[#79 ] cli: Fix panic when setting domain for container

Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
[TrueCloudLab#78] .github: Fix CODEOWNERS
2023-03-01 11:11:11 +03:00 · 2023-02-28 16:44:50 +03:00 · 2023-02-28 13:39:14 +03:00 · 2023-02-28 13:37:23 +03:00 · 2023-02-28 13:36:25 +03:00 · 2023-02-28 13:36:25 +03:00
1134 changed files with 49798 additions and 26605 deletions
--- a/.docker/Dockerfile.adm
+++ b/.docker/Dockerfile.adm
@ -1,19 +1,19 @@
-FROM golang:1.17 as builder
+FROM golang:1.18 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
 WORKDIR /src
 COPY . /src
-RUN make bin/neofs-adm
+RUN make bin/frostfs-adm
 # Executable image
-FROM alpine AS neofs-adm
+FROM alpine AS frostfs-adm
 RUN apk add --no-cache bash
 WORKDIR /
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=builder /src/bin/neofs-adm /bin/neofs-adm
+COPY --from=builder /src/bin/frostfs-adm /bin/frostfs-adm
-CMD ["neofs-adm"]
+CMD ["frostfs-adm"]
--- a/.docker/Dockerfile.cli
+++ b/.docker/Dockerfile.cli
@ -1,19 +1,19 @@
-FROM golang:1.17 as builder
+FROM golang:1.18 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
 WORKDIR /src
 COPY . /src
-RUN make bin/neofs-cli
+RUN make bin/frostfs-cli
 # Executable image
-FROM alpine AS neofs-cli
+FROM alpine AS frostfs-cli
 RUN apk add --no-cache bash
 WORKDIR /
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=builder /src/bin/neofs-cli /bin/neofs-cli
+COPY --from=builder /src/bin/frostfs-cli /bin/frostfs-cli
-CMD ["neofs-cli"]
+CMD ["frostfs-cli"]
--- a/.docker/Dockerfile.dirty-adm
+++ b/.docker/Dockerfile.dirty-adm
@ -3,6 +3,6 @@ RUN apk add --no-cache bash ca-certificates
 WORKDIR /
-COPY bin/neofs-adm /bin/neofs-adm
+COPY bin/frostfs-adm /bin/frostfs-adm
-CMD ["neofs-adm"]
+CMD ["frostfs-adm"]
--- a/.docker/Dockerfile.dirty-cli
+++ b/.docker/Dockerfile.dirty-cli
@ -3,6 +3,6 @@ RUN apk add --no-cache bash ca-certificates
 WORKDIR /
-COPY bin/neofs-cli /bin/neofs-cli
+COPY bin/frostfs-cli /bin/frostfs-cli
-CMD ["neofs-cli"]
+CMD ["frostfs-cli"]
--- a/.docker/Dockerfile.dirty-ir
+++ b/.docker/Dockerfile.dirty-ir
@ -3,6 +3,6 @@ RUN apk add --no-cache bash ca-certificates
 WORKDIR /
-COPY bin/neofs-ir /bin/neofs-ir
+COPY bin/frostfs-ir /bin/frostfs-ir
-CMD ["neofs-ir"]
+CMD ["frostfs-ir"]
--- a/.docker/Dockerfile.dirty-storage
+++ b/.docker/Dockerfile.dirty-storage
@ -3,6 +3,6 @@ RUN apk add --no-cache bash ca-certificates
 WORKDIR /
-COPY bin/neofs-node /bin/neofs-node
+COPY bin/frostfs-node /bin/frostfs-node
-CMD ["neofs-node"]
+CMD ["frostfs-node"]
--- a/.docker/Dockerfile.ir
+++ b/.docker/Dockerfile.ir
@ -1,18 +1,18 @@
-FROM golang:1.17 as builder
+FROM golang:1.18 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
 WORKDIR /src
 COPY . /src
-RUN make bin/neofs-ir
+RUN make bin/frostfs-ir
 # Executable image
-FROM alpine AS neofs-ir
+FROM alpine AS frostfs-ir
 RUN apk add --no-cache bash
 WORKDIR /
-COPY --from=builder /src/bin/neofs-ir /bin/neofs-ir
+COPY --from=builder /src/bin/frostfs-ir /bin/frostfs-ir
-CMD ["neofs-ir"]
+CMD ["frostfs-ir"]
--- a/.docker/Dockerfile.storage
+++ b/.docker/Dockerfile.storage
@ -1,18 +1,18 @@
-FROM golang:1.17 as builder
+FROM golang:1.18 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
 WORKDIR /src
 COPY . /src
-RUN make bin/neofs-node
+RUN make bin/frostfs-node
 # Executable image
-FROM alpine AS neofs-node
+FROM alpine AS frostfs-node
 RUN apk add --no-cache bash
 WORKDIR /
-COPY --from=builder /src/bin/neofs-node /bin/neofs-node
+COPY --from=builder /src/bin/frostfs-node /bin/frostfs-node
-CMD ["neofs-node"]
+CMD ["frostfs-node"]
--- a/.docker/Dockerfile.storage-testnet
+++ b/.docker/Dockerfile.storage-testnet
@ -1,19 +1,19 @@
-FROM golang:1.17 as builder
+FROM golang:1.18 as builder
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository
 WORKDIR /src
 COPY . /src
-RUN make bin/neofs-node
+RUN make bin/frostfs-node
 # Executable image
-FROM alpine AS neofs-node
+FROM alpine AS frostfs-node
 RUN apk add --no-cache bash
 WORKDIR /
-COPY --from=builder /src/bin/neofs-node /bin/neofs-node
+COPY --from=builder /src/bin/frostfs-node /bin/frostfs-node
 COPY --from=builder /src/config/testnet/config.yml /config.yml
-CMD ["neofs-node", "--config", "/config.yml"]
+CMD ["frostfs-node", "--config", "/config.yml"]
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -0,0 +1 @@
 *   @TrueCloudLab/storage-core @TrueCloudLab/committers
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -41,3 +41,10 @@ assignees: ''
 * Version used:
 * Server setup and configuration:
 * Operating System and version (`uname -a`):
 ## Don't forget to add labels!
 - component label (`frostfs-adm`, `frostfs-storage`, ...)
 - `goodfirstissue`, `helpwanted` if needed
 - does this issue belong to an epic?
 - priority (`P0`-`P4`) if already triaged
 - quarter label (`202XQY`) if possible
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -18,3 +18,11 @@ assignees: ''
 ## Additional context
 <!-- Add any other context or screenshots about the feature request here. -->
 ## Don't forget to add labels!
 - component label (`neofs-adm`, `neofs-storage`, ...)
 - issue type (`enhancement`, `refactor`, ...)
 - `goodfirstissue`, `helpwanted` if needed
 - does this issue belong to an epic?
 - priority (`P0`-`P4`) if already triaged
 - quarter label (`202XQY`) if possible
--- a/.github/logo.svg
+++ b/.github/logo.svg
@ -1,129 +1,70 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?xml version="1.0" encoding="utf-8"?>
-<svg
+<!-- Generator: Adobe Illustrator 25.0.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
+<svg version="1.1" id="Слой_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-   xmlns:cc="http://creativecommons.org/ns#"
+	 viewBox="0 0 184.2 51.8" style="enable-background:new 0 0 184.2 51.8;" xml:space="preserve">
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+<style type="text/css">
-   xmlns:svg="http://www.w3.org/2000/svg"
+	.st0{display:none;}
-   xmlns="http://www.w3.org/2000/svg"
+	.st1{display:inline;}
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+	.st2{fill:#01E397;}
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+	.st3{display:inline;fill:#010032;}
-   sodipodi:docname="logo_fs.svg"
+	.st4{display:inline;fill:#00E599;}
-   inkscape:version="1.0 (4035a4fb49, 2020-05-01)"
+	.st5{display:inline;fill:#00AF92;}
-   id="svg57"
+	.st6{fill:#00C3E5;}
-   version="1.1"
+</style>
-   viewBox="0 0 105 25"
+<g id="Layer_2">
-   height="25mm"
+	<g id="Layer_1-2" class="st0">
-   width="105mm">
+		<g class="st1">
-  <defs
+			<path class="st2" d="M146.6,18.3v7.2h10.9V29h-10.9v10.7h-4V14.8h18v3.5H146.6z"/>
-     id="defs51">
+			<path class="st2" d="M180,15.7c1.7,0.9,3,2.2,4,3.8l-3,2.7c-0.6-1.3-1.5-2.4-2.6-3.3c-1.3-0.7-2.8-1-4.3-1
-    <clipPath
+				c-1.4-0.1-2.8,0.3-4,1.1c-0.9,0.5-1.5,1.5-1.4,2.6c0,1,0.5,1.9,1.4,2.4c1.5,0.8,3.2,1.3,4.9,1.5c1.9,0.3,3.7,0.8,5.4,1.6
-       clipPathUnits="userSpaceOnUse"
+				c1.2,0.5,2.2,1.3,2.9,2.3c0.6,1,1,2.2,0.9,3.4c0,1.4-0.5,2.7-1.3,3.8c-0.9,1.2-2.1,2.1-3.5,2.6c-1.7,0.6-3.4,0.9-5.2,0.8
-       id="clipPath434">
+				c-5,0-8.6-1.6-10.7-5l2.9-2.8c0.7,1.4,1.8,2.5,3.1,3.3c1.5,0.7,3.1,1.1,4.7,1c1.5,0.1,2.9-0.2,4.2-0.9c0.9-0.5,1.5-1.5,1.5-2.6
-      <path
+				c0-0.9-0.5-1.8-1.3-2.2c-1.5-0.7-3.1-1.2-4.8-1.5c-1.9-0.3-3.7-0.8-5.5-1.5c-1.2-0.5-2.2-1.4-3-2.4c-0.6-1-1-2.2-0.9-3.4
-         d="M 0,0 H 1366 V 768 H 0 Z"
+				c0-1.4,0.4-2.7,1.2-3.8c0.8-1.2,2-2.2,3.3-2.8c1.6-0.7,3.4-1.1,5.2-1C176.1,14.3,178.2,14.8,180,15.7z"/>
         id="path432" />
    </clipPath>
  </defs>
  <sodipodi:namedview
     inkscape:window-maximized="0"
     inkscape:window-y="0"
     inkscape:window-x="130"
     inkscape:window-height="1040"
     inkscape:window-width="1274"
     height="50mm"
     units="mm"
     showgrid="false"
     inkscape:document-rotation="0"
     inkscape:current-layer="layer1"
     inkscape:document-units="mm"
     inkscape:cy="344.49897"
     inkscape:cx="468.64708"
     inkscape:zoom="0.7"
     inkscape:pageshadow="2"
     inkscape:pageopacity="0.0"
     borderopacity="1.0"
     bordercolor="#666666"
     pagecolor="#ffffff"
     id="base" />
  <metadata
     id="metadata54">
    <rdf:RDF>
      <cc:Work
         rdf:about="">
        <dc:format>image/svg+xml</dc:format>
        <dc:type
           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
        <dc:title></dc:title>
      </cc:Work>
    </rdf:RDF>
  </metadata>
  <g
     id="layer1"
     inkscape:groupmode="layer"
     inkscape:label="Layer 1">
    <g
       id="g424"
       transform="matrix(0.35277777,0,0,-0.35277777,63.946468,10.194047)">
      <path
         d="m 0,0 v -8.093 h 12.287 v -3.94 H 0 V -24.067 H -4.534 V 3.898 H 15.677 V 0 Z"
         style="fill:#00e396;fill-opacity:1;fill-rule:nonzero;stroke:none"
         id="path426" />
 		</g>
-    <g
+		<path class="st3" d="M73.3,16.3c1.9,1.9,2.9,4.5,2.7,7.1v15.9h-4V24.8c0-2.6-0.5-4.5-1.6-5.7c-1.2-1.2-2.8-1.8-4.5-1.7
-       transform="matrix(0.35277777,0,0,-0.35277777,-315.43002,107.34005)"
+			c-1.3,0-2.5,0.3-3.7,0.8c-1.2,0.7-2.2,1.7-2.9,2.9c-0.8,1.5-1.1,3.2-1.1,4.9v13.3h-4V15.1l3.6,1.5v1.7c0.8-1.5,2.1-2.6,3.6-3.3
-       id="g428">
+			c1.5-0.8,3.2-1.2,4.9-1.1C68.9,13.8,71.3,14.7,73.3,16.3z"/>
-      <g
+		<path class="st3" d="M104.4,28.3H85.6c0.1,2.2,1,4.3,2.5,5.9c1.5,1.4,3.5,2.2,5.6,2.1c1.6,0.1,3.2-0.2,4.6-0.9
-         id="g430"
+			c1.1-0.6,2-1.6,2.5-2.8l3.3,1.8c-0.9,1.7-2.3,3.1-4,4c-2,1-4.2,1.5-6.4,1.4c-3.7,0-6.7-1.1-8.8-3.4s-3.2-5.5-3.2-9.6s1-7.2,3-9.5
-         clip-path="url(#clipPath434)">
+			s5-3.4,8.7-3.4c2.1-0.1,4.2,0.5,6.1,1.5c1.6,1,3,2.5,3.8,4.2c0.9,1.8,1.3,3.9,1.3,5.9C104.6,26.4,104.6,27.4,104.4,28.3z
-        <g
+			 M88.1,19.3c-1.4,1.5-2.2,3.4-2.4,5.5h15.1c-0.2-2-1-3.9-2.3-5.5c-1.4-1.3-3.2-2-5.1-1.9C91.5,17.3,89.6,18,88.1,19.3z"/>
-           id="g436"
+		<path class="st3" d="M131,17.3c2.2,2.3,3.2,5.5,3.2,9.5s-1,7.3-3.2,9.6s-5.1,3.4-8.8,3.4s-6.7-1.1-8.9-3.4s-3.2-5.5-3.2-9.6
-           transform="translate(1112.874,278.2981)">
+			s1.1-7.2,3.2-9.5s5.1-3.4,8.9-3.4S128.9,15,131,17.3z M116.2,19.9c-1.5,2-2.2,4.4-2.1,6.9c-0.2,2.5,0.6,5,2.1,7
-          <path
+			c1.5,1.7,3.7,2.7,6,2.6c2.3,0.1,4.4-0.9,5.9-2.6c1.5-2,2.3-4.5,2.1-7c0.1-2.5-0.6-4.9-2.1-6.9c-1.5-1.7-3.6-2.7-5.9-2.6
-             d="M 0,0 C 1.822,-0.932 3.354,-2.359 4.597,-4.28 L 1.165,-7.373 c -0.791,1.695 -1.779,2.924 -2.966,3.686 -1.186,0.763 -2.768,1.145 -4.745,1.145 -1.949,0 -3.461,-0.389 -4.534,-1.166 -1.074,-0.777 -1.61,-1.772 -1.61,-2.987 0,-1.13 0.523,-2.027 1.568,-2.69 1.045,-0.664 2.909,-1.236 5.593,-1.716 2.514,-0.452 4.512,-1.024 5.995,-1.716 1.483,-0.693 2.564,-1.554 3.242,-2.585 0.677,-1.031 1.016,-2.309 1.016,-3.834 0,-1.639 -0.466,-3.079 -1.398,-4.322 -0.932,-1.243 -2.239,-2.197 -3.919,-2.86 -1.681,-0.664 -3.623,-0.996 -5.826,-0.996 -5.678,0 -9.689,1.892 -12.033,5.678 l 3.178,3.178 c 0.903,-1.695 2.068,-2.939 3.495,-3.729 1.426,-0.791 3.199,-1.186 5.318,-1.186 2.005,0 3.58,0.345 4.724,1.038 1.144,0.692 1.716,1.674 1.716,2.945 0,1.017 -0.516,1.835 -1.547,2.457 -1.031,0.621 -2.832,1.172 -5.402,1.653 -2.571,0.479 -4.618,1.073 -6.143,1.779 -1.526,0.706 -2.635,1.582 -3.326,2.627 -0.693,1.045 -1.039,2.316 -1.039,3.813 0,1.582 0.438,3.023 1.314,4.322 0.875,1.299 2.14,2.33 3.792,3.093 1.653,0.763 3.58,1.144 5.783,1.144 C -4.018,1.398 -1.822,0.932 0,0"
+			C119.9,17.2,117.7,18.2,116.2,19.9z"/>
-             style="fill:#00e396;fill-opacity:1;fill-rule:nonzero;stroke:none"
+		<polygon class="st4" points="0,9.1 0,43.7 22.5,51.8 22.5,16.9 46.8,7.9 24.8,0 		"/>
-             id="path438" />
+		<polygon class="st5" points="24.3,17.9 24.3,36.8 46.8,44.9 46.8,9.6 		"/>
 	</g>
-        <g
+	<g>
-           id="g440"
+		<g>
-           transform="translate(993.0239,277.5454)">
+			<path class="st6" d="M41.6,17.5H28.2v6.9h10.4v3.3H28.2v10.2h-3.9V14.2h17.2V17.5z"/>
-          <path
+			<path class="st6" d="M45.8,37.9v-18h3.3l0.4,3.2c0.5-1.2,1.2-2.1,2.1-2.7c0.9-0.6,2.1-0.9,3.5-0.9c0.4,0,0.7,0,1.1,0.1
-             d="m 0,0 c 2.054,-1.831 3.083,-4.465 3.083,-7.902 v -17.935 h -4.484 v 16.366 c 0,2.914 -0.626,5.024 -1.877,6.332 -1.253,1.308 -2.924,1.962 -5.016,1.962 -1.495,0 -2.896,-0.327 -4.204,-0.981 -1.308,-0.654 -2.381,-1.719 -3.222,-3.194 -0.841,-1.477 -1.261,-3.335 -1.261,-5.576 v -14.909 h -4.484 V 1.328 l 4.086,-1.674 0.118,-1.84 c 0.933,1.681 2.222,2.923 3.867,3.727 1.643,0.803 3.493,1.205 5.548,1.205 C -4.671,2.746 -2.055,1.83 0,0"
+				c0.4,0.1,0.7,0.2,0.9,0.3l-0.5,3.4c-0.3-0.1-0.6-0.2-0.9-0.2C55.4,23,54.9,23,54.4,23c-0.7,0-1.5,0.2-2.2,0.6
-             style="fill:#000033;fill-opacity:1;fill-rule:nonzero;stroke:none"
+				c-0.7,0.4-1.3,1-1.8,1.8s-0.7,1.8-0.7,3v9.5H45.8z"/>
-             id="path442" />
+			<path class="st6" d="M68.6,19.6c1.8,0,3.3,0.4,4.6,1.1c1.3,0.7,2.4,1.8,3.1,3.2s1.1,3.1,1.1,5c0,1.9-0.4,3.6-1.1,5
-        </g>
+				c-0.8,1.4-1.8,2.5-3.1,3.2c-1.3,0.7-2.9,1.1-4.6,1.1s-3.3-0.4-4.6-1.1c-1.3-0.7-2.4-1.8-3.2-3.2c-0.8-1.4-1.2-3.1-1.2-5
-        <g
+				c0-1.9,0.4-3.6,1.2-5s1.8-2.5,3.2-3.2C65.3,19.9,66.8,19.6,68.6,19.6z M68.6,22.6c-1.1,0-2,0.2-2.8,0.7c-0.8,0.5-1.3,1.2-1.7,2.1
-           id="g444"
+				s-0.6,2.1-0.6,3.5c0,1.3,0.2,2.5,0.6,3.4s1,1.7,1.7,2.2s1.7,0.7,2.8,0.7c1.1,0,2-0.2,2.7-0.7c0.7-0.5,1.3-1.2,1.7-2.2
-           transform="translate(1027.9968,264.0386)">
+				s0.6-2.1,0.6-3.4c0-1.4-0.2-2.5-0.6-3.5s-1-1.6-1.7-2.1C70.6,22.8,69.6,22.6,68.6,22.6z"/>
-          <path
+			<path class="st6" d="M89.2,38.3c-1.8,0-3.4-0.3-4.9-1c-1.5-0.7-2.7-1.7-3.5-3l2.7-2.3c0.5,1,1.3,1.8,2.3,2.4
-             d="m 0,0 h -21.128 c 0.261,-2.84 1.205,-5.044 2.83,-6.613 1.625,-1.57 3.727,-2.355 6.305,-2.355 2.054,0 3.763,0.356 5.128,1.065 1.363,0.71 2.288,1.738 2.774,3.083 l 3.755,-1.961 c -1.121,-1.981 -2.616,-3.495 -4.484,-4.54 -1.868,-1.046 -4.259,-1.569 -7.173,-1.569 -4.223,0 -7.538,1.289 -9.948,3.867 -2.41,2.578 -3.615,6.146 -3.615,10.704 0,4.558 1.149,8.127 3.447,10.705 2.298,2.578 5.557,3.867 9.779,3.867 2.615,0 4.876,-0.58 6.782,-1.738 1.905,-1.158 3.343,-2.728 4.315,-4.707 C -0.262,7.827 0.224,5.605 0.224,3.139 0.224,2.092 0.149,1.046 0,0 m -18.298,10.144 c -1.513,-1.457 -2.438,-3.512 -2.775,-6.165 h 16.982 c -0.3,2.615 -1.159,4.661 -2.578,6.137 -1.42,1.476 -3.307,2.214 -5.661,2.214 -2.466,0 -4.455,-0.728 -5.968,-2.186"
+				c1,0.6,2.2,0.9,3.6,0.9c1.1,0,2-0.2,2.6-0.6c0.6-0.4,1-0.9,1-1.6c0-0.5-0.2-0.9-0.5-1.2s-0.9-0.6-1.7-0.8l-3.8-0.8
-             style="fill:#000033;fill-opacity:1;fill-rule:nonzero;stroke:none"
+				c-1.9-0.4-3.3-1-4.1-1.9c-0.8-0.9-1.2-1.9-1.2-3.3c0-1,0.3-1.9,0.9-2.7c0.6-0.8,1.4-1.5,2.5-2s2.5-0.8,4-0.8c1.8,0,3.3,0.3,4.6,1
-             id="path446" />
+				c1.3,0.6,2.2,1.5,2.9,2.7l-2.7,2.2c-0.5-1-1.1-1.7-2-2.1c-0.9-0.5-1.8-0.7-2.8-0.7c-0.8,0-1.4,0.1-2,0.3c-0.6,0.2-1,0.5-1.3,0.8
-        </g>
+				c-0.3,0.3-0.4,0.7-0.4,1.2c0,0.5,0.2,0.9,0.5,1.3s1,0.6,1.9,0.8l4.1,0.9c1.7,0.3,2.9,0.9,3.7,1.7c0.7,0.8,1.1,1.8,1.1,2.9
-        <g
+				c0,1.2-0.3,2.2-0.9,3c-0.6,0.9-1.5,1.6-2.6,2C92.1,38.1,90.7,38.3,89.2,38.3z"/>
-           id="g448"
+			<path class="st6" d="M112.8,19.9v3H99.3v-3H112.8z M106.6,14.6v17.9c0,0.9,0.2,1.5,0.7,1.9c0.5,0.4,1.1,0.6,1.9,0.6
-           transform="translate(1057.8818,276.4246)">
+				c0.6,0,1.2-0.1,1.7-0.3c0.5-0.2,0.9-0.5,1.3-0.8l0.9,2.8c-0.6,0.5-1.2,0.9-2,1.1c-0.8,0.3-1.7,0.4-2.7,0.4c-1,0-2-0.2-2.8-0.5
-          <path
+				s-1.5-0.9-2-1.6c-0.5-0.8-0.7-1.7-0.8-3V15.7L106.6,14.6z"/>
-             d="m 0,0 c 2.41,-2.578 3.615,-6.147 3.615,-10.705 0,-4.558 -1.205,-8.126 -3.615,-10.704 -2.41,-2.578 -5.726,-3.867 -9.948,-3.867 -4.222,0 -7.537,1.289 -9.947,3.867 -2.41,2.578 -3.615,6.146 -3.615,10.704 0,4.558 1.205,8.127 3.615,10.705 2.41,2.578 5.725,3.867 9.947,3.867 C -5.726,3.867 -2.41,2.578 0,0 m -16.617,-2.858 c -1.607,-1.906 -2.41,-4.522 -2.41,-7.847 0,-3.326 0.803,-5.94 2.41,-7.846 1.607,-1.905 3.83,-2.858 6.669,-2.858 2.839,0 5.063,0.953 6.67,2.858 1.606,1.906 2.41,4.52 2.41,7.846 0,3.325 -0.804,5.941 -2.41,7.847 C -4.885,-0.953 -7.109,0 -9.948,0 c -2.839,0 -5.062,-0.953 -6.669,-2.858"
+			<path d="M137.9,17.5h-13.3v6.9h10.4v3.3h-10.4v10.2h-3.9V14.2h17.2V17.5z"/>
-             style="fill:#000033;fill-opacity:1;fill-rule:nonzero;stroke:none"
+			<path d="M150.9,13.8c2.1,0,4,0.4,5.5,1.2c1.6,0.8,2.9,2,4,3.5l-2.6,2.5c-0.9-1.4-1.9-2.4-3.1-3c-1.1-0.6-2.5-0.9-4-0.9
-             id="path450" />
+				c-1.2,0-2.1,0.2-2.8,0.5c-0.7,0.3-1.3,0.7-1.6,1.2c-0.3,0.5-0.5,1.1-0.5,1.7c0,0.7,0.3,1.4,0.8,1.9c0.5,0.6,1.5,1,2.9,1.3
-        </g>
+				l4.8,1.1c2.3,0.5,3.9,1.3,4.9,2.3c1,1,1.4,2.3,1.4,3.9c0,1.5-0.4,2.7-1.2,3.8c-0.8,1.1-1.9,1.9-3.3,2.5s-3.1,0.9-5,0.9
-      </g>
+				c-1.7,0-3.2-0.2-4.5-0.6c-1.3-0.4-2.5-1-3.5-1.8c-1-0.7-1.8-1.6-2.5-2.6l2.7-2.7c0.5,0.8,1.1,1.6,1.9,2.2
-    </g>
+				c0.8,0.7,1.7,1.2,2.7,1.5c1,0.4,2.2,0.5,3.4,0.5c1.1,0,2.1-0.1,2.9-0.4c0.8-0.3,1.4-0.7,1.8-1.2c0.4-0.5,0.6-1.1,0.6-1.9
-    <g
+				c0-0.7-0.2-1.3-0.7-1.8c-0.5-0.5-1.3-0.9-2.6-1.2l-5.2-1.2c-1.4-0.3-2.6-0.8-3.6-1.3c-0.9-0.6-1.6-1.3-2.1-2.1s-0.7-1.8-0.7-2.8
-       id="g452"
+				c0-1.3,0.4-2.6,1.1-3.7c0.7-1.1,1.8-2,3.2-2.6C147.3,14.1,148.9,13.8,150.9,13.8z"/>
       transform="matrix(0.35277777,0,0,-0.35277777,5.8329581,6.5590171)">
      <path
         d="m 0,0 0.001,-38.946 25.286,-9.076 V -8.753 L 52.626,1.321 27.815,10.207 Z"
         style="fill:#00e599;fill-opacity:1;fill-rule:nonzero;stroke:none"
         id="path454" />
    </g>
    <g
       id="g456"
       transform="matrix(0.35277777,0,0,-0.35277777,15.479008,10.041927)">
      <path
         d="M 0,0 V -21.306 L 25.293,-30.364 25.282,9.347 Z"
         style="fill:#00b091;fill-opacity:1;fill-rule:nonzero;stroke:none"
         id="path458" />
 		</g>
 	</g>
 </g>
 </svg>
--- a/.github/workflows/changelog.yml
+++ b/.github/workflows/changelog.yml
@ -0,0 +1,29 @@
 name: CHANGELOG check
 on:
  pull_request:
    branches:
      - master
      - support/**
 jobs:
  build:
    runs-on: ubuntu-latest
    name: Check for updates
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Get changed CHANGELOG
        id: changelog-diff
        uses: tj-actions/changed-files@v29
        with:
          files: CHANGELOG.md
      - name: Fail if changelog not updated
        if: steps.changelog-diff.outputs.any_changed == 'false'
        uses: actions/github-script@v3
        with:
          script: |
            core.setFailed('CHANGELOG.md has not been updated')
--- a/.github/workflows/config-update.yml
+++ b/.github/workflows/config-update.yml
@ -0,0 +1,37 @@
 name: Configuration check
 on:
  pull_request:
    branches:
      - master
      - support/**
 jobs:
  build:
    runs-on: ubuntu-latest
    name: config-check
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Get changed config-related files
        id: config-diff
        uses: tj-actions/changed-files@v29
        with:
          files: |
            config/**
            cmd/neofs-node/config/**
      - name: Get changed doc files
        id: docs-diff
        uses: tj-actions/changed-files@v29
        with:
          files: docs/**
      - name: Fail if config files are changed but the documentation is not updated
        if: steps.config-diff.outputs.any_changed == 'true' && steps.docs-diff.outputs.any_changed == 'false'
        uses: actions/github-script@v3
        with:
          script: |
            core.setFailed('Documentation has not been updated')
--- a/.github/workflows/dco.yml
+++ b/.github/workflows/dco.yml
@ -4,6 +4,7 @@ on:
  pull_request:
    branches:
      - master
      - support/**
 jobs:
  commits_check_job:
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@ -1,14 +1,16 @@
-name: neofs-node tests
+name: frostfs-node tests
 on:
  push:
    branches:
      - master
      - support/**
    paths-ignore:
      - '*.md'
  pull_request:
    branches:
      - master
      - support/**
    paths-ignore:
      - '*.md'
@ -17,18 +19,18 @@ jobs:
    runs-on: ubuntu-20.04
    strategy:
      matrix:
-        go: [ '1.17.x', '1.18.x' ]
+        go: [ '1.18.x', '1.19.x' ]
    steps:
      - name: Setup go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
        with:
          go-version: ${{ matrix.go }}
      - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Cache go mod
-        uses: actions/cache@v2
+        uses: actions/cache@v3
        with:
          path: ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ matrix.go }}-${{ hashFiles('**/go.sum') }}
@ -46,12 +48,13 @@ jobs:
  lint:
    runs-on: ubuntu-20.04
    steps:
-      - name: Check out code
+      - uses: actions/setup-go@v3
        uses: actions/checkout@v2
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v2
        with:
-          version: v1.45.2
+          go-version: 1.19
      - uses: actions/checkout@v3
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v3
        with:
          version: v1.50.0
          args: --timeout=5m
          only-new-issues: true
--- a/.gitignore
+++ b/.gitignore
@ -1,12 +1,51 @@
 # IDE
 .idea
-bin
+.vscode
-release
+
 # Vendoring
 vendor
 # tempfiles
 .DS_Store
 *~
 .cache
 temp
 tmp
 # binary
 bin/
 release/
 # coverage
 coverage.txt
 coverage.html
 # testing
 cmd/test
 /plugins/
 /vendor/
 testfile
 # misc
 .neofs-cli.yml
-.cache
+# debhelpers
 debian/*debhelper*
 # logfiles
 debian/*.log
 # .substvars
 debian/*.substvars
 # .bash-completion
 debian/*.bash-completion
 # Install folders and files
 debian/frostfs-cli/
 debian/frostfs-ir/
 debian/files
 debian/frostfs-storage/
 debian/changelog
 man/
 debs/
--- a/.golangci.yml
+++ b/.golangci.yml
@ -34,16 +34,23 @@ linters:
    # some default golangci-lint linters
    - errcheck
    - gosimple
    - godot
    - ineffassign
    - staticcheck
    - typecheck
    - unused
    # extra linters
    - bidichk
    - durationcheck
    - exhaustive
    - exportloopref
    - gofmt
    - whitespace
    - goimports
-    - unused
+    - misspell
    - predeclared
    - reassign
    - whitespace
  disable-all: true
  fast: false
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,8 +1,544 @@
 # Changelog
-Changelog for NeoFS Node
+Changelog for FrostFS Node
 ## [Unreleased]
 ### Added
 - Separate batching for replicated operations over the same container in pilorama (#1621)
 - Doc for extended headers (#2128)
 - New `frostfs_node_object_container_size` metric for tracking size of reqular objects in a container (#2116)
 - New `frostfs_node_object_payload_size` metric for tracking size of reqular objects on a single shard (#1794)
 - Add command `frostfs-adm morph netmap-candidates` (#1889)
 - `object.delete.tombstone_lifetime` config parameter to set tombstone lifetime in the DELETE service (#2246)
 - Reload config for pprof and metrics on SIGHUP in `neofs-node` (#1868)
 - Multiple configs support (#44)
 - Parameters `nns-name` and `nns-zone` for command `frostfs-cli container create` (#37)
 ### Changed
 - Change `frostfs_node_engine_container_size` to counting sizes of logical objects
 - `common.PrintVerbose` prints via `cobra.Command.Printf` (#1962)
 - Env prefix in configuration changed to `FROSTFS_*` (#43)
 - Link object is broadcast throughout the whole container now (#57)
 - Pilorama now can merge multiple batches into one (#2231)
 - Storage engine now can start even when some shard components are unavailable (#2238)
 - `neofs-cli` buffer for object put increased from 4 KiB to 3 MiB (#2243)
 - Expired locked object is available for reading (#56)
 ### Fixed
 - Increase payload size metric on shards' `put` operation (#1794)
 - Big object removal with non-local parts (#1978)
 - Disable pilorama when moving to degraded mode (#2197)
 - Fetching blobovnicza objects that not found in write-cache (#2206)
 - Do not search for the small objects in FSTree (#2206)
 - Correct status error for expired session token (#2207)
 - Set flag `mode` required for `frostfs-cli control shards set-mode` (#8)
 - Fix `dirty` suffix in debian package version (#53)
 - Prevent node process from killing by systemd when shutting down (#1465)
 - Restore subscriptions correctly on morph client switch (#2212)
 - Expired objects could be returned if not marked with GC yet (#2213)
 - `neofs-adm morph dump-hashes` now properly iterates over custom domain (#2224)
 - Possible deadlock in write-cache (#2239)
 - Fix `*_req_count` and `*_req_count_success` metric values (#2241)
 - Storage ID update by write-cache (#2244)
 - `neo-go` client deadlock on subscription restoration (#2244)
 - Possible panic during write-cache initialization (#2234)
 - Do not fetch an object if `meta` is missing it (#61)
 - Create contract wallet only by `init` and `update-config` command (#63)
 - Actually use `object.put.pool_size_local` and independent pool for local puts (#64).
 ### Removed
 ### Updated
 - `neo-go` to `v0.100.1`
 - `github.com/klauspost/compress` to `v1.15.13`
 - `github.com/multiformats/go-multiaddr` to `v0.8.0`
 - `golang.org/x/term` to `v0.3.0`
 - `google.golang.org/grpc` to `v1.51.0`
 - `github.com/nats-io/nats.go` to `v1.22.1`
 - `github.com/TrueCloudLab/hrw` to `v.1.1.1`
 - Minimum go version to v1.18
 ### Updating from v0.35.0
 You need to change configuration environment variables to `FROSTFS_*` if you use any.
 New config field `object.delete.tombstone_lifetime` allows to set tombstone lifetime
 more appropriate for a specific deployment.
 ## [0.35.0] - 2022-12-28 - Sindo (신도, 信島)
 ### Added
 - `morph list-containers` in `neofs-adm` (#1689)
 - `--binary` flag in `neofs-cli object put/get/delete` commands (#1338)
 - `session` flag support to `neofs-cli object hash` (#2029)
 - Shard can now change mode when encountering background disk errors (#2035)
 - Background workers and object service now use separate client caches (#2048)
 - `replicator.pool_size` config field to tune replicator pool size (#2049)
 - Fix NNS hash parsing in morph client (#2063)
 - `neofs-cli neofs-cli acl basic/extended print` commands (#2012)
 - `neofs_node_object_*_req_count_success` prometheus metrics for tracking successfully executed requests (#1984)
 - Metric 'readonly' to get shards mode (#2022)
 - Tree service replication timeout (#2159)
 - `apiclient.reconnect_timeout` setting allowing to ignore failed clients for some time (#2164)
 ### Changed
 - `object lock` command reads CID and OID the same way other commands do (#1971)
 - `LOCK` object are stored on every container node (#1502)
 - `neofs-cli container get-eacl` print ACL table in json format only with arg `--json' (#2012)
 - Side chain notary deposits use max uint32 as till parameter (#1486)
 - Allow object removal without linking object (#2100)
 - `neofs-cli container delete` command pre-checks container ownership (#2106)
 - Policer cache size is now 1024 (#2158)
 - Tree service now synchronizes with container nodes in a random order (#2127)
 - Pilorama no longer tries to apply already applied operations (#2161)
 - Use `sync.Pool` in Object.PUT service (#2139)
 - Shard uses metabase for `HEAD` requests by default, not write-cache (#2167)
 - Clarify help for `--expire-at` parameter for commands `object lock/put` and `bearer create` (#2097)
 - Node spawns `GETRANGE` requests signed with the node's key if session key was not found for `RANGEHASH` (#2144)
 - Full list of container is no longer cached (#2176)
 ### Fixed
 - Open FSTree in sync mode by default (#1992)
 - `neofs-cli container nodes`'s output (#1991)
 - Increase error counter for write-cache flush errors (#1818)
 - Correctly select the shard for applying tree service operations (#1996)
 - Do not panic and return correct errors for bad inputs in `GET_RANGE` (#2007, #2024)
 - Physical child object removal by GC (#1699)
 - Broadcasting helper objects (#1972)
 - `neofs-cli lock object`'s `lifetime` flag handling (#1972)
 - Do not move write-cache in read-only mode for flushing (#1906)
 - Child object collection on CLI side with a bearer token (#2000)
 - Fix concurrent map writes in `Object.Put` service (#2037)
 - Malformed request errors' reasons in the responses (#2028)
 - Session token's IAT and NBF checks in ACL service (#2028)
 - Losing meta information on request forwarding (#2040)
 - Assembly process triggered by a request with a bearer token (#2040)
 - Losing locking context after metabase resync (#1502)
 - Removing all trees by container ID if tree ID is empty in `pilorama.Forest.TreeDrop` (#1940)
 - Concurrent mode changes in the metabase and blobstor (#2057)
 - Panic in IR when performing HEAD requests (#2069)
 - Write-cache flush duplication (#2074)
 - Ignore error if a transaction already exists in a morph client (#2075)
 - ObjectID signature output in the CLI (#2104)
 - Pack arguments of `setPrice` invocation during contract update (#2078)
 - `neofs-cli object hash` panic (#2079)
 - Closing `neo-go` WS clients on shutdown and switch processes (#2080)
 - Making notary deposits with a zero GAS balance (#2080)
 - Notary requests on shutdown (#2075)
 - `neofs-cli container create ` check the sufficiency of the number of nodes in the selector for replicas (#2038)
 - Data duplication during request forwarding (#2047)
 - Tree service panic on `TreeMove` operation (#2140)
 - Panic in `GETRANGE` with zero length (#2095)
 - Spawning useless `GETRANGE` with zero length for a big object (#2101)
 - Incomplete object put errors do contain the deepest error's message (#2092)
 - Prioritize internal addresses for clients (#2156)
 - Force object removal via control service (#2145)
 - Synchronizing a tree now longer reports an error for a single-node container (#2154)
 - Prevent leaking goroutines in the tree service (#2162)
 - Do not search for LOCK objects when delete container when session provided (#2152)
 - Race conditions on shard's mode switch (#1956)
 - Returning expired/removed objects from write-cache (#2016)
 ### Removed
 - `-g` option from `neofs-cli control ...` and `neofs-cli container create` commands (#2089)
 - `--header` from `neofs-cli object get` (#2090)
 ### Updated
 - `neo-go` to `v0.100.0`
 - `spf13/cobra` to `v1.6.1`
 - `spf13/viper` to `v1.8.0`
 - `google.golang.org/grpc` to `v1.50.1`
 ### Updating from v0.34.0
 Pass CID and OID parameters via the `--cid` and `--oid` flags, not as the command arguments.
 Replicator pool size can now be fine-tuned with `replicator.pool_size` config field.
 The default value is taken from `object.put.pool_size_remote` as in earlier versions.
 Added `neofs_node_object_*_req_count_success` metrics for tracking successfully executed requests.
 `neofs-cli container delete` command now requires given account or session issuer
 to match the container owner. Use `--force` (`-f`) flag to bypass this requirement.
 Tree service network replication can now be fine-tuned with `tree.replication_timeout` config field.
 ## [0.34.0] - 2022-10-31 - Marado (마라도, 馬羅島)
 ### Added
 - `--timeout` flag in `neofs-cli control` commands (#1917)
 - Document shard modes of operation (#1909)
 - `tree list` CLI command (#1332)
 - `TreeService.GetTrees` RPC (#1902)
 - All trees synchronization on bootstrap (#1902)
 - `--force` flag to `neofs-cli control set-status` command (#1916)
 - Logging `SessionService.Create` RPC on the server for debug (#1930)
 - Debian packages can now be built with `make debpackage` (#409)
 ### Changed
 - Path to a metabase can now be reloaded with a SIGHUP (#1869)
 ### Fixed
 - `writecache.max_object_size` is now correctly handled (#1925)
 - Correctly handle setting ONLINE netmap status after maintenance (#1922)
 - Correctly reset shard errors in `ControlService.SetShardMode` RPC (#1931)
 - Setting node's network state to `MAINTENANCE` while network settings forbid it (#1916)
 - Do not panic during API client creation (#1936)
 - Correctly sign new epoch transaction in neofs-adm for a committee of more than 4 nodes (#1949)
 - Inability to provide session to NeoFS CLI in a NeoFS-binary format (#1933)
 - `neofs-adm` now works correctly with a committee of more than 4 nodes (#1949, #1959)
 - Closing a shard now waits until GC background workers stop (#1964)
 - Make it possible to use `shard.ContainerSize` in read-only mode (#1975)
 - Storage node now starts if at least one gRPC endpoint is available (#1893)
 - Panic in API multy client (#1961)
 - Blobstor object removal log messages (#1953)
 - Missing object relatives in object removal session opened by NeoFS CLI (#1978)
 - Bringing a node back online during maintenance (#1900)
 ### Updated
 - `neo-go` to `v0.99.4`
 - `protoc` to `v3.21.7`
 - `neofs-sdk` to `v1.0.0-rc.7`
 ### Updating from v0.33.0
 Now storage node serves Control API `SetNemapStatus` request with `MAINTENANCE`
 status only if the mode is allowed in the network settings. To force starting the local
 maintenance on the node, provide `--force` flag to the `neofs-cli control set-status`
 command.
 ## [0.33.0] - 2022-10-17 - Anmado (안마도, 鞍馬島)
 ### Added
 - Serving `NetmapService.NetmapSnapshot` RPC (#1793)
 - `netmap snapshot` command of NeoFS CLI (#1793)
 - `apiclient.allow_external` config flag to fallback to node external addresses (#1817)
 - Support `MAINTENANCE` state of the storage nodes (#1680, #1681)
 - Changelog updates CI step (#1808)
 - Validate storage node configuration before node startup (#1805)
 - `neofs-node -check` command to check the configuration file (#1805)
 - `flush-cache` control service command to flush write-cache (#1806)
 - `wallet-address` flag in `neofs-adm morph refill-gas` command (#1820)
 - Validate policy before container creation (#1704)
 - `--timeout` flag in `neofs-cli` subcommands (#1837)
 - `container nodes` command to output list of nodes for container, grouped by replica (#1704)
 - Configuration flag to ignore shard in `neofs-node` (#1840)
 - Add new RPC `TreeService.Healthcheck`
 - Fallback to `GET` if `GET_RANGE` from one storage nodes to another is denied by basic ACL (#1884)
 - List of shards and logger level runtime reconfiguration (#1770)
 - `neofs-adm morph set-config` now supports well-known `MaintenanceModeAllowed` key (#1892)
 - `add`, `get-by-path` and `add-by-path` tree service CLI commands (#1332)
 - Tree synchronisation on startup (#1329)
 - Morph client returns to the highest priority endpoint after the switch (#1615)
 ### Changed
 - Allow to evacuate shard data with `EvacuateShard` control RPC (#1800)
 - Flush write-cache when moving shard to DEGRADED mode (#1825)
 - Make `morph.cache_ttl` default value equal to morph block time (#1846)
 - Policer marks nodes under maintenance as OK without requests (#1680)
 - Unify help messages in CLI (#1854)
 - `evacuate`, `set-mode` and `flush-cache` control subcommands now accept a list of shard ids (#1867)
 - Reading `object` commands of NeoFS CLI don't open remote sessions (#1865) 
 - Use hex format to print storage node ID (#1765)
 ### Fixed
 - Description of command `netmap nodeinfo` (#1821)
 - Proper status for object.Delete if session token is missing (#1697)
 - Fail startup if metabase has an old version (#1809)
 - Storage nodes could enter the network with any state (#1796)
 - Missing check of new state value in `ControlService.SetNetmapStatus` (#1797)
 - Correlation of object session to request (#1420)
 - Do not increase error counter in `engine.Inhume` if shard is read-only (#1839)
 - `control drop-objects` can remove split objects (#1830)
 - Node's status in `neofs-cli netmap nodeinfo` command (#1833)
 - Child check in object assembly process of `ObjectService.Get` handler (#1878)
 - Shard ID in the object counter metrics (#1863)
 - Metabase migration from the first version (#1860)
 ### Removed
 - Remove WIF and NEP2 support in `neofs-cli`'s --wallet flag (#1128)
 - Remove --generate-key option in `neofs-cli container delete` (#1692)
 - Serving `ControlService.NetmapSnapshot` RPC (#1793)
 - `control netmap-snapshot` command of NeoFS CLI (#1793)
 ### Updated
 - `neofs-contract` to `v0.16.0`
 - `neofs-api-go` to `v2.14.0`
 ### Updating from v0.32.0 
 Replace using the `control netmap-snapshot` command with `netmap snapshot` one in NeoFS CLI.
 Node can now specify additional addresses in `ExternalAddr` attribute. To allow a node to dial
 other nodes external address, use `apiclient.allow_external` config setting.
 Add `--force` option to skip placement validity check for container creation.
 Pass `maintenance` state to `neofs-cli control set-status` to enter maintenance mode.
 If network allows maintenance state (*), it will be reflected in the network map.
 Storage nodes under maintenance are not excluded from the network map, but don't
 serve object operations. (*) can be fetched from network configuration via
 `neofs-cli netmap netinfo` command.    
 To allow maintenance mode during neofs-adm deployments, set
 `network.maintenance_mode_allowed` parameter in config.
 When issuing an object session token for root (virtual, "big") objects,
 additionally include all members of the split-chain. If session context
 includes root object only, it is not spread to physical ("small") objects.
 `neofs-node` configuration now supports `mode: disabled` flag for a shard.
 This can be used to temporarily ignore shards without completely removing them
 from the config file.
