commit fe877a169f00424244201e3098bcbabc53500982
Author: Evgeniy Kulikov <kim@nspcc.ru>
Date:   Thu Jan 30 14:41:24 2020 +0300

    initialize

diff --git a/.github/markdown.tmpl b/.github/markdown.tmpl
new file mode 100644
index 0000000..f945c13
--- /dev/null
+++ b/.github/markdown.tmpl
@@ -0,0 +1,83 @@
+# Protocol Documentation
+<a name="top"></a>
+
+## Table of Contents
+{{range .Files}}
+{{$file_name := .Name}}- [{{.Name}}](#{{.Name}})
+{{if .Services}} - Services
+    {{range .Services}}- [{{.Name}}](#{{.FullName}})
+    {{end}}{{end}}
+{{if .Messages}}  - Messages
+    {{range .Messages}}- [{{.LongName}}](#{{.FullName}})
+    {{end}}{{end}}
+{{end}}
+- [Scalar Value Types](#scalar-value-types)
+
+{{range .Files}}
+{{$file_name := .Name}}
+<a name="{{.Name}}"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## {{.Name}}
+{{.Description}}
+
+{{range .Services}}
+
+<a name="{{.FullName}}"></a>
+
+### Service "{{.FullName}}"
+{{.Description}}
+
+```
+{{range .Methods -}}
+  rpc {{.Name}}({{if .RequestStreaming}}stream {{end}}{{.RequestLongType}}) returns ({{if .ResponseStreaming}}stream {{end}}{{.ResponseLongType}});
+{{end}}
+```
+
+{{range .Methods -}}
+#### Method {{.Name}}
+
+{{.Description}}
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| {{.Name}} | [{{.RequestLongType}}](#{{.RequestFullType}}) | [{{.ResponseLongType}}](#{{.ResponseFullType}}) |
+{{end}}{{end}} <!-- end services -->
+
+{{range .Messages}}
+<a name="{{.FullName}}"></a>
+
+### Message {{.LongName}}
+{{.Description}}
+
+{{if .HasFields}}
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+{{range .Fields -}}
+  | {{.Name}} | [{{.LongType}}](#{{.FullType}}) | {{.Label}} | {{nobr .Description}}{{if .DefaultValue}} Default: {{.DefaultValue}}{{end}} |
+{{end}}{{end}}
+{{end}} <!-- end messages -->
+
+{{range .Enums}}
+<a name="{{.FullName}}"></a>
+
+### {{.LongName}}
+{{.Description}}
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+{{range .Values -}}
+  | {{.Name}} | {{.Number}} | {{nobr .Description}} |
+{{end}}
+
+{{end}} <!-- end enums -->
+
+{{end}}
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+{{range .Scalars -}}
+  | <a name="{{.ProtoType}}" /> {{.ProtoType}} | {{.Notes}} | {{.CppType}} | {{.JavaType}} | {{.PythonType}} |
+{{end}}
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1df644c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+vendor
+**/*.pb.go
diff --git a/LICENSE.md b/LICENSE.md
new file mode 100644
index 0000000..5c13ba2
--- /dev/null
+++ b/LICENSE.md
@@ -0,0 +1,675 @@
+### GNU GENERAL PUBLIC LICENSE
+
+Version 3, 29 June 2007
+
+Copyright (C) 2007 Free Software Foundation, Inc.
+<https://fsf.org/>
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+### Preamble
+
+The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom
+to share and change all versions of a program--to make sure it remains
+free software for all its users. We, the Free Software Foundation, use
+the GNU General Public License for most of our software; it applies
+also to any other work released this way by its authors. You can apply
+it to your programs, too.
+
+When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you
+have certain responsibilities if you distribute copies of the
+software, or if you modify it: responsibilities to respect the freedom
+of others.
+
+For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the
+manufacturer can do so. This is fundamentally incompatible with the
+aim of protecting users' freedom to change the software. The
+systematic pattern of such abuse occurs in the area of products for
+individuals to use, which is precisely where it is most unacceptable.
+Therefore, we have designed this version of the GPL to prohibit the
+practice for those products. If such problems arise substantially in
+other domains, we stand ready to extend this provision to those
+domains in future versions of the GPL, as needed to protect the
+freedom of users.
+
+Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish
+to avoid the special danger that patents applied to a free program
+could make it effectively proprietary. To prevent this, the GPL
+assures that patents cannot be used to render the program non-free.
+
+The precise terms and conditions for copying, distribution and
+modification follow.
+
+### TERMS AND CONDITIONS
+
+#### 0. Definitions.
+
+"This License" refers to version 3 of the GNU General Public License.
+
+"Copyright" also means copyright-like laws that apply to other kinds
+of works, such as semiconductor masks.
+
+"The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of
+an exact copy. The resulting work is called a "modified version" of
+the earlier work or a work "based on" the earlier work.
+
+A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user
+through a computer network, with no transfer of a copy, is not
+conveying.
+
+An interactive user interface displays "Appropriate Legal Notices" to
+the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+#### 1. Source Code.
+
+The "source code" for a work means the preferred form of the work for
+making modifications to it. "Object code" means any non-source form of
+a work.
+
+A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+The Corresponding Source need not include anything that users can
+regenerate automatically from other parts of the Corresponding Source.
+
+The Corresponding Source for a work in source code form is that same
+work.
+
+#### 2. Basic Permissions.
+
+All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+You may make, run and propagate covered works that you do not convey,
+without conditions so long as your license otherwise remains in force.
+You may convey covered works to others for the sole purpose of having
+them make modifications exclusively for you, or provide you with
+facilities for running those works, provided that you comply with the
+terms of this License in conveying all material for which you do not
+control copyright. Those thus making or running the covered works for
+you must do so exclusively on your behalf, under your direction and
+control, on terms that prohibit them from making any copies of your
+copyrighted material outside their relationship with you.
+
+Conveying under any other circumstances is permitted solely under the
+conditions stated below. Sublicensing is not allowed; section 10 makes
+it unnecessary.
+
+#### 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such
+circumvention is effected by exercising rights under this License with
+respect to the covered work, and you disclaim any intention to limit
+operation or modification of the work as a means of enforcing, against
+the work's users, your or third parties' legal rights to forbid
+circumvention of technological measures.
+
+#### 4. Conveying Verbatim Copies.
+
+You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+#### 5. Conveying Modified Source Versions.
+
+You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these
+conditions:
+
+-   a) The work must carry prominent notices stating that you modified
+it, and giving a relevant date.
+-   b) The work must carry prominent notices stating that it is
+released under this License and any conditions added under
+section 7. This requirement modifies the requirement in section 4
+to "keep intact all notices".
+-   c) You must license the entire work, as a whole, under this
+License to anyone who comes into possession of a copy. This
+License will therefore apply, along with any applicable section 7
+additional terms, to the whole of the work, and all its parts,
+regardless of how they are packaged. This License gives no
+permission to license the work in any other way, but it does not
+invalidate such permission if you have separately received it.
+-   d) If the work has interactive user interfaces, each must display
+Appropriate Legal Notices; however, if the Program has interactive
+interfaces that do not display Appropriate Legal Notices, your
+work need not make them do so.
+
+A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+#### 6. Conveying Non-Source Forms.
+
+You may convey a covered work in object code form under the terms of
+sections 4 and 5, provided that you also convey the machine-readable
+Corresponding Source under the terms of this License, in one of these
+ways:
+
+-   a) Convey the object code in, or embodied in, a physical product
+(including a physical distribution medium), accompanied by the
+Corresponding Source fixed on a durable physical medium
+customarily used for software interchange.
+-   b) Convey the object code in, or embodied in, a physical product
+(including a physical distribution medium), accompanied by a
+written offer, valid for at least three years and valid for as
+long as you offer spare parts or customer support for that product
+model, to give anyone who possesses the object code either (1) a
+copy of the Corresponding Source for all the software in the
+product that is covered by this License, on a durable physical
+medium customarily used for software interchange, for a price no
+more than your reasonable cost of physically performing this
+conveying of source, or (2) access to copy the Corresponding
+Source from a network server at no charge.
+-   c) Convey individual copies of the object code with a copy of the
+written offer to provide the Corresponding Source. This
+alternative is allowed only occasionally and noncommercially, and
+only if you received the object code with such an offer, in accord
+with subsection 6b.
+-   d) Convey the object code by offering access from a designated
+place (gratis or for a charge), and offer equivalent access to the
+Corresponding Source in the same way through the same place at no
+further charge. You need not require recipients to copy the
+Corresponding Source along with the object code. If the place to
+copy the object code is a network server, the Corresponding Source
+may be on a different server (operated by you or a third party)
+that supports equivalent copying facilities, provided you maintain
+clear directions next to the object code saying where to find the
+Corresponding Source. Regardless of what server hosts the
+Corresponding Source, you remain obligated to ensure that it is
+available for as long as needed to satisfy these requirements.
+-   e) Convey the object code using peer-to-peer transmission,
+provided you inform other peers where the object code and
+Corresponding Source of the work are being offered to the general
+public at no charge under subsection 6d.
+
+A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal,
+family, or household purposes, or (2) anything designed or sold for
+incorporation into a dwelling. In determining whether a product is a
+consumer product, doubtful cases shall be resolved in favor of
+coverage. For a particular product received by a particular user,
+"normally used" refers to a typical or common use of that class of
+product, regardless of the status of the particular user or of the way
+in which the particular user actually uses, or expects or is expected
+to use, the product. A product is a consumer product regardless of
+whether the product has substantial commercial, industrial or
+non-consumer uses, unless such uses represent the only significant
+mode of use of the product.
+
+"Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to
+install and execute modified versions of a covered work in that User
+Product from a modified version of its Corresponding Source. The
+information must suffice to ensure that the continued functioning of
+the modified object code is in no case prevented or interfered with
+solely because modification has been made.
+
+If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or
+updates for a work that has been modified or installed by the
+recipient, or for the User Product in which it has been modified or
+installed. Access to a network may be denied when the modification
+itself materially and adversely affects the operation of the network
+or violates the rules and protocols for communication across the
+network.
+
+Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+#### 7. Additional Terms.
+
+"Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders
+of that material) supplement the terms of this License with terms:
+
+-   a) Disclaiming warranty or limiting liability differently from the
+terms of sections 15 and 16 of this License; or
+-   b) Requiring preservation of specified reasonable legal notices or
+author attributions in that material or in the Appropriate Legal
+Notices displayed by works containing it; or
+-   c) Prohibiting misrepresentation of the origin of that material,
+or requiring that modified versions of such material be marked in
+reasonable ways as different from the original version; or
+-   d) Limiting the use for publicity purposes of names of licensors
+or authors of the material; or
+-   e) Declining to grant rights under trademark law for use of some
+trade names, trademarks, or service marks; or
+-   f) Requiring indemnification of licensors and authors of that
+material by anyone who conveys the material (or modified versions
+of it) with contractual assumptions of liability to the recipient,
+for any liability that these contractual assumptions directly
+impose on those licensors and authors.
+
+All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions; the
+above requirements apply either way.
+
+#### 8. Termination.
+
+You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+However, if you cease all violation of this License, then your license
+from a particular copyright holder is reinstated (a) provisionally,
+unless and until the copyright holder explicitly and finally
+terminates your license, and (b) permanently, if the copyright holder
+fails to notify you of the violation by some reasonable means prior to
+60 days after the cessation.
+
+Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+#### 9. Acceptance Not Required for Having Copies.
+
+You are not required to accept this License in order to receive or run
+a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+#### 10. Automatic Licensing of Downstream Recipients.
+
+Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+#### 11. Patents.
+
+A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+A contributor's "essential patent claims" are all patent claims owned
+or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+A patent license is "discriminatory" if it does not include within the
+scope of its coverage, prohibits the exercise of, or is conditioned on
+the non-exercise of one or more of the rights that are specifically
+granted under this License. You may not convey a covered work if you
+are a party to an arrangement with a third party that is in the
+business of distributing software, under which you make payment to the
+third party based on the extent of your activity of conveying the
+work, and under which the third party grants, to any of the parties
+who would receive the covered work from you, a discriminatory patent
+license (a) in connection with copies of the covered work conveyed by
+you (or copies made from those copies), or (b) primarily for and in
+connection with specific products or compilations that contain the
+covered work, unless you entered into that arrangement, or that patent
+license was granted, prior to 28 March 2007.
+
+Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+#### 12. No Surrender of Others' Freedom.
+
+If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under
+this License and any other pertinent obligations, then as a
+consequence you may not convey it at all. For example, if you agree to
+terms that obligate you to collect a royalty for further conveying
+from those to whom you convey the Program, the only way you could
+satisfy both those terms and this License would be to refrain entirely
+from conveying the Program.
+
+#### 13. Use with the GNU Affero General Public License.
+
+Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+#### 14. Revised Versions of this License.
+
+The Free Software Foundation may publish revised and/or new versions
+of the GNU General Public License from time to time. Such new versions
+will be similar in spirit to the present version, but may differ in
+detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies that a certain numbered version of the GNU General Public
+License "or any later version" applies to it, you have the option of
+following the terms and conditions either of that numbered version or
+of any later version published by the Free Software Foundation. If the
+Program does not specify a version number of the GNU General Public
+License, you may choose any version ever published by the Free
+Software Foundation.
+
+If the Program specifies that a proxy can decide which future versions
+of the GNU General Public License can be used, that proxy's public
+statement of acceptance of a version permanently authorizes you to
+choose that version for the Program.
