[#XX] tmp

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
[#312 ] pool: Ignore ECInfoErr erros in GetSplitInfo
2024-12-16 12:21:41 +03:00 · 2024-12-11 18:23:37 +03:00 · 2024-12-06 10:16:48 +03:00 · 2024-10-16 13:16:34 +03:00 · 2024-09-06 16:54:51 +03:00 · 2024-09-06 16:54:31 +03:00
231 changed files with 19107 additions and 11172 deletions
--- a/.forgejo/workflows/dco.yml
+++ b/.forgejo/workflows/dco.yml
@ -0,0 +1,21 @@
+name: DCO
+on: [pull_request]
+
+jobs:
+  dco:
+    name: DCO
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.23'
+
+      - name: Run commit format checker
+        uses: https://git.frostfs.info/TrueCloudLab/dco-go@v3
+        with:
+          from: 'origin/${{ github.event.pull_request.base.ref }}'
--- a/.forgejo/workflows/tests.yml
+++ b/.forgejo/workflows/tests.yml
@ -0,0 +1,39 @@
+name: Tests and linters
+on: [pull_request]
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.23'
+          cache: true
+
+      - name: Install linters
+        run: make lint-install
+
+      - name: Run linters
+        run: make lint
+
+  tests:
+    name: Tests
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go_versions: [ '1.22', '1.23' ]
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '${{ matrix.go_versions }}'
+
+      - name: Run tests
+        run: make test
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -0,0 +1,45 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: community, triage, bug
+assignees: ''
+
+---
+
+<!--- Provide a general summary of the issue in the Title above -->
+
+## Expected Behavior
+<!--- If you're describing a bug, tell us what should happen -->
+<!--- If you're suggesting a change/improvement, tell us how it should work -->
+
+## Current Behavior
+<!--- If describing a bug, tell us what happens instead of the expected behavior -->
+<!--- If suggesting a change/improvement, explain the difference from current behavior -->
+
+## Possible Solution
+<!--- Not obligatory -->
+<!--- If no reason/fix/additions for the bug can be suggested, -->
+<!--- uncomment the following phrase: -->
+
+<!--- No fix can be suggested by a QA engineer. Further solutions shall be up to developers. -->
+
+## Steps to Reproduce (for bugs)
+<!--- Provide a link to a live example, or an unambiguous set of steps to -->
+<!--- reproduce this bug. -->
+
+1.
+
+## Context
+<!--- How has this issue affected you? What are you trying to accomplish? -->
+<!--- Providing context helps us come up with a solution that is most useful in the real world -->
+
+## Regression
+<!-- Is this issue a regression? (Yes / No) -->
+<!-- If Yes, optionally please include version or commit id or PR# that caused this regression, if you have these details. -->
+
+## Your Environment
+<!--- Include as many relevant details about the environment you experienced the bug in -->
+* Version used:
+* Server setup and configuration:
+* Operating System and version (`uname -a`):
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -0,0 +1 @@
+blank_issues_enabled: false
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: community, triage
+assignees: ''
+
+---
+
+## Is your feature request related to a problem? Please describe.
+<!--- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
+
+## Describe the solution you'd like
+<!--- A clear and concise description of what you want to happen. -->
+
+## Describe alternatives you've considered
+<!--- A clear and concise description of any alternative solutions or features you've considered. -->
+
+## Additional context
+<!--- Add any other context or screenshots about the feature request here. -->
--- a/.github/workflows/dco.yml
+++ b/.github/workflows/dco.yml
@ -1,21 +0,0 @@
-name: DCO check
-
-on:
-  pull_request:
-    branches:
-      - master
-
-jobs:
-  commits_check_job:
-    runs-on: ubuntu-latest
-    name: Commits Check
-    steps:
-    - name: Get PR Commits
-      id: 'get-pr-commits'
-      uses: tim-actions/get-pr-commits@master
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-    - name: DCO Check
-      uses: tim-actions/dco@master
-      with:
-        commits: ${{ steps.get-pr-commits.outputs.commits }}
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -1,52 +0,0 @@
-name: neofs-sdk-go tests
-
-on:
-  pull_request:
-    branches:
-      - master
-    types: [opened, synchronize]
-    paths-ignore:
-      - '**/*.md'
-  workflow_dispatch:
-
-jobs:
-  tests:
-    name: Tests
-    runs-on: ubuntu-20.04
-    strategy:
-      matrix:
-        go_versions: [ '1.18.x', '1.19.x', '1.20.x' ]
-      fail-fast: false
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: '${{ matrix.go_versions }}'
-
-      - name: Restore Go modules from cache
-        uses: actions/cache@v3
-        with:
-          path: /home/runner/go/pkg/mod
-          key: deps-${{ hashFiles('go.sum') }}
-
-      - name: Update Go modules
-        run: make dep
-
-      - name: Run tests
-        run: make test
-
-  lint:
-    runs-on: ubuntu-20.04
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v3
-
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          version: latest
-          only-new-issues: true
--- a/.gitignore
+++ b/.gitignore
@ -21,3 +21,13 @@ vendor/
 # coverage
 coverage.txt
 coverage.html
+
+# antlr tool jar
+antlr-*.jar
+
+# tempfiles
+.cache
+
+# binary
+bin/
+release/
--- a/.gitlint
+++ b/.gitlint
@ -1,10 +0,0 @@
-[general]
-fail-without-commits=true
-contrib=CC1
-
-[title-match-regex]
-regex=^\[\#[0-9]+\]\s
-
-[ignore-by-title]
-regex=^Release(.*)
-ignore=title-match-regex
--- a/.golangci.yml
+++ b/.golangci.yml
@ -4,15 +4,16 @@
 # options for analysis running
 run:
  # timeout for analysis, e.g. 30s, 5m, default is 1m
-  timeout: 5m
+  timeout: 10m

  # include test files or not, default is true
-  tests: true
+  tests: false

 # output configuration options
 output:
  # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
-  format: tab
+  formats:
+    - format: tab

 # all available settings of specific linters
 linters-settings:
@ -25,8 +26,12 @@ linters-settings:
    # report about shadowed variables
    check-shadowing: false
  staticcheck:
-    checks: ["all", "-SA1019"] # TODO Enable SA1019 after deprecated warning are fixed.
-
+    checks: ["all", "-SA1019"]
+  funlen:
+    lines: 80 # default 60
+    statements: 60 # default 40
+  gocognit:
+    min-complexity: 40 # default 30

 linters:
  enable:
@ -37,23 +42,26 @@ linters:
    # some default golangci-lint linters
    - errcheck
    - gosimple
+    - godot
    - ineffassign
    - staticcheck
    - typecheck
    - unused

    # extra linters
+    - bidichk
+    - durationcheck
    - exhaustive
-    - godot
+    - exportloopref
    - gofmt
-    - whitespace
    - goimports
+    - misspell
+    - predeclared
+    - reassign
+    - whitespace
+    - containedctx
+    - funlen
+    - gocognit
+    - contextcheck
  disable-all: true
  fast: false
-
-issues:
-  include:
-    - EXC0002 # should have a comment
-    - EXC0003 # test/Test ... consider calling this
-    - EXC0004 # govet
-    - EXC0005 # C-style breaks
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -16,15 +16,21 @@ repos:
    - id: trailing-whitespace
      args: [--markdown-linebreak-ext=md]
    - id: end-of-file-fixer
-      exclude: ".key$"
+      exclude: "(.key|.interp|.tokens)$"

-  - repo: https://github.com/golangci/golangci-lint
-    rev: v1.51.2
+  - repo: local
    hooks:
-    - id: golangci-lint
+       - id: go-unit-tests
+         name: go unit tests
+         entry: make test GOFLAGS=''
+         pass_filenames: false
+         types: [go]
+         language: system

-  - repo: https://github.com/jorisroovers/gitlint
-    rev:  v0.18.0
+  - repo: local
    hooks:
-      - id: gitlint
-        stages: [commit-msg]
+      - id: make-lint
+        name: Run Make Lint
+        entry: make lint
+        language: system
+        pass_filenames: false
--- a/4
+++ b/4
@ -0,0 +1,4 @@
+FROM golang:1.22
+
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install make openjdk-11-jre -y
+WORKDIR /work
--- a/43
+++ b/43
@ -1,8 +1,16 @@
 #!/usr/bin/make -f

+ANTLR_VERSION="4.13.0"
+TMP_DIR := .cache
+LINT_VERSION ?= 1.60.1
+TRUECLOUDLAB_LINT_VERSION ?= 0.0.6
+OUTPUT_LINT_DIR ?= $(shell pwd)/bin
+LINT_DIR = $(OUTPUT_LINT_DIR)/golangci-lint-$(LINT_VERSION)-v$(TRUECLOUDLAB_LINT_VERSION)
+
 # Run tests
+test: GOFLAGS ?= "-cover -count=1"
 test:
-	@go test ./... -cover
+	@GOFLAGS=$(GOFLAGS) go test ./...

 # Pull go dependencies
 dep:
@ -13,9 +21,23 @@ dep:
 	@CGO_ENABLED=0 \
 	go mod tidy -v && echo OK

+# Install linters
+lint-install:
+	@mkdir -p $(TMP_DIR)
+	@rm -rf $(TMP_DIR)/linters
+	@git -c advice.detachedHead=false clone --branch v$(TRUECLOUDLAB_LINT_VERSION) https://git.frostfs.info/TrueCloudLab/linters.git $(TMP_DIR)/linters
+	@@make -C $(TMP_DIR)/linters lib CGO_ENABLED=1 OUT_DIR=$(OUTPUT_LINT_DIR)
+	@rm -rf $(TMP_DIR)/linters
+	@rmdir $(TMP_DIR) 2>/dev/null || true
+	@CGO_ENABLED=1 GOBIN=$(LINT_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v$(LINT_VERSION)
+
 # Run linters
 lint:
-	@golangci-lint --timeout=5m run
+	@if [ ! -d "$(LINT_DIR)" ]; then \
+		echo "Run make lint-install"; \
+		exit 1; \
+	fi
+	$(LINT_DIR)/golangci-lint run

 # Run tests with race detection and produce coverage output
 cover:
@ -29,6 +51,23 @@ format:
 	@echo "⇒ Processing goimports check"
 	@goimports -w ./

+policy:
+	@wget -q https://www.antlr.org/download/antlr-${ANTLR_VERSION}-complete.jar -O antlr4-tool.jar
+	@java -Xmx500M -cp "`pwd`/antlr4-tool.jar" "org.antlr.v4.Tool" -o `pwd`/netmap/parser/ -Dlanguage=Go -no-listener -visitor `pwd`/netmap/parser/Query.g4 `pwd`/netmap/parser/QueryLexer.g4
+
+# Run `make %` in truecloudlab/frostfs-sdk-go container(Golang+Java)
+docker/%:
+	@docker build -t truecloudlab/frostfs-sdk-go --platform linux/amd64 . > /dev/null
+	@docker run --rm -t \
+	-v `pwd`:/work \
+	-u "$$(id -u):$$(id -g)" \
+	--env HOME=/work \
+	truecloudlab/frostfs-sdk-go make $*
+
+# Synchronize tree service
+sync-tree:
+	@./syncTree.sh
+
 # Show this help prompt
 help:
 	@echo '  Usage:'
--- a/README.md
+++ b/README.md
@ -42,7 +42,6 @@ Contains client for working with FrostFS.
 ```go
 var prmInit client.PrmInit
 prmInit.SetDefaultPrivateKey(key) // private key for request signing
-prmInit.ResolveFrostFSFailures() // enable erroneous status parsing

 var c client.Client
 c.Init(prmInit)
@ -77,8 +76,7 @@ if needed and perform any desired action. In the case above we may want to repor
 these details to the user as well as retry an operation, possibly with different parameters.
 Status wire-format is extendable and each node can report any set of details it wants.
 The set of reserved status codes can be found in
-[FrostFS API](https://git.frostfs.info/TrueCloudLab/frostfs-api/src/branch/master/status/types.proto). There is also
-a `client.PrmInit.ResolveFrostFSFailures()` to seamlessly convert erroneous statuses into Go error type.
+[FrostFS API](https://git.frostfs.info/TrueCloudLab/frostfs-api/src/branch/master/status/types.proto).

 ### policy
 Contains helpers allowing conversion of placing policy from/to JSON representation
--- a/ape/chain.go
+++ b/ape/chain.go
@ -0,0 +1,52 @@
+package ape
+
+import (
+	"errors"
+	"fmt"
+
+	apeV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/ape"
+)
+
+var (
+	ErrInvalidChainRepresentation = errors.New("invalid chain representation")
+)
+
+// ChainID is Chain's identifier.
+type ChainID []byte
+
+// Chain is an SDK representation for v2's Chain.
+//
+// Note that Chain (as well as v2's Chain) and all related entities
+// are NOT operated by Access-Policy-Engine (APE). The client is responsible
+// to convert these types to policy-engine entities.
+type Chain struct {
+	// Raw is the encoded chain kind.
+	// It assumes that Raw's bytes are the result of encoding provided by
+	// policy-engine package.
+	Raw []byte
+}
+
+// ToV2 converts Chain to v2.
+func (c *Chain) ToV2() *apeV2.Chain {
+	v2ct := new(apeV2.Chain)
+
+	if c.Raw != nil {
+		v2Raw := new(apeV2.ChainRaw)
+		v2Raw.SetRaw(c.Raw)
+		v2ct.SetKind(v2Raw)
+	}
+
+	return v2ct
+}
+
+// ReadFromV2 fills Chain from v2.
+func (c *Chain) ReadFromV2(v2ct *apeV2.Chain) error {
+	switch v := v2ct.GetKind().(type) {
+	default:
+		return fmt.Errorf("unsupported chain kind: %T", v)
+	case *apeV2.ChainRaw:
+		raw := v.GetRaw()
+		c.Raw = raw
+	}
+	return nil
+}
--- a/ape/chain_target.go
+++ b/ape/chain_target.go
@ -0,0 +1,53 @@
+package ape
+
+import (
+	apeV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/ape"
+)
+
+// TargetType is an SDK representation for v2's TargetType.
+type TargetType apeV2.TargetType
+
+const (
+	TargetTypeUndefined TargetType = iota
+	TargetTypeNamespace
+	TargetTypeContainer
+	TargetTypeUser
+	TargetTypeGroup
+)
+
+// ToV2 converts TargetType to v2.
+func (targetType TargetType) ToV2() apeV2.TargetType {
+	return apeV2.TargetType(targetType)
+}
+
+// FromV2 reads TargetType to v2.
+func (targetType *TargetType) FromV2(v2targetType apeV2.TargetType) {
+	*targetType = TargetType(v2targetType)
+}
+
+// ChainTarget is an SDK representation for v2's ChainTarget.
+//
+// Note that ChainTarget (as well as v2's ChainTarget) and all related entities
+// are NOT operated by Access-Policy-Engine (APE). The client is responsible
+// to convert these types to policy-engine entities.
+type ChainTarget struct {
+	TargetType TargetType
+
+	Name string
+}
+
+// ToV2 converts ChainTarget to v2.
+func (ct *ChainTarget) ToV2() *apeV2.ChainTarget {
+	v2ct := new(apeV2.ChainTarget)
+
+	v2ct.SetTargetType(ct.TargetType.ToV2())
+	v2ct.SetName(ct.Name)
+
+	return v2ct
+}
+
+// FromV2 reads ChainTarget frpm v2.
+func (ct *ChainTarget) FromV2(v2ct *apeV2.ChainTarget) {
+	ct.TargetType.FromV2(v2ct.GetTargetType())
+	ct.Name = v2ct.GetName()
+}
--- a/ape/chain_target_test.go
+++ b/ape/chain_target_test.go
@ -0,0 +1,65 @@
+package ape_test
+
+import (
+	"testing"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
+	"github.com/stretchr/testify/require"
+
+	apeV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/ape"
+)
+
+var (
+	m = map[ape.TargetType]apeV2.TargetType{
+		ape.TargetTypeUndefined: apeV2.TargetTypeUndefined,
+		ape.TargetTypeNamespace: apeV2.TargetTypeNamespace,
+		ape.TargetTypeContainer: apeV2.TargetTypeContainer,
+		ape.TargetTypeUser:      apeV2.TargetTypeUser,
+		ape.TargetTypeGroup:     apeV2.TargetTypeGroup,
+	}
+)
+
+func TestTargetType(t *testing.T) {
+	for typesdk, typev2 := range m {
+		t.Run("from sdk to v2 "+typev2.String(), func(t *testing.T) {
+			v2 := typesdk.ToV2()
+			require.Equal(t, v2, typev2)
+		})
+
+		t.Run("from v2 to sdk "+typev2.String(), func(t *testing.T) {
+			var typ ape.TargetType
+			typ.FromV2(typev2)
+			require.Equal(t, typesdk, typ)
+		})
+	}
+}
+
+func TestChainTarget(t *testing.T) {
+	var (
+		typ  = ape.TargetTypeNamespace
+		name = "namespaceXXYYZZ"
+	)
+
+	t.Run("from sdk to v2", func(t *testing.T) {
+		ct := ape.ChainTarget{
+			TargetType: typ,
+			Name:       name,
+		}
+
+		v2 := ct.ToV2()
+		require.Equal(t, m[typ], v2.GetTargetType())
+		require.Equal(t, name, v2.GetName())
+	})
+
+	t.Run("from v2 to sdk", func(t *testing.T) {
+		v2 := &apeV2.ChainTarget{}
+		v2.SetTargetType(m[typ])
+		v2.SetName(name)
+
+		var ct ape.ChainTarget
+		ct.FromV2(v2)
+
+		require.Equal(t, typ, ct.TargetType)
+		require.Equal(t, name, ct.Name)
+	})
+}
--- a/ape/chain_test.go
+++ b/ape/chain_test.go
@ -0,0 +1,43 @@
+package ape_test
+
+import (
+	"testing"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
+	"github.com/stretchr/testify/require"
+
+	apeV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/ape"
+)
+
+const (
+	encoded = `{"ID":"","Rules":[{"Status":"Allow","Actions":{"Inverted":false,"Names":["GetObject"]},"Resources":{"Inverted":false,"Names":["native:object/*"]},"Any":false,"Condition":[{"Op":"StringEquals","Object":"Resource","Key":"Department","Value":"HR"}]}],"MatchType":"DenyPriority"}`
+)
+
+func TestChainData(t *testing.T) {
+	t.Run("raw chain", func(t *testing.T) {
+		var c ape.Chain
+
+		b := []byte(encoded)
+		c.Raw = b
+
+		v2, ok := c.ToV2().GetKind().(*apeV2.ChainRaw)
+		require.True(t, ok)
+		require.Equal(t, b, v2.Raw)
+	})
+}
+
+func TestChainMessageV2(t *testing.T) {
+	b := []byte(encoded)
+
+	v2Raw := &apeV2.ChainRaw{}
+	v2Raw.SetRaw(b)
+
+	v2 := &apeV2.Chain{}
+	v2.SetKind(v2Raw)
+
+	var c ape.Chain
+	c.ReadFromV2(v2)
+
+	require.NotNil(t, c.Raw)
+	require.Equal(t, b, c.Raw)
+}
--- a/audit/doc.go
+++ b/audit/doc.go
@ -1,26 +0,0 @@
-/*
-Package audit provides features to process data audit in FrostFS system.
-
-Result type groups values which can be gathered during data audit process:
-
-	var res audit.Result
-	res.ForEpoch(32)
-	res.ForContainer(cnr)
-	// ...
-	res.Complete()
-
-Result instances can be stored in a binary format. On reporter side:
-
-	data := res.Marshal()
-	// send data
-
-On receiver side:
-
-	var res audit.Result
-	err := res.Unmarshal(data)
-	// ...
-
-Using package types in an application is recommended to potentially work with
-different protocol versions with which these types are compatible.
-*/
-package audit
--- a/audit/result.go
+++ b/audit/result.go
@ -1,377 +0,0 @@
-package audit
-
-import (
-	"errors"
-	"fmt"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/audit"
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/version"
-)
-
-// Result represents report on the results of the data audit in FrostFS system.
-//
-// Result is mutually binary-compatible with git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/audit.DataAuditResult
-// message. See Marshal / Unmarshal methods.
-//
-// Instances can be created using built-in var declaration.
-type Result struct {
-	versionEncoded bool
-
-	v2 audit.DataAuditResult
-}
-
-// Marshal encodes Result into a canonical FrostFS binary format (Protocol Buffers
-// with direct field order).
-//
-// Writes version.Current() protocol version into the resulting message if Result
-// hasn't been already decoded from such a message using Unmarshal.
-//
-// See also Unmarshal.
-func (r *Result) Marshal() []byte {
-	if !r.versionEncoded {
-		var verV2 refs.Version
-		version.Current().WriteToV2(&verV2)
-		r.v2.SetVersion(&verV2)
-		r.versionEncoded = true
-	}
-
-	return r.v2.StableMarshal(nil)
-}
-
-var errCIDNotSet = errors.New("container ID is not set")
-
-// Unmarshal decodes Result from its canonical FrostFS binary format (Protocol Buffers
-// with direct field order). Returns an error describing a format violation.
-//
-// See also Marshal.
-func (r *Result) Unmarshal(data []byte) error {
-	err := r.v2.Unmarshal(data)
-	if err != nil {
-		return err
-	}
-
-	r.versionEncoded = true
-
-	// format checks
-
-	var cID cid.ID
-
-	cidV2 := r.v2.GetContainerID()
-	if cidV2 == nil {
-		return errCIDNotSet
-	}
-
-	err = cID.ReadFromV2(*cidV2)
-	if err != nil {
-		return fmt.Errorf("could not convert V2 container ID: %w", err)
-	}
-
-	var (
-		oID   oid.ID
-		oidV2 refs.ObjectID
-	)
-
-	for _, oidV2 = range r.v2.GetPassSG() {
-		err = oID.ReadFromV2(oidV2)
-		if err != nil {
-			return fmt.Errorf("invalid passed storage group ID: %w", err)
-		}
-	}
-
-	for _, oidV2 = range r.v2.GetFailSG() {
-		err = oID.ReadFromV2(oidV2)
-		if err != nil {
-			return fmt.Errorf("invalid failed storage group ID: %w", err)
-		}
-	}
-
-	return nil
-}
-
-// Epoch returns FrostFS epoch when the data associated with the Result was audited.
-//
-// Zero Result has zero epoch.
-//
-// See also ForEpoch.
-func (r Result) Epoch() uint64 {
-	return r.v2.GetAuditEpoch()
-}
-
-// ForEpoch specifies FrostFS epoch when the data associated with the Result was audited.
-//
-// See also Epoch.
-func (r *Result) ForEpoch(epoch uint64) {
-	r.v2.SetAuditEpoch(epoch)
-}
-
-// Container returns identifier of the container with which the data audit Result
-// is associated and a bool that indicates container ID field presence in the Result.
-//
-// Zero Result does not have container ID.
-//
-// See also ForContainer.
-func (r Result) Container() (cid.ID, bool) {
-	var cID cid.ID
-
-	cidV2 := r.v2.GetContainerID()
-	if cidV2 != nil {
-		_ = cID.ReadFromV2(*cidV2)
-		return cID, true
-	}
-
-	return cID, false
-}
-
-// ForContainer sets identifier of the container with which the data audit Result
-// is associated.
-//
-// See also Container.
-func (r *Result) ForContainer(cnr cid.ID) {
-	var cidV2 refs.ContainerID
-	cnr.WriteToV2(&cidV2)
-
-	r.v2.SetContainerID(&cidV2)
-}
-
-// AuditorKey returns public key of the auditing FrostFS Inner Ring node in
-// a FrostFS binary key format.
-//
-// Zero Result has nil key. Return value MUST NOT be mutated: to do this,
-// first make a copy.
-//
-// See also SetAuditorPublicKey.
-func (r Result) AuditorKey() []byte {
-	return r.v2.GetPublicKey()
-}
-
-// SetAuditorKey specifies public key of the auditing FrostFS Inner Ring node in
-// a FrostFS binary key format.
-//
-// Argument MUST NOT be mutated at least until the end of using the Result.
-//
-// See also AuditorKey.
-func (r *Result) SetAuditorKey(key []byte) {
-	r.v2.SetPublicKey(key)
-}
-
-// Completed returns completion state of the data audit associated with the Result.
-//
-// Zero Result corresponds to incomplete data audit.
-//
-// See also Complete.
-func (r Result) Completed() bool {
-	return r.v2.GetComplete()
-}
-
-// Complete marks the data audit associated with the Result as completed.
-//
-// See also Completed.
-func (r *Result) Complete() {
-	r.v2.SetComplete(true)
-}
-
-// RequestsPoR returns number of requests made by Proof-of-Retrievability
-// audit check to get all headers of the objects inside storage groups.
-//
-// Zero Result has zero requests.
-//
-// See also SetRequestsPoR.
-func (r Result) RequestsPoR() uint32 {
-	return r.v2.GetRequests()
-}
-
-// SetRequestsPoR sets number of requests made by Proof-of-Retrievability
-// audit check to get all headers of the objects inside storage groups.
-//
-// See also RequestsPoR.
-func (r *Result) SetRequestsPoR(v uint32) {
-	r.v2.SetRequests(v)
-}
-
-// RetriesPoR returns number of retries made by Proof-of-Retrievability
-// audit check to get all headers of the objects inside storage groups.
-//
-// Zero Result has zero retries.
-//
-// See also SetRetriesPoR.
-func (r Result) RetriesPoR() uint32 {
-	return r.v2.GetRetries()
-}
-
-// SetRetriesPoR sets number of retries made by Proof-of-Retrievability
-// audit check to get all headers of the objects inside storage groups.
-//
-// See also RetriesPoR.
-func (r *Result) SetRetriesPoR(v uint32) {
-	r.v2.SetRetries(v)
-}
-
-// IteratePassedStorageGroups iterates over all storage groups that passed
-// Proof-of-Retrievability audit check and passes them into f. Breaks on f's
-// false return, f MUST NOT be nil.
-//
-// Zero Result has no passed storage groups and doesn't call f.
-//
-// See also SubmitPassedStorageGroup.
-func (r Result) IteratePassedStorageGroups(f func(oid.ID) bool) {
-	r2 := r.v2.GetPassSG()
-
-	var id oid.ID
-
-	for i := range r2 {
-		_ = id.ReadFromV2(r2[i])
-
-		if !f(id) {
-			return
-		}
-	}
-}
-
-// SubmitPassedStorageGroup marks storage group as passed Proof-of-Retrievability
-// audit check.
-//
-// See also IteratePassedStorageGroups.
-func (r *Result) SubmitPassedStorageGroup(sg oid.ID) {
-	var idV2 refs.ObjectID
-	sg.WriteToV2(&idV2)
-
-	r.v2.SetPassSG(append(r.v2.GetPassSG(), idV2))
-}
-
-// IterateFailedStorageGroups is similar to IteratePassedStorageGroups but for failed groups.
-//
-// See also SubmitFailedStorageGroup.