 ## [0.32.0] - 2022-09-14 - Pungdo (풍도, 楓島)
 ### Added
 - Objects counter metric (#1712)
 - `meta` subcommand to `neofs-lens` (#1714)
 - Storage node metrics with global and per-shard object counters (#1658)
 - Removal of trees on container removal (#1630)
 - Logging new epoch events on storage node (#1763)
 - Timeout for streaming RPC (#1746)
 - `neofs-adm` is now able to dump hashes from a custom zone (#1748)
 - Empty filename support in the Tree Service (#1698)
 - Flag to `neofs-cli container list-objects` command for attribute printing (#1649)
 ### Changed
 - `neofs-cli object put`'s object ID output has changed from "ID" to "OID" (#1296)
 - `neofs-cli container set-eacl` command now pre-checks container ACL's extensibility (#1652)
 - Access control in Tree service (#1628)
 - Tree service doesn't restrict depth in `rpc GetSubTree` (#1753)
 - `neofs-adm` registers contract hashes in both hex and string address formats (#1749)
 - Container list cache synchronization with the Sidechain (#1632)
 - Blobstor components are unified (#1584, #1686, #1523)
 ### Fixed
 - Panic on write-cache's `Delete` operation (#1664)
 - Payload duplication in `neofs-cli storagegroup put` (#1706)
 - Contract calls in notary disabled environments (#1743)
 - `Blobovnicza.Get` op now iterates over all size buckets (#1707)
 - Object expiration time (#1670)
 - Parser of the placement policy (#1775)
 - Tree service timeout logs (#1759)
 - Object flushing on writecache side (#1745)
 - Active blobovniczas caching (#1691)
 - `neofs-adm` TX waiting (#1738)
 - `neofs-adm` registers contracts with a minimal GAS payment (#1683)
 - Permissions of the file created by `neofs-cli` (#1719)
 - `neofs-adm` creates TX with a high priority attribute (#1702)
 - Storage node's restart after a hard reboot (#1647)
 ### Updated
 - `neo-go` to `v0.99.2`
 - `nspcc-dev/neofs-contract` to `v0.15.5`
 - `prometheus/client_golang` to `v1.13.0`
 - `google.golang.org/protobuf` to `v1.28.1`
 ### Updating from v0.31.0
 Storage Node now collects object count prometheus metrics: `neofs_node_object_counter`.
 Provide `--no-precheck` flag to `neofs-cli container set-eacl` for unconditional sending of a request
 (previous default behavior).
 ## [0.31.0] - 2022-08-04 - Baengnyeongdo (백령도, 白翎島)
 ### Added
 - `neofs-adm` allows deploying arbitrary contracts (#1629)
 ### Changed
 - Priority order in the Morph client (#1648)
 ### Fixed
 - Losing request context in eACL response checks (#1595)
 - Do not return expired objects that have not been handled by the GC yet (#1634)
 - Setting CID field in `neofs-cli acl extended create` (#1650)
 - `neofs-ir` no longer hangs if it cannot bind to the control endpoint (#1643)
 - Do not require `lifetime` flag in `session create` CLI command (#1655)
 - Using deprecated gRPC options (#1644)
 - Increasing metabase error counter on disabled pilorama (#1642)
 - Deadlock in the morph client related to synchronous notification handling (#1653)
 - Slow metabase `COMMON_PREFIX` search for empty prefix (#1656)
 ### Removed
 - Deprecated `profiler` and `metrics` configuration sections (#1654)
 ### Updated
 - `chzyer/realine` to `v1.5.1`
 - `google/uuid` to `v1.3.0`
 - `nats-io/nats.go` to `v1.16.0`
 - `prometheus/client_golang` to `v1.12.2`
 - `spf13/cast` to `v1.5.0`
 - `spf13/viper` to `v1.12.0`
 - `go.uber.org/zap` to `v1.21.0`
 - `google.golang.org/grpc` to `v1.48.0`
 ### Updating from v0.30.0
 1. Change `morph.endpoint.client` priority values using the following rule:
 the higher the priority the lower the value (non-specified or `0` values are
 interpreted as the highest priority -- `1`).
 2. Deprecated `profiler` and `metrics` configuration sections are dropped,
 use `pprof` and `prometheus` instead.
 ## [0.30.2] - 2022-08-01
 ### Added
 - `EACL_NOT_FOUND` status code support (#1645).
 ## [0.30.1] - 2022-07-29
 ### Fixed
 - `GetRange` operation now works correctly with objects stored in write-cache (#1638)
 - Losing request context in eACL response checks (#1595)
 - Wrong balance contract in innerring processor (#1636)
 - `neofs-adm` now sets groups in manifest for all contracts properly (#1631)
 ### Updated
 - `neo-go` to `v0.99.1`
 - `neofs-sdk-go` to `v1.0.0-rc.6`
 ## [0.30.0] - 2022-07-22 - Saengildo (생일도, 生日島)
 ### Added
 - Profiler and metrics services now should be enabled with a separate flag
 - Experimental support for the tree-service, disabled by default (#1607)
 - Homomorphic hashes calculation can be disabled across the whole network (#1365)
 - Improve `neofs-adm` auto-completion (#1594)
 ### Changed
 - Require SG members to be unique (#1490)
 - `neofs-cli` now doesn't remove container with LOCK objects without `--force` flag (#1500)
 - LOCK objects are now required to have an expiration epoch (#1461)
 - `morph` sections in IR and storage node configuration now accept an address and a priority of an endpoint (#1609)
 - Morph client now retries connecting to the failed endpoint too (#1609)
 - Redirecting `GET` and `GETRANGE` requests now does not store full object copy in memory (#1605)
 - `neofs-adm` now registers candidates during initialization in a single transaction (#1608)
 ### Fixed
 - Invalid smart contract address in balance contract listener (#1636)
 - Shard now can start in degraded mode if the metabase is unavailable (#1559)
 - Shard can now be disabled completely on init failure (#1559)
 - Storage group members are now required to be unique (#1490)
 - Print shard ID in component logs (#1611)
 ### Updated
 - `neofs-contract` to `v0.15.3`
 - `neo-go` to the pre-release version
 - `github.com/spf13/cobra` to v1.5.0
 ### Updating from v0.29.0
 1. Change morph endpoints from simple string to a pair of `address` and `priority`. The second can be omitted.
 For inner ring node this resides in `morph.endpoint.client` section,
 for storage node -- in `morph.rpc_endpoint` section. See `config/example` for an example.
 2. Move `storage.default` section to `storage.shard.default`.
 3. Rename `metrics` and `profiler` sections to `prometheus` and `pprof` respectively, though old versions are supported.
 In addition, these sections must now be explicitly enabled with `enabled: true` flag.
 ## [0.29.0] - 2022-07-07 - Yeonpyeongdo (연평도, 延坪島)
 Support WalletConnect signature scheme.
 ### Added
 - Retrieve passwords for storage wallets from the configuration in neofs-adm (#1539)
 - Metabase format versioning (#1483)
 - `neofs-adm` generates wallets in a pretty JSON format
 - `Makefile` supports building from sources without a git repo
 ### Fixed
 - Do not replicate object twice to the same node (#1410)
 - Concurrent object handling by the Policer (#1411)
 - Attaching API version to the forwarded requests (#1581)
 - Node OOM panics on `GetRange` request with extremely huge range length (#1590)
 ### Updated
 - `neofs-sdk-go` to latest pre-release version
 - `tzhash` to `v1.6.1`
 ## [0.28.3] - 2022-06-08
 ### Updated
 - Neo-go 0.98.3 => 0.99.0 (#1480)
 ### Changed
 - Replace pointers with raw structures in results for local storage (#1460)
 - Move common CLI's functions in a separate package (#1452)
 ### Fixed
 - Confirmation of eACL tables by alphabet nodes when ACL extensibility is disabled (#1485)
 - Do not use WS neo-go client in `neofs-adm` (#1378)
 - Log more detailed network errors by the Alphabet (#1487)
 - Fix container verification by the Alphabet (#1464)
 - Include alphabet contracts to the base group in `neofs-adm` (#1489)
 ## [0.28.2] - 2022-06-03
 ### Updated
 - Neo-go 0.98.2 => 0.98.3 (#1430)
 - NeoFS SDK v1.0.0-rc.3 => v1.0.0-rc.4
 - NeoFS API v2.12.1 => v2.12.2
 - NeoFS Contracts v0.14.2 => v0.15.1
 ### Added
 - Config examples for Inner ring application (#1358)
 - Command for documentation generation for `neofs-cli`, `neofs-adm` and `neofs-lens` (#1396)
 ### Fixed
 - Do not ask for contract wallet password twice (#1346)
 - Do not update NNS group if the key is the same (#1375)
 - Make LOCODE messages more descriptive (#1394)
 - Basic income transfer's incorrect log message (#1374)
 - Listen to subnet removal events in notary-enabled env (#1224)
 - Update/remove nodes whose subnet has been removed (#1162)
 - Potential removal of local object when policy isn't complied (#1335)
 - Metabase `Select` is now slightly faster (#1433)
 - Fix a number of bugs in writecache (#1462)
 - Refactor eACL processing and fix bugs (#1471)
 - Do not validate subnet removal by IR (#1441)
 - Replace pointers with raw structures in parameters for local storage (#1418)
 #### Removed
 - Remove `num` and `shard_num` parameters from the configuration (#1474)
 ## [0.28.1] - 2022-05-05
 ### Fixed
 - Loss of the connection scheme during address parsing in NeoFS CLI (#1351)
 ## [0.28.0] - 2022-04-29 - Heuksando (흑산도, 黑山島)
 ### Added
 - `morph dump-balances` command to NeoFS Adm (#1308)
 - Ability to provide session token from file in NeoFS CLI (#1216)
 ### Fixed
 - Panic in `netmap netinfo` command of NeoFS CLI (#1312)
 - Container cache invalidation on DELETE op (#1313)
 - Subscription to side-chain events in shards (#1321)
 - Trusted object creation without session token (#1283)
 - Storing invalid objects during trusted PUT op (#1286)
 - RAM overhead when writing objects to local storage (#1343)
 ### Changed
 - NeoFS Adm output from stderr to stdout (#1311)
 - Node's object GC mechanism (#1318)
 ### Updating from v0.28.0-rc.3
 Clean up all metabases  and re-sync them using `resync_metabase` config flag.
 ## [0.28.0-rc.3] - 2022-04-08
 ### Fixed
@ -1034,8 +1570,20 @@ NeoFS-API v2.0 support and updated brand-new storage node application.
 ## [0.10.0] - 2020-07-10
 First public review release.
-
+[Unreleased]: https://github.com/nspcc-dev/neofs-node/compare/v0.35.0...master
-[Unreleased]: https://github.com/nspcc-dev/neofs-node/compare/v0.28.0-rc.3...master
+[0.35.0]: https://github.com/nspcc-dev/neofs-node/compare/v0.34.0...v0.35.0
 [0.34.0]: https://github.com/nspcc-dev/neofs-node/compare/v0.33.0...v0.34.0
 [0.33.0]: https://github.com/nspcc-dev/neofs-node/compare/v0.32.0...v0.33.0
 [0.32.0]: https://github.com/nspcc-dev/neofs-node/compare/v0.31.0...v0.32.0
 [0.31.0]: https://github.com/nspcc-dev/neofs-node/compare/v0.30.2...v0.31.0
 [0.30.2]: https://github.com/nspcc-dev/neofs-node/compare/v0.30.1...v0.30.2
 [0.30.1]: https://github.com/nspcc-dev/neofs-node/compare/v0.30.0...v0.30.1
 [0.30.0]: https://github.com/nspcc-dev/neofs-node/compare/v0.29.0...v0.30.0
 [0.29.0]: https://github.com/nspcc-dev/neofs-node/compare/v0.28.3...v0.29.0
 [0.28.3]: https://github.com/nspcc-dev/neofs-node/compare/v0.28.2...v0.28.3
 [0.28.2]: https://github.com/nspcc-dev/neofs-node/compare/v0.28.1...v0.28.2
 [0.28.1]: https://github.com/nspcc-dev/neofs-node/compare/v0.28.0...v0.28.1
 [0.28.0]: https://github.com/nspcc-dev/neofs-node/compare/v0.28.0-rc.3...v0.28.0
 [0.28.0-rc.3]: https://github.com/nspcc-dev/neofs-node/compare/v0.28.0-rc.2...v0.28.0-rc.3
 [0.28.0-rc.2]: https://github.com/nspcc-dev/neofs-node/compare/v0.28.0-rc.1...v0.28.0-rc.2
 [0.28.0-rc.1]: https://github.com/nspcc-dev/neofs-node/compare/v0.27.7...v0.28.0-rc.1
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -3,8 +3,8 @@
 First, thank you for contributing! We love and encourage pull requests from
 everyone. Please follow the guidelines:
- Check the open [issues](https://github.com/nspcc-dev/neofs-node/issues) and
+- Check the open [issues](https://github.com/TrueCloudLab/frostfs-node/issues) and
-  [pull requests](https://github.com/nspcc-dev/neofs-node/pulls) for existing
+  [pull requests](https://github.com/TrueCloudLab/frostfs-node/pulls) for existing
  discussions.
 - Open an issue first, to discuss a new feature or enhancement.
@ -23,23 +23,23 @@ everyone. Please follow the guidelines:
 ## Development Workflow
-Start by forking the `neofs-node` repository, make changes in a branch and then
+Start by forking the `frostfs-node` repository, make changes in a branch and then
 send a pull request. We encourage pull requests to discuss code changes. Here
 are the steps in details:
 ### Set up your GitHub Repository
-Fork [NeoFS node upstream](https://github.com/nspcc-dev/neofs-node/fork) source
+Fork [FrostFS node upstream](https://github.com/TrueCloudLab/frostfs-node/fork) source
 repository to your own personal repository. Copy the URL of your fork (you will
 need it for the `git clone` command below).
 ```sh
-$ git clone https://github.com/nspcc-dev/neofs-node
+$ git clone https://github.com/TrueCloudLab/frostfs-node
 ```
 ### Set up git remote as ``upstream``
 ```sh
-$ cd neofs-node
+$ cd frostfs-node
-$ git remote add upstream https://github.com/nspcc-dev/neofs-node
+$ git remote add upstream https://github.com/TrueCloudLab/frostfs-node
 $ git fetch upstream
 $ git merge upstream/master
 ...
@ -79,7 +79,7 @@ Description
 ```
 ```
-$ git commit -am '[#123] Add some feature'
+$ git commit -sam '[#123] Add some feature'
 ```
 ### Push to the branch
@ -106,7 +106,8 @@ contributors".
 To sign your work, just add a line like this at the end of your commit message:
 ```
-Signed-off-by: Samii Sakisaka <samii@nspcc.ru>
+Signed-off-by: Samii Sakisaka <samii@ivunojikan.co.jp>
 ```
 This can easily be done with the `--signoff` option to `git commit`.
--- a/CREDITS.md
+++ b/CREDITS.md
@ -1,5 +1,7 @@
 # Credits
 FrostFS continues the development of NeoFS.
 Initial NeoFS research and development (2018-2020) was done by
 [NeoSPCC](https://nspcc.ru) team.
--- a/74
+++ b/74
@ -2,14 +2,13 @@
 SHELL = bash
 REPO ?= $(shell go list -m)
-VERSION ?= $(shell git describe --tags --dirty --always)
+VERSION ?= $(shell git describe --tags --dirty --match "v*" --always --abbrev=8 2>/dev/null || cat VERSION 2>/dev/null || echo "develop")
 BUILD ?= $(shell date -u --iso=seconds)
 DEBUG ?= false
-HUB_IMAGE ?= nspccdev/neofs
+HUB_IMAGE ?= truecloudlab/frostfs
 HUB_TAG ?= "$(shell echo ${VERSION} | sed 's/^v//')"
-GO_VERSION ?= 1.17
+GO_VERSION ?= 1.19
 LINT_VERSION ?= 1.50.0
 ARCH = amd64
 BIN = bin
@ -17,24 +16,31 @@ RELEASE = release
 DIRS = $(BIN) $(RELEASE)
 # List of binaries to build.
-CMDS = $(notdir $(basename $(wildcard cmd/*)))
+CMDS = $(notdir $(basename $(wildcard cmd/frostfs-*)))
 BINS = $(addprefix $(BIN)/, $(CMDS))
-.PHONY: help all images dep clean fmts fmt imports test lint docker/lint prepare-release
+# .deb package versioning
 OS_RELEASE = $(shell lsb_release -cs)
 PKG_VERSION ?= $(shell echo $(VERSION) | sed "s/^v//" | \
 			sed -E "s/(.*)-(g[a-fA-F0-9]{6,8})(.*)/\1\3~\2/" | \
 			sed "s/-/~/")-${OS_RELEASE}
 .PHONY: help all images dep clean fmts fmt imports test lint docker/lint
 		prepare-release debpackage
 # To build a specific binary, use it's name prefix with bin/ as a target
-# For example `make bin/neofs-node` will build only storage node binary
+# For example `make bin/frostfs-node` will build only storage node binary
 # Just `make` will build all possible binaries
 all: $(DIRS) $(BINS)
 # help target
 include help.mk
 $(BINS): $(DIRS) dep
 	@echo "⇒ Build $@"
 	CGO_ENABLED=0 \
 	GO111MODULE=on \
 	go build -v -trimpath \
-	-ldflags "-X $(REPO)/misc.Version=$(VERSION) \
+	-ldflags "-X $(REPO)/misc.Version=$(VERSION)" \
 	-X $(REPO)/misc.Build=$(BUILD) \
 	-X $(REPO)/misc.Debug=$(DEBUG)" \
 	-o $@ ./cmd/$(notdir $@)
 $(DIRS):
@ -44,7 +50,7 @@ $(DIRS):
 # Prepare binaries and archives for release
 .ONESHELL:
 prepare-release: docker/all
-	@for file in `ls -1 $(BIN)/neofs-*`; do
+	@for file in `ls -1 $(BIN)/frostfs-*`; do
 		cp $$file $(RELEASE)/`basename $$file`-$(ARCH)
 		strip $(RELEASE)/`basename $$file`-$(ARCH)
 		tar -czf $(RELEASE)/`basename $$file`-$(ARCH).tar.gz $(RELEASE)/`basename $$file`-$(ARCH)
@ -54,32 +60,33 @@ prepare-release: docker/all
 dep:
 	@printf "⇒ Download requirements: "
 	CGO_ENABLED=0 \
 	GO111MODULE=on \
 	go mod download && echo OK
 	@printf "⇒ Tidy requirements : "
 	CGO_ENABLED=0 \
 	GO111MODULE=on \
 	go mod tidy -v && echo OK
 # Regenerate proto files:
 protoc:
-	@GOPRIVATE=github.com/nspcc-dev go mod vendor
+	@GOPRIVATE=github.com/TrueCloudLab go mod vendor
 	# Install specific version for protobuf lib
 	@go list -f '{{.Path}}/...@{{.Version}}' -m  github.com/golang/protobuf | xargs go install -v
 	@GOBIN=$(abspath $(BIN)) go install -mod=mod -v github.com/TrueCloudLab/frostfs-api-go/v2/util/protogen
 	# Protoc generate
 	@for f in `find . -type f -name '*.proto' -not -path './vendor/*'`; do \
 		echo "⇒ Processing $$f "; \
 		protoc \
 			--proto_path=.:./vendor:/usr/local/include \
 			--plugin=protoc-gen-go-frostfs=$(BIN)/protogen \
 			--go-frostfs_out=. --go-frostfs_opt=paths=source_relative \
 			--go_out=. --go_opt=paths=source_relative \
 			--go-grpc_opt=require_unimplemented_servers=false \
 			--go-grpc_out=. --go-grpc_opt=paths=source_relative $$f; \
 	done
 	rm -rf vendor
-# Build NeoFS component's docker image
+# Build FrostFS component's docker image
 image-%:
-	@echo "⇒ Build NeoFS $* docker image "
+	@echo "⇒ Build FrostFS $* docker image "
 	@docker build \
 		--build-arg REPO=$(REPO) \
 		--build-arg VERSION=$(VERSION) \
@ -109,17 +116,17 @@ fmts: fmt imports
 # Reformat code
 fmt:
 	@echo "⇒ Processing gofmt check"
-	@GO111MODULE=on gofmt -s -w cmd/ pkg/ misc/
+	@gofmt -s -w cmd/ pkg/ misc/
 # Reformat imports
 imports:
 	@echo "⇒ Processing goimports check"
-	@GO111MODULE=on goimports -w cmd/ pkg/ misc/
+	@goimports -w cmd/ pkg/ misc/
 # Run Unit Test with go test
 test:
 	@echo "⇒ Running go test"
-	@GO111MODULE=on go test ./...
+	@go test ./...
 # Run linters
 lint:
@ -131,23 +138,26 @@ docker/lint:
 	-v `pwd`:/src \
 	-u `stat -c "%u:%g" .` \
 	--env HOME=/src \
-	golangci/golangci-lint:v1.42.1 bash -c 'cd /src/ && make lint'
+	golangci/golangci-lint:v$(LINT_VERSION) bash -c 'cd /src/ && make lint'
 # Print version
 version:
 	@echo $(VERSION)
 # Show this help prompt
 help:
 	@echo '  Usage:'
 	@echo ''
 	@echo '    make <target>'
 	@echo ''
 	@echo '  Targets:'
 	@echo ''
 	@awk '/^#/{ comment = substr($$0,3) } comment && /^[a-zA-Z][a-zA-Z0-9_-]+ ?:/{ print "   ", $$1, comment }' $(MAKEFILE_LIST) | column -t -s ':' | grep -v 'IGNORE' | sort -u
 clean:
 	rm -rf vendor
 	rm -rf .cache
 	rm -rf $(BIN)
 	rm -rf $(RELEASE)
 # Package for Debian
 debpackage:
 	dch -b --package frostfs-node \
 			--controlmaint \
 			--newversion $(PKG_VERSION) \
 			--distribution $(OS_RELEASE) \
 			"Please see CHANGELOG.md for code changes for $(VERSION)"
 	dpkg-buildpackage --no-sign -b
 debclean:
 	dh clean
--- a/README.md
+++ b/README.md
@ -1,50 +1,80 @@
 <p align="center">
-<img src="./.github/logo.svg" width="500px" alt="NeoFS">
+  <img src="./.github/logo.svg" width="500px" alt="FrostFS">
 </p>
 <p align="center">
-  <a href="https://fs.neo.org">NeoFS</a> is a decentralized distributed object storage integrated with the <a href="https://neo.org">NEO Blockchain</a>.
+  <a href="https://frostfs.info">FrostFS</a> is a decentralized distributed object storage integrated with the <a href="https://neo.org">NEO Blockchain</a>.
 </p>
 ---
-[![Report](https://goreportcard.com/badge/github.com/nspcc-dev/neofs-node)](https://goreportcard.com/report/github.com/nspcc-dev/neofs-node)
+[![Report](https://goreportcard.com/badge/github.com/TrueCloudLab/frostfs-node)](https://goreportcard.com/report/github.com/TrueCloudLab/frostfs-node)
-![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/nspcc-dev/neofs-node?sort=semver)
+![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/TrueCloudLab/frostfs-node?sort=semver)
-![License](https://img.shields.io/github/license/nspcc-dev/neofs-node.svg?style=popout)
+![License](https://img.shields.io/github/license/TrueCloudLab/frostfs-node.svg?style=popout)
 # Overview
-NeoFS Nodes are organized in a peer-to-peer network that takes care of storing
+FrostFS Nodes are organized in a peer-to-peer network that takes care of storing
 and distributing user's data. Any Neo user may participate in the network and
-get paid for providing storage resources to other users or store his data in
+get paid for providing storage resources to other users or store their data in
-NeoFS and pay a competitive price for it.
+FrostFS and pay a competitive price for it.
-Users can reliably store object data in the NeoFS network and have a transparent
+Users can reliably store object data in the FrostFS network and have a transparent
 data placement process due to a decentralized architecture and flexible storage
 policies. Each node is responsible for executing the storage policies that the
 users select for geographical location, reliability level, number of nodes, type
-of disks, capacity, etc. Thus, NeoFS gives full control over data to users.
+of disks, capacity, etc. Thus, FrostFS gives full control over data to users.
-Deep [Neo Blockchain](https://neo.org) integration allows NeoFS to be used by
+Deep [Neo Blockchain](https://neo.org) integration allows FrostFS to be used by
 dApps directly from
 [NeoVM](https://docs.neo.org/docs/en-us/basic/technology/neovm.html) on the
 [Smart Contract](https://docs.neo.org/docs/en-us/intro/glossary.html)
 code level. This way dApps are not limited to on-chain storage and can
 manipulate large amounts of data without paying a prohibitive price.
-NeoFS has a native [gRPC API](https://github.com/nspcc-dev/neofs-api) and has
+FrostFS has a native [gRPC API](https://github.com/TrueCloudLab/frostfs-api) and has
 protocol gateways for popular protocols such as [AWS
-S3](https://github.com/nspcc-dev/neofs-s3-gw),
+S3](https://github.com/TrueCloudLab/frostfs-s3-gw),
-[HTTP](https://github.com/nspcc-dev/neofs-http-gw),
+[HTTP](https://github.com/TrueCloudLab/frostfs-http-gw),
 [FUSE](https://wikipedia.org/wiki/Filesystem_in_Userspace) and
 [sFTP](https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol) allowing
 developers to integrate applications without rewriting their code.
 # Supported platforms
-For now we only support GNU/Linux on amd64 CPUs with AVX/AVX2 instructions. More
+Now, we only support GNU/Linux on amd64 CPUs with AVX/AVX2 instructions. More
 platforms will be officially supported after release `1.0`.
-The latest version of neofs-node works with neofs-contract 
+The latest version of frostfs-node works with frostfs-contract
-[v0.13.0](https://github.com/nspcc-dev/neofs-contract/releases/tag/v0.13.0).
+[v0.16.0](https://github.com/TrueCloudLab/frostfs-contract/releases/tag/v0.16.0).
 # Building
 To make all binaries you need Go 1.18+ and `make`:
 ```
 make all
 ```
 The resulting binaries will appear in `bin/` folder.
 To make a specific binary use:
 ```
 make bin/frostfs-<name>
 ```
 See the list of all available commands in the `cmd` folder.
 ## Building with Docker
 Building can also be performed in a container:
 ```
 make docker/all                     # build all binaries
 make docker/bin/frostfs-<name> # build a specific binary
 ```
 ## Docker images
 To make docker images suitable for use in [frostfs-dev-env](https://github.com/TrueCloudLab/frostfs-dev-env/) use:
 ```
 make images
 ```
 # Contributing
@ -56,7 +86,7 @@ the feature/topic you are going to implement.
 # Credits
-NeoFS is maintained by [NeoSPCC](https://nspcc.ru) with the help and
+FrostFS is maintained by [True Cloud Lab](https://github.com/TrueCloudLab/) with the help and
 contributions from community members.
 Please see [CREDITS](CREDITS.md) for details.
--- a/1
+++ b/1
@ -0,0 +1 @@
 v0.35.0
--- a/cmd/frostfs-adm/README.md
+++ b/cmd/frostfs-adm/README.md
@ -1,42 +1,42 @@
-# NeoFS Admin Tool
+# FrostFS Admin Tool
 ## Overview
 Admin tool provides an easier way to deploy and maintain private installation
-of NeoFS. Private installation provides a set of N3 consensus nodes, NeoFS 
+of FrostFS. Private installation provides a set of N3 consensus nodes, FrostFS 
 Alphabet, and Storage nodes. Admin tool generates consensus keys, initializes 
-side chain, and provides functions to update the network and register new
+the sidechain, and provides functions to update the network and register new
 Storage nodes.
 ## Build
-To build binary locally, use `make bin/neofs-adm` command. 
+To build binary locally, use `make bin/frostfs-adm` command. 
-For clean build inside a docker container use `make docker/bin/neofs-adm`. 
+For clean build inside a docker container, use `make docker/bin/frostfs-adm`. 
 Build docker image with `make image-adm`.
-At NeoFS private install deployment, neofs-adm requires compiled NeoFS 
+At FrostFS private install deployment, frostfs-adm requires compiled FrostFS 
 contracts. Find them in the latest release of 
-[neofs-contract repository](https://github.com/nspcc-dev/neofs-contract/releases).
+[frostfs-contract repository](https://github.com/TrueCloudLab/frostfs-contract/releases).
 ## Commands
 ### Config
-Config section provides `init` command that creates configuration file for the
+Config section provides `init` command that creates a configuration file for
 private installation deployment and updates. Config file is optional, all
 parameters can be passed by arguments or read from standard input (wallet 
 passwords).
 Config example:
 ```yaml
-rpc-endpoint: https://address:port # side chain RPC node endpoint
+rpc-endpoint: https://address:port # sidechain RPC node endpoint
 alphabet-wallets: /path            # path to consensus node / alphabet wallets storage
 network:
-  max_object_size: 67108864 # max size of single NeoFS object, bytes
+  max_object_size: 67108864 # max size of a single FrostFS object, bytes
-  epoch_duration: 240       # duration of NeoFS epoch in blocks, consider block generation frequency in side chain
+  epoch_duration: 240       # duration of a FrostFS epoch in blocks, consider block generation frequency in the sidechain
  basic_income_rate: 0      # basic income rate, for private consider 0
  fee:
    audit: 0     # network audit fee, for private installation consider 0
@ -61,38 +61,42 @@ credentials:     # passwords for consensus node / alphabet wallets
 - `generate-alphabet` generates a set of wallets for consensus and 
  Alphabet nodes. 
- `init` initializes side chain by deploying smart contracts and
+- `init` initializes the sidechain by deploying smart contracts and
-  setting provided NeoFS network configuration.
+  setting provided FrostFS network configuration.
- `generate-storage-wallet` generates wallet for the Storage node that 
+- `generate-storage-wallet` generates a wallet for the Storage node that 
-  is ready for deployment. It also transfers a bit of side chain GAS, so this 
+  is ready for deployment. It also transfers a bit of sidechain GAS, so this 
-  wallet can be used for NeoFS bootstrap.
+  wallet can be used for FrostFS bootstrap.
 #### Network maintenance
- `force-new-epoch` increments NeoFS epoch number and executes new epoch
+- `set-config` add/update configuration values in the Netmap contract.
  handlers in NeoFS nodes.
- `refill-gas` transfers side chain GAS to the specified wallet. 
+- `force-new-epoch` increments FrostFS epoch number and executes new epoch
  handlers in FrostFS nodes.
 - `refill-gas` transfers sidechain GAS to the specified wallet. 
 - `update-contracts` updates contracts to a new version.
 #### Container migration
-If the network has to be redeployed, these commands will migrate all container meta
+If a network has to be redeployed, these commands will migrate all container meta
 info. These commands **do not migrate actual objects**.
 - `dump-containers` saves all containers and metadata registered in the container
  contract to a file.
 - `restore-containers` restores previously saved containers by their repeated registration in 
- container contract.
+ the container contract.
 - `list-containers` output all containers ids.
 #### Network info
- `dump-config` prints NeoFS network configuration.
+- `dump-config` prints FrostFS network configuration.
- `dump-hashes` prints NeoFS contract addresses stored in NNS.
+- `dump-hashes` prints FrostFS contract addresses stored in NNS.
 ## Private network deployment
--- a/cmd/frostfs-adm/docs/deploy.md
+++ b/cmd/frostfs-adm/docs/deploy.md
@ -1,30 +1,30 @@
-# Step-by-step private NeoFS deployment
+# Step-by-step private FrostFS deployment
-This is a short guide on how to deploy private NeoFS storage network on bare
+This is a short guide on how to deploy a private FrostFS storage network on bare
 metal without docker images. This guide does not cover details on how to start
-consensus, Alphabet, or Storage nodes. This guide covers only `neofs-adm` 
+consensus, Alphabet, or Storage nodes. This guide covers only `frostfs-adm` 
 related configuration details.
 ## Prerequisites
 To follow this guide you need:
 - latest released version of [neo-go](https://github.com/nspcc-dev/neo-go/releases) (v0.97.2 at the moment),
- latest released version of [neofs-adm](https://github.com/nspcc-dev/neofs-node/releases) utility (v0.25.1 at the moment),
+- latest released version of [frostfs-adm](https://github.com/TrueCloudLab/frostfs-node/releases) utility (v0.25.1 at the moment),
- latest released version of compiled [neofs-contract](https://github.com/nspcc-dev/neofs-contract/releases) (v0.11.0 at the moment).
+- latest released version of compiled [frostfs-contract](https://github.com/TrueCloudLab/frostfs-contract/releases) (v0.11.0 at the moment).
 ## Step 1: Prepare network configuration 
-To start the network, you need a set of consensus nodes, the same number of 
+To start a network, you need a set of consensus nodes, the same number of 
 Alphabet nodes and any number of Storage nodes. While the number of Storage 
 nodes can be scaled almost infinitely, the number of consensus and Alphabet 
 nodes can't be changed so easily right now. Consider this before going any further.
-It is easier to use`neofs-adm` with predefined configuration. First, create
+It is easier to use`frostfs-adm` with a predefined configuration. First, create
-network configuration file. In this example, there is going to be only one
+a network configuration file. In this example, there is going to be only one
 consensus / Alphabet node in the network.
 ```
-$ neofs-adm config init --path foo.network.yml
+$ frostfs-adm config init --path foo.network.yml
 Initial config file saved to foo.network.yml
 $ cat foo.network.yml 
@ -43,7 +43,7 @@ credentials:
  az: hunter2
 ```
-For private installation it is recommended to set all **fees** and **basic 
+For private installation, it is recommended to set all **fees** and **basic 
 income rate** to 0. 
 As for **epoch duration**, consider consensus node block generation frequency. 
@ -57,13 +57,13 @@ wallets will be used for Alphabet nodes. Make sure, that dir for alphabet
 wallets already exists.
 ```
-$ neofs-adm -c foo.network.yml morph generate-alphabet --size 1
+$ frostfs-adm -c foo.network.yml morph generate-alphabet --size 1
 size: 1
 alphabet-wallets: /home/user/deploy/alphabet-wallets
 wallet[0]: hunter2
 ```
-Do not lose wallet files and network config. Store it in encrypted backed up
+Do not lose wallet files and network config. Store it in an encrypted backed up
 storage.
 ## Step 2: Launch consensus nodes
@ -72,7 +72,7 @@ Configure blockchain nodes with the generated wallets from the previous step.
 Config examples can be found in 
 [neo-go repository](https://github.com/nspcc-dev/neo-go/tree/master/config).
-Gather public keys from **all** generated wallets. We are interested in first
+Gather public keys from **all** generated wallets. We are interested in the first
 `simple signature contract` public key.
 ```
@ -90,7 +90,7 @@ NiMKabp3ddi3xShmLAXhTfbnuWb4cSJT6E (1 out of 1 multisig contract):
 Put the list of public keys into `ProtocolConfiguration.StandbyCommittee` 
 section. Specify the wallet path and the password in `ApplicationConfiguration.P2PNotary`
 and `ApplicationConfiguration.UnlockWallet` sections. If config includes
-`ProtocolConfiguration.NativeActivations` section, then add notary 
+`ProtocolConfiguration.NativeActivations` section, add notary 
 contract `Notary: [0]`.
 ```yaml
@ -110,27 +110,27 @@ ApplicationConfiguration:
    Password: "hunter2"
 ```
-Then, launch consensus node. They should connect to each other and start
+Then, launch consensus nodes. They should connect to each other and start
 producing blocks in consensus. You might want to deploy additional RPC
 nodes at this stage because Storage nodes should be connected to the chain too.
-It is not recommended to use consensus node as an RPC node due to security policies
+It is not recommended to use a consensus node as an RPC node due to security policies
 and possible overload issues.
-## Step 3: Initialize side chain
+## Step 3: Initialize sidechain
-Use archive with compiled NeoFS contracts to initialize side chain.
+Use archive with compiled FrostFS contracts to initialize the sidechain.
 ```
-$ tar -xzvf neofs-contract-v0.11.0.tar.gz 
+$ tar -xzvf frostfs-contract-v0.11.0.tar.gz 
-$ ./neofs-adm -c foo.network.yml morph init --contracts ./neofs-contract-v0.11.0
+$ ./frostfs-adm -c foo.network.yml morph init --contracts ./frostfs-contract-v0.11.0
 Stage 1: transfer GAS to alphabet nodes.
 Waiting for transactions to persist...
 Stage 2: set notary and alphabet nodes in designate contract.
 Waiting for transactions to persist...
 Stage 3: deploy NNS contract.
 Waiting for transactions to persist...
-Stage 4: deploy NeoFS contracts.
+Stage 4: deploy FrostFS contracts.
 Waiting for transactions to persist...
 Stage 4.1: Transfer GAS to proxy contract.
 Waiting for transactions to persist...
@ -140,21 +140,21 @@ Stage 6: transfer NEO to alphabet contracts.
 Waiting for transactions to persist...
 Stage 7: set addresses in NNS.
 Waiting for transactions to persist...
-NNS: Set alphabet0.neofs -> f692dfb4d43a15b464eb51a7041160fb29c44b6a
+NNS: Set alphabet0.frostfs -> f692dfb4d43a15b464eb51a7041160fb29c44b6a
-NNS: Set audit.neofs -> 7df847b993affb3852074345a7c2bd622171ee0d
+NNS: Set audit.frostfs -> 7df847b993affb3852074345a7c2bd622171ee0d
-NNS: Set balance.neofs -> 103519b3067a66307080a66570c0491ee8f68879
+NNS: Set balance.frostfs -> 103519b3067a66307080a66570c0491ee8f68879
-NNS: Set container.neofs -> cae60bdd689d185901e495352d0247752ce50846
+NNS: Set container.frostfs -> cae60bdd689d185901e495352d0247752ce50846
-NNS: Set neofsid.neofs -> c421fb60a3895865a8f24d197d6a80ef686041d2
+NNS: Set frostfsid.frostfs -> c421fb60a3895865a8f24d197d6a80ef686041d2
-NNS: Set netmap.neofs -> 894eb854632f50fb124412ce7951ebc00763525e
+NNS: Set netmap.frostfs -> 894eb854632f50fb124412ce7951ebc00763525e
-NNS: Set proxy.neofs -> ac6e6fe4b373d0ca0ca4969d1e58fa0988724e7d
+NNS: Set proxy.frostfs -> ac6e6fe4b373d0ca0ca4969d1e58fa0988724e7d
-NNS: Set reputation.neofs -> 6eda57c9d93d990573646762d1fea327ce41191f
+NNS: Set reputation.frostfs -> 6eda57c9d93d990573646762d1fea327ce41191f
 Waiting for transactions to persist...
 ```
 ## Step 4: Launch Alphabet nodes
 Configure Alphabet nodes with the wallets generated in step 1. For 
-`morph.validators` use list of public keys from 
+`morph.validators` use a list of public keys from 
 `ProtocolConfiguration.StandbyCommittee`.
 ```yaml
@ -174,10 +174,10 @@ contracts:
 ## Step 4: Launch Storage node
-Generate a new wallet for Storage node.
+Generate a new wallet for a Storage node.
 ```
-$ neofs-adm -c foo.network.yml morph generate-storage-wallet --storage-wallet ./sn01.json --initial-gas 10.0
+$ frostfs-adm -c foo.network.yml morph generate-storage-wallet --storage-wallet ./sn01.json --initial-gas 10.0
 New password > 
 Waiting for transactions to persist...
@ -186,7 +186,7 @@ Ngr7p8Z9S22XDH6VkUG9oXobv8zZRAWwwv (simple signature contract):
 0355eccb72cd46f09a3e5237eaa0f4949cceb5ecfa5a225bd3bb9fd021c4d75b85
 ```
-Configure Storage node to use this wallet.
+Configure the Storage node to use this wallet.
 ```
 node:
@ -196,16 +196,16 @@ node:
    password: "foobar"
 ```
-Storage node will be included in the network map in next NeoFS epoch. To
+The storage node will be included in the network map in the next FrostFS epoch. To
 speed up this process, you can increment epoch counter immediately.
 ```
-$ neofs-adm -c foo.network.yml morph force-new-epoch
+$ frostfs-adm -c foo.network.yml morph force-new-epoch
 Current epoch: 8, increase to 9.
 Waiting for transactions to persist...
 ```
 --- 
-After that NeoFS Storage is ready to work. You can access it directly or
+After that, FrostFS Storage is ready to work. You can access it directly or
 with protocol gates.
--- a/cmd/frostfs-adm/docs/subnetwork-creation.md
+++ b/cmd/frostfs-adm/docs/subnetwork-creation.md
@ -0,0 +1,39 @@
 # FrostFS subnetwork creation
 This is a short guide on how to create FrostFS subnetworks. This guide 
 considers that the sidechain and the inner ring (alphabet nodes) have already been 
 deployed and the sidechain contains a deployed `subnet` contract.
 ## Prerequisites
 To follow this guide, you need:
 - neo-go sidechain RPC endpoint;
 - latest released version of [frostfs-adm](https://github.com/TrueCloudLab/frostfs-node/releases);
 - wallet with FrostFS account.
 ## Creation
 ```shell
 $ frostfs-adm morph subnet create \
    -r <side_chain_RPC_endpoint> \
    -w </path/to/owner/wallet> \
    --notary
 Create subnet request sent successfully. ID: 4223489767.
 ```
 **NOTE:** in notary-enabled environment you should have a sufficient
 notary deposit (not expired, with enough GAS balance). Your subnet ID
 will differ from the example.
 The default account in the wallet that has been passed with `-w` flag is the owner
 of the just created subnetwork.
 You can check if your subnetwork was created successfully:
 ```shell
 $ frostfs-adm morph subnet get \
    -r <side_chain_RPC_endpoint> \
    --subnet <subnet_ID>
 Owner: NUc734PMJXiqa2J9jRtvskU3kCdyyuSN8Q
 ```
 Your owner will differ from the example.
--- a/cmd/frostfs-adm/docs/subnetwork-usage.md
+++ b/cmd/frostfs-adm/docs/subnetwork-usage.md
@ -1,27 +1,27 @@
 # Managing Subnetworks
-This is a short guide on how to manage NeoFS subnetworks. This guide
+This is a short guide on how to manage FrostFS subnetworks. This guide
-considers that side chain and inner ring (alphabet nodes) have already
+considers that the sidechain and the inner ring (alphabet nodes) have already been
-been deployed and side chain contains deployed `subnet` contract.
+deployed, and the sidechain contains a deployed `subnet` contract.
 ## Prerequisites
- neo-go side chain RPC endpoint;
+- neo-go sidechain RPC endpoint;
- latest released version of [neofs-adm](https://github.com/nspcc-dev/neofs-node/releases);
+- latest released version of [frostfs-adm](https://github.com/TrueCloudLab/frostfs-node/releases);
 - [created](subnetwork-creation.md) subnetwork;
- wallet with account that owns the subnetwork;
+- wallet with the account that owns the subnetwork;
 - public key of the Storage Node;
 - public keys of the node and client administrators;
- owner IDs of the NeoFS users.
+- owner IDs of the FrostFS users.
 ## Add node administrator
-Node administrators are the accounts that can manage (add and delete nodes)
+Node administrators are accounts that can manage (add and delete nodes)
-whitelist of the nodes that could be included to the subnetwork. Only subnet
+the whitelist of the nodes which can be included to a subnetwork. Only the subnet
-owner is allowed to add and remove node administrators from subnetwork.
+owner is allowed to add and remove node administrators from the subnetwork.
 ```shell
-$ neofs-adm morph subnet admin add \
+$ frostfs-adm morph subnet admin add \
    -r <side_chain_RPC_endpoint> \
    -w </path/to/owner/wallet> \
    --admin <HEX_admin_public_key> \
@ -33,11 +33,11 @@ Add admin request sent successfully.
 Adding a node to a subnetwork means that the node becomes able to service
 containers that have been created in that subnetwork. Addition only changes
-list of the allowed nodes. Node is not required to be bootstrapped at the
+the list of the allowed nodes. Node is not required to be bootstrapped at the
 moment of its inclusion.
 ```shell
-$ neofs-adm morph subnet node add \
+$ frostfs-adm morph subnet node add \
    -r <side_chain_RPC_endpoint> \
    -w </path/to/node_admin/wallet> \
    --node <HEX_node_public_key> \
@ -45,17 +45,17 @@ $ neofs-adm morph subnet node add \
 Add node request sent successfully.
 ```
-**NOTE:** owner of the subnetwork is also allowed to add nodes.
+**NOTE:** the owner of the subnetwork is also allowed to add nodes.
 ## Add client administrator
-Client administrators are the accounts that can manage (add and delete
+Client administrators are accounts that can manage (add and delete
-nodes) whitelist of the clients that can creates containers in the
+nodes) the whitelist of the clients that can create containers in the
-subnetwork. Only subnet owner is allowed to add and remove client
+subnetwork. Only the subnet owner is allowed to add and remove client
-administrators from subnetwork.
+administrators from the subnetwork.
 ```shell
-$ neofs-adm morph subnet admin add \
+$ frostfs-adm morph subnet admin add \
    -r <side_chain_RPC_endpoint> \
    -w </path/to/owner/wallet> \
    --admin <HEX_admin_public_key> \
@ -65,14 +65,14 @@ $ neofs-adm morph subnet admin add \
 Add admin request sent successfully.
 ```
-**NOTE:** you do not need to create group explicitly, it would be created
+**NOTE:** you do not need to create a group explicitly, it will be created
-right after the first client admin has been added. Group ID is 4-byte
+right after the first client admin is added. Group ID is a 4-byte
 positive integer number.
 ## Add client
 ```shell
-$ neofs-adm morph subnet client add \
+$ frostfs-adm morph subnet client add \
    -r <side_chain_RPC_endpoint> \
    -w </path/to/client_admin/wallet> \
    --client <client_ownerID> \
@ -81,17 +81,17 @@ $ neofs-adm morph subnet client add \
 Add client request sent successfully.
 ```
-**NOTE:** owner of the subnetwork is also allowed to add clients. This is
+**NOTE:** the owner of the subnetwork is also allowed to add clients. This is
 the only one command that accepts `ownerID`, not the public key.
-Administrator can manage only his group (a group where that administrator
+Administrator can manage only their group (a group where that administrator
-has been added by subnet owner).
+has been added by the subnet owner).
 # Bootstrapping Storage Node
-After subnetwork [creation](subnetwork-creation.md) and inclusion node to it, the 
+After a subnetwork [is created](subnetwork-creation.md) and a node is included into it, the 
 node could be bootstrapped and service subnetwork containers.
-For bootstrapping you need to specify ID of the subnetwork in the node's 
+For bootstrapping, you need to specify the ID of the subnetwork in the node's 
 configuration: 
 ```yaml
@ -99,7 +99,7 @@ configuration:
 node:
  ...
  subnet:
-    entries: # list of IDs of subnets to enter in a text format of NeoFS API protocol (overrides corresponding attributes)
+    entries: # list of IDs of subnets to enter in a text format of FrostFS API protocol (overrides corresponding attributes)
      - <subnetwork_ID>
  ...
 ...