+
+Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+#### 15. Disclaimer of Warranty.
+
+THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT
+WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
+PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
+DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
+CORRECTION.
+
+#### 16. Limitation of Liability.
+
+IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR
+CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
+ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT
+NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
+LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
+TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
+PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+#### 17. Interpretation of Sections 15 and 16.
+
+If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+END OF TERMS AND CONDITIONS
+
+### How to Apply These Terms to Your New Programs
+
+If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these
+terms.
+
+To do so, attach the following notices to the program. It is safest to
+attach them to the start of each source file to most effectively state
+the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+<one line to give the program's name and a brief idea of what it does.>
+Copyright (C) <year>  <name of author>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper
+mail.
+
+If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+<program>  Copyright (C) <year>  <name of author>
+This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+        This is free software, and you are welcome to redistribute it
+        under certain conditions; type `show c' for details.
+
+The hypothetical commands \`show w' and \`show c' should show the
+appropriate parts of the General Public License. Of course, your
+program's commands might be different; for a GUI interface, you would
+use an "about box".
+
+You should also get your employer (if you work as a programmer) or
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. For more information on this, and how to apply and follow
+the GNU GPL, see <https://www.gnu.org/licenses/>.
+
+The GNU General Public License does not permit incorporating your
+program into proprietary programs. If your program is a subroutine
+library, you may consider it more useful to permit linking proprietary
+applications with the library. If this is what you want to do, use the
+GNU Lesser General Public License instead of this License. But first,
+please read <https://www.gnu.org/licenses/why-not-lgpl.html>.
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..2c672d0
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,36 @@
+NETMAP_VERSION=v1.6.1
+GOGOPROTO_VERSION=v1.3.1
+
+NETMAP_URL=https://github.com/nspcc-dev/netmap/archive/$(NETMAP_VERSION).tar.gz
+GOGOPROTO_URL=https://github.com/gogo/protobuf/archive/$(GOGOPROTO_VERSION).tar.gz
+
+.PHONY: deps docgen
+
+deps:
+	@echo "=> Prepare"
+	@rm -rf ./vendor/github.com/gogo/protobuf
+	@rm -rf ./vendor/github.com/nspcc-dev/netmap
+	@mkdir -p ./vendor/github.com/gogo/protobuf
+	@mkdir -p ./vendor/github.com/nspcc-dev/netmap
+
+	@echo "=> Download"
+	@curl -sL -o ./vendor/gogo.tar.gz $(GOGOPROTO_URL)
+	@curl -sL -o ./vendor/netmap.tar.gz $(NETMAP_URL)
+
+	@echo "=> Vendoring"
+	@tar -xzf ./vendor/gogo.tar.gz --strip-components 1 -C ./vendor/github.com/gogo/protobuf
+	@tar -xzf ./vendor/netmap.tar.gz --strip-components 1 -C ./vendor/github.com/nspcc-dev/netmap
+
+	@echo "=> Cleanup"
+	@rm ./vendor/gogo.tar.gz
+	@rm ./vendor/netmap.tar.gz
+
+# Regenerate documentation for protot files:
+docgen: deps
+	@for f in `find . -type f -name '*.proto' -not -path './vendor/*' -exec dirname {} \; | sort -u `; do \
+		echo "${B}${G}⇒ Documentation for $$(basename $$f) ${R}"; \
+		protoc \
+			--doc_opt=.github/markdown.tmpl,$${f}.md \
+			--proto_path=.:./vendor:/usr/local/include \
+			--doc_out=proto-docs/ $${f}/*.proto; \
+	done
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..2cd9527
--- /dev/null
+++ b/README.md
@@ -0,0 +1,115 @@
+# NeoFS-proto 
+
+NeoFS-proto repository contains implementation of core NeoFS structures that
+can be used for integration with NeoFS. 
+
+## Description
+
+Repository contains 13 packages that implement NeoFS core structures. These
+packages mostly contain protobuf files with service and structure definitions 
+or NeoFS core types with complemented functions. 
+
+There is a auto-generated documentation for protobuf files in [docs](proto-docs).
+
+### Accounting
+
+Accounting package defines services and structures for accounting operations: 
+balance request and `cheque` operations for withdraw. `Cheque` is a structure
+with inner ring signatures, which approve that user can withdraw requested
+amount of assets. NeoFS smart contract takes binary formatted `cheque` as a 
+parameter in withdraw call. 
+
+#### API
+Accounting package defines: 
+- [Accounting service](proto-docs/accounting.md#accounting.Accounting)
+- [Withdraw service](proto-docs/accounting.md#accounting.Withdraw)
+
+
+### Bootstrap
+
+Bootstrap package defines bootstrap service which is used by storage nodes to
+connect to the storage network. 
+
+#### API
+Bootstrap package defines:
+- [Bootstrap service](proto-docs/bootstrap.md#bootstrap.Bootstrap)
+
+
+### Chain
+
+Chain package contains util functions for operations with NEO Blockchain types:
+wallet addresses, script-hashes. 
+
+### Container
+
+Container package defines service and structures for operations with containers.
+Objects in NeoFS are stored in containers. Container defines storage 
+policy for the objects. 
+
+#### API
+Bootstrap package defines:
+- [Container service](proto-docs/container.md#container.Service)
+
+### Decimal
+
+Decimal defines custom decimal implementation which is used in accounting
+operations.
+
+### Hash
+
+Hash package defines homomorphic hash type.
+
+### Internal
+
+Internal package defines constant error type and proto interface for custom
+protobuf structures. 
+
+### Object
+
+Object package defines service and structures for object operations. Object is 
+a core storage structure in NeoFS. Package contains detailed information
+about object internal structure.
+
+#### API
+Object package defines:
+- [Object service](proto-docs/object.md#object.Service)
+
+### Query
+
+Query package defines structure for object search requests. 
+
+### Refs
+
+Refs package defines core identity types: Object ID, Container ID, etc.
+
+### Service
+
+Service package defines util structure and functions for all NeoFS services
+operations: TTL and request signature management, node roles, epoch retriever. 
+
+### Session
+
+Session package defines service and structures for session obtain. Object
+operations require an established session with pair of session keys signed by 
+owner of the object. 
+
+#### API
+Session package defines:
+- [Session service](proto-docs/session.md#session.Session)
+
+### State
+
+State package defines service and structures for metrics gathering. 
+
+#### API
+State package defines:
+- [Status service](proto-docs/state.md#state.Status)
+
+## Contributing
+
+At this moment, we do not accept contributions. 
+
+## License
+
+This project is licensed under the GPLv3 License - 
+see the [LICENSE.md](LICENSE.md) file for details
diff --git a/accounting/service.proto b/accounting/service.proto
new file mode 100644
index 0000000..f2696c4
--- /dev/null
+++ b/accounting/service.proto
@@ -0,0 +1,35 @@
+syntax = "proto3";
+package accounting;
+option go_package = "github.com/nspcc-dev/neofs-proto/accounting";
+
+import "service/meta.proto";
+import "service/verify.proto";
+import "decimal/decimal.proto";
+import "accounting/types.proto";
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+// Accounting is a service that provides access for accounting balance
+// information
+service Accounting {
+    // Balance returns current balance status of the NeoFS user
+    rpc Balance(BalanceRequest) returns (BalanceResponse);
+}
+
+message BalanceRequest {
+    // OwnerID is a wallet address
+    bytes OwnerID                            = 1 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message BalanceResponse {
+    // Balance contains current account balance state
+    decimal.Decimal Balance       = 1;
+    // LockAccounts contains information about locked funds. Locked funds appear
+    // when user pays for storage or withdraw assets.
+    repeated Account LockAccounts = 2;
+}
diff --git a/accounting/types.proto b/accounting/types.proto
new file mode 100644
index 0000000..ac512b9
--- /dev/null
+++ b/accounting/types.proto
@@ -0,0 +1,124 @@
+syntax = "proto3";
+package accounting;
+option go_package = "github.com/nspcc-dev/neofs-proto/accounting";
+
+import "decimal/decimal.proto";
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+message Account {
+    // OwnerID is a wallet address
+    bytes OwnerID                 = 1 [(gogoproto.customtype) = "OwnerID",  (gogoproto.nullable) = false];
+    // Address is identifier of accounting record
+    string Address                = 2;
+    // ParentAddress is identifier of parent accounting record
+    string ParentAddress          = 3;
+    // ActiveFunds is amount of active (non locked) funds for account
+    decimal.Decimal ActiveFunds   = 4;
+    // Lifetime is time until account is valid (used for lock accounts)
+    Lifetime Lifetime             = 5 [(gogoproto.nullable) = false];
+    // LockTarget is the purpose of lock funds (it might be withdraw or payment for storage)
+    LockTarget LockTarget         = 6;
+    // LockAccounts contains child accounts with locked funds
+    repeated Account LockAccounts = 7;
+}
+
+// LockTarget must be one of two options
+message LockTarget {
+    oneof Target {
+        // WithdrawTarget used when user requested withdraw
+        WithdrawTarget WithdrawTarget = 1;
+        // ContainerCreateTarget used when user requested creation of container
+        ContainerCreateTarget ContainerCreateTarget = 2;
+    }
+}
+
+message Balances {
+    // Accounts contains multiple account snapshots
+    repeated Account Accounts = 1 [(gogoproto.nullable) = false];
+}
+
+message PayIO {
+    // BlockID contains id of the NEO block where withdraw or deposit
+    // call was invoked
+    uint64 BlockID = 1;
+    // Transactions contains all transactions that founded in block
+    // and used for PayIO
+    repeated Tx Transactions = 2 [(gogoproto.nullable) = false];
+}
+
+message Lifetime {
+    // Unit can be Unlimited, based on NeoFS epoch or Neo block
+    enum Unit {
+        Unlimited = 0;
+        NeoFSEpoch = 1;
+        NeoBlock = 2;
+    }
+
+    // Unit describes how lifetime is measured in account
+    Unit unit = 1 [(gogoproto.customname) = "Unit"];
+    // Value describes how long lifetime will be valid
+    int64 Value = 2;
+}
+
+message Tx {
+    // Type can be withdrawal, payIO or inner
+    enum Type {
+        Unknown  = 0;
+        Withdraw = 1;
+        PayIO    = 2;
+        Inner    = 3;
+    }
+
+    // Type describes target of transaction
+    Type type              = 1 [(gogoproto.customname) = "Type"];
+    // From describes sender of funds
+    string From            = 2;
+    // To describes receiver of funds
+    string To              = 3;
+    // Amount describes amount of funds
+    decimal.Decimal Amount = 4;
+    // PublicKeys contains public key of sender
+    bytes PublicKeys       = 5;
+}
+
+message Settlement {
+    message Receiver {
+        // To is the address of funds recipient 
+        string To              = 1;
+        // Amount is the amount of funds that will be sent
+        decimal.Decimal Amount = 2;
+    }
+
+    message Container {
+        // CID is container identifier
+        bytes CID            = 1 [(gogoproto.customtype) = "CID", (gogoproto.nullable) = false];
+        // SGIDs is a set of storage groups that successfully passed the audit
+        repeated bytes SGIDs = 2 [(gogoproto.customtype) = "SGID", (gogoproto.nullable) = false];
+    }
+
+    message Tx {
+        // From is the address of the sender of funds
+        string From                 = 1;
+        // Container that successfully had passed the audit
+        Container Container         = 2 [(gogoproto.nullable) = false];
+        // Receivers is a set of addresses of funds recipients
+        repeated Receiver Receivers = 3 [(gogoproto.nullable) = false];
+    }
+
+    // Epoch contains an epoch when settlement was accepted
+    uint64 Epoch             = 1;
+    // Transactions is a set of transactions
+    repeated Tx Transactions = 2;
+}
+
+message ContainerCreateTarget {
+    // CID is container identifier
+    bytes CID = 1 [(gogoproto.customtype) = "CID", (gogoproto.nullable) = false];
+}
+
+message WithdrawTarget {
+    // Cheque is a string representation of cheque id
+    string Cheque = 1;
+}
diff --git a/accounting/withdraw.proto b/accounting/withdraw.proto
new file mode 100644
index 0000000..a44e47a
--- /dev/null
+++ b/accounting/withdraw.proto
@@ -0,0 +1,100 @@
+syntax = "proto3";
+package accounting;
+option go_package = "github.com/nspcc-dev/neofs-proto/accounting";
+
+import "service/meta.proto";
+import "service/verify.proto";
+import "decimal/decimal.proto";
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+// Withdraw is a service that provides withdraw assets operations from the NeoFS
+service Withdraw {
+    // Get returns cheque if it was signed by inner ring nodes
+    rpc Get(GetRequest) returns (GetResponse);
+    // Put ask inner ring nodes to sign a cheque for withdraw invoke
+    rpc Put(PutRequest) returns (PutResponse);
+    // List shows all user's checks
+    rpc List(ListRequest) returns (ListResponse);
+    // Delete allows user to remove unused cheque
+    rpc Delete(DeleteRequest) returns (DeleteResponse);
+}
+
+message Item {
+    // ID is a cheque identifier
+    bytes ID               = 1 [(gogoproto.customtype) = "ChequeID", (gogoproto.nullable) = false];
+    // OwnerID is a wallet address
+    bytes OwnerID          = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+    // Amount of funds
+    decimal.Decimal Amount = 3;
+    // Height is the neo blockchain height until the cheque is valid
+    uint64 Height          = 4;
+    // Payload contains cheque representation in bytes
+    bytes Payload          = 5;
+}
+
+message GetRequest {
+    // ID is cheque identifier
+    bytes ID                                 = 1 [(gogoproto.customtype) = "ChequeID", (gogoproto.nullable) = false];
+    // OwnerID is a wallet address
+    bytes OwnerID                            = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message GetResponse {
+    // Withdraw is cheque with meta information
+    Item Withdraw = 1;
+}
+
+message PutRequest {
+    // OwnerID is a wallet address
+    bytes OwnerID                            = 1 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+    // Amount of funds
+    decimal.Decimal Amount                   = 2;
+    // Height is the neo blockchain height until the cheque is valid
+    uint64 Height                            = 3;
+    // MessageID is a nonce for uniq request (UUIDv4)
+    bytes MessageID                          = 4 [(gogoproto.customtype) = "MessageID", (gogoproto.nullable) = false];
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+message PutResponse {
+    // ID is cheque identifier
+    bytes ID = 1 [(gogoproto.customtype) = "ChequeID", (gogoproto.nullable) = false];
+}
+
+message ListRequest {
+    // OwnerID is a wallet address
+    bytes OwnerID                            = 1 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message ListResponse {
+    // Items is a set of cheques with meta information
+    repeated Item Items = 1;
+}
+
+message DeleteRequest {
+    // ID is cheque identifier
+    bytes ID                                 = 1 [(gogoproto.customtype) = "ChequeID", (gogoproto.nullable) = false];
+    // OwnerID is a wallet address
+    bytes OwnerID                            = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+    // MessageID is a nonce for uniq request (UUIDv4)
+    bytes MessageID                          = 3 [(gogoproto.customtype) = "MessageID", (gogoproto.nullable) = false];
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+// DeleteResponse is empty
+message DeleteResponse {}
diff --git a/bootstrap/service.proto b/bootstrap/service.proto
new file mode 100644
index 0000000..f0bf755
--- /dev/null
+++ b/bootstrap/service.proto
@@ -0,0 +1,29 @@
+syntax = "proto3";
+package bootstrap;
+option go_package = "github.com/nspcc-dev/neofs-proto/bootstrap";
+
+import "service/meta.proto";
+import "service/verify.proto";
+import "bootstrap/types.proto";
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+// Bootstrap service allows neofs-node to connect to the network. Node should
+// perform at least one bootstrap request in the epoch to stay in the network
+// for the next epoch.