-func (r Result) IterateFailedStorageGroups(f func(oid.ID) bool) {
-	v := r.v2.GetFailSG()
-	var id oid.ID
-
-	for i := range v {
-		_ = id.ReadFromV2(v[i])
-		if !f(id) {
-			return
-		}
-	}
-}
-
-// SubmitFailedStorageGroup is similar to SubmitPassedStorageGroup but for failed groups.
-//
-// See also IterateFailedStorageGroups.
-func (r *Result) SubmitFailedStorageGroup(sg oid.ID) {
-	var idV2 refs.ObjectID
-	sg.WriteToV2(&idV2)
-
-	r.v2.SetFailSG(append(r.v2.GetFailSG(), idV2))
-}
-
-// Hits returns number of sampled objects under audit placed
-// in an optimal way according to the container's placement policy
-// when checking Proof-of-Placement.
-//
-// Zero result has zero hits.
-//
-// See also SetHits.
-func (r Result) Hits() uint32 {
-	return r.v2.GetHit()
-}
-
-// SetHits sets number of sampled objects under audit placed
-// in an optimal way according to the containers placement policy
-// when checking Proof-of-Placement.
-//
-// See also Hits.
-func (r *Result) SetHits(hit uint32) {
-	r.v2.SetHit(hit)
-}
-
-// Misses returns number of sampled objects under audit placed
-// in suboptimal way according to the container's placement policy,
-// but still at a satisfactory level when checking Proof-of-Placement.
-//
-// Zero Result has zero misses.
-//
-// See also SetMisses.
-func (r Result) Misses() uint32 {
-	return r.v2.GetMiss()
-}
-
-// SetMisses sets number of sampled objects under audit placed
-// in suboptimal way according to the container's placement policy,
-// but still at a satisfactory level when checking Proof-of-Placement.
-//
-// See also Misses.
-func (r *Result) SetMisses(miss uint32) {
-	r.v2.SetMiss(miss)
-}
-
-// Failures returns number of sampled objects under audit stored
-// in a way not confirming placement policy or not found at all
-// when checking Proof-of-Placement.
-//
-// Zero result has zero failures.
-//
-// See also SetFailures.
-func (r Result) Failures() uint32 {
-	return r.v2.GetFail()
-}
-
-// SetFailures sets number of sampled objects under audit stored
-// in a way not confirming placement policy or not found at all
-// when checking Proof-of-Placement.
-//
-// See also Failures.
-func (r *Result) SetFailures(fail uint32) {
-	r.v2.SetFail(fail)
-}
-
-// IteratePassedStorageNodes iterates over all storage nodes that passed at least one
-// Proof-of-Data-Possession audit check and passes their public keys into f. Breaks on
-// f's false return.
-//
-// f MUST NOT be nil and MUST NOT mutate parameter passed into it at least until
-// the end of using the Result.
-//
-// Zero Result has no passed storage nodes and doesn't call f.
-//
-// See also SubmitPassedStorageNode.
-func (r Result) IteratePassedStorageNodes(f func([]byte) bool) {
-	v := r.v2.GetPassNodes()
-
-	for i := range v {
-		if !f(v[i]) {
-			return
-		}
-	}
-}
-
-// SubmitPassedStorageNodes marks storage node list as passed Proof-of-Data-Possession
-// audit check. The list contains public keys.
-//
-// Argument and its elements MUST NOT be mutated at least until the end of using the Result.
-//
-// See also IteratePassedStorageNodes.
-func (r *Result) SubmitPassedStorageNodes(list [][]byte) {
-	r.v2.SetPassNodes(list)
-}
-
-// IterateFailedStorageNodes is similar to IteratePassedStorageNodes but for failed nodes.
-//
-// See also SubmitPassedStorageNodes.
-func (r Result) IterateFailedStorageNodes(f func([]byte) bool) {
-	v := r.v2.GetFailNodes()
-
-	for i := range v {
-		if !f(v[i]) {
-			return
-		}
-	}
-}
-
-// SubmitFailedStorageNodes is similar to SubmitPassedStorageNodes but for failed nodes.
-//
-// See also IterateFailedStorageNodes.
-func (r *Result) SubmitFailedStorageNodes(list [][]byte) {
-	r.v2.SetFailNodes(list)
-}
--- a/audit/result_test.go
+++ b/audit/result_test.go
@ -1,191 +0,0 @@
-package audit_test
-
-import (
-	"bytes"
-	"testing"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/audit"
-	audittest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/audit/test"
-	cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test"
-	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
-	oidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id/test"
-	"github.com/stretchr/testify/require"
-)
-
-func TestResultData(t *testing.T) {
-	var r audit.Result
-
-	countSG := func(passed bool, f func(oid.ID)) int {
-		called := 0
-
-		ff := func(arg oid.ID) bool {
-			called++
-
-			if f != nil {
-				f(arg)
-			}
-
-			return true
-		}
-
-		if passed {
-			r.IteratePassedStorageGroups(ff)
-		} else {
-			r.IterateFailedStorageGroups(ff)
-		}
-
-		return called
-	}
-
-	countPassSG := func(f func(oid.ID)) int { return countSG(true, f) }
-	countFailSG := func(f func(oid.ID)) int { return countSG(false, f) }
-
-	countNodes := func(passed bool, f func([]byte)) int {
-		called := 0
-
-		ff := func(arg []byte) bool {
-			called++
-
-			if f != nil {
-				f(arg)
-			}
-
-			return true
-		}
-
-		if passed {
-			r.IteratePassedStorageNodes(ff)
-		} else {
-			r.IterateFailedStorageNodes(ff)
-		}
-
-		return called
-	}
-
-	countPassNodes := func(f func([]byte)) int { return countNodes(true, f) }
-	countFailNodes := func(f func([]byte)) int { return countNodes(false, f) }
-
-	require.Zero(t, r.Epoch())
-	_, set := r.Container()
-	require.False(t, set)
-	require.Nil(t, r.AuditorKey())
-	require.False(t, r.Completed())
-	require.Zero(t, r.RequestsPoR())
-	require.Zero(t, r.RetriesPoR())
-	require.Zero(t, countPassSG(nil))
-	require.Zero(t, countFailSG(nil))
-	require.Zero(t, countPassNodes(nil))
-	require.Zero(t, countFailNodes(nil))
-
-	epoch := uint64(13)
-	r.ForEpoch(epoch)
-	require.Equal(t, epoch, r.Epoch())
-
-	cnr := cidtest.ID()
-	r.ForContainer(cnr)
-	cID, set := r.Container()
-	require.True(t, set)
-	require.Equal(t, cnr, cID)
-
-	key := []byte{1, 2, 3}
-	r.SetAuditorKey(key)
-	require.Equal(t, key, r.AuditorKey())
-
-	r.Complete()
-	require.True(t, r.Completed())
-
-	requests := uint32(2)
-	r.SetRequestsPoR(requests)
-	require.Equal(t, requests, r.RequestsPoR())
-
-	retries := uint32(1)
-	r.SetRetriesPoR(retries)
-	require.Equal(t, retries, r.RetriesPoR())
-
-	passSG1, passSG2 := oidtest.ID(), oidtest.ID()
-	r.SubmitPassedStorageGroup(passSG1)
-	r.SubmitPassedStorageGroup(passSG2)
-
-	called1, called2 := false, false
-
-	require.EqualValues(t, 2, countPassSG(func(id oid.ID) {
-		if id.Equals(passSG1) {
-			called1 = true
-		} else if id.Equals(passSG2) {
-			called2 = true
-		}
-	}))
-	require.True(t, called1)
-	require.True(t, called2)
-
-	failSG1, failSG2 := oidtest.ID(), oidtest.ID()
-	r.SubmitFailedStorageGroup(failSG1)
-	r.SubmitFailedStorageGroup(failSG2)
-
-	called1, called2 = false, false
-
-	require.EqualValues(t, 2, countFailSG(func(id oid.ID) {
-		if id.Equals(failSG1) {
-			called1 = true
-		} else if id.Equals(failSG2) {
-			called2 = true
-		}
-	}))
-	require.True(t, called1)
-	require.True(t, called2)
-
-	hit := uint32(1)
-	r.SetHits(hit)
-	require.Equal(t, hit, r.Hits())
-
-	miss := uint32(2)
-	r.SetMisses(miss)
-	require.Equal(t, miss, r.Misses())
-
-	fail := uint32(3)
-	r.SetFailures(fail)
-	require.Equal(t, fail, r.Failures())
-
-	passNodes := [][]byte{{1}, {2}}
-	r.SubmitPassedStorageNodes(passNodes)
-
-	called1, called2 = false, false
-
-	require.EqualValues(t, 2, countPassNodes(func(arg []byte) {
-		if bytes.Equal(arg, passNodes[0]) {
-			called1 = true
-		} else if bytes.Equal(arg, passNodes[1]) {
-			called2 = true
-		}
-	}))
-	require.True(t, called1)
-	require.True(t, called2)
-
-	failNodes := [][]byte{{3}, {4}}
-	r.SubmitFailedStorageNodes(failNodes)
-
-	called1, called2 = false, false
-
-	require.EqualValues(t, 2, countFailNodes(func(arg []byte) {
-		if bytes.Equal(arg, failNodes[0]) {
-			called1 = true
-		} else if bytes.Equal(arg, failNodes[1]) {
-			called2 = true
-		}
-	}))
-	require.True(t, called1)
-	require.True(t, called2)
-}
-
-func TestResultEncoding(t *testing.T) {
-	r := *audittest.Result()
-
-	t.Run("binary", func(t *testing.T) {
-		data := r.Marshal()
-
-		var r2 audit.Result
-		require.NoError(t, r2.Unmarshal(data))
-
-		require.Equal(t, r, r2)
-	})
-}
--- a/audit/test/doc.go
+++ b/audit/test/doc.go
@ -1,13 +0,0 @@
-/*
-Package audittest provides functions for convenient testing of audit package API.
-
-Note that importing the package into source files is highly discouraged.
-
-Random instance generation functions can be useful when testing expects any value, e.g.:
-
-	import audittest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/audit/test"
-
-	dec := audittest.Result()
-	// test the value
-*/
-package audittest
--- a/audit/test/generate.go
+++ b/audit/test/generate.go
@ -1,36 +0,0 @@
-package audittest
-
-import (
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/audit"
-	cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test"
-	oidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id/test"
-)
-
-// Result returns random audit.Result.
-func Result() *audit.Result {
-	var x audit.Result
-
-	x.ForContainer(cidtest.ID())
-	x.SetAuditorKey([]byte("key"))
-	x.Complete()
-	x.ForEpoch(44)
-	x.SetHits(55)
-	x.SetMisses(66)
-	x.SetFailures(77)
-	x.SetRequestsPoR(88)
-	x.SetRequestsPoR(99)
-	x.SubmitFailedStorageNodes([][]byte{
-		[]byte("node1"),
-		[]byte("node2"),
-	})
-	x.SubmitPassedStorageNodes([][]byte{
-		[]byte("node3"),
-		[]byte("node4"),
-	})
-	x.SubmitPassedStorageGroup(oidtest.ID())
-	x.SubmitPassedStorageGroup(oidtest.ID())
-	x.SubmitFailedStorageGroup(oidtest.ID())
-	x.SubmitFailedStorageGroup(oidtest.ID())
-
-	return &x
-}
--- a/bearer/bearer.go
+++ b/bearer/bearer.go
@ -6,7 +6,9 @@ import (
 	"fmt"

 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl"
+	apeV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
+	apeSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
 	frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
@ -32,6 +34,84 @@ type Token struct {

 	sigSet bool
 	sig    refs.Signature
+
+	apeOverrideSet bool
+	apeOverride    APEOverride
+
+	impersonate bool
+}
+
+// APEOverride is the list of APE chains defined for a target.
+// These chains are meant to serve as overrides to the already defined (or even undefined)
+// APE chains for the target (see contract `Policy`).
+//
+// The server-side processing of the bearer token with set APE overrides must verify if a client is permitted
+// to override chains for the target, preventing unauthorized access through the APE mechanism.
+type APEOverride struct {
+	// Target for which chains are applied.
+	Target apeSDK.ChainTarget
+
+	// The list of APE chains.
+	Chains []apeSDK.Chain
+}
+
+// Marshal marshals APEOverride into a protobuf binary form.
+func (c *APEOverride) Marshal() ([]byte, error) {
+	return c.ToV2().StableMarshal(nil), nil
+}
+
+// Unmarshal unmarshals protobuf binary representation of APEOverride.
+func (c *APEOverride) Unmarshal(data []byte) error {
+	overrideV2 := new(acl.APEOverride)
+	if err := overrideV2.Unmarshal(data); err != nil {
+		return err
+	}
+
+	return c.FromV2(overrideV2)
+}
+
+// MarshalJSON encodes APEOverride to protobuf JSON format.
+func (c *APEOverride) MarshalJSON() ([]byte, error) {
+	return c.ToV2().MarshalJSON()
+}
+
+// UnmarshalJSON decodes APEOverride from protobuf JSON format.
+func (c *APEOverride) UnmarshalJSON(data []byte) error {
+	overrideV2 := new(acl.APEOverride)
+	if err := overrideV2.UnmarshalJSON(data); err != nil {
+		return err
+	}
+
+	return c.FromV2(overrideV2)
+}
+
+func (c *APEOverride) FromV2(tokenAPEChains *acl.APEOverride) error {
+	c.Target.FromV2(tokenAPEChains.GetTarget())
+	if chains := tokenAPEChains.GetChains(); len(chains) > 0 {
+		c.Chains = make([]apeSDK.Chain, len(chains))
+		for i := range chains {
+			if err := c.Chains[i].ReadFromV2(chains[i]); err != nil {
+				return fmt.Errorf("invalid APE chain: %w", err)
+			}
+		}
+	}
+	return nil
+}
+
+func (c *APEOverride) ToV2() *acl.APEOverride {
+	if c == nil {
+		return nil
+	}
+
+	apeOverride := new(acl.APEOverride)
+	apeOverride.SetTarget(c.Target.ToV2())
+	chains := make([]*apeV2.Chain, len(c.Chains))
+	for i := range c.Chains {
+		chains[i] = c.Chains[i].ToV2()
+	}
+	apeOverride.SetChains(chains)
+
+	return apeOverride
 }

 // reads Token from the acl.BearerToken message. If checkFieldPresence is set,
@ -44,10 +124,13 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error {
 		return errors.New("missing token body")
 	}

+	b.impersonate = body.GetImpersonate()
+
+	apeOverrides := body.GetAPEOverride()
 	eaclTable := body.GetEACL()
 	if b.eaclTableSet = eaclTable != nil; b.eaclTableSet {
 		b.eaclTable = *eacl.NewTableFromV2(eaclTable)
-	} else if checkFieldPresence {
+	} else if checkFieldPresence && !b.impersonate && apeOverrides == nil {
 		return errors.New("missing eACL table")
 	}

@ -68,6 +151,14 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error {
 		return errors.New("missing token lifetime")
 	}

+	if b.apeOverrideSet = apeOverrides != nil; b.apeOverrideSet {
+		if err = b.apeOverride.FromV2(apeOverrides); err != nil {
+			return err
+		}
+	} else if checkFieldPresence && !b.impersonate && !b.eaclTableSet {
+		return errors.New("missing APE override")
+	}
+
 	sig := m.GetSignature()
 	if b.sigSet = sig != nil; sig != nil {
 		b.sig = *sig
@ -86,7 +177,7 @@ func (b *Token) ReadFromV2(m acl.BearerToken) error {
 }

 func (b Token) fillBody() *acl.BearerTokenBody {
-	if !b.eaclTableSet && !b.targetUserSet && !b.lifetimeSet {
+	if !b.eaclTableSet && !b.targetUserSet && !b.lifetimeSet && !b.impersonate && !b.apeOverrideSet {
 		return nil
 	}

@ -112,6 +203,12 @@ func (b Token) fillBody() *acl.BearerTokenBody {
 		body.SetLifetime(&lifetime)
 	}

+	if b.apeOverrideSet {
+		body.SetAPEOverride(b.apeOverride.ToV2())
+	}
+
+	body.SetImpersonate(b.impersonate)
+
 	return &body
 }

@ -208,6 +305,36 @@ func (b Token) EACLTable() eacl.Table {
 	return eacl.Table{}
 }

+// SetAPEOverride sets APE override to the bearer token.
+//
+// See also: APEOverride.
+func (b *Token) SetAPEOverride(v APEOverride) {
+	b.apeOverride = v
+	b.apeOverrideSet = true
+}
+
+// APEOverride returns APE override set by SetAPEOverride.
+//
+// Zero Token has zero APEOverride.
+func (b *Token) APEOverride() APEOverride {
+	if b.apeOverrideSet {
+		return b.apeOverride
+	}
+
+	return APEOverride{}
+}
+
+// SetImpersonate mark token as impersonate to consider token signer as request owner.
+// If this field is true extended EACLTable in token body isn't processed.
+func (b *Token) SetImpersonate(v bool) {
+	b.impersonate = v
+}
+
+// Impersonate returns true if token is impersonated.
+func (b Token) Impersonate() bool {
+	return b.impersonate
+}
+
 // AssertContainer checks if the token is valid within the given container.
 //
 // Note: cnr is assumed to refer to the issuer's container, otherwise the check
--- a/bearer/bearer_test.go
+++ b/bearer/bearer_test.go
@ -3,6 +3,7 @@ package bearer_test
 import (
 	"bytes"
 	"math/rand"
+	"reflect"
 	"testing"

 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl"
@ -81,6 +82,58 @@ func TestToken_SetEACLTable(t *testing.T) {
 	require.True(t, isEqualEACLTables(eaclTable, val.EACLTable()))
 }

+func TestToken_SetAPEOverrides(t *testing.T) {
+	var val bearer.Token
+	var m acl.BearerToken
+	filled := bearertest.Token()
+
+	val.WriteToV2(&m)
+	require.Zero(t, m.GetBody())
+
+	val2 := filled
+
+	require.NoError(t, val2.Unmarshal(val.Marshal()))
+	require.Zero(t, val2.APEOverride())
+
+	val2 = filled
+
+	jd, err := val.MarshalJSON()
+	require.NoError(t, err)
+
+	require.NoError(t, val2.UnmarshalJSON(jd))
+	require.Zero(t, val2.APEOverride())
+
+	// set value
+
+	tApe := bearertest.APEOverride()
+
+	val.SetAPEOverride(tApe)
+	require.Equal(t, tApe, val.APEOverride())
+
+	val.WriteToV2(&m)
+	require.NotNil(t, m.GetBody().GetAPEOverride())
+	require.True(t, tokenAPEOverridesEqual(tApe.ToV2(), m.GetBody().GetAPEOverride()))
+
+	val2 = filled
+
+	require.NoError(t, val2.Unmarshal(val.Marshal()))
+	apeOverride := val2.APEOverride()
+	require.True(t, tokenAPEOverridesEqual(tApe.ToV2(), apeOverride.ToV2()))
+
+	val2 = filled
+
+	jd, err = val.MarshalJSON()
+	require.NoError(t, err)
+
+	require.NoError(t, val2.UnmarshalJSON(jd))
+	apeOverride = val.APEOverride()
+	require.True(t, tokenAPEOverridesEqual(tApe.ToV2(), apeOverride.ToV2()))
+}
+
+func tokenAPEOverridesEqual(lhs, rhs *acl.APEOverride) bool {
+	return reflect.DeepEqual(lhs, rhs)
+}
+
 func TestToken_ForUser(t *testing.T) {
 	var val bearer.Token
 	var m acl.BearerToken
@ -107,7 +160,7 @@ func TestToken_ForUser(t *testing.T) {
 	require.Zero(t, m.GetBody())

 	// set value
-	usr := *usertest.ID()
+	usr := usertest.ID()

 	var usrV2 refs.OwnerID
 	usr.WriteToV2(&usrV2)
@ -243,11 +296,11 @@ func TestToken_AssertContainer(t *testing.T) {

 func TestToken_AssertUser(t *testing.T) {
 	var val bearer.Token
-	usr := *usertest.ID()
+	usr := usertest.ID()

 	require.True(t, val.AssertUser(usr))

-	val.ForUser(*usertest.ID())
+	val.ForUser(usertest.ID())
 	require.False(t, val.AssertUser(usr))

 	val.ForUser(usr)
@ -323,12 +376,16 @@ func TestToken_ReadFromV2(t *testing.T) {

 	require.NoError(t, val.ReadFromV2(m))

+	body.SetEACL(nil)
+	body.SetImpersonate(true)
+	require.NoError(t, val.ReadFromV2(m))
+
 	var m2 acl.BearerToken

 	val.WriteToV2(&m2)
 	require.Equal(t, m, m2)

-	usr, usr2 := *usertest.ID(), *usertest.ID()
+	usr, usr2 := usertest.ID(), usertest.ID()

 	require.True(t, val.AssertUser(usr))
 	require.True(t, val.AssertUser(usr2))
--- a/bearer/test/generate.go
+++ b/bearer/test/generate.go
@ -1,6 +1,7 @@
 package bearertest

 import (
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	eacltest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl/test"
 	usertest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user/test"
@ -13,8 +14,19 @@ func Token() (t bearer.Token) {
 	t.SetExp(3)
 	t.SetNbf(2)
 	t.SetIat(1)
-	t.ForUser(*usertest.ID())
+	t.ForUser(usertest.ID())
 	t.SetEACLTable(*eacltest.Table())
+	t.SetAPEOverride(APEOverride())

 	return t
 }
+
+func APEOverride() bearer.APEOverride {
+	return bearer.APEOverride{
+		Target: ape.ChainTarget{
+			TargetType: ape.TargetTypeContainer,
+			Name:       "F8JsMnChywiPvbDvpxMbjTjx5KhWHHp6gCDt8BhzL9kF",
+		},
+		Chains: []ape.Chain{{Raw: []byte("{}")}},
+	}
+}
--- a/checksum/checksum.go
+++ b/checksum/checksum.go
@ -24,17 +24,17 @@ type Checksum refs.Checksum

 // Type represents the enumeration
 // of checksum types.
-type Type uint8
+type Type refs.ChecksumType

 const (
 	// Unknown is an undefined checksum type.
-	Unknown Type = iota
+	Unknown Type = Type(refs.UnknownChecksum)

 	// SHA256 is a SHA256 checksum type.
-	SHA256
+	SHA256 = Type(refs.SHA256)

 	// TZ is a Tillich-Zémor checksum type.
-	TZ
+	TZ = Type(refs.TillichZemor)
 )

 // ReadFromV2 reads Checksum from the refs.Checksum message. Checks if the
--- a/checksum/example_test.go
+++ b/checksum/example_test.go
@ -2,9 +2,9 @@ package checksum

 import (
 	"bytes"
+	"crypto/rand"
 	"crypto/sha256"
 	"fmt"
-	"math/rand"

 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
 )
--- a/checksum/test/generate.go
+++ b/checksum/test/generate.go
@ -1,8 +1,8 @@
 package checksumtest

 import (
+	"crypto/rand"
 	"crypto/sha256"
-	"math/rand"

 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/checksum"
 )
@ -11,7 +11,7 @@ import (
 func Checksum() checksum.Checksum {
 	var cs [sha256.Size]byte

-	rand.Read(cs[:])
+	_, _ = rand.Read(cs[:])

 	var x checksum.Checksum

--- a/client/accounting.go
+++ b/client/accounting.go
@ -2,28 +2,50 @@ package client

 import (
 	"context"
+	"fmt"

 	v2accounting "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/accounting"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
 	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
+	v2session "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/accounting"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 )

 // PrmBalanceGet groups parameters of BalanceGet operation.
 type PrmBalanceGet struct {
-	prmCommonMeta
+	XHeaders []string

-	accountSet bool
-	account    user.ID
+	Account user.ID
 }

 // SetAccount sets identifier of the FrostFS account for which the balance is requested.
 // Required parameter.
+//
+// Deprecated: Use PrmBalanceGet.Account instead.
 func (x *PrmBalanceGet) SetAccount(id user.ID) {
-	x.account = id
-	x.accountSet = true
+	x.Account = id
+}
+
+func (x *PrmBalanceGet) buildRequest(c *Client) (*v2accounting.BalanceRequest, error) {
+	if x.Account.IsEmpty() {
+		return nil, errorAccountNotSet
+	}
+
+	var accountV2 refs.OwnerID
+	x.Account.WriteToV2(&accountV2)
+
+	var body v2accounting.BalanceRequestBody
+	body.SetOwnerID(&accountV2)
+
+	var req v2accounting.BalanceRequest
+	req.SetBody(&body)
+
+	c.prepareRequest(&req, new(v2session.RequestMetaHeader))
+	return &req, nil
 }

 // ResBalanceGet groups resulting values of BalanceGet operation.
@ -42,9 +64,9 @@ func (x ResBalanceGet) Amount() accounting.Decimal {
 //
 // Exactly one return value is non-nil. By default, server status is returned in res structure.
 // Any client's internal or transport errors are returned as `error`,
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
+// If PrmInit.DisableFrostFSFailuresResolution has been called, unsuccessful
+// FrostFS status codes are included in the returned result structure,
+// otherwise, are also returned as `error`.
 //
 // Returns an error if parameters are set incorrectly (see PrmBalanceGet docs).
 // Context is required and must not be nil. It is used for network communication.
@ -52,60 +74,35 @@ func (x ResBalanceGet) Amount() accounting.Decimal {
 // Return statuses:
 //   - global (see Client docs).
 func (c *Client) BalanceGet(ctx context.Context, prm PrmBalanceGet) (*ResBalanceGet, error) {
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case !prm.accountSet:
-		return nil, errorAccountNotSet
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
 	}

-	// form request body
-	var accountV2 refs.OwnerID
-	prm.account.WriteToV2(&accountV2)
-
-	var body v2accounting.BalanceRequestBody
-	body.SetOwnerID(&accountV2)
-
-	// form request
-	var req v2accounting.BalanceRequest
-
-	req.SetBody(&body)
-
-	// init call context
-
-	var (
-		cc  contextCall
-		res ResBalanceGet
-	)
-
-	c.initCallContext(&cc)
-	cc.meta = prm.prmCommonMeta
-	cc.req = &req
-	cc.statusRes = &res
-	cc.call = func() (responseV2, error) {
-		return rpcapi.Balance(&c.c, &req, client.WithContext(ctx))
+	if err := signature.SignServiceMessage(&c.prm.Key, req); err != nil {
+		return nil, fmt.Errorf("sign request: %w", err)
+	}
+
+	resp, err := rpcapi.Balance(&c.c, req, client.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	var res ResBalanceGet
+	res.st, err = c.processResponse(resp)
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
 	}
-	cc.result = func(r responseV2) {
-		resp := r.(*v2accounting.BalanceResponse)

 	const fieldBalance = "balance"

 	bal := resp.GetBody().GetBalance()
 	if bal == nil {
-			cc.err = newErrMissingResponseField(fieldBalance)
-			return
+		return &res, newErrMissingResponseField(fieldBalance)
 	}

-		cc.err = res.amount.ReadFromV2(*bal)
-		if cc.err != nil {
-			cc.err = newErrInvalidResponseField(fieldBalance, cc.err)
+	if err := res.amount.ReadFromV2(*bal); err != nil {
+		return &res, newErrInvalidResponseField(fieldBalance, err)
 	}
-	}
-
-	// process call
-	if !cc.processCall() {
-		return nil, cc.err
-	}
-
 	return &res, nil
 }
--- a/client/apemanager_add_chain.go
+++ b/client/apemanager_add_chain.go
@ -0,0 +1,79 @@
+package client
+
+import (
+	"context"
+	"fmt"
+
+	apemanagerV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/apemanager"
+	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
+	sessionV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
+	apeSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+)
+
+// PrmAPEManagerAddChain groups parameters of APEManagerAddChain operation.