@ -108,7 +108,7 @@ node:
 **NOTE:** specifying subnetwork that is denied for the node is not an error:
 that configuration value would be ignored. You do not need to specify zero 
 (with 0 ID) subnetwork: its inclusion is implicit. On the contrary, to exclude
-node from the default zero subnetwork you need to specify it explicitly:
+a node from the default zero subnetwork, you need to specify it explicitly:
 ```yaml
 ...
@ -122,16 +122,16 @@ node:
 # Creating container in non-zero subnetwork
-Creating containers without using `--subnet` flag is equivalent to the 
+Creating containers without using `--subnet` flag is equivalent to 
 creating container in the zero subnetwork.
-To create container in a private network your wallet must have been added to
+To create a container in a private network, your wallet must be added to
-the client whitelist by client admins or subnet owners:
+the client whitelist by the client admins or the subnet owners:
 ```shell
-$ neofs-cli container create \
+$ frostfs-cli container create \
    --policy 'REP 1' \
    -w </path/to/wallet> \
-    -r s01.neofs.devenv:8080 \
+    -r s01.frostfs.devenv:8080 \
    --subnet <subnet_ID>
 ```
--- a/cmd/frostfs-adm/internal/commonflags/flags.go
+++ b/cmd/frostfs-adm/internal/commonflags/flags.go
@ -0,0 +1,14 @@
 package commonflags
 const (
 	ConfigFlag          = "config"
 	ConfigFlagShorthand = "c"
 	ConfigFlagUsage     = "Config file"
 	ConfigDirFlag      = "config-dir"
 	ConfigDirFlagUsage = "Config directory"
 	Verbose          = "verbose"
 	VerboseShorthand = "v"
 	VerboseUsage     = "Verbose output"
 )
--- a/cmd/frostfs-adm/internal/modules/config/config.go
+++ b/cmd/frostfs-adm/internal/modules/config/config.go
@ -7,8 +7,8 @@ import (
 	"path/filepath"
 	"text/template"
 	"github.com/TrueCloudLab/frostfs-node/pkg/innerring"
 	"github.com/nspcc-dev/neo-go/cli/input"
 	"github.com/nspcc-dev/neofs-node/pkg/innerring"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@ -25,6 +25,7 @@ type configTemplate struct {
 	ContainerAliasFee       int
 	WithdrawFee             int
 	Glagolitics             []string
 	HomomorphicHashDisabled bool
 }
 const configTxtTemplate = `rpc-endpoint: {{ .Endpoint}}
@ -33,13 +34,14 @@ network:
  max_object_size: {{ .MaxObjectSize}}
  epoch_duration: {{ .EpochDuration}}
  basic_income_rate: {{ .BasicIncomeRate}}
  homomorphic_hash_disabled: {{ .HomomorphicHashDisabled}}
  fee:
    audit: {{ .AuditFee}}
    candidate: {{ .CandidateFee}}
    container: {{ .ContainerFee}}
    container_alias: {{ .ContainerAliasFee }}
    withdraw: {{ .WithdrawFee}}
-# if credentials section is omitted, then neofs-adm will require manual password input
+# if credentials section is omitted, then frostfs-adm will require manual password input
 credentials:
  contract: password # wallet for contract group signature{{ range.Glagolitics}}
  {{.}}: password{{end}}
@ -97,7 +99,7 @@ func defaultConfigPath() (string, error) {
 		return "", fmt.Errorf("getting home dir path: %w", err)
 	}
-	return filepath.Join(home, ".neofs", "adm", "config.yml"), nil
+	return filepath.Join(home, ".frostfs", "adm", "config.yml"), nil
 }
 // generateConfigExample builds .yml representation of the config file. It is
@ -110,6 +112,7 @@ func generateConfigExample(appDir string, credSize int) (string, error) {
 		MaxObjectSize:           67108864,      // 64 MiB
 		EpochDuration:           240,           // 1 hour with 15s per block
 		BasicIncomeRate:         1_0000_0000,   // 0.0001 GAS per GiB (Fixed12)
 		HomomorphicHashDisabled: false,         // object homomorphic hash is enabled
 		AuditFee:                1_0000,        // 0.00000001 GAS per audit (Fixed12)
 		CandidateFee:            100_0000_0000, // 100.0 GAS (Fixed8)
 		ContainerFee:            1000,          // 0.000000001 * 7 GAS per container (Fixed12)
@ -144,13 +147,20 @@ func generateConfigExample(appDir string, credSize int) (string, error) {
 	return buf.String(), nil
 }
-func AlphabetPassword(v *viper.Viper, index int) (string, error) {
+func GetPassword(v *viper.Viper, name string) (string, error) {
-	letter := innerring.GlagoliticLetter(index)
+	key := "credentials." + name
 	key := "credentials." + letter.String()
 	if v.IsSet(key) {
 		return v.GetString(key), nil
 	}
-	prompt := "Password for " + letter.String() + " wallet > "
+	prompt := "Password for " + name + " wallet > "
 	return input.ReadPassword(prompt)
 }
 func GetStoragePassword(v *viper.Viper, name string) (string, error) {
 	key := "storage." + name
 	if name != "" && v.IsSet(key) {
 		return v.GetString(key), nil
 	}
 	return input.ReadPassword("New password > ")
 }
--- a/cmd/frostfs-adm/internal/modules/config/config_test.go
+++ b/cmd/frostfs-adm/internal/modules/config/config_test.go
@ -5,7 +5,7 @@ import (
 	"path/filepath"
 	"testing"
-	"github.com/nspcc-dev/neofs-node/pkg/innerring"
+	"github.com/TrueCloudLab/frostfs-node/pkg/innerring"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 )
@ -13,7 +13,7 @@ import (
 func TestGenerateConfigExample(t *testing.T) {
 	const (
 		n      = 10
-		appDir = "/home/example/.neofs"
+		appDir = "/home/example/.frostfs"
 	)
 	configText, err := generateConfigExample(appDir, n)
--- a/cmd/frostfs-adm/internal/modules/config/root.go
+++ b/cmd/frostfs-adm/internal/modules/config/root.go
@ -0,0 +1,29 @@
 package config
 import (
 	"github.com/spf13/cobra"
 )
 const configPathFlag = "path"
 var (
 	// RootCmd is a root command of config section.
 	RootCmd = &cobra.Command{
 		Use:   "config",
 		Short: "Section for frostfs-adm config related commands",
 	}
 	initCmd = &cobra.Command{
 		Use:   "init",
 		Short: "Initialize basic frostfs-adm configuration file",
 		Example: `frostfs-adm config init
 frostfs-adm config init --path .config/frostfs-adm.yml`,
 		RunE: initConfig,
 	}
 )
 func init() {
 	RootCmd.AddCommand(initCmd)
 	initCmd.Flags().String(configPathFlag, "", "Path to config (default ~/.frostfs/adm/config.yml)")
 }
--- a/cmd/frostfs-adm/internal/modules/config/util.go
+++ b/cmd/frostfs-adm/internal/modules/config/util.go
--- a/cmd/frostfs-adm/internal/modules/morph/balance.go
+++ b/cmd/frostfs-adm/internal/modules/morph/balance.go
@ -6,22 +6,23 @@ import (
 	"fmt"
 	"math/big"
-	"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
+	"github.com/TrueCloudLab/frostfs-contract/nns"
 	"github.com/TrueCloudLab/frostfs-sdk-go/netmap"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/noderoles"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
 	"github.com/nspcc-dev/neo-go/pkg/io"
-	"github.com/nspcc-dev/neo-go/pkg/rpc/client"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/gas"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/rolemgmt"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
-	"github.com/nspcc-dev/neofs-contract/nns"
+	"github.com/nspcc-dev/neo-go/pkg/vm/vmstate"
 	"github.com/nspcc-dev/neofs-sdk-go/netmap"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@ -57,10 +58,7 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {
 		return err
 	}
-	gasHash, err := c.GetNativeContractHash(nativenames.Gas)
+	inv := invoker.New(c, nil)
 	if err != nil {
 		return fmt.Errorf("can't fetch hash of the GAS contract: %w", err)
 	}
 	if !notaryEnabled || dumpStorage || dumpAlphabet || dumpProxy {
 		nnsCs, err = c.GetContractStateByID(1)
@ -68,29 +66,25 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {
 			return fmt.Errorf("can't get NNS contract info: %w", err)
 		}
-		nmHash, err = nnsResolveHash(c, nnsCs.Hash, netmapContract+".neofs")
+		nmHash, err = nnsResolveHash(inv, nnsCs.Hash, netmapContract+".frostfs")
 		if err != nil {
 			return fmt.Errorf("can't get netmap contract hash: %w", err)
 		}
 	}
-	irList, err := fetchIRNodes(c, nmHash)
+	irList, err := fetchIRNodes(c, nmHash, rolemgmt.Hash)
 	if err != nil {
 		return err
 	}
-	if err := fetchBalances(c, gasHash, irList); err != nil {
+	if err := fetchBalances(inv, gas.Hash, irList); err != nil {
 		return err
 	}
 	printBalances(cmd, "Inner ring nodes balances:", irList)
 	if dumpStorage {
-		res, err := c.InvokeFunction(nmHash, "netmap", []smartcontract.Parameter{}, nil)
+		arr, err := unwrap.Array(inv.Call(nmHash, "netmap"))
-		if err != nil || res.State != vm.HaltState.String() || len(res.Stack) == 0 {
+		if err != nil {
 			return errors.New("can't fetch the list of storage nodes")
 		}
 		arr, ok := res.Stack[0].Value().([]stackitem.Item)
 		if !ok {
 			return errors.New("can't fetch the list of storage nodes")
 		}
@ -115,20 +109,20 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {
 			snList[i].scriptHash = pub.GetScriptHash()
 		}
-		if err := fetchBalances(c, gasHash, snList); err != nil {
+		if err := fetchBalances(inv, gas.Hash, snList); err != nil {
 			return err
 		}
 		printBalances(cmd, "\nStorage node balances:", snList)
 	}
 	if dumpProxy {
-		h, err := nnsResolveHash(c, nnsCs.Hash, proxyContract+".neofs")
+		h, err := nnsResolveHash(inv, nnsCs.Hash, proxyContract+".frostfs")
 		if err != nil {
 			return fmt.Errorf("can't get hash of the proxy contract: %w", err)
 		}
 		proxyList := []accBalancePair{{scriptHash: h}}
-		if err := fetchBalances(c, gasHash, proxyList); err != nil {
+		if err := fetchBalances(inv, gas.Hash, proxyList); err != nil {
 			return err
 		}
 		printBalances(cmd, "\nProxy contract balance:", proxyList)
@ -160,7 +154,7 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {
 			alphaList[i].scriptHash = h
 		}
-		if err := fetchBalances(c, gasHash, alphaList); err != nil {
+		if err := fetchBalances(inv, gas.Hash, alphaList); err != nil {
 			return err
 		}
 		printBalances(cmd, "\nAlphabet contracts balances:", alphaList)
@ -169,16 +163,18 @@ func dumpBalances(cmd *cobra.Command, _ []string) error {
 	return nil
 }
-func fetchIRNodes(c *client.Client, nmHash util.Uint160) ([]accBalancePair, error) {
+func fetchIRNodes(c Client, nmHash, desigHash util.Uint160) ([]accBalancePair, error) {
 	var irList []accBalancePair
 	inv := invoker.New(c, nil)
 	if notaryEnabled {
 		height, err := c.GetBlockCount()
 		if err != nil {
 			return nil, fmt.Errorf("can't get block height: %w", err)
 		}
-		arr, err := c.GetDesignatedByRole(noderoles.NeoFSAlphabet, height)
+		arr, err := getDesignatedByRole(inv, desigHash, noderoles.NeoFSAlphabet, height)
 		if err != nil {
 			return nil, errors.New("can't fetch list of IR nodes from the netmap contract")
 		}
@ -188,27 +184,14 @@ func fetchIRNodes(c *client.Client, nmHash util.Uint160) ([]accBalancePair, erro
 			irList[i].scriptHash = arr[i].GetScriptHash()
 		}
 	} else {
-		res, err := c.InvokeFunction(nmHash, "innerRingList", []smartcontract.Parameter{}, nil)
+		arr, err := unwrap.ArrayOfBytes(inv.Call(nmHash, "innerRingList"))
-		if err != nil || res.State != vm.HaltState.String() || len(res.Stack) == 0 {
+		if err != nil {
 			return nil, errors.New("can't fetch list of IR nodes from the netmap contract")
 		}
 		arr, ok := res.Stack[0].Value().([]stackitem.Item)
 		if !ok || len(arr) == 0 {
 			return nil, errors.New("can't fetch list of IR nodes: invalid response")
 		}
 		irList = make([]accBalancePair, len(arr))
 		for i := range arr {
-			node, ok := arr[i].Value().([]stackitem.Item)
+			pub, err := keys.NewPublicKeyFromBytes(arr[i], elliptic.P256())
 			if !ok || len(arr) == 0 {
 				return nil, errors.New("can't fetch list of IR nodes: invalid response")
 			}
 			bs, err := node[0].TryBytes()
 			if err != nil {
 				return nil, fmt.Errorf("can't fetch list of IR nodes: %w", err)
 			}
 			pub, err := keys.NewPublicKeyFromBytes(bs, elliptic.P256())
 			if err != nil {
 				return nil, fmt.Errorf("can't parse IR node public key: %w", err)
 			}
@ -233,7 +216,7 @@ func printBalances(cmd *cobra.Command, prefix string, accounts []accBalancePair)
 	}
 }
-func fetchBalances(c *client.Client, gasHash util.Uint160, accounts []accBalancePair) error {
+func fetchBalances(c *invoker.Invoker, gasHash util.Uint160, accounts []accBalancePair) error {
 	w := io.NewBufBinWriter()
 	for i := range accounts {
 		emit.AppCall(w.BinWriter, gasHash, "balanceOf", callflag.ReadStates, accounts[i].scriptHash)
@ -242,8 +225,8 @@ func fetchBalances(c *client.Client, gasHash util.Uint160, accounts []accBalance
 		panic(w.Err)
 	}
-	res, err := c.InvokeScript(w.Bytes(), nil)
+	res, err := c.Run(w.Bytes())
-	if err != nil || res.State != vm.HaltState.String() || len(res.Stack) != len(accounts) {
+	if err != nil || res.State != vmstate.Halt.String() || len(res.Stack) != len(accounts) {
 		return errors.New("can't fetch account balances")
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/config.go
+++ b/cmd/frostfs-adm/internal/modules/morph/config.go
@ -0,0 +1,192 @@
 package morph
 import (
 	"bytes"
 	"encoding/binary"
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"strconv"
 	"strings"
 	"text/tabwriter"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 const forceConfigSet = "force"
 func dumpNetworkConfig(cmd *cobra.Command, _ []string) error {
 	c, err := getN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
 	inv := invoker.New(c, nil)
 	cs, err := c.GetContractStateByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
 	nmHash, err := nnsResolveHash(inv, cs.Hash, netmapContract+".frostfs")
 	if err != nil {
 		return fmt.Errorf("can't get netmap contract hash: %w", err)
 	}
 	arr, err := unwrap.Array(inv.Call(nmHash, "listConfig"))
 	if err != nil {
 		return errors.New("can't fetch list of network config keys from the netmap contract")
 	}
 	buf := bytes.NewBuffer(nil)
 	tw := tabwriter.NewWriter(buf, 0, 2, 2, ' ', 0)
 	for _, param := range arr {
 		tuple, ok := param.Value().([]stackitem.Item)
 		if !ok || len(tuple) != 2 {
 			return errors.New("invalid ListConfig response from netmap contract")
 		}
 		k, err := tuple[0].TryBytes()
 		if err != nil {
 			return errors.New("invalid config key from netmap contract")
 		}
 		v, err := tuple[1].TryBytes()
 		if err != nil {
 			return invalidConfigValueErr(k)
 		}
 		switch string(k) {
 		case netmapAuditFeeKey, netmapBasicIncomeRateKey,
 			netmapContainerFeeKey, netmapContainerAliasFeeKey,
 			netmapEigenTrustIterationsKey,
 			netmapEpochKey, netmapInnerRingCandidateFeeKey,
 			netmapMaxObjectSizeKey, netmapWithdrawFeeKey:
 			nbuf := make([]byte, 8)
 			copy(nbuf[:], v)
 			n := binary.LittleEndian.Uint64(nbuf)
 			_, _ = tw.Write([]byte(fmt.Sprintf("%s:\t%d (int)\n", k, n)))
 		case netmapEigenTrustAlphaKey:
 			_, _ = tw.Write([]byte(fmt.Sprintf("%s:\t%s (str)\n", k, v)))
 		case netmapHomomorphicHashDisabledKey, netmapMaintenanceAllowedKey:
 			vBool, err := tuple[1].TryBool()
 			if err != nil {
 				return invalidConfigValueErr(k)
 			}
 			_, _ = tw.Write([]byte(fmt.Sprintf("%s:\t%t (bool)\n", k, vBool)))
 		default:
 			_, _ = tw.Write([]byte(fmt.Sprintf("%s:\t%s (hex)\n", k, hex.EncodeToString(v))))
 		}
 	}
 	_ = tw.Flush()
 	cmd.Print(buf.String())
 	return nil
 }
 func setConfigCmd(cmd *cobra.Command, args []string) error {
 	if len(args) == 0 {
 		return errors.New("empty config pairs")
 	}
 	wCtx, err := newInitializeContext(cmd, viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't initialize context: %w", err)
 	}
 	cs, err := wCtx.Client.GetContractStateByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
 	nmHash, err := nnsResolveHash(wCtx.ReadOnlyInvoker, cs.Hash, netmapContract+".frostfs")
 	if err != nil {
 		return fmt.Errorf("can't get netmap contract hash: %w", err)
 	}
 	forceFlag, _ := cmd.Flags().GetBool(forceConfigSet)
 	bw := io.NewBufBinWriter()
 	for _, arg := range args {
 		k, v, err := parseConfigPair(arg, forceFlag)
 		if err != nil {
 			return err
 		}
 		// In NeoFS this is done via Notary contract. Here, however, we can form the
 		// transaction locally. The first `nil` argument is required only for notary
 		// disabled environment which is not supported by that command.
 		emit.AppCall(bw.BinWriter, nmHash, "setConfig", callflag.All, nil, k, v)
 		if bw.Err != nil {
 			return fmt.Errorf("can't form raw transaction: %w", bw.Err)
 		}
 	}
 	err = wCtx.sendConsensusTx(bw.Bytes())
 	if err != nil {
 		return err
 	}
 	return wCtx.awaitTx()
 }
 func parseConfigPair(kvStr string, force bool) (key string, val any, err error) {
 	k, v, found := strings.Cut(kvStr, "=")
 	if !found {
 		return "", nil, fmt.Errorf("invalid parameter format: must be 'key=val', got: %s", kvStr)
 	}
 	key = k
 	valRaw := v
 	switch key {
 	case netmapAuditFeeKey, netmapBasicIncomeRateKey,
 		netmapContainerFeeKey, netmapContainerAliasFeeKey,
 		netmapEigenTrustIterationsKey,
 		netmapEpochKey, netmapInnerRingCandidateFeeKey,
 		netmapMaxObjectSizeKey, netmapWithdrawFeeKey:
 		val, err = strconv.ParseInt(valRaw, 10, 64)
 		if err != nil {
 			err = fmt.Errorf("could not parse %s's value '%s' as int: %w", key, valRaw, err)
 		}
 	case netmapEigenTrustAlphaKey:
 		// just check that it could
 		// be parsed correctly
 		_, err = strconv.ParseFloat(v, 64)
 		if err != nil {
 			err = fmt.Errorf("could not parse %s's value '%s' as float: %w", key, valRaw, err)
 		}
 		val = valRaw
 	case netmapHomomorphicHashDisabledKey, netmapMaintenanceAllowedKey:
 		val, err = strconv.ParseBool(valRaw)
 		if err != nil {
 			err = fmt.Errorf("could not parse %s's value '%s' as bool: %w", key, valRaw, err)
 		}
 	default:
 		if !force {
 			return "", nil, fmt.Errorf(
 				"'%s' key is not well-known, use '--%s' flag if want to set it anyway",
 				key, forceConfigSet)
 		}
 		val = valRaw
 	}
 	return
 }
 func invalidConfigValueErr(key []byte) error {
 	return fmt.Errorf("invalid %s config value from netmap contract", key)
 }
--- a/cmd/frostfs-adm/internal/modules/morph/container.go
+++ b/cmd/frostfs-adm/internal/modules/morph/container.go
@ -7,20 +7,52 @@ import (
 	"os"
 	"sort"
 	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
 	"github.com/nspcc-dev/neo-go/pkg/io"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 var errInvalidContainerResponse = errors.New("invalid response from container contract")
 func getContainerContractHash(cmd *cobra.Command, inv *invoker.Invoker, c Client) (util.Uint160, error) {
 	s, err := cmd.Flags().GetString(containerContractFlag)
 	var ch util.Uint160
 	if err == nil {
 		ch, err = util.Uint160DecodeStringLE(s)
 	}
 	if err != nil {
 		nnsCs, err := c.GetContractStateByID(1)
 		if err != nil {
 			return util.Uint160{}, fmt.Errorf("can't get NNS contract state: %w", err)
 		}
 		ch, err = nnsResolveHash(inv, nnsCs.Hash, containerContract+".frostfs")
 		if err != nil {
 			return util.Uint160{}, err
 		}
 	}
 	return ch, nil
 }
 func getContainersList(inv *invoker.Invoker, ch util.Uint160) ([][]byte, error) {
 	res, err := inv.Call(ch, "list", "")
 	if err != nil {
 		return nil, fmt.Errorf("%w: %v", errInvalidContainerResponse, err)
 	}
 	itm, err := unwrap.Item(res, err)
 	if _, ok := itm.(stackitem.Null); !ok {
 		return unwrap.ArrayOfBytes(res, err)
 	}
 	return nil, nil
 }
 func dumpContainers(cmd *cobra.Command, _ []string) error {
 	filename, err := cmd.Flags().GetString(containerDumpFlag)
 	if err != nil {
@ -32,42 +64,18 @@ func dumpContainers(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
-	nnsCs, err := c.GetContractStateByID(1)
+	inv := invoker.New(c, nil)
 	ch, err := getContainerContractHash(cmd, inv, c)
 	if err != nil {
-		return fmt.Errorf("can't get NNS contract state: %w", err)
+		return fmt.Errorf("unable to get contaract hash: %w", err)
 	}
-	var ch util.Uint160
+	cids, err := getContainersList(inv, ch)
 	s, err := cmd.Flags().GetString(containerContractFlag)
 	if err == nil {
 		ch, err = util.Uint160DecodeStringLE(s)
 	}
 	if err != nil {
 		ch, err = nnsResolveHash(c, nnsCs.Hash, containerContract+".neofs")
 		if err != nil {
 			return err
 		}
 	}
 	res, err := c.InvokeFunction(ch, "list",
 		[]smartcontract.Parameter{{Type: smartcontract.StringType, Value: ""}}, nil)
 	if err != nil {
 		return fmt.Errorf("%w: %v", errInvalidContainerResponse, err)
 	}
 	var cids [][]byte
 	arr, ok := res.Stack[0].Value().([]stackitem.Item)
 	if !ok {
 		return fmt.Errorf("%w: not a struct", errInvalidContainerResponse)
 	}
 	for _, item := range arr {
 		id, err := item.TryBytes()
 		if err != nil {
 			return fmt.Errorf("%w: %v", errInvalidContainerResponse, err)
 		}
 		cids = append(cids, id)
 	}
 	isOK, err := getCIDFilterFunc(cmd)
 	if err != nil {
 		return err
@ -82,7 +90,7 @@ func dumpContainers(cmd *cobra.Command, _ []string) error {
 		bw.Reset()
 		emit.AppCall(bw.BinWriter, ch, "get", callflag.All, id)
 		emit.AppCall(bw.BinWriter, ch, "eACL", callflag.All, id)
-		res, err := c.InvokeScript(bw.Bytes(), nil)
+		res, err := inv.Run(bw.Bytes())
 		if err != nil {
 			return fmt.Errorf("can't get container info: %w", err)
 		}
@ -115,6 +123,35 @@ func dumpContainers(cmd *cobra.Command, _ []string) error {
 	return os.WriteFile(filename, out, 0o660)
 }
 func listContainers(cmd *cobra.Command, _ []string) error {
 	c, err := getN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
 	inv := invoker.New(c, nil)
 	ch, err := getContainerContractHash(cmd, inv, c)
 	if err != nil {
 		return fmt.Errorf("unable to get contaract hash: %w", err)
 	}
 	cids, err := getContainersList(inv, ch)
 	if err != nil {
 		return fmt.Errorf("%w: %v", errInvalidContainerResponse, err)
 	}
 	for _, id := range cids {
 		var idCnr cid.ID
 		err = idCnr.Decode(id)
 		if err != nil {
 			return fmt.Errorf("unable to decode container id: %w", err)
 		}
 		cmd.Println(idCnr)
 	}
 	return nil
 }
 func restoreContainers(cmd *cobra.Command, _ []string) error {
 	filename, err := cmd.Flags().GetString(containerDumpFlag)
 	if err != nil {
@ -125,13 +162,14 @@ func restoreContainers(cmd *cobra.Command, _ []string) error {
 	if err != nil {
 		return err
 	}
 	defer wCtx.close()
 	nnsCs, err := wCtx.Client.GetContractStateByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract state: %w", err)
 	}
-	ch, err := nnsResolveHash(wCtx.Client, nnsCs.Hash, containerContract+".neofs")
+	ch, err := nnsResolveHash(wCtx.ReadOnlyInvoker, nnsCs.Hash, containerContract+".frostfs")
 	if err != nil {
 		return fmt.Errorf("can't fetch container contract hash: %w", err)
 	}
@ -173,7 +211,7 @@ func restoreContainers(cmd *cobra.Command, _ []string) error {
 			return fmt.Errorf("%w: %v", errInvalidContainerResponse, err)
 		}
 		if len(old.Value) != 0 {
-			id := cid.New()
+			var id cid.ID
 			id.SetSHA256(hv)
 			cmd.Printf("Container %s is already deployed.\n", id)
 			continue
@ -190,7 +228,7 @@ func restoreContainers(cmd *cobra.Command, _ []string) error {
 			panic(bw.Err)
 		}
-		if err := wCtx.sendCommitteeTx(bw.Bytes(), -1, true); err != nil {
+		if err := wCtx.sendConsensusTx(bw.Bytes()); err != nil {
 			return err
 		}
 	}
@ -316,7 +354,7 @@ func getCIDFilterFunc(cmd *cobra.Command) (func([]byte) bool, error) {
 	}
 	for i := range rawIDs {
-		err := cid.New().Parse(rawIDs[i])
+		err := new(cid.ID).DecodeString(rawIDs[i])
 		if err != nil {
 			return nil, fmt.Errorf("can't parse CID %s: %w", rawIDs[i], err)
 		}
@ -326,9 +364,9 @@ func getCIDFilterFunc(cmd *cobra.Command) (func([]byte) bool, error) {
 		var v [32]byte
 		copy(v[:], rawID)
-		id := cid.New()
+		var id cid.ID
 		id.SetSHA256(v)
-		idStr := id.String()
+		idStr := id.EncodeToString()
 		n := sort.Search(len(rawIDs), func(i int) bool { return rawIDs[i] >= idStr })
 		return n < len(rawIDs) && rawIDs[n] == idStr
 	}, nil
--- a/cmd/frostfs-adm/internal/modules/morph/deploy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/deploy.go
@ -0,0 +1,224 @@
 package morph
 import (
 	"encoding/json"
 	"fmt"
 	"os"
 	"strings"
 	"github.com/TrueCloudLab/frostfs-contract/nns"
 	"github.com/nspcc-dev/neo-go/cli/cmdargs"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
 	"github.com/nspcc-dev/neo-go/pkg/services/rpcsrv/params"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 const (
 	contractPathFlag = "contract"
 	updateFlag       = "update"
 	customZoneFlag   = "domain"
 )
 var deployCmd = &cobra.Command{
 	Use:   "deploy",
 	Short: "Deploy additional smart-contracts",
 	Long: `Deploy additional smart-contract which are not related to core.
 All contracts are deployed by the committee, so access to the alphabet wallets is required.
 Optionally, arguments can be provided to be passed to a contract's _deploy function.
 The syntax is the same as for 'neo-go contract testinvokefunction' command.
 Compiled contract file name must contain '_contract.nef' suffix.
 Contract's manifest file name must be 'config.json'.
 NNS name is taken by stripping '_contract.nef' from the NEF file (similar to frostfs contracts).`,
 	PreRun: func(cmd *cobra.Command, _ []string) {
 		_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
 		_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 	},
 	RunE: deployContractCmd,
 }
 func init() {
 	ff := deployCmd.Flags()
 	ff.String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
 	_ = deployCmd.MarkFlagFilename(alphabetWalletsFlag)
 	ff.StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	ff.String(contractPathFlag, "", "Path to the contract directory")
 	_ = deployCmd.MarkFlagFilename(contractPathFlag)
 	ff.Bool(updateFlag, false, "Update an existing contract")
 	ff.String(customZoneFlag, "frostfs", "Custom zone for NNS")
 }
 func deployContractCmd(cmd *cobra.Command, args []string) error {
 	v := viper.GetViper()
 	c, err := newInitializeContext(cmd, v)
 	if err != nil {
 		return fmt.Errorf("initialization error: %w", err)
 	}
 	defer c.close()
 	ctrPath, _ := cmd.Flags().GetString(contractPathFlag)
 	ctrName, err := probeContractName(ctrPath)
 	if err != nil {
 		return err
 	}
 	cs, err := readContract(ctrPath, ctrName)
 	if err != nil {
 		return err
 	}
 	nnsCs, err := c.Client.GetContractStateByID(1)
 	if err != nil {
 		return fmt.Errorf("can't fetch NNS contract state: %w", err)
 	}
 	callHash := management.Hash
 	method := deployMethodName
 	zone, _ := cmd.Flags().GetString(customZoneFlag)
 	domain := ctrName + "." + zone
 	isUpdate, _ := cmd.Flags().GetBool(updateFlag)
 	if isUpdate {
 		cs.Hash, err = nnsResolveHash(c.ReadOnlyInvoker, nnsCs.Hash, domain)
 		if err != nil {
 			return fmt.Errorf("can't fetch contract hash from NNS: %w", err)
 		}
 		callHash = cs.Hash
 		method = updateMethodName
 	} else {
 		cs.Hash = state.CreateContractHash(
 			c.CommitteeAcc.Contract.ScriptHash(),
 			cs.NEF.Checksum,
 			cs.Manifest.Name)
 	}
 	w := io.NewBufBinWriter()
 	if err := emitDeploymentArguments(w.BinWriter, args); err != nil {
 		return err
 	}
 	emit.Bytes(w.BinWriter, cs.RawManifest)
 	emit.Bytes(w.BinWriter, cs.RawNEF)
 	emit.Int(w.BinWriter, 3)
 	emit.Opcodes(w.BinWriter, opcode.PACK)
 	emit.AppCallNoArgs(w.BinWriter, callHash, method, callflag.All)
 	emit.Opcodes(w.BinWriter, opcode.DROP) // contract state on stack
 	if !isUpdate {
 		bw := io.NewBufBinWriter()
 		emit.Instruction(bw.BinWriter, opcode.INITSSLOT, []byte{1})
 		emit.AppCall(bw.BinWriter, nnsCs.Hash, "getPrice", callflag.All)
 		emit.Opcodes(bw.BinWriter, opcode.STSFLD0)
 		emit.AppCall(bw.BinWriter, nnsCs.Hash, "setPrice", callflag.All, 1)
 		start := bw.Len()
 		needRecord := false
 		ok, err := c.nnsRootRegistered(nnsCs.Hash, zone)
 		if err != nil {
 			return err
 		} else if !ok {
 			needRecord = true
 			emit.AppCall(bw.BinWriter, nnsCs.Hash, "register", callflag.All,
 				zone, c.CommitteeAcc.Contract.ScriptHash(),
 				"ops@nspcc.ru", int64(3600), int64(600), int64(defaultExpirationTime), int64(3600))
 			emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 			emit.AppCall(bw.BinWriter, nnsCs.Hash, "register", callflag.All,
 				domain, c.CommitteeAcc.Contract.ScriptHash(),
 				"ops@nspcc.ru", int64(3600), int64(600), int64(defaultExpirationTime), int64(3600))
 			emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 		} else {
 			s, ok, err := c.nnsRegisterDomainScript(nnsCs.Hash, cs.Hash, domain)
 			if err != nil {
 				return err
 			}
 			needRecord = !ok
 			if len(s) != 0 {
 				bw.WriteBytes(s)
 			}
 		}
 		if needRecord {
 			emit.AppCall(bw.BinWriter, nnsCs.Hash, "deleteRecords", callflag.All, domain, int64(nns.TXT))
 			emit.AppCall(bw.BinWriter, nnsCs.Hash, "addRecord", callflag.All,
 				domain, int64(nns.TXT), address.Uint160ToString(cs.Hash))
 		}
 		if bw.Err != nil {
 			panic(fmt.Errorf("BUG: can't create deployment script: %w", w.Err))
 		} else if bw.Len() != start {
 			w.WriteBytes(bw.Bytes())
 			emit.Opcodes(w.BinWriter, opcode.LDSFLD0, opcode.PUSH1, opcode.PACK)
 			emit.AppCallNoArgs(w.BinWriter, nnsCs.Hash, "setPrice", callflag.All)
 			if needRecord {
 				c.Command.Printf("NNS: Set %s -> %s\n", domain, cs.Hash.StringLE())
 			}
 		}
 	}
 	if w.Err != nil {
 		panic(fmt.Errorf("BUG: can't create deployment script: %w", w.Err))
 	}
 	if err := c.sendCommitteeTx(w.Bytes(), false); err != nil {
 		return err
 	}
 	return c.awaitTx()
 }
 func emitDeploymentArguments(w *io.BinWriter, args []string) error {
 	_, ps, err := cmdargs.ParseParams(args, true)
 	if err != nil {
 		return err
 	}
 	if len(ps) == 0 {
 		emit.Opcodes(w, opcode.NEWARRAY0)
 		return nil
 	}
 	if len(ps) != 1 {
 		return fmt.Errorf("at most one argument is expected for deploy, got %d", len(ps))
 	}
 	// We could emit this directly, but round-trip through JSON is more robust.
 	// This a CLI, so optimizing the conversion is not worth the effort.
 	data, err := json.Marshal(ps)
 	if err != nil {
 		return err
 	}
 	var pp params.Params
 	if err := json.Unmarshal(data, &pp); err != nil {
 		return err
 	}
 	return params.ExpandArrayIntoScript(w, pp)
 }
 func probeContractName(ctrPath string) (string, error) {
 	ds, err := os.ReadDir(ctrPath)
 	if err != nil {
 		return "", fmt.Errorf("can't read directory: %w", err)
 	}
 	var ctrName string
 	for i := range ds {
 		if strings.HasSuffix(ds[i].Name(), "_contract.nef") {
 			ctrName = strings.TrimSuffix(ds[i].Name(), "_contract.nef")
 			break
 		}
 	}
 	if ctrName == "" {
 		return "", fmt.Errorf("can't find any NEF files in %s", ctrPath)
 	}
 	return ctrName, nil
 }
--- a/cmd/frostfs-adm/internal/modules/morph/download.go
+++ b/cmd/frostfs-adm/internal/modules/morph/download.go
@ -14,7 +14,7 @@ import (
 func downloadContractsFromGithub(cmd *cobra.Command) (io.ReadCloser, error) {
 	gcl := github.NewClient(nil)
-	release, _, err := gcl.Repositories.GetLatestRelease(context.Background(), "nspcc-dev", "neofs-contract")
+	release, _, err := gcl.Repositories.GetLatestRelease(context.Background(), "nspcc-dev", "frostfs-contract")
 	if err != nil {
 		return nil, fmt.Errorf("can't fetch release info: %w", err)
 	}
@ -23,7 +23,7 @@ func downloadContractsFromGithub(cmd *cobra.Command) (io.ReadCloser, error) {
 	var url string
 	for _, a := range release.Assets {
-		if strings.HasPrefix(a.GetName(), "neofs-contract") {
+		if strings.HasPrefix(a.GetName(), "frostfs-contract") {
 			url = a.GetBrowserDownloadURL()
 			break
 		}
--- a/cmd/frostfs-adm/internal/modules/morph/dump_hashes.go
+++ b/cmd/frostfs-adm/internal/modules/morph/dump_hashes.go
@ -0,0 +1,250 @@
 package morph
 import (
 	"bytes"
 	"errors"
 	"fmt"
 	"strings"
 	"text/tabwriter"
 	"github.com/TrueCloudLab/frostfs-contract/nns"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	"github.com/nspcc-dev/neo-go/pkg/vm/vmstate"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 const lastGlagoliticLetter = 41
 type contractDumpInfo struct {
 	hash    util.Uint160
 	name    string
 	version string
 }
 func dumpContractHashes(cmd *cobra.Command, _ []string) error {
 	c, err := getN3Client(viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't create N3 client: %w", err)
 	}
 	cs, err := c.GetContractStateByID(1)
 	if err != nil {
 		return err
 	}
 	zone, _ := cmd.Flags().GetString(customZoneFlag)
 	if zone != "" {
 		return dumpCustomZoneHashes(cmd, cs.Hash, zone, c)
 	}
 	infos := []contractDumpInfo{{name: nnsContract, hash: cs.Hash}}
 	irSize := 0
 	for ; irSize < lastGlagoliticLetter; irSize++ {
 		ok, err := nnsIsAvailable(c, cs.Hash, getAlphabetNNSDomain(irSize))
 		if err != nil {
 			return err
 		} else if ok {
 			break
 		}
 	}
 	bw := io.NewBufBinWriter()
 	if irSize != 0 {
 		bw.Reset()
 		for i := 0; i < irSize; i++ {
 			emit.AppCall(bw.BinWriter, cs.Hash, "resolve", callflag.ReadOnly,
 				getAlphabetNNSDomain(i),
 				int64(nns.TXT))
 		}
 		alphaRes, err := c.InvokeScript(bw.Bytes(), nil)
 		if err != nil {
 			return fmt.Errorf("can't fetch info from NNS: %w", err)
 		}
 		for i := 0; i < irSize; i++ {
 			info := contractDumpInfo{name: fmt.Sprintf("alphabet %d", i)}
 			if h, err := parseNNSResolveResult(alphaRes.Stack[i]); err == nil {
 				info.hash = h
 			}
 			infos = append(infos, info)
 		}
 	}
 	for _, ctrName := range contractList {
 		bw.Reset()
 		emit.AppCall(bw.BinWriter, cs.Hash, "resolve", callflag.ReadOnly,
 			ctrName+".frostfs", int64(nns.TXT))
 		res, err := c.InvokeScript(bw.Bytes(), nil)
 		if err != nil {
 			return fmt.Errorf("can't fetch info from NNS: %w", err)
 		}
 		info := contractDumpInfo{name: ctrName}
 		if len(res.Stack) != 0 {
 			if h, err := parseNNSResolveResult(res.Stack[0]); err == nil {
 				info.hash = h
 			}
 		}
 		infos = append(infos, info)
 	}
 	fillContractVersion(cmd, c, infos)
 	printContractInfo(cmd, infos)
 	return nil
 }
 func dumpCustomZoneHashes(cmd *cobra.Command, nnsHash util.Uint160, zone string, c Client) error {
 	const nnsMaxTokens = 100
 	inv := invoker.New(c, nil)
 	if !strings.HasPrefix(zone, ".") {
 		zone = "." + zone
 	}
 	var infos []contractDumpInfo
 	processItem := func(item stackitem.Item) {
 		bs, err := item.TryBytes()
 		if err != nil {
 			cmd.PrintErrf("Invalid NNS record: %v\n", err)
 			return
 		}
 		if !bytes.HasSuffix(bs, []byte(zone)) {
 			// Related https://github.com/nspcc-dev/neofs-contract/issues/316.
 			return
 		}
 		h, err := nnsResolveHash(inv, nnsHash, string(bs))
 		if err != nil {
 			cmd.PrintErrf("Could not resolve name %s: %v\n", string(bs), err)
 			return
 		}
 		infos = append(infos, contractDumpInfo{
 			hash: h,
 			name: strings.TrimSuffix(string(bs), zone),
 		})
 	}
 	sessionID, iter, err := unwrap.SessionIterator(inv.Call(nnsHash, "tokens"))
 	if err != nil {
 		if errors.Is(err, unwrap.ErrNoSessionID) {
 			items, err := unwrap.Array(inv.CallAndExpandIterator(nnsHash, "tokens", nnsMaxTokens))
 			if err != nil {
 				return fmt.Errorf("can't get a list of NNS domains: %w", err)
 			}
 			if len(items) == nnsMaxTokens {
 				cmd.PrintErrln("Provided RPC endpoint doesn't support sessions, some hashes might be lost.")
