPServer,
-			zap.String("error", err.Error()),
+			zap.Error(err),
 		)
 	}
 

cmd/frostfs-ir/pprof.go

@@ -58,7 +58,7 @@ func (c *pprofComponent) reload(ctx context.Context) {
 		log.Info(ctx, c.name+" config updated")
 		if err := c.shutdown(ctx); err != nil {
 			log.Debug(ctx, logs.FrostFSIRCouldNotShutdownHTTPServer,
-				zap.String("error", err.Error()))
+				zap.Error(err))
 			return
 		}
 

cmd/frostfs-node/config.go

@@ -591,8 +591,6 @@ type cfgMorph struct {
 
 	client *client.Client
 
-	notaryEnabled bool
-
 	// TTL of Sidechain cached values. Non-positive value disables caching.
 	cacheTTL time.Duration
 
@@ -608,9 +606,10 @@ type cfgAccounting struct {
 type cfgContainer struct {
 	scriptHash neogoutil.Uint160
 
-	parsers     map[event.Type]event.NotificationParser
-	subscribers map[event.Type][]event.Handler
-	workerPool  util.WorkerPool // pool for asynchronous handlers
+	parsers            map[event.Type]event.NotificationParser
+	subscribers        map[event.Type][]event.Handler
+	workerPool         util.WorkerPool // pool for asynchronous handlers
+	containerBatchSize uint32
 }
 
 type cfgFrostfsID struct {
@@ -1121,7 +1120,7 @@ func initLocalStorage(ctx context.Context, c *cfg) {
 		err := ls.Close(context.WithoutCancel(ctx))
 		if err != nil {
 			c.log.Info(ctx, logs.FrostFSNodeStorageEngineClosingFailure,
-				zap.String("error", err.Error()),
+				zap.Error(err),
 			)
 		} else {
 			c.log.Info(ctx, logs.FrostFSNodeAllComponentsOfTheStorageEngineClosedSuccessfully)
@@ -1211,7 +1210,7 @@ func (c *cfg) updateContractNodeInfo(ctx context.Context, epoch uint64) {
 	if err != nil {
 		c.log.Error(ctx, logs.FrostFSNodeCouldNotUpdateNodeStateOnNewEpoch,
 			zap.Uint64("epoch", epoch),
-			zap.String("error", err.Error()))
+			zap.Error(err))
 		return
 	}
 
@@ -1221,9 +1220,9 @@ func (c *cfg) updateContractNodeInfo(ctx context.Context, epoch uint64) {
 // bootstrapWithState calls "addPeer" method of the Sidechain Netmap contract
 // with the binary-encoded information from the current node's configuration.
 // The state is set using the provided setter which MUST NOT be nil.
-func (c *cfg) bootstrapWithState(ctx context.Context, stateSetter func(*netmap.NodeInfo)) error {
+func (c *cfg) bootstrapWithState(ctx context.Context, state netmap.NodeState) error {
 	ni := c.cfgNodeInfo.localInfo
-	stateSetter(&ni)
+	ni.SetStatus(state)
 
 	prm := nmClient.AddPeerPrm{}
 	prm.SetNodeInfo(ni)
@@ -1233,9 +1232,7 @@ func (c *cfg) bootstrapWithState(ctx context.Context, stateSetter func(*netmap.N
 
 // bootstrapOnline calls cfg.bootstrapWithState with "online" state.
 func bootstrapOnline(ctx context.Context, c *cfg) error {
-	return c.bootstrapWithState(ctx, func(ni *netmap.NodeInfo) {
-		ni.SetStatus(netmap.Online)
-	})
+	return c.bootstrapWithState(ctx, netmap.Online)
 }
 
 // bootstrap calls bootstrapWithState with:
@@ -1246,9 +1243,7 @@ func (c *cfg) bootstrap(ctx context.Context) error {
 	st := c.cfgNetmap.state.controlNetmapStatus()
 	if st == control.NetmapStatus_MAINTENANCE {
 		c.log.Info(ctx, logs.FrostFSNodeBootstrappingWithTheMaintenanceState)
-		return c.bootstrapWithState(ctx, func(ni *netmap.NodeInfo) {
-			ni.SetStatus(netmap.Maintenance)
-		})
+		return c.bootstrapWithState(ctx, netmap.Maintenance)
 	}
 
 	c.log.Info(ctx, logs.FrostFSNodeBootstrappingWithOnlineState,
@@ -1466,7 +1461,7 @@ func (c *cfg) createTombstoneSource() *tombstone.ExpirationChecker {
 func (c *cfg) createContainerInfoProvider(ctx context.Context) container.InfoProvider {
 	return container.NewInfoProvider(func() (container.Source, error) {
 		c.initMorphComponents(ctx)
-		cc, err := containerClient.NewFromMorph(c.cfgMorph.client, c.cfgContainer.scriptHash, 0, containerClient.TryNotary())
+		cc, err := containerClient.NewFromMorph(c.cfgMorph.client, c.cfgContainer.scriptHash, 0)
 		if err != nil {
 			return nil, err
 		}

cmd/frostfs-node/config/container/container.go

@@ -0,0 +1,27 @@
+package containerconfig
+
+import "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config"
+
+const (
+	subsection           = "container"
+	listStreamSubsection = "list_stream"
+
+	// ContainerBatchSizeDefault represents he maximum amount of containers to send via stream at once.
+	ContainerBatchSizeDefault = 1000
+)
+
+// ContainerBatchSize returns the value of "batch_size" config parameter
+// from "list_stream" subsection of "container" section.
+//
+// Returns ContainerBatchSizeDefault if the value is missing or if
+// the value is not positive integer.
+func ContainerBatchSize(c *config.Config) uint32 {
+	if c.Sub(subsection).Sub(listStreamSubsection).Value("batch_size") == nil {
+		return ContainerBatchSizeDefault
+	}
+	size := config.Uint32Safe(c.Sub(subsection).Sub(listStreamSubsection), "batch_size")
+	if size == 0 {
+		return ContainerBatchSizeDefault
+	}
+	return size
+}

cmd/frostfs-node/config/container/container_test.go

@@ -0,0 +1,27 @@
+package containerconfig_test
+
+import (
+	"testing"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config"
+	containerconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/container"
+	configtest "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/test"
+	"github.com/stretchr/testify/require"
+)
+
+func TestContainerSection(t *testing.T) {
+	t.Run("defaults", func(t *testing.T) {
+		empty := configtest.EmptyConfig()
+		require.Equal(t, uint32(containerconfig.ContainerBatchSizeDefault), containerconfig.ContainerBatchSize(empty))
+	})
+
+	const path = "../../../../config/example/node"
+	fileConfigTest := func(c *config.Config) {
+		require.Equal(t, uint32(500), containerconfig.ContainerBatchSize(c))
+	}
+
+	configtest.ForEachFileType(path, fileConfigTest)
+	t.Run("ENV", func(t *testing.T) {
+		configtest.ForEnvFileType(t, path, fileConfigTest)
+	})
+}

cmd/frostfs-node/config/engine/config.go

@@ -41,6 +41,10 @@ func IterateShards(c *config.Config, required bool, f func(*shardconfig.Config)
 			c.Sub(si),
 		)
 
+		if sc.Mode() == mode.Disabled {
+			continue
+		}
+
 		// Path for the blobstor can't be present in the default section, because different shards
 		// must have different paths, so if it is missing, the shard is not here.
 		// At the same time checking for "blobstor" section doesn't work proper
@@ -50,10 +54,6 @@ func IterateShards(c *config.Config, required bool, f func(*shardconfig.Config)
 		}
 		(*config.Config)(sc).SetDefault(def)
 