+type PrmAPEManagerAddChain struct {
+	XHeaders []string
+
+	ChainTarget apeSDK.ChainTarget
+
+	Chain apeSDK.Chain
+}
+
+func (prm *PrmAPEManagerAddChain) buildRequest(c *Client) (*apemanagerV2.AddChainRequest, error) {
+	if len(prm.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	req := new(apemanagerV2.AddChainRequest)
+	reqBody := new(apemanagerV2.AddChainRequestBody)
+
+	reqBody.SetTarget(prm.ChainTarget.ToV2())
+	reqBody.SetChain(prm.Chain.ToV2())
+
+	req.SetBody(reqBody)
+
+	var meta sessionV2.RequestMetaHeader
+	writeXHeadersToMeta(prm.XHeaders, &meta)
+
+	c.prepareRequest(req, &meta)
+
+	return req, nil
+}
+
+type ResAPEManagerAddChain struct {
+	statusRes
+
+	// ChainID of set Chain. If Chain does not contain chainID before request, then
+	// ChainID is generated.
+	ChainID apeSDK.ChainID
+}
+
+// APEManagerAddChain sets Chain for ChainTarget.
+func (c *Client) APEManagerAddChain(ctx context.Context, prm PrmAPEManagerAddChain) (*ResAPEManagerAddChain, error) {
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := signature.SignServiceMessage(&c.prm.Key, req); err != nil {
+		return nil, fmt.Errorf("sign request: %w", err)
+	}
+
+	resp, err := rpcapi.AddChain(&c.c, req, client.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	var res ResAPEManagerAddChain
+	res.st, err = c.processResponse(resp)
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
+	}
+
+	res.ChainID = resp.GetBody().GetChainID()
+
+	return &res, nil
+}
--- a/client/apemanager_list_chains.go
+++ b/client/apemanager_list_chains.go
@ -0,0 +1,80 @@
+package client
+
+import (
+	"context"
+	"fmt"
+
+	apemanagerV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/apemanager"
+	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
+	sessionV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
+	apeSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+)
+
+// PrmAPEManagerListChains groups parameters of APEManagerListChains operation.
+type PrmAPEManagerListChains struct {
+	XHeaders []string
+
+	ChainTarget apeSDK.ChainTarget
+}
+
+func (prm *PrmAPEManagerListChains) buildRequest(c *Client) (*apemanagerV2.ListChainsRequest, error) {
+	if len(prm.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	req := new(apemanagerV2.ListChainsRequest)
+	reqBody := new(apemanagerV2.ListChainsRequestBody)
+
+	reqBody.SetTarget(prm.ChainTarget.ToV2())
+
+	req.SetBody(reqBody)
+
+	var meta sessionV2.RequestMetaHeader
+	writeXHeadersToMeta(prm.XHeaders, &meta)
+
+	c.prepareRequest(req, &meta)
+
+	return req, nil
+}
+
+type ResAPEManagerListChains struct {
+	statusRes
+
+	Chains []apeSDK.Chain
+}
+
+// APEManagerListChains lists Chains for ChainTarget.
+func (c *Client) APEManagerListChains(ctx context.Context, prm PrmAPEManagerListChains) (*ResAPEManagerListChains, error) {
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := signature.SignServiceMessage(&c.prm.Key, req); err != nil {
+		return nil, fmt.Errorf("sign request: %w", err)
+	}
+
+	resp, err := rpcapi.ListChains(&c.c, req, client.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	var res ResAPEManagerListChains
+	res.st, err = c.processResponse(resp)
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
+	}
+
+	for _, ch := range resp.GetBody().GetChains() {
+		var chSDK apeSDK.Chain
+		if err := chSDK.ReadFromV2(ch); err != nil {
+			return nil, err
+		}
+		res.Chains = append(res.Chains, chSDK)
+	}
+
+	return &res, nil
+}
--- a/client/apemanager_remove_chain.go
+++ b/client/apemanager_remove_chain.go
@ -0,0 +1,73 @@
+package client
+
+import (
+	"context"
+	"fmt"
+
+	apemanagerV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/apemanager"
+	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
+	sessionV2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
+	apeSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ape"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+)
+
+// PrmAPEManagerRemoveChain groups parameters of APEManagerRemoveChain operation.
+type PrmAPEManagerRemoveChain struct {
+	XHeaders []string
+
+	ChainTarget apeSDK.ChainTarget
+
+	ChainID apeSDK.ChainID
+}
+
+func (prm *PrmAPEManagerRemoveChain) buildRequest(c *Client) (*apemanagerV2.RemoveChainRequest, error) {
+	if len(prm.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	req := new(apemanagerV2.RemoveChainRequest)
+	reqBody := new(apemanagerV2.RemoveChainRequestBody)
+
+	reqBody.SetTarget(prm.ChainTarget.ToV2())
+	reqBody.SetChainID(prm.ChainID)
+
+	req.SetBody(reqBody)
+
+	var meta sessionV2.RequestMetaHeader
+	writeXHeadersToMeta(prm.XHeaders, &meta)
+
+	c.prepareRequest(req, &meta)
+
+	return req, nil
+}
+
+type ResAPEManagerRemoveChain struct {
+	statusRes
+}
+
+// APEManagerRemoveChain removes Chain with ChainID defined for ChainTarget.
+func (c *Client) APEManagerRemoveChain(ctx context.Context, prm PrmAPEManagerRemoveChain) (*ResAPEManagerRemoveChain, error) {
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := signature.SignServiceMessage(&c.prm.Key, req); err != nil {
+		return nil, fmt.Errorf("sign request: %w", err)
+	}
+
+	resp, err := rpcapi.RemoveChain(&c.c, req, client.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	var res ResAPEManagerRemoveChain
+	res.st, err = c.processResponse(resp)
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
+	}
+
+	return &res, nil
+}
--- a/client/client.go
+++ b/client/client.go
@ -10,6 +10,7 @@ import (
 	v2accounting "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/accounting"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
+	"google.golang.org/grpc"
 )

 // Client represents virtual connection to the FrostFS network to communicate
@ -76,42 +77,30 @@ func (c *Client) Init(prm PrmInit) {
 // Calling multiple times leads to undefined behavior.
 //
 // See also Init / Close.
-func (c *Client) Dial(prm PrmDial) error {
-	if prm.endpoint == "" {
+func (c *Client) Dial(ctx context.Context, prm PrmDial) error {
+	if prm.Endpoint == "" {
 		return errorServerAddrUnset
 	}

-	if prm.timeoutDialSet {
-		if prm.timeoutDial <= 0 {
-			return errorNonPositiveTimeout
+	if prm.DialTimeout <= 0 {
+		prm.DialTimeout = defaultDialTimeout
 	}
-	} else {
-		prm.timeoutDial = 5 * time.Second
-	}
-
-	if prm.streamTimeoutSet {
-		if prm.streamTimeout <= 0 {
-			return errorNonPositiveTimeout
-		}
-	} else {
-		prm.streamTimeout = 10 * time.Second
+	if prm.StreamTimeout <= 0 {
+		prm.StreamTimeout = defaultStreamTimeout
 	}

 	c.c = *client.New(append(
-		client.WithNetworkURIAddress(prm.endpoint, prm.tlsConfig),
-		client.WithDialTimeout(prm.timeoutDial),
-		client.WithRWTimeout(prm.streamTimeout),
+		client.WithNetworkURIAddress(prm.Endpoint, prm.TLSConfig),
+		client.WithDialTimeout(prm.DialTimeout),
+		client.WithRWTimeout(prm.StreamTimeout),
+		client.WithGRPCDialOptions(prm.GRPCDialOptions),
 	)...)

 	c.setFrostFSAPIServer((*coreServer)(&c.c))

-	if prm.parentCtx == nil {
-		prm.parentCtx = context.Background()
-	}
-
 	// TODO: (neofs-api-go#382) perform generic dial stage of the client.Client
 	_, err := rpc.Balance(&c.c, new(v2accounting.BalanceRequest),
-		client.WithContext(prm.parentCtx),
+		client.WithContext(ctx),
 	)
 	// return context errors since they signal about dial problem
 	if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {
@ -146,52 +135,67 @@ func (c *Client) Close() error {
 //
 // See also Init.
 type PrmInit struct {
-	resolveFrostFSErrors bool
+	DisableFrostFSErrorResolution bool

-	key ecdsa.PrivateKey
+	Key ecdsa.PrivateKey

-	cbRespInfo func(ResponseMetaInfo) error
+	ResponseInfoCallback func(ResponseMetaInfo) error

-	netMagic uint64
+	NetMagic uint64
 }

 // SetDefaultPrivateKey sets Client private key to be used for the protocol
 // communication by default.
 //
 // Required for operations without custom key parametrization (see corresponding Prm* docs).
+//
+// Deprecated: Use PrmInit.Key instead.
 func (x *PrmInit) SetDefaultPrivateKey(key ecdsa.PrivateKey) {
-	x.key = key
+	x.Key = key
 }

-// ResolveFrostFSFailures makes the Client to resolve failure statuses of the
-// FrostFS protocol into Go built-in errors. These errors are returned from
-// each protocol operation. By default, statuses aren't resolved and written
-// to the resulting structure (see corresponding Res* docs).
+// Deprecated: method is no-op. Option is default.
 func (x *PrmInit) ResolveFrostFSFailures() {
-	x.resolveFrostFSErrors = true
+}
+
+// DisableFrostFSFailuresResolution makes the Client to preserve failure statuses of the
+// FrostFS protocol only in resulting structure (see corresponding Res* docs).
+// These errors are returned from each protocol operation. By default, statuses
+// are resolved and returned as a Go built-in errors.
+//
+// Deprecated: Use PrmInit.DisableFrostFSErrorResolution instead.
+func (x *PrmInit) DisableFrostFSFailuresResolution() {
+	x.DisableFrostFSErrorResolution = true
 }

 // SetResponseInfoCallback makes the Client to pass ResponseMetaInfo from each
 // FrostFS server response to f. Nil (default) means ignore response meta info.
+//
+// Deprecated: Use PrmInit.ResponseInfoCallback instead.
 func (x *PrmInit) SetResponseInfoCallback(f func(ResponseMetaInfo) error) {
-	x.cbRespInfo = f
+	x.ResponseInfoCallback = f
 }

+const (
+	defaultDialTimeout   = 5 * time.Second
+	defaultStreamTimeout = 10 * time.Second
+)
+
 // PrmDial groups connection parameters for the Client.
 //
 // See also Dial.
 type PrmDial struct {
-	endpoint string
+	Endpoint string

-	tlsConfig *tls.Config
+	TLSConfig *tls.Config

-	timeoutDialSet bool
-	timeoutDial    time.Duration
+	// If DialTimeout is non-positive, then it's set to defaultDialTimeout.
+	DialTimeout time.Duration

-	streamTimeoutSet bool
-	streamTimeout    time.Duration
+	// If StreamTimeout is non-positive, then it's set to defaultStreamTimeout.
+	StreamTimeout time.Duration

-	parentCtx context.Context
+	GRPCDialOptions []grpc.DialOption
 }

 // SetServerURI sets server URI in the FrostFS network.
@ -207,36 +211,41 @@ type PrmDial struct {
 //	grpcs
 //
 // See also SetTLSConfig.
+//
+// Deprecated: Use PrmDial.Endpoint instead.
 func (x *PrmDial) SetServerURI(endpoint string) {
-	x.endpoint = endpoint
+	x.Endpoint = endpoint
 }

 // SetTLSConfig sets tls.Config to open TLS client connection
 // to the FrostFS server. Nil (default) means insecure connection.
 //
 // See also SetServerURI.
+//
+// Depreacted: Use PrmDial.TLSConfig instead.
 func (x *PrmDial) SetTLSConfig(tlsConfig *tls.Config) {
-	x.tlsConfig = tlsConfig
+	x.TLSConfig = tlsConfig
 }

 // SetTimeout sets the timeout for connection to be established.
 // MUST BE positive. If not called, 5s timeout will be used by default.
+//
+// Deprecated: Use PrmDial.DialTimeout instead.
 func (x *PrmDial) SetTimeout(timeout time.Duration) {
-	x.timeoutDialSet = true
-	x.timeoutDial = timeout
+	x.DialTimeout = timeout
 }

 // SetStreamTimeout sets the timeout for individual operations in streaming RPC.
 // MUST BE positive. If not called, 10s timeout will be used by default.
+//
+// Deprecated: Use PrmDial.StreamTimeout instead.
 func (x *PrmDial) SetStreamTimeout(timeout time.Duration) {
-	x.streamTimeoutSet = true
-	x.streamTimeout = timeout
+	x.StreamTimeout = timeout
 }

-// SetContext allows to specify optional base context within which connection
-// should be established.
+// SetGRPCDialOptions sets the gRPC dial options for new gRPC client connection.
 //
-// Context SHOULD NOT be nil.
-func (x *PrmDial) SetContext(ctx context.Context) {
-	x.parentCtx = ctx
+// Deprecated: Use PrmDial.GRPCDialOptions instead.
+func (x *PrmDial) SetGRPCDialOptions(opts ...grpc.DialOption) {
+	x.GRPCDialOptions = opts
 }
--- a/client/client_test.go
+++ b/client/client_test.go
@ -29,8 +29,9 @@ func assertStatusErr(tb testing.TB, res interface{ Status() apistatus.Status })
 }

 func newClient(server frostFSAPIServer) *Client {
-	var prm PrmInit
-	prm.SetDefaultPrivateKey(*key)
+	prm := PrmInit{
+		Key: *key,
+	}

 	var c Client
 	c.Init(prm)
@ -43,15 +44,13 @@ func TestClient_DialContext(t *testing.T) {
 	var c Client

 	// try to connect to any host
-	var prm PrmDial
-	prm.SetServerURI("localhost:8080")
+	prm := PrmDial{
+		Endpoint: "localhost:8080",
+	}

 	assert := func(ctx context.Context, errExpected error) {
-		// use the particular context
-		prm.SetContext(ctx)
-
 		// expect particular context error according to Dial docs
-		require.ErrorIs(t, c.Dial(prm), errExpected)
+		require.ErrorIs(t, c.Dial(ctx, prm), errExpected)
 	}

 	// create pre-abandoned context
--- a/client/common.go
+++ b/client/common.go
@ -1,7 +1,6 @@
 package client

 import (
-	"crypto/ecdsa"
 	"errors"
 	"fmt"

@ -13,21 +12,11 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/version"
 )

-// common interface of resulting structures with API status.
-type resCommon interface {
-	setStatus(apistatus.Status)
-}
-
 // structure is embedded to all resulting types in order to inherit status-related methods.
 type statusRes struct {
 	st apistatus.Status
 }

-// setStatus implements resCommon interface method.
-func (x *statusRes) setStatus(st apistatus.Status) {
-	x.st = st
-}
-
 // Status returns server's status return.
 //
 // Use apistatus package functionality to handle the status.
@ -35,29 +24,13 @@ func (x statusRes) Status() apistatus.Status {
 	return x.st
 }

-// groups meta parameters shared between all Client operations.
-type prmCommonMeta struct {
-	// FrostFS request X-Headers
-	xHeaders []string
-}
-
-// WithXHeaders specifies list of extended headers (string key-value pairs)
-// to be attached to the request. Must have an even length.
-//
-// Slice must not be mutated until the operation completes.
-func (x *prmCommonMeta) WithXHeaders(hs ...string) {
-	if len(hs)%2 != 0 {
-		panic("slice of X-Headers with odd length")
-	}
-
-	x.xHeaders = hs
-}
-
 func writeXHeadersToMeta(xHeaders []string, h *v2session.RequestMetaHeader) {
 	if len(xHeaders) == 0 {
 		return
 	}

+	// TODO (aarifullin): remove the panic when all client parameters will check XHeaders
+	// within buildRequest invocation.
 	if len(xHeaders)%2 != 0 {
 		panic("slice of X-Headers with odd length")
 	}
@ -73,104 +46,21 @@ func writeXHeadersToMeta(xHeaders []string, h *v2session.RequestMetaHeader) {

 // error messages.
 var (
-	errorMissingContext       = errors.New("missing context")
 	errorMissingContainer = errors.New("missing container")
 	errorMissingObject    = errors.New("missing object")
 	errorAccountNotSet    = errors.New("account not set")
 	errorServerAddrUnset  = errors.New("server address is unset or empty")
-	errorNonPositiveTimeout   = errors.New("non-positive timeout")
-	errorEACLTableNotSet      = errors.New("eACL table not set")
-	errorMissingAnnouncements = errors.New("missing announcements")
 	errorZeroRangeLength  = errors.New("zero range length")
 	errorMissingRanges    = errors.New("missing ranges")
-	errorZeroEpoch            = errors.New("zero epoch")
-	errorMissingTrusts        = errors.New("missing trusts")
-	errorTrustNotSet          = errors.New("current trust value not set")
+	errorInvalidXHeaders  = errors.New("xheaders must be presented only as key-value pairs")
 )

-// groups all the details required to send a single request and process a response to it.
-type contextCall struct {
-	// ==================================================
-	// state vars that do not require explicit initialization
-
-	// final error to be returned from client method
-	err error
-
-	// received response
-	resp responseV2
-
-	// ==================================================
-	// shared parameters which are set uniformly on all calls
-
-	// request signing key
-	key ecdsa.PrivateKey
-
-	// callback prior to processing the response by the client
-	callbackResp func(ResponseMetaInfo) error
-
-	// if set, protocol errors will be expanded into a final error
-	resolveAPIFailures bool
-
-	// FrostFS network magic
-	netMagic uint64
-
-	// Meta parameters
-	meta prmCommonMeta
-
-	// ==================================================
-	// custom call parameters
-
-	// structure of the call result
-	statusRes resCommon
-
-	// request to be signed with a key and sent
-	req request
-
-	// function to send a request (unary) and receive a response
-	call func() (responseV2, error)
-
-	// function to send the request (req field)
-	wReq func() error
-
-	// function to recv the response (resp field)
-	rResp func() error
-
-	// function to close the message stream
-	closer func() error
-
-	// function of writing response fields to the resulting structure (optional)
-	result func(v2 responseV2)
-}
-
 type request interface {
 	GetMetaHeader() *v2session.RequestMetaHeader
 	SetMetaHeader(*v2session.RequestMetaHeader)
 	SetVerificationHeader(*v2session.RequestVerificationHeader)
 }

-// sets needed fields of the request meta header.
-func (x contextCall) prepareRequest() {
-	meta := x.req.GetMetaHeader()
-	if meta == nil {
-		meta = new(v2session.RequestMetaHeader)
-		x.req.SetMetaHeader(meta)
-	}
-
-	if meta.GetTTL() == 0 {
-		meta.SetTTL(2)
-	}
-
-	if meta.GetVersion() == nil {
-		var verV2 refs.Version
-		version.Current().WriteToV2(&verV2)
-		meta.SetVersion(&verV2)
-	}
-
-	meta.SetNetworkMagic(x.netMagic)
-
-	writeXHeadersToMeta(x.meta.xHeaders, meta)
-}
-
 func (c *Client) prepareRequest(req request, meta *v2session.RequestMetaHeader) {
 	ttl := meta.GetTTL()
 	if ttl == 0 {
@ -185,166 +75,35 @@ func (c *Client) prepareRequest(req request, meta *v2session.RequestMetaHeader)

 	meta.SetTTL(ttl)
 	meta.SetVersion(verV2)
-	meta.SetNetworkMagic(c.prm.netMagic)
+	meta.SetNetworkMagic(c.prm.NetMagic)

 	req.SetMetaHeader(meta)
 }

-// prepares, signs and writes the request. Result means success.
-// If failed, contextCall.err contains the reason.
-func (x *contextCall) writeRequest() bool {
-	x.prepareRequest()
-
-	x.req.SetVerificationHeader(nil)
-
-	// sign the request
-	x.err = signature.SignServiceMessage(&x.key, x.req)
-	if x.err != nil {
-		x.err = fmt.Errorf("sign request: %w", x.err)
-		return false
-	}
-
-	x.err = x.wReq()
-	if x.err != nil {
-		x.err = fmt.Errorf("write request: %w", x.err)
-		return false
-	}
-
-	return true
-}
-
-// performs common actions of response processing and writes any problem as a result status or client error
-// (in both cases returns false).
-//
-// Actions:
-//   - verify signature (internal);
-//   - call response callback (internal);
-//   - unwrap status error (optional).
-func (x *contextCall) processResponse() bool {
-	// call response callback if set
-	if x.callbackResp != nil {
-		x.err = x.callbackResp(ResponseMetaInfo{
-			key:   x.resp.GetVerificationHeader().GetBodySignature().GetKey(),
-			epoch: x.resp.GetMetaHeader().GetEpoch(),
-		})
-		if x.err != nil {
-			x.err = fmt.Errorf("response callback error: %w", x.err)
-			return false
-		}
-	}
-
-	// note that we call response callback before signature check since it is expected more lightweight
-	// while verification needs marshaling
-
-	// verify response signature
-	x.err = signature.VerifyServiceMessage(x.resp)
-	if x.err != nil {
-		x.err = fmt.Errorf("invalid response signature: %w", x.err)
-		return false
-	}
-
-	// get result status
-	st := apistatus.FromStatusV2(x.resp.GetMetaHeader().GetStatus())
-
-	// unwrap unsuccessful status and return it
-	// as error if client has been configured so
-	successfulStatus := apistatus.IsSuccessful(st)
-
-	if x.resolveAPIFailures {
-		x.err = apistatus.ErrFromStatus(st)
-	} else {
-		x.statusRes.setStatus(st)
-	}
-
-	return successfulStatus
-}
-
 // processResponse verifies response signature and converts status to an error if needed.
 func (c *Client) processResponse(resp responseV2) (apistatus.Status, error) {
+	if c.prm.ResponseInfoCallback != nil {
+		rmi := ResponseMetaInfo{
+			key:   resp.GetVerificationHeader().GetBodySignature().GetKey(),
+			epoch: resp.GetMetaHeader().GetEpoch(),
+		}
+		if err := c.prm.ResponseInfoCallback(rmi); err != nil {
+			return nil, fmt.Errorf("response callback error: %w", err)
+		}
+	}
+
 	err := signature.VerifyServiceMessage(resp)
 	if err != nil {
 		return nil, fmt.Errorf("invalid response signature: %w", err)
 	}

 	st := apistatus.FromStatusV2(resp.GetMetaHeader().GetStatus())
-	if c.prm.resolveFrostFSErrors {
+	if !c.prm.DisableFrostFSErrorResolution {
 		return st, apistatus.ErrFromStatus(st)
 	}
 	return st, nil
 }

-// reads response (if rResp is set) and processes it. Result means success.
-// If failed, contextCall.err (or statusRes if resolveAPIFailures is set) contains the reason.
-func (x *contextCall) readResponse() bool {
-	if x.rResp != nil {
-		x.err = x.rResp()
-		if x.err != nil {
-			x.err = fmt.Errorf("read response: %w", x.err)
-			return false
-		}
-	}
-
-	return x.processResponse()
-}
-
-// closes the message stream (if closer is set) and writes the results (if result is set).
-// Return means success. If failed, contextCall.err contains the reason.
-func (x *contextCall) close() bool {
-	if x.closer != nil {
-		x.err = x.closer()
-		if x.err != nil {
-			x.err = fmt.Errorf("close RPC: %w", x.err)
-			return false
-		}
-	}
-
-	// write response to resulting structure
-	if x.result != nil {
-		x.result(x.resp)
-	}
-
-	return x.err == nil
-}
-
-// goes through all stages of sending a request and processing a response. Returns true if successful.
-// If failed, contextCall.err contains the reason.
-func (x *contextCall) processCall() bool {
-	// set request writer
-	x.wReq = func() error {
-		var err error
-		x.resp, err = x.call()
-		return err
-	}
-
-	// write request
-	ok := x.writeRequest()
-	if !ok {
-		return false
-	}
-
-	// read response
-	ok = x.readResponse()
-	if !ok {
-		return x.err == nil
-	}
-
-	// close and write response to resulting structure
-	ok = x.close()
-	if !ok {
-		return false
-	}
-
-	return x.err == nil
-}
-
-// initializes static cross-call parameters inherited from client.
-func (c *Client) initCallContext(ctx *contextCall) {
-	ctx.key = c.prm.key
-	ctx.resolveAPIFailures = c.prm.resolveFrostFSErrors
-	ctx.callbackResp = c.prm.cbRespInfo
-	ctx.netMagic = c.prm.netMagic
-}
-
 // ExecRaw executes f with underlying git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client.Client
 // instance. Communicate over the Protocol Buffers protocol in a more flexible way:
 // most often used to transmit data over a fixed version of the FrostFS protocol, as well
--- a/client/container.go
+++ b/client/container.go
@ -2,803 +2,11 @@ package client

 import (
 	"context"
-	"errors"
 	"fmt"

-	v2container "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
-	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
-	v2session "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-	frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
-	frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 )

-// PrmContainerPut groups parameters of ContainerPut operation.
-type PrmContainerPut struct {
-	prmCommonMeta
-
-	cnrSet bool
-	cnr    container.Container
-
-	sessionSet bool
-	session    session.Container
-}
-
-// SetContainer sets structured information about new FrostFS container.
-// Required parameter.
-func (x *PrmContainerPut) SetContainer(cnr container.Container) {
-	x.cnr = cnr
-	x.cnrSet = true
-}
-
-// WithinSession specifies session within which container should be saved.
-//
-// Creator of the session acquires the authorship of the request. This affects
-// the execution of an operation (e.g. access control).
-//
-// Session is optional, if set the following requirements apply:
-//   - session operation MUST be session.VerbContainerPut (ForVerb)
-//   - token MUST be signed using private key of the owner of the container to be saved
-func (x *PrmContainerPut) WithinSession(s session.Container) {
-	x.session = s
-	x.sessionSet = true
-}
-
-// ResContainerPut groups resulting values of ContainerPut operation.
-type ResContainerPut struct {
-	statusRes
-
-	id cid.ID
-}
-
-// ID returns identifier of the container declared to be stored in the system.
-// Used as a link to information about the container (in particular, you can
-// asynchronously check if the save was successful).