+service Bootstrap {
+    // Process is method that allows to register node in the network and receive actual netmap
+    rpc Process(Request) returns (bootstrap.SpreadMap);
+}
+
+message Request {
+    // Type is NodeType, can be InnerRingNode (type=1) or StorageNode (type=2)
+    int32              type                  = 1 [(gogoproto.customname) = "Type" , (gogoproto.nullable) = false, (gogoproto.customtype) = "NodeType"];
+    // Info contains information about node
+    bootstrap.NodeInfo info                  = 2 [(gogoproto.nullable) = false];
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
diff --git a/bootstrap/types.proto b/bootstrap/types.proto
new file mode 100644
index 0000000..5a566da
--- /dev/null
+++ b/bootstrap/types.proto
@@ -0,0 +1,28 @@
+syntax = "proto3";
+package bootstrap;
+option go_package = "github.com/nspcc-dev/neofs-proto/bootstrap";
+
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;;
+
+option (gogoproto.stringer_all) =  false;
+option (gogoproto.goproto_stringer_all) = false;
+
+message SpreadMap {
+    // Epoch is current epoch for netmap
+    uint64 Epoch = 1;
+    // NetMap is a set of NodeInfos
+    repeated NodeInfo NetMap = 2 [(gogoproto.nullable) = false];
+}
+
+message NodeInfo {
+    // Address is a node [multi-address](https://github.com/multiformats/multiaddr)
+    string Address          = 1 [(gogoproto.jsontag) = "address"];
+    // PubKey is a compressed public key representation in bytes
+    bytes PubKey            = 2 [(gogoproto.jsontag) = "pubkey,omitempty"];
+    // Options is set of node optional information, such as storage capacity, node location, price and etc
+    repeated string Options = 3 [(gogoproto.jsontag) = "options,omitempty"];
+    // Status is bitmap status of the node
+    uint64 Status           = 4 [(gogoproto.jsontag) = "status", (gogoproto.nullable) = false, (gogoproto.customtype) = "NodeStatus"];
+}
diff --git a/container/service.proto b/container/service.proto
new file mode 100644
index 0000000..9bd02c9
--- /dev/null
+++ b/container/service.proto
@@ -0,0 +1,100 @@
+syntax = "proto3";
+package container;
+option go_package = "github.com/nspcc-dev/neofs-proto/container";
+
+import "service/meta.proto";
+import "service/verify.proto";
+import "container/types.proto";
+import "github.com/nspcc-dev/netmap/selector.proto";
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+// Container service provides API for manipulating with the container.
+service Service {
+    // Put request proposes container to the inner ring nodes. They will
+    // accept new container if user has enough deposit. All containers
+    // are accepted by the consensus, therefore it is asynchronous process.
+    rpc Put(PutRequest) returns (PutResponse);
+
+    // Delete container removes it from the inner ring container storage. It
+    // also asynchronous process done by consensus.
+    rpc Delete(DeleteRequest) returns (DeleteResponse);
+
+    // Get container returns container instance
+    rpc Get(GetRequest) returns (GetResponse);
+
+    // List returns all user's containers
+    rpc List(ListRequest) returns (ListResponse);
+}
+
+message PutRequest {
+    // MessageID is a nonce for uniq container id calculation
+    bytes MessageID                          = 1 [(gogoproto.customtype) = "MessageID", (gogoproto.nullable) = false];
+
+    // Capacity defines amount of data that can be stored in the container (doesn't used for now).
+    uint64 Capacity                          = 2;
+
+    // OwnerID is a wallet address
+    bytes OwnerID                            = 3 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+
+    // Rules define storage policy for the object inside the container.
+    netmap.PlacementRule rules               = 4 [(gogoproto.nullable) = false];
+
+    // Container ACL.
+    AccessGroup Group                        = 5 [(gogoproto.nullable) = false];
+
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message PutResponse {
+    // CID (container id) is a SHA256 hash of the container structure
+    bytes CID = 1 [(gogoproto.customtype) = "CID", (gogoproto.nullable) = false];
+}
+
+message DeleteRequest {
+    // CID (container id) is a SHA256 hash of the container structure
+    bytes CID                                = 1 [(gogoproto.customtype) = "CID", (gogoproto.nullable) = false];
+
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+// DeleteResponse is empty because delete operation is asynchronous and done
+// via consensus in inner ring nodes
+message DeleteResponse { }
+
+
+message GetRequest {
+    // CID (container id) is a SHA256 hash of the container structure
+    bytes CID                                = 1 [(gogoproto.customtype) = "CID", (gogoproto.nullable) = false];
+
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message GetResponse {
+    // Container is a structure that contains placement rules and owner id
+    container.Container Container = 1;
+}
+
+message ListRequest {
+    // OwnerID is a wallet address
+    bytes OwnerID                            = 1 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message ListResponse {
+    // CID (container id) is list of SHA256 hashes of the container structures
+    repeated bytes CID = 1 [(gogoproto.customtype) = "CID", (gogoproto.nullable) = false];
+}
diff --git a/container/types.proto b/container/types.proto
new file mode 100644
index 0000000..4600046
--- /dev/null
+++ b/container/types.proto
@@ -0,0 +1,34 @@
+syntax = "proto3";
+package container;
+option go_package = "github.com/nspcc-dev/neofs-proto/container";
+
+import "github.com/nspcc-dev/netmap/selector.proto";
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+// The Container service definition.
+message Container {
+    // OwnerID is a wallet address.
+    bytes OwnerID              = 1 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+    // Salt is a nonce for unique container id calculation.
+    bytes Salt                 = 2 [(gogoproto.customtype) = "UUID",    (gogoproto.nullable) = false];
+    // Capacity defines amount of data that can be stored in the container (doesn't used for now).
+    uint64 Capacity            = 3;
+    // Rules define storage policy for the object inside the container.
+    netmap.PlacementRule Rules = 4 [(gogoproto.nullable) = false];
+    // Container ACL.
+    AccessControlList List     = 5 [(gogoproto.nullable) = false];
+}
+
+message AccessGroup {
+    // Group access mode.
+    uint32 AccessMode         = 1;
+    // Group members.
+    repeated bytes UserGroup  = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+}
+
+message AccessControlList {
+    // List of access groups.
+    repeated AccessGroup List = 1 [(gogoproto.nullable) = false];
+}
diff --git a/decimal/decimal.proto b/decimal/decimal.proto
new file mode 100644
index 0000000..42cf2df
--- /dev/null
+++ b/decimal/decimal.proto
@@ -0,0 +1,17 @@
+syntax = "proto3";
+package decimal;
+option go_package = "github.com/nspcc-dev/neofs-proto/decimal";
+
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+// Decimal is a structure used for representation of assets amount
+message Decimal {
+    option (gogoproto.goproto_stringer) = false;
+
+    // Value is value number
+    int64 Value = 1;
+    // Precision is precision number
+    uint32 Precision = 2;
+}
diff --git a/docs/.gitkeep b/docs/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/object/service.proto b/object/service.proto
new file mode 100644
index 0000000..91c0cbd
--- /dev/null
+++ b/object/service.proto
@@ -0,0 +1,186 @@
+syntax = "proto3";
+package object;
+option go_package = "github.com/nspcc-dev/neofs-proto/object";
+
+import "refs/types.proto";
+import "object/types.proto";
+import "session/types.proto";
+import "service/meta.proto";
+import "service/verify.proto";
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+// Object service provides API for manipulating with the object.
+service Service {
+
+    // Get the object from container. Response uses gRPC stream. First response
+    // message carry object of requested address. Chunk messages are parts of
+    // the object's payload if it is needed. All messages except first carry
+    // chunks. Requested object can be restored by concatenation of object
+    // message payload and all chunks keeping receiving order.
+    rpc Get(GetRequest) returns (stream GetResponse);
+
+    // Put the object into container. Request uses gRPC stream. First message
+    // SHOULD BE type of PutHeader. Container id and Owner id of object SHOULD
+    // BE set. Session token SHOULD BE obtained before put operation (see
+    // session package). Chunk messages considered by server as part of object
+    // payload. All messages except first SHOULD BE chunks. Chunk messages
+    // SHOULD BE sent in direct order of fragmentation.
+    rpc Put(stream PutRequest) returns (PutResponse);
+
+    // Delete the object from a container
+    rpc Delete(DeleteRequest) returns (DeleteResponse);
+
+    // Head returns the object without data payload. Object in the
+    // response has system header only. If full headers flag is set, extended
+    // headers are also present.
+    rpc Head(HeadRequest) returns (HeadResponse);
+
+    // Search objects in container. Version of query language format SHOULD BE
+    // set to 1. Search query represented in serialized format (see query
+    // package).
+    rpc Search(SearchRequest) returns (SearchResponse);
+
+    // GetRange of data payload. Ranges are set of pairs (offset, length).
+    // Fragments order in response corresponds to ranges order in request.
+    rpc GetRange(GetRangeRequest) returns (GetRangeResponse);
+
+    // GetRangeHash returns homomorphic hash of object payload range after XOR
+    // operation. Ranges are set of pairs (offset, length). Hashes order in
+    // response corresponds to ranges order in request. Homomorphic hash is
+    // calculated for XORed data.
+    rpc GetRangeHash(GetRangeHashRequest) returns (GetRangeHashResponse);
+}
+
+message GetRequest {
+    // Address of object (container id + object id)
+    refs.Address Address                     = 1 [(gogoproto.nullable) = false];
+    // Raw is the request flag of a physically stored representation of an object
+    bool Raw                                 = 2;
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message GetResponse {
+    oneof R {
+        // Object header and some payload
+        Object object = 1;
+        // Chunk of remaining payload
+        bytes Chunk   = 2;
+    }
+}
+
+message PutRequest {
+    message PutHeader {
+        // Object with at least container id and owner id fields
+        Object Object       = 1;
+        // Token with session public key and user's signature
+        session.Token Token = 2;
+    }
+
+    oneof R {
+        // Header should be the first message in the stream
+        PutHeader Header = 1;
+        // Chunk should be a remaining message in stream should be chunks
+        bytes Chunk      = 2;
+    }
+
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message PutResponse {
+    // Address of object (container id + object id)
+    refs.Address Address = 1 [(gogoproto.nullable) = false];
+}
+message DeleteRequest {
+    // Address of object (container id + object id)
+    refs.Address Address                     = 1 [(gogoproto.nullable) = false];
+    // OwnerID is a wallet address
+    bytes OwnerID                            = 2 [(gogoproto.nullable) = false, (gogoproto.customtype) = "OwnerID"];
+    // Token with session public key and user's signature
+    session.Token Token                      = 3;
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+// DeleteResponse is empty because we cannot guarantee permanent object removal
+// in distributed system.