-		if sc.Mode() == mode.Disabled {
-			continue
-		}
-
 		if err := f(sc); err != nil {
 			return err
 		}

cmd/frostfs-node/config/engine/config_test.go

@@ -18,6 +18,22 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+func TestIterateShards(t *testing.T) {
+	fileConfigTest := func(c *config.Config) {
+		var res []string
+		require.NoError(t,
+			engineconfig.IterateShards(c, false, func(sc *shardconfig.Config) error {
+				res = append(res, sc.Metabase().Path())
+				return nil
+			}))
+		require.Equal(t, []string{"abc", "xyz"}, res)
+	}
+
+	const cfgDir = "./testdata/shards"
+	configtest.ForEachFileType(cfgDir, fileConfigTest)
+	configtest.ForEnvFileType(t, cfgDir, fileConfigTest)
+}
+
 func TestEngineSection(t *testing.T) {
 	t.Run("defaults", func(t *testing.T) {
 		empty := configtest.EmptyConfig()

cmd/frostfs-node/config/engine/testdata/shards.env

@@ -0,0 +1,3 @@
+FROSTFS_STORAGE_SHARD_0_METABASE_PATH=abc
+FROSTFS_STORAGE_SHARD_1_MODE=disabled
+FROSTFS_STORAGE_SHARD_2_METABASE_PATH=xyz

cmd/frostfs-node/config/engine/testdata/shards.json

@@ -0,0 +1,13 @@
+{
+  "storage.shard": {
+    "0": {
+      "metabase.path": "abc"
+    },
+    "1": {
+      "mode": "disabled"
+    },
+    "2": {
+      "metabase.path": "xyz"
+    }
+  }
+}

cmd/frostfs-node/config/engine/testdata/shards.yaml

@@ -0,0 +1,7 @@
+storage.shard:
+  0:
+    metabase.path: abc
+  1:
+    mode: disabled
+  2:
+    metabase.path: xyz

cmd/frostfs-node/container.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"net"
 
+	containerconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/container"
 	morphconfig "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config/morph"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/internal/logs"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/internal/metrics"
@@ -28,7 +29,7 @@ import (
 func initContainerService(_ context.Context, c *cfg) {
 	// container wrapper that tries to invoke notary
 	// requests if chain is configured so
-	wrap, err := cntClient.NewFromMorph(c.cfgMorph.client, c.cfgContainer.scriptHash, 0, cntClient.TryNotary())
+	wrap, err := cntClient.NewFromMorph(c.cfgMorph.client, c.cfgContainer.scriptHash, 0)
 	fatalOnErr(err)
 
 	c.shared.cnrClient = wrap
@@ -47,6 +48,7 @@ func initContainerService(_ context.Context, c *cfg) {
 	}
 
 	c.shared.frostfsidClient = frostfsIDSubjectProvider
+	c.cfgContainer.containerBatchSize = containerconfig.ContainerBatchSize(c.appCfg)
 
 	defaultChainRouter := engine.NewDefaultChainRouterWithLocalOverrides(
 		c.cfgObject.cfgAccessPolicyEngine.accessPolicyEngine.MorphRuleChainStorage(),
@@ -56,7 +58,9 @@ func initContainerService(_ context.Context, c *cfg) {
 		&c.key.PrivateKey,
 		containerService.NewAPEServer(defaultChainRouter, cnrRdr,
 			newCachedIRFetcher(createInnerRingFetcher(c)), c.netMapSource, c.shared.frostfsidClient,
-			containerService.NewExecutionService(containerMorph.NewExecutor(cnrRdr, cnrWrt), c.respSvc),
+			containerService.NewSplitterService(
+				c.cfgContainer.containerBatchSize, c.respSvc,
+				containerService.NewExecutionService(containerMorph.NewExecutor(cnrRdr, cnrWrt), c.respSvc)),
 		),
 	)
 	service = containerService.NewAuditService(service, c.log, c.audit)

cmd/frostfs-node/control.go

@@ -12,6 +12,8 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/sdnotify"
 	"go.uber.org/zap"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/experimental"
+	"google.golang.org/grpc/mem"
 )
 
 const serviceNameControl = "control"
@@ -50,7 +52,7 @@ func initControlService(ctx context.Context, c *cfg) {
 		return
 	}
 
-	c.cfgControlService.server = grpc.NewServer()
+	c.cfgControlService.server = grpc.NewServer(experimental.BufferPool(mem.NopBufferPool{}))
 
 	c.onShutdown(func() {
 		stopGRPC(ctx, "FrostFS Control API", c.cfgControlService.server, c.log)

cmd/frostfs-node/grpc.go

@@ -15,6 +15,8 @@ import (
 	"go.uber.org/zap"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/experimental"
+	"google.golang.org/grpc/mem"
 )
 
 const maxRecvMsgSize = 256 << 20
@@ -37,6 +39,7 @@ func initGRPC(ctx context.Context, c *cfg) {
 		}
 		c.metricsCollector.GrpcServerMetrics().MarkHealthy(sc.Endpoint())
 
+		serverOpts = append(serverOpts, experimental.BufferPool(mem.NopBufferPool{}))
 		srv := grpc.NewServer(serverOpts...)
 
 		c.onShutdown(func() {
@@ -94,6 +97,7 @@ func tryReconnect(ctx context.Context, endpoint string, c *cfg) bool {
 	}
 	c.metricsCollector.GrpcServerMetrics().MarkHealthy(endpoint)
 
+	serverOpts = append(serverOpts, experimental.BufferPool(mem.NopBufferPool{}))
 	srv := grpc.NewServer(serverOpts...)
 
 	c.onShutdown(func() {

cmd/frostfs-node/main.go

@@ -134,7 +134,7 @@ func stopAndLog(ctx context.Context, c *cfg, name string, stopper func(context.C
 	err := stopper(ctx)
 	if err != nil {
 		c.log.Debug(ctx, fmt.Sprintf("could not shutdown %s server", name),
-			zap.String("error", err.Error()),
+			zap.Error(err),
 		)
 	}
 

cmd/frostfs-node/morph.go

@@ -17,11 +17,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/rand"
 	"github.com/nspcc-dev/neo-go/pkg/core/block"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
-	"github.com/nspcc-dev/neo-go/pkg/neorpc/result"
-	"github.com/nspcc-dev/neo-go/pkg/rpcclient/waiter"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
 	"github.com/nspcc-dev/neo-go/pkg/util"
-	"github.com/nspcc-dev/neo-go/pkg/vm/vmstate"
 	"go.uber.org/zap"
 )
 
@@ -39,20 +35,16 @@ func (c *cfg) initMorphComponents(ctx context.Context) {
 
 	lookupScriptHashesInNNS(c) // smart contract auto negotiation
 
-	if c.cfgMorph.notaryEnabled {
-		err := c.cfgMorph.client.EnableNotarySupport(
-			client.WithProxyContract(
-				c.cfgMorph.proxyScriptHash,
-			),
-		)
-		fatalOnErr(err)
-	}
-
-	c.log.Info(ctx, logs.FrostFSNodeNotarySupport,
-		zap.Bool("sidechain_enabled", c.cfgMorph.notaryEnabled),
+	err := c.cfgMorph.client.EnableNotarySupport(
+		client.WithProxyContract(
+			c.cfgMorph.proxyScriptHash,
+		),
 	)
+	fatalOnErr(err)
 
-	wrap, err := nmClient.NewFromMorph(c.cfgMorph.client, c.cfgNetmap.scriptHash, 0, nmClient.TryNotary())
+	c.log.Info(ctx, logs.FrostFSNodeNotarySupport)
+
+	wrap, err := nmClient.NewFromMorph(c.cfgMorph.client, c.cfgNetmap.scriptHash, 0)
 	fatalOnErr(err)
 
 	var netmapSource netmap.Source
@@ -104,7 +96,7 @@ func initMorphClient(ctx context.Context, c *cfg) {
 	if err != nil {
 		c.log.Info(ctx, logs.FrostFSNodeFailedToCreateNeoRPCClient,
 			zap.Any("endpoints", addresses),
-			zap.String("error", err.Error()),
+			zap.Error(err),
 		)
 
 		fatalOnErr(err)
@@ -120,15 +112,9 @@ func initMorphClient(ctx context.Context, c *cfg) {
 	}
 
 	c.cfgMorph.client = cli
-	c.cfgMorph.notaryEnabled = cli.ProbeNotary()
 }
 
 func makeAndWaitNotaryDeposit(ctx context.Context, c *cfg) {
-	// skip notary deposit in non-notary environments
-	if !c.cfgMorph.notaryEnabled {
-		return
-	}
-
 	tx, vub, err := makeNotaryDeposit(ctx, c)
 	fatalOnErr(err)
 