-func (x ResContainerPut) ID() cid.ID {
-	return x.id
-}
-
-// ContainerPut sends request to save container in FrostFS.
-//
-// Exactly one return value is non-nil. By default, server status is returned in res structure.
-// Any client's internal or transport errors are returned as `error`.
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
-//
-// Operation is asynchronous and no guaranteed even in the absence of errors.
-// The required time is also not predictable.
-//
-// Success can be verified by reading by identifier (see ResContainerPut.ID).
-//
-// Returns an error if parameters are set incorrectly (see PrmContainerPut docs).
-// Context is required and must not be nil. It is used for network communication.
-//
-// Return statuses:
-//   - global (see Client docs).
-func (c *Client) ContainerPut(ctx context.Context, prm PrmContainerPut) (*ResContainerPut, error) {
-	// check parameters
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case !prm.cnrSet:
-		return nil, errorMissingContainer
-	}
-
-	// TODO: check private key is set before forming the request
-	// sign container
-	var cnr v2container.Container
-	prm.cnr.WriteToV2(&cnr)
-
-	var sig frostfscrypto.Signature
-
-	err := container.CalculateSignature(&sig, prm.cnr, c.prm.key)
-	if err != nil {
-		return nil, fmt.Errorf("calculate container signature: %w", err)
-	}
-
-	var sigv2 refs.Signature
-
-	sig.WriteToV2(&sigv2)
-
-	// form request body
-	reqBody := new(v2container.PutRequestBody)
-	reqBody.SetContainer(&cnr)
-	reqBody.SetSignature(&sigv2)
-
-	// form meta header
-	var meta v2session.RequestMetaHeader
-	writeXHeadersToMeta(prm.prmCommonMeta.xHeaders, &meta)
-
-	if prm.sessionSet {
-		var tokv2 v2session.Token
-		prm.session.WriteToV2(&tokv2)
-
-		meta.SetSessionToken(&tokv2)
-	}
-
-	// form request
-	var req v2container.PutRequest
-
-	req.SetBody(reqBody)
-	req.SetMetaHeader(&meta)
-
-	// init call context
-
-	var (
-		cc  contextCall
-		res ResContainerPut
-	)
-
-	c.initCallContext(&cc)
-	cc.req = &req
-	cc.statusRes = &res
-	cc.call = func() (responseV2, error) {
-		return rpcapi.PutContainer(&c.c, &req, client.WithContext(ctx))
-	}
-	cc.result = func(r responseV2) {
-		resp := r.(*v2container.PutResponse)
-
-		const fieldCnrID = "container ID"
-
-		cidV2 := resp.GetBody().GetContainerID()
-		if cidV2 == nil {
-			cc.err = newErrMissingResponseField(fieldCnrID)
-			return
-		}
-
-		cc.err = res.id.ReadFromV2(*cidV2)
-		if cc.err != nil {
-			cc.err = newErrInvalidResponseField(fieldCnrID, cc.err)
-		}
-	}
-
-	// process call
-	if !cc.processCall() {
-		return nil, cc.err
-	}
-
-	return &res, nil
-}
-
-// PrmContainerGet groups parameters of ContainerGet operation.
-type PrmContainerGet struct {
-	prmCommonMeta
-
-	idSet bool
-	id    cid.ID
-}
-
-// SetContainer sets identifier of the container to be read.
-// Required parameter.
-func (x *PrmContainerGet) SetContainer(id cid.ID) {
-	x.id = id
-	x.idSet = true
-}
-
-// ResContainerGet groups resulting values of ContainerGet operation.
-type ResContainerGet struct {
-	statusRes
-
-	cnr container.Container
-}
-
-// Container returns structured information about the requested container.
-//
-// Client doesn't retain value so modification is safe.
-func (x ResContainerGet) Container() container.Container {
-	return x.cnr
-}
-
-// ContainerGet reads FrostFS container by ID.
-//
-// Exactly one return value is non-nil. By default, server status is returned in res structure.
-// Any client's internal or transport errors are returned as `error`.
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
-//
-// Returns an error if parameters are set incorrectly (see PrmContainerGet docs).
-// Context is required and must not be nil. It is used for network communication.
-//
-// Return statuses:
-//   - global (see Client docs);
-//   - *apistatus.ContainerNotFound.
-func (c *Client) ContainerGet(ctx context.Context, prm PrmContainerGet) (*ResContainerGet, error) {
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case !prm.idSet:
-		return nil, errorMissingContainer
-	}
-
-	var cidV2 refs.ContainerID
-	prm.id.WriteToV2(&cidV2)
-
-	// form request body
-	reqBody := new(v2container.GetRequestBody)
-	reqBody.SetContainerID(&cidV2)
-
-	// form request
-	var req v2container.GetRequest
-
-	req.SetBody(reqBody)
-
-	// init call context
-
-	var (
-		cc  contextCall
-		res ResContainerGet
-	)
-
-	c.initCallContext(&cc)
-	cc.meta = prm.prmCommonMeta
-	cc.req = &req
-	cc.statusRes = &res
-	cc.call = func() (responseV2, error) {
-		return rpcapi.GetContainer(&c.c, &req, client.WithContext(ctx))
-	}
-	cc.result = func(r responseV2) {
-		resp := r.(*v2container.GetResponse)
-
-		cnrV2 := resp.GetBody().GetContainer()
-		if cnrV2 == nil {
-			cc.err = errors.New("missing container in response")
-			return
-		}
-
-		cc.err = res.cnr.ReadFromV2(*cnrV2)
-		if cc.err != nil {
-			cc.err = fmt.Errorf("invalid container in response: %w", cc.err)
-		}
-	}
-
-	// process call
-	if !cc.processCall() {
-		return nil, cc.err
-	}
-
-	return &res, nil
-}
-
-// PrmContainerList groups parameters of ContainerList operation.
-type PrmContainerList struct {
-	prmCommonMeta
-
-	ownerSet bool
-	ownerID  user.ID
-}
-
-// SetAccount sets identifier of the FrostFS account to list the containers.
-// Required parameter.
-func (x *PrmContainerList) SetAccount(id user.ID) {
-	x.ownerID = id
-	x.ownerSet = true
-}
-
-// ResContainerList groups resulting values of ContainerList operation.
-type ResContainerList struct {
-	statusRes
-
-	ids []cid.ID
-}
-
-// Containers returns list of identifiers of the account-owned containers.
-//
-// Client doesn't retain value so modification is safe.
-func (x ResContainerList) Containers() []cid.ID {
-	return x.ids
-}
-
-// ContainerList requests identifiers of the account-owned containers.
-//
-// Exactly one return value is non-nil. By default, server status is returned in res structure.
-// Any client's internal or transport errors are returned as `error`.
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
-//
-// Returns an error if parameters are set incorrectly (see PrmContainerList docs).
-// Context is required and must not be nil. It is used for network communication.
-//
-// Return statuses:
-//   - global (see Client docs).
-func (c *Client) ContainerList(ctx context.Context, prm PrmContainerList) (*ResContainerList, error) {
-	// check parameters
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case !prm.ownerSet:
-		return nil, errorAccountNotSet
-	}
-
-	// form request body
-	var ownerV2 refs.OwnerID
-	prm.ownerID.WriteToV2(&ownerV2)
-
-	reqBody := new(v2container.ListRequestBody)
-	reqBody.SetOwnerID(&ownerV2)
-
-	// form request
-	var req v2container.ListRequest
-
-	req.SetBody(reqBody)
-
-	// init call context
-
-	var (
-		cc  contextCall
-		res ResContainerList
-	)
-
-	c.initCallContext(&cc)
-	cc.meta = prm.prmCommonMeta
-	cc.req = &req
-	cc.statusRes = &res
-	cc.call = func() (responseV2, error) {
-		return rpcapi.ListContainers(&c.c, &req, client.WithContext(ctx))
-	}
-	cc.result = func(r responseV2) {
-		resp := r.(*v2container.ListResponse)
-
-		res.ids = make([]cid.ID, len(resp.GetBody().GetContainerIDs()))
-
-		for i, cidV2 := range resp.GetBody().GetContainerIDs() {
-			cc.err = res.ids[i].ReadFromV2(cidV2)
-			if cc.err != nil {
-				cc.err = fmt.Errorf("invalid ID in the response: %w", cc.err)
-				return
-			}
-		}
-	}
-
-	// process call
-	if !cc.processCall() {
-		return nil, cc.err
-	}
-
-	return &res, nil
-}
-
-// PrmContainerDelete groups parameters of ContainerDelete operation.
-type PrmContainerDelete struct {
-	prmCommonMeta
-
-	idSet bool
-	id    cid.ID
-
-	tokSet bool
-	tok    session.Container
-}
-
-// SetContainer sets identifier of the FrostFS container to be removed.
-// Required parameter.
-func (x *PrmContainerDelete) SetContainer(id cid.ID) {
-	x.id = id
-	x.idSet = true
-}
-
-// WithinSession specifies session within which container should be removed.
-//
-// Creator of the session acquires the authorship of the request.
-// This may affect the execution of an operation (e.g. access control).
-//
-// Must be signed.
-func (x *PrmContainerDelete) WithinSession(tok session.Container) {
-	x.tok = tok
-	x.tokSet = true
-}
-
-// ResContainerDelete groups resulting values of ContainerDelete operation.
-type ResContainerDelete struct {
-	statusRes
-}
-
-// ContainerDelete sends request to remove the FrostFS container.
-//
-// Exactly one return value is non-nil. By default, server status is returned in res structure.
-// Any client's internal or transport errors are returned as `error`.
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
-//
-// Operation is asynchronous and no guaranteed even in the absence of errors.
-// The required time is also not predictable.
-//
-// Success can be verified by reading by identifier (see GetContainer).
-//
-// Returns an error if parameters are set incorrectly (see PrmContainerDelete docs).
-// Context is required and must not be nil. It is used for network communication.
-//
-// Exactly one return value is non-nil. Server status return is returned in ResContainerDelete.
-// Reflects all internal errors in second return value (transport problems, response processing, etc.).
-//
-// Return statuses:
-//   - global (see Client docs).
-func (c *Client) ContainerDelete(ctx context.Context, prm PrmContainerDelete) (*ResContainerDelete, error) {
-	// check parameters
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case !prm.idSet:
-		return nil, errorMissingContainer
-	}
-
-	// sign container ID
-	var cidV2 refs.ContainerID
-	prm.id.WriteToV2(&cidV2)
-
-	// container contract expects signature of container ID value
-	// don't get confused with stable marshaled protobuf container.ID structure
-	data := cidV2.GetValue()
-
-	var sig frostfscrypto.Signature
-
-	err := sig.Calculate(frostfsecdsa.SignerRFC6979(c.prm.key), data)
-	if err != nil {
-		return nil, fmt.Errorf("calculate signature: %w", err)
-	}
-
-	var sigv2 refs.Signature
-
-	sig.WriteToV2(&sigv2)
-
-	// form request body
-	reqBody := new(v2container.DeleteRequestBody)
-	reqBody.SetContainerID(&cidV2)
-	reqBody.SetSignature(&sigv2)
-
-	// form meta header
-	var meta v2session.RequestMetaHeader
-	writeXHeadersToMeta(prm.prmCommonMeta.xHeaders, &meta)
-
-	if prm.tokSet {
-		var tokv2 v2session.Token
-		prm.tok.WriteToV2(&tokv2)
-
-		meta.SetSessionToken(&tokv2)
-	}
-
-	// form request
-	var req v2container.DeleteRequest
-
-	req.SetBody(reqBody)
-	req.SetMetaHeader(&meta)
-
-	// init call context
-
-	var (
-		cc  contextCall
-		res ResContainerDelete
-	)
-
-	c.initCallContext(&cc)
-	cc.req = &req
-	cc.statusRes = &res
-	cc.call = func() (responseV2, error) {
-		return rpcapi.DeleteContainer(&c.c, &req, client.WithContext(ctx))
-	}
-
-	// process call
-	if !cc.processCall() {
-		return nil, cc.err
-	}
-
-	return &res, nil
-}
-
-// PrmContainerEACL groups parameters of ContainerEACL operation.
-type PrmContainerEACL struct {
-	prmCommonMeta
-
-	idSet bool
-	id    cid.ID
-}
-
-// SetContainer sets identifier of the FrostFS container to read the eACL table.
-// Required parameter.
-func (x *PrmContainerEACL) SetContainer(id cid.ID) {
-	x.id = id
-	x.idSet = true
-}
-
-// ResContainerEACL groups resulting values of ContainerEACL operation.
-type ResContainerEACL struct {
-	statusRes
-
-	table eacl.Table
-}
-
-// Table returns eACL table of the requested container.
-func (x ResContainerEACL) Table() eacl.Table {
-	return x.table
-}
-
-// ContainerEACL reads eACL table of the FrostFS container.
-//
-// Exactly one return value is non-nil. By default, server status is returned in res structure.
-// Any client's internal or transport errors are returned as `error`.
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
-//
-// Returns an error if parameters are set incorrectly (see PrmContainerEACL docs).
-// Context is required and must not be nil. It is used for network communication.
-//
-// Return statuses:
-//   - global (see Client docs);
-//   - *apistatus.ContainerNotFound;
-//   - *apistatus.EACLNotFound.
-func (c *Client) ContainerEACL(ctx context.Context, prm PrmContainerEACL) (*ResContainerEACL, error) {
-	// check parameters
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case !prm.idSet:
-		return nil, errorMissingContainer
-	}
-
-	var cidV2 refs.ContainerID
-	prm.id.WriteToV2(&cidV2)
-
-	// form request body
-	reqBody := new(v2container.GetExtendedACLRequestBody)
-	reqBody.SetContainerID(&cidV2)
-
-	// form request
-	var req v2container.GetExtendedACLRequest
-
-	req.SetBody(reqBody)
-
-	// init call context
-
-	var (
-		cc  contextCall
-		res ResContainerEACL
-	)
-
-	c.initCallContext(&cc)
-	cc.meta = prm.prmCommonMeta
-	cc.req = &req
-	cc.statusRes = &res
-	cc.call = func() (responseV2, error) {
-		return rpcapi.GetEACL(&c.c, &req, client.WithContext(ctx))
-	}
-	cc.result = func(r responseV2) {
-		resp := r.(*v2container.GetExtendedACLResponse)
-
-		eACL := resp.GetBody().GetEACL()
-		if eACL == nil {
-			cc.err = newErrMissingResponseField("eACL")
-			return
-		}
-
-		res.table = *eacl.NewTableFromV2(eACL)
-	}
-
-	// process call
-	if !cc.processCall() {
-		return nil, cc.err
-	}
-
-	return &res, nil
-}
-
-// PrmContainerSetEACL groups parameters of ContainerSetEACL operation.
-type PrmContainerSetEACL struct {
-	prmCommonMeta
-
-	tableSet bool
-	table    eacl.Table
-
-	sessionSet bool
-	session    session.Container
-}
-
-// SetTable sets eACL table structure to be set for the container.
-// Required parameter.
-func (x *PrmContainerSetEACL) SetTable(table eacl.Table) {
-	x.table = table
-	x.tableSet = true
-}
-
-// WithinSession specifies session within which extended ACL of the container
-// should be saved.
-//
-// Creator of the session acquires the authorship of the request. This affects
-// the execution of an operation (e.g. access control).
-//
-// Session is optional, if set the following requirements apply:
-//   - if particular container is specified (ApplyOnlyTo), it MUST equal the container
-//     for which extended ACL is going to be set
-//   - session operation MUST be session.VerbContainerSetEACL (ForVerb)
-//   - token MUST be signed using private key of the owner of the container to be saved
-func (x *PrmContainerSetEACL) WithinSession(s session.Container) {
-	x.session = s
-	x.sessionSet = true
-}
-
-// ResContainerSetEACL groups resulting values of ContainerSetEACL operation.
-type ResContainerSetEACL struct {
-	statusRes
-}
-
-// ContainerSetEACL sends request to update eACL table of the FrostFS container.
-//
-// Exactly one return value is non-nil. By default, server status is returned in res structure.
-// Any client's internal or transport errors are returned as `error`.
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
-//
-// Operation is asynchronous and no guaranteed even in the absence of errors.
-// The required time is also not predictable.
-//
-// Success can be verified by reading by identifier (see EACL).
-//
-// Returns an error if parameters are set incorrectly (see PrmContainerSetEACL docs).
-// Context is required and must not be nil. It is used for network communication.
-//
-// Return statuses:
-//   - global (see Client docs).
-func (c *Client) ContainerSetEACL(ctx context.Context, prm PrmContainerSetEACL) (*ResContainerSetEACL, error) {
-	// check parameters
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case !prm.tableSet:
-		return nil, errorEACLTableNotSet
-	}
-
-	// sign the eACL table
-	eaclV2 := prm.table.ToV2()
-
-	var sig frostfscrypto.Signature
-
-	err := sig.Calculate(frostfsecdsa.SignerRFC6979(c.prm.key), eaclV2.StableMarshal(nil))
-	if err != nil {
-		return nil, fmt.Errorf("calculate signature: %w", err)
-	}
-
-	var sigv2 refs.Signature
-
-	sig.WriteToV2(&sigv2)
-
-	// form request body
-	reqBody := new(v2container.SetExtendedACLRequestBody)
-	reqBody.SetEACL(eaclV2)
-	reqBody.SetSignature(&sigv2)
-
-	// form meta header
-	var meta v2session.RequestMetaHeader
-	writeXHeadersToMeta(prm.prmCommonMeta.xHeaders, &meta)
-
-	if prm.sessionSet {
-		var tokv2 v2session.Token
-		prm.session.WriteToV2(&tokv2)
-
-		meta.SetSessionToken(&tokv2)
-	}
-
-	// form request
-	var req v2container.SetExtendedACLRequest
-
-	req.SetBody(reqBody)
-	req.SetMetaHeader(&meta)
-
-	// init call context
-
-	var (
-		cc  contextCall
-		res ResContainerSetEACL
-	)
-
-	c.initCallContext(&cc)
-	cc.req = &req
-	cc.statusRes = &res
-	cc.call = func() (responseV2, error) {
-		return rpcapi.SetEACL(&c.c, &req, client.WithContext(ctx))
-	}
-
-	// process call
-	if !cc.processCall() {
-		return nil, cc.err
-	}
-
-	return &res, nil
-}
-
-// PrmAnnounceSpace groups parameters of ContainerAnnounceUsedSpace operation.
-type PrmAnnounceSpace struct {
-	prmCommonMeta
-
-	announcements []container.SizeEstimation
-}
-
-// SetValues sets values describing volume of space that is used for the container objects.
-// Required parameter. Must not be empty.
-//
-// Must not be mutated before the end of the operation.
-func (x *PrmAnnounceSpace) SetValues(vs []container.SizeEstimation) {
-	x.announcements = vs
-}
-
-// ResAnnounceSpace groups resulting values of ContainerAnnounceUsedSpace operation.
-type ResAnnounceSpace struct {
-	statusRes
-}
-
-// ContainerAnnounceUsedSpace sends request to announce volume of the space used for the container objects.
-//
-// Exactly one return value is non-nil. By default, server status is returned in res structure.
-// Any client's internal or transport errors are returned as `error`.
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
-//
-// Operation is asynchronous and no guaranteed even in the absence of errors.
-// The required time is also not predictable.
-//
-// At this moment success can not be checked.
-//
-// Returns an error if parameters are set incorrectly (see PrmAnnounceSpace docs).
-// Context is required and must not be nil. It is used for network communication.
-//
-// Return statuses:
-//   - global (see Client docs).
-func (c *Client) ContainerAnnounceUsedSpace(ctx context.Context, prm PrmAnnounceSpace) (*ResAnnounceSpace, error) {
-	// check parameters
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case len(prm.announcements) == 0:
-		return nil, errorMissingAnnouncements
-	}
-
-	// convert list of SDK announcement structures into FrostFS-API v2 list
-	v2announce := make([]v2container.UsedSpaceAnnouncement, len(prm.announcements))
-	for i := range prm.announcements {
-		prm.announcements[i].WriteToV2(&v2announce[i])
-	}
-
-	// prepare body of the FrostFS-API v2 request and request itself
-	reqBody := new(v2container.AnnounceUsedSpaceRequestBody)
-	reqBody.SetAnnouncements(v2announce)
-
-	// form request
-	var req v2container.AnnounceUsedSpaceRequest
-
-	req.SetBody(reqBody)
-
-	// init call context
-
-	var (
-		cc  contextCall
-		res ResAnnounceSpace
-	)
-
-	c.initCallContext(&cc)
-	cc.meta = prm.prmCommonMeta
-	cc.req = &req
-	cc.statusRes = &res
-	cc.call = func() (responseV2, error) {
-		return rpcapi.AnnounceUsedSpace(&c.c, &req, client.WithContext(ctx))
-	}
-
-	// process call
-	if !cc.processCall() {
-		return nil, cc.err
-	}
-
-	return &res, nil
-}
-
 // SyncContainerWithNetwork requests network configuration using passed client
 // and applies it to the container. Container MUST not be nil.
 //
--- a/client/container_delete.go
+++ b/client/container_delete.go
@ -0,0 +1,139 @@
+package client
+
+import (
+	"context"
+	"fmt"
+
+	v2container "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
+	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
+	v2session "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
+	frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
+)
+
+// PrmContainerDelete groups parameters of ContainerDelete operation.
+type PrmContainerDelete struct {
+	// FrostFS request X-Headers
+	XHeaders []string
+
+	ContainerID *cid.ID
+
+	Session *session.Container
+}
+
+// SetContainer sets identifier of the FrostFS container to be removed.
+// Required parameter.
+//
+// Deprecated: Use PrmContainerDelete.Container instead.
+func (prm *PrmContainerDelete) SetContainer(id cid.ID) {
+	prm.ContainerID = &id
+}
+
+func (prm *PrmContainerDelete) buildRequest(c *Client) (*v2container.DeleteRequest, error) {
+	if prm.ContainerID == nil {
+		return nil, errorMissingContainer
+	}
+
+	if len(prm.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	var cidV2 refs.ContainerID
+	prm.ContainerID.WriteToV2(&cidV2)
+
+	// Container contract expects signature of container ID value,
+	// don't get confused with stable marshaled protobuf container.ID structure.
+	data := cidV2.GetValue()
+
+	var sig frostfscrypto.Signature
+
+	err := sig.Calculate(frostfsecdsa.SignerRFC6979(c.prm.Key), data)
+	if err != nil {
+		return nil, fmt.Errorf("calculate signature: %w", err)
+	}
+
+	var sigv2 refs.Signature
+	sig.WriteToV2(&sigv2)
+
+	reqBody := new(v2container.DeleteRequestBody)
+	reqBody.SetContainerID(&cidV2)
+	reqBody.SetSignature(&sigv2)
+
+	var meta v2session.RequestMetaHeader
+	writeXHeadersToMeta(prm.XHeaders, &meta)
+
+	if prm.Session != nil {
+		var tokv2 v2session.Token
+		prm.Session.WriteToV2(&tokv2)
+
+		meta.SetSessionToken(&tokv2)
+	}
+
+	var req v2container.DeleteRequest
+	req.SetBody(reqBody)
+	c.prepareRequest(&req, &meta)
+	return &req, nil
+}
+
+// WithinSession specifies session within which container should be removed.
+//
+// Creator of the session acquires the authorship of the request.
+// This may affect the execution of an operation (e.g. access control).
+//
+// Must be signed.
+//
+// Deprecated: Use PrmContainerDelete.Session instead.
+func (prm *PrmContainerDelete) WithinSession(tok session.Container) {
+	prm.Session = &tok
+}
+
+// ResContainerDelete groups resulting values of ContainerDelete operation.
+type ResContainerDelete struct {
+	statusRes
+}
+
+// ContainerDelete sends request to remove the FrostFS container.
+//
+// Exactly one return value is non-nil. By default, server status is returned in res structure.
+// Any client's internal or transport errors are returned as `error`.
+// If PrmInit.DisableFrostFSFailuresResolution has been called, unsuccessful
+// FrostFS status codes are included in the returned result structure,
+// otherwise, are also returned as `error`.
+//
+// Operation is asynchronous and no guaranteed even in the absence of errors.
+// The required time is also not predictable.
+//
+// Success can be verified by reading by identifier (see GetContainer).
+//
+// Returns an error if parameters are set incorrectly (see PrmContainerDelete docs).
+// Context is required and must not be nil. It is used for network communication.
+//
+// Exactly one return value is non-nil. Server status return is returned in ResContainerDelete.
+// Reflects all internal errors in second return value (transport problems, response processing, etc.).
+//
+// Return statuses:
+//   - global (see Client docs).
+func (c *Client) ContainerDelete(ctx context.Context, prm PrmContainerDelete) (*ResContainerDelete, error) {
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := signature.SignServiceMessage(&c.prm.Key, req); err != nil {
+		return nil, fmt.Errorf("sign request: %w", err)
+	}
+
+	resp, err := rpcapi.DeleteContainer(&c.c, req, client.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	var res ResContainerDelete
+	res.st, err = c.processResponse(resp)
+	return &res, err
+}
--- a/client/container_eacl.go
+++ b/client/container_eacl.go
@ -0,0 +1,123 @@
+package client
+
+import (
+	"context"
+	"fmt"
+
+	v2container "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
+	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
+	v2session "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
+)
+
+// PrmContainerEACL groups parameters of ContainerEACL operation.
+type PrmContainerEACL struct {
+	// FrostFS request X-Headers.
+	XHeaders []string
+
+	ContainerID *cid.ID
+
+	Session *session.Container
+}
+
+// SetContainer sets identifier of the FrostFS container to read the eACL table.
+// Required parameter.
+//
+// Deprecated: Use PrmContainerEACL.ContainerID instead.
+func (x *PrmContainerEACL) SetContainer(id cid.ID) {
+	x.ContainerID = &id
+}
+
+func (x *PrmContainerEACL) buildRequest(c *Client) (*v2container.GetExtendedACLRequest, error) {
+	if x.ContainerID == nil {
+		return nil, errorMissingContainer
+	}
+
+	if len(x.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	var cidV2 refs.ContainerID
+	x.ContainerID.WriteToV2(&cidV2)
+
+	reqBody := new(v2container.GetExtendedACLRequestBody)
+	reqBody.SetContainerID(&cidV2)
+
+	var meta v2session.RequestMetaHeader
+	writeXHeadersToMeta(x.XHeaders, &meta)
+
+	if x.Session != nil {
+		var tokv2 v2session.Token
+		x.Session.WriteToV2(&tokv2)
+
+		meta.SetSessionToken(&tokv2)
+	}
+
+	var req v2container.GetExtendedACLRequest
+	req.SetBody(reqBody)
+	c.prepareRequest(&req, &meta)
+	return &req, nil
+}
+
+// ResContainerEACL groups resulting values of ContainerEACL operation.
+type ResContainerEACL struct {
+	statusRes
+
+	table eacl.Table
+}
+
+// Table returns eACL table of the requested container.
+func (x ResContainerEACL) Table() eacl.Table {
+	return x.table
+}
+
+// ContainerEACL reads eACL table of the FrostFS container.
+//
+// Exactly one return value is non-nil. By default, server status is returned in res structure.