+message DeleteResponse {}
+
+message HeadRequest {
+    // Address of object (container id + object id)
+    refs.Address Address                     = 1 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"];
+    // FullHeaders can be set true for extended headers in the object
+    bool FullHeaders                         = 2;
+    // Raw is the request flag of a physically stored representation of an object
+    bool Raw                                 = 3;
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+message HeadResponse {
+    // Object without payload
+    Object Object = 1;
+}
+
+message SearchRequest {
+    // ContainerID for searching the object
+    bytes ContainerID                        = 1 [(gogoproto.nullable) = false, (gogoproto.customtype) = "CID"];
+    // Query in the binary serialized format
+    bytes Query                              = 2;
+    // QueryVersion is a version of search query format
+    uint32 QueryVersion                     = 3;
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message SearchResponse {
+    // Addresses of found objects
+    repeated refs.Address Addresses = 1 [(gogoproto.nullable) = false];
+}
+
+message GetRangeRequest {
+    // Address of object (container id + object id)
+    refs.Address Address                     = 1 [(gogoproto.nullable) = false];
+    // Ranges of object's payload to return
+    repeated Range Ranges                    = 2 [(gogoproto.nullable) = false];
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message GetRangeResponse {
+    // Fragments of object's payload
+    repeated bytes Fragments = 1;
+}
+
+message GetRangeHashRequest {
+    // Address of object (container id + object id)
+    refs.Address Address                     = 1 [(gogoproto.nullable) = false];
+    // Ranges of object's payload to calculate homomorphic hash
+    repeated Range Ranges                    = 2 [(gogoproto.nullable) = false];
+    // Salt is used to XOR object's payload ranges before hashing, it can be nil
+    bytes Salt                               = 3;
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message GetRangeHashResponse {
+    // Hashes is a homomorphic hashes of all ranges
+    repeated bytes Hashes = 1 [(gogoproto.customtype) = "Hash", (gogoproto.nullable) = false];
+}
+
diff --git a/object/types.proto b/object/types.proto
new file mode 100644
index 0000000..293f347
--- /dev/null
+++ b/object/types.proto
@@ -0,0 +1,131 @@
+syntax = "proto3";
+package object;
+option go_package = "github.com/nspcc-dev/neofs-proto/object";
+
+import "refs/types.proto";
+import "session/types.proto";
+import "storagegroup/types.proto";
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+message Range {
+    // Offset of the data range
+    uint64 Offset = 1;
+    // Length of the data range
+    uint64 Length = 2;
+}
+
+message UserHeader {
+    // Key of the user's header
+    string Key   = 1;
+    // Value of the user's header
+    string Value = 2;
+}
+
+message Header {
+    oneof Value {
+        // Link to other objects
+        Link Link                              = 1;
+        // Redirect not used yet
+        refs.Address Redirect                  = 2;
+        // UserHeader is a set of KV headers defined by user
+        UserHeader UserHeader                  = 3;
+        // Transform defines transform operation (e.g. payload split)
+        Transform Transform                    = 4;
+        // Tombstone header that set up in deleted objects
+        Tombstone Tombstone                    = 5;
+        // Verify header that contains session public key and user's signature
+        session.VerificationHeader Verify      = 6;
+        // HomoHash is a homomorphic hash of original object payload
+        bytes HomoHash                         = 7 [(gogoproto.customtype) = "Hash"];
+        // PayloadChecksum of actual object's payload
+        bytes PayloadChecksum                  = 8;
+        // Integrity header with checksum of all above headers in the object
+        IntegrityHeader Integrity              = 9;
+        // StorageGroup contains meta information for the data audit
+        storagegroup.StorageGroup StorageGroup = 10;
+        // PublicKey of owner of the object. Key is used for verification and can be based on NeoID or x509 cert.
+        PublicKey PublicKey                    = 11;
+    }
+}
+
+message Tombstone {}
+
+message SystemHeader {
+    // Version of the object structure
+    uint64 Version       = 1;
+    // PayloadLength is an object payload length
+    uint64 PayloadLength = 2;
+
+    // ID is an object identifier, is a valid UUIDv4
+    bytes ID        = 3 [(gogoproto.customtype) = "ID", (gogoproto.nullable) = false];
+    // OwnerID is a wallet address
+    bytes OwnerID   = 4 [(gogoproto.customtype) = "OwnerID",  (gogoproto.nullable) = false];
+    // CID is a SHA256 hash of the container structure (container identifier)
+    bytes CID       = 5 [(gogoproto.customtype) = "CID",      (gogoproto.nullable) = false];
+    // CreatedAt is a timestamp of object creation
+    CreationPoint CreatedAt = 6 [(gogoproto.nullable) = false];
+}
+
+message CreationPoint {
+    // UnixTime is a date of creation in unixtime format
+    int64 UnixTime = 1;
+    // Epoch is a date of creation in NeoFS epochs
+    uint64 Epoch   = 2;
+}
+
+message IntegrityHeader {
+    // HeadersChecksum is a checksum of all above headers in the object
+    bytes HeadersChecksum   = 1;
+    // ChecksumSignature is an user's signature of checksum to verify if it is correct
+    bytes ChecksumSignature = 2;
+}
+
+message Link {
+    enum Type {
+        Unknown      = 0;
+        // Parent object created during object transformation
+        Parent       = 1;
+        // Previous object in the linked list created during object transformation
+        Previous     = 2;
+        // Next object in the linked list created during object transformation
+        Next         = 3;
+        // Child object created during object transformation
+        Child        = 4;
+        // Object that included into this storage group
+        StorageGroup = 5;
+    }
+    // Type of link
+    Type type  = 1;
+    // ID is an object identifier, is a valid UUIDv4
+    bytes ID = 2 [(gogoproto.customtype) = "ID", (gogoproto.nullable) = false];
+}
+
+message Transform {
+    enum Type {
+        Unknown = 0;
+        // Split sets when object created after payload split
+        Split   = 1;
+        // Sign sets when object created after re-signing (doesn't used)
+        Sign    = 2;
+        // Mould sets when object created after filling missing headers in the object
+        Mould   = 3;
+    }
+    // Type of object transformation
+    Type type  = 1;
+}
+
+message Object {
+    // SystemHeader describes system header
+    SystemHeader SystemHeader = 1 [(gogoproto.nullable) = false];
+    // Headers describes a set of an extended headers
+    repeated Header Headers   = 2 [(gogoproto.nullable) = false];
+    // Payload is an object's payload
+    bytes Payload             = 3;
+}
+
+message PublicKey {
+    // Value contains marshaled ecdsa public key
+    bytes Value = 1;
+}
diff --git a/proto-docs/accounting.md b/proto-docs/accounting.md
new file mode 100644
index 0000000..bcae136
--- /dev/null
+++ b/proto-docs/accounting.md
@@ -0,0 +1,491 @@
+# Protocol Documentation
+<a name="top"></a>
+
+## Table of Contents
+
+- [accounting/service.proto](#accounting/service.proto)
+ - Services
+    - [Accounting](#accounting.Accounting)
+    
+  - Messages
+    - [BalanceRequest](#accounting.BalanceRequest)
+    - [BalanceResponse](#accounting.BalanceResponse)
+    
+
+- [accounting/types.proto](#accounting/types.proto)
+
+  - Messages
+    - [Account](#accounting.Account)
+    - [Balances](#accounting.Balances)
+    - [ContainerCreateTarget](#accounting.ContainerCreateTarget)
+    - [Lifetime](#accounting.Lifetime)
+    - [LockTarget](#accounting.LockTarget)
+    - [PayIO](#accounting.PayIO)
+    - [Settlement](#accounting.Settlement)
+    - [Settlement.Container](#accounting.Settlement.Container)
+    - [Settlement.Receiver](#accounting.Settlement.Receiver)
+    - [Settlement.Tx](#accounting.Settlement.Tx)
+    - [Tx](#accounting.Tx)
+    - [WithdrawTarget](#accounting.WithdrawTarget)
+    
+
+- [accounting/withdraw.proto](#accounting/withdraw.proto)
+ - Services
+    - [Withdraw](#accounting.Withdraw)
+    
+  - Messages
+    - [DeleteRequest](#accounting.DeleteRequest)
+    - [DeleteResponse](#accounting.DeleteResponse)
+    - [GetRequest](#accounting.GetRequest)
+    - [GetResponse](#accounting.GetResponse)
+    - [Item](#accounting.Item)
+    - [ListRequest](#accounting.ListRequest)
+    - [ListResponse](#accounting.ListResponse)
+    - [PutRequest](#accounting.PutRequest)
+    - [PutResponse](#accounting.PutResponse)
+    
+
+- [Scalar Value Types](#scalar-value-types)
+
+
+
+<a name="accounting/service.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## accounting/service.proto
+
+
+
+
+<a name="accounting.Accounting"></a>
+
+### Service "accounting.Accounting"
+Accounting is a service that provides access for accounting balance
+information
+
+```
+rpc Balance(BalanceRequest) returns (BalanceResponse);
+
+```
+
+#### Method Balance
+
+Balance returns current balance status of the NeoFS user
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Balance | [BalanceRequest](#accounting.BalanceRequest) | [BalanceResponse](#accounting.BalanceResponse) |
+ <!-- end services -->
+
+
+<a name="accounting.BalanceRequest"></a>
+
+### Message BalanceRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="accounting.BalanceResponse"></a>
+
+### Message BalanceResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Balance | [decimal.Decimal](#decimal.Decimal) |  | Balance contains current account balance state |
+| LockAccounts | [Account](#accounting.Account) | repeated | LockAccounts contains information about locked funds. Locked funds appear when user pays for storage or withdraw assets. |
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+
+
+<a name="accounting/types.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## accounting/types.proto
+
+
+ <!-- end services -->
+
+
+<a name="accounting.Account"></a>
+
+### Message Account
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
+| Address | [string](#string) |  | Address is identifier of accounting record |
+| ParentAddress | [string](#string) |  | ParentAddress is identifier of parent accounting record |
+| ActiveFunds | [decimal.Decimal](#decimal.Decimal) |  | ActiveFunds is amount of active (non locked) funds for account |
+| Lifetime | [Lifetime](#accounting.Lifetime) |  | Lifetime is time until account is valid (used for lock accounts) |
+| LockTarget | [LockTarget](#accounting.LockTarget) |  | LockTarget is the purpose of lock funds (it might be withdraw or payment for storage) |
+| LockAccounts | [Account](#accounting.Account) | repeated | LockAccounts contains child accounts with locked funds |
+
+
+<a name="accounting.Balances"></a>
+
+### Message Balances
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Accounts | [Account](#accounting.Account) | repeated | Accounts contains multiple account snapshots |
+
+
+<a name="accounting.ContainerCreateTarget"></a>
+
+### Message ContainerCreateTarget
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| CID | [bytes](#bytes) |  | CID is container identifier |
+
+
+<a name="accounting.Lifetime"></a>
+
+### Message Lifetime
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| unit | [Lifetime.Unit](#accounting.Lifetime.Unit) |  | Unit describes how lifetime is measured in account |
+| Value | [int64](#int64) |  | Value describes how long lifetime will be valid |
+
+
+<a name="accounting.LockTarget"></a>
+
+### Message LockTarget
+LockTarget must be one of two options
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| WithdrawTarget | [WithdrawTarget](#accounting.WithdrawTarget) |  | WithdrawTarget used when user requested withdraw |
+| ContainerCreateTarget | [ContainerCreateTarget](#accounting.ContainerCreateTarget) |  | ContainerCreateTarget used when user requested creation of container |
+
+
+<a name="accounting.PayIO"></a>
+
+### Message PayIO
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| BlockID | [uint64](#uint64) |  | BlockID contains id of the NEO block where withdraw or deposit call was invoked |
+| Transactions | [Tx](#accounting.Tx) | repeated | Transactions contains all transactions that founded in block and used for PayIO |
+
+
+<a name="accounting.Settlement"></a>
+
+### Message Settlement
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Epoch | [uint64](#uint64) |  | Epoch contains an epoch when settlement was accepted |
+| Transactions | [Settlement.Tx](#accounting.Settlement.Tx) | repeated | Transactions is a set of transactions |
+
+
+<a name="accounting.Settlement.Container"></a>
+
+### Message Settlement.Container
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| CID | [bytes](#bytes) |  | CID is container identifier |
+| SGIDs | [bytes](#bytes) | repeated | SGIDs is a set of storage groups that successfully passed the audit |
+
+
+<a name="accounting.Settlement.Receiver"></a>
+
+### Message Settlement.Receiver
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| To | [string](#string) |  | To is the address of funds recipient |
+| Amount | [decimal.Decimal](#decimal.Decimal) |  | Amount is the amount of funds that will be sent |
+
+
+<a name="accounting.Settlement.Tx"></a>
+
+### Message Settlement.Tx
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| From | [string](#string) |  | From is the address of the sender of funds |
+| Container | [Settlement.Container](#accounting.Settlement.Container) |  | Container that successfully had passed the audit |
+| Receivers | [Settlement.Receiver](#accounting.Settlement.Receiver) | repeated | Receivers is a set of addresses of funds recipients |
+
+
+<a name="accounting.Tx"></a>
+
+### Message Tx
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| type | [Tx.Type](#accounting.Tx.Type) |  | Type describes target of transaction |
+| From | [string](#string) |  | From describes sender of funds |
+| To | [string](#string) |  | To describes receiver of funds |
+| Amount | [decimal.Decimal](#decimal.Decimal) |  | Amount describes amount of funds |
+| PublicKeys | [bytes](#bytes) |  | PublicKeys contains public key of sender |
+
+
+<a name="accounting.WithdrawTarget"></a>
+
+### Message WithdrawTarget
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Cheque | [string](#string) |  | Cheque is a string representation of cheque id |
+
+ <!-- end messages -->
+
+
+<a name="accounting.Lifetime.Unit"></a>
+
+### Lifetime.Unit
+Unit can be Unlimited, based on NeoFS epoch or Neo block
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| Unlimited | 0 |  |
+| NeoFSEpoch | 1 |  |
+| NeoBlock | 2 |  |
+
+
+
+<a name="accounting.Tx.Type"></a>
+
+### Tx.Type
+Type can be withdrawal, payIO or inner
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| Unknown | 0 |  |
+| Withdraw | 1 |  |
+| PayIO | 2 |  |
+| Inner | 3 |  |
+
+
+ <!-- end enums -->
+
+
+
+<a name="accounting/withdraw.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## accounting/withdraw.proto
+
+
+
+
+<a name="accounting.Withdraw"></a>
+
+### Service "accounting.Withdraw"
+Withdraw is a service that provides withdraw assets operations from the NeoFS
+
+```
+rpc Get(GetRequest) returns (GetResponse);
+rpc Put(PutRequest) returns (PutResponse);
+rpc List(ListRequest) returns (ListResponse);
+rpc Delete(DeleteRequest) returns (DeleteResponse);
+
+```
+
+#### Method Get
+
+Get returns cheque if it was signed by inner ring nodes
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Get | [GetRequest](#accounting.GetRequest) | [GetResponse](#accounting.GetResponse) |
+#### Method Put
+
+Put ask inner ring nodes to sign a cheque for withdraw invoke
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Put | [PutRequest](#accounting.PutRequest) | [PutResponse](#accounting.PutResponse) |
+#### Method List
+
+List shows all user's checks
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| List | [ListRequest](#accounting.ListRequest) | [ListResponse](#accounting.ListResponse) |
+#### Method Delete
+
+Delete allows user to remove unused cheque
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Delete | [DeleteRequest](#accounting.DeleteRequest) | [DeleteResponse](#accounting.DeleteResponse) |
+ <!-- end services -->
+
+
+<a name="accounting.DeleteRequest"></a>
+
+### Message DeleteRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ID | [bytes](#bytes) |  | ID is cheque identifier |
+| OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