@@ -164,48 +150,13 @@ func makeNotaryDeposit(ctx context.Context, c *cfg) (util.Uint256, uint32, error
 	return c.cfgMorph.client.DepositEndlessNotary(ctx, depositAmount)
 }
 
-var (
-	errNotaryDepositFail    = errors.New("notary deposit tx has faulted")
-	errNotaryDepositTimeout = errors.New("notary deposit tx has not appeared in the network")
-)
-
-type waiterClient struct {
-	c *client.Client
-}
-
-func (w *waiterClient) Context() context.Context {
-	return context.Background()
-}
-
-func (w *waiterClient) GetApplicationLog(hash util.Uint256, trig *trigger.Type) (*result.ApplicationLog, error) {
-	return w.c.GetApplicationLog(hash, trig)
-}
-
-func (w *waiterClient) GetBlockCount() (uint32, error) {
-	return w.c.BlockCount()
-}
-
-func (w *waiterClient) GetVersion() (*result.Version, error) {
-	return w.c.GetVersion()
-}
-
 func waitNotaryDeposit(ctx context.Context, c *cfg, tx util.Uint256, vub uint32) error {
-	w, err := waiter.NewPollingBased(&waiterClient{c: c.cfgMorph.client})
-	if err != nil {
-		return fmt.Errorf("could not create notary deposit waiter: %w", err)
+	if err := c.cfgMorph.client.WaitTxHalt(ctx, client.InvokeRes{Hash: tx, VUB: vub}); err != nil {
+		return err
 	}
-	res, err := w.WaitAny(ctx, vub, tx)
-	if err != nil {
-		if errors.Is(err, waiter.ErrTxNotAccepted) {
-			return errNotaryDepositTimeout
-		}
-		return fmt.Errorf("could not wait for notary deposit persists in chain: %w", err)
-	}
-	if res.Execution.VMState.HasFlag(vmstate.Halt) {
-		c.log.Info(ctx, logs.ClientNotaryDepositTransactionWasSuccessfullyPersisted)
-		return nil
-	}
-	return errNotaryDepositFail
+
+	c.log.Info(ctx, logs.ClientNotaryDepositTransactionWasSuccessfullyPersisted)
+	return nil
 }
 
 func listenMorphNotifications(ctx context.Context, c *cfg) {
@@ -217,7 +168,7 @@ func listenMorphNotifications(ctx context.Context, c *cfg) {
 	fromSideChainBlock, err := c.persistate.UInt32(persistateSideChainLastBlockKey)
 	if err != nil {
 		fromSideChainBlock = 0
-		c.log.Warn(ctx, logs.FrostFSNodeCantGetLastProcessedSideChainBlockNumber, zap.String("error", err.Error()))
+		c.log.Warn(ctx, logs.FrostFSNodeCantGetLastProcessedSideChainBlockNumber, zap.Error(err))
 	}
 
 	subs, err = subscriber.New(ctx, &subscriber.Params{
@@ -272,27 +223,17 @@ func registerNotificationHandlers(scHash util.Uint160, lis event.Listener, parse
 	subs map[event.Type][]event.Handler,
 ) {
 	for typ, handlers := range subs {
-		pi := event.NotificationParserInfo{}
-		pi.SetType(typ)
-		pi.SetScriptHash(scHash)
-
 		p, ok := parsers[typ]
 		if !ok {
 			panic(fmt.Sprintf("missing parser for event %s", typ))
 		}
 
-		pi.SetParser(p)
-
-		lis.SetNotificationParser(pi)
-
-		for _, h := range handlers {
-			hi := event.NotificationHandlerInfo{}
-			hi.SetType(typ)
-			hi.SetScriptHash(scHash)
-			hi.SetHandler(h)
-
-			lis.RegisterNotificationHandler(hi)
-		}
+		lis.RegisterNotificationHandler(event.NotificationHandlerInfo{
+			Contract: scHash,
+			Type:     typ,
+			Parser:   p,
+			Handlers: handlers,
+		})
 	}
 }
 
@@ -321,10 +262,6 @@ func lookupScriptHashesInNNS(c *cfg) {
 	)
 
 	for _, t := range targets {
-		if t.nnsName == client.NNSProxyContractName && !c.cfgMorph.notaryEnabled {
-			continue // ignore proxy contract if notary disabled
-		}
-
 		if emptyHash.Equals(*t.h) {
 			*t.h, err = c.cfgMorph.client.NNSContractAddress(t.nnsName)
 			fatalOnErrDetails(fmt.Sprintf("can't resolve %s in NNS", t.nnsName), err)

cmd/frostfs-node/netmap.go

@@ -193,16 +193,14 @@ func addNewEpochNotificationHandlers(c *cfg) {
 		}
 	})
 
-	if c.cfgMorph.notaryEnabled {
-		addNewEpochAsyncNotificationHandler(c, func(ctx context.Context, _ event.Event) {
-			_, _, err := makeNotaryDeposit(ctx, c)
-			if err != nil {
-				c.log.Error(ctx, logs.FrostFSNodeCouldNotMakeNotaryDeposit,
-					zap.String("error", err.Error()),
-				)
-			}
-		})
-	}
+	addNewEpochAsyncNotificationHandler(c, func(ctx context.Context, _ event.Event) {
+		_, _, err := makeNotaryDeposit(ctx, c)
+		if err != nil {
+			c.log.Error(ctx, logs.FrostFSNodeCouldNotMakeNotaryDeposit,
+				zap.Error(err),
+			)
+		}
+	})
 }
 
 // bootstrapNode adds current node to the Network map.
@@ -421,8 +419,11 @@ func (c *cfg) updateNetMapState(ctx context.Context, stateSetter func(*nmClient.
 	prm.SetKey(c.key.PublicKey().Bytes())
 	stateSetter(&prm)
 
-	_, err := c.cfgNetmap.wrapper.UpdatePeerState(ctx, prm)
-	return err
+	res, err := c.cfgNetmap.wrapper.UpdatePeerState(ctx, prm)
+	if err != nil {
+		return err
+	}
+	return c.cfgNetmap.wrapper.Morph().WaitTxHalt(ctx, res)
 }
 
 type netInfo struct {

cmd/frostfs-node/object.go

@@ -13,7 +13,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/netmap"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/local_object_storage/engine"
 	morphClient "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
-	nmClient "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client/netmap"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/network/cache"
 	objectTransportGRPC "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/network/transport/object/grpc"
 	objectService "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/services/object"
@@ -59,7 +58,7 @@ func (c *cfg) MaxObjectSize() uint64 {
 	sz, err := c.cfgNetmap.wrapper.MaxObjectSize()
 	if err != nil {
 		c.log.Error(context.Background(), logs.FrostFSNodeCouldNotGetMaxObjectSizeValue,
-			zap.String("error", err.Error()),
+			zap.Error(err),
 		)
 	}
 
@@ -137,24 +136,6 @@ func (fn *innerRingFetcherWithNotary) InnerRingKeys() ([][]byte, error) {
 	return result, nil
 }
 
-type innerRingFetcherWithoutNotary struct {
-	nm *nmClient.Client
-}
-
-func (f *innerRingFetcherWithoutNotary) InnerRingKeys() ([][]byte, error) {
-	keys, err := f.nm.GetInnerRingList()
-	if err != nil {
-		return nil, fmt.Errorf("can't get inner ring keys from netmap contract: %w", err)
-	}
-
-	result := make([][]byte, 0, len(keys))
-	for i := range keys {
-		result = append(result, keys[i].Bytes())
-	}
-
-	return result, nil
-}
-
 func initObjectService(c *cfg) {
 	keyStorage := util.NewKeyStorage(&c.key.PrivateKey, c.privateTokenStore, c.cfgNetmap.state)
 