 			}
 			for i := range items {
 				processItem(items[i])
 			}
 		} else {
 			return err
 		}
 	} else {
 		defer func() {
 			_ = inv.TerminateSession(sessionID)
 		}()
 		items, err := inv.TraverseIterator(sessionID, &iter, nnsMaxTokens)
 		for err == nil && len(items) != 0 {
 			for i := range items {
 				processItem(items[i])
 			}
 			items, err = inv.TraverseIterator(sessionID, &iter, nnsMaxTokens)
 		}
 		if err != nil {
 			return fmt.Errorf("error during NNS domains iteration: %w", err)
 		}
 	}
 	fillContractVersion(cmd, c, infos)
 	printContractInfo(cmd, infos)
 	return nil
 }
 func parseContractVersion(item stackitem.Item) string {
 	bi, err := item.TryInteger()
 	if err != nil || bi.Sign() == 0 || !bi.IsInt64() {
 		return "unknown"
 	}
 	v := bi.Int64()
 	major := v / 1_000_000
 	minor := (v % 1_000_000) / 1000
 	patch := v % 1_000
 	return fmt.Sprintf("v%d.%d.%d", major, minor, patch)
 }
 func printContractInfo(cmd *cobra.Command, infos []contractDumpInfo) {
 	if len(infos) == 0 {
 		return
 	}
 	buf := bytes.NewBuffer(nil)
 	tw := tabwriter.NewWriter(buf, 0, 2, 2, ' ', 0)
 	for _, info := range infos {
 		if info.version == "" {
 			info.version = "unknown"
 		}
 		_, _ = tw.Write([]byte(fmt.Sprintf("%s\t(%s):\t%s\n",
 			info.name, info.version, info.hash.StringLE())))
 	}
 	_ = tw.Flush()
 	cmd.Print(buf.String())
 }
 func fillContractVersion(cmd *cobra.Command, c Client, infos []contractDumpInfo) {
 	bw := io.NewBufBinWriter()
 	sub := io.NewBufBinWriter()
 	for i := range infos {
 		if infos[i].hash.Equals(util.Uint160{}) {
 			emit.Int(bw.BinWriter, 0)
 		} else {
 			sub.Reset()
 			emit.AppCall(sub.BinWriter, infos[i].hash, "version", callflag.NoneFlag)
 			if sub.Err != nil {
 				panic(fmt.Errorf("BUG: can't create version script: %w", bw.Err))
 			}
 			script := sub.Bytes()
 			emit.Instruction(bw.BinWriter, opcode.TRY, []byte{byte(3 + len(script) + 2), 0})
 			bw.BinWriter.WriteBytes(script)
 			emit.Instruction(bw.BinWriter, opcode.ENDTRY, []byte{2 + 1})
 			emit.Opcodes(bw.BinWriter, opcode.PUSH0)
 		}
 	}
 	emit.Opcodes(bw.BinWriter, opcode.NOP) // for the last ENDTRY target
 	if bw.Err != nil {
 		panic(fmt.Errorf("BUG: can't create version script: %w", bw.Err))
 	}
 	res, err := c.InvokeScript(bw.Bytes(), nil)
 	if err != nil {
 		cmd.Printf("Can't fetch version from NNS: %v\n", err)
 		return
 	}
 	if res.State == vmstate.Halt.String() {
 		for i := range res.Stack {
 			infos[i].version = parseContractVersion(res.Stack[i])
 		}
 	}
 }
--- a/cmd/frostfs-adm/internal/modules/morph/epoch.go
+++ b/cmd/frostfs-adm/internal/modules/morph/epoch.go
@ -5,9 +5,9 @@ import (
 	"fmt"
 	"github.com/nspcc-dev/neo-go/pkg/io"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
-	"github.com/nspcc-dev/neo-go/pkg/vm"
+	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@ -24,31 +24,34 @@ func forceNewEpochCmd(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
-	nmHash, err := nnsResolveHash(wCtx.Client, cs.Hash, netmapContract+".neofs")
+	nmHash, err := nnsResolveHash(wCtx.ReadOnlyInvoker, cs.Hash, netmapContract+".frostfs")
 	if err != nil {
 		return fmt.Errorf("can't get netmap contract hash: %w", err)
 	}
 	res, err := wCtx.Client.InvokeFunction(nmHash, "epoch", []smartcontract.Parameter{}, nil)
 	if err != nil || res.State != vm.HaltState.String() || len(res.Stack) == 0 {
 		return errors.New("can't fetch current epoch from the netmap contract")
 	}
 	bi, err := res.Stack[0].TryInteger()
 	if err != nil {
 		return fmt.Errorf("can't parse current epoch: %w", err)
 	}
 	newEpoch := bi.Int64() + 1
 	cmd.Printf("Current epoch: %s, increase to %d.\n", bi, newEpoch)
 	// In NeoFS this is done via Notary contract. Here, however, we can form the
 	// transaction locally.
 	bw := io.NewBufBinWriter()
-	emit.AppCall(bw.BinWriter, nmHash, "newEpoch", callflag.All, newEpoch)
+	if err := emitNewEpochCall(bw, wCtx, nmHash); err != nil {
-	if err := wCtx.sendCommitteeTx(bw.Bytes(), -1, true); err != nil {
+		return err
 	}
 	if err := wCtx.sendConsensusTx(bw.Bytes()); err != nil {
 		return err
 	}
 	return wCtx.awaitTx()
 }
 func emitNewEpochCall(bw *io.BufBinWriter, wCtx *initializeContext, nmHash util.Uint160) error {
 	curr, err := unwrap.Int64(wCtx.ReadOnlyInvoker.Call(nmHash, "epoch"))
 	if err != nil {
 		return errors.New("can't fetch current epoch from the netmap contract")
 	}
 	newEpoch := curr + 1
 	wCtx.Command.Printf("Current epoch: %d, increase to %d.\n", curr, newEpoch)
 	// In NeoFS this is done via Notary contract. Here, however, we can form the
 	// transaction locally.
 	emit.AppCall(bw.BinWriter, nmHash, "newEpoch", callflag.All, newEpoch)
 	return bw.Err
 }
--- a/cmd/frostfs-adm/internal/modules/morph/generate.go
+++ b/cmd/frostfs-adm/internal/modules/morph/generate.go
@ -6,18 +6,19 @@ import (
 	"os"
 	"path/filepath"
-	"github.com/nspcc-dev/neo-go/cli/input"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
-	"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
+	"github.com/TrueCloudLab/frostfs-node/pkg/innerring"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/gas"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/nspcc-dev/neofs-node/cmd/neofs-adm/internal/modules/config"
 	"github.com/nspcc-dev/neofs-node/pkg/innerring"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@ -38,17 +39,17 @@ func generateAlphabetCreds(cmd *cobra.Command, args []string) error {
 		return errors.New("size must be > 0")
 	}
 	v := viper.GetViper()
 	walletDir := config.ResolveHomePath(viper.GetString(alphabetWalletsFlag))
-	pwds, err := initializeWallets(walletDir, int(size))
+	pwds, err := initializeWallets(v, walletDir, int(size))
 	if err != nil {
 		return err
 	}
-	w, err := initializeContractWallet(walletDir)
+	_, err = initializeContractWallet(v, walletDir)
 	if err != nil {
 		return err
 	}
 	w.Close()
 	cmd.Println("size:", size)
 	cmd.Println("alphabet-wallets:", walletDir)
@ -59,13 +60,13 @@ func generateAlphabetCreds(cmd *cobra.Command, args []string) error {
 	return nil
 }
-func initializeWallets(walletDir string, size int) ([]string, error) {
+func initializeWallets(v *viper.Viper, walletDir string, size int) ([]string, error) {
 	wallets := make([]*wallet.Wallet, size)
 	pubs := make(keys.PublicKeys, size)
 	passwords := make([]string, size)
 	for i := range wallets {
-		password, err := config.AlphabetPassword(viper.GetViper(), i)
+		password, err := config.GetPassword(v, innerring.GlagoliticLetter(i).String())
 		if err != nil {
 			return nil, fmt.Errorf("can't fetch password: %w", err)
 		}
@ -108,10 +109,9 @@ func initializeWallets(walletDir string, size int) ([]string, error) {
 	}
 	for _, w := range wallets {
-		if err := w.Save(); err != nil {
+		if err := w.SavePretty(); err != nil {
 			return nil, fmt.Errorf("can't save wallet: %w", err)
 		}
 		w.Close()
 	}
 	return passwords, nil
@ -135,12 +135,20 @@ func generateStorageCreds(cmd *cobra.Command, _ []string) error {
 	return refillGas(cmd, storageGasConfigFlag, true)
 }
-func refillGas(cmd *cobra.Command, gasFlag string, createWallet bool) error {
+func refillGas(cmd *cobra.Command, gasFlag string, createWallet bool) (err error) {
 	// storage wallet path is not part of the config
-	storageWalletPath, err := cmd.Flags().GetString(storageWalletFlag)
+	storageWalletPath, _ := cmd.Flags().GetString(storageWalletFlag)
 	// wallet address is not part of the config
 	walletAddress, _ := cmd.Flags().GetString(walletAddressFlag)
 	var gasReceiver util.Uint160
 	if len(walletAddress) != 0 {
 		gasReceiver, err = address.StringToUint160(walletAddress)
 		if err != nil {
-		return err
+			return fmt.Errorf("invalid wallet address %s: %w", walletAddress, err)
 		}
 	} else {
 		if storageWalletPath == "" {
 			return fmt.Errorf("missing wallet path (use '--%s <out.json>')", storageWalletFlag)
 		}
@ -158,16 +166,26 @@ func refillGas(cmd *cobra.Command, gasFlag string, createWallet bool) error {
 		}
 		if createWallet {
-		password, err := input.ReadPassword("New password > ")
+			var password string
 			label, _ := cmd.Flags().GetString(storageWalletLabelFlag)
 			password, err := config.GetStoragePassword(viper.GetViper(), label)
 			if err != nil {
 				return fmt.Errorf("can't fetch password: %w", err)
 			}
-		if err := w.CreateAccount(singleAccountName, password); err != nil {
+			if label == "" {
 				label = singleAccountName
 			}
 			if err := w.CreateAccount(label, password); err != nil {
 				return fmt.Errorf("can't create account: %w", err)
 			}
 		}
 		gasReceiver = w.Accounts[0].Contract.ScriptHash()
 	}
 	gasStr := viper.GetString(gasFlag)
 	gasAmount, err := parseGASAmount(gasStr)
@ -180,17 +198,15 @@ func refillGas(cmd *cobra.Command, gasFlag string, createWallet bool) error {
 		return err
 	}
 	gasHash := wCtx.nativeHash(nativenames.Gas)
 	bw := io.NewBufBinWriter()
-	emit.AppCall(bw.BinWriter, gasHash, "transfer", callflag.All,
+	emit.AppCall(bw.BinWriter, gas.Hash, "transfer", callflag.All,
-		wCtx.CommitteeAcc.Contract.ScriptHash(), w.Accounts[0].Contract.ScriptHash(), int64(gasAmount), nil)
+		wCtx.CommitteeAcc.Contract.ScriptHash(), gasReceiver, int64(gasAmount), nil)
 	emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 	if bw.Err != nil {
 		return fmt.Errorf("BUG: invalid transfer arguments: %w", bw.Err)
 	}
-	if err := wCtx.sendCommitteeTx(bw.Bytes(), -1, false); err != nil {
+	if err := wCtx.sendCommitteeTx(bw.Bytes(), false); err != nil {
 		return err
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/generate_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/generate_test.go
@ -9,19 +9,22 @@ import (
 	"strconv"
 	"testing"
 	"github.com/TrueCloudLab/frostfs-node/pkg/innerring"
 	"github.com/nspcc-dev/neo-go/cli/input"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/nspcc-dev/neofs-node/pkg/innerring"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/term"
 )
 const testContractPassword = "grouppass"
 func TestGenerateAlphabet(t *testing.T) {
 	const size = 4
-	walletDir := newTempDir(t)
+	walletDir := t.TempDir()
 	buf := setupTestTerminal(t)
 	cmd := generateAlphabetCmd
@ -60,14 +63,13 @@ func TestGenerateAlphabet(t *testing.T) {
 	buf.Reset()
 	v.Set(alphabetWalletsFlag, walletDir)
-	require.NoError(t, cmd.Flags().Set(alphabetSizeFlag, strconv.FormatUint(size, 10)))
+	require.NoError(t, generateAlphabetCmd.Flags().Set(alphabetSizeFlag, strconv.FormatUint(size, 10)))
 	for i := uint64(0); i < size; i++ {
 		buf.WriteString(strconv.FormatUint(i, 10) + "\r")
 	}
-	const groupPassword = "grouppass"
+	buf.WriteString(testContractPassword + "\r")
-	buf.WriteString(groupPassword + "\r")
+	require.NoError(t, generateAlphabetCreds(generateAlphabetCmd, nil))
 	require.NoError(t, generateAlphabetCreds(cmd, nil))
 	for i := uint64(0); i < size; i++ {
 		p := filepath.Join(walletDir, innerring.GlagoliticLetter(i).String()+".json")
@ -79,9 +81,9 @@ func TestGenerateAlphabet(t *testing.T) {
 			require.NoError(t, err, "can't decrypt account")
 			switch a.Label {
 			case consensusAccountName:
-				require.Equal(t, size/2+1, len(a.Contract.Parameters))
+				require.Equal(t, smartcontract.GetDefaultHonestNodeCount(size), len(a.Contract.Parameters))
 			case committeeAccountName:
-				require.Equal(t, size*2/3+1, len(a.Contract.Parameters))
+				require.Equal(t, smartcontract.GetMajorityHonestNodeCount(size), len(a.Contract.Parameters))
 			default:
 				require.Equal(t, singleAccountName, a.Label)
 			}
@ -93,7 +95,7 @@ func TestGenerateAlphabet(t *testing.T) {
 		w, err := wallet.NewWalletFromFile(p)
 		require.NoError(t, err, "contract wallet doesn't exist")
 		require.Equal(t, 1, len(w.Accounts), "contract wallet must have 1 accout")
-		require.NoError(t, w.Accounts[0].Decrypt(groupPassword, keys.NEP2ScryptParams()))
+		require.NoError(t, w.Accounts[0].Decrypt(testContractPassword, keys.NEP2ScryptParams()))
 	})
 }
@ -108,12 +110,3 @@ func setupTestTerminal(t *testing.T) *bytes.Buffer {
 	return in
 }
 func newTempDir(t *testing.T) string {
 	dir := filepath.Join(os.TempDir(), "neofs-adm.test."+strconv.FormatUint(rand.Uint64(), 10))
 	require.NoError(t, os.Mkdir(dir, os.ModePerm))
 	t.Cleanup(func() {
 		require.NoError(t, os.RemoveAll(dir))
 	})
 	return dir
 }
--- a/cmd/frostfs-adm/internal/modules/morph/group.go
+++ b/cmd/frostfs-adm/internal/modules/morph/group.go
@ -4,10 +4,9 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
 	"path"
 	"path/filepath"
-	"github.com/nspcc-dev/neo-go/cli/input"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/manifest"
 	"github.com/nspcc-dev/neo-go/pkg/util"
@ -18,16 +17,16 @@ import (
 const (
 	contractWalletFilename    = "contract.json"
-	contractWalletPasswordKey = "credentials.contract"
+	contractWalletPasswordKey = "contract"
 )
-func initializeContractWallet(walletDir string) (*wallet.Wallet, error) {
+func initializeContractWallet(v *viper.Viper, walletDir string) (*wallet.Wallet, error) {
-	password, err := getPassword(contractWalletPasswordKey, "Password for contract wallet > ")
+	password, err := config.GetPassword(v, contractWalletPasswordKey)
 	if err != nil {
 		return nil, err
 	}
-	w, err := wallet.NewWallet(path.Join(walletDir, contractWalletFilename))
+	w, err := wallet.NewWallet(filepath.Join(walletDir, contractWalletFilename))
 	if err != nil {
 		return nil, err
 	}
@ -43,30 +42,26 @@ func initializeContractWallet(walletDir string) (*wallet.Wallet, error) {
 	}
 	w.AddAccount(acc)
-	if err := w.Save(); err != nil {
+	if err := w.SavePretty(); err != nil {
 		return nil, err
 	}
 	return w, nil
 }
-func openContractWallet(cmd *cobra.Command, walletDir string) (*wallet.Wallet, error) {
+func openContractWallet(v *viper.Viper, cmd *cobra.Command, walletDir string) (*wallet.Wallet, error) {
-	p := path.Join(walletDir, contractWalletFilename)
+	p := filepath.Join(walletDir, contractWalletFilename)
 	w, err := wallet.NewWalletFromFile(p)
 	if err != nil {
 		if !os.IsNotExist(err) {
 			return nil, fmt.Errorf("can't open wallet: %w", err)
 		}
-		cmd.Printf("Contract group wallet is missing, initialize at %s\n",
+		cmd.Printf("Contract group wallet is missing, initialize at %s\n", p)
-			filepath.Join(walletDir, contractWalletFilename))
+		return initializeContractWallet(v, walletDir)
 		w, err = initializeContractWallet(walletDir)
 		if err != nil {
 			return nil, err
 		}
 	}
-	password, err := getPassword(contractWalletPasswordKey, "Password for contract wallet > ")
+	password, err := config.GetPassword(v, contractWalletPasswordKey)
 	if err != nil {
 		return nil, err
 	}
@ -80,15 +75,6 @@ func openContractWallet(cmd *cobra.Command, walletDir string) (*wallet.Wallet, e
 	return w, nil
 }
 func getPassword(key string, promps string) (string, error) {
 	if viper.IsSet(key) {
 		return viper.GetString(key), nil
 	}
 	prompt := "Password for contract wallet > "
 	return input.ReadPassword(prompt)
 }
 func (c *initializeContext) addManifestGroup(h util.Uint160, cs *contractState) error {
 	priv := c.ContractWallet.Accounts[0].PrivateKey()
 	pub := priv.PublicKey()
--- a/cmd/frostfs-adm/internal/modules/morph/initialize.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize.go
@ -7,18 +7,18 @@ import (
 	"path/filepath"
 	"time"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"github.com/TrueCloudLab/frostfs-node/pkg/innerring"
 	morphClient "github.com/TrueCloudLab/frostfs-node/pkg/morph/client"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	"github.com/nspcc-dev/neo-go/pkg/rpc/client"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
 	"github.com/nspcc-dev/neo-go/pkg/util"
-	"github.com/nspcc-dev/neo-go/pkg/vm"
+	"github.com/nspcc-dev/neo-go/pkg/vm/vmstate"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/nspcc-dev/neofs-node/cmd/neofs-adm/internal/modules/config"
 	"github.com/nspcc-dev/neofs-node/pkg/innerring"
 	morphClient "github.com/nspcc-dev/neofs-node/pkg/morph/client"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@ -31,19 +31,18 @@ type cache struct {
 type initializeContext struct {
 	clientContext
 	cache
-	// CommitteeAcc is used for retrieving committee address and verification script.
+	// CommitteeAcc is used for retrieving the committee address and the verification script.
 	CommitteeAcc *wallet.Account
-	// ConsensusAcc is used for retrieving committee address and verification script.
+	// ConsensusAcc is used for retrieving the committee address and the verification script.
 	ConsensusAcc *wallet.Account
 	Wallets      []*wallet.Wallet
-	// ContractWallet is a wallet for providing contract group signature.
+	// ContractWallet is a wallet for providing the contract group signature.
 	ContractWallet *wallet.Wallet
 	// Accounts contains simple signature accounts in the same order as in Wallets.
 	Accounts     []*wallet.Account
 	Contracts    map[string]*contractState
 	Command      *cobra.Command
 	ContractPath string
 	Natives      map[string]util.Uint160
 }
 func initializeSideChainCmd(cmd *cobra.Command, args []string) error {
@ -51,6 +50,7 @@ func initializeSideChainCmd(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return fmt.Errorf("initialization error: %w", err)
 	}
 	defer initCtx.close()
 	// 1. Transfer funds to committee accounts.
 	cmd.Println("Stage 1: transfer GAS to alphabet nodes.")
@ -98,19 +98,42 @@ func initializeSideChainCmd(cmd *cobra.Command, args []string) error {
 	return nil
 }
 func (c *initializeContext) close() {
 	if local, ok := c.Client.(*localClient); ok {
 		err := local.dump()
 		if err != nil {
 			c.Command.PrintErrf("Can't write dump: %v\n", err)
 			os.Exit(1)
 		}
 	}
 }
 func newInitializeContext(cmd *cobra.Command, v *viper.Viper) (*initializeContext, error) {
 	walletDir := config.ResolveHomePath(viper.GetString(alphabetWalletsFlag))
-	wallets, err := openAlphabetWallets(walletDir)
+	wallets, err := openAlphabetWallets(v, walletDir)
 	if err != nil {
 		return nil, err
 	}
-	w, err := openContractWallet(cmd, walletDir)
+	needContracts := cmd.Name() == "update-contracts" || cmd.Name() == "init"
 	var w *wallet.Wallet
 	if needContracts {
 		w, err = openContractWallet(v, cmd, walletDir)
 		if err != nil {
 			return nil, err
 		}
 	}
-	c, err := getN3Client(v)
+	var c Client
 	if v.GetString(localDumpFlag) != "" {
 		if v.GetString(endpointFlag) != "" {
 			return nil, fmt.Errorf("`%s` and `%s` flags are mutually exclusive", endpointFlag, localDumpFlag)
 		}
 		c, err = newLocalClient(cmd, v, wallets)
 	} else {
 		c, err = getN3Client(v)
 	}
 	if err != nil {
 		return nil, fmt.Errorf("can't create N3 client: %w", err)
 	}
@ -136,7 +159,6 @@ func newInitializeContext(cmd *cobra.Command, v *viper.Viper) (*initializeContex
 		}
 	}
 	needContracts := cmd.Name() == "update-contracts" || cmd.Name() == "init"
 	if needContracts {
 		ctrPath, err = cmd.Flags().GetString(contractsInitFlag)
 		if err != nil {
@ -144,8 +166,7 @@ func newInitializeContext(cmd *cobra.Command, v *viper.Viper) (*initializeContex
 		}
 	}
-	nativeHashes, err := getNativeHashes(c)
+	if err := checkNotaryEnabled(c); err != nil {
 	if err != nil {
 		return nil, err
 	}
@ -158,8 +179,13 @@ func newInitializeContext(cmd *cobra.Command, v *viper.Viper) (*initializeContex
 		accounts[i] = acc
 	}
 	cliCtx, err := defaultClientContext(c, committeeAcc)
 	if err != nil {
 		return nil, fmt.Errorf("client context: %w", err)
 	}
 	initCtx := &initializeContext{
-		clientContext:  *defaultClientContext(c),
+		clientContext:  *cliCtx,
 		ConsensusAcc:   consensusAcc,
 		CommitteeAcc:   committeeAcc,
 		ContractWallet: w,
@ -168,7 +194,6 @@ func newInitializeContext(cmd *cobra.Command, v *viper.Viper) (*initializeContex
 		Command:        cmd,
 		Contracts:      make(map[string]*contractState),
 		ContractPath:   ctrPath,
 		Natives:        nativeHashes,
 	}
 	if needContracts {
@ -181,11 +206,7 @@ func newInitializeContext(cmd *cobra.Command, v *viper.Viper) (*initializeContex
 	return initCtx, nil
 }
-func (c *initializeContext) nativeHash(name string) util.Uint160 {
+func openAlphabetWallets(v *viper.Viper, walletDir string) ([]*wallet.Wallet, error) {
 	return c.Natives[name]
 }
 func openAlphabetWallets(walletDir string) ([]*wallet.Wallet, error) {
 	walletFiles, err := os.ReadDir(walletDir)
 	if err != nil {
 		return nil, fmt.Errorf("can't read alphabet wallets dir: %w", err)
@ -209,13 +230,14 @@ loop:
 	wallets := make([]*wallet.Wallet, size)
 	for i := 0; i < size; i++ {
-		p := filepath.Join(walletDir, innerring.GlagoliticLetter(i).String()+".json")
+		letter := innerring.GlagoliticLetter(i).String()
 		p := filepath.Join(walletDir, letter+".json")
 		w, err := wallet.NewWalletFromFile(p)
 		if err != nil {
 			return nil, fmt.Errorf("can't open wallet: %w", err)
 		}
-		password, err := config.AlphabetPassword(viper.GetViper(), i)
+		password, err := config.GetPassword(v, letter)
 		if err != nil {
 			return nil, fmt.Errorf("can't fetch password: %w", err)
 		}
@ -250,16 +272,17 @@ func (c *initializeContext) nnsContractState() (*state.Contract, error) {
 	return cs, nil
 }
-func (c *initializeContext) getSigner(tryGroup bool) transaction.Signer {
+func (c *initializeContext) getSigner(tryGroup bool, acc *wallet.Account) transaction.Signer {
 	if tryGroup && c.groupKey != nil {
 		return transaction.Signer{
 			Account:       acc.Contract.ScriptHash(),
 			Scopes:        transaction.CustomGroups,
 			AllowedGroups: keys.PublicKeys{c.groupKey},
 		}
 	}
 	signer := transaction.Signer{
-		Account: c.CommitteeAcc.Contract.ScriptHash(),
+		Account: acc.Contract.ScriptHash(),
 		Scopes:  transaction.Global, // Scope is important, as we have nested call to container contract.
 	}
@ -272,7 +295,7 @@ func (c *initializeContext) getSigner(tryGroup bool) transaction.Signer {
 		return signer
 	}
-	groupKey, err := nnsResolveKey(c.Client, nnsCs.Hash, morphClient.NNSGroupKeyName)
+	groupKey, err := nnsResolveKey(c.ReadOnlyInvoker, nnsCs.Hash, morphClient.NNSGroupKeyName)
 	if err == nil {
 		c.groupKey = groupKey
@ -283,45 +306,68 @@ func (c *initializeContext) getSigner(tryGroup bool) transaction.Signer {
 }
 func (c *clientContext) awaitTx(cmd *cobra.Command) error {
-	if len(c.Hashes) == 0 {
+	if len(c.SentTxs) == 0 {
 		return nil
 	}
 	if local, ok := c.Client.(*localClient); ok {
 		if err := local.putTransactions(); err != nil {
 			return fmt.Errorf("can't persist transactions: %w", err)
 		}
 	}
 	err := awaitTx(cmd, c.Client, c.SentTxs)
 	c.SentTxs = c.SentTxs[:0]
 	return err
 }
 func awaitTx(cmd *cobra.Command, c Client, txs []hashVUBPair) error {
 	cmd.Println("Waiting for transactions to persist...")
-	tick := time.NewTicker(c.PollInterval)
+	const pollInterval = time.Second
 	defer tick.Stop()
-	timer := time.NewTimer(c.WaitDuration)
+	tick := time.NewTicker(pollInterval)
-	defer timer.Stop()
+	defer tick.Stop()
 	at := trigger.Application
 	var retErr error
 	currBlock, err := c.GetBlockCount()
 	if err != nil {
 		return fmt.Errorf("can't fetch current block height: %w", err)
 	}
 loop:
-	for i := range c.Hashes {
+	for i := range txs {
-		res, err := c.Client.GetApplicationLog(c.Hashes[i], &at)
+		res, err := c.GetApplicationLog(txs[i].hash, &at)
 		if err == nil {
-			if retErr == nil && len(res.Executions) > 0 && res.Executions[0].VMState != vm.HaltState {
+			if retErr == nil && len(res.Executions) > 0 && res.Executions[0].VMState != vmstate.Halt {
-				retErr = fmt.Errorf("tx persisted in %s state: %s",
+				retErr = fmt.Errorf("tx %d persisted in %s state: %s",
-					res.Executions[0].VMState, res.Executions[0].FaultException)
+					i, res.Executions[0].VMState, res.Executions[0].FaultException)
 			}
 			continue loop
 		}
-		for {
+		if txs[i].vub < currBlock {
-			select {
+			return fmt.Errorf("tx was not persisted: vub=%d, height=%d", txs[i].vub, currBlock)
-			case <-tick.C:
+		}
-				res, err := c.Client.GetApplicationLog(c.Hashes[i], &at)
+		for range tick.C {
 			// We must fetch current height before application log, to avoid race condition.
 			currBlock, err = c.GetBlockCount()
 			if err != nil {
 				return fmt.Errorf("can't fetch current block height: %w", err)
 			}
 			res, err := c.GetApplicationLog(txs[i].hash, &at)
 			if err == nil {
-					if retErr == nil && len(res.Executions) > 0 && res.Executions[0].VMState != vm.HaltState {
+				if retErr == nil && len(res.Executions) > 0 && res.Executions[0].VMState != vmstate.Halt {
-						retErr = fmt.Errorf("tx persisted in %s state: %s",
+					retErr = fmt.Errorf("tx %d persisted in %s state: %s",
-							res.Executions[0].VMState, res.Executions[0].FaultException)
+						i, res.Executions[0].VMState, res.Executions[0].FaultException)
 				}
 				continue loop
 			}
-			case <-timer.C:
+			if txs[i].vub < currBlock {
-				return errors.New("timeout while waiting for transaction to persist")
+				return fmt.Errorf("tx was not persisted: vub=%d, height=%d", txs[i].vub, currBlock)
 			}
 		}
 	}
@ -329,19 +375,64 @@ loop:
 	return retErr
 }
-// sendCommitteeTx creates transaction from script and sends it to RPC.
+// sendCommitteeTx creates transaction from script, signs it by committee nodes and sends it to RPC.
-// If sysFee is -1, it is calculated automatically. If tryGroup is false,
+// If tryGroup is false, global scope is used for the signer (useful when
-// global scope is used for the signer (useful when working with native contracts).
+// working with native contracts).
-func (c *initializeContext) sendCommitteeTx(script []byte, sysFee int64, tryGroup bool) error {
+func (c *initializeContext) sendCommitteeTx(script []byte, tryGroup bool) error {
-	tx, err := c.Client.CreateTxFromScript(script, c.CommitteeAcc, sysFee, 0, []client.SignerAccount{{
+	return c.sendMultiTx(script, tryGroup, false)
-		Signer:  c.getSigner(tryGroup),
+}
 // sendConsensusTx creates transaction from script, signs it by alphabet nodes and sends it to RPC.
 // Not that because this is used only after the contracts were initialized and deployed,
 // we always try to have a group scope.
 func (c *initializeContext) sendConsensusTx(script []byte) error {
 	return c.sendMultiTx(script, true, true)
 }
 func (c *initializeContext) sendMultiTx(script []byte, tryGroup bool, withConsensus bool) error {
 	var act *actor.Actor
 	var err error
 	withConsensus = withConsensus && !c.ConsensusAcc.Contract.ScriptHash().Equals(c.CommitteeAcc.ScriptHash())
 	if tryGroup {
 		// Even for consensus signatures we need the committee to pay.
 		signers := make([]actor.SignerAccount, 1, 2)
 		signers[0] = actor.SignerAccount{
 			Signer:  c.getSigner(tryGroup, c.CommitteeAcc),
 			Account: c.CommitteeAcc,
-	}})
+		}
 		if withConsensus {
 			signers = append(signers, actor.SignerAccount{
 				Signer:  c.getSigner(tryGroup, c.ConsensusAcc),
 				Account: c.ConsensusAcc,
 			})
 		}
 		act, err = actor.New(c.Client, signers)
 	} else {
 		if withConsensus {
 			panic("BUG: should never happen")
 		}
 		act, err = c.CommitteeAct, nil
 	}
 	if err != nil {
-		return fmt.Errorf("can't create tx: %w", err)
+		return fmt.Errorf("could not create actor: %w", err)
 	}
-	return c.multiSignAndSend(tx, committeeAccountName)
+	tx, err := act.MakeUnsignedRun(script, []transaction.Attribute{{Type: transaction.HighPriority}})
 	if err != nil {
 		return fmt.Errorf("could not perform test invocation: %w", err)
 	}
 	if err := c.multiSign(tx, committeeAccountName); err != nil {
 		return err
 	}
 	if withConsensus {
 		if err := c.multiSign(tx, consensusAccountName); err != nil {
 			return err
 		}
 	}
 	return c.sendTx(tx, c.Command, false)
 }
 func getWalletAccount(w *wallet.Wallet, typ string) (*wallet.Account, error) {
@ -353,10 +444,10 @@ func getWalletAccount(w *wallet.Wallet, typ string) (*wallet.Account, error) {
 	return nil, fmt.Errorf("account for '%s' not found", typ)
 }
-func getNativeHashes(c *client.Client) (map[string]util.Uint160, error) {
+func checkNotaryEnabled(c Client) error {
 	ns, err := c.GetNativeContracts()
 	if err != nil {
-		return nil, fmt.Errorf("can't get native contract hashes: %w", err)
+		return fmt.Errorf("can't get native contract hashes: %w", err)
 	}
 	notaryEnabled := false
@ -368,7 +459,7 @@ func getNativeHashes(c *client.Client) (map[string]util.Uint160, error) {
 		nativeHashes[ns[i].Manifest.Name] = ns[i].Hash
 	}
 	if !notaryEnabled {
-		return nil, errors.New("notary contract must be enabled")
+		return errors.New("notary contract must be enabled")
 	}
-	return nativeHashes, nil
+	return nil
 }
--- a/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize_deploy.go
@ -12,34 +12,37 @@ import (
 	"path/filepath"
 	"strings"
-	"github.com/nspcc-dev/neo-go/pkg/core/native"
+	"github.com/TrueCloudLab/frostfs-contract/common"
-	"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
+	"github.com/TrueCloudLab/frostfs-contract/nns"
 	"github.com/TrueCloudLab/frostfs-node/pkg/innerring"
 	morphClient "github.com/TrueCloudLab/frostfs-node/pkg/morph/client"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	io2 "github.com/nspcc-dev/neo-go/pkg/io"
-	"github.com/nspcc-dev/neo-go/pkg/rpc/client"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/management"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/manifest"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/nef"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
-	"github.com/nspcc-dev/neofs-node/pkg/innerring"
+	"github.com/nspcc-dev/neo-go/pkg/vm/vmstate"
 	morphClient "github.com/nspcc-dev/neofs-node/pkg/morph/client"
 	"github.com/spf13/viper"
 )
 const (
 	nnsContract        = "nns"
-	neofsContract      = "neofs"      // not deployed in side-chain.
+	frostfsContract    = "frostfs"    // not deployed in side-chain.
 	processingContract = "processing" // not deployed in side-chain.
 	alphabetContract   = "alphabet"
 	auditContract      = "audit"
 	balanceContract    = "balance"
 	containerContract  = "container"
-	neofsIDContract    = "neofsid"
+	frostfsIDContract  = "frostfsid"
 	netmapContract     = "netmap"
 	proxyContract      = "proxy"
 	reputationContract = "reputation"
@ -57,6 +60,8 @@ const (
 	netmapBasicIncomeRateKey         = "BasicIncomeRate"
 	netmapInnerRingCandidateFeeKey   = "InnerRingCandidateFee"
 	netmapWithdrawFeeKey             = "WithdrawFee"
 	netmapHomomorphicHashDisabledKey = "HomomorphicHashingDisabled"
 	netmapMaintenanceAllowedKey      = "MaintenanceModeAllowed"
 	defaultEigenTrustIterations = 4
 	defaultEigenTrustAlpha      = "0.1"
@ -67,7 +72,7 @@ var (
 		auditContract,
 		balanceContract,
 		containerContract,
-		neofsIDContract,
+		frostfsIDContract,
 		netmapContract,
 		proxyContract,
 		reputationContract,
@ -75,7 +80,7 @@ var (
 	}
 	fullContractList = append([]string{
-		neofsContract,
+		frostfsContract,
 		processingContract,
 		nnsContract,
 		alphabetContract,
@ -102,7 +107,11 @@ func (c *initializeContext) deployNNS(method string) error {
 	nnsCs, err := c.nnsContractState()
 	if err == nil {
 		if nnsCs.NEF.Checksum == cs.NEF.Checksum {
 			if method == deployMethodName {
 				c.Command.Println("NNS contract is already deployed.")
 			} else {
 				c.Command.Println("NNS contract is already updated.")
 			}
 			return nil
 		}
 		h = nnsCs.Hash
@ -113,27 +122,26 @@ func (c *initializeContext) deployNNS(method string) error {
 		return fmt.Errorf("can't sign manifest group: %v", err)
 	}
-	params := getContractDeployParameters(cs.RawNEF, cs.RawManifest, nil)
+	params := getContractDeployParameters(cs, nil)
 	signer := transaction.Signer{
 		Account: c.CommitteeAcc.Contract.ScriptHash(),
 		Scopes:  transaction.CalledByEntry,
 	}
-	mgmtHash := c.nativeHash(nativenames.Management)
+	invokeHash := management.Hash
 	if method == updateMethodName {
-		mgmtHash = nnsCs.Hash
+		invokeHash = nnsCs.Hash
 	}
-	res, err := c.Client.InvokeFunction(mgmtHash, method, params, []transaction.Signer{signer})
+	res, err := invokeFunction(c.Client, invokeHash, method, params, []transaction.Signer{signer})
 	if err != nil {
 		return fmt.Errorf("can't deploy NNS contract: %w", err)
 	}
-	if res.State != vm.HaltState.String() {
+	if res.State != vmstate.Halt.String() {
 		return fmt.Errorf("can't deploy NNS contract: %s", res.FaultException)
 	}
-	tx, err := c.Client.CreateTxFromScript(res.Script, c.CommitteeAcc, res.GasConsumed, 0, []client.SignerAccount{{
+	tx, err := c.Client.CreateTxFromScript(res.Script, c.CommitteeAcc, res.GasConsumed, 0, []rpcclient.SignerAccount{{
 		Signer:  signer,
 		Account: c.CommitteeAcc,
 	}})
@ -149,7 +157,6 @@ func (c *initializeContext) deployNNS(method string) error {
 }
 func (c *initializeContext) updateContracts() error {
 	mgmtHash := c.nativeHash(nativenames.Management)
 	alphaCs := c.getContract(alphabetContract)
 	nnsCs, err := c.nnsContractState()
@ -158,65 +165,69 @@ func (c *initializeContext) updateContracts() error {
 	}
 	nnsHash := nnsCs.Hash
 	totalGasCost := int64(0)
 	w := io2.NewBufBinWriter()
-	var keysParam []smartcontract.Parameter
+	var keysParam []any
 	// Update script size for a single-node committee is close to the maximum allowed size of 65535.
 	// Because of this we want to reuse alphabet contract NEF and manifest for different updates.
 	// The generated script is as following.
-	// 1. Initialize static slots for alphabet NEF and manifest.
+	// 1. Initialize static slot for alphabet NEF.
-	// 2. Store NEF and manifest into static slots.
+	// 2. Store NEF into the static slot.
 	// 3. Push parameters for each alphabet contract on stack.
-	// 4. For each alphabet contract, invoke `update` using parameters on stack and
+	// 4. Add contract group to the manifest.
-	//    NEF and manifest from step 2.
+	// 5. For each alphabet contract, invoke `update` using parameters on stack and
-	// 5. Update other contracts as usual.
+	//    NEF from step 2 and manifest from step 4.
-	emit.Instruction(w.BinWriter, opcode.INITSSLOT, []byte{2})
+	emit.Instruction(w.BinWriter, opcode.INITSSLOT, []byte{1})
 	emit.Bytes(w.BinWriter, alphaCs.RawManifest)
 	emit.Bytes(w.BinWriter, alphaCs.RawNEF)
-	emit.Opcodes(w.BinWriter, opcode.STSFLD0, opcode.STSFLD1)
+	emit.Opcodes(w.BinWriter, opcode.STSFLD0)
 	baseGroups := alphaCs.Manifest.Groups
 	// alphabet contracts should be deployed by individual nodes to get different hashes.
 	for i, acc := range c.Accounts {
-		ctrHash, err := nnsResolveHash(c.Client, nnsHash, getAlphabetNNSDomain(i))
+		ctrHash, err := nnsResolveHash(c.ReadOnlyInvoker, nnsHash, getAlphabetNNSDomain(i))
 		if err != nil {
 			return fmt.Errorf("can't resolve hash for contract update: %w", err)
 		}
-		keysParam = append(keysParam, smartcontract.Parameter{
+		keysParam = append(keysParam, acc.PrivateKey().PublicKey().Bytes())
 			Type:  smartcontract.PublicKeyType,
 			Value: acc.PrivateKey().PublicKey().Bytes(),
 		})
 		params := c.getAlphabetDeployItems(i, len(c.Wallets))
 		emit.Array(w.BinWriter, params...)
-		emit.Opcodes(w.BinWriter, opcode.LDSFLD1, opcode.LDSFLD0)
+
 		alphaCs.Manifest.Groups = baseGroups
 		err = c.addManifestGroup(ctrHash, alphaCs)
 		if err != nil {
 			return fmt.Errorf("can't sign manifest group: %v", err)
 		}
 		emit.Bytes(w.BinWriter, alphaCs.RawManifest)
 		emit.Opcodes(w.BinWriter, opcode.LDSFLD0)
 		emit.Int(w.BinWriter, 3)
 		emit.Opcodes(w.BinWriter, opcode.PACK)
 		emit.AppCallNoArgs(w.BinWriter, ctrHash, updateMethodName, callflag.All)
 	}
-	res, err := c.Client.InvokeScript(w.Bytes(), []transaction.Signer{{
+	if err := c.sendCommitteeTx(w.Bytes(), false); err != nil {
-		Account: c.CommitteeAcc.Contract.ScriptHash(),
+		if !strings.Contains(err.Error(), common.ErrAlreadyUpdated) {
-		Scopes:  transaction.Global,
+			return err
 	}})
 	if err != nil {
 		return fmt.Errorf("can't update alphabet contracts: %w", err)
 		}
-	if res.State != vm.HaltState.String() {
+		c.Command.Println("Alphabet contracts are already updated.")
 		return fmt.Errorf("can't update alphabet contracts: %s", res.FaultException)
 	}
 	w.Reset()
-	totalGasCost += res.GasConsumed
+
-	w.WriteBytes(res.Script)
+	emit.Instruction(w.BinWriter, opcode.INITSSLOT, []byte{1})
 	emit.AppCall(w.BinWriter, nnsHash, "getPrice", callflag.All)
 	emit.Opcodes(w.BinWriter, opcode.STSFLD0)
 	emit.AppCall(w.BinWriter, nnsHash, "setPrice", callflag.All, 1)
 	for _, ctrName := range contractList {
 		cs := c.getContract(ctrName)
 		method := updateMethodName
-		ctrHash, err := nnsResolveHash(c.Client, nnsHash, ctrName+".neofs")
+		ctrHash, err := nnsResolveHash(c.ReadOnlyInvoker, nnsHash, ctrName+".frostfs")
 		if err != nil {
 			if errors.Is(err, errMissingNNSRecord) {
 				// if contract not found we deploy it instead of update
@ -226,68 +237,71 @@ func (c *initializeContext) updateContracts() error {
 			}
 		}
-		err = c.addManifestGroup(ctrHash, alphaCs)
+		err = c.addManifestGroup(ctrHash, cs)
 		if err != nil {
 			return fmt.Errorf("can't sign manifest group: %v", err)
 		}
-		invokeHash := mgmtHash
+		invokeHash := management.Hash
 		if method == updateMethodName {
 			invokeHash = ctrHash
 		}
-		params := getContractDeployParameters(cs.RawNEF, cs.RawManifest,
+		params := getContractDeployParameters(cs, c.getContractDeployData(ctrName, keysParam))
-			c.getContractDeployData(ctrName, keysParam))
+		res, err := c.CommitteeAct.MakeCall(invokeHash, method, params...)
 		signer := transaction.Signer{
 			Account: c.CommitteeAcc.Contract.ScriptHash(),
 			Scopes:  transaction.Global,
 		}
 		res, err := c.Client.InvokeFunction(invokeHash, method, params, []transaction.Signer{signer})
 		if err != nil {
-			return fmt.Errorf("can't deploy %s contract: %w", ctrName, err)
+			if method != updateMethodName || !strings.Contains(err.Error(), common.ErrAlreadyUpdated) {
 				return fmt.Errorf("deploy contract: %w", err)
 			}
-		if res.State != vm.HaltState.String() {
+			c.Command.Printf("%s contract is already updated.\n", ctrName)
-			return fmt.Errorf("can't deploy %s contract: %s", ctrName, res.FaultException)
+			continue
 		}
 		totalGasCost += res.GasConsumed
 		w.WriteBytes(res.Script)
 		if method == deployMethodName {
 			// same actions are done in initializeContext.setNNS, can be unified
-			domain := ctrName + ".neofs"
+			domain := ctrName + ".frostfs"
-			script, err := c.nnsRegisterDomainScript(nnsHash, cs.Hash, domain)
+			script, ok, err := c.nnsRegisterDomainScript(nnsHash, cs.Hash, domain)
 			if err != nil {
 				return err
 			}
-			if script != nil {
+			if !ok {
 				totalGasCost += defaultRegisterSysfee + native.GASFactor
 				w.WriteBytes(script)
 				emit.AppCall(w.BinWriter, nnsHash, "deleteRecords", callflag.All, domain, int64(nns.TXT))
 				emit.AppCall(w.BinWriter, nnsHash, "addRecord", callflag.All,
 					domain, int64(nns.TXT), cs.Hash.StringLE())
 				emit.AppCall(w.BinWriter, nnsHash, "addRecord", callflag.All,
 					domain, int64(nns.TXT), address.Uint160ToString(cs.Hash))
 			}
 			c.Command.Printf("NNS: Set %s -> %s\n", domain, cs.Hash.StringLE())
 		}
 	}
 	groupKey := c.ContractWallet.Accounts[0].PrivateKey().PublicKey()
-	sysFee, err := c.emitUpdateNNSGroupScript(w, nnsHash, groupKey)
+	_, _, err = c.emitUpdateNNSGroupScript(w, nnsHash, groupKey)
 	if err != nil {
 		return err
 	}
 	c.Command.Printf("NNS: Set %s -> %s\n", morphClient.NNSGroupKeyName, hex.EncodeToString(groupKey.Bytes()))
-	totalGasCost += sysFee
+	emit.Opcodes(w.BinWriter, opcode.LDSFLD0)
-	if err := c.sendCommitteeTx(w.Bytes(), totalGasCost, false); err != nil {
+	emit.Int(w.BinWriter, 1)
 	emit.Opcodes(w.BinWriter, opcode.PACK)
 	emit.AppCallNoArgs(w.BinWriter, nnsHash, "setPrice", callflag.All)
 	if err := c.sendCommitteeTx(w.Bytes(), false); err != nil {
 		return err
 	}
 	return c.awaitTx()
 }
 func (c *initializeContext) deployContracts() error {
 	mgmtHash := c.nativeHash(nativenames.Management)
 	alphaCs := c.getContract(alphabetContract)
-	var keysParam []smartcontract.Parameter
+	var keysParam []any
 	baseGroups := alphaCs.Manifest.Groups
 	// alphabet contracts should be deployed by individual nodes to get different hashes.
 	for i, acc := range c.Accounts {
@ -297,36 +311,26 @@ func (c *initializeContext) deployContracts() error {
 			continue
 		}
-		invokeHash := mgmtHash
+		alphaCs.Manifest.Groups = baseGroups
-		keysParam = append(keysParam, smartcontract.Parameter{
+		err := c.addManifestGroup(ctrHash, alphaCs)
-			Type:  smartcontract.PublicKeyType,
+		if err != nil {
-			Value: acc.PrivateKey().PublicKey().Bytes(),
+			return fmt.Errorf("can't sign manifest group: %v", err)
 		})
 		params := getContractDeployParameters(alphaCs.RawNEF, alphaCs.RawManifest,
 			c.getAlphabetDeployParameters(i, len(c.Wallets)))
 		signer := transaction.Signer{
 			Account: acc.Contract.ScriptHash(),
 			Scopes:  transaction.CalledByEntry,
 		}
-		res, err := c.Client.InvokeFunction(invokeHash, deployMethodName, params, []transaction.Signer{signer})
+		keysParam = append(keysParam, acc.PrivateKey().PublicKey().Bytes())
 		params := getContractDeployParameters(alphaCs, c.getAlphabetDeployItems(i, len(c.Wallets)))
 		act, err := actor.NewSimple(c.Client, acc)
 		if err != nil {
 			return fmt.Errorf("could not create actor: %w", err)
 		}
 		txHash, vub, err := act.SendCall(management.Hash, deployMethodName, params...)
 		if err != nil {
 			return fmt.Errorf("can't deploy alphabet #%d contract: %w", i, err)
 		}
 		if res.State != vm.HaltState.String() {
 			return fmt.Errorf("can't deploy alpabet #%d contract: %s", i, res.FaultException)
 		}
-		h, err := c.Client.SignAndPushInvocationTx(res.Script, acc, -1, 0, []client.SignerAccount{{
+		c.SentTxs = append(c.SentTxs, hashVUBPair{hash: txHash, vub: vub})
 			Signer:  signer,
 			Account: acc,
 		}})
 		if err != nil {
 			return fmt.Errorf("can't push deploy transaction: %w", err)
 		}
 		c.Hashes = append(c.Hashes, h)
 	}
 	for _, ctrName := range contractList {
@ -343,23 +347,13 @@ func (c *initializeContext) deployContracts() error {
 			return fmt.Errorf("can't sign manifest group: %v", err)
 		}
-		invokeHash := mgmtHash
+		params := getContractDeployParameters(cs, c.getContractDeployData(ctrName, keysParam))
-		params := getContractDeployParameters(cs.RawNEF, cs.RawManifest,
+		res, err := c.CommitteeAct.MakeCall(management.Hash, deployMethodName, params...)
 			c.getContractDeployData(ctrName, keysParam))
 		signer := transaction.Signer{
 			Account: c.CommitteeAcc.Contract.ScriptHash(),
 			Scopes:  transaction.Global,
 		}
 		res, err := c.Client.InvokeFunction(invokeHash, deployMethodName, params, []transaction.Signer{signer})
 		if err != nil {
 			return fmt.Errorf("can't deploy %s contract: %w", ctrName, err)
 		}
 		if res.State != vm.HaltState.String() {
 			return fmt.Errorf("can't deploy %s contract: %s", ctrName, res.FaultException)
 		}
-		if err := c.sendCommitteeTx(res.Script, res.GasConsumed, false); err != nil {
+		if err := c.sendCommitteeTx(res.Script, false); err != nil {
 			return err
 		}
 	}
@ -390,14 +384,9 @@ func (c *initializeContext) readContracts(names []string) error {
 	if c.ContractPath != "" && fi.IsDir() {
 		for _, ctrName := range names {
-			cs := new(contractState)
+			cs, err := readContract(filepath.Join(c.ContractPath, ctrName), ctrName)
 			cs.RawNEF, err = os.ReadFile(filepath.Join(c.ContractPath, ctrName, ctrName+"_contract.nef"))
 			if err != nil {
-				return fmt.Errorf("can't read NEF file for %s contract: %w", ctrName, err)
+				return err
 			}
 			cs.RawManifest, err = os.ReadFile(filepath.Join(c.ContractPath, ctrName, "config.json"))
 			if err != nil {
 				return fmt.Errorf("can't read manifest file for %s contract: %w", ctrName, err)
 			}
 			c.Contracts[ctrName] = cs
 		}
@ -419,17 +408,16 @@ func (c *initializeContext) readContracts(names []string) error {
 			return err
 		}
 		for _, name := range names {
 			if err := m[name].parse(); err != nil {
 				return err
 			}
 			c.Contracts[name] = m[name]
 		}
 	}
 	for _, ctrName := range names {
 		cs := c.Contracts[ctrName]
 		if err := cs.parse(); err != nil {
 			return err
 		}
 		if ctrName != alphabetContract {
 			cs := c.Contracts[ctrName]
 			cs.Hash = state.CreateContractHash(c.CommitteeAcc.Contract.ScriptHash(),
 				cs.NEF.Checksum, cs.Manifest.Name)
 		}
@ -437,6 +425,24 @@ func (c *initializeContext) readContracts(names []string) error {
 	return nil
 }
 func readContract(ctrPath, ctrName string) (*contractState, error) {
 	rawNef, err := os.ReadFile(filepath.Join(ctrPath, ctrName+"_contract.nef"))
 	if err != nil {
 		return nil, fmt.Errorf("can't read NEF file for %s contract: %w", ctrName, err)
 	}
 	rawManif, err := os.ReadFile(filepath.Join(ctrPath, "config.json"))
 	if err != nil {
 		return nil, fmt.Errorf("can't read manifest file for %s contract: %w", ctrName, err)
 	}
 	cs := &contractState{
 		RawNEF:      rawNef,
 		RawManifest: rawManif,
 	}
 	return cs, cs.parse()
 }
 func (cs *contractState) parse() error {
 	nf, err := nef.FileFromBytes(cs.RawNEF)
 	if err != nil {
@ -504,43 +510,29 @@ func readContractsFromArchive(file io.Reader, names []string) (map[string]*contr
 	return m, nil
 }
-func getContractDeployParameters(rawNef, rawManif []byte, deployData []smartcontract.Parameter) []smartcontract.Parameter {
+func getContractDeployParameters(cs *contractState, deployData []any) []any {
-	return []smartcontract.Parameter{
+	return []any{cs.RawNEF, cs.RawManifest, deployData}
 		{
 			Type:  smartcontract.ByteArrayType,
 			Value: rawNef,
 		},
 		{
 			Type:  smartcontract.ByteArrayType,
 			Value: rawManif,
 		},
 		{
 			Type:  smartcontract.ArrayType,
 			Value: deployData,
 		},
 	}
 }
-func (c *initializeContext) getContractDeployData(ctrName string, keysParam []smartcontract.Parameter) []smartcontract.Parameter {
+func (c *initializeContext) getContractDeployData(ctrName string, keysParam []any) []any {
-	items := make([]smartcontract.Parameter, 1, 6)
+	items := make([]any, 1, 6)
-	items[0] = newContractParameter(smartcontract.BoolType, false) // notaryDisabled is false
+	items[0] = false // notaryDisabled is false
 	switch ctrName {
-	case neofsContract:
+	case frostfsContract:
 		items = append(items,
-			newContractParameter(smartcontract.Hash160Type, c.Contracts[processingContract].Hash),
+			c.Contracts[processingContract].Hash,
-			newContractParameter(smartcontract.ArrayType, keysParam),
+			keysParam,
-			newContractParameter(smartcontract.ArrayType, smartcontract.Parameter{}))
+			smartcontract.Parameter{})
 	case processingContract:
-		items = append(items, newContractParameter(smartcontract.Hash160Type, c.Contracts[neofsContract].Hash))
+		items = append(items, c.Contracts[frostfsContract].Hash)
 		return items[1:] // no notary info
 	case auditContract:
-		items = append(items,
+		items = append(items, c.Contracts[netmapContract].Hash)
 			newContractParameter(smartcontract.Hash160Type, c.Contracts[netmapContract].Hash))
 	case balanceContract:
 		items = append(items,
-			newContractParameter(smartcontract.Hash160Type, c.Contracts[netmapContract].Hash),
+			c.Contracts[netmapContract].Hash,
-			newContractParameter(smartcontract.Hash160Type, c.Contracts[containerContract].Hash))
+			c.Contracts[containerContract].Hash)
 	case containerContract:
 		// In case if NNS is updated multiple times, we can't calculate
 		// it's actual hash based on local data, thus query chain.