+// Any client's internal or transport errors are returned as `error`.
+// If PrmInit.DisableFrostFSFailuresResolution has been called, unsuccessful
+// FrostFS status codes are included in the returned result structure,
+// otherwise, are also returned as `error`.
+//
+// Returns an error if parameters are set incorrectly (see PrmContainerEACL docs).
+// Context is required and must not be nil. It is used for network communication.
+//
+// Return statuses:
+//   - global (see Client docs);
+//   - *apistatus.ContainerNotFound;
+//   - *apistatus.EACLNotFound.
+func (c *Client) ContainerEACL(ctx context.Context, prm PrmContainerEACL) (*ResContainerEACL, error) {
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := signature.SignServiceMessage(&c.prm.Key, req); err != nil {
+		return nil, fmt.Errorf("sign request: %w", err)
+	}
+
+	resp, err := rpcapi.GetEACL(&c.c, req, client.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	var res ResContainerEACL
+	res.st, err = c.processResponse(resp)
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
+	}
+
+	eACL := resp.GetBody().GetEACL()
+	if eACL == nil {
+		return &res, newErrMissingResponseField("eACL")
+	}
+
+	res.table = *eacl.NewTableFromV2(eACL)
+	return &res, nil
+}
--- a/client/container_get.go
+++ b/client/container_get.go
@ -0,0 +1,126 @@
+package client
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	v2container "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
+	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
+	v2session "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
+)
+
+// PrmContainerGet groups parameters of ContainerGet operation.
+type PrmContainerGet struct {
+	// FrostFS request X-Headers.
+	XHeaders []string
+
+	ContainerID *cid.ID
+
+	Session *session.Container
+}
+
+// SetContainer sets identifier of the container to be read.
+// Required parameter.
+//
+// Deprecated: Use PrmContainerGet.ContainerID instead.
+func (prm *PrmContainerGet) SetContainer(cid cid.ID) {
+	prm.ContainerID = &cid
+}
+
+func (prm *PrmContainerGet) buildRequest(c *Client) (*v2container.GetRequest, error) {
+	if prm.ContainerID == nil {
+		return nil, errorMissingContainer
+	}
+
+	if len(prm.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	var cidV2 refs.ContainerID
+	prm.ContainerID.WriteToV2(&cidV2)
+
+	reqBody := new(v2container.GetRequestBody)
+	reqBody.SetContainerID(&cidV2)
+
+	var meta v2session.RequestMetaHeader
+	writeXHeadersToMeta(prm.XHeaders, &meta)
+
+	if prm.Session != nil {
+		var tokv2 v2session.Token
+		prm.Session.WriteToV2(&tokv2)
+
+		meta.SetSessionToken(&tokv2)
+	}
+
+	var req v2container.GetRequest
+	req.SetBody(reqBody)
+	c.prepareRequest(&req, &meta)
+	return &req, nil
+}
+
+// ResContainerGet groups resulting values of ContainerGet operation.
+type ResContainerGet struct {
+	statusRes
+
+	cnr container.Container
+}
+
+// Container returns structured information about the requested container.
+//
+// Client doesn't retain value so modification is safe.
+func (x ResContainerGet) Container() container.Container {
+	return x.cnr
+}
+
+// ContainerGet reads FrostFS container by ID.
+//
+// Exactly one return value is non-nil. By default, server status is returned in res structure.
+// Any client's internal or transport errors are returned as `error`.
+// If PrmInit.DisableFrostFSFailuresResolution has been called, unsuccessful
+// FrostFS status codes are included in the returned result structure,
+// otherwise, are also returned as `error`.
+//
+// Returns an error if parameters are set incorrectly (see PrmContainerGet docs).
+// Context is required and must not be nil. It is used for network communication.
+//
+// Return statuses:
+//   - global (see Client docs);
+//   - *apistatus.ContainerNotFound.
+func (c *Client) ContainerGet(ctx context.Context, prm PrmContainerGet) (*ResContainerGet, error) {
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := signature.SignServiceMessage(&c.prm.Key, req); err != nil {
+		return nil, fmt.Errorf("sign request: %w", err)
+	}
+
+	resp, err := rpcapi.GetContainer(&c.c, req, client.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	var res ResContainerGet
+	res.st, err = c.processResponse(resp)
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
+	}
+
+	cnrV2 := resp.GetBody().GetContainer()
+	if cnrV2 == nil {
+		return &res, errors.New("missing container in response")
+	}
+	if err := res.cnr.ReadFromV2(*cnrV2); err != nil {
+		return &res, fmt.Errorf("invalid container in response: %w", err)
+	}
+	return &res, nil
+}
--- a/client/container_list.go
+++ b/client/container_list.go
@ -0,0 +1,119 @@
+package client
+
+import (
+	"context"
+	"fmt"
+
+	v2container "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
+	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
+	v2session "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
+)
+
+// PrmContainerList groups parameters of ContainerList operation.
+type PrmContainerList struct {
+	XHeaders []string
+
+	Account user.ID
+
+	Session *session.Container
+}
+
+// SetAccount sets identifier of the FrostFS account to list the containers.
+// Required parameter.
+//
+// Deprecated: Use PrmContainerList.Account instead.
+func (x *PrmContainerList) SetAccount(id user.ID) {
+	x.Account = id
+}
+
+func (x *PrmContainerList) buildRequest(c *Client) (*v2container.ListRequest, error) {
+	if x.Account.IsEmpty() {
+		return nil, errorAccountNotSet
+	}
+
+	var ownerV2 refs.OwnerID
+	x.Account.WriteToV2(&ownerV2)
+
+	reqBody := new(v2container.ListRequestBody)
+	reqBody.SetOwnerID(&ownerV2)
+
+	var meta v2session.RequestMetaHeader
+	writeXHeadersToMeta(x.XHeaders, &meta)
+
+	if x.Session != nil {
+		var tokv2 v2session.Token
+		x.Session.WriteToV2(&tokv2)
+
+		meta.SetSessionToken(&tokv2)
+	}
+
+	var req v2container.ListRequest
+	req.SetBody(reqBody)
+	c.prepareRequest(&req, &meta)
+	return &req, nil
+}
+
+// ResContainerList groups resulting values of ContainerList operation.
+type ResContainerList struct {
+	statusRes
+
+	ids []cid.ID
+}
+
+// Containers returns list of identifiers of the account-owned containers.
+//
+// Client doesn't retain value so modification is safe.
+func (x ResContainerList) Containers() []cid.ID {
+	return x.ids
+}
+
+// ContainerList requests identifiers of the account-owned containers.
+//
+// Exactly one return value is non-nil. By default, server status is returned in res structure.
+// Any client's internal or transport errors are returned as `error`.
+// If PrmInit.DisableFrostFSFailuresResolution has been called, unsuccessful
+// FrostFS status codes are included in the returned result structure,
+// otherwise, are also returned as `error`.
+//
+// Returns an error if parameters are set incorrectly (see PrmContainerList docs).
+// Context is required and must not be nil. It is used for network communication.
+//
+// Return statuses:
+//   - global (see Client docs).
+func (c *Client) ContainerList(ctx context.Context, prm PrmContainerList) (*ResContainerList, error) {
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := signature.SignServiceMessage(&c.prm.Key, req); err != nil {
+		return nil, fmt.Errorf("sign request: %w", err)
+	}
+
+	resp, err := rpcapi.ListContainers(&c.c, req, client.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	var res ResContainerList
+	res.st, err = c.processResponse(resp)
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
+	}
+
+	res.ids = make([]cid.ID, len(resp.GetBody().GetContainerIDs()))
+	for i, cidV2 := range resp.GetBody().GetContainerIDs() {
+		if err := res.ids[i].ReadFromV2(cidV2); err != nil {
+			return &res, fmt.Errorf("invalid ID in the response: %w", err)
+		}
+	}
+
+	return &res, nil
+}
--- a/client/container_put.go
+++ b/client/container_put.go
@ -0,0 +1,160 @@
+package client
+
+import (
+	"context"
+	"fmt"
+
+	v2container "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
+	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
+	v2session "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
+)
+
+// PrmContainerPut groups parameters of ContainerPut operation.
+type PrmContainerPut struct {
+	// FrostFS request X-Headers
+	XHeaders []string
+
+	Container *container.Container
+
+	Session *session.Container
+}
+
+// SetContainer sets structured information about new FrostFS container.
+// Required parameter.
+//
+// Deprecated: Use PrmContainerPut.Container instead.
+func (x *PrmContainerPut) SetContainer(cnr container.Container) {
+	x.Container = &cnr
+}
+
+// WithinSession specifies session within which container should be saved.
+//
+// Creator of the session acquires the authorship of the request. This affects
+// the execution of an operation (e.g. access control).
+//
+// Session is optional, if set the following requirements apply:
+//   - session operation MUST be session.VerbContainerPut (ForVerb)
+//   - token MUST be signed using private key of the owner of the container to be saved
+//
+// Deprecated: Use PrmContainerPut.Session instead.
+func (x *PrmContainerPut) WithinSession(s session.Container) {
+	x.Session = &s
+}
+
+func (x *PrmContainerPut) buildRequest(c *Client) (*v2container.PutRequest, error) {
+	if x.Container == nil {
+		return nil, errorMissingContainer
+	}
+
+	if len(x.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	// TODO: check private key is set before forming the request
+	var cnr v2container.Container
+	x.Container.WriteToV2(&cnr)
+
+	var sig frostfscrypto.Signature
+
+	err := container.CalculateSignature(&sig, *x.Container, c.prm.Key)
+	if err != nil {
+		return nil, fmt.Errorf("calculate container signature: %w", err)
+	}
+
+	var sigv2 refs.Signature
+	sig.WriteToV2(&sigv2)
+
+	reqBody := new(v2container.PutRequestBody)
+	reqBody.SetContainer(&cnr)
+	reqBody.SetSignature(&sigv2)
+
+	var meta v2session.RequestMetaHeader
+	writeXHeadersToMeta(x.XHeaders, &meta)
+
+	if x.Session != nil {
+		var tokv2 v2session.Token
+		x.Session.WriteToV2(&tokv2)
+
+		meta.SetSessionToken(&tokv2)
+	}
+
+	var req v2container.PutRequest
+	req.SetBody(reqBody)
+	c.prepareRequest(&req, &meta)
+	return &req, nil
+}
+
+// ResContainerPut groups resulting values of ContainerPut operation.
+type ResContainerPut struct {
+	statusRes
+
+	id cid.ID
+}
+
+// ID returns identifier of the container declared to be stored in the system.
+// Used as a link to information about the container (in particular, you can
+// asynchronously check if the save was successful).
+func (x ResContainerPut) ID() cid.ID {
+	return x.id
+}
+
+// ContainerPut sends request to save container in FrostFS.
+//
+// Exactly one return value is non-nil. By default, server status is returned in res structure.
+// Any client's internal or transport errors are returned as `error`.
+// If PrmInit.DisableFrostFSFailuresResolution has been called, unsuccessful
+// FrostFS status codes are included in the returned result structure,
+// otherwise, are also returned as `error`.
+//
+// Operation is asynchronous and no guaranteed even in the absence of errors.
+// The required time is also not predictable.
+//
+// Success can be verified by reading by identifier (see ResContainerPut.ID).
+//
+// Returns an error if parameters are set incorrectly (see PrmContainerPut docs).
+// Context is required and must not be nil. It is used for network communication.
+//
+// Return statuses:
+//   - global (see Client docs).
+//
+// nolint: funlen
+func (c *Client) ContainerPut(ctx context.Context, prm PrmContainerPut) (*ResContainerPut, error) {
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := signature.SignServiceMessage(&c.prm.Key, req); err != nil {
+		return nil, fmt.Errorf("sign request: %w", err)
+	}
+
+	resp, err := rpcapi.PutContainer(&c.c, req, client.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	var res ResContainerPut
+	res.st, err = c.processResponse(resp)
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
+	}
+
+	const fieldCnrID = "container ID"
+
+	cidV2 := resp.GetBody().GetContainerID()
+	if cidV2 == nil {
+		return &res, newErrMissingResponseField(fieldCnrID)
+	}
+	if err := res.id.ReadFromV2(*cidV2); err != nil {
+		return &res, newErrInvalidResponseField(fieldCnrID, err)
+	}
+	return &res, nil
+}
--- a/client/errors.go
+++ b/client/errors.go
@ -1,97 +1,76 @@
 package client

 import (
-	"errors"
 	"fmt"

 	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
 )

-// unwraps err using errors.Unwrap and returns the result.
-func unwrapErr(err error) error {
-	for e := errors.Unwrap(err); e != nil; e = errors.Unwrap(err) {
-		err = e
+// wrapsErrType returns true if any error in the error tree of err is of type E.
+func wrapsErrType[E error](err error) bool {
+	switch e := err.(type) {
+	case E:
+		return true
+	case interface{ Unwrap() error }:
+		return wrapsErrType[E](e.Unwrap())
+	case interface{ Unwrap() []error }:
+		for _, ei := range e.Unwrap() {
+			if wrapsErrType[E](ei) {
+				return true
+			}
+		}
+		return false
+	default:
+		return false
 	}
-
-	return err
 }

 // IsErrContainerNotFound checks if err corresponds to FrostFS status
 // return corresponding to missing container. Supports wrapped errors.
 func IsErrContainerNotFound(err error) bool {
-	switch unwrapErr(err).(type) {
-	default:
-		return false
-	case
-		apistatus.ContainerNotFound,
-		*apistatus.ContainerNotFound:
-		return true
-	}
+	return wrapsErrType[*apistatus.ContainerNotFound](err)
 }

 // IsErrEACLNotFound checks if err corresponds to FrostFS status
 // return corresponding to missing eACL table. Supports wrapped errors.
 func IsErrEACLNotFound(err error) bool {
-	switch unwrapErr(err).(type) {
-	default:
-		return false
-	case
-		apistatus.EACLNotFound,
-		*apistatus.EACLNotFound:
-		return true
-	}
+	return wrapsErrType[*apistatus.EACLNotFound](err)
 }

 // IsErrObjectNotFound checks if err corresponds to FrostFS status
 // return corresponding to missing object. Supports wrapped errors.
 func IsErrObjectNotFound(err error) bool {
-	switch unwrapErr(err).(type) {
-	default:
-		return false
-	case
-		apistatus.ObjectNotFound,
-		*apistatus.ObjectNotFound:
-		return true
-	}
+	return wrapsErrType[*apistatus.ObjectNotFound](err)
 }

 // IsErrObjectAlreadyRemoved checks if err corresponds to FrostFS status
 // return corresponding to already removed object. Supports wrapped errors.
 func IsErrObjectAlreadyRemoved(err error) bool {
-	switch unwrapErr(err).(type) {
-	default:
-		return false
-	case
-		apistatus.ObjectAlreadyRemoved,
-		*apistatus.ObjectAlreadyRemoved:
-		return true
-	}
+	return wrapsErrType[*apistatus.ObjectAlreadyRemoved](err)
 }

 // IsErrSessionExpired checks if err corresponds to FrostFS status return
 // corresponding to expired session. Supports wrapped errors.
 func IsErrSessionExpired(err error) bool {
-	switch unwrapErr(err).(type) {
-	default:
-		return false
-	case
-		apistatus.SessionTokenExpired,
-		*apistatus.SessionTokenExpired:
-		return true
-	}
+	return wrapsErrType[*apistatus.SessionTokenExpired](err)
 }

 // IsErrSessionNotFound checks if err corresponds to FrostFS status return
 // corresponding to missing session. Supports wrapped errors.
 func IsErrSessionNotFound(err error) bool {
-	switch unwrapErr(err).(type) {
-	default:
-		return false
-	case
-		apistatus.SessionTokenNotFound,
-		*apistatus.SessionTokenNotFound:
-		return true
+	return wrapsErrType[*apistatus.SessionTokenNotFound](err)
 }
+
+// IsErrAPEManagerAccessDenied checks if err corresponds to FrostFS status return
+// corresponding to apemanager access deny. Supports wrapped errors.
+func IsErrAPEManagerAccessDenied(err error) bool {
+	return wrapsErrType[*apistatus.APEManagerAccessDenied](err)
+}
+
+// IsErrNodeUnderMaintenance checks if err corresponds to FrostFS status return
+// corresponding to nodes being under maintenance. Supports wrapped errors.
+func IsErrNodeUnderMaintenance(err error) bool {
+	return wrapsErrType[*apistatus.NodeUnderMaintenance](err)
 }

 // returns error describing missing field with the given name.
--- a/client/errors_test.go
+++ b/client/errors_test.go
@ -10,59 +10,45 @@ import (
 )

 func TestErrors(t *testing.T) {
-	for _, tc := range []struct {
+	errs := []struct {
 		check func(error) bool
-		errs  []error
+		err   error
 	}{
 		{
 			check: client.IsErrContainerNotFound,
-			errs: []error{
-				apistatus.ContainerNotFound{},
-				new(apistatus.ContainerNotFound),
-			},
+			err:   new(apistatus.ContainerNotFound),
 		},
 		{
 			check: client.IsErrEACLNotFound,
-			errs: []error{
-				apistatus.EACLNotFound{},
-				new(apistatus.EACLNotFound),
-			},
+			err:   new(apistatus.EACLNotFound),
 		},
 		{
 			check: client.IsErrObjectNotFound,
-			errs: []error{
-				apistatus.ObjectNotFound{},
-				new(apistatus.ObjectNotFound),
-			},
+			err:   new(apistatus.ObjectNotFound),
 		},
 		{
 			check: client.IsErrObjectAlreadyRemoved,
-			errs: []error{
-				apistatus.ObjectAlreadyRemoved{},
-				new(apistatus.ObjectAlreadyRemoved),
-			},
+			err:   new(apistatus.ObjectAlreadyRemoved),
 		},
 		{
 			check: client.IsErrSessionExpired,
-			errs: []error{
-				apistatus.SessionTokenExpired{},
-				new(apistatus.SessionTokenExpired),
+			err:   new(apistatus.SessionTokenExpired),
 		},
-		}, {
+		{
 			check: client.IsErrSessionNotFound,
-			errs: []error{
-				apistatus.SessionTokenNotFound{},
-				new(apistatus.SessionTokenNotFound),
+			err:   new(apistatus.SessionTokenNotFound),
 		},
+		{
+			check: client.IsErrNodeUnderMaintenance,
+			err:   new(apistatus.NodeUnderMaintenance),
 		},
-	} {
-		require.NotEmpty(t, tc.errs)
+	}

-		for i := range tc.errs {
-			require.True(t, tc.check(tc.errs[i]), tc.errs[i])
-			require.True(t, tc.check(fmt.Errorf("top-level context: :%w",
-				fmt.Errorf("inner context: %w", tc.errs[i])),
-			), tc.errs[i])
+	for i := range errs {
+		for j := range errs {
+			nestedErr := fmt.Errorf("top-level context: :%w", fmt.Errorf("inner context: %w", errs[j].err))
+			require.Equal(t, i == j, errs[i].check(errs[j].err))
+			require.Equal(t, i == j, errs[i].check(nestedErr))
 		}
 	}
 }
--- a/client/netmap.go
+++ b/client/netmap.go
@ -16,7 +16,17 @@ import (

 // PrmEndpointInfo groups parameters of EndpointInfo operation.
 type PrmEndpointInfo struct {
-	prmCommonMeta
+	XHeaders []string
+}
+
+func (x *PrmEndpointInfo) buildRequest(c *Client) (*v2netmap.LocalNodeInfoRequest, error) {
+	meta := new(v2session.RequestMetaHeader)
+	writeXHeadersToMeta(x.XHeaders, meta)
+
+	req := new(v2netmap.LocalNodeInfoRequest)
+	req.SetBody(new(v2netmap.LocalNodeInfoRequestBody))
+	c.prepareRequest(req, meta)
+	return req, nil
 }

 // ResEndpointInfo group resulting values of EndpointInfo operation.
@ -43,9 +53,9 @@ func (x ResEndpointInfo) NodeInfo() netmap.NodeInfo {
 // Method can be used as a health check to see if node is alive and responds to requests.
 //
 // Any client's internal or transport errors are returned as `error`.
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
+// If PrmInit.DisableFrostFSFailuresResolution has been called, unsuccessful
+// FrostFS status codes are included in the returned result structure,
+// otherwise, are also returned as `error`.
 //
 // Returns an error if parameters are set incorrectly (see PrmEndpointInfo docs).
 // Context is required and must not be nil. It is used for network communication.
@ -56,30 +66,25 @@ func (x ResEndpointInfo) NodeInfo() netmap.NodeInfo {
 // Return statuses:
 //   - global (see Client docs).
 func (c *Client) EndpointInfo(ctx context.Context, prm PrmEndpointInfo) (*ResEndpointInfo, error) {
-	// check context
-	if ctx == nil {
-		return nil, errorMissingContext
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
 	}

-	// form request
-	var req v2netmap.LocalNodeInfoRequest
-
-	// init call context
-
-	var (
-		cc  contextCall
-		res ResEndpointInfo
-	)
-
-	c.initCallContext(&cc)
-	cc.meta = prm.prmCommonMeta
-	cc.req = &req
-	cc.statusRes = &res
-	cc.call = func() (responseV2, error) {
-		return rpcapi.LocalNodeInfo(&c.c, &req, client.WithContext(ctx))
+	if err := signature.SignServiceMessage(&c.prm.Key, req); err != nil {
+		return nil, fmt.Errorf("sign request: %w", err)
+	}
+
+	resp, err := rpcapi.LocalNodeInfo(&c.c, req, client.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	var res ResEndpointInfo
+	res.st, err = c.processResponse(resp)
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
 	}
-	cc.result = func(r responseV2) {
-		resp := r.(*v2netmap.LocalNodeInfoResponse)

 	body := resp.GetBody()

@ -87,42 +92,37 @@ func (c *Client) EndpointInfo(ctx context.Context, prm PrmEndpointInfo) (*ResEnd

 	verV2 := body.GetVersion()
 	if verV2 == nil {
-			cc.err = newErrMissingResponseField(fieldVersion)
-			return
+		return nil, newErrMissingResponseField(fieldVersion)
 	}
-
-		cc.err = res.version.ReadFromV2(*verV2)
-		if cc.err != nil {
-			cc.err = newErrInvalidResponseField(fieldVersion, cc.err)
-			return
+	if err := res.version.ReadFromV2(*verV2); err != nil {
+		return nil, newErrInvalidResponseField(fieldVersion, err)
 	}

 	const fieldNodeInfo = "node info"

 	nodeInfoV2 := body.GetNodeInfo()
 	if nodeInfoV2 == nil {
-			cc.err = newErrMissingResponseField(fieldNodeInfo)
-			return
+		return nil, newErrMissingResponseField(fieldNodeInfo)
 	}
-
-		cc.err = res.ni.ReadFromV2(*nodeInfoV2)
-		if cc.err != nil {
-			cc.err = newErrInvalidResponseField(fieldNodeInfo, cc.err)
-			return
+	if err := res.ni.ReadFromV2(*nodeInfoV2); err != nil {
+		return nil, newErrInvalidResponseField(fieldNodeInfo, err)
 	}
-	}
-
-	// process call
-	if !cc.processCall() {
-		return nil, cc.err
-	}
-
 	return &res, nil
 }

 // PrmNetworkInfo groups parameters of NetworkInfo operation.
 type PrmNetworkInfo struct {
-	prmCommonMeta
+	XHeaders []string
+}
+
+func (x PrmNetworkInfo) buildRequest(c *Client) (*v2netmap.NetworkInfoRequest, error) {
+	meta := new(v2session.RequestMetaHeader)
+	writeXHeadersToMeta(x.XHeaders, meta)
+
+	var req v2netmap.NetworkInfoRequest
+	req.SetBody(new(v2netmap.NetworkInfoRequestBody))
+	c.prepareRequest(&req, meta)
+	return &req, nil
 }

 // ResNetworkInfo groups resulting values of NetworkInfo operation.
@ -140,9 +140,9 @@ func (x ResNetworkInfo) Info() netmap.NetworkInfo {
 // NetworkInfo requests information about the FrostFS network of which the remote server is a part.
 //
 // Any client's internal or transport errors are returned as `error`.
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
+// If PrmInit.DisableFrostFSFailuresResolution has been called, unsuccessful
+// FrostFS status codes are included in the returned result structure,
+// otherwise, are also returned as `error`.
 //
 // Returns an error if parameters are set incorrectly (see PrmNetworkInfo docs).
 // Context is required and must not be nil. It is used for network communication.
@ -153,57 +153,40 @@ func (x ResNetworkInfo) Info() netmap.NetworkInfo {
 // Return statuses:
 //   - global (see Client docs).
 func (c *Client) NetworkInfo(ctx context.Context, prm PrmNetworkInfo) (*ResNetworkInfo, error) {
-	// check context
-	if ctx == nil {
-		return nil, errorMissingContext
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
 	}

-	// form request
-	var req v2netmap.NetworkInfoRequest
-
-	// init call context
-
-	var (
-		cc  contextCall
-		res ResNetworkInfo
-	)
-
-	c.initCallContext(&cc)
-	cc.meta = prm.prmCommonMeta
-	cc.req = &req
-	cc.statusRes = &res
-	cc.call = func() (responseV2, error) {
-		return rpcapi.NetworkInfo(&c.c, &req, client.WithContext(ctx))
+	if err := signature.SignServiceMessage(&c.prm.Key, req); err != nil {
+		return nil, fmt.Errorf("sign request: %w", err)
+	}
+
+	resp, err := rpcapi.NetworkInfo(&c.c, req, client.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	var res ResNetworkInfo
+	res.st, err = c.processResponse(resp)
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
 	}
-	cc.result = func(r responseV2) {
-		resp := r.(*v2netmap.NetworkInfoResponse)

 	const fieldNetInfo = "network info"

 	netInfoV2 := resp.GetBody().GetNetworkInfo()
 	if netInfoV2 == nil {
-			cc.err = newErrMissingResponseField(fieldNetInfo)
-			return
+		return nil, newErrMissingResponseField(fieldNetInfo)
 	}
-
-		cc.err = res.info.ReadFromV2(*netInfoV2)
-		if cc.err != nil {
-			cc.err = newErrInvalidResponseField(fieldNetInfo, cc.err)
-			return
+	if err := res.info.ReadFromV2(*netInfoV2); err != nil {
+		return nil, newErrInvalidResponseField(fieldNetInfo, err)
 	}
-	}
-
-	// process call
-	if !cc.processCall() {
-		return nil, cc.err
-	}
-
 	return &res, nil
 }

 // PrmNetMapSnapshot groups parameters of NetMapSnapshot operation.
-type PrmNetMapSnapshot struct {
-}
+type PrmNetMapSnapshot struct{}

 // ResNetMapSnapshot groups resulting values of NetMapSnapshot operation.
 type ResNetMapSnapshot struct {
@ -220,9 +203,9 @@ func (x ResNetMapSnapshot) NetMap() netmap.NetMap {
 // NetMapSnapshot requests current network view of the remote server.