@@ -288,7 +269,7 @@ func addPolicer(c *cfg, keyStorage *util.KeyStorage, clientConstructor *cache.Cl
 			_, err := ls.Inhume(ctx, inhumePrm)
 			if err != nil {
 				c.log.Warn(ctx, logs.FrostFSNodeCouldNotInhumeMarkRedundantCopyAsGarbage,
-					zap.String("error", err.Error()),
+					zap.Error(err),
 				)
 			}
 		}),
@@ -305,13 +286,8 @@ func addPolicer(c *cfg, keyStorage *util.KeyStorage, clientConstructor *cache.Cl
 }
 
 func createInnerRingFetcher(c *cfg) v2.InnerRingFetcher {
-	if c.cfgMorph.client.ProbeNotary() {
-		return &innerRingFetcherWithNotary{
-			sidechain: c.cfgMorph.client,
-		}
-	}
-	return &innerRingFetcherWithoutNotary{
-		nm: c.cfgNetmap.wrapper,
+	return &innerRingFetcherWithNotary{
+		sidechain: c.cfgMorph.client,
 	}
 }
 

cmd/frostfs-node/tree.go

@@ -113,7 +113,7 @@ func initTreeService(c *cfg) {
 			// Ignore pilorama.ErrTreeNotFound but other errors, including shard.ErrReadOnly, should be logged.
 			c.log.Error(ctx, logs.FrostFSNodeContainerRemovalEventReceivedButTreesWerentRemoved,
 				zap.Stringer("cid", ev.ID),
-				zap.String("error", err.Error()))
+				zap.Error(err))
 		}
 	})
 

cmd/internal/common/ape/commands.go

@@ -0,0 +1,167 @@
+package ape
+
+import (
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"strconv"
+	"strings"
+
+	commonCmd "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/internal/common"
+	apeutil "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/ape"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
+	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
+	"github.com/nspcc-dev/neo-go/cli/input"
+	"github.com/spf13/cobra"
+)
+
+const (
+	defaultNamespace = "root"
+	namespaceTarget  = "namespace"
+	containerTarget  = "container"
+	userTarget       = "user"
+	groupTarget      = "group"
+
+	Ingress = "ingress"
+	S3      = "s3"
+)
+
+var mChainName = map[string]apechain.Name{
+	Ingress: apechain.Ingress,
+	S3:      apechain.S3,
+}
+
+var (
+	errSettingDefaultValueWasDeclined = errors.New("setting default value was declined")
+	errUnknownTargetType              = errors.New("unknown target type")
+	errUnsupportedChainName           = errors.New("unsupported chain name")
+)
+
+// PrintHumanReadableAPEChain print APE chain rules.
+func PrintHumanReadableAPEChain(cmd *cobra.Command, chain *apechain.Chain) {
+	cmd.Println("Chain ID: " + string(chain.ID))
+	cmd.Printf("     HEX: %x\n", chain.ID)
+	cmd.Println("Rules:")
+	for _, rule := range chain.Rules {
+		cmd.Println("\n\tStatus: " + rule.Status.String())
+		cmd.Println("\tAny: " + strconv.FormatBool(rule.Any))
+		cmd.Println("\tConditions:")
+		for _, c := range rule.Condition {
+			var ot string
+			switch c.Kind {
+			case apechain.KindResource:
+				ot = "Resource"
+			case apechain.KindRequest:
+				ot = "Request"
+			default:
+				panic("unknown object type")
+			}
+			cmd.Println(fmt.Sprintf("\t\t%s %s %s %s", ot, c.Key, c.Op, c.Value))
+		}
+		cmd.Println("\tActions:\tInverted:" + strconv.FormatBool(rule.Actions.Inverted))
+		for _, name := range rule.Actions.Names {
+			cmd.Println("\t\t" + name)
+		}
+		cmd.Println("\tResources:\tInverted:" + strconv.FormatBool(rule.Resources.Inverted))
+		for _, name := range rule.Resources.Names {
+			cmd.Println("\t\t" + name)
+		}
+	}
+}
+
+// ParseTarget handles target parsing of an APE chain.
+func ParseTarget(cmd *cobra.Command) engine.Target {
+	typ := ParseTargetType(cmd)
+	name, _ := cmd.Flags().GetString(TargetNameFlag)
+	switch typ {
+	case engine.Namespace:
+		if name == "" {
+			ln, err := input.ReadLine(fmt.Sprintf("Target name is not set. Confirm to use %s namespace (n|Y)> ", defaultNamespace))
+			commonCmd.ExitOnErr(cmd, "read line error: %w", err)
+			ln = strings.ToLower(ln)
+			if len(ln) > 0 && (ln[0] == 'n') {
+				commonCmd.ExitOnErr(cmd, "read namespace error: %w", errSettingDefaultValueWasDeclined)
+			}
+			name = defaultNamespace
+		}
+		return engine.NamespaceTarget(name)
+	case engine.Container:
+		var cnr cid.ID
+		commonCmd.ExitOnErr(cmd, "can't decode container ID: %w", cnr.DecodeString(name))
+		return engine.ContainerTarget(name)
+	case engine.User:
+		return engine.UserTarget(name)
+	case engine.Group:
+		return engine.GroupTarget(name)
+	default:
+		commonCmd.ExitOnErr(cmd, "read target type error: %w", errUnknownTargetType)
+	}
+	panic("unreachable")
+}
+
+// ParseTargetType handles target type parsing of an APE chain.
+func ParseTargetType(cmd *cobra.Command) engine.TargetType {
+	typ, _ := cmd.Flags().GetString(TargetTypeFlag)
+	switch typ {
+	case namespaceTarget:
+		return engine.Namespace
+	case containerTarget:
+		return engine.Container
+	case userTarget:
+		return engine.User
+	case groupTarget:
+		return engine.Group
+	default:
+		commonCmd.ExitOnErr(cmd, "parse target type error: %w", errUnknownTargetType)
+	}
+	panic("unreachable")
+}
+
+// ParseChainID handles the parsing of APE-chain identifier.
+// For some subcommands, chain ID is optional as an input parameter and should be generated by
+// the service instead.
+func ParseChainID(cmd *cobra.Command) (id apechain.ID) {
+	chainID, _ := cmd.Flags().GetString(ChainIDFlag)
+	id = apechain.ID(chainID)
+
+	hexEncoded, _ := cmd.Flags().GetBool(ChainIDHexFlag)
+	if !hexEncoded {
+		return
+	}
+
+	chainIDRaw, err := hex.DecodeString(chainID)
+	commonCmd.ExitOnErr(cmd, "can't decode chain ID as hex: %w", err)
+	id = apechain.ID(chainIDRaw)
+	return
+}
+
+// ParseChain parses an APE chain which can be provided either as a rule statement
+// or loaded from a binary/JSON file path.
+func ParseChain(cmd *cobra.Command) *apechain.Chain {
+	chain := new(apechain.Chain)
+	chain.ID = ParseChainID(cmd)
+
+	if rules, _ := cmd.Flags().GetStringArray(RuleFlag); len(rules) > 0 {
+		commonCmd.ExitOnErr(cmd, "parser error: %w", apeutil.ParseAPEChain(chain, rules))
+	} else if encPath, _ := cmd.Flags().GetString(PathFlag); encPath != "" {
+		commonCmd.ExitOnErr(cmd, "decode binary or json error: %w", apeutil.ParseAPEChainBinaryOrJSON(chain, encPath))
+	} else {
+		commonCmd.ExitOnErr(cmd, "parser error", errors.New("rule is not passed"))
+	}
+
+	cmd.Println("Parsed chain:")
+	PrintHumanReadableAPEChain(cmd, chain)
+
+	return chain
+}
+
+// ParseChainName parses chain name: the place in the request lifecycle where policy is applied.
+func ParseChainName(cmd *cobra.Command) apechain.Name {
+	chainName, _ := cmd.Flags().GetString(ChainNameFlag)
+	apeChainName, ok := mChainName[strings.ToLower(chainName)]
+	if !ok {
+		commonCmd.ExitOnErr(cmd, "", errUnsupportedChainName)
+	}
+	return apeChainName
+}