+| MessageID | [bytes](#bytes) |  | MessageID is a nonce for uniq request (UUIDv4) |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="accounting.DeleteResponse"></a>
+
+### Message DeleteResponse
+DeleteResponse is empty
+
+
+
+<a name="accounting.GetRequest"></a>
+
+### Message GetRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ID | [bytes](#bytes) |  | ID is cheque identifier |
+| OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="accounting.GetResponse"></a>
+
+### Message GetResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Withdraw | [Item](#accounting.Item) |  | Withdraw is cheque with meta information |
+
+
+<a name="accounting.Item"></a>
+
+### Message Item
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ID | [bytes](#bytes) |  | ID is a cheque identifier |
+| OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
+| Amount | [decimal.Decimal](#decimal.Decimal) |  | Amount of funds |
+| Height | [uint64](#uint64) |  | Height is the neo blockchain height until the cheque is valid |
+| Payload | [bytes](#bytes) |  | Payload contains cheque representation in bytes |
+
+
+<a name="accounting.ListRequest"></a>
+
+### Message ListRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="accounting.ListResponse"></a>
+
+### Message ListResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Items | [Item](#accounting.Item) | repeated | Items is a set of cheques with meta information |
+
+
+<a name="accounting.PutRequest"></a>
+
+### Message PutRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
+| Amount | [decimal.Decimal](#decimal.Decimal) |  | Amount of funds |
+| Height | [uint64](#uint64) |  | Height is the neo blockchain height until the cheque is valid |
+| MessageID | [bytes](#bytes) |  | MessageID is a nonce for uniq request (UUIDv4) |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="accounting.PutResponse"></a>
+
+### Message PutResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ID | [bytes](#bytes) |  | ID is cheque identifier |
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+| <a name="double" /> double |  | double | double | float |
+| <a name="float" /> float |  | float | float | float |
+| <a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
+| <a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
+| <a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
+| <a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
+| <a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
+| <a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
+| <a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
+| <a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
+| <a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
+| <a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
+| <a name="bool" /> bool |  | bool | boolean | boolean |
+| <a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
+| <a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |
+
diff --git a/proto-docs/bootstrap.md b/proto-docs/bootstrap.md
new file mode 100644
index 0000000..737e085
--- /dev/null
+++ b/proto-docs/bootstrap.md
@@ -0,0 +1,133 @@
+# Protocol Documentation
+<a name="top"></a>
+
+## Table of Contents
+
+- [bootstrap/service.proto](#bootstrap/service.proto)
+ - Services
+    - [Bootstrap](#bootstrap.Bootstrap)
+    
+  - Messages
+    - [Request](#bootstrap.Request)
+    
+
+- [bootstrap/types.proto](#bootstrap/types.proto)
+
+  - Messages
+    - [NodeInfo](#bootstrap.NodeInfo)
+    - [SpreadMap](#bootstrap.SpreadMap)
+    
+
+- [Scalar Value Types](#scalar-value-types)
+
+
+
+<a name="bootstrap/service.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## bootstrap/service.proto
+
+
+
+
+<a name="bootstrap.Bootstrap"></a>
+
+### Service "bootstrap.Bootstrap"
+Bootstrap service allows neofs-node to connect to the network. Node should
+perform at least one bootstrap request in the epoch to stay in the network
+for the next epoch.
+
+```
+rpc Process(Request) returns (SpreadMap);
+
+```
+
+#### Method Process
+
+Process is method that allows to register node in the network and receive actual netmap
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Process | [Request](#bootstrap.Request) | [SpreadMap](#bootstrap.SpreadMap) |
+ <!-- end services -->
+
+
+<a name="bootstrap.Request"></a>
+
+### Message Request
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| type | [int32](#int32) |  | Type is NodeType, can be InnerRingNode (type=1) or StorageNode (type=2) |
+| info | [NodeInfo](#bootstrap.NodeInfo) |  | Info contains information about node |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+
+
+<a name="bootstrap/types.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## bootstrap/types.proto
+
+
+ <!-- end services -->
+
+
+<a name="bootstrap.NodeInfo"></a>
+
+### Message NodeInfo
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Address | [string](#string) |  | Address is a node [multi-address](https://github.com/multiformats/multiaddr) |
+| PubKey | [bytes](#bytes) |  | PubKey is a compressed public key representation in bytes |
+| Options | [string](#string) | repeated | Options is set of node optional information, such as storage capacity, node location, price and etc |
+| Status | [uint64](#uint64) |  | Status is bitmap status of the node |
+
+
+<a name="bootstrap.SpreadMap"></a>
+
+### Message SpreadMap
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Epoch | [uint64](#uint64) |  | Epoch is current epoch for netmap |
+| NetMap | [NodeInfo](#bootstrap.NodeInfo) | repeated | NetMap is a set of NodeInfos |
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+| <a name="double" /> double |  | double | double | float |
+| <a name="float" /> float |  | float | float | float |
+| <a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
+| <a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
+| <a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
+| <a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
+| <a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
+| <a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
+| <a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
+| <a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
+| <a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
+| <a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
+| <a name="bool" /> bool |  | bool | boolean | boolean |
+| <a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
+| <a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |
+
diff --git a/proto-docs/container.md b/proto-docs/container.md
new file mode 100644
index 0000000..6693980
--- /dev/null
+++ b/proto-docs/container.md
@@ -0,0 +1,261 @@
+# Protocol Documentation
+<a name="top"></a>
+
+## Table of Contents
+
+- [container/service.proto](#container/service.proto)
+ - Services
+    - [Service](#container.Service)
+    
+  - Messages
+    - [DeleteRequest](#container.DeleteRequest)
+    - [DeleteResponse](#container.DeleteResponse)
+    - [GetRequest](#container.GetRequest)
+    - [GetResponse](#container.GetResponse)
+    - [ListRequest](#container.ListRequest)
+    - [ListResponse](#container.ListResponse)
+    - [PutRequest](#container.PutRequest)
+    - [PutResponse](#container.PutResponse)
+    
+
+- [container/types.proto](#container/types.proto)
+
+  - Messages
+    - [AccessControlList](#container.AccessControlList)
+    - [AccessGroup](#container.AccessGroup)
+    - [Container](#container.Container)
+    
+
+- [Scalar Value Types](#scalar-value-types)
+
+
+
+<a name="container/service.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## container/service.proto
+
+
+
+
+<a name="container.Service"></a>
+
+### Service "container.Service"
+Container service provides API for manipulating with the container.
+
+```
+rpc Put(PutRequest) returns (PutResponse);
+rpc Delete(DeleteRequest) returns (DeleteResponse);
+rpc Get(GetRequest) returns (GetResponse);
+rpc List(ListRequest) returns (ListResponse);
+
+```
+
+#### Method Put
+
+Put request proposes container to the inner ring nodes. They will
+accept new container if user has enough deposit. All containers
+are accepted by the consensus, therefore it is asynchronous process.
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Put | [PutRequest](#container.PutRequest) | [PutResponse](#container.PutResponse) |
+#### Method Delete
+
+Delete container removes it from the inner ring container storage. It
+also asynchronous process done by consensus.
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Delete | [DeleteRequest](#container.DeleteRequest) | [DeleteResponse](#container.DeleteResponse) |
+#### Method Get
+
+Get container returns container instance
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Get | [GetRequest](#container.GetRequest) | [GetResponse](#container.GetResponse) |
+#### Method List
+
+List returns all user's containers
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| List | [ListRequest](#container.ListRequest) | [ListResponse](#container.ListResponse) |
+ <!-- end services -->
+
+
+<a name="container.DeleteRequest"></a>
+
+### Message DeleteRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| CID | [bytes](#bytes) |  | CID (container id) is a SHA256 hash of the container structure |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="container.DeleteResponse"></a>
+
+### Message DeleteResponse
+DeleteResponse is empty because delete operation is asynchronous and done
+via consensus in inner ring nodes
+
+
+
+<a name="container.GetRequest"></a>
+
+### Message GetRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| CID | [bytes](#bytes) |  | CID (container id) is a SHA256 hash of the container structure |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="container.GetResponse"></a>
+
+### Message GetResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Container | [Container](#container.Container) |  | Container is a structure that contains placement rules and owner id |
+
+
+<a name="container.ListRequest"></a>
+
+### Message ListRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="container.ListResponse"></a>
+
+### Message ListResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| CID | [bytes](#bytes) | repeated | CID (container id) is list of SHA256 hashes of the container structures |
+
+
+<a name="container.PutRequest"></a>
+
+### Message PutRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| MessageID | [bytes](#bytes) |  | MessageID is a nonce for uniq container id calculation |
+| Capacity | [uint64](#uint64) |  | Capacity defines amount of data that can be stored in the container (doesn't used for now). |
+| OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
+| rules | [netmap.PlacementRule](#netmap.PlacementRule) |  | Rules define storage policy for the object inside the container. |
+| Group | [AccessGroup](#container.AccessGroup) |  | Container ACL. |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="container.PutResponse"></a>
+
+### Message PutResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| CID | [bytes](#bytes) |  | CID (container id) is a SHA256 hash of the container structure |
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+
+
+<a name="container/types.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## container/types.proto
+
+
+ <!-- end services -->
+
+
+<a name="container.AccessControlList"></a>
+
+### Message AccessControlList
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| List | [AccessGroup](#container.AccessGroup) | repeated | List of access groups. |
+
+
+<a name="container.AccessGroup"></a>
+
+### Message AccessGroup
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| AccessMode | [uint32](#uint32) |  | Group access mode. |
+| UserGroup | [bytes](#bytes) | repeated | Group members. |
+
+
+<a name="container.Container"></a>
+
+### Message Container
+The Container service definition.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address. |
+| Salt | [bytes](#bytes) |  | Salt is a nonce for unique container id calculation. |
+| Capacity | [uint64](#uint64) |  | Capacity defines amount of data that can be stored in the container (doesn't used for now). |
+| Rules | [netmap.PlacementRule](#netmap.PlacementRule) |  | Rules define storage policy for the object inside the container. |
+| List | [AccessControlList](#container.AccessControlList) |  | Container ACL. |
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+| <a name="double" /> double |  | double | double | float |
+| <a name="float" /> float |  | float | float | float |
+| <a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
+| <a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
+| <a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
+| <a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
+| <a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
+| <a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
+| <a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
+| <a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
+| <a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
+| <a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
+| <a name="bool" /> bool |  | bool | boolean | boolean |
+| <a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
+| <a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |
+
diff --git a/proto-docs/decimal.md b/proto-docs/decimal.md
new file mode 100644
index 0000000..62acb86
--- /dev/null
+++ b/proto-docs/decimal.md
@@ -0,0 +1,61 @@
+# Protocol Documentation
+<a name="top"></a>
+
+## Table of Contents
+
+- [decimal/decimal.proto](#decimal/decimal.proto)
+
+  - Messages
+    - [Decimal](#decimal.Decimal)
+    
+
+- [Scalar Value Types](#scalar-value-types)
+
+
+
+<a name="decimal/decimal.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## decimal/decimal.proto
+
+
+ <!-- end services -->
+
+
+<a name="decimal.Decimal"></a>
+
+### Message Decimal
+Decimal is a structure used for representation of assets amount
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Value | [int64](#int64) |  | Value is value number |
+| Precision | [uint32](#uint32) |  | Precision is precision number |
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+| <a name="double" /> double |  | double | double | float |
+| <a name="float" /> float |  | float | float | float |
+| <a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
+| <a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
+| <a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
+| <a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
+| <a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
+| <a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
+| <a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
+| <a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
+| <a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
+| <a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
+| <a name="bool" /> bool |  | bool | boolean | boolean |
+| <a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
+| <a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |
+
diff --git a/proto-docs/object.md b/proto-docs/object.md
new file mode 100644
index 0000000..e749b98
--- /dev/null
+++ b/proto-docs/object.md
@@ -0,0 +1,537 @@
+# Protocol Documentation
+<a name="top"></a>
+
+## Table of Contents
+
+- [object/service.proto](#object/service.proto)
+ - Services
+    - [Service](#object.Service)
+    
+  - Messages
+    - [DeleteRequest](#object.DeleteRequest)
+    - [DeleteResponse](#object.DeleteResponse)
+    - [GetRangeHashRequest](#object.GetRangeHashRequest)
+    - [GetRangeHashResponse](#object.GetRangeHashResponse)
+    - [GetRangeRequest](#object.GetRangeRequest)
+    - [GetRangeResponse](#object.GetRangeResponse)
+    - [GetRequest](#object.GetRequest)
+    - [GetResponse](#object.GetResponse)
+    - [HeadRequest](#object.HeadRequest)
+    - [HeadResponse](#object.HeadResponse)
+    - [PutRequest](#object.PutRequest)
+    - [PutRequest.PutHeader](#object.PutRequest.PutHeader)
+    - [PutResponse](#object.PutResponse)
+    - [SearchRequest](#object.SearchRequest)
+    - [SearchResponse](#object.SearchResponse)
+    
+
+- [object/types.proto](#object/types.proto)
+
+  - Messages
+    - [CreationPoint](#object.CreationPoint)
+    - [Header](#object.Header)
+    - [IntegrityHeader](#object.IntegrityHeader)
+    - [Link](#object.Link)
+    - [Object](#object.Object)
+    - [PublicKey](#object.PublicKey)
+    - [Range](#object.Range)
+    - [SystemHeader](#object.SystemHeader)
+    - [Tombstone](#object.Tombstone)
+    - [Transform](#object.Transform)
+    - [UserHeader](#object.UserHeader)
+    
+
+- [Scalar Value Types](#scalar-value-types)
+
+
+
+<a name="object/service.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## object/service.proto
+
+
+
+
+<a name="object.Service"></a>
+
+### Service "object.Service"
+Object service provides API for manipulating with the object.