@ -549,43 +541,35 @@ func (c *initializeContext) getContractDeployData(ctrName string, keysParam []sm
 			panic("NNS is not yet deployed")
 		}
 		items = append(items,
-			newContractParameter(smartcontract.Hash160Type, c.Contracts[netmapContract].Hash),
+			c.Contracts[netmapContract].Hash,
-			newContractParameter(smartcontract.Hash160Type, c.Contracts[balanceContract].Hash),
+			c.Contracts[balanceContract].Hash,
-			newContractParameter(smartcontract.Hash160Type, c.Contracts[neofsIDContract].Hash),
+			c.Contracts[frostfsIDContract].Hash,
-			newContractParameter(smartcontract.Hash160Type, nnsCs.Hash),
+			nnsCs.Hash,
-			newContractParameter(smartcontract.StringType, "container"))
+			"container")
-	case neofsIDContract:
+	case frostfsIDContract:
 		items = append(items,
-			newContractParameter(smartcontract.Hash160Type, c.Contracts[netmapContract].Hash),
+			c.Contracts[netmapContract].Hash,
-			newContractParameter(smartcontract.Hash160Type, c.Contracts[containerContract].Hash))
+			c.Contracts[containerContract].Hash)
 	case netmapContract:
-		configParam := []smartcontract.Parameter{
+		configParam := []any{
-			{Type: smartcontract.StringType, Value: netmapEpochKey},
+			netmapEpochKey, viper.GetInt64(epochDurationInitFlag),
-			{Type: smartcontract.IntegerType, Value: viper.GetInt64(epochDurationInitFlag)},
+			netmapMaxObjectSizeKey, viper.GetInt64(maxObjectSizeInitFlag),
-			{Type: smartcontract.StringType, Value: netmapMaxObjectSizeKey},
+			netmapAuditFeeKey, viper.GetInt64(auditFeeInitFlag),
-			{Type: smartcontract.IntegerType, Value: viper.GetInt64(maxObjectSizeInitFlag)},
+			netmapContainerFeeKey, viper.GetInt64(containerFeeInitFlag),
-			{Type: smartcontract.StringType, Value: netmapAuditFeeKey},
+			netmapContainerAliasFeeKey, viper.GetInt64(containerAliasFeeInitFlag),
-			{Type: smartcontract.IntegerType, Value: viper.GetInt64(auditFeeInitFlag)},
+			netmapEigenTrustIterationsKey, int64(defaultEigenTrustIterations),
-			{Type: smartcontract.StringType, Value: netmapContainerFeeKey},
+			netmapEigenTrustAlphaKey, defaultEigenTrustAlpha,
-			{Type: smartcontract.IntegerType, Value: viper.GetInt64(containerFeeInitFlag)},
+			netmapBasicIncomeRateKey, viper.GetInt64(incomeRateInitFlag),
-			{Type: smartcontract.StringType, Value: netmapContainerAliasFeeKey},
+			netmapInnerRingCandidateFeeKey, viper.GetInt64(candidateFeeInitFlag),
-			{Type: smartcontract.IntegerType, Value: viper.GetInt64(containerAliasFeeInitFlag)},
+			netmapWithdrawFeeKey, viper.GetInt64(withdrawFeeInitFlag),
-			{Type: smartcontract.StringType, Value: netmapEigenTrustIterationsKey},
+			netmapHomomorphicHashDisabledKey, viper.GetBool(homomorphicHashDisabledInitFlag),
-			{Type: smartcontract.IntegerType, Value: int64(defaultEigenTrustIterations)},
+			netmapMaintenanceAllowedKey, viper.GetBool(maintenanceModeAllowedInitFlag),
 			{Type: smartcontract.StringType, Value: netmapEigenTrustAlphaKey},
 			{Type: smartcontract.StringType, Value: defaultEigenTrustAlpha},
 			{Type: smartcontract.StringType, Value: netmapBasicIncomeRateKey},
 			{Type: smartcontract.IntegerType, Value: viper.GetInt64(incomeRateInitFlag)},
 			{Type: smartcontract.StringType, Value: netmapInnerRingCandidateFeeKey},
 			{Type: smartcontract.IntegerType, Value: viper.GetInt64(candidateFeeInitFlag)},
 			{Type: smartcontract.StringType, Value: netmapWithdrawFeeKey},
 			{Type: smartcontract.IntegerType, Value: viper.GetInt64(withdrawFeeInitFlag)},
 		}
 		items = append(items,
-			newContractParameter(smartcontract.Hash160Type, c.Contracts[balanceContract].Hash),
+			c.Contracts[balanceContract].Hash,
-			newContractParameter(smartcontract.Hash160Type, c.Contracts[containerContract].Hash),
+			c.Contracts[containerContract].Hash,
-			newContractParameter(smartcontract.ArrayType, keysParam),
+			keysParam,
-			newContractParameter(smartcontract.ArrayType, configParam))
+			configParam)
 	case proxyContract:
 		items = nil
 	case reputationContract:
@ -596,20 +580,8 @@ func (c *initializeContext) getContractDeployData(ctrName string, keysParam []sm
 	return items
 }
-func (c *initializeContext) getAlphabetDeployParameters(i, n int) []smartcontract.Parameter {
+func (c *initializeContext) getAlphabetDeployItems(i, n int) []any {
-	items := c.getAlphabetDeployItems(i, n)
+	items := make([]any, 6)
 	return []smartcontract.Parameter{
 		newContractParameter(smartcontract.BoolType, items[0]),
 		newContractParameter(smartcontract.Hash160Type, items[1]),
 		newContractParameter(smartcontract.Hash160Type, items[2]),
 		newContractParameter(smartcontract.StringType, items[3]),
 		newContractParameter(smartcontract.IntegerType, items[4]),
 		newContractParameter(smartcontract.IntegerType, items[5]),
 	}
 }
 func (c *initializeContext) getAlphabetDeployItems(i, n int) []interface{} {
 	items := make([]interface{}, 6)
 	items[0] = false
 	items[1] = c.Contracts[netmapContract].Hash
 	items[2] = c.Contracts[proxyContract].Hash
@ -618,10 +590,3 @@ func (c *initializeContext) getAlphabetDeployItems(i, n int) []interface{} {
 	items[5] = int64(n)
 	return items
 }
 func newContractParameter(typ smartcontract.ParamType, value interface{}) smartcontract.Parameter {
 	return smartcontract.Parameter{
 		Type:  typ,
 		Value: value,
 	}
 }
--- a/cmd/frostfs-adm/internal/modules/morph/initialize_nns.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize_nns.go
@ -0,0 +1,291 @@
 package morph
 import (
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"strconv"
 	"time"
 	"github.com/TrueCloudLab/frostfs-contract/nns"
 	morphClient "github.com/TrueCloudLab/frostfs-node/pkg/morph/client"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	"github.com/nspcc-dev/neo-go/pkg/vm/vmstate"
 )
 const defaultExpirationTime = 10 * 365 * 24 * time.Hour / time.Second
 func (c *initializeContext) setNNS() error {
 	nnsCs, err := c.Client.GetContractStateByID(1)
 	if err != nil {
 		return err
 	}
 	ok, err := c.nnsRootRegistered(nnsCs.Hash, "frostfs")
 	if err != nil {
 		return err
 	} else if !ok {
 		bw := io.NewBufBinWriter()
 		emit.AppCall(bw.BinWriter, nnsCs.Hash, "register", callflag.All,
 			"frostfs", c.CommitteeAcc.Contract.ScriptHash(),
 			"ops@nspcc.ru", int64(3600), int64(600), int64(defaultExpirationTime), int64(3600))
 		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 		if err := c.sendCommitteeTx(bw.Bytes(), true); err != nil {
 			return fmt.Errorf("can't add domain root to NNS: %w", err)
 		}
 		if err := c.awaitTx(); err != nil {
 			return err
 		}
 	}
 	alphaCs := c.getContract(alphabetContract)
 	for i, acc := range c.Accounts {
 		alphaCs.Hash = state.CreateContractHash(acc.Contract.ScriptHash(), alphaCs.NEF.Checksum, alphaCs.Manifest.Name)
 		domain := getAlphabetNNSDomain(i)
 		if err := c.nnsRegisterDomain(nnsCs.Hash, alphaCs.Hash, domain); err != nil {
 			return err
 		}
 		c.Command.Printf("NNS: Set %s -> %s\n", domain, alphaCs.Hash.StringLE())
 	}
 	for _, ctrName := range contractList {
 		cs := c.getContract(ctrName)
 		domain := ctrName + ".frostfs"
 		if err := c.nnsRegisterDomain(nnsCs.Hash, cs.Hash, domain); err != nil {
 			return err
 		}
 		c.Command.Printf("NNS: Set %s -> %s\n", domain, cs.Hash.StringLE())
 	}
 	groupKey := c.ContractWallet.Accounts[0].PrivateKey().PublicKey()
 	err = c.updateNNSGroup(nnsCs.Hash, groupKey)
 	if err != nil {
 		return err
 	}
 	c.Command.Printf("NNS: Set %s -> %s\n", morphClient.NNSGroupKeyName, hex.EncodeToString(groupKey.Bytes()))
 	return c.awaitTx()
 }
 func (c *initializeContext) updateNNSGroup(nnsHash util.Uint160, pub *keys.PublicKey) error {
 	bw := io.NewBufBinWriter()
 	needUpdate, needRegister, err := c.emitUpdateNNSGroupScript(bw, nnsHash, pub)
 	if !needUpdate || err != nil {
 		return err
 	}
 	script := bw.Bytes()
 	if needRegister {
 		w := io.NewBufBinWriter()
 		emit.Instruction(w.BinWriter, opcode.INITSSLOT, []byte{1})
 		wrapRegisterScriptWithPrice(w, nnsHash, script)
 		script = w.Bytes()
 	}
 	return c.sendCommitteeTx(script, true)
 }
 // emitUpdateNNSGroupScript emits script for updating group key stored in NNS.
 // First return value is true iff the key is already there and nothing should be done.
 // Second return value is true iff a domain registration code was emitted.
 func (c *initializeContext) emitUpdateNNSGroupScript(bw *io.BufBinWriter, nnsHash util.Uint160, pub *keys.PublicKey) (bool, bool, error) {
 	isAvail, err := nnsIsAvailable(c.Client, nnsHash, morphClient.NNSGroupKeyName)
 	if err != nil {
 		return false, false, err
 	}
 	if !isAvail {
 		currentPub, err := nnsResolveKey(c.ReadOnlyInvoker, nnsHash, morphClient.NNSGroupKeyName)
 		if err != nil {
 			return false, false, err
 		}
 		if pub.Equal(currentPub) {
 			return true, false, nil
 		}
 	}
 	if isAvail {
 		emit.AppCall(bw.BinWriter, nnsHash, "register", callflag.All,
 			morphClient.NNSGroupKeyName, c.CommitteeAcc.Contract.ScriptHash(),
 			"ops@nspcc.ru", int64(3600), int64(600), int64(defaultExpirationTime), int64(3600))
 		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 	}
 	emit.AppCall(bw.BinWriter, nnsHash, "deleteRecords", callflag.All, "group.frostfs", int64(nns.TXT))
 	emit.AppCall(bw.BinWriter, nnsHash, "addRecord", callflag.All,
 		"group.frostfs", int64(nns.TXT), hex.EncodeToString(pub.Bytes()))
 	return false, isAvail, nil
 }
 func getAlphabetNNSDomain(i int) string {
 	return alphabetContract + strconv.FormatUint(uint64(i), 10) + ".frostfs"
 }
 // wrapRegisterScriptWithPrice wraps a given script with `getPrice`/`setPrice` calls for NNS.
 // It is intended to be used for a single transaction, and not as a part of other scripts.
 // It is assumed that script already contains static slot initialization code, the first one
 // (with index 0) is used to store the price.
 func wrapRegisterScriptWithPrice(w *io.BufBinWriter, nnsHash util.Uint160, s []byte) {
 	if len(s) == 0 {
 		return
 	}
 	emit.AppCall(w.BinWriter, nnsHash, "getPrice", callflag.All)
 	emit.Opcodes(w.BinWriter, opcode.STSFLD0)
 	emit.AppCall(w.BinWriter, nnsHash, "setPrice", callflag.All, 1)
 	w.WriteBytes(s)
 	emit.Opcodes(w.BinWriter, opcode.LDSFLD0, opcode.PUSH1, opcode.PACK)
 	emit.AppCallNoArgs(w.BinWriter, nnsHash, "setPrice", callflag.All)
 	if w.Err != nil {
 		panic(fmt.Errorf("BUG: can't wrap register script: %w", w.Err))
 	}
 }
 func (c *initializeContext) nnsRegisterDomainScript(nnsHash, expectedHash util.Uint160, domain string) ([]byte, bool, error) {
 	ok, err := nnsIsAvailable(c.Client, nnsHash, domain)
 	if err != nil {
 		return nil, false, err
 	}
 	if ok {
 		bw := io.NewBufBinWriter()
 		emit.AppCall(bw.BinWriter, nnsHash, "register", callflag.All,
 			domain, c.CommitteeAcc.Contract.ScriptHash(),
 			"ops@nspcc.ru", int64(3600), int64(600), int64(defaultExpirationTime), int64(3600))
 		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 		if bw.Err != nil {
 			panic(bw.Err)
 		}
 		return bw.Bytes(), false, nil
 	}
 	s, err := nnsResolveHash(c.ReadOnlyInvoker, nnsHash, domain)
 	if err != nil {
 		return nil, false, err
 	}
 	return nil, s == expectedHash, nil
 }
 func (c *initializeContext) nnsRegisterDomain(nnsHash, expectedHash util.Uint160, domain string) error {
 	script, ok, err := c.nnsRegisterDomainScript(nnsHash, expectedHash, domain)
 	if ok || err != nil {
 		return err
 	}
 	w := io.NewBufBinWriter()
 	emit.Instruction(w.BinWriter, opcode.INITSSLOT, []byte{1})
 	wrapRegisterScriptWithPrice(w, nnsHash, script)
 	emit.AppCall(w.BinWriter, nnsHash, "deleteRecords", callflag.All, domain, int64(nns.TXT))
 	emit.AppCall(w.BinWriter, nnsHash, "addRecord", callflag.All,
 		domain, int64(nns.TXT), expectedHash.StringLE())
 	emit.AppCall(w.BinWriter, nnsHash, "addRecord", callflag.All,
 		domain, int64(nns.TXT), address.Uint160ToString(expectedHash))
 	return c.sendCommitteeTx(w.Bytes(), true)
 }
 func (c *initializeContext) nnsRootRegistered(nnsHash util.Uint160, zone string) (bool, error) {
 	res, err := c.CommitteeAct.Call(nnsHash, "isAvailable", "name."+zone)
 	if err != nil {
 		return false, err
 	}
 	return res.State == vmstate.Halt.String(), nil
 }
 var errMissingNNSRecord = errors.New("missing NNS record")
 // Returns errMissingNNSRecord if invocation fault exception contains "token not found".
 func nnsResolveHash(inv *invoker.Invoker, nnsHash util.Uint160, domain string) (util.Uint160, error) {
 	item, err := nnsResolve(inv, nnsHash, domain)
 	if err != nil {
 		return util.Uint160{}, err
 	}
 	return parseNNSResolveResult(item)
 }
 func nnsResolve(inv *invoker.Invoker, nnsHash util.Uint160, domain string) (stackitem.Item, error) {
 	return unwrap.Item(inv.Call(nnsHash, "resolve", domain, int64(nns.TXT)))
 }
 func nnsResolveKey(inv *invoker.Invoker, nnsHash util.Uint160, domain string) (*keys.PublicKey, error) {
 	item, err := nnsResolve(inv, nnsHash, domain)
 	if err != nil {
 		return nil, err
 	}
 	v, ok := item.Value().(stackitem.Null)
 	if ok {
 		return nil, errors.New("NNS record is missing")
 	}
 	bs, err := v.TryBytes()
 	if err != nil {
 		return nil, errors.New("malformed response")
 	}
 	return keys.NewPublicKeyFromString(string(bs))
 }
 // parseNNSResolveResult parses the result of resolving NNS record.
 // It works with multiple formats (corresponding to multiple NNS versions).
 // If array of hashes is provided, it returns only the first one.
 func parseNNSResolveResult(res stackitem.Item) (util.Uint160, error) {
 	arr, ok := res.Value().([]stackitem.Item)
 	if !ok {
 		arr = []stackitem.Item{res}
 	}
 	if _, ok := res.Value().(stackitem.Null); ok || len(arr) == 0 {
 		return util.Uint160{}, errors.New("NNS record is missing")
 	}
 	for i := range arr {
 		bs, err := arr[i].TryBytes()
 		if err != nil {
 			continue
 		}
 		// We support several formats for hash encoding, this logic should be maintained in sync
 		// with nnsResolve from pkg/morph/client/nns.go
 		h, err := util.Uint160DecodeStringLE(string(bs))
 		if err == nil {
 			return h, nil
 		}
 		h, err = address.StringToUint160(string(bs))
 		if err == nil {
 			return h, nil
 		}
 	}
 	return util.Uint160{}, errors.New("no valid hashes are found")
 }
 func nnsIsAvailable(c Client, nnsHash util.Uint160, name string) (bool, error) {
 	switch ct := c.(type) {
 	case *rpcclient.Client:
 		return ct.NNSIsAvailable(nnsHash, name)
 	default:
 		b, err := unwrap.Bool(invokeFunction(c, nnsHash, "isAvailable", []any{name}, nil))
 		if err != nil {
 			return false, fmt.Errorf("`isAvailable`: invalid response: %w", err)
 		}
 		return b, nil
 	}
 }
--- a/cmd/frostfs-adm/internal/modules/morph/initialize_register.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize_register.go
@ -0,0 +1,137 @@
 package morph
 import (
 	"errors"
 	"fmt"
 	"github.com/nspcc-dev/neo-go/pkg/core/native"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/neo"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
 )
 // initialAlphabetNEOAmount represents the total amount of GAS distributed between alphabet nodes.
 const initialAlphabetNEOAmount = native.NEOTotalSupply
 func (c *initializeContext) registerCandidates() error {
 	neoHash := neo.Hash
 	cc, err := unwrap.Array(c.ReadOnlyInvoker.Call(neoHash, "getCandidates"))
 	if err != nil {
 		return fmt.Errorf("`getCandidates`: %w", err)
 	}
 	if len(cc) > 0 {
 		c.Command.Println("Candidates are already registered.")
 		return nil
 	}
 	regPrice, err := c.getCandidateRegisterPrice()
 	if err != nil {
 		return fmt.Errorf("can't fetch registration price: %w", err)
 	}
 	w := io.NewBufBinWriter()
 	emit.AppCall(w.BinWriter, neoHash, "setRegisterPrice", callflag.States, 1)
 	for _, acc := range c.Accounts {
 		emit.AppCall(w.BinWriter, neoHash, "registerCandidate", callflag.States, acc.PrivateKey().PublicKey().Bytes())
 		emit.Opcodes(w.BinWriter, opcode.ASSERT)
 	}
 	emit.AppCall(w.BinWriter, neoHash, "setRegisterPrice", callflag.States, regPrice)
 	if w.Err != nil {
 		panic(fmt.Sprintf("BUG: %v", w.Err))
 	}
 	signers := []rpcclient.SignerAccount{{
 		Signer:  c.getSigner(false, c.CommitteeAcc),
 		Account: c.CommitteeAcc,
 	}}
 	for i := range c.Accounts {
 		signers = append(signers, rpcclient.SignerAccount{
 			Signer: transaction.Signer{
 				Account:          c.Accounts[i].Contract.ScriptHash(),
 				Scopes:           transaction.CustomContracts,
 				AllowedContracts: []util.Uint160{neoHash},
 			},
 			Account: c.Accounts[i],
 		})
 	}
 	tx, err := c.Client.CreateTxFromScript(w.Bytes(), c.CommitteeAcc, -1, 0, signers)
 	if err != nil {
 		return fmt.Errorf("can't create tx: %w", err)
 	}
 	if err := c.multiSign(tx, committeeAccountName); err != nil {
 		return fmt.Errorf("can't sign a transaction: %w", err)
 	}
 	network := c.CommitteeAct.GetNetwork()
 	for i := range c.Accounts {
 		if err := c.Accounts[i].SignTx(network, tx); err != nil {
 			return fmt.Errorf("can't sign a transaction: %w", err)
 		}
 	}
 	return c.sendTx(tx, c.Command, true)
 }
 func (c *initializeContext) transferNEOToAlphabetContracts() error {
 	neoHash := neo.Hash
 	ok, err := c.transferNEOFinished(neoHash)
 	if ok || err != nil {
 		return err
 	}
 	cs := c.getContract(alphabetContract)
 	amount := initialAlphabetNEOAmount / len(c.Wallets)
 	bw := io.NewBufBinWriter()
 	for _, acc := range c.Accounts {
 		h := state.CreateContractHash(acc.Contract.ScriptHash(), cs.NEF.Checksum, cs.Manifest.Name)
 		emit.AppCall(bw.BinWriter, neoHash, "transfer", callflag.All,
 			c.CommitteeAcc.Contract.ScriptHash(), h, int64(amount), nil)
 		emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 	}
 	if err := c.sendCommitteeTx(bw.Bytes(), false); err != nil {
 		return err
 	}
 	return c.awaitTx()
 }
 func (c *initializeContext) transferNEOFinished(neoHash util.Uint160) (bool, error) {
 	bal, err := c.Client.NEP17BalanceOf(neoHash, c.CommitteeAcc.Contract.ScriptHash())
 	return bal < native.NEOTotalSupply, err
 }
 var errGetPriceInvalid = errors.New("`getRegisterPrice`: invalid response")
 func (c *initializeContext) getCandidateRegisterPrice() (int64, error) {
 	switch ct := c.Client.(type) {
 	case *rpcclient.Client:
 		return ct.GetCandidateRegisterPrice()
 	default:
 		neoHash := neo.Hash
 		res, err := invokeFunction(c.Client, neoHash, "getRegisterPrice", nil, nil)
 		if err != nil {
 			return 0, err
 		}
 		if len(res.Stack) == 0 {
 			return 0, errGetPriceInvalid
 		}
 		bi, err := res.Stack[0].TryInteger()
 		if err != nil || !bi.IsInt64() {
 			return 0, errGetPriceInvalid
 		}
 		return bi.Int64(), nil
 	}
 }
--- a/cmd/frostfs-adm/internal/modules/morph/initialize_roles.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize_roles.go
@ -1,9 +1,9 @@
 package morph
 import (
 	"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/noderoles"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/rolemgmt"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 )
@ -16,20 +16,18 @@ func (c *initializeContext) setNotaryAndAlphabetNodes() error {
 		return err
 	}
-	designateHash := c.nativeHash(nativenames.Designation)
+	var pubs []any
 	var pubs []interface{}
 	for _, acc := range c.Accounts {
 		pubs = append(pubs, acc.PrivateKey().PublicKey().Bytes())
 	}
 	w := io.NewBufBinWriter()
-	emit.AppCall(w.BinWriter, designateHash, "designateAsRole",
+	emit.AppCall(w.BinWriter, rolemgmt.Hash, "designateAsRole",
 		callflag.States|callflag.AllowNotify, int64(noderoles.P2PNotary), pubs)
-	emit.AppCall(w.BinWriter, designateHash, "designateAsRole",
+	emit.AppCall(w.BinWriter, rolemgmt.Hash, "designateAsRole",
 		callflag.States|callflag.AllowNotify, int64(noderoles.NeoFSAlphabet), pubs)
-	if err := c.sendCommitteeTx(w.Bytes(), -1, false); err != nil {
+	if err := c.sendCommitteeTx(w.Bytes(), false); err != nil {
 		return err
 	}
@ -42,6 +40,6 @@ func (c *initializeContext) setRolesFinished() (bool, error) {
 		return false, err
 	}
-	pubs, err := c.Client.GetDesignatedByRole(noderoles.NeoFSAlphabet, height)
+	pubs, err := getDesignatedByRole(c.ReadOnlyInvoker, rolemgmt.Hash, noderoles.NeoFSAlphabet, height)
 	return len(pubs) == len(c.Wallets), err
 }
--- a/cmd/frostfs-adm/internal/modules/morph/initialize_test.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize_test.go
@ -0,0 +1,121 @@
 package morph
 import (
 	"encoding/hex"
 	"os"
 	"path/filepath"
 	"strconv"
 	"testing"
 	"github.com/TrueCloudLab/frostfs-node/pkg/innerring"
 	"github.com/nspcc-dev/neo-go/pkg/config"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/vm"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 	"gopkg.in/yaml.v3"
 )
 const (
 	contractsPath = "../../../../../../frostfs-contract/frostfs-contract-v0.16.0.tar.gz"
 	protoFileName = "proto.yml"
 )
 func TestInitialize(t *testing.T) {
 	// This test needs frostfs-contract tarball, so it is skipped by default.
 	// It is here for performing local testing after the changes.
 	t.Skip()
 	t.Run("1 nodes", func(t *testing.T) {
 		testInitialize(t, 1)
 	})
 	t.Run("4 nodes", func(t *testing.T) {
 		testInitialize(t, 4)
 	})
 	t.Run("7 nodes", func(t *testing.T) {
 		testInitialize(t, 7)
 	})
 }
 func testInitialize(t *testing.T, committeeSize int) {
 	testdataDir := t.TempDir()
 	v := viper.GetViper()
 	generateTestData(t, testdataDir, committeeSize)
 	v.Set(protoConfigPath, filepath.Join(testdataDir, protoFileName))
 	// Set to the path or remove the next statement to download from the network.
 	require.NoError(t, initCmd.Flags().Set(contractsInitFlag, contractsPath))
 	v.Set(localDumpFlag, filepath.Join(testdataDir, "out"))
 	v.Set(alphabetWalletsFlag, testdataDir)
 	v.Set(epochDurationInitFlag, 1)
 	v.Set(maxObjectSizeInitFlag, 1024)
 	setTestCredentials(v, committeeSize)
 	require.NoError(t, initializeSideChainCmd(initCmd, nil))
 	t.Run("force-new-epoch", func(t *testing.T) {
 		require.NoError(t, forceNewEpochCmd(forceNewEpoch, nil))
 	})
 	t.Run("set-config", func(t *testing.T) {
 		require.NoError(t, setConfigCmd(setConfig, []string{"MaintenanceModeAllowed=true"}))
 	})
 	t.Run("set-policy", func(t *testing.T) {
 		require.NoError(t, setPolicyCmd(setPolicy, []string{"ExecFeeFactor=1"}))
 	})
 	t.Run("remove-node", func(t *testing.T) {
 		pk, err := keys.NewPrivateKey()
 		require.NoError(t, err)
 		pub := hex.EncodeToString(pk.PublicKey().Bytes())
 		require.NoError(t, removeNodesCmd(removeNodes, []string{pub}))
 	})
 }
 func generateTestData(t *testing.T, dir string, size int) {
 	v := viper.GetViper()
 	v.Set(alphabetWalletsFlag, dir)
 	sizeStr := strconv.FormatUint(uint64(size), 10)
 	require.NoError(t, generateAlphabetCmd.Flags().Set(alphabetSizeFlag, sizeStr))
 	setTestCredentials(v, size)
 	require.NoError(t, generateAlphabetCreds(generateAlphabetCmd, nil))
 	var pubs []string
 	for i := 0; i < size; i++ {
 		p := filepath.Join(dir, innerring.GlagoliticLetter(i).String()+".json")
 		w, err := wallet.NewWalletFromFile(p)
 		require.NoError(t, err, "wallet doesn't exist")
 		for _, acc := range w.Accounts {
 			if acc.Label == singleAccountName {
 				pub, ok := vm.ParseSignatureContract(acc.Contract.Script)
 				require.True(t, ok)
 				pubs = append(pubs, hex.EncodeToString(pub))
 				continue
 			}
 		}
 	}
 	cfg := config.Config{}
 	cfg.ProtocolConfiguration.Magic = 12345
 	cfg.ProtocolConfiguration.ValidatorsCount = size
 	cfg.ProtocolConfiguration.SecondsPerBlock = 1
 	cfg.ProtocolConfiguration.StandbyCommittee = pubs // sorted by glagolic letters
 	cfg.ProtocolConfiguration.P2PSigExtensions = true
 	cfg.ProtocolConfiguration.VerifyTransactions = true
 	cfg.ProtocolConfiguration.VerifyBlocks = true
 	data, err := yaml.Marshal(cfg)
 	require.NoError(t, err)
 	protoPath := filepath.Join(dir, protoFileName)
 	require.NoError(t, os.WriteFile(protoPath, data, os.ModePerm))
 }
 func setTestCredentials(v *viper.Viper, size int) {
 	for i := 0; i < size; i++ {
 		v.Set("credentials."+innerring.GlagoliticLetter(i).String(), strconv.FormatUint(uint64(i), 10))
 	}
 	v.Set("credentials.contract", testContractPassword)
 }
--- a/cmd/frostfs-adm/internal/modules/morph/initialize_transfer.go
+++ b/cmd/frostfs-adm/internal/modules/morph/initialize_transfer.go
@ -4,17 +4,23 @@ import (
 	"fmt"
 	"github.com/nspcc-dev/neo-go/pkg/core/native"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
-	"github.com/nspcc-dev/neo-go/pkg/rpc/client"
+	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/gas"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/neo"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	scContext "github.com/nspcc-dev/neo-go/pkg/smartcontract/context"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 )
 const (
 	gasInitialTotalSupply = 30000000 * native.GASFactor
-	// initialAlphabetGASAmount represents amount of GAS given to each alphabet node.
+	// initialAlphabetGASAmount represents the amount of GAS given to each alphabet node.
 	initialAlphabetGASAmount = 10_000 * native.GASFactor
-	// initialProxyGASAmount represents amount of GAS given to proxy contract.
+	// initialProxyGASAmount represents the amount of GAS given to a proxy contract.
 	initialProxyGASAmount = 50_000 * native.GASFactor
 )
@ -27,15 +33,12 @@ func (c *initializeContext) transferFunds() error {
 		return err
 	}
-	gasHash := c.nativeHash(nativenames.Gas)
+	var transfers []rpcclient.TransferTarget
 	neoHash := c.nativeHash(nativenames.Neo)
 	var transfers []client.TransferTarget
 	for _, acc := range c.Accounts {
 		to := acc.Contract.ScriptHash()
 		transfers = append(transfers,
-			client.TransferTarget{
+			rpcclient.TransferTarget{
-				Token:   gasHash,
+				Token:   gas.Hash,
 				Address: to,
 				Amount:  initialAlphabetGASAmount,
 			},
@ -44,19 +47,19 @@ func (c *initializeContext) transferFunds() error {
 	// It is convenient to have all funds at the committee account.
 	transfers = append(transfers,
-		client.TransferTarget{
+		rpcclient.TransferTarget{
-			Token:   gasHash,
+			Token:   gas.Hash,
 			Address: c.CommitteeAcc.Contract.ScriptHash(),
 			Amount:  (gasInitialTotalSupply - initialAlphabetGASAmount*int64(len(c.Wallets))) / 2,
 		},
-		client.TransferTarget{
+		rpcclient.TransferTarget{
-			Token:   neoHash,
+			Token:   neo.Hash,
 			Address: c.CommitteeAcc.Contract.ScriptHash(),
 			Amount:  native.NEOTotalSupply,
 		},
 	)
-	tx, err := c.Client.CreateNEP17MultiTransferTx(c.ConsensusAcc, 0, transfers, []client.SignerAccount{{
+	tx, err := createNEP17MultiTransferTx(c.Client, c.ConsensusAcc, 0, transfers, []rpcclient.SignerAccount{{
 		Signer: transaction.Signer{
 			Account: c.ConsensusAcc.Contract.ScriptHash(),
 			Scopes:  transaction.CalledByEntry,
@ -75,10 +78,9 @@ func (c *initializeContext) transferFunds() error {
 }
 func (c *initializeContext) transferFundsFinished() (bool, error) {
 	gasHash := c.nativeHash(nativenames.Gas)
 	acc := c.Accounts[0]
-	res, err := c.Client.NEP17BalanceOf(gasHash, acc.Contract.ScriptHash())
+	res, err := c.Client.NEP17BalanceOf(gas.Hash, acc.Contract.ScriptHash())
 	return res > initialAlphabetGASAmount/2, err
 }
@ -120,25 +122,40 @@ func (c *initializeContext) multiSign(tx *transaction.Transaction, accType strin
 		}
 	}
-	w, err := pc.GetWitness(tx.Signers[0].Account)
+	w, err := pc.GetWitness(h)
 	if err != nil {
 		return fmt.Errorf("incomplete signature: %w", err)
 	}
 	tx.Scripts = append(tx.Scripts, *w)
 	for i := range tx.Signers {
 		if tx.Signers[i].Account == h {
 			if i < len(tx.Scripts) {
 				tx.Scripts[i] = *w
 			} else if i == len(tx.Scripts) {
 				tx.Scripts = append(tx.Scripts, *w)
 			} else {
 				panic("BUG: invalid signing order")
 			}
 			return nil
 		}
 	}
 	return fmt.Errorf("%s account was not found among transaction signers", accType)
 }
 func (c *initializeContext) transferGASToProxy() error {
 	gasHash := c.nativeHash(nativenames.Gas)
 	proxyCs := c.getContract(proxyContract)
-	bal, err := c.Client.NEP17BalanceOf(gasHash, proxyCs.Hash)
+	bal, err := c.Client.NEP17BalanceOf(gas.Hash, proxyCs.Hash)
 	if err != nil || bal > 0 {
 		return err
 	}
-	tx, err := c.Client.CreateNEP17TransferTx(c.CommitteeAcc, proxyCs.Hash, gasHash, initialProxyGASAmount, 0, nil, nil)
+	tx, err := createNEP17MultiTransferTx(c.Client, c.CommitteeAcc, 0, []rpcclient.TransferTarget{{
 		Token:   gas.Hash,
 		Address: proxyCs.Hash,
 		Amount:  initialProxyGASAmount,
 	}}, nil)
 	if err != nil {
 		return err
 	}
@ -149,3 +166,25 @@ func (c *initializeContext) transferGASToProxy() error {
 	return c.awaitTx()
 }
 func createNEP17MultiTransferTx(c Client, acc *wallet.Account, netFee int64,
 	recipients []rpcclient.TransferTarget, cosigners []rpcclient.SignerAccount) (*transaction.Transaction, error) {
 	from := acc.Contract.ScriptHash()
 	w := io.NewBufBinWriter()
 	for i := range recipients {
 		emit.AppCall(w.BinWriter, recipients[i].Token, "transfer", callflag.All,
 			from, recipients[i].Address, recipients[i].Amount, recipients[i].Data)
 		emit.Opcodes(w.BinWriter, opcode.ASSERT)
 	}
 	if w.Err != nil {
 		return nil, fmt.Errorf("failed to create transfer script: %w", w.Err)
 	}
 	return c.CreateTxFromScript(w.Bytes(), acc, -1, netFee, append([]rpcclient.SignerAccount{{
 		Signer: transaction.Signer{
 			Account: from,
 			Scopes:  transaction.CalledByEntry,
 		},
 		Account: acc,
 	}}, cosigners...))
 }
--- a/cmd/frostfs-adm/internal/modules/morph/internal/types.go
+++ b/cmd/frostfs-adm/internal/modules/morph/internal/types.go
@ -8,7 +8,7 @@ import (
 )
 // StringifySubnetClientGroupID returns string representation of SubnetClientGroupID using MarshalText.
-// Returns string with message on error.
+// Returns a string with a message on error.
 func StringifySubnetClientGroupID(id *SubnetClientGroupID) string {
 	text, err := id.MarshalText()
 	if err != nil {
@ -18,17 +18,17 @@ func StringifySubnetClientGroupID(id *SubnetClientGroupID) string {
 	return string(text)
 }
-// MarshalText encodes SubnetClientGroupID into text format according to NeoFS API V2 protocol:
+// MarshalText encodes SubnetClientGroupID into text format according to FrostFS API V2 protocol:
 // value in base-10 integer string format.
 //
-// Implements encoding.TextMarshaler.
+// It implements encoding.TextMarshaler.
 func (x *SubnetClientGroupID) MarshalText() ([]byte, error) {
 	num := x.GetValue() // NPE safe, returns zero on nil
 	return []byte(strconv.FormatUint(uint64(num), 10)), nil
 }
-// UnmarshalText decodes SubnetID from the text according to NeoFS API V2 protocol:
+// UnmarshalText decodes the SubnetID from the text according to FrostFS API V2 protocol:
 // should be base-10 integer string format with bitsize = 32.
 //
 // Returns strconv.ErrRange if integer overflows uint32.
@ -47,13 +47,13 @@ func (x *SubnetClientGroupID) UnmarshalText(txt []byte) error {
 	return nil
 }
-// Marshal encodes SubnetClientGroupID into a binary format of NeoFS API V2 protocol
+// Marshal encodes the SubnetClientGroupID into a binary format of FrostFS API V2 protocol
 // (Protocol Buffers with direct field order).
 func (x *SubnetClientGroupID) Marshal() ([]byte, error) {
 	return proto.Marshal(x)
 }
-// Unmarshal decodes SubnetClientGroupID from NeoFS API V2 binary format (see Marshal). Must not be called on nil.
+// Unmarshal decodes the SubnetClientGroupID from FrostFS API V2 binary format (see Marshal). Must not be called on nil.
 func (x *SubnetClientGroupID) Unmarshal(data []byte) error {
 	return proto.Unmarshal(data, x)
 }
--- a/cmd/frostfs-adm/internal/modules/morph/internal/types.pb.go
+++ b/cmd/frostfs-adm/internal/modules/morph/internal/types.pb.go
--- a/cmd/frostfs-adm/internal/modules/morph/internal/types.proto
+++ b/cmd/frostfs-adm/internal/modules/morph/internal/types.proto
@ -2,9 +2,9 @@ syntax = "proto3";
 package neo.fs.v2.refs;
-option go_package = "github.com/nspcc-dev/neofs-node/cmd/neofs-adm/internal/modules/morph/internal";
+option go_package = "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph/internal";
-// Client group identifier in the NeoFS subnet.
+// Client group identifier in the FrostFS subnet.
 //
 // String representation of a value is base-10 integer.
 //
--- a/cmd/frostfs-adm/internal/modules/morph/local_client.go
+++ b/cmd/frostfs-adm/internal/modules/morph/local_client.go
@ -0,0 +1,505 @@
 package morph
 import (
 	"crypto/elliptic"
 	"errors"
 	"fmt"
 	"os"
 	"sort"
 	"time"
 	"github.com/google/uuid"
 	"github.com/nspcc-dev/neo-go/pkg/config"
 	"github.com/nspcc-dev/neo-go/pkg/config/netmode"
 	"github.com/nspcc-dev/neo-go/pkg/core"
 	"github.com/nspcc-dev/neo-go/pkg/core/block"
 	"github.com/nspcc-dev/neo-go/pkg/core/chaindump"
 	"github.com/nspcc-dev/neo-go/pkg/core/fee"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/noderoles"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/storage"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/neorpc/result"
 	"github.com/nspcc-dev/neo-go/pkg/network/payload"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/unwrap"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	"github.com/nspcc-dev/neo-go/pkg/vm/vmstate"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"go.uber.org/zap"
 )
 type localClient struct {
 	bc           *core.Blockchain
 	transactions []*transaction.Transaction
 	dumpPath     string
 	accounts     []*wallet.Account
 	maxGasInvoke int64
 }
 func newLocalClient(cmd *cobra.Command, v *viper.Viper, wallets []*wallet.Wallet) (*localClient, error) {
 	cfg, err := config.LoadFile(v.GetString(protoConfigPath))
 	if err != nil {
 		return nil, err
 	}
 	bc, err := core.NewBlockchain(storage.NewMemoryStore(), cfg.Blockchain(), zap.NewNop())
 	if err != nil {
 		return nil, err
 	}
 	m := smartcontract.GetDefaultHonestNodeCount(cfg.ProtocolConfiguration.ValidatorsCount)
 	accounts := make([]*wallet.Account, len(wallets))
 	for i := range accounts {
 		accounts[i], err = getWalletAccount(wallets[i], consensusAccountName)
 		if err != nil {
 			return nil, err
 		}
 	}
 	indexMap := make(map[string]int)
 	for i, pub := range cfg.ProtocolConfiguration.StandbyCommittee {
 		indexMap[pub] = i
 	}
 	sort.Slice(accounts, func(i, j int) bool {
 		pi := accounts[i].PrivateKey().PublicKey().Bytes()
 		pj := accounts[j].PrivateKey().PublicKey().Bytes()
 		return indexMap[string(pi)] < indexMap[string(pj)]
 	})
 	sort.Slice(accounts[:cfg.ProtocolConfiguration.ValidatorsCount], func(i, j int) bool {
 		return accounts[i].PublicKey().Cmp(accounts[j].PublicKey()) == -1
 	})
 	go bc.Run()
 	dumpPath := v.GetString(localDumpFlag)
 	if cmd.Name() != "init" {
 		f, err := os.OpenFile(dumpPath, os.O_RDONLY, 0600)
 		if err != nil {
 			return nil, fmt.Errorf("can't open local dump: %w", err)
 		}
 		defer f.Close()
 		r := io.NewBinReaderFromIO(f)
 		var skip uint32
 		if bc.BlockHeight() != 0 {
 			skip = bc.BlockHeight() + 1
 		}
 		count := r.ReadU32LE() - skip
 		if err := chaindump.Restore(bc, r, skip, count, nil); err != nil {
 			return nil, fmt.Errorf("can't restore local dump: %w", err)
 		}
 	}
 	return &localClient{
 		bc:           bc,
 		dumpPath:     dumpPath,
 		accounts:     accounts[:m],
 		maxGasInvoke: 15_0000_0000,
 	}, nil
 }
 func (l *localClient) GetBlockCount() (uint32, error) {
 	return l.bc.BlockHeight(), nil
 }
 func (l *localClient) GetContractStateByID(id int32) (*state.Contract, error) {
 	h, err := l.bc.GetContractScriptHash(id)
 	if err != nil {
 		return nil, err
 	}
 	return l.GetContractStateByHash(h)
 }
 func (l *localClient) GetContractStateByHash(h util.Uint160) (*state.Contract, error) {
 	if cs := l.bc.GetContractState(h); cs != nil {
 		return cs, nil
 	}
 	return nil, storage.ErrKeyNotFound
 }
 func (l *localClient) GetNativeContracts() ([]state.NativeContract, error) {
 	return l.bc.GetNatives(), nil
 }
 func (l *localClient) GetNetwork() (netmode.Magic, error) {
 	return l.bc.GetConfig().Magic, nil
 }
 func (l *localClient) GetApplicationLog(h util.Uint256, t *trigger.Type) (*result.ApplicationLog, error) {
 	aer, err := l.bc.GetAppExecResults(h, *t)
 	if err != nil {
 		return nil, err
 	}
 	a := result.NewApplicationLog(h, aer, *t)
 	return &a, nil
 }
 func (l *localClient) CreateTxFromScript(script []byte, acc *wallet.Account, sysFee int64, netFee int64, cosigners []rpcclient.SignerAccount) (*transaction.Transaction, error) {
 	signers, accounts, err := getSigners(acc, cosigners)
 	if err != nil {
 		return nil, fmt.Errorf("failed to construct tx signers: %w", err)
 	}
 	if sysFee < 0 {
 		res, err := l.InvokeScript(script, signers)
 		if err != nil {
 			return nil, fmt.Errorf("can't add system fee to transaction: %w", err)
 		}
 		if res.State != "HALT" {
 			return nil, fmt.Errorf("can't add system fee to transaction: bad vm state: %s due to an error: %s", res.State, res.FaultException)
 		}
 		sysFee = res.GasConsumed
 	}
 	tx := transaction.New(script, sysFee)
 	tx.Signers = signers
 	tx.ValidUntilBlock = l.bc.BlockHeight() + 2
 	err = l.AddNetworkFee(tx, netFee, accounts...)
 	if err != nil {
 		return nil, fmt.Errorf("failed to add network fee: %w", err)
 	}
 	return tx, nil
 }
 func (l *localClient) GetCommittee() (keys.PublicKeys, error) {
 	// not used by `morph init` command
 	panic("unexpected call")
 }
 // InvokeFunction is implemented via `InvokeScript`.
 func (l *localClient) InvokeFunction(h util.Uint160, method string, sPrm []smartcontract.Parameter, ss []transaction.Signer) (*result.Invoke, error) {
 	var err error
 	pp := make([]any, len(sPrm))
 	for i, p := range sPrm {
 		pp[i], err = smartcontract.ExpandParameterToEmitable(p)
 		if err != nil {
 			return nil, fmt.Errorf("incorrect parameter type %s: %w", p.Type, err)
 		}
 	}
 	return invokeFunction(l, h, method, pp, ss)
 }
 func (l *localClient) CalculateNotaryFee(_ uint8) (int64, error) {
 	// not used by `morph init` command
 	panic("unexpected call")
 }
 func (l *localClient) SignAndPushP2PNotaryRequest(_ *transaction.Transaction, _ []byte, _ int64, _ int64, _ uint32, _ *wallet.Account) (*payload.P2PNotaryRequest, error) {
 	// not used by `morph init` command
 	panic("unexpected call")
 }
 func (l *localClient) SignAndPushInvocationTx(_ []byte, _ *wallet.Account, _ int64, _ fixedn.Fixed8, _ []rpcclient.SignerAccount) (util.Uint256, error) {
 	// not used by `morph init` command
 	panic("unexpected call")
 }
 func (l *localClient) TerminateSession(_ uuid.UUID) (bool, error) {
 	// not used by `morph init` command
 	panic("unexpected call")
 }
 func (l *localClient) TraverseIterator(_, _ uuid.UUID, _ int) ([]stackitem.Item, error) {
 	// not used by `morph init` command
 	panic("unexpected call")
 }
 // GetVersion return default version.
 func (l *localClient) GetVersion() (*result.Version, error) {
 	c := l.bc.GetConfig()
 	return &result.Version{
 		Protocol: result.Protocol{
 			AddressVersion:              address.NEO3Prefix,
 			Network:                     c.Magic,
 			MillisecondsPerBlock:        int(c.TimePerBlock / time.Millisecond),
 			MaxTraceableBlocks:          c.MaxTraceableBlocks,
 			MaxValidUntilBlockIncrement: c.MaxValidUntilBlockIncrement,
 			MaxTransactionsPerBlock:     c.MaxTransactionsPerBlock,
 			MemoryPoolMaxTransactions:   c.MemPoolSize,
 			ValidatorsCount:             byte(c.ValidatorsCount),
 			InitialGasDistribution:      c.InitialGASSupply,
 			CommitteeHistory:            c.CommitteeHistory,
 			P2PSigExtensions:            c.P2PSigExtensions,
 			StateRootInHeader:           c.StateRootInHeader,
 			ValidatorsHistory:           c.ValidatorsHistory,
 		},
 	}, nil
 }
 func (l *localClient) InvokeContractVerify(contract util.Uint160, params []smartcontract.Parameter, signers []transaction.Signer, witnesses ...transaction.Witness) (*result.Invoke, error) {
 	// not used by `morph init` command
 	panic("unexpected call")
 }
 // CalculateNetworkFee calculates network fee for the given transaction.