cmd/internal/common/ape/flags.go

@@ -0,0 +1,79 @@
+package ape
+
+const (
+	RuleFlag           = "rule"
+	PathFlag           = "path"
+	PathFlagDesc       = "Path to encoded chain in JSON or binary format"
+	TargetNameFlag     = "target-name"
+	TargetNameFlagDesc = "Resource name in APE resource name format"
+	TargetTypeFlag     = "target-type"
+	TargetTypeFlagDesc = "Resource type(container/namespace)"
+	ChainIDFlag        = "chain-id"
+	ChainIDFlagDesc    = "Chain id"
+	ChainIDHexFlag     = "chain-id-hex"
+	ChainIDHexFlagDesc = "Flag to parse chain ID as hex"
+	ChainNameFlag      = "chain-name"
+	ChainNameFlagDesc  = "Chain name(ingress|s3)"
+	AllFlag            = "all"
+)
+
+const RuleFlagDesc = `Defines an Access Policy Engine (APE) rule in the format:
+    <status>[:status_detail] <action>... <condition>... <resource>...
+
+Status:
+  - allow                   Permits specified actions
+  - deny                    Prohibits specified actions
+  - deny:QuotaLimitReached  Denies access due to quota limits
+
+Actions:
+    Object operations:
+    - Object.Put, Object.Get, etc.
+    - Object.*     (all object operations)
+    Container operations:
+    - Container.Put, Container.Get, etc.
+    - Container.*  (all container operations)
+
+Conditions:
+    ResourceCondition:
+      Format: ResourceCondition:"key"=value, "key"!=value
+        Reserved properties (use '\' before '$'):
+        - $Object:version
+        - $Object:objectID
+        - $Object:containerID
+        - $Object:ownerID
+        - $Object:creationEpoch
+        - $Object:payloadLength
+        - $Object:payloadHash
+        - $Object:objectType
+        - $Object:homomorphicHash
+
+RequestCondition:
+    Format: RequestCondition:"key"=value, "key"!=value
+      Reserved properties (use '\' before '$'):
+        - $Actor:publicKey
+        - $Actor:role
+
+      Example:
+        ResourceCondition:"check_key"!="check_value" RequestCondition:"$Actor:role"=others
+
+Resources:
+    For objects:
+      - namespace/cid/oid    (specific object)
+      - namespace/cid/*      (all objects in container)
+      - namespace/*          (all objects in namespace)
+      - *                    (all objects)
+      - /*                   (all objects in root namespace)
+      - /cid/*               (all objects in root container)
+      - /cid/oid             (specific object in root container)
+
+    For containers:
+      - namespace/cid        (specific container)
+      - namespace/*          (all containers in namespace)
+      - *                    (all containers)
+      - /cid                 (root container)
+      - /*                   (all root containers)
+
+Notes:
+    - Cannot mix object and container operations in one rule
+    - Default behavior is Any=false unless 'any' is specified
+    - Use 'all' keyword to explicitly set Any=false`

cmd/internal/common/exit.go

@@ -26,13 +26,15 @@ func ExitOnErr(cmd *cobra.Command, errFmt string, err error) {
 		_ = iota
 		internal
 		aclDenied
+		apemanagerDenied
 	)
 
 	var (
 		code int
 
-		internalErr = new(sdkstatus.ServerInternal)
-		accessErr   = new(sdkstatus.ObjectAccessDenied)
+		internalErr   = new(sdkstatus.ServerInternal)
+		accessErr     = new(sdkstatus.ObjectAccessDenied)
+		apemanagerErr = new(sdkstatus.APEManagerAccessDenied)
 	)
 
 	switch {
@@ -41,6 +43,9 @@ func ExitOnErr(cmd *cobra.Command, errFmt string, err error) {
 	case errors.As(err, &accessErr):
 		code = aclDenied
 		err = fmt.Errorf("%w: %s", err, accessErr.Reason())
+	case errors.As(err, &apemanagerErr):
+		code = apemanagerDenied
+		err = fmt.Errorf("%w: %s", err, apemanagerErr.Reason())
 	default:
 		code = internal
 	}

config/example/node.env

@@ -83,6 +83,9 @@ FROSTFS_POLICER_HEAD_TIMEOUT=15s
 FROSTFS_REPLICATOR_PUT_TIMEOUT=15s
 FROSTFS_REPLICATOR_POOL_SIZE=10
 
+# Container service section
+FROSTFS_CONTAINER_LIST_STREAM_BATCH_SIZE=500
+
 # Object service section
 FROSTFS_OBJECT_PUT_REMOTE_POOL_SIZE=100
 FROSTFS_OBJECT_PUT_LOCAL_POOL_SIZE=200

config/example/node.json

@@ -124,6 +124,11 @@
     "pool_size": 10,
     "put_timeout": "15s"
   },
+  "container": {
+    "list_stream": {
+      "batch_size": "500"
+    }
+  },
   "object": {
     "delete": {
       "tombstone_lifetime": 10

config/example/node.yaml

@@ -108,6 +108,10 @@ replicator:
   put_timeout: 15s  # timeout for the Replicator PUT remote operation
   pool_size: 10     # maximum amount of concurrent replications
 
+container:
+  list_stream:
+    batch_size: 500 # container_batch_size is the maximum amount of containers to send via stream at once
+
 object:
   delete:
     tombstone_lifetime: 10 # tombstone "local" lifetime in epochs

go.mod

@@ -2,13 +2,18 @@ module git.frostfs.info/TrueCloudLab/frostfs-node
 
 go 1.22
 
+replace (
+	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20241210104938-c4463df8d467 => /home/annikifa/workspace/frostfs-sdk-go/
+	google.golang.org/grpc v1.66.2 => /home/annikifa/workspace/grpc-go/
+)
+
 require (
 	code.gitea.io/sdk/gitea v0.17.1
-	git.frostfs.info/TrueCloudLab/frostfs-contract v0.20.0
+	git.frostfs.info/TrueCloudLab/frostfs-contract v0.21.1-0.20241205083807-762d7f9f9f08
 	git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0
 	git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb5c0d
 	git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20241112082307-f17779933e88
-	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20241107121119-cb813e27a823
+	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20241210104938-c4463df8d467
 	git.frostfs.info/TrueCloudLab/hrw v1.2.1
 	git.frostfs.info/TrueCloudLab/multinet v0.0.0-20241015075604-6cb0d80e0972
 	git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240814080254-96225afacb88
@@ -27,7 +32,7 @@ require (
 	github.com/klauspost/compress v1.17.4
 	github.com/mailru/easyjson v0.7.7
 	github.com/mr-tron/base58 v1.2.0
-	github.com/multiformats/go-multiaddr v0.12.1
+	github.com/multiformats/go-multiaddr v0.14.0
 	github.com/nspcc-dev/neo-go v0.106.3
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/panjf2000/ants/v2 v2.9.0

internal/logs/logs.go

@@ -164,17 +164,9 @@ const (
 	EventNotaryParserNotSet                                              = "notary parser not set"
 	EventCouldNotParseNotaryEvent                                        = "could not parse notary event"
 	EventNotaryHandlersForParsedNotificationEventWereNotRegistered       = "notary handlers for parsed notification event were not registered"
-	EventIgnoreNilEventParser                                            = "ignore nil event parser"
-	EventListenerHasBeenAlreadyStartedIgnoreParser                       = "listener has been already started, ignore parser"
 	EventRegisteredNewEventParser                                        = "registered new event parser"
-	EventIgnoreNilEventHandler                                           = "ignore nil event handler"
-	EventIgnoreHandlerOfEventWoParser                                    = "ignore handler of event w/o parser"
 	EventRegisteredNewEventHandler                                       = "registered new event handler"
-	EventIgnoreNilNotaryEventParser                                      = "ignore nil notary event parser"
-	EventListenerHasBeenAlreadyStartedIgnoreNotaryParser                 = "listener has been already started, ignore notary parser"
-	EventIgnoreNilNotaryEventHandler                                     = "ignore nil notary event handler"
 	EventIgnoreHandlerOfNotaryEventWoParser                              = "ignore handler of notary event w/o parser"
-	EventIgnoreNilBlockHandler                                           = "ignore nil block handler"
 	StorageOperation                                                     = "local object storage operation"
 	BlobovniczaCreatingDirectoryForBoltDB                                = "creating directory for BoltDB"
 	BlobovniczaOpeningBoltDB                                             = "opening BoltDB"