 //
 // Any client's internal or transport errors are returned as `error`.
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
+// If PrmInit.DisableFrostFSFailuresResolution has been called, unsuccessful
+// FrostFS status codes are included in the returned result structure,
+// otherwise, are also returned as `error`.
 //
 // Returns an error if parameters are set incorrectly.
 // Context is required and MUST NOT be nil. It is used for network communication.
@ -233,11 +216,6 @@ func (x ResNetMapSnapshot) NetMap() netmap.NetMap {
 // Return statuses:
 //   - global (see Client docs).
 func (c *Client) NetMapSnapshot(ctx context.Context, _ PrmNetMapSnapshot) (*ResNetMapSnapshot, error) {
-	// check context
-	if ctx == nil {
-		return nil, errorMissingContext
-	}
-
 	// form request body
 	var body v2netmap.SnapshotRequestBody

@ -249,7 +227,7 @@ func (c *Client) NetMapSnapshot(ctx context.Context, _ PrmNetMapSnapshot) (*ResN
 	req.SetBody(&body)
 	c.prepareRequest(&req, &meta)

-	err := signature.SignServiceMessage(&c.prm.key, &req)
+	err := signature.SignServiceMessage(&c.prm.Key, &req)
 	if err != nil {
 		return nil, fmt.Errorf("sign request: %w", err)
 	}
@ -261,12 +239,8 @@ func (c *Client) NetMapSnapshot(ctx context.Context, _ PrmNetMapSnapshot) (*ResN

 	var res ResNetMapSnapshot
 	res.st, err = c.processResponse(resp)
-	if err != nil {
-		return nil, err
-	}
-
-	if !apistatus.IsSuccessful(res.st) {
-		return &res, nil
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
 	}

 	const fieldNetMap = "network map"
--- a/client/netmap_test.go
+++ b/client/netmap_test.go
@ -67,13 +67,9 @@ func TestClient_NetMapSnapshot(t *testing.T) {
 	var res *ResNetMapSnapshot
 	var srv serverNetMap
 	c := newClient(&srv)
+	c.prm.DisableFrostFSFailuresResolution()
 	ctx := context.Background()

-	// missing context
-	//nolint:staticcheck
-	_, err = c.NetMapSnapshot(nil, prm)
-	require.ErrorIs(t, err, errorMissingContext, "")
-
 	// request signature
 	srv.errTransport = errors.New("any error")

--- a/client/object_delete.go
+++ b/client/object_delete.go
@ -21,71 +21,25 @@ import (

 // PrmObjectDelete groups parameters of ObjectDelete operation.
 type PrmObjectDelete struct {
-	meta v2session.RequestMetaHeader
+	XHeaders []string

-	body v2object.DeleteRequestBody
+	BearerToken *bearer.Token

-	addr v2refs.Address
+	Session *session.Object

-	keySet bool
-	key    ecdsa.PrivateKey
-}
+	ContainerID *cid.ID

-// WithinSession specifies session within which object should be read.
-//
-// Creator of the session acquires the authorship of the request.
-// This may affect the execution of an operation (e.g. access control).
-//
-// Must be signed.
-func (x *PrmObjectDelete) WithinSession(t session.Object) {
-	var tv2 v2session.Token
-	t.WriteToV2(&tv2)
+	ObjectID *oid.ID

-	x.meta.SetSessionToken(&tv2)
-}
-
-// WithBearerToken attaches bearer token to be used for the operation.
-//
-// If set, underlying eACL rules will be used in access control.
-//
-// Must be signed.
-func (x *PrmObjectDelete) WithBearerToken(t bearer.Token) {
-	var v2token acl.BearerToken
-	t.WriteToV2(&v2token)
-	x.meta.SetBearerToken(&v2token)
-}
-
-// FromContainer specifies FrostFS container of the object.
-// Required parameter.
-func (x *PrmObjectDelete) FromContainer(id cid.ID) {
-	var cidV2 v2refs.ContainerID
-	id.WriteToV2(&cidV2)
-
-	x.addr.SetContainerID(&cidV2)
-}
-
-// ByID specifies identifier of the requested object.
-// Required parameter.
-func (x *PrmObjectDelete) ByID(id oid.ID) {
-	var idV2 v2refs.ObjectID
-	id.WriteToV2(&idV2)
-
-	x.addr.SetObjectID(&idV2)
+	Key *ecdsa.PrivateKey
 }

 // UseKey specifies private key to sign the requests.
 // If key is not provided, then Client default key is used.
-func (x *PrmObjectDelete) UseKey(key ecdsa.PrivateKey) {
-	x.keySet = true
-	x.key = key
-}
-
-// WithXHeaders specifies list of extended headers (string key-value pairs)
-// to be attached to the request. Must have an even length.
 //
-// Slice must not be mutated until the operation completes.
-func (x *PrmObjectDelete) WithXHeaders(hs ...string) {
-	writeXHeadersToMeta(hs, &x.meta)
+// Deprecated: Use PrmObjectDelete.Key instead.
+func (prm *PrmObjectDelete) UseKey(key ecdsa.PrivateKey) {
+	prm.Key = &key
 }

 // ResObjectDelete groups resulting values of ObjectDelete operation.
@ -100,6 +54,54 @@ func (x ResObjectDelete) Tombstone() oid.ID {
 	return x.tomb
 }

+func (prm *PrmObjectDelete) buildRequest(c *Client) (*v2object.DeleteRequest, error) {
+	if prm.ContainerID == nil {
+		return nil, errorMissingContainer
+	}
+
+	if prm.ObjectID == nil {
+		return nil, errorMissingObject
+	}
+
+	if len(prm.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	meta := new(v2session.RequestMetaHeader)
+	writeXHeadersToMeta(prm.XHeaders, meta)
+
+	if prm.BearerToken != nil {
+		v2BearerToken := new(acl.BearerToken)
+		prm.BearerToken.WriteToV2(v2BearerToken)
+		meta.SetBearerToken(v2BearerToken)
+	}
+
+	if prm.Session != nil {
+		v2SessionToken := new(v2session.Token)
+		prm.Session.WriteToV2(v2SessionToken)
+		meta.SetSessionToken(v2SessionToken)
+	}
+
+	addr := new(v2refs.Address)
+
+	cnrV2 := new(v2refs.ContainerID)
+	prm.ContainerID.WriteToV2(cnrV2)
+	addr.SetContainerID(cnrV2)
+
+	objV2 := new(v2refs.ObjectID)
+	prm.ObjectID.WriteToV2(objV2)
+	addr.SetObjectID(objV2)
+
+	body := new(v2object.DeleteRequestBody)
+	body.SetAddress(addr)
+
+	req := new(v2object.DeleteRequest)
+	req.SetBody(body)
+	c.prepareRequest(req, meta)
+
+	return req, nil
+}
+
 // ObjectDelete marks an object for deletion from the container using FrostFS API protocol.
 // As a marker, a special unit called a tombstone is placed in the container.
 // It confirms the user's intent to delete the object, and is itself a container object.
@ -110,9 +112,9 @@ func (x ResObjectDelete) Tombstone() oid.ID {
 //
 // Exactly one return value is non-nil. By default, server status is returned in res structure.
 // Any client's internal or transport errors are returned as `error`,
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
+// If PrmInit.DisableFrostFSFailuresResolution has been called, unsuccessful
+// FrostFS status codes are included in the returned result structure,
+// otherwise, are also returned as `error`.
 //
 // Returns an error if parameters are set incorrectly (see PrmObjectDelete docs).
 // Context is required and must not be nil. It is used for network communication.
@ -124,46 +126,30 @@ func (x ResObjectDelete) Tombstone() oid.ID {
 //   - *apistatus.ObjectLocked;
 //   - *apistatus.SessionTokenExpired.
 func (c *Client) ObjectDelete(ctx context.Context, prm PrmObjectDelete) (*ResObjectDelete, error) {
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case prm.addr.GetContainerID() == nil:
-		return nil, errorMissingContainer
-	case prm.addr.GetObjectID() == nil:
-		return nil, errorMissingObject
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
 	}

-	// form request body
-	prm.body.SetAddress(&prm.addr)
-
-	// form request
-	var req v2object.DeleteRequest
-	req.SetBody(&prm.body)
-	c.prepareRequest(&req, &prm.meta)
-
-	key := c.prm.key
-	if prm.keySet {
-		key = prm.key
+	key := c.prm.Key
+	if prm.Key != nil {
+		key = *prm.Key
 	}

-	err := signature.SignServiceMessage(&key, &req)
+	err = signature.SignServiceMessage(&key, req)
 	if err != nil {
 		return nil, fmt.Errorf("sign request: %w", err)
 	}

-	resp, err := rpcapi.DeleteObject(&c.c, &req, client.WithContext(ctx))
+	resp, err := rpcapi.DeleteObject(&c.c, req, client.WithContext(ctx))
 	if err != nil {
 		return nil, err
 	}

 	var res ResObjectDelete
 	res.st, err = c.processResponse(resp)
-	if err != nil {
-		return nil, err
-	}
-
-	if !apistatus.IsSuccessful(res.st) {
-		return &res, nil
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
 	}

 	const fieldTombstone = "tombstone"
--- a/client/object_get.go
+++ b/client/object_get.go
@ -22,77 +22,76 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 )

-// shared parameters of GET/HEAD/RANGE.
-type prmObjectRead struct {
-	meta v2session.RequestMetaHeader
-
-	raw bool
-
-	addr v2refs.Address
-}
-
-// WithXHeaders specifies list of extended headers (string key-value pairs)
-// to be attached to the request. Must have an even length.
-//
-// Slice must not be mutated until the operation completes.
-func (x *prmObjectRead) WithXHeaders(hs ...string) {
-	writeXHeadersToMeta(hs, &x.meta)
-}
-
-// MarkRaw marks an intent to read physically stored object.
-func (x *prmObjectRead) MarkRaw() {
-	x.raw = true
-}
-
-// MarkLocal tells the server to execute the operation locally.
-func (x *prmObjectRead) MarkLocal() {
-	x.meta.SetTTL(1)
-}
-
-// WithinSession specifies session within which object should be read.
-//
-// Creator of the session acquires the authorship of the request.
-// This may affect the execution of an operation (e.g. access control).
-//
-// Must be signed.
-func (x *prmObjectRead) WithinSession(t session.Object) {
-	var tokv2 v2session.Token
-	t.WriteToV2(&tokv2)
-	x.meta.SetSessionToken(&tokv2)
-}
-
-// WithBearerToken attaches bearer token to be used for the operation.
-//
-// If set, underlying eACL rules will be used in access control.
-//
-// Must be signed.
-func (x *prmObjectRead) WithBearerToken(t bearer.Token) {
-	var v2token acl.BearerToken
-	t.WriteToV2(&v2token)
-	x.meta.SetBearerToken(&v2token)
-}
-
-// FromContainer specifies FrostFS container of the object.
-// Required parameter.
-func (x *prmObjectRead) FromContainer(id cid.ID) {
-	var cnrV2 v2refs.ContainerID
-	id.WriteToV2(&cnrV2)
-	x.addr.SetContainerID(&cnrV2)
-}
-
-// ByID specifies identifier of the requested object.
-// Required parameter.
-func (x *prmObjectRead) ByID(id oid.ID) {
-	var objV2 v2refs.ObjectID
-	id.WriteToV2(&objV2)
-	x.addr.SetObjectID(&objV2)
-}
-
 // PrmObjectGet groups parameters of ObjectGetInit operation.
 type PrmObjectGet struct {
-	prmObjectRead
+	XHeaders []string

-	key *ecdsa.PrivateKey
+	BearerToken *bearer.Token
+
+	Session *session.Object
+
+	Raw bool
+
+	Local bool
+
+	ContainerID *cid.ID
+
+	ObjectID *oid.ID
+
+	Key *ecdsa.PrivateKey
+}
+
+func (prm *PrmObjectGet) buildRequest(c *Client) (*v2object.GetRequest, error) {
+	if prm.ContainerID == nil {
+		return nil, errorMissingContainer
+	}
+
+	if prm.ObjectID == nil {
+		return nil, errorMissingObject
+	}
+
+	if len(prm.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	meta := new(v2session.RequestMetaHeader)
+	writeXHeadersToMeta(prm.XHeaders, meta)
+
+	if prm.BearerToken != nil {
+		v2BearerToken := new(acl.BearerToken)
+		prm.BearerToken.WriteToV2(v2BearerToken)
+		meta.SetBearerToken(v2BearerToken)
+	}
+
+	if prm.Session != nil {
+		v2SessionToken := new(v2session.Token)
+		prm.Session.WriteToV2(v2SessionToken)
+		meta.SetSessionToken(v2SessionToken)
+	}
+
+	if prm.Local {
+		meta.SetTTL(1)
+	}
+
+	addr := new(v2refs.Address)
+
+	cnrV2 := new(v2refs.ContainerID)
+	prm.ContainerID.WriteToV2(cnrV2)
+	addr.SetContainerID(cnrV2)
+
+	objV2 := new(v2refs.ObjectID)
+	prm.ObjectID.WriteToV2(objV2)
+	addr.SetObjectID(objV2)
+
+	body := new(v2object.GetRequestBody)
+	body.SetRaw(prm.Raw)
+	body.SetAddress(addr)
+
+	req := new(v2object.GetRequest)
+	req.SetBody(body)
+	c.prepareRequest(req, meta)
+
+	return req, nil
 }

 // ResObjectGet groups the final result values of ObjectGetInit operation.
@ -122,8 +121,10 @@ type ObjectReader struct {

 // UseKey specifies private key to sign the requests.
 // If key is not provided, then Client default key is used.
-func (x *PrmObjectGet) UseKey(key ecdsa.PrivateKey) {
-	x.key = &key
+//
+// Deprecated: Use PrmObjectGet.Key instead.
+func (prm *PrmObjectGet) UseKey(key ecdsa.PrivateKey) {
+	prm.Key = &key
 }

 // ReadHeader reads header of the object. Result means success.
@ -149,6 +150,9 @@ func (x *ObjectReader) ReadHeader(dst *object.Object) bool {
 	case *v2object.SplitInfo:
 		x.err = object.NewSplitInfoError(object.NewSplitInfoFromV2(v))
 		return false
+	case *v2object.ECInfo:
+		x.err = object.NewECInfoError(object.NewECInfoFromV2(v))
+		return false
 	case *v2object.GetObjectPartInit:
 		partInit = v
 	}
@ -257,6 +261,7 @@ func (x *ObjectReader) close(ignoreEOF bool) (*ResObjectGet, error) {
 // Return errors:
 //
 //	*object.SplitInfoError (returned on virtual objects with PrmObjectGet.MakeRaw).
+//	*object.ECInfoError (returned on erasure-coded objects with PrmObjectGet.MakeRaw).
 //
 // Return statuses:
 //   - global (see Client docs);
@ -299,41 +304,24 @@ func (x *ObjectReader) Read(p []byte) (int, error) {
 // Returns an error if parameters are set incorrectly (see PrmObjectGet docs).
 // Context is required and must not be nil. It is used for network communication.
 func (c *Client) ObjectGetInit(ctx context.Context, prm PrmObjectGet) (*ObjectReader, error) {
-	// check parameters
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case prm.addr.GetContainerID() == nil:
-		return nil, errorMissingContainer
-	case prm.addr.GetObjectID() == nil:
-		return nil, errorMissingObject
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
 	}

-	// form request body
-	var body v2object.GetRequestBody
-
-	body.SetRaw(prm.raw)
-	body.SetAddress(&prm.addr)
-
-	// form request
-	var req v2object.GetRequest
-
-	req.SetBody(&body)
-	c.prepareRequest(&req, &prm.meta)
-
-	key := prm.key
+	key := prm.Key
 	if key == nil {
-		key = &c.prm.key
+		key = &c.prm.Key
 	}

-	err := signature.SignServiceMessage(key, &req)
+	err = signature.SignServiceMessage(key, req)
 	if err != nil {
 		return nil, fmt.Errorf("sign request: %w", err)
 	}

 	ctx, cancel := context.WithCancel(ctx)

-	stream, err := rpcapi.GetObject(&c.c, &req, client.WithContext(ctx))
+	stream, err := rpcapi.GetObject(&c.c, req, client.WithContext(ctx))
 	if err != nil {
 		cancel()
 		return nil, fmt.Errorf("open stream: %w", err)
@ -349,17 +337,29 @@ func (c *Client) ObjectGetInit(ctx context.Context, prm PrmObjectGet) (*ObjectRe

 // PrmObjectHead groups parameters of ObjectHead operation.
 type PrmObjectHead struct {
-	prmObjectRead
+	XHeaders []string

-	keySet bool
-	key    ecdsa.PrivateKey
+	BearerToken *bearer.Token
+
+	Session *session.Object
+
+	Raw bool
+
+	Local bool
+
+	ContainerID *cid.ID
+
+	ObjectID *oid.ID
+
+	Key *ecdsa.PrivateKey
 }

 // UseKey specifies private key to sign the requests.
 // If key is not provided, then Client default key is used.
-func (x *PrmObjectHead) UseKey(key ecdsa.PrivateKey) {
-	x.keySet = true
-	x.key = key
+//
+// Deprecated: Use PrmObjectHead.Key instead.
+func (prm *PrmObjectHead) UseKey(key ecdsa.PrivateKey) {
+	prm.Key = &key
 }

 // ResObjectHead groups resulting values of ObjectHead operation.
@ -392,13 +392,65 @@ func (x *ResObjectHead) ReadHeader(dst *object.Object) bool {
 	return true
 }

+func (prm *PrmObjectHead) buildRequest(c *Client) (*v2object.HeadRequest, error) {
+	if prm.ContainerID == nil {
+		return nil, errorMissingContainer
+	}
+
+	if prm.ObjectID == nil {
+		return nil, errorMissingObject
+	}
+
+	if len(prm.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	meta := new(v2session.RequestMetaHeader)
+	writeXHeadersToMeta(prm.XHeaders, meta)
+
+	if prm.BearerToken != nil {
+		v2BearerToken := new(acl.BearerToken)
+		prm.BearerToken.WriteToV2(v2BearerToken)
+		meta.SetBearerToken(v2BearerToken)
+	}
+
+	if prm.Session != nil {
+		v2SessionToken := new(v2session.Token)
+		prm.Session.WriteToV2(v2SessionToken)
+		meta.SetSessionToken(v2SessionToken)
+	}
+
+	if prm.Local {
+		meta.SetTTL(1)
+	}
+
+	addr := new(v2refs.Address)
+
+	cnrV2 := new(v2refs.ContainerID)
+	prm.ContainerID.WriteToV2(cnrV2)
+	addr.SetContainerID(cnrV2)
+
+	objV2 := new(v2refs.ObjectID)
+	prm.ObjectID.WriteToV2(objV2)
+	addr.SetObjectID(objV2)
+	body := new(v2object.HeadRequestBody)
+	body.SetRaw(prm.Raw)
+	body.SetAddress(addr)
+
+	req := new(v2object.HeadRequest)
+	req.SetBody(body)
+	c.prepareRequest(req, meta)
+
+	return req, nil
+}
+
 // ObjectHead reads object header through a remote server using FrostFS API protocol.
 //
 // Exactly one return value is non-nil. By default, server status is returned in res structure.
 // Any client's internal or transport errors are returned as `error`,
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
+// If PrmInit.DisableFrostFSFailuresResolution has been called, unsuccessful
+// FrostFS status codes are included in the returned result structure,
+// otherwise, are also returned as `error`.
 //
 // Returns an error if parameters are set incorrectly (see PrmObjectHead docs).
 // Context is required and must not be nil. It is used for network communication.
@ -406,6 +458,7 @@ func (x *ResObjectHead) ReadHeader(dst *object.Object) bool {
 // Return errors:
 //
 //	*object.SplitInfoError (returned on virtual objects with PrmObjectHead.MakeRaw).
+//	*object.ECInfoError (returned on erasure-coded objects with PrmObjectHead.MakeRaw).
 //
 // Return statuses:
 //   - global (see Client docs);
@ -415,56 +468,43 @@ func (x *ResObjectHead) ReadHeader(dst *object.Object) bool {
 //   - *apistatus.ObjectAlreadyRemoved;
 //   - *apistatus.SessionTokenExpired.
 func (c *Client) ObjectHead(ctx context.Context, prm PrmObjectHead) (*ResObjectHead, error) {
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case prm.addr.GetContainerID() == nil:
-		return nil, errorMissingContainer
-	case prm.addr.GetObjectID() == nil:
-		return nil, errorMissingObject
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
 	}

-	var body v2object.HeadRequestBody
-	body.SetRaw(prm.raw)
-	body.SetAddress(&prm.addr)
-
-	var req v2object.HeadRequest
-	req.SetBody(&body)
-	c.prepareRequest(&req, &prm.meta)
-
-	key := c.prm.key
-	if prm.keySet {
-		key = prm.key
+	key := c.prm.Key
+	if prm.Key != nil {
+		key = *prm.Key
 	}

 	// sign the request
-	err := signature.SignServiceMessage(&key, &req)
+
+	err = signature.SignServiceMessage(&key, req)
 	if err != nil {
 		return nil, fmt.Errorf("sign request: %w", err)
 	}

-	resp, err := rpcapi.HeadObject(&c.c, &req, client.WithContext(ctx))
+	resp, err := rpcapi.HeadObject(&c.c, req, client.WithContext(ctx))
 	if err != nil {
 		return nil, fmt.Errorf("write request: %w", err)
 	}

 	var res ResObjectHead
 	res.st, err = c.processResponse(resp)
-	if err != nil {
-		return nil, err
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
 	}

-	if !apistatus.IsSuccessful(res.st) {
-		return &res, nil
-	}
-
-	_ = res.idObj.ReadFromV2(*prm.addr.GetObjectID())
+	res.idObj = *prm.ObjectID

 	switch v := resp.GetBody().GetHeaderPart().(type) {
 	default:
 		return nil, fmt.Errorf("unexpected header type %T", v)
 	case *v2object.SplitInfo:
 		return nil, object.NewSplitInfoError(object.NewSplitInfoFromV2(v))
+	case *v2object.ECInfo:
+		return nil, object.NewECInfoError(object.NewECInfoFromV2(v))
 	case *v2object.HeaderWithSignature:
 		res.hdr = v
 	}
@ -474,29 +514,95 @@ func (c *Client) ObjectHead(ctx context.Context, prm PrmObjectHead) (*ResObjectH

 // PrmObjectRange groups parameters of ObjectRange operation.
 type PrmObjectRange struct {
-	prmObjectRead
+	XHeaders []string

-	key *ecdsa.PrivateKey
+	BearerToken *bearer.Token

-	rng v2object.Range
+	Session *session.Object
+
+	Raw bool
+
+	Local bool
+
+	ContainerID *cid.ID
+
+	ObjectID *oid.ID
+
+	Key *ecdsa.PrivateKey
+
+	Offset uint64
+
+	Length uint64
 }

-// SetOffset sets offset of the payload range to be read.
-// Zero by default.
-func (x *PrmObjectRange) SetOffset(off uint64) {
-	x.rng.SetOffset(off)
+func (prm *PrmObjectRange) buildRequest(c *Client) (*v2object.GetRangeRequest, error) {
+	if prm.Length == 0 {
+		return nil, errorZeroRangeLength
 	}

-// SetLength sets length of the payload range to be read.
-// Must be positive.
-func (x *PrmObjectRange) SetLength(ln uint64) {
-	x.rng.SetLength(ln)
+	if prm.ContainerID == nil {
+		return nil, errorMissingContainer
+	}
+
+	if prm.ObjectID == nil {
+		return nil, errorMissingObject
+	}
+
+	if len(prm.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	meta := new(v2session.RequestMetaHeader)
+	writeXHeadersToMeta(prm.XHeaders, meta)
+
+	if prm.BearerToken != nil {
+		v2BearerToken := new(acl.BearerToken)
+		prm.BearerToken.WriteToV2(v2BearerToken)
+		meta.SetBearerToken(v2BearerToken)
+	}
+
+	if prm.Session != nil {
+		v2SessionToken := new(v2session.Token)
+		prm.Session.WriteToV2(v2SessionToken)
+		meta.SetSessionToken(v2SessionToken)
+	}
+
+	if prm.Local {
+		meta.SetTTL(1)
+	}
+
+	addr := new(v2refs.Address)
+
+	cnrV2 := new(v2refs.ContainerID)
+	prm.ContainerID.WriteToV2(cnrV2)
+	addr.SetContainerID(cnrV2)
+
+	objV2 := new(v2refs.ObjectID)
+	prm.ObjectID.WriteToV2(objV2)
+	addr.SetObjectID(objV2)
+
+	rng := new(v2object.Range)
+	rng.SetLength(prm.Length)
+	rng.SetOffset(prm.Offset)
+
+	body := new(v2object.GetRangeRequestBody)
+	body.SetRaw(prm.Raw)
+	body.SetAddress(addr)
+	body.SetRange(rng)
+
+	req := new(v2object.GetRangeRequest)
+	req.SetBody(body)
+	c.prepareRequest(req, meta)
+
+	return req, nil
 }

 // UseKey specifies private key to sign the requests.
 // If key is not provided, then Client default key is used.
-func (x *PrmObjectRange) UseKey(key ecdsa.PrivateKey) {
-	x.key = &key
+//
+// Deprecated: Use PrmObjectRange.Key instead.
+func (prm *PrmObjectRange) UseKey(key ecdsa.PrivateKey) {
+	prm.Key = &key
 }

 // ResObjectRange groups the final result values of ObjectRange operation.
@ -562,6 +668,9 @@ func (x *ObjectRangeReader) readChunk(buf []byte) (int, bool) {
 		case *v2object.SplitInfo:
 			x.err = object.NewSplitInfoError(object.NewSplitInfoFromV2(v))
 			return read, false
+		case *v2object.ECInfo:
+			x.err = object.NewECInfoError(object.NewECInfoFromV2(v))
+			return read, false
 		case *v2object.GetRangePartChunk:
 			partChunk = v
 		}
@ -622,6 +731,7 @@ func (x *ObjectRangeReader) close(ignoreEOF bool) (*ResObjectRange, error) {
 // Return errors:
 //
 //	*object.SplitInfoError (returned on virtual objects with PrmObjectRange.MakeRaw).
+//	*object.ECInfoError (returned on erasure-coded objects with PrmObjectRange.MakeRaw).
 //
 // Return statuses:
 //   - global (see Client docs);
@ -666,51 +776,31 @@ func (x *ObjectRangeReader) Read(p []byte) (int, error) {
 // Returns an error if parameters are set incorrectly (see PrmObjectRange docs).