 // Copied from neo-go with minor corrections (no need to support non-notary mode):
 // https://github.com/nspcc-dev/neo-go/blob/v0.99.2/pkg/services/rpcsrv/server.go#L744
 func (l *localClient) CalculateNetworkFee(tx *transaction.Transaction) (int64, error) {
 	hashablePart, err := tx.EncodeHashableFields()
 	if err != nil {
 		return 0, fmt.Errorf("failed to compute tx size: %w", err)
 	}
 	size := len(hashablePart) + io.GetVarSize(len(tx.Signers))
 	ef := l.bc.GetBaseExecFee()
 	var netFee int64
 	for i, signer := range tx.Signers {
 		var verificationScript []byte
 		for _, w := range tx.Scripts {
 			if w.VerificationScript != nil && hash.Hash160(w.VerificationScript).Equals(signer.Account) {
 				verificationScript = w.VerificationScript
 				break
 			}
 		}
 		if verificationScript == nil {
 			gasConsumed, err := l.bc.VerifyWitness(signer.Account, tx, &tx.Scripts[i], l.maxGasInvoke)
 			if err != nil {
 				return 0, fmt.Errorf("invalid signature: %w", err)
 			}
 			netFee += gasConsumed
 			size += io.GetVarSize([]byte{}) + io.GetVarSize(tx.Scripts[i].InvocationScript)
 			continue
 		}
 		fee, sizeDelta := fee.Calculate(ef, verificationScript)
 		netFee += fee
 		size += sizeDelta
 	}
 	fee := l.bc.FeePerByte()
 	netFee += int64(size) * fee
 	return netFee, nil
 }
 // AddNetworkFee adds network fee for each witness script and optional extra
 // network fee to transaction. `accs` is an array signer's accounts.
 // Copied from neo-go with minor corrections (no need to support contract signers):
 // https://github.com/nspcc-dev/neo-go/blob/6ff11baa1b9e4c71ef0d1de43b92a8c541ca732c/pkg/rpc/client/rpc.go#L960
 func (l *localClient) AddNetworkFee(tx *transaction.Transaction, extraFee int64, accs ...*wallet.Account) error {
 	if len(tx.Signers) != len(accs) {
 		return errors.New("number of signers must match number of scripts")
 	}
 	size := io.GetVarSize(tx)
 	ef := l.bc.GetBaseExecFee()
 	for i := range tx.Signers {
 		netFee, sizeDelta := fee.Calculate(ef, accs[i].Contract.Script)
 		tx.NetworkFee += netFee
 		size += sizeDelta
 	}
 	tx.NetworkFee += int64(size)*l.bc.FeePerByte() + extraFee
 	return nil
 }
 // getSigners returns an array of transaction signers and corresponding accounts from
 // given sender and cosigners. If cosigners list already contains sender, the sender
 // will be placed at the start of the list.
 // Copied from neo-go with minor corrections:
 // https://github.com/nspcc-dev/neo-go/blob/6ff11baa1b9e4c71ef0d1de43b92a8c541ca732c/pkg/rpc/client/rpc.go#L735
 func getSigners(sender *wallet.Account, cosigners []rpcclient.SignerAccount) ([]transaction.Signer, []*wallet.Account, error) {
 	var (
 		signers  []transaction.Signer
 		accounts []*wallet.Account
 	)
 	from := sender.Contract.ScriptHash()
 	s := transaction.Signer{
 		Account: from,
 		Scopes:  transaction.None,
 	}
 	for _, c := range cosigners {
 		if c.Signer.Account == from {
 			s = c.Signer
 			continue
 		}
 		signers = append(signers, c.Signer)
 		accounts = append(accounts, c.Account)
 	}
 	signers = append([]transaction.Signer{s}, signers...)
 	accounts = append([]*wallet.Account{sender}, accounts...)
 	return signers, accounts, nil
 }
 func (l *localClient) NEP17BalanceOf(h util.Uint160, acc util.Uint160) (int64, error) {
 	res, err := invokeFunction(l, h, "balanceOf", []any{acc}, nil)
 	if err != nil {
 		return 0, err
 	}
 	if res.State != vmstate.Halt.String() || len(res.Stack) == 0 {
 		return 0, fmt.Errorf("`balance`: invalid response (empty: %t): %s",
 			len(res.Stack) == 0, res.FaultException)
 	}
 	bi, err := res.Stack[0].TryInteger()
 	if err != nil || !bi.IsInt64() {
 		return 0, fmt.Errorf("`balance`: invalid response")
 	}
 	return bi.Int64(), nil
 }
 func (l *localClient) InvokeScript(script []byte, signers []transaction.Signer) (*result.Invoke, error) {
 	lastBlock, err := l.bc.GetBlock(l.bc.CurrentBlockHash())
 	if err != nil {
 		return nil, err
 	}
 	tx := transaction.New(script, 0)
 	tx.Signers = signers
 	tx.ValidUntilBlock = l.bc.BlockHeight() + 2
 	ic, err := l.bc.GetTestVM(trigger.Application, tx, &block.Block{
 		Header: block.Header{
 			Index:     lastBlock.Index + 1,
 			Timestamp: lastBlock.Timestamp + 1,
 		},
 	})
 	if err != nil {
 		return nil, fmt.Errorf("get test VM: %w", err)
 	}
 	ic.VM.GasLimit = 100_0000_0000
 	ic.VM.LoadScriptWithFlags(script, callflag.All)
 	var errStr string
 	if err := ic.VM.Run(); err != nil {
 		errStr = err.Error()
 	}
 	return &result.Invoke{
 		State:          ic.VM.State().String(),
 		GasConsumed:    ic.VM.GasConsumed(),
 		Script:         script,
 		Stack:          ic.VM.Estack().ToArray(),
 		FaultException: errStr,
 	}, nil
 }
 func (l *localClient) SendRawTransaction(tx *transaction.Transaction) (util.Uint256, error) {
 	// We need to test that transaction was formed correctly to catch as many errors as we can.
 	bs := tx.Bytes()
 	_, err := transaction.NewTransactionFromBytes(bs)
 	if err != nil {
 		return tx.Hash(), fmt.Errorf("invalid transaction: %w", err)
 	}
 	l.transactions = append(l.transactions, tx)
 	return tx.Hash(), nil
 }
 func (l *localClient) putTransactions() error {
 	// 1. Prepare new block.
 	lastBlock, err := l.bc.GetBlock(l.bc.CurrentBlockHash())
 	if err != nil {
 		panic(err)
 	}
 	defer func() { l.transactions = l.transactions[:0] }()
 	b := &block.Block{
 		Header: block.Header{
 			NextConsensus: l.accounts[0].Contract.ScriptHash(),
 			Script: transaction.Witness{
 				VerificationScript: l.accounts[0].Contract.Script,
 			},
 			Timestamp: lastBlock.Timestamp + 1,
 		},
 		Transactions: l.transactions,
 	}
 	if l.bc.GetConfig().StateRootInHeader {
 		b.StateRootEnabled = true
 		b.PrevStateRoot = l.bc.GetStateModule().CurrentLocalStateRoot()
 	}
 	b.PrevHash = lastBlock.Hash()
 	b.Index = lastBlock.Index + 1
 	b.RebuildMerkleRoot()
 	// 2. Sign prepared block.
 	var invocationScript []byte
 	magic := l.bc.GetConfig().Magic
 	for _, acc := range l.accounts {
 		sign := acc.PrivateKey().SignHashable(uint32(magic), b)
 		invocationScript = append(invocationScript, byte(opcode.PUSHDATA1), 64)
 		invocationScript = append(invocationScript, sign...)
 	}
 	b.Script.InvocationScript = invocationScript
 	// 3. Persist block.
 	return l.bc.AddBlock(b)
 }
 func invokeFunction(c Client, h util.Uint160, method string, parameters []any, signers []transaction.Signer) (*result.Invoke, error) {
 	w := io.NewBufBinWriter()
 	emit.Array(w.BinWriter, parameters...)
 	emit.AppCallNoArgs(w.BinWriter, h, method, callflag.All)
 	if w.Err != nil {
 		panic(fmt.Sprintf("BUG: invalid parameters for '%s': %v", method, w.Err))
 	}
 	return c.InvokeScript(w.Bytes(), signers)
 }
 var errGetDesignatedByRoleResponse = errors.New("`getDesignatedByRole`: invalid response")
 func getDesignatedByRole(inv *invoker.Invoker, h util.Uint160, role noderoles.Role, u uint32) (keys.PublicKeys, error) {
 	arr, err := unwrap.Array(inv.Call(h, "getDesignatedByRole", int64(role), int64(u)))
 	if err != nil {
 		return nil, errGetDesignatedByRoleResponse
 	}
 	pubs := make(keys.PublicKeys, len(arr))
 	for i := range arr {
 		bs, err := arr[i].TryBytes()
 		if err != nil {
 			return nil, errGetDesignatedByRoleResponse
 		}
 		pubs[i], err = keys.NewPublicKeyFromBytes(bs, elliptic.P256())
 		if err != nil {
 			return nil, errGetDesignatedByRoleResponse
 		}
 	}
 	return pubs, nil
 }
 func (l *localClient) dump() (err error) {
 	defer l.bc.Close()
 	f, err := os.Create(l.dumpPath)
 	if err != nil {
 		return err
 	}
 	defer func() {
 		closeErr := f.Close()
 		if err == nil && closeErr != nil {
 			err = closeErr
 		}
 	}()
 	w := io.NewBinWriterFromIO(f)
 	w.WriteU32LE(l.bc.BlockHeight() + 1)
 	err = chaindump.Dump(l.bc, w, 0, l.bc.BlockHeight()+1)
 	return
 }
--- a/cmd/frostfs-adm/internal/modules/morph/n3client.go
+++ b/cmd/frostfs-adm/internal/modules/morph/n3client.go
@ -0,0 +1,122 @@
 package morph
 import (
 	"context"
 	"errors"
 	"fmt"
 	"time"
 	"github.com/nspcc-dev/neo-go/pkg/config/netmode"
 	"github.com/nspcc-dev/neo-go/pkg/core/state"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
 	"github.com/nspcc-dev/neo-go/pkg/neorpc/result"
 	"github.com/nspcc-dev/neo-go/pkg/network/payload"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 // Client represents N3 client interface capable of test-invoking scripts
 // and sending signed transactions to chain.
 type Client interface {
 	invoker.RPCInvoke
 	GetBlockCount() (uint32, error)
 	GetContractStateByID(int32) (*state.Contract, error)
 	GetContractStateByHash(util.Uint160) (*state.Contract, error)
 	GetNativeContracts() ([]state.NativeContract, error)
 	GetNetwork() (netmode.Magic, error)
 	GetApplicationLog(util.Uint256, *trigger.Type) (*result.ApplicationLog, error)
 	GetVersion() (*result.Version, error)
 	CreateTxFromScript([]byte, *wallet.Account, int64, int64, []rpcclient.SignerAccount) (*transaction.Transaction, error)
 	NEP17BalanceOf(util.Uint160, util.Uint160) (int64, error)
 	SendRawTransaction(*transaction.Transaction) (util.Uint256, error)
 	GetCommittee() (keys.PublicKeys, error)
 	CalculateNotaryFee(uint8) (int64, error)
 	CalculateNetworkFee(tx *transaction.Transaction) (int64, error)
 	AddNetworkFee(*transaction.Transaction, int64, ...*wallet.Account) error
 	SignAndPushInvocationTx([]byte, *wallet.Account, int64, fixedn.Fixed8, []rpcclient.SignerAccount) (util.Uint256, error)
 	SignAndPushP2PNotaryRequest(*transaction.Transaction, []byte, int64, int64, uint32, *wallet.Account) (*payload.P2PNotaryRequest, error)
 }
 type hashVUBPair struct {
 	hash util.Uint256
 	vub  uint32
 }
 type clientContext struct {
 	Client          Client           // a raw neo-go client OR a local chain implementation
 	CommitteeAct    *actor.Actor     // committee actor with the Global witness scope
 	ReadOnlyInvoker *invoker.Invoker // R/O contract invoker, does not contain any signer
 	SentTxs         []hashVUBPair
 }
 func getN3Client(v *viper.Viper) (Client, error) {
 	// number of opened connections
 	// by neo-go client per one host
 	const (
 		maxConnsPerHost = 10
 		requestTimeout  = time.Second * 10
 	)
 	ctx := context.Background()
 	endpoint := v.GetString(endpointFlag)
 	if endpoint == "" {
 		return nil, errors.New("missing endpoint")
 	}
 	c, err := rpcclient.New(ctx, endpoint, rpcclient.Options{
 		MaxConnsPerHost: maxConnsPerHost,
 		RequestTimeout:  requestTimeout,
 	})
 	if err != nil {
 		return nil, err
 	}
 	if err := c.Init(); err != nil {
 		return nil, err
 	}
 	return c, nil
 }
 func defaultClientContext(c Client, committeeAcc *wallet.Account) (*clientContext, error) {
 	commAct, err := actor.New(c, []actor.SignerAccount{{
 		Signer: transaction.Signer{
 			Account: committeeAcc.Contract.ScriptHash(),
 			Scopes:  transaction.Global,
 		},
 		Account: committeeAcc,
 	}})
 	if err != nil {
 		return nil, err
 	}
 	return &clientContext{
 		Client:          c,
 		CommitteeAct:    commAct,
 		ReadOnlyInvoker: invoker.New(c, nil),
 	}, nil
 }
 func (c *clientContext) sendTx(tx *transaction.Transaction, cmd *cobra.Command, await bool) error {
 	h, err := c.Client.SendRawTransaction(tx)
 	if err != nil {
 		return err
 	}
 	if h != tx.Hash() {
 		return fmt.Errorf("sent and actual tx hashes mismatch:\n\tsent: %v\n\tactual: %v", tx.Hash().StringLE(), h.StringLE())
 	}
 	c.SentTxs = append(c.SentTxs, hashVUBPair{hash: h, vub: tx.ValidUntilBlock})
 	if await {
 		return c.awaitTx(cmd)
 	}
 	return nil
 }
--- a/cmd/frostfs-adm/internal/modules/morph/netmap_candidates.go
+++ b/cmd/frostfs-adm/internal/modules/morph/netmap_candidates.go
@ -0,0 +1,29 @@
 package morph
 import (
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	commonCmd "github.com/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/TrueCloudLab/frostfs-node/pkg/morph/client/netmap"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/invoker"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 func listNetmapCandidatesNodes(cmd *cobra.Command, _ []string) {
 	c, err := getN3Client(viper.GetViper())
 	commonCmd.ExitOnErr(cmd, "can't create N3 client: %w", err)
 	inv := invoker.New(c, nil)
 	cs, err := c.GetContractStateByID(1)
 	commonCmd.ExitOnErr(cmd, "can't get NNS contract info: %w", err)
 	nmHash, err := nnsResolveHash(inv, cs.Hash, netmapContract+".frostfs")
 	commonCmd.ExitOnErr(cmd, "can't get netmap contract hash: %w", err)
 	res, err := inv.Call(nmHash, "netmapCandidates")
 	commonCmd.ExitOnErr(cmd, "can't fetch list of network config keys from the netmap contract", err)
 	nm, err := netmap.DecodeNetMap(res.Stack)
 	commonCmd.ExitOnErr(cmd, "unable to decode netmap: %w", err)
 	commonCmd.PrettyPrintNetMap(cmd, *nm, !viper.GetBool(commonflags.Verbose))
 }
--- a/cmd/frostfs-adm/internal/modules/morph/notary.go
+++ b/cmd/frostfs-adm/internal/modules/morph/notary.go
@ -2,18 +2,17 @@ package morph
 import (
 	"fmt"
 	"math/big"
 	"strconv"
 	"github.com/nspcc-dev/neo-go/cli/input"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
-	"github.com/nspcc-dev/neo-go/pkg/io"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
-	"github.com/nspcc-dev/neo-go/pkg/rpc/client"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/gas"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/nep17"
-	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/notary"
 	"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@ -86,18 +85,8 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 		return err
 	}
-	nhs, err := getNativeHashes(c)
+	if err := checkNotaryEnabled(c); err != nil {
-	if err != nil {
+		return err
 		return fmt.Errorf("can't get native contract hashes: %w", err)
 	}
 	gasHash, ok := nhs[nativenames.Gas]
 	if !ok {
 		return fmt.Errorf("can't retrieve %s contract hash", nativenames.Gas)
 	}
 	notaryHash, ok := nhs[nativenames.Notary]
 	if !ok {
 		return fmt.Errorf("can't retrieve %s contract hash", nativenames.Notary)
 	}
 	height, err := c.GetBlockCount()
@ -105,15 +94,7 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("can't get current height: %v", err)
 	}
-	bw := io.NewBufBinWriter()
+	act, err := actor.New(c, []actor.SignerAccount{{
 	emit.AppCall(bw.BinWriter, gasHash, "transfer", callflag.All,
 		accHash, notaryHash.BytesBE(), int64(gasAmount), []interface{}{nil, int64(height) + till})
 	emit.Opcodes(bw.BinWriter, opcode.ASSERT)
 	if bw.Err != nil {
 		return fmt.Errorf("BUG: invalid transfer arguments: %w", bw.Err)
 	}
 	tx, err := c.CreateTxFromScript(bw.Bytes(), acc, -1, 0, []client.SignerAccount{{
 		Signer: transaction.Signer{
 			Account: acc.Contract.ScriptHash(),
 			Scopes:  transaction.Global,
@ -121,21 +102,20 @@ func depositNotary(cmd *cobra.Command, _ []string) error {
 		Account: acc,
 	}})
 	if err != nil {
-		return fmt.Errorf("can't create tx: %w", err)
+		return fmt.Errorf("could not create actor: %w", err)
 	}
-	mn, err := c.GetNetwork()
+	gasActor := nep17.New(act, gas.Hash)
 	txHash, vub, err := gasActor.Transfer(
 		accHash,
 		notary.Hash,
 		big.NewInt(int64(gasAmount)),
 		[]any{nil, int64(height) + till},
 	)
 	if err != nil {
-		// error appears only if client
+		return fmt.Errorf("could not send tx: %w", err)
 		// has not been initialized
 		panic(err)
 	}
-	err = acc.SignTx(mn, tx)
+	return awaitTx(cmd, c, []hashVUBPair{{hash: txHash, vub: vub}})
 	if err != nil {
 		return fmt.Errorf("can't sign tx: %w", err)
 	}
 	cc := defaultClientContext(c)
 	return cc.sendTx(tx, cmd, true)
 }
--- a/cmd/frostfs-adm/internal/modules/morph/policy.go
+++ b/cmd/frostfs-adm/internal/modules/morph/policy.go
@ -5,8 +5,8 @@ import (
 	"strconv"
 	"strings"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/policy"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/spf13/cobra"
@ -25,33 +25,28 @@ func setPolicyCmd(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("can't to initialize context: %w", err)
 	}
 	policyHash, err := wCtx.Client.GetNativeContractHash(nativenames.Policy)
 	if err != nil {
 		return fmt.Errorf("can't get policy contract hash: %w", err)
 	}
 	bw := io.NewBufBinWriter()
 	for i := range args {
-		kv := strings.SplitN(args[i], "=", 2)
+		k, v, found := strings.Cut(args[i], "=")
-		if len(kv) != 2 {
+		if !found {
 			return fmt.Errorf("invalid parameter format, must be Parameter=Value")
 		}
-		switch kv[0] {
+		switch k {
 		case execFeeParam, storagePriceParam, setFeeParam:
 		default:
 			return fmt.Errorf("parameter must be one of %s, %s and %s", execFeeParam, storagePriceParam, setFeeParam)
 		}
-		value, err := strconv.ParseUint(kv[1], 10, 32)
+		value, err := strconv.ParseUint(v, 10, 32)
 		if err != nil {
 			return fmt.Errorf("can't parse parameter value '%s': %w", args[1], err)
 		}
-		emit.AppCall(bw.BinWriter, policyHash, "set"+kv[0], callflag.All, int64(value))
+		emit.AppCall(bw.BinWriter, policy.Hash, "set"+k, callflag.All, int64(value))
 	}
-	if err := wCtx.sendCommitteeTx(bw.Bytes(), -1, false); err != nil {
+	if err := wCtx.sendCommitteeTx(bw.Bytes(), false); err != nil {
 		return err
 	}
--- a/cmd/frostfs-adm/internal/modules/morph/remove_node.go
+++ b/cmd/frostfs-adm/internal/modules/morph/remove_node.go
@ -0,0 +1,61 @@
 package morph
 import (
 	"errors"
 	"fmt"
 	netmapcontract "github.com/TrueCloudLab/frostfs-contract/netmap"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/io"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
 	"github.com/nspcc-dev/neo-go/pkg/vm/emit"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 func removeNodesCmd(cmd *cobra.Command, args []string) error {
 	if len(args) == 0 {
 		return errors.New("at least one node key must be provided")
 	}
 	nodeKeys := make(keys.PublicKeys, len(args))
 	for i := range args {
 		var err error
 		nodeKeys[i], err = keys.NewPublicKeyFromString(args[i])
 		if err != nil {
 			return fmt.Errorf("can't parse node public key: %w", err)
 		}
 	}
 	wCtx, err := newInitializeContext(cmd, viper.GetViper())
 	if err != nil {
 		return fmt.Errorf("can't initialize context: %w", err)
 	}
 	defer wCtx.close()
 	cs, err := wCtx.Client.GetContractStateByID(1)
 	if err != nil {
 		return fmt.Errorf("can't get NNS contract info: %w", err)
 	}
 	nmHash, err := nnsResolveHash(wCtx.ReadOnlyInvoker, cs.Hash, netmapContract+".frostfs")
 	if err != nil {
 		return fmt.Errorf("can't get netmap contract hash: %w", err)
 	}
 	bw := io.NewBufBinWriter()
 	for i := range nodeKeys {
 		emit.AppCall(bw.BinWriter, nmHash, "updateStateIR", callflag.All,
 			int64(netmapcontract.NodeStateOffline), nodeKeys[i].Bytes())
 	}
 	if err := emitNewEpochCall(bw, wCtx, nmHash); err != nil {
 		return err
 	}
 	if err := wCtx.sendConsensusTx(bw.Bytes()); err != nil {
 		return err
 	}
 	return wCtx.awaitTx()
 }
--- a/cmd/frostfs-adm/internal/modules/morph/root.go
+++ b/cmd/frostfs-adm/internal/modules/morph/root.go
@ -0,0 +1,339 @@
 package morph
 import (
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 const (
 	alphabetWalletsFlag             = "alphabet-wallets"
 	alphabetSizeFlag                = "size"
 	endpointFlag                    = "rpc-endpoint"
 	storageWalletFlag               = "storage-wallet"
 	storageWalletLabelFlag          = "label"
 	storageGasCLIFlag               = "initial-gas"
 	storageGasConfigFlag            = "storage.initial_gas"
 	contractsInitFlag               = "contracts"
 	maxObjectSizeInitFlag           = "network.max_object_size"
 	maxObjectSizeCLIFlag            = "max-object-size"
 	epochDurationInitFlag           = "network.epoch_duration"
 	epochDurationCLIFlag            = "epoch-duration"
 	incomeRateInitFlag              = "network.basic_income_rate"
 	incomeRateCLIFlag               = "basic-income-rate"
 	auditFeeInitFlag                = "network.fee.audit"
 	auditFeeCLIFlag                 = "audit-fee"
 	containerFeeInitFlag            = "network.fee.container"
 	containerAliasFeeInitFlag       = "network.fee.container_alias"
 	containerFeeCLIFlag             = "container-fee"
 	containerAliasFeeCLIFlag        = "container-alias-fee"
 	candidateFeeInitFlag            = "network.fee.candidate"
 	candidateFeeCLIFlag             = "candidate-fee"
 	homomorphicHashDisabledInitFlag = "network.homomorphic_hash_disabled"
 	maintenanceModeAllowedInitFlag  = "network.maintenance_mode_allowed"
 	homomorphicHashDisabledCLIFlag  = "homomorphic-disabled"
 	withdrawFeeInitFlag             = "network.fee.withdraw"
 	withdrawFeeCLIFlag              = "withdraw-fee"
 	containerDumpFlag               = "dump"
 	containerContractFlag           = "container-contract"
 	containerIDsFlag                = "cid"
 	refillGasAmountFlag             = "gas"
 	walletAccountFlag               = "account"
 	notaryDepositTillFlag           = "till"
 	localDumpFlag                   = "local-dump"
 	protoConfigPath                 = "protocol"
 	walletAddressFlag               = "wallet-address"
 )
 var (
 	// RootCmd is a root command of config section.
 	RootCmd = &cobra.Command{
 		Use:   "morph",
 		Short: "Section for morph network configuration commands",
 	}
 	generateAlphabetCmd = &cobra.Command{
 		Use:   "generate-alphabet",
 		Short: "Generate alphabet wallets for consensus nodes of the morph network",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			// PreRun fixes https://github.com/spf13/viper/issues/233
 			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
 		},
 		RunE: generateAlphabetCreds,
 	}
 	initCmd = &cobra.Command{
 		Use:   "init",
 		Short: "Initialize side chain network with smart-contracts and network settings",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 			_ = viper.BindPFlag(epochDurationInitFlag, cmd.Flags().Lookup(epochDurationCLIFlag))
 			_ = viper.BindPFlag(maxObjectSizeInitFlag, cmd.Flags().Lookup(maxObjectSizeCLIFlag))
 			_ = viper.BindPFlag(incomeRateInitFlag, cmd.Flags().Lookup(incomeRateCLIFlag))
 			_ = viper.BindPFlag(homomorphicHashDisabledInitFlag, cmd.Flags().Lookup(homomorphicHashDisabledCLIFlag))
 			_ = viper.BindPFlag(auditFeeInitFlag, cmd.Flags().Lookup(auditFeeCLIFlag))
 			_ = viper.BindPFlag(candidateFeeInitFlag, cmd.Flags().Lookup(candidateFeeCLIFlag))
 			_ = viper.BindPFlag(containerFeeInitFlag, cmd.Flags().Lookup(containerFeeCLIFlag))
 			_ = viper.BindPFlag(containerAliasFeeInitFlag, cmd.Flags().Lookup(containerAliasFeeCLIFlag))
 			_ = viper.BindPFlag(withdrawFeeInitFlag, cmd.Flags().Lookup(withdrawFeeCLIFlag))
 			_ = viper.BindPFlag(protoConfigPath, cmd.Flags().Lookup(protoConfigPath))
 			_ = viper.BindPFlag(localDumpFlag, cmd.Flags().Lookup(localDumpFlag))
 		},
 		RunE: initializeSideChainCmd,
 	}
 	generateStorageCmd = &cobra.Command{
 		Use:   "generate-storage-wallet",
 		Short: "Generate storage node wallet for the morph network",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 			_ = viper.BindPFlag(storageGasConfigFlag, cmd.Flags().Lookup(storageGasCLIFlag))
 		},
 		RunE: generateStorageCreds,
 	}
 	refillGasCmd = &cobra.Command{
 		Use:   "refill-gas",
 		Short: "Refill GAS of storage node's wallet in the morph network",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 			_ = viper.BindPFlag(refillGasAmountFlag, cmd.Flags().Lookup(refillGasAmountFlag))
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return refillGas(cmd, refillGasAmountFlag, false)
 		},
 	}
 	forceNewEpoch = &cobra.Command{
 		Use:   "force-new-epoch",
 		Short: "Create new FrostFS epoch event in the side chain",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 		},
 		RunE: forceNewEpochCmd,
 	}
 	removeNodes = &cobra.Command{
 		Use:   "remove-nodes key1 [key2 [...]]",
 		Short: "Remove storage nodes from the netmap",
 		Long:  `Move nodes to the Offline state in the candidates list and tick an epoch to update the netmap`,
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 		},
 		RunE: removeNodesCmd,
 	}
 	setConfig = &cobra.Command{
 		Use:                   "set-config key1=val1 [key2=val2 ...]",
 		DisableFlagsInUseLine: true,
 		Short:                 "Add/update global config value in the FrostFS network",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 		},
 		Args: cobra.MinimumNArgs(1),
 		RunE: setConfigCmd,
 	}
 	setPolicy = &cobra.Command{
 		Use:                   "set-policy [ExecFeeFactor=<n1>] [StoragePrice=<n2>] [FeePerByte=<n3>]",
 		DisableFlagsInUseLine: true,
 		Short:                 "Set global policy values",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 		},
 		RunE: setPolicyCmd,
 		ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 			return []string{"ExecFeeFactor=", "StoragePrice=", "FeePerByte="}, cobra.ShellCompDirectiveNoSpace
 		},
 	}
 	dumpContractHashesCmd = &cobra.Command{
 		Use:   "dump-hashes",
 		Short: "Dump deployed contract hashes",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 		},
 		RunE: dumpContractHashes,
 	}
 	dumpNetworkConfigCmd = &cobra.Command{
 		Use:   "dump-config",
 		Short: "Dump FrostFS network config",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 		},
 		RunE: dumpNetworkConfig,
 	}
 	dumpBalancesCmd = &cobra.Command{
 		Use:   "dump-balances",
 		Short: "Dump GAS balances",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 		},
 		RunE: dumpBalances,
 	}
 	updateContractsCmd = &cobra.Command{
 		Use:   "update-contracts",
 		Short: "Update FrostFS contracts",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 		},
 		RunE: updateContracts,
 	}
 	dumpContainersCmd = &cobra.Command{
 		Use:   "dump-containers",
 		Short: "Dump FrostFS containers to file",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 		},
 		RunE: dumpContainers,
 	}
 	restoreContainersCmd = &cobra.Command{
 		Use:   "restore-containers",
 		Short: "Restore FrostFS containers from file",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 		},
 		RunE: restoreContainers,
 	}
 	listContainersCmd = &cobra.Command{
 		Use:   "list-containers",
 		Short: "List FrostFS containers",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 		},
 		RunE: listContainers,
 	}
 	depositNotaryCmd = &cobra.Command{
 		Use:   "deposit-notary",
 		Short: "Deposit GAS for notary service",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 		},
 		RunE: depositNotary,
 	}
 	netmapCandidatesCmd = &cobra.Command{
 		Use:   "netmap-candidates",
 		Short: "List netmap candidates nodes",
 		PreRun: func(cmd *cobra.Command, _ []string) {
 			_ = viper.BindPFlag(endpointFlag, cmd.Flags().Lookup(endpointFlag))
 			_ = viper.BindPFlag(alphabetWalletsFlag, cmd.Flags().Lookup(alphabetWalletsFlag))
 		},
 		Run: listNetmapCandidatesNodes,
 	}
 )
 func init() {
 	RootCmd.AddCommand(generateAlphabetCmd)
 	generateAlphabetCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
 	generateAlphabetCmd.Flags().Uint(alphabetSizeFlag, 7, "Amount of alphabet wallets to generate")
 	RootCmd.AddCommand(initCmd)
 	initCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
 	initCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	initCmd.Flags().String(contractsInitFlag, "", "Path to archive with compiled FrostFS contracts (default fetched from latest github release)")
 	initCmd.Flags().Uint(epochDurationCLIFlag, 240, "Amount of side chain blocks in one FrostFS epoch")
 	initCmd.Flags().Uint(maxObjectSizeCLIFlag, 67108864, "Max single object size in bytes")
 	initCmd.Flags().Bool(homomorphicHashDisabledCLIFlag, false, "Disable object homomorphic hashing")
 	// Defaults are taken from neo-preodolenie.
 	initCmd.Flags().Uint64(containerFeeCLIFlag, 1000, "Container registration fee")
 	initCmd.Flags().Uint64(containerAliasFeeCLIFlag, 500, "Container alias fee")
 	initCmd.Flags().String(protoConfigPath, "", "Path to the consensus node configuration")
 	initCmd.Flags().String(localDumpFlag, "", "Path to the blocks dump file")
 	RootCmd.AddCommand(deployCmd)
 	RootCmd.AddCommand(generateStorageCmd)
 	generateStorageCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
 	generateStorageCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	generateStorageCmd.Flags().String(storageWalletFlag, "", "Path to new storage node wallet")
 	generateStorageCmd.Flags().String(storageGasCLIFlag, "", "Initial amount of GAS to transfer")
 	generateStorageCmd.Flags().StringP(storageWalletLabelFlag, "l", "", "Wallet label")
 	RootCmd.AddCommand(forceNewEpoch)
 	forceNewEpoch.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
 	forceNewEpoch.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	RootCmd.AddCommand(removeNodes)
 	removeNodes.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
 	removeNodes.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	RootCmd.AddCommand(setPolicy)
 	setPolicy.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
 	setPolicy.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	RootCmd.AddCommand(dumpContractHashesCmd)
 	dumpContractHashesCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	dumpContractHashesCmd.Flags().String(customZoneFlag, "", "Custom zone to search.")
 	RootCmd.AddCommand(dumpNetworkConfigCmd)
 	dumpNetworkConfigCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	RootCmd.AddCommand(setConfig)
 	setConfig.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
 	setConfig.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	setConfig.Flags().Bool(forceConfigSet, false, "Force setting not well-known configuration key")
 	RootCmd.AddCommand(dumpBalancesCmd)
 	dumpBalancesCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	dumpBalancesCmd.Flags().BoolP(dumpBalancesStorageFlag, "s", false, "Dump balances of storage nodes from the current netmap")
 	dumpBalancesCmd.Flags().BoolP(dumpBalancesAlphabetFlag, "a", false, "Dump balances of alphabet contracts")
 	dumpBalancesCmd.Flags().BoolP(dumpBalancesProxyFlag, "p", false, "Dump balances of the proxy contract")
 	dumpBalancesCmd.Flags().Bool(dumpBalancesUseScriptHashFlag, false, "Use script-hash format for addresses")
 	RootCmd.AddCommand(updateContractsCmd)
 	updateContractsCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
 	updateContractsCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	updateContractsCmd.Flags().String(contractsInitFlag, "", "Path to archive with compiled FrostFS contracts (default fetched from latest github release)")
 	RootCmd.AddCommand(dumpContainersCmd)
 	dumpContainersCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	dumpContainersCmd.Flags().String(containerDumpFlag, "", "File where to save dumped containers")
 	dumpContainersCmd.Flags().String(containerContractFlag, "", "Container contract hash (for networks without NNS)")
 	dumpContainersCmd.Flags().StringSlice(containerIDsFlag, nil, "Containers to dump")
 	RootCmd.AddCommand(restoreContainersCmd)
 	restoreContainersCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
 	restoreContainersCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	restoreContainersCmd.Flags().String(containerDumpFlag, "", "File to restore containers from")
 	restoreContainersCmd.Flags().StringSlice(containerIDsFlag, nil, "Containers to restore")
 	RootCmd.AddCommand(listContainersCmd)
 	listContainersCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	listContainersCmd.Flags().String(containerContractFlag, "", "Container contract hash (for networks without NNS)")
 	RootCmd.AddCommand(refillGasCmd)
 	refillGasCmd.Flags().String(alphabetWalletsFlag, "", "Path to alphabet wallets dir")
 	refillGasCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	refillGasCmd.Flags().String(storageWalletFlag, "", "Path to storage node wallet")
 	refillGasCmd.Flags().String(walletAddressFlag, "", "Address of wallet")
 	refillGasCmd.Flags().String(refillGasAmountFlag, "", "Additional amount of GAS to transfer")
 	refillGasCmd.MarkFlagsMutuallyExclusive(walletAddressFlag, storageWalletFlag)
 	RootCmd.AddCommand(cmdSubnet)
 	RootCmd.AddCommand(depositNotaryCmd)
 	depositNotaryCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 	depositNotaryCmd.Flags().String(storageWalletFlag, "", "Path to storage node wallet")
 	depositNotaryCmd.Flags().String(walletAccountFlag, "", "Wallet account address")
 	depositNotaryCmd.Flags().String(refillGasAmountFlag, "", "Amount of GAS to deposit")
 	depositNotaryCmd.Flags().String(notaryDepositTillFlag, "", "Notary deposit duration in blocks")
 	RootCmd.AddCommand(netmapCandidatesCmd)
 	netmapCandidatesCmd.Flags().StringP(endpointFlag, "r", "", "N3 RPC node endpoint")
 }
--- a/cmd/frostfs-adm/internal/modules/morph/subnet.go
+++ b/cmd/frostfs-adm/internal/modules/morph/subnet.go
--- a/cmd/frostfs-adm/internal/modules/morph/update.go
+++ b/cmd/frostfs-adm/internal/modules/morph/update.go
--- a/cmd/frostfs-adm/internal/modules/root.go
+++ b/cmd/frostfs-adm/internal/modules/root.go
@ -0,0 +1,85 @@
 package modules
 import (
 	"os"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/commonflags"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/config"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/morph"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules/storagecfg"
 	"github.com/TrueCloudLab/frostfs-node/misc"
 	"github.com/TrueCloudLab/frostfs-node/pkg/util/autocomplete"
 	utilConfig "github.com/TrueCloudLab/frostfs-node/pkg/util/config"
 	"github.com/TrueCloudLab/frostfs-node/pkg/util/gendoc"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 var (
 	rootCmd = &cobra.Command{
 		Use:   "frostfs-adm",
 		Short: "FrostFS Administrative Tool",
 		Long: `FrostFS Administrative Tool provides functions to setup and
 manage FrostFS network deployment.`,
 		RunE:         entryPoint,
 		SilenceUsage: true,
 	}
 )
 func init() {
 	cobra.OnInitialize(func() { initConfig(rootCmd) })
 	// we need to init viper config to bind viper and cobra configurations for
 	// rpc endpoint, alphabet wallet dir, key credentials, etc.
 	// use stdout as default output for cmd.Print()
 	rootCmd.SetOut(os.Stdout)
 	rootCmd.PersistentFlags().StringP(commonflags.ConfigFlag, commonflags.ConfigFlagShorthand, "", commonflags.ConfigFlagUsage)
 	rootCmd.PersistentFlags().String(commonflags.ConfigDirFlag, "", commonflags.ConfigDirFlagUsage)
 	rootCmd.PersistentFlags().BoolP(commonflags.Verbose, commonflags.VerboseShorthand, false, commonflags.VerboseUsage)
 	_ = viper.BindPFlag(commonflags.Verbose, rootCmd.PersistentFlags().Lookup(commonflags.Verbose))
 	rootCmd.Flags().Bool("version", false, "Application version")
 	rootCmd.AddCommand(config.RootCmd)
 	rootCmd.AddCommand(morph.RootCmd)
 	rootCmd.AddCommand(storagecfg.RootCmd)
 	rootCmd.AddCommand(autocomplete.Command("frostfs-adm"))
 	rootCmd.AddCommand(gendoc.Command(rootCmd))
 }
 func Execute() error {
 	return rootCmd.Execute()
 }
 func entryPoint(cmd *cobra.Command, args []string) error {
 	printVersion, _ := cmd.Flags().GetBool("version")
 	if printVersion {
 		cmd.Print(misc.BuildInfo("FrostFS Adm"))
 		return nil
 	}
 	return cmd.Usage()
 }
 func initConfig(cmd *cobra.Command) {
 	configFile, err := cmd.Flags().GetString(commonflags.ConfigFlag)
 	if err != nil {
 		return
 	}
 	if configFile != "" {
 		viper.SetConfigType("yml")
 		viper.SetConfigFile(configFile)
 		_ = viper.ReadInConfig() // if config file is set but unavailable, ignore it
 	}
 	configDir, err := cmd.Flags().GetString(commonflags.ConfigDirFlag)
 	if err != nil {
 		return
 	}
 	if configDir != "" {
 		_ = utilConfig.ReadConfigDir(viper.GetViper(), configDir) // if config files cannot be read, ignore it
 	}
 }
--- a/cmd/frostfs-adm/internal/modules/storagecfg/config.go
+++ b/cmd/frostfs-adm/internal/modules/storagecfg/config.go
@ -14,7 +14,7 @@ node:
  relay: {{ .Relay }}  # start Storage node in relay mode without bootstrapping into the Network map
  subnet:
    exit_zero: false # toggle entrance to zero subnet (overrides corresponding attribute and occurrence in entries)
-    entries: [] # list of IDs of subnets to enter in a text format of NeoFS API protocol (overrides corresponding attributes)
+    entries: [] # list of IDs of subnets to enter in a text format of FrostFS API protocol (overrides corresponding attributes)
 grpc:
  num: 1  # total number of listener endpoints
@ -37,15 +37,15 @@ control:
 morph:
  dial_timeout: 20s  # timeout for side chain NEO RPC client connection
-  disable_cache: false  # use TTL cache for side chain GET operations
+  cache_ttl: 15s  # use TTL cache for side chain GET operations
  rpc_endpoint:  # side chain N3 RPC endpoints
    {{- range .MorphRPC }}
-    - wss://{{.}}/ws{{end}}
+    - address: wss://{{.}}/ws{{end}}
 {{if not .Relay }}
 storage:
  shard_pool_size: 15  # size of per-shard worker pools used for PUT operations
  shard_num: 1  # total number of shards
  shard:
    default: # section with the default shard parameters
      metabase:
        perm: 0644  # permissions for metabase files(directories: +x for current user and group)
@ -68,8 +68,6 @@ storage:
      gc:
        remover_batch_size: 200  # number of objects to be removed by the garbage collector
        remover_sleep_interval: 5m  # frequency of the garbage collector invocation
  shard:
    0:
      mode: "read-write"  # mode of the shard, must be one of the: "read-write" (default), "read-only"
--- a/cmd/frostfs-adm/internal/modules/storagecfg/root.go
+++ b/cmd/frostfs-adm/internal/modules/storagecfg/root.go
@ -6,9 +6,9 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"math/big"
 	"math/rand"
 	"net"
 	"net/url"
 	"os"
 	"path/filepath"
 	"strconv"
@ -16,19 +16,21 @@ import (
 	"text/template"
 	"time"
 	netutil "github.com/TrueCloudLab/frostfs-node/pkg/network"
 	"github.com/chzyer/readline"
 	"github.com/nspcc-dev/neo-go/cli/flags"
 	"github.com/nspcc-dev/neo-go/cli/input"
 	"github.com/nspcc-dev/neo-go/pkg/core/native/nativenames"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/address"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
-	"github.com/nspcc-dev/neo-go/pkg/rpc/client"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient"
-	"github.com/nspcc-dev/neo-go/pkg/smartcontract"
+	"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/gas"
 	"github.com/nspcc-dev/neo-go/pkg/rpcclient/nep17"
 	"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/vm"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/cobra"
 )
@ -38,22 +40,22 @@ const (
 )
 const (
-	defaultControlEndpoint = "127.0.0.1:8090"
+	defaultControlEndpoint = "localhost:8090"
-	defaultDataEndpoint    = "127.0.0.1"
+	defaultDataEndpoint    = "localhost"
 )
 // RootCmd is a root command of config section.
 var RootCmd = &cobra.Command{
 	Use:   "storage-config [-w wallet] [-a acccount] [<path-to-config>]",
-	Short: "Section for storage node configuration commands.",
+	Short: "Section for storage node configuration commands",
 	Run:   storageConfig,
 }
 func init() {
 	fs := RootCmd.Flags()
-	fs.StringP(walletFlag, "w", "", "path to wallet")
+	fs.StringP(walletFlag, "w", "", "Path to wallet")
-	fs.StringP(accountFlag, "a", "", "wallet account")
+	fs.StringP(accountFlag, "a", "", "Wallet account")
 }
 type config struct {
@ -88,7 +90,7 @@ func storageConfig(cmd *cobra.Command, args []string) {
 		}
 	}
-	historyPath := filepath.Join(os.TempDir(), "neofs-adm.history")
+	historyPath := filepath.Join(os.TempDir(), "frostfs-adm.history")
 	readline.SetHistoryPath(historyPath)
 	var c config
@ -148,12 +150,18 @@ func storageConfig(cmd *cobra.Command, args []string) {
 	var addr, port string
 	for {
 		c.AnnouncedAddress = getString("Publicly announced address: ")
-		addr, port, err = net.SplitHostPort(c.AnnouncedAddress)
+		validator := netutil.Address{}
 		err := validator.FromString(c.AnnouncedAddress)
 		if err != nil {
-			cmd.Println("Address must have form A.B.C.D:PORT")
+			cmd.Println("Incorrect address format. See https://github.com/TrueCloudLab/frostfs-node/blob/master/pkg/network/address.go for details.")
 			continue
 		}
-
+		uriAddr, err := url.Parse(validator.URIAddr())
 		if err != nil {
 			panic(fmt.Errorf("unexpected error: %w", err))
 		}
 		addr = uriAddr.Hostname()
 		port = uriAddr.Port()
 		ip, err := net.ResolveIPAddr("ip", addr)
 		if err != nil {
 			cmd.Printf("Can't resolve IP address %s: %v\n", addr, err)
@ -201,7 +209,7 @@ func storageConfig(cmd *cobra.Command, args []string) {
 	out := applyTemplate(c)
 	fatalOnErr(os.WriteFile(outPath, out, 0644))
-	cmd.Println("Node is ready for work! Run `neofs-node -config " + outPath + "`")
+	cmd.Println("Node is ready for work! Run `frostfs-node -config " + outPath + "`")
 }
 func getWalletAccount(w *wallet.Wallet, prompt string) string {
@ -313,23 +321,17 @@ func depositGas(cmd *cobra.Command, acc *wallet.Account, network string) {
 	sideClient := initClient(n3config[network].MorphRPC)
 	balanceHash, _ := util.Uint160DecodeStringLE(n3config[network].BalanceContract)
-	res, err := sideClient.InvokeFunction(balanceHash, "balanceOf", []smartcontract.Parameter{{
+	sideActor, err := actor.NewSimple(sideClient, acc)
-		Type:  smartcontract.Hash160Type,
+	if err != nil {
-		Value: acc.Contract.ScriptHash(),
+		fatalOnErr(fmt.Errorf("creating actor over side chain client: %w", err))
 	}}, nil)
 	fatalOnErr(err)
 	if res.State != vm.HaltState.String() {
 		fatalOnErr(fmt.Errorf("invalid response from balance contract: %s", res.FaultException))
 	}
-	var balance *big.Int
+	sideGas := nep17.NewReader(sideActor, balanceHash)
-	if len(res.Stack) != 0 {
+	accSH := acc.Contract.ScriptHash()
 		balance, _ = res.Stack[0].TryInteger()
 	}
-	if balance == nil {
+	balance, err := sideGas.BalanceOf(accSH)
-		fatalOnErr(errors.New("invalid response from balance contract"))
+	if err != nil {
 		fatalOnErr(fmt.Errorf("side chain balance: %w", err))
 	}
 	ok := getConfirmation(false, fmt.Sprintf("Current NeoFS balance is %s, make a deposit? y/[n]: ",
@ -347,14 +349,17 @@ func depositGas(cmd *cobra.Command, acc *wallet.Account, network string) {
 	mainClient := initClient(n3config[network].RPC)
 	neofsHash, _ := util.Uint160DecodeStringLE(n3config[network].NeoFSContract)
-	gasHash, err := mainClient.GetNativeContractHash(nativenames.Gas)
+	mainActor, err := actor.NewSimple(mainClient, acc)
-	fatalOnErr(err)
+	if err != nil {
 		fatalOnErr(fmt.Errorf("creating actor over main chain client: %w", err))
 	}
-	tx, err := mainClient.CreateNEP17TransferTx(acc, neofsHash, gasHash, amount.Int64(), 0, nil, nil)
+	mainGas := nep17.New(mainActor, gas.Hash)
 	fatalOnErr(err)
-	txHash, err := mainClient.SignAndPushTx(tx, acc, nil)
+	txHash, _, err := mainGas.Transfer(accSH, neofsHash, amount, nil)
-	fatalOnErr(err)
+	if err != nil {
 		fatalOnErr(fmt.Errorf("sending TX to the NeoFS contract: %w", err))
 	}
 	cmd.Print("Waiting for transactions to persist.")
 	tick := time.NewTicker(time.Second / 2)
@ -385,8 +390,8 @@ loop:
 	}
 }
-func initClient(rpc []string) *client.Client {
+func initClient(rpc []string) *rpcclient.Client {
-	var c *client.Client
+	var c *rpcclient.Client
 	var err error
 	shuffled := make([]string, len(rpc))
@ -394,7 +399,7 @@ func initClient(rpc []string) *client.Client {
 	rand.Shuffle(len(shuffled), func(i, j int) { shuffled[i], shuffled[j] = shuffled[j], shuffled[i] })
 	for _, endpoint := range shuffled {
-		c, err = client.New(context.Background(), "https://"+endpoint, client.Options{
+		c, err = rpcclient.New(context.Background(), "https://"+endpoint, rpcclient.Options{
 			DialTimeout:    time.Second * 2,
 			RequestTimeout: time.Second * 5,
 		})
--- a/cmd/frostfs-adm/main.go
+++ b/cmd/frostfs-adm/main.go
@ -3,7 +3,7 @@ package main
 import (
 	"os"
-	"github.com/nspcc-dev/neofs-node/cmd/neofs-adm/internal/modules"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-adm/internal/modules"
 )
 func main() {
--- a/cmd/frostfs-cli/docs/sessions.md
+++ b/cmd/frostfs-cli/docs/sessions.md
@ -0,0 +1,75 @@
 # How FrostFS CLI uses session mechanism of the FrostFS
 ## Overview
 FrostFS sessions implement a mechanism for issuing a power of attorney by one
 party to another. A trusted party can provide a so-called session token as
 proof of the right to act on behalf of another member of the network. The
 client of operations carried out with such a token will be the user who opened
 the session. The token contains information which limits power of attorney like
 action context or lifetime.