pkg/core/object/sender_classifier.go

@@ -67,7 +67,7 @@ func (c SenderClassifier) IsInnerRingOrContainerNode(ctx context.Context, ownerK
 	if err != nil {
 		// do not throw error, try best case matching
 		c.log.Debug(ctx, logs.V2CantCheckIfRequestFromInnerRing,
-			zap.String("error", err.Error()))
+			zap.Error(err))
 	} else if isInnerRingNode {
 		return &ClassifyResult{
 			Role: acl.RoleInnerRing,
@@ -84,7 +84,7 @@ func (c SenderClassifier) IsInnerRingOrContainerNode(ctx context.Context, ownerK
 		// is not possible for previous epoch, so
 		// do not throw error, try best case matching
 		c.log.Debug(ctx, logs.V2CantCheckIfRequestFromContainerNode,
-			zap.String("error", err.Error()))
+			zap.Error(err))
 	} else if isContainerNode {
 		return &ClassifyResult{
 			Role: acl.RoleContainer,

pkg/innerring/bindings.go

@@ -8,7 +8,6 @@ type (
 	// ContractProcessor interface defines functions for binding event producers
 	// such as event.Listener and Timers with contract processor.
 	ContractProcessor interface {
-		ListenerNotificationParsers() []event.NotificationParserInfo
 		ListenerNotificationHandlers() []event.NotificationHandlerInfo
 		ListenerNotaryParsers() []event.NotaryParserInfo
 		ListenerNotaryHandlers() []event.NotaryHandlerInfo
@@ -16,11 +15,6 @@ type (
 )
 
 func connectListenerWithProcessor(l event.Listener, p ContractProcessor) {
-	// register notification parsers
-	for _, parser := range p.ListenerNotificationParsers() {
-		l.SetNotificationParser(parser)
-	}
-
 	// register notification handlers
 	for _, handler := range p.ListenerNotificationHandlers() {
 		l.RegisterNotificationHandler(handler)

pkg/innerring/initialization.go

@@ -33,6 +33,8 @@ import (
 	"github.com/spf13/viper"
 	"go.uber.org/zap"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/experimental"
+	"google.golang.org/grpc/mem"
 )
 
 func (s *Server) initNetmapProcessor(ctx context.Context, cfg *viper.Viper,
@@ -100,7 +102,7 @@ func (s *Server) initMainnet(ctx context.Context, cfg *viper.Viper, morphChain *
 	fromMainChainBlock, err := s.persistate.UInt32(persistateMainChainLastBlockKey)
 	if err != nil {
 		fromMainChainBlock = 0
-		s.log.Warn(ctx, logs.InnerringCantGetLastProcessedMainChainBlockNumber, zap.String("error", err.Error()))
+		s.log.Warn(ctx, logs.InnerringCantGetLastProcessedMainChainBlockNumber, zap.Error(err))
 	}
 	mainnetChain.from = fromMainChainBlock
 
@@ -346,7 +348,8 @@ func (s *Server) initGRPCServer(ctx context.Context, cfg *viper.Viper, log *logg
 		controlsrv.WithAllowedKeys(authKeys),
 	), log, audit)
 
-	grpcControlSrv := grpc.NewServer()
+	opts := []grpc.ServerOption{experimental.BufferPool(mem.NopBufferPool{})}
+	grpcControlSrv := grpc.NewServer(opts...)
 	control.RegisterControlServiceServer(grpcControlSrv, controlSvc)
 
 	s.runners = append(s.runners, func(ch chan<- error) error {
@@ -380,7 +383,6 @@ func (s *Server) initClientsFromMorph() (*serverMorphClients, error) {
 	// form morph container client's options
 	morphCnrOpts := make([]container.Option, 0, 3)
 	morphCnrOpts = append(morphCnrOpts,
-		container.TryNotary(),
 		container.AsAlphabet(),
 	)
 
@@ -390,12 +392,12 @@ func (s *Server) initClientsFromMorph() (*serverMorphClients, error) {
 	}
 	s.containerClient = result.CnrClient
 
-	s.netmapClient, err = nmClient.NewFromMorph(s.morphClient, s.contracts.netmap, fee, nmClient.TryNotary(), nmClient.AsAlphabet())
+	s.netmapClient, err = nmClient.NewFromMorph(s.morphClient, s.contracts.netmap, fee, nmClient.AsAlphabet())
 	if err != nil {
 		return nil, err
 	}
 
-	s.balanceClient, err = balanceClient.NewFromMorph(s.morphClient, s.contracts.balance, fee, balanceClient.TryNotary(), balanceClient.AsAlphabet())
+	s.balanceClient, err = balanceClient.NewFromMorph(s.morphClient, s.contracts.balance, fee, balanceClient.AsAlphabet())
 	if err != nil {
 		return nil, err
 	}
@@ -457,7 +459,7 @@ func (s *Server) initMorph(ctx context.Context, cfg *viper.Viper, errChan chan<-
 	fromSideChainBlock, err := s.persistate.UInt32(persistateSideChainLastBlockKey)
 	if err != nil {
 		fromSideChainBlock = 0
-		s.log.Warn(ctx, logs.InnerringCantGetLastProcessedSideChainBlockNumber, zap.String("error", err.Error()))
+		s.log.Warn(ctx, logs.InnerringCantGetLastProcessedSideChainBlockNumber, zap.Error(err))
 	}
 
 	morphChain := &chainParams{

pkg/innerring/innerring.go

@@ -177,7 +177,7 @@ func (s *Server) Start(ctx context.Context, intError chan<- error) (err error) {
 	if err != nil {
 		// we don't stop inner ring execution on this error
 		s.log.Warn(ctx, logs.InnerringCantVoteForPreparedValidators,
-			zap.String("error", err.Error()))
+			zap.Error(err))
 	}
 
 	s.tickInitialExpoch(ctx)
@@ -308,7 +308,7 @@ func (s *Server) Stop(ctx context.Context) {
 	for _, c := range s.closers {
 		if err := c(); err != nil {
 			s.log.Warn(ctx, logs.InnerringCloserError,
-				zap.String("error", err.Error()),
+				zap.Error(err),
 			)
 		}
 	}

pkg/innerring/processors/alphabet/handlers_test.go

@@ -7,6 +7,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring/processors/alphabet"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring/timers"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger/test"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
@@ -247,7 +248,7 @@ type testMorphClient struct {
 	batchTransferedGas []batchTransferGas
 }
 