 // Context is required and must not be nil. It is used for network communication.
 func (c *Client) ObjectRangeInit(ctx context.Context, prm PrmObjectRange) (*ObjectRangeReader, error) {
-	// check parameters
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case prm.addr.GetContainerID() == nil:
-		return nil, errorMissingContainer
-	case prm.addr.GetObjectID() == nil:
-		return nil, errorMissingObject
-	case prm.rng.GetLength() == 0:
-		return nil, errorZeroRangeLength
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
 	}

-	// form request body
-	var body v2object.GetRangeRequestBody
-
-	body.SetRaw(prm.raw)
-	body.SetAddress(&prm.addr)
-	body.SetRange(&prm.rng)
-
-	// form request
-	var req v2object.GetRangeRequest
-
-	req.SetBody(&body)
-	c.prepareRequest(&req, &prm.meta)
-
-	key := prm.key
+	key := prm.Key
 	if key == nil {
-		key = &c.prm.key
+		key = &c.prm.Key
 	}

-	err := signature.SignServiceMessage(key, &req)
+	err = signature.SignServiceMessage(key, req)
 	if err != nil {
 		return nil, fmt.Errorf("sign request: %w", err)
 	}

 	ctx, cancel := context.WithCancel(ctx)

-	stream, err := rpcapi.GetObjectRange(&c.c, &req, client.WithContext(ctx))
+	stream, err := rpcapi.GetObjectRange(&c.c, req, client.WithContext(ctx))
 	if err != nil {
 		cancel()
 		return nil, fmt.Errorf("open stream: %w", err)
 	}

 	var r ObjectRangeReader
-	r.remainingPayloadLen = int(prm.rng.GetLength())
+	r.remainingPayloadLen = int(prm.Length)
 	r.cancelCtxStream = cancel
 	r.stream = stream
 	r.client = c
--- a/client/object_hash.go
+++ b/client/object_hash.go
@ -13,121 +13,53 @@ import (
 	v2session "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/checksum"
 	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 )

 // PrmObjectHash groups parameters of ObjectHash operation.
 type PrmObjectHash struct {
-	meta v2session.RequestMetaHeader
+	XHeaders []string

-	body v2object.GetRangeHashRequestBody
+	BearerToken *bearer.Token

-	csAlgo v2refs.ChecksumType
+	Session *session.Object

-	addr v2refs.Address
+	Local bool

-	keySet bool
-	key    ecdsa.PrivateKey
+	Ranges []object.Range
+
+	Salt []byte
+
+	ChecksumType checksum.Type
+
+	ContainerID *cid.ID
+
+	ObjectID *oid.ID
+
+	Key *ecdsa.PrivateKey
 }

 // UseKey specifies private key to sign the requests.
 // If key is not provided, then Client default key is used.
-func (x *PrmObjectHash) UseKey(key ecdsa.PrivateKey) {
-	x.keySet = true
-	x.key = key
-}
-
-// MarkLocal tells the server to execute the operation locally.
-func (x *PrmObjectHash) MarkLocal() {
-	x.meta.SetTTL(1)
-}
-
-// WithinSession specifies session within which object should be read.
 //
-// Creator of the session acquires the authorship of the request.
-// This may affect the execution of an operation (e.g. access control).
-//
-// Must be signed.
-func (x *PrmObjectHash) WithinSession(t session.Object) {
-	var tv2 v2session.Token
-	t.WriteToV2(&tv2)
-
-	x.meta.SetSessionToken(&tv2)
-}
-
-// WithBearerToken attaches bearer token to be used for the operation.
-//
-// If set, underlying eACL rules will be used in access control.
-//
-// Must be signed.
-func (x *PrmObjectHash) WithBearerToken(t bearer.Token) {
-	var v2token acl.BearerToken
-	t.WriteToV2(&v2token)
-	x.meta.SetBearerToken(&v2token)
-}
-
-// FromContainer specifies FrostFS container of the object.
-// Required parameter.
-func (x *PrmObjectHash) FromContainer(id cid.ID) {
-	var cidV2 v2refs.ContainerID
-	id.WriteToV2(&cidV2)
-
-	x.addr.SetContainerID(&cidV2)
-}
-
-// ByID specifies identifier of the requested object.
-// Required parameter.
-func (x *PrmObjectHash) ByID(id oid.ID) {
-	var idV2 v2refs.ObjectID
-	id.WriteToV2(&idV2)
-
-	x.addr.SetObjectID(&idV2)
-}
-
-// SetRangeList sets list of ranges in (offset, length) pair format.
-// Required parameter.
-//
-// If passed as slice, then it must not be mutated before the operation completes.
-func (x *PrmObjectHash) SetRangeList(r ...uint64) {
-	ln := len(r)
-	if ln%2 != 0 {
-		panic("odd number of range parameters")
-	}
-
-	rs := make([]v2object.Range, ln/2)
-
-	for i := 0; i < ln/2; i++ {
-		rs[i].SetOffset(r[2*i])
-		rs[i].SetLength(r[2*i+1])
-	}
-
-	x.body.SetRanges(rs)
+// Deprecated: Use PrmObjectHash.Key instead.
+func (prm *PrmObjectHash) UseKey(key ecdsa.PrivateKey) {
+	prm.Key = &key
 }

 // TillichZemorAlgo changes the hash function to Tillich-Zemor
 // (https://link.springer.com/content/pdf/10.1007/3-540-48658-5_5.pdf).
 //
-// By default, SHA256 hash function is used.
-func (x *PrmObjectHash) TillichZemorAlgo() {
-	x.csAlgo = v2refs.TillichZemor
-}
-
-// UseSalt sets the salt to XOR the data range before hashing.
+// By default, SHA256 hash function is used/.
 //
-// Must not be mutated before the operation completes.
-func (x *PrmObjectHash) UseSalt(salt []byte) {
-	x.body.SetSalt(salt)
-}
-
-// WithXHeaders specifies list of extended headers (string key-value pairs)
-// to be attached to the request. Must have an even length.
-//
-// Slice must not be mutated until the operation completes.
-func (x *PrmObjectHash) WithXHeaders(hs ...string) {
-	writeXHeadersToMeta(hs, &x.meta)
+// Deprecated: Use PrmObjectHash.ChecksumType instead.
+func (prm *PrmObjectHash) TillichZemorAlgo() {
+	prm.ChecksumType = checksum.TZ
 }

 // ResObjectHash groups resulting values of ObjectHash operation.
@ -142,6 +74,76 @@ func (x ResObjectHash) Checksums() [][]byte {
 	return x.checksums
 }

+func (prm *PrmObjectHash) buildRequest(c *Client) (*v2object.GetRangeHashRequest, error) {
+	if prm.ContainerID == nil {
+		return nil, errorMissingContainer
+	}
+
+	if prm.ObjectID == nil {
+		return nil, errorMissingObject
+	}
+
+	if len(prm.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	if len(prm.Ranges) == 0 {
+		return nil, errorMissingRanges
+	}
+
+	meta := new(v2session.RequestMetaHeader)
+	writeXHeadersToMeta(prm.XHeaders, meta)
+
+	if prm.BearerToken != nil {
+		v2BearerToken := new(acl.BearerToken)
+		prm.BearerToken.WriteToV2(v2BearerToken)
+		meta.SetBearerToken(v2BearerToken)
+	}
+
+	if prm.Session != nil {
+		v2SessionToken := new(v2session.Token)
+		prm.Session.WriteToV2(v2SessionToken)
+		meta.SetSessionToken(v2SessionToken)
+	}
+
+	if prm.Local {
+		meta.SetTTL(1)
+	}
+
+	addr := new(v2refs.Address)
+
+	cnrV2 := new(v2refs.ContainerID)
+	prm.ContainerID.WriteToV2(cnrV2)
+	addr.SetContainerID(cnrV2)
+
+	objV2 := new(v2refs.ObjectID)
+	prm.ObjectID.WriteToV2(objV2)
+	addr.SetObjectID(objV2)
+
+	rs := make([]v2object.Range, len(prm.Ranges))
+	for i := range prm.Ranges {
+		rs[i].SetOffset(prm.Ranges[i].GetOffset())
+		rs[i].SetLength(prm.Ranges[i].GetLength())
+	}
+
+	body := new(v2object.GetRangeHashRequestBody)
+	body.SetAddress(addr)
+	body.SetRanges(rs)
+	body.SetSalt(prm.Salt)
+
+	if prm.ChecksumType == checksum.Unknown {
+		body.SetType(v2refs.SHA256)
+	} else {
+		body.SetType(v2refs.ChecksumType(prm.ChecksumType))
+	}
+
+	req := new(v2object.GetRangeHashRequest)
+	req.SetBody(body)
+	c.prepareRequest(req, meta)
+
+	return req, nil
+}
+
 // ObjectHash requests checksum of the range list of the object payload using
 // FrostFS API protocol.
 //
@ -150,9 +152,9 @@ func (x ResObjectHash) Checksums() [][]byte {
 //
 // Exactly one return value is non-nil. By default, server status is returned in res structure.
 // Any client's internal or transport errors are returned as `error`,
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
+// If PrmInit.DisableFrostFSFailuresResolution has been called, unsuccessful
+// FrostFS status codes are included in the returned result structure,
+// otherwise, are also returned as `error`.
 //
 // Returns an error if parameters are set incorrectly (see PrmObjectHash docs).
 // Context is required and must not be nil. It is used for network communication.
@ -165,51 +167,30 @@ func (x ResObjectHash) Checksums() [][]byte {
 //   - *apistatus.ObjectOutOfRange;
 //   - *apistatus.SessionTokenExpired.
 func (c *Client) ObjectHash(ctx context.Context, prm PrmObjectHash) (*ResObjectHash, error) {
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case prm.addr.GetContainerID() == nil:
-		return nil, errorMissingContainer
-	case prm.addr.GetObjectID() == nil:
-		return nil, errorMissingObject
-	case len(prm.body.GetRanges()) == 0:
-		return nil, errorMissingRanges
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
 	}

-	prm.body.SetAddress(&prm.addr)
-	if prm.csAlgo == v2refs.UnknownChecksum {
-		prm.body.SetType(v2refs.SHA256)
-	} else {
-		prm.body.SetType(prm.csAlgo)
+	key := c.prm.Key
+	if prm.Key != nil {
+		key = *prm.Key
 	}

-	var req v2object.GetRangeHashRequest
-	c.prepareRequest(&req, &prm.meta)
-	req.SetBody(&prm.body)
-
-	key := c.prm.key
-	if prm.keySet {
-		key = prm.key
-	}
-
-	err := signature.SignServiceMessage(&key, &req)
+	err = signature.SignServiceMessage(&key, req)
 	if err != nil {
 		return nil, fmt.Errorf("sign request: %w", err)
 	}

-	resp, err := rpcapi.HashObjectRange(&c.c, &req, client.WithContext(ctx))
+	resp, err := rpcapi.HashObjectRange(&c.c, req, client.WithContext(ctx))
 	if err != nil {
 		return nil, fmt.Errorf("write request: %w", err)
 	}

 	var res ResObjectHash
 	res.st, err = c.processResponse(resp)
-	if err != nil {
-		return nil, err
-	}
-
-	if !apistatus.IsSuccessful(res.st) {
-		return &res, nil
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
 	}

 	res.checksums = resp.GetBody().GetHashList()
--- a/client/object_put.go
+++ b/client/object_put.go
@ -3,33 +3,69 @@ package client
 import (
 	"context"
 	"crypto/ecdsa"
-	"errors"
-	"fmt"
-	"io"

-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl"
-	v2object "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
-	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
-	v2session "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
+	buffPool "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/util/pool"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
-	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/transformer"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
 )

+// defaultGRPCPayloadChunkLen default value for maxChunkLen.
+// See PrmObjectPutInit.SetGRPCPayloadChunkLen for details.
+const defaultGRPCPayloadChunkLen = 3 << 20
+
 // PrmObjectPutInit groups parameters of ObjectPutInit operation.
 type PrmObjectPutInit struct {
-	copyNum uint32
-	key     *ecdsa.PrivateKey
-	meta    v2session.RequestMetaHeader
+	XHeaders []string
+
+	BearerToken *bearer.Token
+
+	Session *session.Object
+
+	Local bool
+
+	CopiesNumber []uint32
+
+	MaxChunkLength int
+
+	MaxSize uint64
+
+	EpochSource transformer.EpochSource
+
+	WithoutHomomorphHash bool
+
+	Key *ecdsa.PrivateKey
+
+	Pool *buffPool.BufferPool
 }

 // SetCopiesNumber sets number of object copies that is enough to consider put successful.
+//
+// Deprecated: Use PrmObjectPutInit.CopiesNumber instead.
 func (x *PrmObjectPutInit) SetCopiesNumber(copiesNumber uint32) {
-	x.copyNum = copiesNumber
+	x.CopiesNumber = []uint32{copiesNumber}
+}
+
+// SetCopiesNumberByVectors sets ordered list of minimal required object copies numbers
+// per placement vector. List's length MUST equal container's placement vector number,
+// otherwise request will fail.
+//
+// Deprecated: Use PrmObjectPutInit.CopiesNumber instead.
+func (x *PrmObjectPutInit) SetCopiesNumberByVectors(copiesNumbers []uint32) {
+	x.CopiesNumber = copiesNumbers
+}
+
+// SetGRPCPayloadChunkLen sets maximum chunk length value for gRPC Put request.
+// Maximum chunk length restricts maximum byte length of the chunk
+// transmitted in a single stream message. It depends on
+// server settings and other message fields.
+// If not specified or negative value set, default value of 3MiB will be used.
+//
+// Deprecated: Use PrmObjectPutInit.MaxChunkLength instead.
+func (x *PrmObjectPutInit) SetGRPCPayloadChunkLen(v int) {
+	x.MaxChunkLength = v
 }

 // ResObjectPut groups the final result values of ObjectPutInit operation.
@ -37,6 +73,7 @@ type ResObjectPut struct {
 	statusRes

 	obj   oid.ID
+	epoch uint64
 }

 // StoredObjectID returns identifier of the saved object.
@ -44,138 +81,23 @@ func (x ResObjectPut) StoredObjectID() oid.ID {
 	return x.obj
 }

-// ObjectWriter is designed to write one object to FrostFS system.
+// StoredEpoch returns creation epoch of the saved object.
+func (x ResObjectPut) StoredEpoch() uint64 {
+	return x.epoch
+}
+
+// ObjectWriter is designed to write one object or
+// multiple parts of one object to FrostFS system.
 //
 // Must be initialized using Client.ObjectPutInit, any other
 // usage is unsafe.
-type ObjectWriter struct {
-	cancelCtxStream context.CancelFunc
-
-	client *Client
-	stream interface {
-		Write(*v2object.PutRequest) error
-		Close() error
-	}
-
-	key *ecdsa.PrivateKey
-	res ResObjectPut
-	err error
-
-	chunkCalled bool
-
-	respV2    v2object.PutResponse
-	req       v2object.PutRequest
-	partInit  v2object.PutObjectPartInit
-	partChunk v2object.PutObjectPartChunk
-}
-
-// UseKey specifies private key to sign the requests.
-// If key is not provided, then Client default key is used.
-func (x *PrmObjectPutInit) UseKey(key ecdsa.PrivateKey) {
-	x.key = &key
-}
-
-// WithBearerToken attaches bearer token to be used for the operation.
-// Should be called once before any writing steps.
-func (x *PrmObjectPutInit) WithBearerToken(t bearer.Token) {
-	var v2token acl.BearerToken
-	t.WriteToV2(&v2token)
-	x.meta.SetBearerToken(&v2token)
-}
-
-// WithinSession specifies session within which object should be stored.
-// Should be called once before any writing steps.
-func (x *PrmObjectPutInit) WithinSession(t session.Object) {
-	var tv2 v2session.Token
-	t.WriteToV2(&tv2)
-
-	x.meta.SetSessionToken(&tv2)
-}
-
-// MarkLocal tells the server to execute the operation locally.
-func (x *PrmObjectPutInit) MarkLocal() {
-	x.meta.SetTTL(1)
-}
-
-// WithXHeaders specifies list of extended headers (string key-value pairs)
-// to be attached to the request. Must have an even length.
-//
-// Slice must not be mutated until the operation completes.
-func (x *PrmObjectPutInit) WithXHeaders(hs ...string) {
-	writeXHeadersToMeta(hs, &x.meta)
-}
-
+type ObjectWriter interface {
 	// WriteHeader writes header of the object. Result means success.
 	// Failure reason can be received via Close.
-func (x *ObjectWriter) WriteHeader(hdr object.Object) bool {
-	v2Hdr := hdr.ToV2()
-
-	x.partInit.SetObjectID(v2Hdr.GetObjectID())
-	x.partInit.SetHeader(v2Hdr.GetHeader())
-	x.partInit.SetSignature(v2Hdr.GetSignature())
-
-	x.req.GetBody().SetObjectPart(&x.partInit)
-	x.req.SetVerificationHeader(nil)
-
-	x.err = signature.SignServiceMessage(x.key, &x.req)
-	if x.err != nil {
-		x.err = fmt.Errorf("sign message: %w", x.err)
-		return false
-	}
-
-	x.err = x.stream.Write(&x.req)
-	return x.err == nil
-}
-
+	WriteHeader(context.Context, object.Object) bool
 	// WritePayloadChunk writes chunk of the object payload. Result means success.
 	// Failure reason can be received via Close.
-func (x *ObjectWriter) WritePayloadChunk(chunk []byte) bool {
-	if !x.chunkCalled {
-		x.chunkCalled = true
-		x.req.GetBody().SetObjectPart(&x.partChunk)
-	}
-
-	for ln := len(chunk); ln > 0; ln = len(chunk) {
-		// maxChunkLen restricts maximum byte length of the chunk
-		// transmitted in a single stream message. It depends on
-		// server settings and other message fields, but for now
-		// we simply assume that 3MB is large enough to reduce the
-		// number of messages, and not to exceed the limit
-		// (4MB by default for gRPC servers).
-		const maxChunkLen = 3 << 20
-		if ln > maxChunkLen {
-			ln = maxChunkLen
-		}
-
-		// we deal with size limit overflow above, but there is another case:
-		// what if method is called with "small" chunk many times? We write
-		// a message to the stream on each call. Alternatively, we could use buffering.
-		// In most cases, the chunk length does not vary between calls. Given this
-		// assumption, as well as the length of the payload from the header, it is
-		// possible to buffer the data of intermediate chunks, and send a message when
-		// the allocated buffer is filled, or when the last chunk is received.
-		// It is mentally assumed that allocating and filling the buffer is better than
-		// synchronous sending, but this needs to be tested.
-		x.partChunk.SetChunk(chunk[:ln])
-		x.req.SetVerificationHeader(nil)
-
-		x.err = signature.SignServiceMessage(x.key, &x.req)
-		if x.err != nil {
-			x.err = fmt.Errorf("sign message: %w", x.err)
-			return false
-		}
-
-		x.err = x.stream.Write(&x.req)
-		if x.err != nil {
-			return false
-		}
-
-		chunk = chunk[ln:]
-	}
-
-	return true
-}
-
+	WritePayloadChunk(context.Context, []byte) bool
 	// Close ends writing the object and returns the result of the operation
 	// along with the final results. Must be called after using the ObjectWriter.
 	//
@ -192,42 +114,71 @@ func (x *ObjectWriter) WritePayloadChunk(chunk []byte) bool {
 	//   - *apistatus.LockNonRegularObject;
 	//   - *apistatus.SessionTokenNotFound;
 	//   - *apistatus.SessionTokenExpired.
-func (x *ObjectWriter) Close() (*ResObjectPut, error) {
-	defer x.cancelCtxStream()
-
-	// Ignore io.EOF error, because it is expected error for client-side
-	// stream termination by the server. E.g. when stream contains invalid
-	// message. Server returns an error in response message (in status).
-	if x.err != nil && !errors.Is(x.err, io.EOF) {
-		return nil, x.err
+	Close(context.Context) (*ResObjectPut, error)
 }

-	if x.err = x.stream.Close(); x.err != nil {
-		return nil, x.err
+// UseKey specifies private key to sign the requests.
+// If key is not provided, then Client default key is used.
+//
+// Deprecated: Use PrmObjectPutInit.Key instead.
+func (x *PrmObjectPutInit) UseKey(key ecdsa.PrivateKey) {
+	x.Key = &key
 }

-	x.res.st, x.err = x.client.processResponse(&x.respV2)
-	if x.err != nil {
-		return nil, x.err
+// WithBearerToken attaches bearer token to be used for the operation.
+// Should be called once before any writing steps.
+//
+// Deprecated: Use PrmObjectPutInit.BearerToken instead.
+func (x *PrmObjectPutInit) WithBearerToken(t bearer.Token) {
+	x.BearerToken = &t
 }

-	if !apistatus.IsSuccessful(x.res.st) {
-		return &x.res, nil
+// WithinSession specifies session within which object should be stored.
+// Should be called once before any writing steps.
+//
+// Deprecated: Use PrmObjectPutInit.Session instead.
+func (x *PrmObjectPutInit) WithinSession(t session.Object) {
+	x.Session = &t
 }

-	const fieldID = "ID"
-
-	idV2 := x.respV2.GetBody().GetObjectID()
-	if idV2 == nil {
-		return nil, newErrMissingResponseField(fieldID)
+// MarkLocal tells the server to execute the operation locally.
+//
+// Deprecated: Use PrmObjectPutInit.Local instead.
+func (x *PrmObjectPutInit) MarkLocal() {
+	x.Local = true
 }

-	x.err = x.res.obj.ReadFromV2(*idV2)
-	if x.err != nil {
-		x.err = newErrInvalidResponseField(fieldID, x.err)
+// WithXHeaders specifies list of extended headers (string key-value pairs)
+// to be attached to the request. Must have an even length.
+//
+// Slice must not be mutated until the operation completes.
+//
+// Deprecated: Use PrmObjectPutInit.XHeaders instead.
+func (x *PrmObjectPutInit) WithXHeaders(hs ...string) {
+	x.XHeaders = hs
 }

-	return &x.res, nil
+// WithObjectMaxSize specifies max object size value and use it during object splitting.
+// When specified, start writing to the stream only after the object is formed.
+// Continue processing the input only when the previous formed object has been successfully written.
+//
+// Deprecated: Use PrmObjectPutInit.MaxSize instead.
+func (x *PrmObjectPutInit) WithObjectMaxSize(maxSize uint64) {
+	x.MaxSize = maxSize
+}
+
+// WithoutHomomorphicHash if set to true do not use Tillich-Zémor hash for payload.
+//
+// Deprecated: Use PrmObjectPutInit.WithoutHomomorphHash instead.
+func (x *PrmObjectPutInit) WithoutHomomorphicHash(v bool) {
+	x.WithoutHomomorphHash = v
+}
+
+// WithEpochSource specifies epoch for object when split it on client side.
+//
+// Deprecated: Use PrmObjectPutInit.EpochSource instead.
+func (x *PrmObjectPutInit) WithEpochSource(es transformer.EpochSource) {
+	x.EpochSource = es
 }

 // ObjectPutInit initiates writing an object through a remote server using FrostFS API protocol.
@ -237,31 +188,9 @@ func (x *ObjectWriter) Close() (*ResObjectPut, error) {
 //
 // Returns an error if parameters are set incorrectly.
 // Context is required and must not be nil. It is used for network communication.
-func (c *Client) ObjectPutInit(ctx context.Context, prm PrmObjectPutInit) (*ObjectWriter, error) {
-	// check parameters
-	if ctx == nil {
-		return nil, errorMissingContext
+func (c *Client) ObjectPutInit(ctx context.Context, prm PrmObjectPutInit) (ObjectWriter, error) {
+	if prm.MaxSize > 0 {
+		return c.objectPutInitTransformer(prm)
 	}
-
-	var w ObjectWriter
-
-	ctx, cancel := context.WithCancel(ctx)
-	stream, err := rpcapi.PutObject(&c.c, &w.respV2, client.WithContext(ctx))
-	if err != nil {
-		cancel()
-		return nil, fmt.Errorf("open stream: %w", err)
-	}
-
-	w.key = &c.prm.key
-	if prm.key != nil {
-		w.key = prm.key
-	}
-	w.cancelCtxStream = cancel
-	w.client = c
-	w.stream = stream
-	w.partInit.SetCopiesNumber(prm.copyNum)
-	w.req.SetBody(new(v2object.PutRequestBody))
-	c.prepareRequest(&w.req, &prm.meta)
-
-	return &w, nil
+	return c.objectPutInitRaw(ctx, prm)
 }
--- a/client/object_put_raw.go
+++ b/client/object_put_raw.go
@ -0,0 +1,177 @@
+package client
+
+import (
+	"context"
+	"crypto/ecdsa"
+	"errors"
+	"fmt"
+	"io"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl"
+	v2object "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
+	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
+	v2session "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+)
+
+func (c *Client) objectPutInitRaw(ctx context.Context, prm PrmObjectPutInit) (*objectWriterRaw, error) {
+	if len(prm.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	var w objectWriterRaw
+	stream, err := rpcapi.PutObject(&c.c, &w.respV2, client.WithContext(ctx))
+	if err != nil {
+		return nil, fmt.Errorf("open stream: %w", err)
+	}
+
+	w.key = &c.prm.Key
+	if prm.Key != nil {
+		w.key = prm.Key
+	}
+	w.client = c
+	w.stream = stream
+	w.partInit.SetCopiesNumber(prm.CopiesNumber)
+	w.req.SetBody(new(v2object.PutRequestBody))
+	if prm.MaxChunkLength > 0 {
+		w.maxChunkLen = prm.MaxChunkLength
+	} else {
+		w.maxChunkLen = defaultGRPCPayloadChunkLen
+	}
+
+	meta := new(v2session.RequestMetaHeader)
+	writeXHeadersToMeta(prm.XHeaders, meta)
+
+	if prm.BearerToken != nil {
+		v2BearerToken := new(acl.BearerToken)
+		prm.BearerToken.WriteToV2(v2BearerToken)
+		meta.SetBearerToken(v2BearerToken)
+	}
+
+	if prm.Session != nil {
+		v2SessionToken := new(v2session.Token)
+		prm.Session.WriteToV2(v2SessionToken)
+		meta.SetSessionToken(v2SessionToken)
+	}
+
+	if prm.Local {
+		meta.SetTTL(1)
+	}
+
+	c.prepareRequest(&w.req, meta)
+	return &w, nil
+}
+
+type objectWriterRaw struct {
+	client *Client
+	stream interface {
+		Write(*v2object.PutRequest) error
+		Close() error
+	}
+
+	key         *ecdsa.PrivateKey
+	res         ResObjectPut
+	err         error
+	chunkCalled bool
+	respV2      v2object.PutResponse
+	req         v2object.PutRequest
+	partInit    v2object.PutObjectPartInit
+	partChunk   v2object.PutObjectPartChunk
+	maxChunkLen int
+}
+
+func (x *objectWriterRaw) WriteHeader(_ context.Context, hdr object.Object) bool {
+	v2Hdr := hdr.ToV2()
+
+	x.partInit.SetObjectID(v2Hdr.GetObjectID())
+	x.partInit.SetHeader(v2Hdr.GetHeader())
+	x.partInit.SetSignature(v2Hdr.GetSignature())
+
+	x.req.GetBody().SetObjectPart(&x.partInit)
+	x.req.SetVerificationHeader(nil)
+
+	x.err = signature.SignServiceMessage(x.key, &x.req)
+	if x.err != nil {
+		x.err = fmt.Errorf("sign message: %w", x.err)
+		return false
+	}
+
+	x.err = x.stream.Write(&x.req)
+	return x.err == nil
+}
+
+func (x *objectWriterRaw) WritePayloadChunk(_ context.Context, chunk []byte) bool {
+	if !x.chunkCalled {
+		x.chunkCalled = true
+		x.req.GetBody().SetObjectPart(&x.partChunk)
+	}
+
+	for ln := len(chunk); ln > 0; ln = len(chunk) {
+		if ln > x.maxChunkLen {
+			ln = x.maxChunkLen
+		}
+
+		// we deal with size limit overflow above, but there is another case:
+		// what if method is called with "small" chunk many times? We write
+		// a message to the stream on each call. Alternatively, we could use buffering.