+
+```
+rpc Get(GetRequest) returns (stream GetResponse);
+rpc Put(stream PutRequest) returns (PutResponse);
+rpc Delete(DeleteRequest) returns (DeleteResponse);
+rpc Head(HeadRequest) returns (HeadResponse);
+rpc Search(SearchRequest) returns (SearchResponse);
+rpc GetRange(GetRangeRequest) returns (GetRangeResponse);
+rpc GetRangeHash(GetRangeHashRequest) returns (GetRangeHashResponse);
+
+```
+
+#### Method Get
+
+Get the object from container. Response uses gRPC stream. First response
+message carry object of requested address. Chunk messages are parts of
+the object's payload if it is needed. All messages except first carry
+chunks. Requested object can be restored by concatenation of object
+message payload and all chunks keeping receiving order.
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Get | [GetRequest](#object.GetRequest) | [GetResponse](#object.GetResponse) |
+#### Method Put
+
+Put the object into container. Request uses gRPC stream. First message
+SHOULD BE type of PutHeader. Container id and Owner id of object SHOULD
+BE set. Session token SHOULD BE obtained before put operation (see
+session package). Chunk messages considered by server as part of object
+payload. All messages except first SHOULD BE chunks. Chunk messages
+SHOULD BE sent in direct order of fragmentation.
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Put | [PutRequest](#object.PutRequest) | [PutResponse](#object.PutResponse) |
+#### Method Delete
+
+Delete the object from a container
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Delete | [DeleteRequest](#object.DeleteRequest) | [DeleteResponse](#object.DeleteResponse) |
+#### Method Head
+
+Head returns the object without data payload. Object in the
+response has system header only. If full headers flag is set, extended
+headers are also present.
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Head | [HeadRequest](#object.HeadRequest) | [HeadResponse](#object.HeadResponse) |
+#### Method Search
+
+Search objects in container. Version of query language format SHOULD BE
+set to 1. Search query represented in serialized format (see query
+package).
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Search | [SearchRequest](#object.SearchRequest) | [SearchResponse](#object.SearchResponse) |
+#### Method GetRange
+
+GetRange of data payload. Ranges are set of pairs (offset, length).
+Fragments order in response corresponds to ranges order in request.
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| GetRange | [GetRangeRequest](#object.GetRangeRequest) | [GetRangeResponse](#object.GetRangeResponse) |
+#### Method GetRangeHash
+
+GetRangeHash returns homomorphic hash of object payload range after XOR
+operation. Ranges are set of pairs (offset, length). Hashes order in
+response corresponds to ranges order in request. Homomorphic hash is
+calculated for XORed data.
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| GetRangeHash | [GetRangeHashRequest](#object.GetRangeHashRequest) | [GetRangeHashResponse](#object.GetRangeHashResponse) |
+ <!-- end services -->
+
+
+<a name="object.DeleteRequest"></a>
+
+### Message DeleteRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
+| OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
+| Token | [session.Token](#session.Token) |  | Token with session public key and user's signature |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="object.DeleteResponse"></a>
+
+### Message DeleteResponse
+DeleteResponse is empty because we cannot guarantee permanent object removal
+in distributed system.
+
+
+
+<a name="object.GetRangeHashRequest"></a>
+
+### Message GetRangeHashRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
+| Ranges | [Range](#object.Range) | repeated | Ranges of object's payload to calculate homomorphic hash |
+| Salt | [bytes](#bytes) |  | Salt is used to XOR object's payload ranges before hashing, it can be nil |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="object.GetRangeHashResponse"></a>
+
+### Message GetRangeHashResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Hashes | [bytes](#bytes) | repeated | Hashes is a homomorphic hashes of all ranges |
+
+
+<a name="object.GetRangeRequest"></a>
+
+### Message GetRangeRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
+| Ranges | [Range](#object.Range) | repeated | Ranges of object's payload to return |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="object.GetRangeResponse"></a>
+
+### Message GetRangeResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Fragments | [bytes](#bytes) | repeated | Fragments of object's payload |
+
+
+<a name="object.GetRequest"></a>
+
+### Message GetRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
+| Raw | [bool](#bool) |  | Raw is the request flag of a physically stored representation of an object |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="object.GetResponse"></a>
+
+### Message GetResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| object | [Object](#object.Object) |  | Object header and some payload |
+| Chunk | [bytes](#bytes) |  | Chunk of remaining payload |
+
+
+<a name="object.HeadRequest"></a>
+
+### Message HeadRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
+| FullHeaders | [bool](#bool) |  | FullHeaders can be set true for extended headers in the object |
+| Raw | [bool](#bool) |  | Raw is the request flag of a physically stored representation of an object |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="object.HeadResponse"></a>
+
+### Message HeadResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Object | [Object](#object.Object) |  | Object without payload |
+
+
+<a name="object.PutRequest"></a>
+
+### Message PutRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Header | [PutRequest.PutHeader](#object.PutRequest.PutHeader) |  | Header should be the first message in the stream |
+| Chunk | [bytes](#bytes) |  | Chunk should be a remaining message in stream should be chunks |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="object.PutRequest.PutHeader"></a>
+
+### Message PutRequest.PutHeader
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Object | [Object](#object.Object) |  | Object with at least container id and owner id fields |
+| Token | [session.Token](#session.Token) |  | Token with session public key and user's signature |
+
+
+<a name="object.PutResponse"></a>
+
+### Message PutResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
+
+
+<a name="object.SearchRequest"></a>
+
+### Message SearchRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ContainerID | [bytes](#bytes) |  | ContainerID for searching the object |
+| Query | [bytes](#bytes) |  | Query in the binary serialized format |
+| QueryVersion | [uint32](#uint32) |  | QueryVersion is a version of search query format |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="object.SearchResponse"></a>
+
+### Message SearchResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Addresses | [refs.Address](#refs.Address) | repeated | Addresses of found objects |
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+
+
+<a name="object/types.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## object/types.proto
+
+
+ <!-- end services -->
+
+
+<a name="object.CreationPoint"></a>
+
+### Message CreationPoint
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| UnixTime | [int64](#int64) |  | UnixTime is a date of creation in unixtime format |
+| Epoch | [uint64](#uint64) |  | Epoch is a date of creation in NeoFS epochs |
+
+
+<a name="object.Header"></a>
+
+### Message Header
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Link | [Link](#object.Link) |  | Link to other objects |
+| Redirect | [refs.Address](#refs.Address) |  | Redirect not used yet |
+| UserHeader | [UserHeader](#object.UserHeader) |  | UserHeader is a set of KV headers defined by user |
+| Transform | [Transform](#object.Transform) |  | Transform defines transform operation (e.g. payload split) |
+| Tombstone | [Tombstone](#object.Tombstone) |  | Tombstone header that set up in deleted objects |
+| Verify | [session.VerificationHeader](#session.VerificationHeader) |  | Verify header that contains session public key and user's signature |
+| HomoHash | [bytes](#bytes) |  | HomoHash is a homomorphic hash of original object payload |
+| PayloadChecksum | [bytes](#bytes) |  | PayloadChecksum of actual object's payload |
+| Integrity | [IntegrityHeader](#object.IntegrityHeader) |  | Integrity header with checksum of all above headers in the object |
+| StorageGroup | [storagegroup.StorageGroup](#storagegroup.StorageGroup) |  | StorageGroup contains meta information for the data audit |
+| PublicKey | [PublicKey](#object.PublicKey) |  | PublicKey of owner of the object. Key is used for verification and can be based on NeoID or x509 cert. |
+
+
+<a name="object.IntegrityHeader"></a>
+
+### Message IntegrityHeader
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| HeadersChecksum | [bytes](#bytes) |  | HeadersChecksum is a checksum of all above headers in the object |
+| ChecksumSignature | [bytes](#bytes) |  | ChecksumSignature is an user's signature of checksum to verify if it is correct |
+
+
+<a name="object.Link"></a>
+
+### Message Link
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| type | [Link.Type](#object.Link.Type) |  | Type of link |
+| ID | [bytes](#bytes) |  | ID is an object identifier, is a valid UUIDv4 |
+
+
+<a name="object.Object"></a>
+
+### Message Object
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| SystemHeader | [SystemHeader](#object.SystemHeader) |  | SystemHeader describes system header |
+| Headers | [Header](#object.Header) | repeated | Headers describes a set of an extended headers |
+| Payload | [bytes](#bytes) |  | Payload is an object's payload |
+
+
+<a name="object.PublicKey"></a>
+
+### Message PublicKey
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Value | [bytes](#bytes) |  | Value contains marshaled ecdsa public key |
+
+
+<a name="object.Range"></a>
+
+### Message Range
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Offset | [uint64](#uint64) |  | Offset of the data range |
+| Length | [uint64](#uint64) |  | Length of the data range |
+
+
+<a name="object.SystemHeader"></a>
+
+### Message SystemHeader
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Version | [uint64](#uint64) |  | Version of the object structure |
+| PayloadLength | [uint64](#uint64) |  | PayloadLength is an object payload length |
+| ID | [bytes](#bytes) |  | ID is an object identifier, is a valid UUIDv4 |
+| OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
+| CID | [bytes](#bytes) |  | CID is a SHA256 hash of the container structure (container identifier) |
+| CreatedAt | [CreationPoint](#object.CreationPoint) |  | CreatedAt is a timestamp of object creation |
+
+
+<a name="object.Tombstone"></a>
+
+### Message Tombstone
+
+
+
+
+<a name="object.Transform"></a>
+
+### Message Transform
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| type | [Transform.Type](#object.Transform.Type) |  | Type of object transformation |
+
+
+<a name="object.UserHeader"></a>
+
+### Message UserHeader
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Key | [string](#string) |  | Key of the user's header |
+| Value | [string](#string) |  | Value of the user's header |
+
+ <!-- end messages -->
+
+
+<a name="object.Link.Type"></a>
+
+### Link.Type
+
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| Unknown | 0 |  |
+| Parent | 1 | Parent object created during object transformation |
+| Previous | 2 | Previous object in the linked list created during object transformation |
+| Next | 3 | Next object in the linked list created during object transformation |
+| Child | 4 | Child object created during object transformation |
+| StorageGroup | 5 | Object that included into this storage group |
+
+
+
+<a name="object.Transform.Type"></a>
+
+### Transform.Type
+
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| Unknown | 0 |  |
+| Split | 1 | Split sets when object created after payload split |
+| Sign | 2 | Sign sets when object created after re-signing (doesn't used) |
+| Mould | 3 | Mould sets when object created after filling missing headers in the object |
+
+
+ <!-- end enums -->
+
+
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+| <a name="double" /> double |  | double | double | float |
+| <a name="float" /> float |  | float | float | float |
+| <a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
+| <a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
+| <a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
+| <a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
+| <a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
+| <a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
+| <a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
+| <a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
+| <a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
+| <a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
+| <a name="bool" /> bool |  | bool | boolean | boolean |
+| <a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
+| <a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |
+
diff --git a/proto-docs/query.md b/proto-docs/query.md
new file mode 100644
index 0000000..c014c6c
--- /dev/null
+++ b/proto-docs/query.md
@@ -0,0 +1,86 @@
+# Protocol Documentation
+<a name="top"></a>
+
+## Table of Contents
+
+- [query/types.proto](#query/types.proto)
+
+  - Messages
+    - [Filter](#query.Filter)
+    - [Query](#query.Query)
+    
+
+- [Scalar Value Types](#scalar-value-types)
+
+
+
+<a name="query/types.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## query/types.proto
+
+
+ <!-- end services -->
+
+
+<a name="query.Filter"></a>
+
+### Message Filter
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| type | [Filter.Type](#query.Filter.Type) |  | Type of filter |
+| Name | [string](#string) |  | Name of field that should be filtered |
+| Value | [string](#string) |  | Value that should be used for filter |
+
+
+<a name="query.Query"></a>
+
+### Message Query
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Filters | [Filter](#query.Filter) | repeated | Filters is set of filters, should not be empty |