-func (c *testMorphClient) Invoke(_ context.Context, contract util.Uint160, fee fixedn.Fixed8, method string, args ...any) (uint32, error) {
+func (c *testMorphClient) Invoke(_ context.Context, contract util.Uint160, fee fixedn.Fixed8, method string, args ...any) (client.InvokeRes, error) {
 	c.invokedMethods = append(c.invokedMethods,
 		invokedMethod{
 			contract: contract,
@@ -255,7 +256,7 @@ func (c *testMorphClient) Invoke(_ context.Context, contract util.Uint160, fee f
 			method:   method,
 			args:     args,
 		})
-	return 0, nil
+	return client.InvokeRes{}, nil
 }
 
 func (c *testMorphClient) TransferGas(receiver util.Uint160, amount fixedn.Fixed8) error {

pkg/innerring/processors/alphabet/process_emit.go

@@ -33,7 +33,7 @@ func (ap *Processor) processEmit(ctx context.Context) bool {
 	// there is no signature collecting, so we don't need extra fee
 	_, err := ap.morphClient.Invoke(ctx, contract, 0, emitMethod)
 	if err != nil {
-		ap.log.Warn(ctx, logs.AlphabetCantInvokeAlphabetEmitMethod, zap.String("error", err.Error()))
+		ap.log.Warn(ctx, logs.AlphabetCantInvokeAlphabetEmitMethod, zap.Error(err))
 
 		return false
 	}
@@ -47,7 +47,7 @@ func (ap *Processor) processEmit(ctx context.Context) bool {
 	networkMap, err := ap.netmapClient.NetMap()
 	if err != nil {
 		ap.log.Warn(ctx, logs.AlphabetCantGetNetmapSnapshotToEmitGasToStorageNodes,
-			zap.String("error", err.Error()))
+			zap.Error(err))
 
 		return false
 	}
@@ -83,7 +83,7 @@ func (ap *Processor) transferGasToNetmapNodes(ctx context.Context, nmNodes []net
 		key, err := keys.NewPublicKeyFromBytes(keyBytes, elliptic.P256())
 		if err != nil {
 			ap.log.Warn(ctx, logs.AlphabetCantParseNodePublicKey,
-				zap.String("error", err.Error()))
+				zap.Error(err))
 
 			continue
 		}
@@ -93,7 +93,7 @@ func (ap *Processor) transferGasToNetmapNodes(ctx context.Context, nmNodes []net
 			ap.log.Warn(ctx, logs.AlphabetCantTransferGas,
 				zap.String("receiver", key.Address()),
 				zap.Int64("amount", int64(gasPerNode)),
-				zap.String("error", err.Error()),
+				zap.Error(err),
 			)
 		}
 	}
@@ -110,7 +110,7 @@ func (ap *Processor) transferGasToExtraNodes(ctx context.Context, pw []util.Uint
 			ap.log.Warn(ctx, logs.AlphabetCantTransferGasToWallet,
 				zap.Strings("receivers", receiversLog),
 				zap.Int64("amount", int64(gasPerNode)),
-				zap.String("error", err.Error()),
+				zap.Error(err),
 			)
 		}
 	}

pkg/innerring/processors/alphabet/processor.go

@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/innerring/metrics"
+	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/event"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/util/logger"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
@@ -39,7 +40,7 @@ type (
 	}
 
 	morphClient interface {
-		Invoke(ctx context.Context, contract util.Uint160, fee fixedn.Fixed8, method string, args ...any) (uint32, error)
+		Invoke(ctx context.Context, contract util.Uint160, fee fixedn.Fixed8, method string, args ...any) (client.InvokeRes, error)
 		TransferGas(receiver util.Uint160, amount fixedn.Fixed8) error
 		BatchTransferGas(receivers []util.Uint160, amount fixedn.Fixed8) error
 	}
@@ -113,11 +114,6 @@ func (ap *Processor) SetParsedWallets(parsedWallets []util.Uint160) {
 	ap.pwLock.Unlock()
 }
 
-// ListenerNotificationParsers for the 'event.Listener' event producer.
-func (ap *Processor) ListenerNotificationParsers() []event.NotificationParserInfo {
-	return nil
-}
-
 // ListenerNotificationHandlers for the 'event.Listener' event producer.
 func (ap *Processor) ListenerNotificationHandlers() []event.NotificationHandlerInfo {
 	return nil

pkg/innerring/processors/balance/processor.go

@@ -88,32 +88,16 @@ func New(p *Params) (*Processor, error) {
 	}, nil
 }
 
-// ListenerNotificationParsers for the 'event.Listener' event producer.
-func (bp *Processor) ListenerNotificationParsers() []event.NotificationParserInfo {
-	var parsers []event.NotificationParserInfo
-
-	// new lock event
-	lock := event.NotificationParserInfo{}
-	lock.SetType(lockNotification)
-	lock.SetScriptHash(bp.balanceSC)
-	lock.SetParser(balanceEvent.ParseLock)
-	parsers = append(parsers, lock)
-
-	return parsers
-}
-
 // ListenerNotificationHandlers for the 'event.Listener' event producer.
 func (bp *Processor) ListenerNotificationHandlers() []event.NotificationHandlerInfo {
-	var handlers []event.NotificationHandlerInfo
-
-	// lock handler
-	lock := event.NotificationHandlerInfo{}
-	lock.SetType(lockNotification)
-	lock.SetScriptHash(bp.balanceSC)
-	lock.SetHandler(bp.handleLock)
-	handlers = append(handlers, lock)
-
-	return handlers
+	return []event.NotificationHandlerInfo{
+		{
+			Contract: bp.balanceSC,
+			Type:     lockNotification,
+			Parser:   balanceEvent.ParseLock,
+			Handlers: []event.Handler{bp.handleLock},
+		},
+	}
 }
 
 // ListenerNotaryParsers for the 'event.Listener' event producer.

pkg/innerring/processors/container/process_container.go

@@ -50,7 +50,7 @@ func (cp *Processor) processContainerPut(ctx context.Context, put putEvent) bool
 	err := cp.checkPutContainer(pctx)
 	if err != nil {
 		cp.log.Error(ctx, logs.ContainerPutContainerCheckFailed,
-			zap.String("error", err.Error()),
+			zap.Error(err),
 		)
 
 		return false
@@ -58,7 +58,7 @@ func (cp *Processor) processContainerPut(ctx context.Context, put putEvent) bool
 
 	if err := cp.morphClient.NotarySignAndInvokeTX(pctx.e.NotaryRequest().MainTransaction); err != nil {
 		cp.log.Error(ctx, logs.ContainerCouldNotApprovePutContainer,
-			zap.String("error", err.Error()),
+			zap.Error(err),
 		)
 		return false
 	}
@@ -113,7 +113,7 @@ func (cp *Processor) processContainerDelete(ctx context.Context, e containerEven
 	err := cp.checkDeleteContainer(e)
 	if err != nil {
 		cp.log.Error(ctx, logs.ContainerDeleteContainerCheckFailed,
-			zap.String("error", err.Error()),
+			zap.Error(err),
 		)
 
 		return false
@@ -121,7 +121,7 @@ func (cp *Processor) processContainerDelete(ctx context.Context, e containerEven
 
 	if err := cp.morphClient.NotarySignAndInvokeTX(e.NotaryRequest().MainTransaction); err != nil {
 		cp.log.Error(ctx, logs.ContainerCouldNotApproveDeleteContainer,
-			zap.String("error", err.Error()),
+			zap.Error(err),
 		)
 
 		return false

pkg/innerring/processors/container/processor.go

@@ -118,11 +118,6 @@ func New(p *Params) (*Processor, error) {
 	}, nil
 }
 
-// ListenerNotificationParsers for the 'event.Listener' event producer.
-func (cp *Processor) ListenerNotificationParsers() []event.NotificationParserInfo {
-	return nil
-}
-
 // ListenerNotificationHandlers for the 'event.Listener' event producer.
 func (cp *Processor) ListenerNotificationHandlers() []event.NotificationHandlerInfo {
 	return nil

pkg/innerring/processors/frostfs/process_assets.go

@@ -73,7 +73,7 @@ func (np *Processor) processDeposit(ctx context.Context, deposit frostfsEvent.De
 	err = np.morphClient.TransferGas(receiver, np.mintEmitValue)
 	if err != nil {
 		np.log.Error(ctx, logs.FrostFSCantTransferNativeGasToReceiver,
-			zap.String("error", err.Error()))
+			zap.Error(err))
 