 The client confirms trust in a third party by signing its public (session) key
 with his private key. Any operation signed using private session key with
 attached session token is treated as performed by the original client.
 ## Types
 FrostFS CLI supports two ways to execute operation within a session depending on
 whether the user of the command application is an original user (1) or a trusted
 one (2).
 ### Dynamic
 For case (1) CLI user can only open dynamic sessions. Protocol call
 `SessionService.Create` is used for this purpose. As a result of the call, a
 private session key will be generated on the server, thus making the remote
 server trusted. This type of session is useful when the client needs to
 transfer part of the responsibility for the formation of strict system elements
 to the trusted server. At the moment, the approach is applicable only to
 creating objects.
 ```shell
 $ frostfs-cli session create --rpc-endpoint <server_ip> --out ./blank_token
 ```
 After this example command remote node holds session private key while its
 public part is written into the session token encoded into the output file.
 Later this token can be attached to the operations which support dynamic
 sessions. Then the token will be finally formed and signed by CLI itself.
 ### Static
 For case (2) CLI user can act on behalf of the person who issued the session
 token to him. Unlike (1) the token must be fully prepared on the side of the
 original client, and the CLI uses it only for reading. Ready token MUST have:
 - correct context (object, container, etc.)
 - valid lifetime
 - public session key corresponding to the CLI key
 - valid client signature
 To sign the session token, exec:
 ```shell
 $ frostfs-cli --wallet <client_wallet> util sign session-token --from ./blank_token --to ./token
 ```
 Once the token is signed, it MUST NOT be modified.
 ## Commands
 ### Object
 Here are sub-commands of `object` command which support only dynamic sessions (1):
 - `put`
 - `delete`
 - `lock`
 These commands accept blank token of the dynamically opened session or open
 session internally if it has not been opened yet.
 All other `object` sub-commands support only static sessions (2).
 ### Container
 List of commands supporting sessions (static only):
 - `create`
 - `delete`
 - `set-eacl`
--- a/cmd/frostfs-cli/docs/storage-node-xheaders.md
+++ b/cmd/frostfs-cli/docs/storage-node-xheaders.md
@ -0,0 +1,34 @@
 # Extended headers
 ## Overview
 Extended headers are used for request/response. They may contain any
 user-defined headers to be interpreted on application level. Key name must be a
 unique valid UTF-8 string. Value can't be empty. Requests or Responses with
 duplicated header names or headers with empty values are considered invalid.
 ## Existing headers
 There are some "well-known" headers starting with `__FROSTFS__` prefix that
 affect system behaviour. For backward compatibility, the same set of
 "well-known" headers may also use `__NEOFS__` prefix:
 * `__FROSTFS__NETMAP_EPOCH` - netmap epoch to use for object placement calculation. The `value` is string
 encoded `uint64` in decimal presentation. If set to '0' or omitted, the
 current epoch only will be used.
 * `__FROSTFS__NETMAP_LOOKUP_DEPTH` - if object can't be found using current epoch's netmap, this header limits
 how many past epochs the node can look up through. Depth is applied to a current epoch or the value
 of `__FROSTFS__NETMAP_EPOCH` attribute. The `value` is string encoded `uint64` in decimal presentation.
 If set to '0' or not set, only the current epoch is used.
 ## `frostfs-cli` commands with `--xhdr`
 List of commands with support of extended headers:
 * `container list-objects`
 * `object delete/get/hash/head/lock/put/range/search`
 * `storagegroup delete/get/list/put`
 Example:
 ```shell
 $ frostfs-cli object put -r s01.frostfs.devenv:8080 -w wallet.json --cid CID --file FILE --xhdr "__FROSTFS__NETMAP_EPOCH=777"
 ```
--- a/cmd/frostfs-cli/internal/client/client.go
+++ b/cmd/frostfs-cli/internal/client/client.go
@ -7,16 +7,15 @@ import (
 	"fmt"
 	"io"
-	"github.com/nspcc-dev/neofs-sdk-go/accounting"
+	"github.com/TrueCloudLab/frostfs-sdk-go/accounting"
-	"github.com/nspcc-dev/neofs-sdk-go/client"
+	"github.com/TrueCloudLab/frostfs-sdk-go/client"
-	"github.com/nspcc-dev/neofs-sdk-go/container"
+	containerSDK "github.com/TrueCloudLab/frostfs-sdk-go/container"
-	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
+	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
-	"github.com/nspcc-dev/neofs-sdk-go/eacl"
+	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
-	"github.com/nspcc-dev/neofs-sdk-go/netmap"
+	"github.com/TrueCloudLab/frostfs-sdk-go/netmap"
-	"github.com/nspcc-dev/neofs-sdk-go/object"
+	"github.com/TrueCloudLab/frostfs-sdk-go/object"
-	addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
+	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
-	oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
+	"github.com/TrueCloudLab/frostfs-sdk-go/version"
 	"github.com/nspcc-dev/neofs-sdk-go/version"
 )
 // BalanceOfPrm groups parameters of BalanceOf operation.
@ -25,19 +24,19 @@ type BalanceOfPrm struct {
 	client.PrmBalanceGet
 }
-// BalanceOfRes groups resulting values of BalanceOf operation.
+// BalanceOfRes groups the resulting values of BalanceOf operation.
 type BalanceOfRes struct {
 	cliRes *client.ResBalanceGet
 }
-// Balance returns current balance.
+// Balance returns the current balance.
-func (x BalanceOfRes) Balance() *accounting.Decimal {
+func (x BalanceOfRes) Balance() accounting.Decimal {
 	return x.cliRes.Amount()
 }
-// BalanceOf requests current balance of NeoFS user.
+// BalanceOf requests the current balance of a FrostFS user.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 func BalanceOf(prm BalanceOfPrm) (res BalanceOfRes, err error) {
 	res.cliRes, err = prm.cli.BalanceGet(context.Background(), prm.PrmBalanceGet)
@ -50,7 +49,7 @@ type ListContainersPrm struct {
 	client.PrmContainerList
 }
-// ListContainersRes groups resulting values of ListContainers operation.
+// ListContainersRes groups the resulting values of ListContainers operation.
 type ListContainersRes struct {
 	cliRes *client.ResContainerList
 }
@ -60,9 +59,9 @@ func (x ListContainersRes) IDList() []cid.ID {
 	return x.cliRes.Containers()
 }
-// ListContainers requests list of NeoFS user's containers.
+// ListContainers requests a list of FrostFS user's containers.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 func ListContainers(prm ListContainersPrm) (res ListContainersRes, err error) {
 	res.cliRes, err = prm.cli.ContainerList(context.Background(), prm.PrmContainerList)
@ -75,26 +74,29 @@ type PutContainerPrm struct {
 	client.PrmContainerPut
 }
-// PutContainerRes groups resulting values of PutContainer operation.
+// PutContainerRes groups the resulting values of PutContainer operation.
 type PutContainerRes struct {
-	cliRes *client.ResContainerPut
+	cnr cid.ID
 }
 // ID returns identifier of the created container.
-func (x PutContainerRes) ID() *cid.ID {
+func (x PutContainerRes) ID() cid.ID {
-	return x.cliRes.ID()
+	return x.cnr
 }
-// PutContainer sends request to save container in NeoFS.
+// PutContainer sends a request to save the container in FrostFS.
 //
-// Operation is asynchronous and no guaranteed even in the absence of errors.
+// Operation is asynchronous and not guaranteed even in the absence of errors.
 // The required time is also not predictable.
 //
 // Success can be verified by reading by identifier.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 func PutContainer(prm PutContainerPrm) (res PutContainerRes, err error) {
-	res.cliRes, err = prm.cli.ContainerPut(context.Background(), prm.PrmContainerPut)
+	cliRes, err := prm.cli.ContainerPut(context.Background(), prm.PrmContainerPut)
 	if err == nil {
 		res.cnr = cliRes.ID()
 	}
 	return
 }
@ -110,42 +112,57 @@ func (x *GetContainerPrm) SetContainer(id cid.ID) {
 	x.cliPrm.SetContainer(id)
 }
-// GetContainerRes groups resulting values of GetContainer operation.
+// GetContainerRes groups the resulting values of GetContainer operation.
 type GetContainerRes struct {
 	cliRes *client.ResContainerGet
 }
 // Container returns structured of the requested container.
-func (x GetContainerRes) Container() *container.Container {
+func (x GetContainerRes) Container() containerSDK.Container {
 	return x.cliRes.Container()
 }
-// GetContainer reads container from NeoFS by ID.
+// GetContainer reads a container from FrostFS by ID.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 func GetContainer(prm GetContainerPrm) (res GetContainerRes, err error) {
 	res.cliRes, err = prm.cli.ContainerGet(context.Background(), prm.cliPrm)
 	return
 }
 // IsACLExtendable checks if ACL of the container referenced by the given identifier
 // can be extended. Client connection MUST BE correctly established in advance.
 func IsACLExtendable(c *client.Client, cnr cid.ID) (bool, error) {
 	var prm GetContainerPrm
 	prm.SetClient(c)
 	prm.SetContainer(cnr)
 	res, err := GetContainer(prm)
 	if err != nil {
 		return false, fmt.Errorf("get container from the FrostFS: %w", err)
 	}
 	return res.Container().BasicACL().Extendable(), nil
 }
 // DeleteContainerPrm groups parameters of DeleteContainerPrm operation.
 type DeleteContainerPrm struct {
 	commonPrm
 	client.PrmContainerDelete
 }
-// DeleteContainerRes groups resulting values of DeleteContainer operation.
+// DeleteContainerRes groups the resulting values of DeleteContainer operation.
 type DeleteContainerRes struct{}
-// DeleteContainer sends request to remove container from NeoFS by ID.
+// DeleteContainer sends a request to remove a container from FrostFS by ID.
 //
-// Operation is asynchronous and no guaranteed even in the absence of errors.
+// Operation is asynchronous and not guaranteed even in the absence of errors.
 // The required time is also not predictable.
 //
 // Success can be verified by reading by identifier.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 func DeleteContainer(prm DeleteContainerPrm) (res DeleteContainerRes, err error) {
 	_, err = prm.cli.ContainerDelete(context.Background(), prm.PrmContainerDelete)
@ -158,19 +175,19 @@ type EACLPrm struct {
 	client.PrmContainerEACL
 }
-// EACLRes groups resulting values of EACL operation.
+// EACLRes groups the resulting values of EACL operation.
 type EACLRes struct {
 	cliRes *client.ResContainerEACL
 }
 // EACL returns requested eACL table.
-func (x EACLRes) EACL() *eacl.Table {
+func (x EACLRes) EACL() eacl.Table {
 	return x.cliRes.Table()
 }
-// EACL reads eACL table from NeoFS by container ID.
+// EACL reads eACL table from FrostFS by container ID.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 func EACL(prm EACLPrm) (res EACLRes, err error) {
 	res.cliRes, err = prm.cli.ContainerEACL(context.Background(), prm.PrmContainerEACL)
@ -183,17 +200,17 @@ type SetEACLPrm struct {
 	client.PrmContainerSetEACL
 }
-// SetEACLRes groups resulting values of SetEACL operation.
+// SetEACLRes groups the resulting values of SetEACL operation.
 type SetEACLRes struct{}
-// SetEACL requests to save eACL table in NeoFS.
+// SetEACL requests to save an eACL table in FrostFS.
 //
 // Operation is asynchronous and no guaranteed even in the absence of errors.
 // The required time is also not predictable.
 //
 // Success can be verified by reading by container identifier.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 func SetEACL(prm SetEACLPrm) (res SetEACLRes, err error) {
 	_, err = prm.cli.ContainerSetEACL(context.Background(), prm.PrmContainerSetEACL)
@ -206,19 +223,19 @@ type NetworkInfoPrm struct {
 	client.PrmNetworkInfo
 }
-// NetworkInfoRes groups resulting values of NetworkInfo operation.
+// NetworkInfoRes groups the resulting values of NetworkInfo operation.
 type NetworkInfoRes struct {
 	cliRes *client.ResNetworkInfo
 }
-// NetworkInfo returns structured information about the NeoFS network.
+// NetworkInfo returns structured information about the FrostFS network.
-func (x NetworkInfoRes) NetworkInfo() *netmap.NetworkInfo {
+func (x NetworkInfoRes) NetworkInfo() netmap.NetworkInfo {
 	return x.cliRes.Info()
 }
-// NetworkInfo reads information about the NeoFS network.
+// NetworkInfo reads information about the FrostFS network.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 func NetworkInfo(prm NetworkInfoPrm) (res NetworkInfoRes, err error) {
 	res.cliRes, err = prm.cli.NetworkInfo(context.Background(), prm.PrmNetworkInfo)
@ -231,37 +248,60 @@ type NodeInfoPrm struct {
 	client.PrmEndpointInfo
 }
-// NodeInfoRes groups resulting values of NodeInfo operation.
+// NodeInfoRes groups the resulting values of NodeInfo operation.
 type NodeInfoRes struct {
 	cliRes *client.ResEndpointInfo
 }
 // NodeInfo returns information about the node from netmap.
-func (x NodeInfoRes) NodeInfo() *netmap.NodeInfo {
+func (x NodeInfoRes) NodeInfo() netmap.NodeInfo {
 	return x.cliRes.NodeInfo()
 }
-// LatestVersion returns latest NeoFS API version in use.
+// LatestVersion returns the latest FrostFS API version in use.
-func (x NodeInfoRes) LatestVersion() *version.Version {
+func (x NodeInfoRes) LatestVersion() version.Version {
 	return x.cliRes.LatestVersion()
 }
-// NodeInfo requests information about the remote server from NeoFS netmap.
+// NodeInfo requests information about the remote server from FrostFS netmap.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 func NodeInfo(prm NodeInfoPrm) (res NodeInfoRes, err error) {
 	res.cliRes, err = prm.cli.EndpointInfo(context.Background(), prm.PrmEndpointInfo)
 	return
 }
 // NetMapSnapshotPrm groups parameters of NetMapSnapshot operation.
 type NetMapSnapshotPrm struct {
 	commonPrm
 }
 // NetMapSnapshotRes groups the resulting values of NetMapSnapshot operation.
 type NetMapSnapshotRes struct {
 	cliRes *client.ResNetMapSnapshot
 }
 // NetMap returns current local snapshot of the FrostFS network map.
 func (x NetMapSnapshotRes) NetMap() netmap.NetMap {
 	return x.cliRes.NetMap()
 }
 // NetMapSnapshot requests current network view of the remote server.
 //
 // Returns any error which prevented the operation from completing correctly in error return.
 func NetMapSnapshot(prm NetMapSnapshotPrm) (res NetMapSnapshotRes, err error) {
 	res.cliRes, err = prm.cli.NetMapSnapshot(context.Background(), client.PrmNetMapSnapshot{})
 	return
 }
 // CreateSessionPrm groups parameters of CreateSession operation.
 type CreateSessionPrm struct {
 	commonPrm
 	client.PrmSessionCreate
 }
-// CreateSessionRes groups resulting values of CreateSession operation.
+// CreateSessionRes groups the resulting values of CreateSession operation.
 type CreateSessionRes struct {
 	cliRes *client.ResSessionCreate
 }
@ -276,9 +316,9 @@ func (x CreateSessionRes) SessionKey() []byte {
 	return x.cliRes.PublicKey()
 }
-// CreateSession opens new unlimited session with the remote node.
+// CreateSession opens a new unlimited session with the remote node.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 func CreateSession(prm CreateSessionPrm) (res CreateSessionRes, err error) {
 	res.cliRes, err = prm.cli.SessionCreate(context.Background(), prm.PrmSessionCreate)
@ -292,6 +332,8 @@ type PutObjectPrm struct {
 	hdr *object.Object
 	rdr io.Reader
 	headerCallback func(*object.Object)
 }
 // SetHeader sets object header.
@ -304,42 +346,52 @@ func (x *PutObjectPrm) SetPayloadReader(rdr io.Reader) {
 	x.rdr = rdr
 }
-// PutObjectRes groups resulting values of PutObject operation.
+// SetHeaderCallback sets callback which is called on the object after the header is received
 // but before the payload is written.
 func (x *PutObjectPrm) SetHeaderCallback(f func(*object.Object)) {
 	x.headerCallback = f
 }
 // PutObjectRes groups the resulting values of PutObject operation.
 type PutObjectRes struct {
-	id *oidSDK.ID
+	id oid.ID
 }
 // ID returns identifier of the created object.
-func (x PutObjectRes) ID() *oidSDK.ID {
+func (x PutObjectRes) ID() oid.ID {
 	return x.id
 }
-// PutObject saves the object in NeoFS network.
+// PutObject saves the object in FrostFS network.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 func PutObject(prm PutObjectPrm) (*PutObjectRes, error) {
 	var putPrm client.PrmObjectPutInit
 	if prm.sessionToken != nil {
 		putPrm.WithinSession(*prm.sessionToken)
 	}
 	if prm.bearerToken != nil {
 		putPrm.WithBearerToken(*prm.bearerToken)
 	}
 	if prm.local {
 		putPrm.MarkLocal()
 	}
 	putPrm.WithXHeaders(prm.xHeaders...)
 	wrt, err := prm.cli.ObjectPutInit(context.Background(), putPrm)
 	if err != nil {
 		return nil, fmt.Errorf("init object writing: %w", err)
 	}
 	if prm.sessionToken != nil {
 		wrt.WithinSession(*prm.sessionToken)
 	}
 	if prm.bearerToken != nil {
 		wrt.WithBearerToken(*prm.bearerToken)
 	}
 	if prm.local {
 		wrt.MarkLocal()
 	}
 	wrt.WithXHeaders(prm.xHeadersPrm()...)
 	if wrt.WriteHeader(*prm.hdr) {
 		if prm.headerCallback != nil {
 			prm.headerCallback(prm.hdr)
 		}
 		sz := prm.hdr.PayloadSize()
 		if data := prm.hdr.Payload(); len(data) > 0 {
@ -352,8 +404,7 @@ func PutObject(prm PutObjectPrm) (*PutObjectRes, error) {
 		}
 		if prm.rdr != nil {
-			// TODO: (neofs-node#1198) explore better values or configure it
+			const defaultBufferSizePut = 3 << 20 // Maximum chunk size is 3 MiB in the SDK.
 			const defaultBufferSizePut = 4096
 			if sz == 0 || sz > defaultBufferSizePut {
 				sz = defaultBufferSizePut
@ -382,19 +433,13 @@ func PutObject(prm PutObjectPrm) (*PutObjectRes, error) {
 		}
 	}
-	res, err := wrt.Close()
+	cliRes, err := wrt.Close()
 	if err != nil { // here err already carries both status and client errors
 		return nil, fmt.Errorf("client failure: %w", err)
 	}
 	var id oidSDK.ID
 	if !res.ReadStoredObjectID(&id) {
 		return nil, errors.New("missing ID of the stored object")
 	}
 	return &PutObjectRes{
-		id: &id,
+		id: cliRes.StoredObjectID(),
 	}, nil
 }
@ -404,29 +449,23 @@ type DeleteObjectPrm struct {
 	objectAddressPrm
 }
-// DeleteObjectRes groups resulting values of DeleteObject operation.
+// DeleteObjectRes groups the resulting values of DeleteObject operation.
 type DeleteObjectRes struct {
-	addrTombstone *addressSDK.Address
+	tomb oid.ID
 }
-// TombstoneAddress returns address of the created object with tombstone.
+// Tombstone returns the ID of the created object with tombstone.
-func (x DeleteObjectRes) TombstoneAddress() *addressSDK.Address {
+func (x DeleteObjectRes) Tombstone() oid.ID {
-	return x.addrTombstone
+	return x.tomb
 }
-// DeleteObject marks object to be removed from NeoFS through tombstone placement.
+// DeleteObject marks an object to be removed from FrostFS through tombstone placement.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 func DeleteObject(prm DeleteObjectPrm) (*DeleteObjectRes, error) {
 	var delPrm client.PrmObjectDelete
-
+	delPrm.FromContainer(prm.objAddr.Container())
-	if id := prm.objAddr.ContainerID(); id != nil {
+	delPrm.ByID(prm.objAddr.Object())
 		delPrm.FromContainer(*id)
 	}
 	if id := prm.objAddr.ObjectID(); id != nil {
 		delPrm.ByID(*id)
 	}
 	if prm.sessionToken != nil {
 		delPrm.WithinSession(*prm.sessionToken)
@ -436,25 +475,15 @@ func DeleteObject(prm DeleteObjectPrm) (*DeleteObjectRes, error) {
 		delPrm.WithBearerToken(*prm.bearerToken)
 	}
-	delPrm.WithXHeaders(prm.xHeadersPrm()...)
+	delPrm.WithXHeaders(prm.xHeaders...)
 	cliRes, err := prm.cli.ObjectDelete(context.Background(), delPrm)
 	if err != nil {
 		return nil, fmt.Errorf("remove object via client: %w", err)
 	}
 	var id oidSDK.ID
 	if !cliRes.ReadTombstoneID(&id) {
 		return nil, errors.New("object removed but tombstone ID is missing")
 	}
 	var addr addressSDK.Address
 	addr.SetObjectID(&id)
 	addr.SetContainerID(prm.objAddr.ContainerID())
 	return &DeleteObjectRes{
-		addrTombstone: &addr,
+		tomb: cliRes.Tombstone(),
 	}, nil
 }
@ -467,38 +496,32 @@ type GetObjectPrm struct {
 	headerCallback func(*object.Object)
 }
-// SetHeaderCallback sets callback which is called on the object after the header is received,
+// SetHeaderCallback sets callback which is called on the object after the header is received
 // but before the payload is written.
 func (p *GetObjectPrm) SetHeaderCallback(f func(*object.Object)) {
 	p.headerCallback = f
 }
-// GetObjectRes groups resulting values of GetObject operation.
+// GetObjectRes groups the resulting values of GetObject operation.
 type GetObjectRes struct {
 	hdr *object.Object
 }
-// Header returns header of the request object.
+// Header returns the header of the request object.
 func (x GetObjectRes) Header() *object.Object {
 	return x.hdr
 }
-// GetObject reads the object by address.
+// GetObject reads an object by address.
 //
-// Interrupts on any writer error. If successful, payload is written to writer.
+// Interrupts on any writer error. If successful, payload is written to the writer.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 // For raw reading, returns *object.SplitInfoError error if object is virtual.
 func GetObject(prm GetObjectPrm) (*GetObjectRes, error) {
 	var getPrm client.PrmObjectGet
-
+	getPrm.FromContainer(prm.objAddr.Container())
-	if id := prm.objAddr.ContainerID(); id != nil {
+	getPrm.ByID(prm.objAddr.Object())
 		getPrm.FromContainer(*id)
 	}
 	if id := prm.objAddr.ObjectID(); id != nil {
 		getPrm.ByID(*id)
 	}
 	if prm.sessionToken != nil {
 		getPrm.WithinSession(*prm.sessionToken)
@ -516,7 +539,7 @@ func GetObject(prm GetObjectPrm) (*GetObjectRes, error) {
 		getPrm.MarkLocal()
 	}
-	getPrm.WithXHeaders(prm.xHeadersPrm()...)
+	getPrm.WithXHeaders(prm.xHeaders...)
 	rdr, err := prm.cli.ObjectGetInit(context.Background(), getPrm)
 	if err != nil {
@ -552,35 +575,29 @@ type HeadObjectPrm struct {
 	mainOnly bool
 }
-// SetMainOnlyFlag sets flag to get only main fields of object header in terms of NeoFS API.
+// SetMainOnlyFlag sets flag to get only main fields of an object header in terms of FrostFS API.
 func (x *HeadObjectPrm) SetMainOnlyFlag(v bool) {
 	x.mainOnly = v
 }
-// HeadObjectRes groups resulting values of HeadObject operation.
+// HeadObjectRes groups the resulting values of HeadObject operation.
 type HeadObjectRes struct {
 	hdr *object.Object
 }
-// Header returns requested object header.
+// Header returns the requested object header.
 func (x HeadObjectRes) Header() *object.Object {
 	return x.hdr
 }
-// HeadObject reads object header by address.
+// HeadObject reads an object header by address.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 // For raw reading, returns *object.SplitInfoError error if object is virtual.
 func HeadObject(prm HeadObjectPrm) (*HeadObjectRes, error) {
 	var cliPrm client.PrmObjectHead
-
+	cliPrm.FromContainer(prm.objAddr.Container())
-	if id := prm.objAddr.ContainerID(); id != nil {
+	cliPrm.ByID(prm.objAddr.Object())
 		cliPrm.FromContainer(*id)
 	}
 	if id := prm.objAddr.ObjectID(); id != nil {
 		cliPrm.ByID(*id)
 	}
 	if prm.sessionToken != nil {
 		cliPrm.WithinSession(*prm.sessionToken)
@ -598,7 +615,7 @@ func HeadObject(prm HeadObjectPrm) (*HeadObjectRes, error) {
 		cliPrm.MarkLocal()
 	}
-	cliPrm.WithXHeaders(prm.xHeadersPrm()...)
+	cliPrm.WithXHeaders(prm.xHeaders...)
 	res, err := prm.cli.ObjectHead(context.Background(), cliPrm)
 	if err != nil {
@ -629,26 +646,22 @@ func (x *SearchObjectsPrm) SetFilters(filters object.SearchFilters) {
 	x.filters = filters
 }
-// SearchObjectsRes groups resulting values of SearchObjects operation.
+// SearchObjectsRes groups the resulting values of SearchObjects operation.
 type SearchObjectsRes struct {
-	ids []oidSDK.ID
+	ids []oid.ID
 }
 // IDList returns identifiers of the matched objects.
-func (x SearchObjectsRes) IDList() []oidSDK.ID {
+func (x SearchObjectsRes) IDList() []oid.ID {
 	return x.ids
 }
-// SearchObjects selects objects from container which match the filters.
+// SearchObjects selects objects from the container which match the filters.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 func SearchObjects(prm SearchObjectsPrm) (*SearchObjectsRes, error) {
 	var cliPrm client.PrmObjectSearch
-
+	cliPrm.InContainer(prm.cnrID)
 	if prm.cnrID != nil {
 		cliPrm.InContainer(*prm.cnrID)
 	}
 	cliPrm.SetFilters(prm.filters)
 	if prm.sessionToken != nil {
@ -663,15 +676,15 @@ func SearchObjects(prm SearchObjectsPrm) (*SearchObjectsRes, error) {
 		cliPrm.MarkLocal()
 	}
-	cliPrm.WithXHeaders(prm.xHeadersPrm()...)
+	cliPrm.WithXHeaders(prm.xHeaders...)
 	rdr, err := prm.cli.ObjectSearchInit(context.Background(), cliPrm)
 	if err != nil {
 		return nil, fmt.Errorf("init object search: %w", err)
 	}
-	buf := make([]oidSDK.ID, 10)
+	buf := make([]oid.ID, 10)
-	var list []oidSDK.ID
+	var list []oid.ID
 	var n int
 	var ok bool
@ -712,7 +725,7 @@ func (x *HashPayloadRangesPrm) TZ() {
 	x.tz = true
 }
-// SetRanges sets list of payload ranges to hash.
+// SetRanges sets a list of payload ranges to hash.
 func (x *HashPayloadRangesPrm) SetRanges(rngs []*object.Range) {
 	x.rngs = rngs
 }
@ -722,30 +735,24 @@ func (x *HashPayloadRangesPrm) SetSalt(salt []byte) {
 	x.salt = salt
 }
-// HashPayloadRangesRes groups resulting values of HashPayloadRanges operation.
+// HashPayloadRangesRes groups the resulting values of HashPayloadRanges operation.
 type HashPayloadRangesRes struct {
 	cliRes *client.ResObjectHash
 }
-// HashList returns list of hashes of the payload ranges keeping order.
+// HashList returns a list of hashes of the payload ranges keeping order.
 func (x HashPayloadRangesRes) HashList() [][]byte {
 	return x.cliRes.Checksums()
 }
 // HashPayloadRanges requests hashes (by default SHA256) of the object payload ranges.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 // Returns an error if number of received hashes differs with the number of requested ranges.
 func HashPayloadRanges(prm HashPayloadRangesPrm) (*HashPayloadRangesRes, error) {
 	var cliPrm client.PrmObjectHash
-
+	cliPrm.FromContainer(prm.objAddr.Container())
-	if id := prm.objAddr.ContainerID(); id != nil {
+	cliPrm.ByID(prm.objAddr.Object())
 		cliPrm.FromContainer(*id)
 	}
 	if id := prm.objAddr.ObjectID(); id != nil {
 		cliPrm.ByID(*id)
 	}
 	if prm.local {
 		cliPrm.MarkLocal()
@ -774,7 +781,7 @@ func HashPayloadRanges(prm HashPayloadRangesPrm) (*HashPayloadRangesRes, error)
 		cliPrm.WithBearerToken(*prm.bearerToken)
 	}
-	cliPrm.WithXHeaders(prm.xHeadersPrm()...)
+	cliPrm.WithXHeaders(prm.xHeaders...)
 	res, err := prm.cli.ObjectHash(context.Background(), cliPrm)
 	if err != nil {
@ -801,25 +808,19 @@ func (x *PayloadRangePrm) SetRange(rng *object.Range) {
 	x.rng = rng
 }
-// PayloadRangeRes groups resulting values of PayloadRange operation.
+// PayloadRangeRes groups the resulting values of PayloadRange operation.
 type PayloadRangeRes struct{}
-// PayloadRange reads object payload range from NeoFS and writes it to specified writer.
+// PayloadRange reads object payload range from FrostFS and writes it to the specified writer.
 //
 // Interrupts on any writer error.
 //
-// Returns any error prevented the operation from completing correctly in error return.
+// Returns any error which prevented the operation from completing correctly in error return.
 // For raw reading, returns *object.SplitInfoError error if object is virtual.
 func PayloadRange(prm PayloadRangePrm) (*PayloadRangeRes, error) {
 	var cliPrm client.PrmObjectRange
-
+	cliPrm.FromContainer(prm.objAddr.Container())
-	if id := prm.objAddr.ContainerID(); id != nil {
+	cliPrm.ByID(prm.objAddr.Object())
 		cliPrm.FromContainer(*id)
 	}
 	if id := prm.objAddr.ObjectID(); id != nil {
 		cliPrm.ByID(*id)
 	}
 	if prm.sessionToken != nil {
 		cliPrm.WithinSession(*prm.sessionToken)
@ -840,7 +841,7 @@ func PayloadRange(prm PayloadRangePrm) (*PayloadRangeRes, error) {
 	cliPrm.SetOffset(prm.rng.GetOffset())
 	cliPrm.SetLength(prm.rng.GetLength())
-	cliPrm.WithXHeaders(prm.xHeadersPrm()...)
+	cliPrm.WithXHeaders(prm.xHeaders...)
 	rdr, err := prm.cli.ObjectRangeInit(context.Background(), cliPrm)
 	if err != nil {
@ -854,3 +855,37 @@ func PayloadRange(prm PayloadRangePrm) (*PayloadRangeRes, error) {
 	return new(PayloadRangeRes), nil
 }
 // SyncContainerPrm groups parameters of SyncContainerSettings operation.
 type SyncContainerPrm struct {
 	commonPrm
 	c *containerSDK.Container
 }
 // SetContainer sets a container that is required to be synced.
 func (s *SyncContainerPrm) SetContainer(c *containerSDK.Container) {
 	s.c = c
 }
 // SyncContainerRes groups resulting values of SyncContainerSettings
 // operation.
 type SyncContainerRes struct{}
 // SyncContainerSettings reads global network config from FrostFS and
 // syncs container settings with it.
 //
 // Interrupts on any writer error.
 //
 // Panics if a container passed as a parameter is nil.
 func SyncContainerSettings(prm SyncContainerPrm) (*SyncContainerRes, error) {
 	if prm.c == nil {
 		panic("sync container settings with the network: nil container")
 	}
 	err := client.SyncContainerWithNetwork(context.Background(), prm.c, prm.cli)
 	if err != nil {
 		return nil, err
 	}
 	return new(SyncContainerRes), nil
 }
--- a/cmd/frostfs-cli/internal/client/doc.go
+++ b/cmd/frostfs-cli/internal/client/doc.go
@ -0,0 +1,15 @@
 // Package internal provides functionality for FrostFS CLI application
 // communication with FrostFS network.
 //
 // The base client for accessing remote nodes via FrostFS API is a FrostFS SDK
 // Go API client. However, although it encapsulates a useful piece of business
 // logic (e.g. the signature mechanism), the FrostFS CLI application does not
 // fully use the client's flexible interface.
 //
 // In this regard, this package provides functions over base API client
 // necessary for the application. This allows you to concentrate the entire
 // spectrum of the client's use in one place (this will be convenient both when
 // updating the base client and for evaluating the UX of SDK library). So it is
 // expected that all application packages will be limited to this package for
 // the development of functionality requiring FrostFS API communication.
 package internal
--- a/cmd/frostfs-cli/internal/client/prm.go
+++ b/cmd/frostfs-cli/internal/client/prm.go
@ -0,0 +1,92 @@
 package internal
 import (
 	"io"
 	"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
 	"github.com/TrueCloudLab/frostfs-sdk-go/client"
 	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
 	oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
 	"github.com/TrueCloudLab/frostfs-sdk-go/session"
 )
 // here are small structures with public setters to share between parameter structures
 type commonPrm struct {
 	cli *client.Client
 }
 // SetClient sets the base client for FrostFS API communication.
 func (x *commonPrm) SetClient(cli *client.Client) {
 	x.cli = cli
 }
 type containerIDPrm struct {
 	cnrID cid.ID
 }
 // SetContainerID sets the container identifier.
 func (x *containerIDPrm) SetContainerID(id cid.ID) {
 	x.cnrID = id
 }
 type bearerTokenPrm struct {
 	bearerToken *bearer.Token
 }
 // SetBearerToken sets the bearer token to be attached to the request.
 func (x *bearerTokenPrm) SetBearerToken(tok *bearer.Token) {
 	x.bearerToken = tok
 }
 type objectAddressPrm struct {
 	objAddr oid.Address
 }
 func (x *objectAddressPrm) SetAddress(addr oid.Address) {
 	x.objAddr = addr
 }
 type rawPrm struct {
 	raw bool
 }
 // SetRawFlag sets flag of raw request.
 func (x *rawPrm) SetRawFlag(raw bool) {
 	x.raw = raw
 }
 type payloadWriterPrm struct {
 	wrt io.Writer
 }
 // SetPayloadWriter sets the writer of the object payload.
 func (x *payloadWriterPrm) SetPayloadWriter(wrt io.Writer) {
 	x.wrt = wrt
 }
 type commonObjectPrm struct {
 	commonPrm
 	bearerTokenPrm
 	sessionToken *session.Object
 	local bool
 	xHeaders []string
 }
 // SetTTL sets request TTL value.
 func (x *commonObjectPrm) SetTTL(ttl uint32) {
 	x.local = ttl < 2
 }
 // SetXHeaders sets request X-Headers.
 func (x *commonObjectPrm) SetXHeaders(hs []string) {
 	x.xHeaders = hs
 }
 // SetSessionToken sets the token of the session within which the request should be sent.
 func (x *commonObjectPrm) SetSessionToken(tok *session.Object) {
 	x.sessionToken = tok
 }
--- a/cmd/frostfs-cli/internal/client/sdk.go
+++ b/cmd/frostfs-cli/internal/client/sdk.go
@ -0,0 +1,96 @@
 package internal
 import (
 	"context"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
 	"errors"
 	"fmt"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	commonCmd "github.com/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/TrueCloudLab/frostfs-node/pkg/network"
 	"github.com/TrueCloudLab/frostfs-sdk-go/client"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 var errInvalidEndpoint = errors.New("provided RPC endpoint is incorrect")
 // GetSDKClientByFlag returns default frostfs-sdk-go client using the specified flag for the address.
 // On error, outputs to stderr of cmd and exits with non-zero code.
 func GetSDKClientByFlag(cmd *cobra.Command, key *ecdsa.PrivateKey, endpointFlag string) *client.Client {
 	cli, err := getSDKClientByFlag(cmd, key, endpointFlag)
 	if err != nil {
 		commonCmd.ExitOnErr(cmd, "can't create API client: %w", err)
 	}
 	return cli
 }
 func getSDKClientByFlag(cmd *cobra.Command, key *ecdsa.PrivateKey, endpointFlag string) (*client.Client, error) {
 	var addr network.Address
 	err := addr.FromString(viper.GetString(endpointFlag))
 	if err != nil {
 		return nil, fmt.Errorf("%v: %w", errInvalidEndpoint, err)
 	}
 	return GetSDKClient(cmd, key, addr)
 }
 // GetSDKClient returns default frostfs-sdk-go client.
 func GetSDKClient(cmd *cobra.Command, key *ecdsa.PrivateKey, addr network.Address) (*client.Client, error) {
 	var (
 		c       client.Client
 		prmInit client.PrmInit
 		prmDial client.PrmDial
 	)
 	prmInit.SetDefaultPrivateKey(*key)
 	prmInit.ResolveNeoFSFailures()
 	prmDial.SetServerURI(addr.URIAddr())
 	if timeout := viper.GetDuration(commonflags.Timeout); timeout > 0 {
 		// In CLI we can only set a timeout for the whole operation.
 		// By also setting stream timeout we ensure that no operation hands
 		// for too long.
 		prmDial.SetTimeout(timeout)
 		prmDial.SetStreamTimeout(timeout)
 		common.PrintVerbose(cmd, "Set request timeout to %s.", timeout)
 	}
 	c.Init(prmInit)
 	if err := c.Dial(prmDial); err != nil {
 		return nil, fmt.Errorf("can't init SDK client: %w", err)
 	}
 	return &c, nil
 }
 // GetCurrentEpoch returns current epoch.
 func GetCurrentEpoch(ctx context.Context, cmd *cobra.Command, endpoint string) (uint64, error) {
 	var addr network.Address
 	if err := addr.FromString(endpoint); err != nil {
 		return 0, fmt.Errorf("can't parse RPC endpoint: %w", err)
 	}
 	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
 		return 0, fmt.Errorf("can't generate key to sign query: %w", err)
 	}
 	c, err := GetSDKClient(cmd, key, addr)
 	if err != nil {
 		return 0, err
 	}
 	ni, err := c.NetworkInfo(ctx, client.PrmNetworkInfo{})
 	if err != nil {
 		return 0, err
 	}
 	return ni.Info().CurrentEpoch(), nil
 }
--- a/cmd/frostfs-cli/internal/common/eacl.go
+++ b/cmd/frostfs-cli/internal/common/eacl.go
@ -0,0 +1,50 @@
 package common
 import (
 	"errors"
 	"os"
 	commonCmd "github.com/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/TrueCloudLab/frostfs-node/pkg/core/version"
 	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
 	versionSDK "github.com/TrueCloudLab/frostfs-sdk-go/version"
 	"github.com/spf13/cobra"
 )
 var errUnsupportedEACLFormat = errors.New("unsupported eACL format")
 // ReadEACL reads extended ACL table from eaclPath.
 func ReadEACL(cmd *cobra.Command, eaclPath string) *eacl.Table {
 	_, err := os.Stat(eaclPath) // check if `eaclPath` is an existing file
 	if err != nil {
 		commonCmd.ExitOnErr(cmd, "", errors.New("incorrect path to file with EACL"))
 	}
 	PrintVerbose(cmd, "Reading EACL from file: %s", eaclPath)
 	data, err := os.ReadFile(eaclPath)
 	commonCmd.ExitOnErr(cmd, "can't read file with EACL: %w", err)
 	table := eacl.NewTable()
 	if err = table.UnmarshalJSON(data); err == nil {
 		validateAndFixEACLVersion(table)
 		PrintVerbose(cmd, "Parsed JSON encoded EACL table")
 		return table
 	}
 	if err = table.Unmarshal(data); err == nil {
 		validateAndFixEACLVersion(table)
 		PrintVerbose(cmd, "Parsed binary encoded EACL table")
 		return table
 	}
 	commonCmd.ExitOnErr(cmd, "", errUnsupportedEACLFormat)
 	return nil
 }
 func validateAndFixEACLVersion(table *eacl.Table) {
 	if !version.IsValid(table.Version()) {
 		table.SetVersion(versionSDK.Current())
 	}
 }
--- a/cmd/frostfs-cli/internal/common/epoch.go
+++ b/cmd/frostfs-cli/internal/common/epoch.go
@ -0,0 +1,28 @@
 package common
 import (
 	"fmt"
 	"strconv"
 	"github.com/spf13/cobra"
 )
 // ParseEpoch parses epoch argument. Second return value is true if
 // the specified epoch is relative, and false otherwise.
 func ParseEpoch(cmd *cobra.Command, flag string) (uint64, bool, error) {
 	s, _ := cmd.Flags().GetString(flag)
 	if len(s) == 0 {
 		return 0, false, nil
 	}
 	relative := s[0] == '+'
 	if relative {
 		s = s[1:]
 	}
 	epoch, err := strconv.ParseUint(s, 10, 64)
 	if err != nil {
 		return 0, relative, fmt.Errorf("can't parse epoch for %s argument: %w", flag, err)
 	}
 	return epoch, relative, nil
 }
--- a/cmd/frostfs-cli/internal/common/json.go
+++ b/cmd/frostfs-cli/internal/common/json.go
@ -0,0 +1,23 @@
 package common
 import (
 	"bytes"
 	"encoding/json"
 	"github.com/spf13/cobra"
 )
 // PrettyPrintJSON prints m as an indented JSON to the cmd output.
 func PrettyPrintJSON(cmd *cobra.Command, m json.Marshaler, entity string) {
 	data, err := m.MarshalJSON()
 	if err != nil {
 		PrintVerbose(cmd, "Can't convert %s to json: %w", entity, err)
 		return
 	}
 	buf := new(bytes.Buffer)
 	if err := json.Indent(buf, data, "", "  "); err != nil {
 		PrintVerbose(cmd, "Can't pretty print json: %w", err)
 		return
 	}
 	cmd.Println(buf)
 }
--- a/cmd/frostfs-cli/internal/common/token.go
+++ b/cmd/frostfs-cli/internal/common/token.go
@ -0,0 +1,67 @@
 package common
 import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"os"
 	commonCmd "github.com/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
 	"github.com/spf13/cobra"
 )
 // ReadBearerToken reads bearer token from the path provided in a specified flag.
 func ReadBearerToken(cmd *cobra.Command, flagname string) *bearer.Token {
 	path, err := cmd.Flags().GetString(flagname)
 	commonCmd.ExitOnErr(cmd, "", err)
 	if len(path) == 0 {
 		return nil
 	}
 	PrintVerbose(cmd, "Reading bearer token from file [%s]...", path)
 	var tok bearer.Token
 	err = ReadBinaryOrJSON(cmd, &tok, path)
 	commonCmd.ExitOnErr(cmd, "invalid bearer token: %v", err)
 	return &tok
 }
 // BinaryOrJSON is an interface of entities which provide json.Unmarshaler
 // and FrostFS binary decoder.
 type BinaryOrJSON interface {
 	Unmarshal([]byte) error
 	json.Unmarshaler
 }
 // ReadBinaryOrJSON reads file data using provided path and decodes
 // BinaryOrJSON from the data.
 func ReadBinaryOrJSON(cmd *cobra.Command, dst BinaryOrJSON, fPath string) error {
 	PrintVerbose(cmd, "Reading file [%s]...", fPath)
 	// try to read session token from file
 	data, err := os.ReadFile(fPath)
 	if err != nil {
 		return fmt.Errorf("read file <%s>: %w", fPath, err)
 	}
 	PrintVerbose(cmd, "Trying to decode binary...")
 	err = dst.Unmarshal(data)
 	if err != nil {
 		PrintVerbose(cmd, "Failed to decode binary: %v", err)
 		PrintVerbose(cmd, "Trying to decode JSON...")
 		err = dst.UnmarshalJSON(data)
 		if err != nil {
 			PrintVerbose(cmd, "Failed to decode JSON: %v", err)
 			return errors.New("invalid format")
 		}
 	}
 	return nil
 }
--- a/cmd/frostfs-cli/internal/common/verbose.go
+++ b/cmd/frostfs-cli/internal/common/verbose.go
@ -0,0 +1,46 @@
 package common
 import (
 	"encoding/hex"
 	"strconv"
 	"time"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"github.com/TrueCloudLab/frostfs-sdk-go/checksum"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 // PrintVerbose prints to the stdout if the commonflags.Verbose flag is on.
 func PrintVerbose(cmd *cobra.Command, format string, a ...any) {
 	if viper.GetBool(commonflags.Verbose) {
 		cmd.Printf(format+"\n", a...)