+
+ <!-- end messages -->
+
+
+<a name="query.Filter.Type"></a>
+
+### Filter.Type
+
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| Exact | 0 | Exact sets when value of filter should be equal to the header value |
+| Regex | 1 | Regex sets when value of filter should match the header value by the regular expression |
+
+
+ <!-- end enums -->
+
+
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+| <a name="double" /> double |  | double | double | float |
+| <a name="float" /> float |  | float | float | float |
+| <a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
+| <a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
+| <a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
+| <a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
+| <a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
+| <a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
+| <a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
+| <a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
+| <a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
+| <a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
+| <a name="bool" /> bool |  | bool | boolean | boolean |
+| <a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
+| <a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |
+
diff --git a/proto-docs/refs.md b/proto-docs/refs.md
new file mode 100644
index 0000000..b808482
--- /dev/null
+++ b/proto-docs/refs.md
@@ -0,0 +1,61 @@
+# Protocol Documentation
+<a name="top"></a>
+
+## Table of Contents
+
+- [refs/types.proto](#refs/types.proto)
+
+  - Messages
+    - [Address](#refs.Address)
+    
+
+- [Scalar Value Types](#scalar-value-types)
+
+
+
+<a name="refs/types.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## refs/types.proto
+
+
+ <!-- end services -->
+
+
+<a name="refs.Address"></a>
+
+### Message Address
+Address of object (container id + object id)
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ObjectID | [bytes](#bytes) |  | ObjectID is an object identifier, valid UUIDv4 represented in bytes |
+| CID | [bytes](#bytes) |  | CID is container identifier |
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+| <a name="double" /> double |  | double | double | float |
+| <a name="float" /> float |  | float | float | float |
+| <a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
+| <a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
+| <a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
+| <a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
+| <a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
+| <a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
+| <a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
+| <a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
+| <a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
+| <a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
+| <a name="bool" /> bool |  | bool | boolean | boolean |
+| <a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
+| <a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |
+
diff --git a/proto-docs/service.md b/proto-docs/service.md
new file mode 100644
index 0000000..08a1065
--- /dev/null
+++ b/proto-docs/service.md
@@ -0,0 +1,121 @@
+# Protocol Documentation
+<a name="top"></a>
+
+## Table of Contents
+
+- [service/meta.proto](#service/meta.proto)
+
+  - Messages
+    - [RequestMetaHeader](#service.RequestMetaHeader)
+    
+
+- [service/verify.proto](#service/verify.proto)
+
+  - Messages
+    - [RequestVerificationHeader](#service.RequestVerificationHeader)
+    - [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign)
+    - [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature)
+    
+
+- [Scalar Value Types](#scalar-value-types)
+
+
+
+<a name="service/meta.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## service/meta.proto
+
+
+ <!-- end services -->
+
+
+<a name="service.RequestMetaHeader"></a>
+
+### Message RequestMetaHeader
+RequestMetaHeader contains information about request meta headers
+(should be embedded into message)
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| TTL | [uint32](#uint32) |  | TTL must be larger than zero, it decreased in every NeoFS Node |
+| Epoch | [uint64](#uint64) |  | Epoch for user can be empty, because node sets epoch to the actual value |
+| Version | [uint32](#uint32) |  | Version defines protocol version TODO: not used for now, should be implemented in future |
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+
+
+<a name="service/verify.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## service/verify.proto
+
+
+ <!-- end services -->
+
+
+<a name="service.RequestVerificationHeader"></a>
+
+### Message RequestVerificationHeader
+RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request
+(should be embedded into message).
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node |
+
+
+<a name="service.RequestVerificationHeader.Sign"></a>
+
+### Message RequestVerificationHeader.Sign
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Sign | [bytes](#bytes) |  | Sign is signature of the request or session key. |
+| Peer | [bytes](#bytes) |  | Peer is compressed public key used for signature. |
+
+
+<a name="service.RequestVerificationHeader.Signature"></a>
+
+### Message RequestVerificationHeader.Signature
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Sign | [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) |  | Sign is a signature and public key of the request. |
+| Origin | [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) |  | Origin used for requests, when trusted node changes it and re-sign with session key. If session key used for signature request, then Origin should contain public key of user and signed session key. |
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+| <a name="double" /> double |  | double | double | float |
+| <a name="float" /> float |  | float | float | float |
+| <a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
+| <a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
+| <a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
+| <a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
+| <a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
+| <a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
+| <a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
+| <a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
+| <a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
+| <a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
+| <a name="bool" /> bool |  | bool | boolean | boolean |
+| <a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
+| <a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |
+
diff --git a/proto-docs/session.md b/proto-docs/session.md
new file mode 100644
index 0000000..ba615c3
--- /dev/null
+++ b/proto-docs/session.md
@@ -0,0 +1,157 @@
+# Protocol Documentation
+<a name="top"></a>
+
+## Table of Contents
+
+- [session/service.proto](#session/service.proto)
+ - Services
+    - [Session](#session.Session)
+    
+  - Messages
+    - [CreateRequest](#session.CreateRequest)
+    - [CreateResponse](#session.CreateResponse)
+    
+
+- [session/types.proto](#session/types.proto)
+
+  - Messages
+    - [Token](#session.Token)
+    - [VerificationHeader](#session.VerificationHeader)
+    
+
+- [Scalar Value Types](#scalar-value-types)
+
+
+
+<a name="session/service.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## session/service.proto
+
+
+
+
+<a name="session.Session"></a>
+
+### Service "session.Session"
+
+
+```
+rpc Create(stream CreateRequest) returns (stream CreateResponse);
+
+```
+
+#### Method Create
+
+Create is a method that used to open a trusted session to manipulate
+an object. In order to put or delete object client have to obtain session
+token with trusted node. Trusted node will modify client's object
+(add missing headers, checksums, homomorphic hash) and sign id with
+session key. Session is established during 4-step handshake in one gRPC stream
+
+- First client stream message SHOULD BE type of `CreateRequest_Init`.
+- First server stream message SHOULD BE type of `CreateResponse_Unsigned`.
+- Second client stream message SHOULD BE type of `CreateRequest_Signed`.
+- Second server stream message SHOULD BE type of `CreateResponse_Result`.
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Create | [CreateRequest](#session.CreateRequest) | [CreateResponse](#session.CreateResponse) |
+ <!-- end services -->
+
+
+<a name="session.CreateRequest"></a>
+
+### Message CreateRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Init | [Token](#session.Token) |  | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
+| Signed | [Token](#session.Token) |  | Signed Init message response (Unsigned) from server with user private key |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="session.CreateResponse"></a>
+
+### Message CreateResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Unsigned | [Token](#session.Token) |  | Unsigned token with token ID and session public key generated on server side |
+| Result | [Token](#session.Token) |  | Result is a resulting token which can be used for object placing through an trusted intermediary |
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+
+
+<a name="session/types.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## session/types.proto
+
+
+ <!-- end services -->
+
+
+<a name="session.Token"></a>
+
+### Message Token
+User token granting rights for object manipulation
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Header | [VerificationHeader](#session.VerificationHeader) |  | Header carries verification data of session key |
+| OwnerID | [bytes](#bytes) |  | OwnerID is an owner of manipulation object |
+| FirstEpoch | [uint64](#uint64) |  | FirstEpoch is an initial epoch of token lifetime |
+| LastEpoch | [uint64](#uint64) |  | LastEpoch is a last epoch of token lifetime |
+| ObjectID | [bytes](#bytes) | repeated | ObjectID is an object identifier of manipulation object |
+| Signature | [bytes](#bytes) |  | Signature is a token signature, signed by owner of manipulation object |
+| ID | [bytes](#bytes) |  | ID is a token identifier. valid UUIDv4 represented in bytes |
+| PublicKeys | [bytes](#bytes) | repeated | PublicKeys associated with owner |
+
+
+<a name="session.VerificationHeader"></a>
+
+### Message VerificationHeader
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| PublicKey | [bytes](#bytes) |  | PublicKey is a session public key |
+| KeySignature | [bytes](#bytes) |  | KeySignature is a session public key signature. Signed by trusted side |
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+| <a name="double" /> double |  | double | double | float |
+| <a name="float" /> float |  | float | float | float |
+| <a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
+| <a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
+| <a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
+| <a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
+| <a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
+| <a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
+| <a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
+| <a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
+| <a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
+| <a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
+| <a name="bool" /> bool |  | bool | boolean | boolean |
+| <a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
+| <a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |
+
diff --git a/proto-docs/state.md b/proto-docs/state.md
new file mode 100644
index 0000000..7950455
--- /dev/null
+++ b/proto-docs/state.md
@@ -0,0 +1,188 @@
+# Protocol Documentation
+<a name="top"></a>
+
+## Table of Contents
+
+- [state/service.proto](#state/service.proto)
+ - Services
+    - [Status](#state.Status)
+    
+  - Messages
+    - [DumpRequest](#state.DumpRequest)
+    - [DumpResponse](#state.DumpResponse)
+    - [HealthRequest](#state.HealthRequest)
+    - [HealthResponse](#state.HealthResponse)
+    - [MetricsRequest](#state.MetricsRequest)
+    - [MetricsResponse](#state.MetricsResponse)
+    - [NetmapRequest](#state.NetmapRequest)
+    
+
+- [Scalar Value Types](#scalar-value-types)
+
+
+
+<a name="state/service.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## state/service.proto
+
+
+
+
+<a name="state.Status"></a>
+
+### Service "state.Status"
+Status service provides node's healthcheck and status info
+
+```
+rpc Netmap(NetmapRequest) returns (.bootstrap.SpreadMap);
+rpc Metrics(MetricsRequest) returns (MetricsResponse);
+rpc HealthCheck(HealthRequest) returns (HealthResponse);
+rpc DumpConfig(DumpRequest) returns (DumpResponse);
+
+```
+
+#### Method Netmap
+
+Netmap request allows to receive current [bootstrap.SpreadMap](bootstrap.md#bootstrap.SpreadMap)
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Netmap | [NetmapRequest](#state.NetmapRequest) | [.bootstrap.SpreadMap](#bootstrap.SpreadMap) |
+#### Method Metrics
+
+Metrics request allows to receive metrics in prometheus format
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| Metrics | [MetricsRequest](#state.MetricsRequest) | [MetricsResponse](#state.MetricsResponse) |
+#### Method HealthCheck
+
+HealthCheck request allows to check health status of the node.
+If node unhealthy field Status would contains detailed info.
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| HealthCheck | [HealthRequest](#state.HealthRequest) | [HealthResponse](#state.HealthResponse) |
+#### Method DumpConfig
+
+DumpConfig request allows dumping settings for the current node.
+To permit access, used server config options.
+The request should be signed.
+
+| Name | Input | Output |
+| ---- | ----- | ------ |
+| DumpConfig | [DumpRequest](#state.DumpRequest) | [DumpResponse](#state.DumpResponse) |
+ <!-- end services -->
+
+
+<a name="state.DumpRequest"></a>
+
+### Message DumpRequest
+DumpRequest message to fetch current server config.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="state.DumpResponse"></a>
+
+### Message DumpResponse
+DumpResponse message contains current server config.