 		return false
 	}

pkg/innerring/processors/frostfs/processor.go

@@ -142,70 +142,34 @@ func New(p *Params) (*Processor, error) {
 	}, nil
 }
 
-// ListenerNotificationParsers for the 'event.Listener' event producer.
-func (np *Processor) ListenerNotificationParsers() []event.NotificationParserInfo {
-	var (
-		parsers = make([]event.NotificationParserInfo, 0, 6)
-
-		p event.NotificationParserInfo
-	)
-
-	p.SetScriptHash(np.frostfsContract)
-
-	// deposit event
-	p.SetType(event.TypeFromString(depositNotification))
-	p.SetParser(frostfsEvent.ParseDeposit)
-	parsers = append(parsers, p)
-
-	// withdraw event
-	p.SetType(event.TypeFromString(withdrawNotification))
-	p.SetParser(frostfsEvent.ParseWithdraw)
-	parsers = append(parsers, p)
-
-	// cheque event
-	p.SetType(event.TypeFromString(chequeNotification))
-	p.SetParser(frostfsEvent.ParseCheque)
-	parsers = append(parsers, p)
-
-	// config event
-	p.SetType(event.TypeFromString(configNotification))
-	p.SetParser(frostfsEvent.ParseConfig)
-	parsers = append(parsers, p)
-
-	return parsers
-}
-
 // ListenerNotificationHandlers for the 'event.Listener' event producer.
 func (np *Processor) ListenerNotificationHandlers() []event.NotificationHandlerInfo {
-	var (
-		handlers = make([]event.NotificationHandlerInfo, 0, 6)
-
-		h event.NotificationHandlerInfo
-	)
-
-	h.SetScriptHash(np.frostfsContract)
-
-	// deposit handler
-	h.SetType(event.TypeFromString(depositNotification))
-	h.SetHandler(np.handleDeposit)
-	handlers = append(handlers, h)
-
-	// withdraw handler
-	h.SetType(event.TypeFromString(withdrawNotification))
-	h.SetHandler(np.handleWithdraw)
-	handlers = append(handlers, h)
-
-	// cheque handler
-	h.SetType(event.TypeFromString(chequeNotification))
-	h.SetHandler(np.handleCheque)
-	handlers = append(handlers, h)
-
-	// config handler
-	h.SetType(event.TypeFromString(configNotification))
-	h.SetHandler(np.handleConfig)
-	handlers = append(handlers, h)
-
-	return handlers
+	return []event.NotificationHandlerInfo{
+		{
+			Contract: np.frostfsContract,
+			Type:     event.TypeFromString(depositNotification),
+			Parser:   frostfsEvent.ParseDeposit,
+			Handlers: []event.Handler{np.handleDeposit},
+		},
+		{
+			Contract: np.frostfsContract,
+			Type:     event.TypeFromString(withdrawNotification),
+			Parser:   frostfsEvent.ParseWithdraw,
+			Handlers: []event.Handler{np.handleWithdraw},
+		},
+		{
+			Contract: np.frostfsContract,
+			Type:     event.TypeFromString(chequeNotification),
+			Parser:   frostfsEvent.ParseCheque,
+			Handlers: []event.Handler{np.handleCheque},
+		},
+		{
+			Contract: np.frostfsContract,
+			Type:     event.TypeFromString(configNotification),
+			Parser:   frostfsEvent.ParseConfig,
+			Handlers: []event.Handler{np.handleConfig},
+		},
+	}
 }
 
 // ListenerNotaryParsers for the 'event.Listener' event producer.

pkg/innerring/processors/governance/process_update.go

@@ -28,21 +28,21 @@ func (gp *Processor) processAlphabetSync(ctx context.Context, txHash util.Uint25
 	mainnetAlphabet, err := gp.mainnetClient.NeoFSAlphabetList()
 	if err != nil {
 		gp.log.Error(ctx, logs.GovernanceCantFetchAlphabetListFromMainNet,
-			zap.String("error", err.Error()))
+			zap.Error(err))
 		return false
 	}
 
 	sidechainAlphabet, err := gp.morphClient.Committee()
 	if err != nil {
 		gp.log.Error(ctx, logs.GovernanceCantFetchAlphabetListFromSideChain,
-			zap.String("error", err.Error()))
+			zap.Error(err))
 		return false
 	}
 
 	newAlphabet, err := newAlphabetList(sidechainAlphabet, mainnetAlphabet)
 	if err != nil {
 		gp.log.Error(ctx, logs.GovernanceCantMergeAlphabetListsFromMainNetAndSideChain,
-			zap.String("error", err.Error()))
+			zap.Error(err))
 		return false
 	}
 
@@ -65,7 +65,7 @@ func (gp *Processor) processAlphabetSync(ctx context.Context, txHash util.Uint25
 	err = gp.voter.VoteForSidechainValidator(ctx, votePrm)
 	if err != nil {
 		gp.log.Error(ctx, logs.GovernanceCantVoteForSideChainCommittee,
-			zap.String("error", err.Error()))
+			zap.Error(err))
 	}
 
 	// 2. Update NeoFSAlphabet role in the sidechain.
@@ -98,14 +98,14 @@ func (gp *Processor) updateNeoFSAlphabetRoleInSidechain(ctx context.Context, sid
 	innerRing, err := gp.irFetcher.InnerRingKeys()
 	if err != nil {
 		gp.log.Error(ctx, logs.GovernanceCantFetchInnerRingListFromSideChain,
-			zap.String("error", err.Error()))
+			zap.Error(err))
 		return
 	}
 
 	newInnerRing, err := updateInnerRing(innerRing, sidechainAlphabet, newAlphabet)
 	if err != nil {
 		gp.log.Error(ctx, logs.GovernanceCantCreateNewInnerRingListWithNewAlphabetKeys,
-			zap.String("error", err.Error()))
+			zap.Error(err))
 		return
 	}
 
@@ -122,7 +122,7 @@ func (gp *Processor) updateNeoFSAlphabetRoleInSidechain(ctx context.Context, sid
 
 	if err = gp.morphClient.UpdateNeoFSAlphabetList(ctx, updPrm); err != nil {
 		gp.log.Error(ctx, logs.GovernanceCantUpdateInnerRingListWithNewAlphabetKeys,
-			zap.String("error", err.Error()))
+			zap.Error(err))
 	}
 }
 
@@ -135,7 +135,7 @@ func (gp *Processor) updateNotaryRoleInSidechain(ctx context.Context, newAlphabe
 	err := gp.morphClient.UpdateNotaryList(ctx, updPrm)
 	if err != nil {
 		gp.log.Error(ctx, logs.GovernanceCantUpdateListOfNotaryNodesInSideChain,
-			zap.String("error", err.Error()))
+			zap.Error(err))
 	}
 }
 
@@ -155,6 +155,6 @@ func (gp *Processor) updateFrostFSContractInMainnet(ctx context.Context, newAlph
 	err := gp.frostfsClient.AlphabetUpdate(ctx, prm)
 	if err != nil {
 		gp.log.Error(ctx, logs.GovernanceCantUpdateListOfAlphabetNodesInFrostfsContract,
-			zap.String("error", err.Error()))
+			zap.Error(err))
 	}
 }

pkg/innerring/processors/governance/processor.go

@@ -155,22 +155,16 @@ func New(p *Params) (*Processor, error) {
 	}, nil
 }
 
-// ListenerNotificationParsers for the 'event.Listener' event producer.
-func (gp *Processor) ListenerNotificationParsers() []event.NotificationParserInfo {
-	var pi event.NotificationParserInfo
-	pi.SetScriptHash(gp.designate)
-	pi.SetType(event.TypeFromString(native.DesignationEventName))
-	pi.SetParser(rolemanagement.ParseDesignate)
-	return []event.NotificationParserInfo{pi}
-}
-
 // ListenerNotificationHandlers for the 'event.Listener' event producer.
 func (gp *Processor) ListenerNotificationHandlers() []event.NotificationHandlerInfo {
-	var hi event.NotificationHandlerInfo
-	hi.SetScriptHash(gp.designate)
-	hi.SetType(event.TypeFromString(native.DesignationEventName))
-	hi.SetHandler(gp.HandleAlphabetSync)
-	return []event.NotificationHandlerInfo{hi}
+	return []event.NotificationHandlerInfo{
+		{
+			Contract: gp.designate,
+			Type:     event.TypeFromString(native.DesignationEventName),
+			Parser:   rolemanagement.ParseDesignate,
+			Handlers: []event.Handler{gp.HandleAlphabetSync},
+		},
+	}
 }
 
 // ListenerNotaryParsers for the 'event.Listener' event producer.