 	}
 }
 // PrettyPrintUnixTime interprets s as unix timestamp and prints it as
 // a date. Is s is invalid, "malformed" is returned.
 func PrettyPrintUnixTime(s string) string {
 	unixTime, err := strconv.ParseInt(s, 10, 64)
 	if err != nil {
 		return "malformed"
 	}
 	timestamp := time.Unix(unixTime, 0)
 	return timestamp.String()
 }
 // PrintChecksum prints checksum.
 func PrintChecksum(cmd *cobra.Command, name string, recv func() (checksum.Checksum, bool)) {
 	var strVal string
 	cs, csSet := recv()
 	if csSet {
 		strVal = hex.EncodeToString(cs.Value())
 	} else {
 		strVal = "<empty>"
 	}
 	cmd.Printf("%s: %s\n", name, strVal)
 }
--- a/cmd/frostfs-cli/internal/commonflags/api.go
+++ b/cmd/frostfs-cli/internal/commonflags/api.go
@ -0,0 +1,33 @@
 package commonflags
 import (
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 const (
 	TTL          = "ttl"
 	TTLShorthand = ""
 	TTLDefault   = 2
 	TTLUsage     = "TTL value in request meta header"
 	XHeadersKey       = "xhdr"
 	XHeadersShorthand = "x"
 	XHeadersUsage     = "Request X-Headers in form of Key=Value"
 )
 // InitAPI inits common flags for storage node services.
 func InitAPI(cmd *cobra.Command) {
 	ff := cmd.Flags()
 	ff.StringSliceP(XHeadersKey, XHeadersShorthand, []string{}, XHeadersUsage)
 	ff.Uint32P(TTL, TTLShorthand, TTLDefault, TTLUsage)
 }
 // BindAPI binds API flags of storage node services to the viper.
 func BindAPI(cmd *cobra.Command) {
 	ff := cmd.Flags()
 	_ = viper.BindPFlag(TTL, ff.Lookup(TTL))
 	_ = viper.BindPFlag(XHeadersKey, ff.Lookup(XHeadersKey))
 }
--- a/cmd/frostfs-cli/internal/commonflags/expiration.go
+++ b/cmd/frostfs-cli/internal/commonflags/expiration.go
@ -0,0 +1,9 @@
 package commonflags
 const (
 	// ExpireAt is a flag for setting last epoch of an object or a token.
 	ExpireAt = "expire-at"
 	// Lifetime is a flag for setting the lifetime of an object or a token,
 	// starting from the current epoch.
 	Lifetime = "lifetime"
 )
--- a/cmd/frostfs-cli/internal/commonflags/flags.go
+++ b/cmd/frostfs-cli/internal/commonflags/flags.go
@ -0,0 +1,84 @@
 package commonflags
 import (
 	"time"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 // Common CLI flag keys, shorthands, default
 // values and their usage descriptions.
 const (
 	GenerateKey          = "generate-key"
 	generateKeyShorthand = "g"
 	generateKeyDefault   = false
 	generateKeyUsage     = "Generate new private key"
 	WalletPath          = "wallet"
 	WalletPathShorthand = "w"
 	WalletPathDefault   = ""
 	WalletPathUsage     = "Path to the wallet or binary key"
 	Account          = "address"
 	AccountShorthand = ""
 	AccountDefault   = ""
 	AccountUsage     = "Address of wallet account"
 	RPC          = "rpc-endpoint"
 	RPCShorthand = "r"
 	RPCDefault   = ""
 	RPCUsage     = "Remote node address (as 'multiaddr' or '<host>:<port>')"
 	Timeout          = "timeout"
 	TimeoutShorthand = "t"
 	TimeoutDefault   = 15 * time.Second
 	TimeoutUsage     = "Timeout for an operation"
 	Verbose          = "verbose"
 	VerboseShorthand = "v"
 	VerboseUsage     = "Verbose output"
 	ForceFlag          = "force"
 	ForceFlagShorthand = "f"
 	CIDFlag      = "cid"
 	CIDFlagUsage = "Container ID."
 	OIDFlag      = "oid"
 	OIDFlagUsage = "Object ID."
 )
 // Init adds common flags to the command:
 // - GenerateKey,
 // - WalletPath,
 // - Account,
 // - RPC,
 // - Timeout.
 func Init(cmd *cobra.Command) {
 	InitWithoutRPC(cmd)
 	ff := cmd.Flags()
 	ff.StringP(RPC, RPCShorthand, RPCDefault, RPCUsage)
 	ff.DurationP(Timeout, TimeoutShorthand, TimeoutDefault, TimeoutUsage)
 }
 // InitWithoutRPC is similar to Init but doesn't create the RPC flag.
 func InitWithoutRPC(cmd *cobra.Command) {
 	ff := cmd.Flags()
 	ff.BoolP(GenerateKey, generateKeyShorthand, generateKeyDefault, generateKeyUsage)
 	ff.StringP(WalletPath, WalletPathShorthand, WalletPathDefault, WalletPathUsage)
 	ff.StringP(Account, AccountShorthand, AccountDefault, AccountUsage)
 }
 // Bind binds common command flags to the viper.
 func Bind(cmd *cobra.Command) {
 	ff := cmd.Flags()
 	_ = viper.BindPFlag(GenerateKey, ff.Lookup(GenerateKey))
 	_ = viper.BindPFlag(WalletPath, ff.Lookup(WalletPath))
 	_ = viper.BindPFlag(Account, ff.Lookup(Account))
 	_ = viper.BindPFlag(RPC, ff.Lookup(RPC))
 	_ = viper.BindPFlag(Timeout, ff.Lookup(Timeout))
 }
--- a/cmd/frostfs-cli/internal/commonflags/json.go
+++ b/cmd/frostfs-cli/internal/commonflags/json.go
@ -0,0 +1,3 @@
 package commonflags
 const JSON = "json"
--- a/cmd/frostfs-cli/internal/commonflags/session.go
+++ b/cmd/frostfs-cli/internal/commonflags/session.go
@ -0,0 +1,19 @@
 package commonflags
 import (
 	"fmt"
 	"github.com/spf13/cobra"
 )
 const SessionToken = "session"
 // InitSession registers SessionToken flag representing file path to the token of
 // the session with the given name. Supports FrostFS-binary and JSON files.
 func InitSession(cmd *cobra.Command, name string) {
 	cmd.Flags().String(
 		SessionToken,
 		"",
 		fmt.Sprintf("Filepath to a JSON- or binary-encoded token of the %s session", name),
 	)
 }
--- a/cmd/frostfs-cli/internal/key/key_test.go
+++ b/cmd/frostfs-cli/internal/key/key_test.go
@ -1,28 +1,38 @@
-package cmd
+package key
 import (
 	"bytes"
 	"errors"
 	"io"
 	"os"
 	"path/filepath"
 	"testing"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"github.com/nspcc-dev/neo-go/cli/input"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/term"
 )
-func Test_getKey(t *testing.T) {
+var testCmd = &cobra.Command{
 	Use:   "test",
 	Short: "test",
 	Run:   func(cmd *cobra.Command, args []string) {},
 }
 func Test_getOrGenerate(t *testing.T) {
 	dir := t.TempDir()
 	wallPath := filepath.Join(dir, "wallet.json")
 	w, err := wallet.NewWallet(wallPath)
 	require.NoError(t, err)
 	badWallPath := filepath.Join(dir, "bad_wallet.json")
 	require.NoError(t, os.WriteFile(badWallPath, []byte("bad content"), os.ModePerm))
 	acc1, err := wallet.NewAccount()
 	require.NoError(t, err)
 	require.NoError(t, acc1.Encrypt("pass", keys.NEP2ScryptParams()))
@ -34,7 +44,6 @@ func Test_getKey(t *testing.T) {
 	acc2.Default = true
 	w.AddAccount(acc2)
 	require.NoError(t, w.Save())
 	w.Close()
 	keyPath := filepath.Join(dir, "binary.key")
 	rawKey, err := keys.NewPrivateKey()
@ -55,52 +64,37 @@ func Test_getKey(t *testing.T) {
 		Writer: io.Discard,
 	}, "")
-	checkKeyError(t, filepath.Join(dir, "badfile"), errInvalidKey)
+	checkKeyError(t, filepath.Join(dir, "badfile"), ErrFs)
 	checkKeyError(t, badWallPath, ErrInvalidKey)
 	t.Run("wallet", func(t *testing.T) {
-		checkKeyError(t, wallPath, errInvalidPassword)
+		checkKeyError(t, wallPath, ErrInvalidPassword)
 		in.WriteString("invalid\r")
-		checkKeyError(t, wallPath, errInvalidPassword)
+		checkKeyError(t, wallPath, ErrInvalidPassword)
 		in.WriteString("pass\r")
 		checkKey(t, wallPath, acc2.PrivateKey()) // default account
-		viper.Set(address, acc1.Address)
+		viper.Set(commonflags.Account, acc1.Address)
 		in.WriteString("pass\r")
 		checkKey(t, wallPath, acc1.PrivateKey())
-		viper.Set(address, "not an address")
+		viper.Set(commonflags.Account, "not an address")
-		checkKeyError(t, wallPath, errInvalidAddress)
+		checkKeyError(t, wallPath, ErrInvalidAddress)
 		acc, err := wallet.NewAccount()
 		require.NoError(t, err)
-		viper.Set(address, acc.Address)
+		viper.Set(commonflags.Account, acc.Address)
-		checkKeyError(t, wallPath, errInvalidAddress)
+		checkKeyError(t, wallPath, ErrInvalidAddress)
 	})
 	t.Run("WIF", func(t *testing.T) {
-		checkKey(t, wifKey.WIF(), wifKey)
+		checkKeyError(t, wifKey.WIF(), ErrFs)
 	})
 	t.Run("NEP-2", func(t *testing.T) {
-		checkKeyError(t, nep2, errInvalidPassword)
+		checkKeyError(t, nep2, ErrFs)
 		in.WriteString("invalid\r")
 		checkKeyError(t, nep2, errInvalidPassword)
 		in.WriteString("pass\r")
 		checkKey(t, nep2, nep2Key)
 		t.Run("password from config", func(t *testing.T) {
 			viper.Set(password, "invalid")
 			in.WriteString("pass\r")
 			checkKeyError(t, nep2, errInvalidPassword)
 			viper.Set(password, "pass")
 			in.WriteString("invalid\r")
 			checkKey(t, nep2, nep2Key)
 		})
 	})
 	t.Run("raw key", func(t *testing.T) {
@ -108,8 +102,8 @@ func Test_getKey(t *testing.T) {
 	})
 	t.Run("generate", func(t *testing.T) {
-		viper.Set(generateKey, true)
+		viper.Set(commonflags.GenerateKey, true)
-		actual, err := getKey()
+		actual, err := getOrGenerate(testCmd)
 		require.NoError(t, err)
 		require.NotNil(t, actual)
 		for _, p := range []*keys.PrivateKey{nep2Key, rawKey, wifKey, acc1.PrivateKey(), acc2.PrivateKey()} {
@ -119,14 +113,14 @@ func Test_getKey(t *testing.T) {
 }
 func checkKeyError(t *testing.T, desc string, err error) {
-	viper.Set(walletPath, desc)
+	viper.Set(commonflags.WalletPath, desc)
-	_, actualErr := getKey()
+	_, actualErr := getOrGenerate(testCmd)
-	require.True(t, errors.Is(actualErr, err), "got: %v", actualErr)
+	require.ErrorIs(t, actualErr, err)
 }
 func checkKey(t *testing.T, desc string, expected *keys.PrivateKey) {
-	viper.Set(walletPath, desc)
+	viper.Set(commonflags.WalletPath, desc)
-	actual, err := getKey()
+	actual, err := getOrGenerate(testCmd)
 	require.NoError(t, err)
 	require.Equal(t, &expected.PrivateKey, actual)
 }
--- a/cmd/frostfs-cli/internal/key/raw.go
+++ b/cmd/frostfs-cli/internal/key/raw.go
@ -0,0 +1,62 @@
 package key
 import (
 	"crypto/ecdsa"
 	"errors"
 	"fmt"
 	"os"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	commonCmd "github.com/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 var errCantGenerateKey = errors.New("can't generate new private key")
 // Get returns private key from wallet or binary file.
 // Ideally we want to touch file-system on the last step.
 // This function assumes that all flags were bind to viper in a `PersistentPreRun`.
 func Get(cmd *cobra.Command) *ecdsa.PrivateKey {
 	pk, err := get(cmd)
 	commonCmd.ExitOnErr(cmd, "can't fetch private key: %w", err)
 	return pk
 }
 func get(cmd *cobra.Command) (*ecdsa.PrivateKey, error) {
 	keyDesc := viper.GetString(commonflags.WalletPath)
 	data, err := os.ReadFile(keyDesc)
 	if err != nil {
 		return nil, fmt.Errorf("%w: %v", ErrFs, err)
 	}
 	priv, err := keys.NewPrivateKeyFromBytes(data)
 	if err != nil {
 		w, err := wallet.NewWalletFromFile(keyDesc)
 		if err == nil {
 			return FromWallet(cmd, w, viper.GetString(commonflags.Account))
 		}
 		return nil, fmt.Errorf("%w: %v", ErrInvalidKey, err)
 	}
 	return &priv.PrivateKey, nil
 }
 // GetOrGenerate is similar to get but generates a new key if commonflags.GenerateKey is set.
 func GetOrGenerate(cmd *cobra.Command) *ecdsa.PrivateKey {
 	pk, err := getOrGenerate(cmd)
 	commonCmd.ExitOnErr(cmd, "can't fetch private key: %w", err)
 	return pk
 }
 func getOrGenerate(cmd *cobra.Command) (*ecdsa.PrivateKey, error) {
 	if viper.GetBool(commonflags.GenerateKey) {
 		priv, err := keys.NewPrivateKey()
 		if err != nil {
 			return nil, fmt.Errorf("%w: %v", errCantGenerateKey, err)
 		}
 		return &priv.PrivateKey, nil
 	}
 	return get(cmd)
 }
--- a/cmd/frostfs-cli/internal/key/wallet.go
+++ b/cmd/frostfs-cli/internal/key/wallet.go
@ -0,0 +1,70 @@
 package key
 import (
 	"crypto/ecdsa"
 	"errors"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
 	"github.com/nspcc-dev/neo-go/cli/flags"
 	"github.com/nspcc-dev/neo-go/cli/input"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/util"
 	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 // Key-related errors.
 var (
 	ErrFs              = errors.New("unable to read file from given path")
 	ErrInvalidKey      = errors.New("provided key is incorrect, only wallet or binary key supported")
 	ErrInvalidAddress  = errors.New("--address option must be specified and valid")
 	ErrInvalidPassword = errors.New("invalid password for the encrypted key")
 )
 // FromWallet returns private key of the wallet account.
 func FromWallet(cmd *cobra.Command, w *wallet.Wallet, addrStr string) (*ecdsa.PrivateKey, error) {
 	var (
 		addr util.Uint160
 		err  error
 	)
 	if addrStr == "" {
 		common.PrintVerbose(cmd, "Using default wallet address")
 		addr = w.GetChangeAddress()
 	} else {
 		addr, err = flags.ParseAddress(addrStr)
 		if err != nil {
 			common.PrintVerbose(cmd, "Can't parse address: %s", addrStr)
 			return nil, ErrInvalidAddress
 		}
 	}
 	acc := w.GetAccount(addr)
 	if acc == nil {
 		common.PrintVerbose(cmd, "Can't find wallet account for %s", addrStr)
 		return nil, ErrInvalidAddress
 	}
 	pass, err := getPassword()
 	if err != nil {
 		common.PrintVerbose(cmd, "Can't read password: %v", err)
 		return nil, ErrInvalidPassword
 	}
 	if err := acc.Decrypt(pass, keys.NEP2ScryptParams()); err != nil {
 		common.PrintVerbose(cmd, "Can't decrypt account: %v", err)
 		return nil, ErrInvalidPassword
 	}
 	return &acc.PrivateKey().PrivateKey, nil
 }
 func getPassword() (string, error) {
 	// this check allows empty passwords
 	if viper.IsSet("password") {
 		return viper.GetString("password"), nil
 	}
 	return input.ReadPassword("Enter password > ")
 }
--- a/cmd/frostfs-cli/main.go
+++ b/cmd/frostfs-cli/main.go
@ -0,0 +1,7 @@
 package main
 import cmd "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules"
 func main() {
 	cmd.Execute()
 }
--- a/cmd/frostfs-cli/modules/accounting/balance.go
+++ b/cmd/frostfs-cli/modules/accounting/balance.go
@ -0,0 +1,70 @@
 package accounting
 import (
 	"math/big"
 	internalclient "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "github.com/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/TrueCloudLab/frostfs-node/pkg/util/precision"
 	"github.com/TrueCloudLab/frostfs-sdk-go/accounting"
 	"github.com/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 const (
 	ownerFlag = "owner"
 )
 var accountingBalanceCmd = &cobra.Command{
 	Use:   "balance",
 	Short: "Get internal balance of FrostFS account",
 	Long:  `Get internal balance of FrostFS account`,
 	Run: func(cmd *cobra.Command, args []string) {
 		var idUser user.ID
 		pk := key.GetOrGenerate(cmd)
 		balanceOwner, _ := cmd.Flags().GetString(ownerFlag)
 		if balanceOwner == "" {
 			user.IDFromKey(&idUser, pk.PublicKey)
 		} else {
 			commonCmd.ExitOnErr(cmd, "can't decode owner ID wallet address: %w", idUser.DecodeString(balanceOwner))
 		}
 		cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
 		var prm internalclient.BalanceOfPrm
 		prm.SetClient(cli)
 		prm.SetAccount(idUser)
 		res, err := internalclient.BalanceOf(prm)
 		commonCmd.ExitOnErr(cmd, "rpc error: %w", err)
 		// print to stdout
 		prettyPrintDecimal(cmd, res.Balance())
 	},
 }
 func initAccountingBalanceCmd() {
 	ff := accountingBalanceCmd.Flags()
 	ff.StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, commonflags.WalletPathDefault, commonflags.WalletPathUsage)
 	ff.StringP(commonflags.Account, commonflags.AccountShorthand, commonflags.AccountDefault, commonflags.AccountUsage)
 	ff.StringP(commonflags.RPC, commonflags.RPCShorthand, commonflags.RPCDefault, commonflags.RPCUsage)
 	ff.String(ownerFlag, "", "owner of balance account (omit to use owner from private key)")
 }
 func prettyPrintDecimal(cmd *cobra.Command, decimal accounting.Decimal) {
 	if viper.GetBool(commonflags.Verbose) {
 		cmd.Println("value:", decimal.Value())
 		cmd.Println("precision:", decimal.Precision())
 	} else {
 		amountF8 := precision.Convert(decimal.Precision(), 8, big.NewInt(decimal.Value()))
 		cmd.Println(fixedn.ToString(amountF8, 8))
 	}
 }
--- a/cmd/frostfs-cli/modules/accounting/root.go
+++ b/cmd/frostfs-cli/modules/accounting/root.go
@ -0,0 +1,27 @@
 package accounting
 import (
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 // Cmd represents the accounting command.
 var Cmd = &cobra.Command{
 	Use:   "accounting",
 	Short: "Operations with accounts and balances",
 	Long:  `Operations with accounts and balances`,
 	PersistentPreRun: func(cmd *cobra.Command, args []string) {
 		flags := cmd.Flags()
 		_ = viper.BindPFlag(commonflags.WalletPath, flags.Lookup(commonflags.WalletPath))
 		_ = viper.BindPFlag(commonflags.Account, flags.Lookup(commonflags.Account))
 		_ = viper.BindPFlag(commonflags.RPC, flags.Lookup(commonflags.RPC))
 	},
 }
 func init() {
 	Cmd.AddCommand(accountingBalanceCmd)
 	initAccountingBalanceCmd()
 }
--- a/cmd/frostfs-cli/modules/acl/basic/print.go
+++ b/cmd/frostfs-cli/modules/acl/basic/print.go
@ -0,0 +1,28 @@
 package basic
 import (
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "github.com/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/TrueCloudLab/frostfs-sdk-go/container/acl"
 	"github.com/spf13/cobra"
 )
 var printACLCmd = &cobra.Command{
 	Use:     "print",
 	Short:   "Pretty print basic ACL from the HEX representation",
 	Example: `frostfs-cli acl basic print 0x1C8C8CCC`,
 	Long: `Pretty print basic ACL from the HEX representation.
 Few roles have exclusive default access to set of operation, even if particular bit deny it.
 Container have access to the operations of the data replication mechanism:
    Get, Head, Put, Search, Hash.
 InnerRing members are allowed to data audit ops only:
    Get, Head, Hash, Search.`,
 	Run:  printACL,
 	Args: cobra.ExactArgs(1),
 }
 func printACL(cmd *cobra.Command, args []string) {
 	var bacl acl.Basic
 	commonCmd.ExitOnErr(cmd, "unable to parse basic acl: %w", bacl.DecodeString(args[0]))
 	util.PrettyPrintTableBACL(cmd, &bacl)
 }
--- a/cmd/frostfs-cli/modules/acl/basic/root.go
+++ b/cmd/frostfs-cli/modules/acl/basic/root.go
@ -0,0 +1,14 @@
 package basic
 import (
 	"github.com/spf13/cobra"
 )
 var Cmd = &cobra.Command{
 	Use:   "basic",
 	Short: "Operations with Basic Access Control Lists",
 }
 func init() {
 	Cmd.AddCommand(printACLCmd)
 }
--- a/cmd/frostfs-cli/modules/acl/extended/create.go
+++ b/cmd/frostfs-cli/modules/acl/extended/create.go
@ -0,0 +1,127 @@
 package extended
 import (
 	"bytes"
 	"encoding/json"
 	"os"
 	"strings"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "github.com/TrueCloudLab/frostfs-node/cmd/internal/common"
 	cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
 	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
 	"github.com/spf13/cobra"
 )
 var createCmd = &cobra.Command{
 	Use:   "create",
 	Short: "Create extended ACL from the text representation",
 	Long: `Create extended ACL from the text representation.
 Rule consist of these blocks: <action> <operation> [<filter1> ...] [<target1> ...]
 Action is 'allow' or 'deny'.
 Operation is an object service verb: 'get', 'head', 'put', 'search', 'delete', 'getrange', or 'getrangehash'.
 Filter consists of <typ>:<key><match><value>
  Typ is 'obj' for object applied filter or 'req' for request applied filter. 
  Key is a valid unicode string corresponding to object or request header key. 
    Well-known system object headers start with '$Object:' prefix.
    User defined headers start without prefix.
    Read more about filter keys at github.com/TrueCloudLab/frostfs-api/blob/master/proto-docs/acl.md#message-eaclrecordfilter
  Match is '=' for matching and '!=' for non-matching filter.
  Value is a valid unicode string corresponding to object or request header value.
 Target is 
  'user' for container owner, 
  'system' for Storage nodes in container and Inner Ring nodes,
  'others' for all other request senders, 
  'pubkey:<key1>,<key2>,...' for exact request sender, where <key> is a hex-encoded 33-byte public key.
 When both '--rule' and '--file' arguments are used, '--rule' records will be placed higher in resulting extended ACL table.
 `,
 	Example: `frostfs-cli acl extended create --cid EutHBsdT1YCzHxjCfQHnLPL1vFrkSyLSio4vkphfnEk -f rules.txt --out table.json
 frostfs-cli acl extended create --cid EutHBsdT1YCzHxjCfQHnLPL1vFrkSyLSio4vkphfnEk -r 'allow get obj:Key=Value others' -r 'deny put others'`,
 	Run: createEACL,
 }
 func init() {
 	createCmd.Flags().StringArrayP("rule", "r", nil, "Extended ACL table record to apply")
 	createCmd.Flags().StringP("file", "f", "", "Read list of extended ACL table records from text file")
 	createCmd.Flags().StringP("out", "o", "", "Save JSON formatted extended ACL table in file")
 	createCmd.Flags().StringP(commonflags.CIDFlag, "", "", commonflags.CIDFlagUsage)
 	_ = cobra.MarkFlagFilename(createCmd.Flags(), "file")
 	_ = cobra.MarkFlagFilename(createCmd.Flags(), "out")
 }
 func createEACL(cmd *cobra.Command, _ []string) {
 	rules, _ := cmd.Flags().GetStringArray("rule")
 	fileArg, _ := cmd.Flags().GetString("file")
 	outArg, _ := cmd.Flags().GetString("out")
 	cidArg, _ := cmd.Flags().GetString(commonflags.CIDFlag)
 	var containerID cid.ID
 	if cidArg != "" {
 		if err := containerID.DecodeString(cidArg); err != nil {
 			cmd.PrintErrf("invalid container ID: %v\n", err)
 			os.Exit(1)
 		}
 	}
 	rulesFile, err := getRulesFromFile(fileArg)
 	if err != nil {
 		cmd.PrintErrf("can't read rules from file: %v\n", err)
 		os.Exit(1)
 	}
 	rules = append(rules, rulesFile...)
 	if len(rules) == 0 {
 		cmd.PrintErrln("no extended ACL rules has been provided")
 		os.Exit(1)
 	}
 	tb := eacl.NewTable()
 	commonCmd.ExitOnErr(cmd, "unable to parse provided rules: %w", util.ParseEACLRules(tb, rules))
 	tb.SetCID(containerID)
 	data, err := tb.MarshalJSON()
 	if err != nil {
 		cmd.PrintErrln(err)
 		os.Exit(1)
 	}
 	buf := new(bytes.Buffer)
 	err = json.Indent(buf, data, "", "  ")
 	if err != nil {
 		cmd.PrintErrln(err)
 		os.Exit(1)
 	}
 	if len(outArg) == 0 {
 		cmd.Println(buf)
 		return
 	}
 	err = os.WriteFile(outArg, buf.Bytes(), 0644)
 	if err != nil {
 		cmd.PrintErrln(err)
 		os.Exit(1)
 	}
 }
 func getRulesFromFile(filename string) ([]string, error) {
 	if len(filename) == 0 {
 		return nil, nil
 	}
 	data, err := os.ReadFile(filename)
 	if err != nil {
 		return nil, err
 	}
 	return strings.Split(strings.TrimSpace(string(data)), "\n"), nil
 }
--- a/cmd/frostfs-cli/modules/acl/extended/create_test.go
+++ b/cmd/frostfs-cli/modules/acl/extended/create_test.go
@ -1,10 +1,10 @@
 package extended
 import (
 	"strings"
 	"testing"
-	"github.com/nspcc-dev/neofs-sdk-go/eacl"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
 	"github.com/stretchr/testify/require"
 )
@ -63,8 +63,7 @@ func TestParseTable(t *testing.T) {
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			ss := strings.Split(test.rule, " ")
+			err := util.ParseEACLRule(eaclTable, test.rule)
 			err := parseTable(eaclTable, ss)
 			ok := len(test.jsonRecord) > 0
 			require.Equal(t, ok, err == nil, err)
 			if ok {
--- a/cmd/frostfs-cli/modules/acl/extended/print.go
+++ b/cmd/frostfs-cli/modules/acl/extended/print.go
@ -0,0 +1,38 @@
 package extended
 import (
 	"os"
 	"strings"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/util"
 	commonCmd "github.com/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/TrueCloudLab/frostfs-sdk-go/eacl"
 	"github.com/spf13/cobra"
 )
 var printEACLCmd = &cobra.Command{
 	Use:   "print",
 	Short: "Pretty print extended ACL from the file(in text or json format) or for given container.",
 	Run:   printEACL,
 }
 func init() {
 	flags := printEACLCmd.Flags()
 	flags.StringP("file", "f", "",
 		"Read list of extended ACL table records from text or json file")
 	_ = printEACLCmd.MarkFlagRequired("file")
 }
 func printEACL(cmd *cobra.Command, _ []string) {
 	file, _ := cmd.Flags().GetString("file")
 	eaclTable := new(eacl.Table)
 	data, err := os.ReadFile(file)
 	commonCmd.ExitOnErr(cmd, "can't read file with EACL: %w", err)
 	if strings.HasSuffix(file, ".json") {
 		commonCmd.ExitOnErr(cmd, "unable to parse json: %w", eaclTable.UnmarshalJSON(data))
 	} else {
 		rules := strings.Split(strings.TrimSpace(string(data)), "\n")
 		commonCmd.ExitOnErr(cmd, "can't parse file with EACL: %w", util.ParseEACLRules(eaclTable, rules))
 	}
 	util.PrettyPrintTableEACL(cmd, eaclTable)
 }
--- a/cmd/frostfs-cli/modules/acl/extended/root.go
+++ b/cmd/frostfs-cli/modules/acl/extended/root.go
@ -1,6 +1,8 @@
 package extended
-import "github.com/spf13/cobra"
+import (
 	"github.com/spf13/cobra"
 )
 var Cmd = &cobra.Command{
 	Use:   "extended",
@ -9,4 +11,5 @@ var Cmd = &cobra.Command{
 func init() {
 	Cmd.AddCommand(createCmd)
 	Cmd.AddCommand(printEACLCmd)
 }
--- a/cmd/frostfs-cli/modules/acl/root.go
+++ b/cmd/frostfs-cli/modules/acl/root.go
@ -1,7 +1,8 @@
 package acl
 import (
-	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/acl/extended"
+	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/acl/basic"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/modules/acl/extended"
 	"github.com/spf13/cobra"
 )
@ -12,4 +13,5 @@ var Cmd = &cobra.Command{
 func init() {
 	Cmd.AddCommand(extended.Cmd)
 	Cmd.AddCommand(basic.Cmd)
 }
--- a/cmd/frostfs-cli/modules/bearer/create.go
+++ b/cmd/frostfs-cli/modules/bearer/create.go
@ -0,0 +1,126 @@
 package bearer
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"os"
 	"time"
 	internalclient "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	commonCmd "github.com/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
 	eaclSDK "github.com/TrueCloudLab/frostfs-sdk-go/eacl"
 	"github.com/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/spf13/cobra"
 )
 const (
 	eaclFlag           = "eacl"
 	issuedAtFlag       = "issued-at"
 	notValidBeforeFlag = "not-valid-before"
 	ownerFlag          = "owner"
 	outFlag            = "out"
 	jsonFlag           = commonflags.JSON
 )
 var createCmd = &cobra.Command{
 	Use:   "create",
 	Short: "Create bearer token",
 	Long: `Create bearer token.
 All epoch flags can be specified relative to the current epoch with the +n syntax.
 In this case --` + commonflags.RPC + ` flag should be specified and the epoch in bearer token
 is set to current epoch + n.
 `,
 	Run: createToken,
 }
 func init() {
 	createCmd.Flags().StringP(eaclFlag, "e", "", "Path to the extended ACL table")
 	createCmd.Flags().StringP(issuedAtFlag, "i", "", "Epoch to issue token at")
 	createCmd.Flags().StringP(notValidBeforeFlag, "n", "", "Not valid before epoch")
 	createCmd.Flags().StringP(commonflags.ExpireAt, "x", "", "The last active epoch for the token")
 	createCmd.Flags().StringP(ownerFlag, "o", "", "Token owner")
 	createCmd.Flags().String(outFlag, "", "File to write token to")
 	createCmd.Flags().Bool(jsonFlag, false, "Output token in JSON")
 	createCmd.Flags().StringP(commonflags.RPC, commonflags.RPCShorthand, commonflags.RPCDefault, commonflags.RPCUsage)
 	_ = cobra.MarkFlagFilename(createCmd.Flags(), eaclFlag)
 	_ = cobra.MarkFlagRequired(createCmd.Flags(), issuedAtFlag)
 	_ = cobra.MarkFlagRequired(createCmd.Flags(), notValidBeforeFlag)
 	_ = cobra.MarkFlagRequired(createCmd.Flags(), commonflags.ExpireAt)
 	_ = cobra.MarkFlagRequired(createCmd.Flags(), ownerFlag)
 	_ = cobra.MarkFlagRequired(createCmd.Flags(), outFlag)
 }
 func createToken(cmd *cobra.Command, _ []string) {
 	iat, iatRelative, err := common.ParseEpoch(cmd, issuedAtFlag)
 	commonCmd.ExitOnErr(cmd, "can't parse --"+issuedAtFlag+" flag: %w", err)
 	exp, expRelative, err := common.ParseEpoch(cmd, commonflags.ExpireAt)
 	commonCmd.ExitOnErr(cmd, "can't parse --"+commonflags.ExpireAt+" flag: %w", err)
 	nvb, nvbRelative, err := common.ParseEpoch(cmd, notValidBeforeFlag)
 	commonCmd.ExitOnErr(cmd, "can't parse --"+notValidBeforeFlag+" flag: %w", err)
 	if iatRelative || expRelative || nvbRelative {
 		ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
 		defer cancel()
 		endpoint, _ := cmd.Flags().GetString(commonflags.RPC)
 		currEpoch, err := internalclient.GetCurrentEpoch(ctx, cmd, endpoint)
 		commonCmd.ExitOnErr(cmd, "can't fetch current epoch: %w", err)
 		if iatRelative {
 			iat += currEpoch
 		}
 		if expRelative {
 			exp += currEpoch
 		}
 		if nvbRelative {
 			nvb += currEpoch
 		}
 	}
 	if exp < nvb {
 		commonCmd.ExitOnErr(cmd, "",
 			fmt.Errorf("expiration epoch is less than not-valid-before epoch: %d < %d", exp, nvb))
 	}
 	ownerStr, _ := cmd.Flags().GetString(ownerFlag)
 	var ownerID user.ID
 	commonCmd.ExitOnErr(cmd, "can't parse recipient: %w", ownerID.DecodeString(ownerStr))
 	var b bearer.Token
 	b.SetExp(exp)
 	b.SetNbf(nvb)
 	b.SetIat(iat)
 	b.ForUser(ownerID)
 	eaclPath, _ := cmd.Flags().GetString(eaclFlag)
 	if eaclPath != "" {
 		table := eaclSDK.NewTable()
 		raw, err := os.ReadFile(eaclPath)
 		commonCmd.ExitOnErr(cmd, "can't read extended ACL file: %w", err)
 		commonCmd.ExitOnErr(cmd, "can't parse extended ACL: %w", json.Unmarshal(raw, table))
 		b.SetEACLTable(*table)
 	}
 	var data []byte
 	toJSON, _ := cmd.Flags().GetBool(jsonFlag)
 	if toJSON {
 		data, err = json.Marshal(b)
 		commonCmd.ExitOnErr(cmd, "can't mashal token to JSON: %w", err)
 	} else {
 		data = b.Marshal()
 	}
 	out, _ := cmd.Flags().GetString(outFlag)
 	err = os.WriteFile(out, data, 0644)
 	commonCmd.ExitOnErr(cmd, "can't write token to file: %w", err)
 }
--- a/cmd/frostfs-cli/modules/bearer/root.go
+++ b/cmd/frostfs-cli/modules/bearer/root.go
@ -1,11 +1,11 @@
-package token
+package bearer
 import (
 	"github.com/spf13/cobra"
 )
 var Cmd = &cobra.Command{
-	Use:   "token",
+	Use:   "bearer",
 	Short: "Operations with bearer token",
 }
--- a/cmd/frostfs-cli/modules/completion.go
+++ b/cmd/frostfs-cli/modules/completion.go
@ -0,0 +1,9 @@
 package cmd
 import (
 	"github.com/TrueCloudLab/frostfs-node/pkg/util/autocomplete"
 )
 func init() {
 	rootCmd.AddCommand(autocomplete.Command("frostfs-cli"))
 }
--- a/cmd/frostfs-cli/modules/container/create.go
+++ b/cmd/frostfs-cli/modules/container/create.go
@ -0,0 +1,229 @@
 package container
 import (
 	"errors"
 	"fmt"
 	"os"
 	"strings"
 	"time"
 	containerApi "github.com/TrueCloudLab/frostfs-api-go/v2/container"
 	internalclient "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
 	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/key"
 	commonCmd "github.com/TrueCloudLab/frostfs-node/cmd/internal/common"
 	"github.com/TrueCloudLab/frostfs-sdk-go/container"
 	"github.com/TrueCloudLab/frostfs-sdk-go/container/acl"
 	"github.com/TrueCloudLab/frostfs-sdk-go/netmap"
 	subnetid "github.com/TrueCloudLab/frostfs-sdk-go/subnet/id"
 	"github.com/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/spf13/cobra"
 )
 var (
 	containerACL         string
 	containerPolicy      string
 	containerAttributes  []string
 	containerAwait       bool
 	containerName        string
 	containerNnsName     string
 	containerNnsZone     string
 	containerNoTimestamp bool
 	containerSubnet      string
 	force                bool
 )
 var createContainerCmd = &cobra.Command{
 	Use:   "create",
 	Short: "Create new container",
 	Long: `Create new container and register it in the FrostFS. 
 It will be stored in sidechain when inner ring will accepts it.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		placementPolicy, err := parseContainerPolicy(cmd, containerPolicy)
 		commonCmd.ExitOnErr(cmd, "", err)
 		key := key.Get(cmd)
 		cli := internalclient.GetSDKClientByFlag(cmd, key, commonflags.RPC)
 		if !force {
 			var prm internalclient.NetMapSnapshotPrm
 			prm.SetClient(cli)
 			resmap, err := internalclient.NetMapSnapshot(prm)
 			commonCmd.ExitOnErr(cmd, "unable to get netmap snapshot to validate container placement, "+
 				"use --force option to skip this check: %w", err)
 			nodesByRep, err := resmap.NetMap().ContainerNodes(*placementPolicy, nil)
 			commonCmd.ExitOnErr(cmd, "could not build container nodes based on given placement policy, "+
 				"use --force option to skip this check: %w", err)
 			for i, nodes := range nodesByRep {
 				if placementPolicy.ReplicaNumberByIndex(i) > uint32(len(nodes)) {
 					commonCmd.ExitOnErr(cmd, "", fmt.Errorf(
 						"the number of nodes '%d' in selector is not enough for the number of replicas '%d', "+
 							"use --force option to skip this check",
 						len(nodes),
 						placementPolicy.ReplicaNumberByIndex(i),
 					))
 				}
 			}
 		}
 		if containerSubnet != "" {
 			var subnetID subnetid.ID
 			err = subnetID.DecodeString(containerSubnet)
 			commonCmd.ExitOnErr(cmd, "could not parse subnetID: %w", err)
 			placementPolicy.RestrictSubnet(subnetID)
 		}
 		var cnr container.Container
 		cnr.Init()
 		err = parseAttributes(&cnr, containerAttributes)
 		commonCmd.ExitOnErr(cmd, "", err)
 		var basicACL acl.Basic
 		commonCmd.ExitOnErr(cmd, "decode basic ACL string: %w", basicACL.DecodeString(containerACL))
 		tok := getSession(cmd)
 		if tok != nil {
 			issuer := tok.Issuer()
 			cnr.SetOwner(issuer)
 		} else {
 			var idOwner user.ID
 			user.IDFromKey(&idOwner, key.PublicKey)
 			cnr.SetOwner(idOwner)
 		}
 		cnr.SetPlacementPolicy(*placementPolicy)
 		cnr.SetBasicACL(basicACL)
 		var syncContainerPrm internalclient.SyncContainerPrm
 		syncContainerPrm.SetClient(cli)
 		syncContainerPrm.SetContainer(&cnr)
 		_, err = internalclient.SyncContainerSettings(syncContainerPrm)
 		commonCmd.ExitOnErr(cmd, "syncing container's settings rpc error: %w", err)
 		var putPrm internalclient.PutContainerPrm
 		putPrm.SetClient(cli)
 		putPrm.SetContainer(cnr)
 		if tok != nil {
 			putPrm.WithinSession(*tok)
 		}
 		res, err := internalclient.PutContainer(putPrm)
 		commonCmd.ExitOnErr(cmd, "put container rpc error: %w", err)
 		id := res.ID()
 		cmd.Println("container ID:", id)
 		if containerAwait {
 			cmd.Println("awaiting...")
 			var getPrm internalclient.GetContainerPrm
 			getPrm.SetClient(cli)
 			getPrm.SetContainer(id)
 			for i := 0; i < awaitTimeout; i++ {
 				time.Sleep(1 * time.Second)
 				_, err := internalclient.GetContainer(getPrm)
 				if err == nil {
 					cmd.Println("container has been persisted on sidechain")
 					return
 				}
 			}
 			commonCmd.ExitOnErr(cmd, "", errCreateTimeout)
 		}
 	},
 }
 func initContainerCreateCmd() {
 	flags := createContainerCmd.Flags()
 	// Init common flags
 	flags.StringP(commonflags.RPC, commonflags.RPCShorthand, commonflags.RPCDefault, commonflags.RPCUsage)
 	flags.DurationP(commonflags.Timeout, commonflags.TimeoutShorthand, commonflags.TimeoutDefault, commonflags.TimeoutUsage)
 	flags.StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, commonflags.WalletPathDefault, commonflags.WalletPathUsage)
 	flags.StringP(commonflags.Account, commonflags.AccountShorthand, commonflags.AccountDefault, commonflags.AccountUsage)
 	flags.StringVar(&containerACL, "basic-acl", acl.NamePrivate, fmt.Sprintf("HEX encoded basic ACL value or keywords like '%s', '%s', '%s'",
 		acl.NamePublicRW, acl.NamePrivate, acl.NamePublicROExtended,
 	))
 	flags.StringVarP(&containerPolicy, "policy", "p", "", "QL-encoded or JSON-encoded placement policy or path to file with it")
 	flags.StringSliceVarP(&containerAttributes, "attributes", "a", nil, "Comma separated pairs of container attributes in form of Key1=Value1,Key2=Value2")
 	flags.BoolVar(&containerAwait, "await", false, "Block execution until container is persisted")
 	flags.StringVar(&containerName, "name", "", "Container name attribute")
 	flags.StringVar(&containerNnsName, "nns-name", "", "Container nns name attribute")
 	flags.StringVar(&containerNnsZone, "nns-zone", "", "Container nns zone attribute")
 	flags.BoolVar(&containerNoTimestamp, "disable-timestamp", false, "Disable timestamp container attribute")
 	flags.StringVar(&containerSubnet, "subnet", "", "String representation of container subnetwork")
 	flags.BoolVarP(&force, commonflags.ForceFlag, commonflags.ForceFlagShorthand, false,
 		"Skip placement validity check")
 }
 func parseContainerPolicy(cmd *cobra.Command, policyString string) (*netmap.PlacementPolicy, error) {
 	_, err := os.Stat(policyString) // check if `policyString` is a path to file with placement policy
 	if err == nil {
 		common.PrintVerbose(cmd, "Reading placement policy from file: %s", policyString)
 		data, err := os.ReadFile(policyString)
 		if err != nil {
 			return nil, fmt.Errorf("can't read file with placement policy: %w", err)
 		}
 		policyString = string(data)
 	}
 	var result netmap.PlacementPolicy
 	err = result.DecodeString(policyString)
 	if err == nil {
 		common.PrintVerbose(cmd, "Parsed QL encoded policy")
 		return &result, nil
 	}
 	if err = result.UnmarshalJSON([]byte(policyString)); err == nil {
 		common.PrintVerbose(cmd, "Parsed JSON encoded policy")
 		return &result, nil
 	}
 	return nil, errors.New("can't parse placement policy")
 }
 func parseAttributes(dst *container.Container, attributes []string) error {
 	for i := range attributes {
 		k, v, found := strings.Cut(attributes[i], attributeDelimiter)
 		if !found {
 			return errors.New("invalid container attribute")
 		}
 		dst.SetAttribute(k, v)
 	}
 	if !containerNoTimestamp {
 		container.SetCreationTime(dst, time.Now())
 	}
 	if containerName != "" {
 		container.SetName(dst, containerName)
 	}
 	if containerNnsName != "" {
 		dst.SetAttribute(containerApi.SysAttributeName, containerNnsName)
 	}
 	if containerNnsZone != "" {
 		dst.SetAttribute(containerApi.SysAttributeZone, containerNnsZone)
 	}
 	return nil
 }
--- a/Show more
+++ b/Show more
		`@ -0,0 +1 @@`
							`* @TrueCloudLab/storage-core @TrueCloudLab/committers`