+Config stored in JSON encoded into slice of bytes.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Config | [bytes](#bytes) |  |  |
+
+
+<a name="state.HealthRequest"></a>
+
+### Message HealthRequest
+HealthRequest message to check current state
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="state.HealthResponse"></a>
+
+### Message HealthResponse
+HealthResponse message with current state
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Healthy | [bool](#bool) |  | Healthy is true when node alive and healthy |
+| Status | [string](#string) |  | Status contains detailed information about health status |
+
+
+<a name="state.MetricsRequest"></a>
+
+### Message MetricsRequest
+MetricsRequest message to request node metrics
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+
+<a name="state.MetricsResponse"></a>
+
+### Message MetricsResponse
+MetricsResponse contains [][]byte,
+every []byte is marshaled MetricFamily proto message
+from github.com/prometheus/client_model/metrics.proto
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Metrics | [bytes](#bytes) | repeated |  |
+
+
+<a name="state.NetmapRequest"></a>
+
+### Message NetmapRequest
+NetmapRequest message to request current node netmap
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
+| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+| <a name="double" /> double |  | double | double | float |
+| <a name="float" /> float |  | float | float | float |
+| <a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
+| <a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
+| <a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
+| <a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
+| <a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
+| <a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
+| <a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
+| <a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
+| <a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
+| <a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
+| <a name="bool" /> bool |  | bool | boolean | boolean |
+| <a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
+| <a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |
+
diff --git a/proto-docs/storagegroup.md b/proto-docs/storagegroup.md
new file mode 100644
index 0000000..7522902
--- /dev/null
+++ b/proto-docs/storagegroup.md
@@ -0,0 +1,88 @@
+# Protocol Documentation
+<a name="top"></a>
+
+## Table of Contents
+
+- [storagegroup/types.proto](#storagegroup/types.proto)
+
+  - Messages
+    - [StorageGroup](#storagegroup.StorageGroup)
+    - [StorageGroup.Lifetime](#storagegroup.StorageGroup.Lifetime)
+    
+
+- [Scalar Value Types](#scalar-value-types)
+
+
+
+<a name="storagegroup/types.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## storagegroup/types.proto
+
+
+ <!-- end services -->
+
+
+<a name="storagegroup.StorageGroup"></a>
+
+### Message StorageGroup
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ValidationDataSize | [uint64](#uint64) |  | ValidationDataSize is size of the all object's payloads included into storage group |
+| ValidationHash | [bytes](#bytes) |  | ValidationHash is homomorphic hash of all object's payloads included into storage group |
+| lifetime | [StorageGroup.Lifetime](#storagegroup.StorageGroup.Lifetime) |  | Lifetime is time until storage group is valid |
+
+
+<a name="storagegroup.StorageGroup.Lifetime"></a>
+
+### Message StorageGroup.Lifetime
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| unit | [StorageGroup.Lifetime.Unit](#storagegroup.StorageGroup.Lifetime.Unit) |  | Unit is lifetime type |
+| Value | [int64](#int64) |  | Value for lifetime |
+
+ <!-- end messages -->
+
+
+<a name="storagegroup.StorageGroup.Lifetime.Unit"></a>
+
+### StorageGroup.Lifetime.Unit
+
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| Unlimited | 0 | Unlimited set if storage group always valid |
+| NeoFSEpoch | 1 | NeoFSEpoch set if storage group is valid until lifetime NeoFS epoch |
+| UnixTime | 2 | UnixTime set if storage group is valid until lifetime unix timestamp |
+
+
+ <!-- end enums -->
+
+
+
+## Scalar Value Types
+
+| .proto Type | Notes | C++ Type | Java Type | Python Type |
+| ----------- | ----- | -------- | --------- | ----------- |
+| <a name="double" /> double |  | double | double | float |
+| <a name="float" /> float |  | float | float | float |
+| <a name="int32" /> int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
+| <a name="int64" /> int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
+| <a name="uint32" /> uint32 | Uses variable-length encoding. | uint32 | int | int/long |
+| <a name="uint64" /> uint64 | Uses variable-length encoding. | uint64 | long | int/long |
+| <a name="sint32" /> sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
+| <a name="sint64" /> sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
+| <a name="fixed32" /> fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
+| <a name="fixed64" /> fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
+| <a name="sfixed32" /> sfixed32 | Always four bytes. | int32 | int | int |
+| <a name="sfixed64" /> sfixed64 | Always eight bytes. | int64 | long | int/long |
+| <a name="bool" /> bool |  | bool | boolean | boolean |
+| <a name="string" /> string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
+| <a name="bytes" /> bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |
+
diff --git a/query/types.proto b/query/types.proto
new file mode 100644
index 0000000..6eaed5d
--- /dev/null
+++ b/query/types.proto
@@ -0,0 +1,32 @@
+syntax = "proto3";
+package query;
+option go_package = "github.com/nspcc-dev/neofs-proto/query";
+
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+message Filter {
+    option (gogoproto.goproto_stringer) = false;
+
+    enum Type {
+        // Exact sets when value of filter should be equal to the header value
+        Exact = 0;
+        // Regex sets when value of filter should match the header value by the regular expression
+        Regex = 1;
+    }
+
+    // Type of filter
+    Type type = 1 [(gogoproto.customname) = "Type"];
+    // Name of field that should be filtered
+    string Name = 2;
+    // Value that should be used for filter
+    string Value = 3;
+}
+
+message Query {
+    option (gogoproto.goproto_stringer) = false;
+
+    // Filters is set of filters, should not be empty
+    repeated Filter Filters = 1 [(gogoproto.nullable) = false];
+}
diff --git a/refs/types.proto b/refs/types.proto
new file mode 100644
index 0000000..8c7d2eb
--- /dev/null
+++ b/refs/types.proto
@@ -0,0 +1,18 @@
+syntax = "proto3";
+package refs;
+option go_package = "github.com/nspcc-dev/neofs-proto/refs";
+
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+option (gogoproto.stringer_all) =  false;
+option (gogoproto.goproto_stringer_all) = false;
+
+// Address of object (container id + object id)
+message Address {
+    // ObjectID is an object identifier, valid UUIDv4 represented in bytes
+    bytes ObjectID = 1[(gogoproto.customtype) = "ObjectID", (gogoproto.nullable) = false];
+    // CID is container identifier
+    bytes CID      = 2[(gogoproto.customtype) = "CID",      (gogoproto.nullable) = false];
+}
diff --git a/service/meta.proto b/service/meta.proto
new file mode 100644
index 0000000..d3c3005
--- /dev/null
+++ b/service/meta.proto
@@ -0,0 +1,19 @@
+syntax = "proto3";
+package service;
+option go_package = "github.com/nspcc-dev/neofs-proto/service";
+
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+// RequestMetaHeader contains information about request meta headers
+// (should be embedded into message)
+message RequestMetaHeader {
+    // TTL must be larger than zero, it decreased in every NeoFS Node
+    uint32 TTL     = 1;
+    // Epoch for user can be empty, because node sets epoch to the actual value
+    uint64 Epoch   = 2;
+    // Version defines protocol version
+    // TODO: not used for now, should be implemented in future
+    uint32 Version = 3;
+}
diff --git a/service/verify.proto b/service/verify.proto
new file mode 100644
index 0000000..c70015b
--- /dev/null
+++ b/service/verify.proto
@@ -0,0 +1,30 @@
+syntax = "proto3";
+package service;
+option go_package = "github.com/nspcc-dev/neofs-proto/service";
+
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request
+// (should be embedded into message).
+message RequestVerificationHeader {
+    message Sign {
+        // Sign is signature of the request or session key.
+        bytes Sign = 1;
+        // Peer is compressed public key used for signature.
+        bytes Peer = 2;
+    }
+
+    message Signature {
+        // Sign is a signature and public key of the request.
+        Sign Sign   = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+        // Origin used for requests, when trusted node changes it and re-sign with session key.
+        // If session key used for signature request, then Origin should contain
+        // public key of user and signed session key.
+        Sign Origin = 2;
+    }
+
+    // Signatures is a set of signatures of every passed NeoFS Node
+    repeated Signature Signatures = 1;
+}
diff --git a/session/service.proto b/session/service.proto
new file mode 100644
index 0000000..377e77e
--- /dev/null
+++ b/session/service.proto
@@ -0,0 +1,52 @@
+syntax = "proto3";
+package session;
+option go_package = "github.com/nspcc-dev/neofs-proto/session";
+
+import "session/types.proto";
+import "service/meta.proto";
+import "service/verify.proto";
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+
+service Session {
+    // Create is a method that used to open a trusted session to manipulate
+    // an object. In order to put or delete object client have to obtain session
+    // token with trusted node. Trusted node will modify client's object
+    // (add missing headers, checksums, homomorphic hash) and sign id with
+    // session key. Session is established during 4-step handshake in one gRPC stream
+    //
+    // - First client stream message SHOULD BE type of `CreateRequest_Init`.
+    // - First server stream message SHOULD BE type of `CreateResponse_Unsigned`.
+    // - Second client stream message SHOULD BE type of `CreateRequest_Signed`.
+    // - Second server stream message SHOULD BE type of `CreateResponse_Result`.
+    rpc Create (stream CreateRequest) returns (stream CreateResponse);
+}
+
+
+message CreateRequest {
+    // Message should be one of
+    oneof Message {
+        // Init is a message to initialize session opening. Carry:
+        // owner of manipulation object;
+        // ID of manipulation object;
+        // token lifetime bounds.
+        session.Token Init = 1;
+        // Signed Init message response (Unsigned) from server with user private key
+        session.Token Signed = 2;
+    }
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+message CreateResponse {
+    oneof Message {
+        // Unsigned token with token ID and session public key generated on server side
+        session.Token Unsigned = 1;
+        // Result is a resulting token which can be used for object placing through an trusted intermediary
+        session.Token Result = 2;
+    }
+}
diff --git a/session/types.proto b/session/types.proto
new file mode 100644
index 0000000..294928b
--- /dev/null
+++ b/session/types.proto
@@ -0,0 +1,34 @@
+syntax = "proto3";
+package session;
+option go_package = "github.com/nspcc-dev/neofs-proto/session";
+
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+message VerificationHeader {
+    // PublicKey is a session public key
+    bytes PublicKey = 1;
+    // KeySignature is a session public key signature. Signed by trusted side
+    bytes KeySignature = 2;
+}
+
+// User token granting rights for object manipulation
+message Token {
+    // Header carries verification data of session key
+    VerificationHeader Header = 1 [(gogoproto.nullable) = false];
+    // OwnerID is an owner of manipulation object
+    bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+    // FirstEpoch is an initial epoch of token lifetime
+    uint64 FirstEpoch = 3;
+    // LastEpoch is a last epoch of token lifetime
+    uint64 LastEpoch = 4;
+    // ObjectID is an object identifier of manipulation object
+    repeated bytes ObjectID = 5 [(gogoproto.customtype) = "ObjectID", (gogoproto.nullable) = false];
+    // Signature is a token signature, signed by owner of manipulation object
+    bytes Signature = 6;
+    // ID is a token identifier. valid UUIDv4 represented in bytes
+    bytes ID = 7 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
+    // PublicKeys associated with owner
+    repeated bytes PublicKeys = 8;
+}
diff --git a/state/service.proto b/state/service.proto
new file mode 100644
index 0000000..a30af22
--- /dev/null
+++ b/state/service.proto
@@ -0,0 +1,78 @@
+syntax = "proto3";
+package state;
+option go_package = "github.com/nspcc-dev/neofs-proto/state";
+
+import "service/meta.proto";
+import "service/verify.proto";
+import "bootstrap/types.proto";
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+// Status service provides node's healthcheck and status info
+service Status {
+    // Netmap request allows to receive current [bootstrap.SpreadMap](bootstrap.md#bootstrap.SpreadMap)
+    rpc Netmap(NetmapRequest) returns (bootstrap.SpreadMap);
+    // Metrics request allows to receive metrics in prometheus format
+    rpc Metrics(MetricsRequest) returns (MetricsResponse);
+    // HealthCheck request allows to check health status of the node.
+    // If node unhealthy field Status would contains detailed info.
+    rpc HealthCheck(HealthRequest) returns (HealthResponse);
+    // DumpConfig request allows dumping settings for the current node.
+    // To permit access, used server config options.
+    // The request should be signed.
+    rpc DumpConfig(DumpRequest) returns (DumpResponse);
+}
+
+// NetmapRequest message to request current node netmap
+message NetmapRequest {
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+// MetricsRequest message to request node metrics
+message MetricsRequest {
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+// MetricsResponse contains [][]byte,
+// every []byte is marshaled MetricFamily proto message
+// from github.com/prometheus/client_model/metrics.proto
+message MetricsResponse {
+    repeated bytes Metrics = 1;
+}
+
+// HealthRequest message to check current state
+message HealthRequest {
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+// HealthResponse message with current state
+message HealthResponse {
+    // Healthy is true when node alive and healthy
+    bool Healthy  = 1;
+    // Status contains detailed information about health status
+    string Status = 2;
+}
+
+// DumpRequest message to fetch current server config.
+message DumpRequest {
+    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
+    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
+    service.RequestVerificationHeader Verify = 99 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
+}
+
+// DumpResponse message contains current server config.
+// Config stored in JSON encoded into slice of bytes.
+message DumpResponse {
+    bytes Config = 1;
+}
diff --git a/storagegroup/types.proto b/storagegroup/types.proto
new file mode 100644
index 0000000..5014b96
--- /dev/null
+++ b/storagegroup/types.proto
@@ -0,0 +1,35 @@
+syntax = "proto3";
+package storagegroup;
+option go_package = "github.com/nspcc-dev/neofs-proto/storagegroup";
+
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option (gogoproto.stable_marshaler_all) = true;
+
+message StorageGroup {
+    option (gogoproto.goproto_stringer) = false;
+
+    // ValidationDataSize is size of the all object's payloads included into storage group
+    uint64 ValidationDataSize = 1;
+    // ValidationHash is homomorphic hash of all object's payloads included into storage group
+    bytes ValidationHash = 2 [(gogoproto.customtype) = "Hash", (gogoproto.nullable) = false];
+
+    message Lifetime {
+        enum Unit {
+            // Unlimited set if storage group always valid
+            Unlimited = 0;
+            // NeoFSEpoch set if storage group is valid until lifetime NeoFS epoch
+            NeoFSEpoch = 1;
+            // UnixTime set if storage group is valid until lifetime unix timestamp
+            UnixTime = 2;
+        }
+
+        // Unit is lifetime type
+        Unit unit = 1 [(gogoproto.customname) = "Unit"];
+        // Value for lifetime
+        int64 Value = 2;
+    }
+
+    // Lifetime is time until storage group is valid
+    Lifetime lifetime = 3 [(gogoproto.customname) = "Lifetime"];
+}