+		// In most cases, the chunk length does not vary between calls. Given this
+		// assumption, as well as the length of the payload from the header, it is
+		// possible to buffer the data of intermediate chunks, and send a message when
+		// the allocated buffer is filled, or when the last chunk is received.
+		// It is mentally assumed that allocating and filling the buffer is better than
+		// synchronous sending, but this needs to be tested.
+		x.partChunk.SetChunk(chunk[:ln])
+		x.req.SetVerificationHeader(nil)
+
+		x.err = signature.SignServiceMessage(x.key, &x.req)
+		if x.err != nil {
+			x.err = fmt.Errorf("sign message: %w", x.err)
+			return false
+		}
+
+		x.err = x.stream.Write(&x.req)
+		if x.err != nil {
+			return false
+		}
+
+		chunk = chunk[ln:]
+	}
+
+	return true
+}
+
+func (x *objectWriterRaw) Close(_ context.Context) (*ResObjectPut, error) {
+	// Ignore io.EOF error, because it is expected error for client-side
+	// stream termination by the server. E.g. when stream contains invalid
+	// message. Server returns an error in response message (in status).
+	if x.err != nil && !errors.Is(x.err, io.EOF) {
+		return nil, x.err
+	}
+
+	if x.err = x.stream.Close(); x.err != nil {
+		return nil, x.err
+	}
+
+	x.res.st, x.err = x.client.processResponse(&x.respV2)
+	if x.err != nil || !apistatus.IsSuccessful(x.res.st) {
+		return &x.res, x.err
+	}
+
+	const fieldID = "ID"
+
+	idV2 := x.respV2.GetBody().GetObjectID()
+	if idV2 == nil {
+		return nil, newErrMissingResponseField(fieldID)
+	}
+
+	x.err = x.res.obj.ReadFromV2(*idV2)
+	if x.err != nil {
+		x.err = newErrInvalidResponseField(fieldID, x.err)
+	}
+	x.res.epoch = x.respV2.GetMetaHeader().GetEpoch()
+
+	return &x.res, nil
+}
--- a/client/object_put_single.go
+++ b/client/object_put_single.go
@ -0,0 +1,175 @@
+package client
+
+import (
+	"context"
+	"crypto/ecdsa"
+	"fmt"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl"
+	v2object "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
+	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
+	v2session "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/session"
+)
+
+// PrmObjectPutSingle groups parameters of PutSingle operation.
+type PrmObjectPutSingle struct {
+	XHeaders []string
+
+	BearerToken *bearer.Token
+
+	Session *session.Object
+
+	Local bool
+
+	CopiesNumber []uint32
+
+	Object *object.Object
+
+	Key *ecdsa.PrivateKey
+}
+
+// SetCopiesNumber sets ordered list of minimal required object copies numbers
+// per placement vector. List's length MUST equal container's placement vector number,
+// otherwise request will fail.
+//
+// Deprecated: Use PrmObjectPutSingle.CopiesNumber instead.
+func (prm *PrmObjectPutSingle) SetCopiesNumber(v []uint32) {
+	prm.CopiesNumber = v
+}
+
+// UseKey specifies private key to sign the requests.
+// If key is not provided, then Client default key is used.
+//
+// Deprecated: Use PrmObjectPutSingle.Key instead.
+func (prm *PrmObjectPutSingle) UseKey(key *ecdsa.PrivateKey) {
+	prm.Key = key
+}
+
+// WithBearerToken attaches bearer token to be used for the operation.
+// Should be called once before any writing steps.
+//
+// Deprecated: Use PrmObjectPutSingle.BearerToken instead.
+func (prm *PrmObjectPutSingle) WithBearerToken(t bearer.Token) {
+	prm.BearerToken = &t
+}
+
+// WithinSession specifies session within which object should be stored.
+// Should be called once before any writing steps.
+//
+// Deprecated: Use PrmObjectPutSingle.Session instead.
+func (prm *PrmObjectPutSingle) WithinSession(t session.Object) {
+	prm.Session = &t
+}
+
+// ExecuteLocal tells the server to execute the operation locally.
+//
+// Deprecated: Use PrmObjectPutSingle.Local instead.
+func (prm *PrmObjectPutSingle) ExecuteLocal() {
+	prm.Local = true
+}
+
+// WithXHeaders specifies list of extended headers (string key-value pairs)
+// to be attached to the request. Must have an even length.
+//
+// Slice must not be mutated until the operation completes.
+//
+// Deprecated: Use PrmObjectPutSingle.XHeaders instead.
+func (prm *PrmObjectPutSingle) WithXHeaders(hs ...string) {
+	prm.XHeaders = hs
+}
+
+// SetObject specifies prepared object to put.
+//
+// Deprecated: Use PrmObjectPutSingle.Object instead.
+func (prm *PrmObjectPutSingle) SetObject(o *v2object.Object) {
+	prm.Object = object.NewFromV2(o)
+}
+
+// ResObjectPutSingle groups resulting values of PutSingle operation.
+type ResObjectPutSingle struct {
+	statusRes
+
+	epoch uint64
+}
+
+// Epoch returns creation epoch of the saved object.
+func (r *ResObjectPutSingle) Epoch() uint64 {
+	return r.epoch
+}
+
+func (prm *PrmObjectPutSingle) buildRequest(c *Client) (*v2object.PutSingleRequest, error) {
+	if len(prm.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	body := new(v2object.PutSingleRequestBody)
+	body.SetCopiesNumber(prm.CopiesNumber)
+	body.SetObject(prm.Object.ToV2())
+
+	meta := new(v2session.RequestMetaHeader)
+	writeXHeadersToMeta(prm.XHeaders, meta)
+
+	if prm.BearerToken != nil {
+		v2BearerToken := new(acl.BearerToken)
+		prm.BearerToken.WriteToV2(v2BearerToken)
+		meta.SetBearerToken(v2BearerToken)
+	}
+
+	if prm.Session != nil {
+		v2SessionToken := new(v2session.Token)
+		prm.Session.WriteToV2(v2SessionToken)
+		meta.SetSessionToken(v2SessionToken)
+	}
+
+	if prm.Local {
+		meta.SetTTL(1)
+	}
+
+	req := &v2object.PutSingleRequest{}
+	req.SetBody(body)
+	c.prepareRequest(req, meta)
+
+	return req, nil
+}
+
+// ObjectPutSingle writes prepared object to FrostFS.
+// Object must have payload, also containerID, objectID, ownerID, payload hash, payload length of an object must be set.
+// Exactly one return value is non-nil. By default, server status is returned in res structure.
+// Any client's internal or transport errors are returned as Go built-in error.
+// If Client is tuned to resolve FrostFS API statuses, then FrostFS failures
+// codes are returned as error.
+func (c *Client) ObjectPutSingle(ctx context.Context, prm PrmObjectPutSingle) (*ResObjectPutSingle, error) {
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
+	}
+
+	key := &c.prm.Key
+	if prm.Key != nil {
+		key = prm.Key
+	}
+
+	err = signature.SignServiceMessage(key, req)
+	if err != nil {
+		return nil, fmt.Errorf("sign request: %w", err)
+	}
+
+	resp, err := rpcapi.PutSingleObject(&c.c, req, client.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	var res ResObjectPutSingle
+	res.st, err = c.processResponse(resp)
+	if err != nil {
+		return &res, err
+	}
+	res.epoch = resp.GetMetaHeader().GetEpoch()
+
+	return &res, nil
+}
--- a/client/object_put_transformer.go
+++ b/client/object_put_transformer.go
@ -0,0 +1,144 @@
+package client
+
+import (
+	"context"
+
+	buffPool "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/util/pool"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/transformer"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+func (c *Client) objectPutInitTransformer(prm PrmObjectPutInit) (*objectWriterTransformer, error) {
+	var w objectWriterTransformer
+	w.it = internalTarget{
+		client: c,
+		prm:    prm,
+	}
+	key := &c.prm.Key
+	if prm.Key != nil {
+		key = prm.Key
+	}
+	w.ot = transformer.NewPayloadSizeLimiter(transformer.Params{
+		Key:                    key,
+		NextTargetInit:         func() transformer.ObjectWriter { return &w.it },
+		MaxSize:                prm.MaxSize,
+		WithoutHomomorphicHash: prm.WithoutHomomorphHash,
+		NetworkState:           prm.EpochSource,
+		Pool:                   prm.Pool,
+	})
+	return &w, nil
+}
+
+type objectWriterTransformer struct {
+	ot  transformer.ChunkedObjectWriter
+	it  internalTarget
+	err error
+}
+
+func (x *objectWriterTransformer) WriteHeader(ctx context.Context, hdr object.Object) bool {
+	x.err = x.ot.WriteHeader(ctx, &hdr)
+	return x.err == nil
+}
+
+func (x *objectWriterTransformer) WritePayloadChunk(ctx context.Context, chunk []byte) bool {
+	_, x.err = x.ot.Write(ctx, chunk)
+	return x.err == nil
+}
+
+func (x *objectWriterTransformer) Close(ctx context.Context) (*ResObjectPut, error) {
+	if x.err != nil {
+		return nil, x.err
+	}
+
+	ai, err := x.ot.Close(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if ai != nil {
+		x.it.res.epoch = ai.Epoch
+		if ai.ParentID != nil {
+			x.it.res.obj = *ai.ParentID
+		}
+	}
+	return x.it.res, nil
+}
+
+type internalTarget struct {
+	client    *Client
+	res       *ResObjectPut
+	prm       PrmObjectPutInit
+	useStream bool
+}
+
+func (it *internalTarget) WriteObject(ctx context.Context, o *object.Object) error {
+	putSingleImplemented, err := it.tryPutSingle(ctx, o)
+	if putSingleImplemented {
+		return err
+	}
+	it.useStream = true
+	return it.putAsStream(ctx, o)
+}
+
+func (it *internalTarget) putAsStream(ctx context.Context, o *object.Object) error {
+	wrt, err := it.client.objectPutInitRaw(ctx, it.prm)
+	if err != nil {
+		return err
+	}
+	if wrt.WriteHeader(ctx, *o) {
+		wrt.WritePayloadChunk(ctx, o.Payload())
+	}
+	it.res, err = wrt.Close(ctx)
+	if err == nil && it.client.prm.DisableFrostFSErrorResolution && !apistatus.IsSuccessful(it.res.st) {
+		err = apistatus.ErrFromStatus(it.res.st)
+	}
+	return err
+}
+
+func (it *internalTarget) tryPutSingle(ctx context.Context, o *object.Object) (bool, error) {
+	if it.useStream {
+		return false, nil
+	}
+
+	prm := PrmObjectPutSingle{
+		XHeaders:     it.prm.XHeaders,
+		BearerToken:  it.prm.BearerToken,
+		Session:      it.prm.Session,
+		Local:        it.prm.Local,
+		CopiesNumber: it.prm.CopiesNumber,
+		Object:       o,
+		Key:          it.prm.Key,
+	}
+
+	res, err := it.client.ObjectPutSingle(ctx, prm)
+	if err != nil && status.Code(err) == codes.Unimplemented {
+		return false, err
+	}
+
+	if err == nil {
+		it.returnBuffPool(o.Payload())
+		id, _ := o.ID()
+		it.res = &ResObjectPut{
+			statusRes: res.statusRes,
+			obj:       id,
+			epoch:     res.epoch,
+		}
+		if it.client.prm.DisableFrostFSErrorResolution && !apistatus.IsSuccessful(it.res.st) {
+			return true, apistatus.ErrFromStatus(it.res.st)
+		}
+		return true, nil
+	}
+	return true, err
+}
+
+func (it *internalTarget) returnBuffPool(playback []byte) {
+	if it.prm.Pool == nil {
+		return
+	}
+	var buffer buffPool.Buffer
+	buffer.Data = playback
+	it.prm.Pool.Put(&buffer)
+}
--- a/client/object_search.go
+++ b/client/object_search.go
@ -24,19 +24,26 @@ import (

 // PrmObjectSearch groups parameters of ObjectSearch operation.
 type PrmObjectSearch struct {
-	meta v2session.RequestMetaHeader
+	XHeaders []string

-	key *ecdsa.PrivateKey
+	Local bool

-	cnrSet bool
-	cnrID  cid.ID
+	BearerToken *bearer.Token

-	filters object.SearchFilters
+	Session *session.Object
+
+	ContainerID *cid.ID
+
+	Key *ecdsa.PrivateKey
+
+	Filters object.SearchFilters
 }

 // MarkLocal tells the server to execute the operation locally.
+//
+// Deprecated: Use PrmObjectSearch.Local instead.
 func (x *PrmObjectSearch) MarkLocal() {
-	x.meta.SetTTL(1)
+	x.Local = true
 }

 // WithinSession specifies session within which the search query must be executed.
@ -45,10 +52,10 @@ func (x *PrmObjectSearch) MarkLocal() {
 // This may affect the execution of an operation (e.g. access control).
 //
 // Must be signed.
+//
+// Deprecated: Use PrmObjectSearch.Session instead.
 func (x *PrmObjectSearch) WithinSession(t session.Object) {
-	var tokv2 v2session.Token
-	t.WriteToV2(&tokv2)
-	x.meta.SetSessionToken(&tokv2)
+	x.Session = &t
 }

 // WithBearerToken attaches bearer token to be used for the operation.
@ -56,37 +63,44 @@ func (x *PrmObjectSearch) WithinSession(t session.Object) {
 // If set, underlying eACL rules will be used in access control.
 //
 // Must be signed.
+//
+// Deprecated: Use PrmObjectSearch.BearerToken instead.
 func (x *PrmObjectSearch) WithBearerToken(t bearer.Token) {
-	var v2token acl.BearerToken
-	t.WriteToV2(&v2token)
-	x.meta.SetBearerToken(&v2token)
+	x.BearerToken = &t
 }

 // WithXHeaders specifies list of extended headers (string key-value pairs)
 // to be attached to the request. Must have an even length.
 //
 // Slice must not be mutated until the operation completes.
+//
+// Deprecated: Use PrmObjectSearch.XHeaders instead.
 func (x *PrmObjectSearch) WithXHeaders(hs ...string) {
-	writeXHeadersToMeta(hs, &x.meta)
+	x.XHeaders = hs
 }

 // UseKey specifies private key to sign the requests.
 // If key is not provided, then Client default key is used.
+//
+// Deprecated: Use PrmObjectSearch.Key instead.
 func (x *PrmObjectSearch) UseKey(key ecdsa.PrivateKey) {
-	x.key = &key
+	x.Key = &key
 }

 // InContainer specifies the container in which to look for objects.
 // Required parameter.
+//
+// Deprecated: Use PrmObjectSearch.ContainerID instead.
 func (x *PrmObjectSearch) InContainer(id cid.ID) {
-	x.cnrID = id
-	x.cnrSet = true
+	x.ContainerID = &id
 }

 // SetFilters sets filters by which to select objects. All container objects
 // match unset/empty filters.
+//
+// Deprecated: Use PrmObjectSearch.Filters instead.
 func (x *PrmObjectSearch) SetFilters(filters object.SearchFilters) {
-	x.filters = filters
+	x.Filters = filters
 }

 // ResObjectSearch groups the final result values of ObjectSearch operation.
@ -212,6 +226,48 @@ func (x *ObjectListReader) Close() (*ResObjectSearch, error) {
 	return &x.res, nil
 }

+func (x *PrmObjectSearch) buildRequest(c *Client) (*v2object.SearchRequest, error) {
+	if x.ContainerID == nil {
+		return nil, errorMissingContainer
+	}
+
+	if len(x.XHeaders)%2 != 0 {
+		return nil, errorInvalidXHeaders
+	}
+
+	meta := new(v2session.RequestMetaHeader)
+	writeXHeadersToMeta(x.XHeaders, meta)
+
+	if x.BearerToken != nil {
+		v2BearerToken := new(acl.BearerToken)
+		x.BearerToken.WriteToV2(v2BearerToken)
+		meta.SetBearerToken(v2BearerToken)
+	}
+
+	if x.Session != nil {
+		v2SessionToken := new(v2session.Token)
+		x.Session.WriteToV2(v2SessionToken)
+		meta.SetSessionToken(v2SessionToken)
+	}
+
+	if x.Local {
+		meta.SetTTL(1)
+	}
+	cnrV2 := new(v2refs.ContainerID)
+	x.ContainerID.WriteToV2(cnrV2)
+
+	body := new(v2object.SearchRequestBody)
+	body.SetVersion(1)
+	body.SetContainerID(cnrV2)
+	body.SetFilters(x.Filters.ToV2())
+
+	req := new(v2object.SearchRequest)
+	req.SetBody(body)
+	c.prepareRequest(req, meta)
+
+	return req, nil
+}
+
 // ObjectSearchInit initiates object selection through a remote server using FrostFS API protocol.
 //
 // The call only opens the transmission channel, explicit fetching of matched objects
@ -221,33 +277,17 @@ func (x *ObjectListReader) Close() (*ResObjectSearch, error) {
 // Returns an error if parameters are set incorrectly (see PrmObjectSearch docs).
 // Context is required and must not be nil. It is used for network communication.
 func (c *Client) ObjectSearchInit(ctx context.Context, prm PrmObjectSearch) (*ObjectListReader, error) {
-	// check parameters
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case !prm.cnrSet:
-		return nil, errorMissingContainer
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
 	}

-	var cidV2 v2refs.ContainerID
-	prm.cnrID.WriteToV2(&cidV2)
-
-	var body v2object.SearchRequestBody
-	body.SetVersion(1)
-	body.SetContainerID(&cidV2)
-	body.SetFilters(prm.filters.ToV2())
-
-	// init reader
-	var req v2object.SearchRequest
-	req.SetBody(&body)
-	c.prepareRequest(&req, &prm.meta)
-
-	key := prm.key
+	key := prm.Key
 	if key == nil {
-		key = &c.prm.key
+		key = &c.prm.Key
 	}

-	err := signature.SignServiceMessage(key, &req)
+	err = signature.SignServiceMessage(key, req)
 	if err != nil {
 		return nil, fmt.Errorf("sign request: %w", err)
 	}
@ -255,7 +295,7 @@ func (c *Client) ObjectSearchInit(ctx context.Context, prm PrmObjectSearch) (*Ob
 	var r ObjectListReader
 	ctx, r.cancelCtxStream = context.WithCancel(ctx)

-	r.stream, err = rpcapi.SearchObjects(&c.c, &req, client.WithContext(ctx))
+	r.stream, err = rpcapi.SearchObjects(&c.c, req, client.WithContext(ctx))
 	if err != nil {
 		return nil, fmt.Errorf("open stream: %w", err)
 	}
--- a/client/reputation.go
+++ b/client/reputation.go
@ -1,200 +0,0 @@
-package client
-
-import (
-	"context"
-
-	v2reputation "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/reputation"
-	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/reputation"
-)
-
-// PrmAnnounceLocalTrust groups parameters of AnnounceLocalTrust operation.
-type PrmAnnounceLocalTrust struct {
-	prmCommonMeta
-
-	epoch uint64
-
-	trusts []reputation.Trust
-}
-
-// SetEpoch sets number of FrostFS epoch in which the trust was assessed.
-// Required parameter, must not be zero.
-func (x *PrmAnnounceLocalTrust) SetEpoch(epoch uint64) {
-	x.epoch = epoch
-}
-
-// SetValues sets values describing trust of the client to the FrostFS network participants.
-// Required parameter. Must not be empty.
-//
-// Must not be mutated before the end of the operation.
-func (x *PrmAnnounceLocalTrust) SetValues(trusts []reputation.Trust) {
-	x.trusts = trusts
-}
-
-// ResAnnounceLocalTrust groups results of AnnounceLocalTrust operation.
-type ResAnnounceLocalTrust struct {
-	statusRes
-}
-
-// AnnounceLocalTrust sends client's trust values to the FrostFS network participants.
-//
-// Exactly one return value is non-nil. By default, server status is returned in res structure.
-// Any client's internal or transport errors are returned as `error`.
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
-//
-// Returns an error if parameters are set incorrectly (see PrmAnnounceLocalTrust docs).
-// Context is required and must not be nil. It is used for network communication.
-//
-// Return statuses:
-//   - global (see Client docs).
-func (c *Client) AnnounceLocalTrust(ctx context.Context, prm PrmAnnounceLocalTrust) (*ResAnnounceLocalTrust, error) {
-	// check parameters
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case prm.epoch == 0:
-		return nil, errorZeroEpoch
-	case len(prm.trusts) == 0:
-		return nil, errorMissingTrusts
-	}
-
-	// form request body
-	reqBody := new(v2reputation.AnnounceLocalTrustRequestBody)
-	reqBody.SetEpoch(prm.epoch)
-
-	trusts := make([]v2reputation.Trust, len(prm.trusts))
-
-	for i := range prm.trusts {
-		prm.trusts[i].WriteToV2(&trusts[i])
-	}
-
-	reqBody.SetTrusts(trusts)
-
-	// form request
-	var req v2reputation.AnnounceLocalTrustRequest
-
-	req.SetBody(reqBody)
-
-	// init call context
-
-	var (
-		cc  contextCall
-		res ResAnnounceLocalTrust
-	)
-
-	c.initCallContext(&cc)
-	cc.meta = prm.prmCommonMeta
-	cc.req = &req
-	cc.statusRes = &res
-	cc.call = func() (responseV2, error) {
-		return rpcapi.AnnounceLocalTrust(&c.c, &req, client.WithContext(ctx))
-	}
-
-	// process call
-	if !cc.processCall() {
-		return nil, cc.err
-	}
-
-	return &res, nil
-}
-
-// PrmAnnounceIntermediateTrust groups parameters of AnnounceIntermediateTrust operation.
-type PrmAnnounceIntermediateTrust struct {
-	prmCommonMeta
-
-	epoch uint64
-
-	iter uint32
-
-	trustSet bool
-	trust    reputation.PeerToPeerTrust
-}
-
-// SetEpoch sets number of FrostFS epoch with which client's calculation algorithm is initialized.
-// Required parameter, must not be zero.
-func (x *PrmAnnounceIntermediateTrust) SetEpoch(epoch uint64) {
-	x.epoch = epoch
-}
-
-// SetIteration sets current sequence number of the client's calculation algorithm.
-// By default, corresponds to initial (zero) iteration.
-func (x *PrmAnnounceIntermediateTrust) SetIteration(iter uint32) {
-	x.iter = iter
-}
-
-// SetCurrentValue sets current global trust value computed at the specified iteration
-// of the client's calculation algorithm. Required parameter.
-func (x *PrmAnnounceIntermediateTrust) SetCurrentValue(trust reputation.PeerToPeerTrust) {
-	x.trust = trust
-	x.trustSet = true
-}
-
-// ResAnnounceIntermediateTrust groups results of AnnounceIntermediateTrust operation.
-type ResAnnounceIntermediateTrust struct {
-	statusRes
-}
-
-// AnnounceIntermediateTrust sends global trust values calculated for the specified FrostFS network participants
-// at some stage of client's calculation algorithm.
-//
-// Exactly one return value is non-nil. By default, server status is returned in res structure.
-// Any client's internal or transport errors are returned as `error`.
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
-//
-// Returns an error if parameters are set incorrectly (see PrmAnnounceIntermediateTrust docs).
-// Context is required and must not be nil. It is used for network communication.
-//
-// Return statuses:
-//   - global (see Client docs).
-func (c *Client) AnnounceIntermediateTrust(ctx context.Context, prm PrmAnnounceIntermediateTrust) (*ResAnnounceIntermediateTrust, error) {
-	// check parameters
-	switch {
-	case ctx == nil:
-		return nil, errorMissingContext
-	case prm.epoch == 0:
-		return nil, errorZeroEpoch
-	case !prm.trustSet:
-		return nil, errorTrustNotSet
-	}
-
-	var trust v2reputation.PeerToPeerTrust
-	prm.trust.WriteToV2(&trust)
-
-	// form request body
-	reqBody := new(v2reputation.AnnounceIntermediateResultRequestBody)
-	reqBody.SetEpoch(prm.epoch)
-	reqBody.SetIteration(prm.iter)
-	reqBody.SetTrust(&trust)
-
-	// form request
-	var req v2reputation.AnnounceIntermediateResultRequest
-
-	req.SetBody(reqBody)
-
-	// init call context
-
-	var (
-		cc  contextCall
-		res ResAnnounceIntermediateTrust
-	)
-
-	c.initCallContext(&cc)
-	cc.meta = prm.prmCommonMeta
-	cc.req = &req
-	cc.statusRes = &res
-	cc.call = func() (responseV2, error) {
-		return rpcapi.AnnounceIntermediateResult(&c.c, &req, client.WithContext(ctx))
-	}
-
-	// process call
-	if !cc.processCall() {
-		return nil, cc.err
-	}
-
-	return &res, nil
-}
--- a/client/session.go
+++ b/client/session.go
@ -3,34 +3,63 @@ package client
 import (
 	"context"
 	"crypto/ecdsa"
+	"fmt"

 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
 	rpcapi "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/rpc/client"
 	v2session "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 )

 // PrmSessionCreate groups parameters of SessionCreate operation.
 type PrmSessionCreate struct {
-	prmCommonMeta
+	XHeaders []string

-	exp uint64
+	Expiration uint64

-	keySet bool
-	key    ecdsa.PrivateKey
+	Key *ecdsa.PrivateKey
 }

 // SetExp sets number of the last NepFS epoch in the lifetime of the session after which it will be expired.
+//
+// Deprecated: Use PrmSessionCreate.Expiration instead.
 func (x *PrmSessionCreate) SetExp(exp uint64) {
-	x.exp = exp
+	x.Expiration = exp
 }

 // UseKey specifies private key to sign the requests and compute token owner.
 // If key is not provided, then Client default key is used.
+//
+// Deprecated: Use PrmSessionCreate.Key instead.
 func (x *PrmSessionCreate) UseKey(key ecdsa.PrivateKey) {
-	x.keySet = true
-	x.key = key
+	x.Key = &key
+}
+
+func (x *PrmSessionCreate) buildRequest(c *Client) (*v2session.CreateRequest, error) {
+	ownerKey := c.prm.Key.PublicKey
+	if x.Key != nil {
+		ownerKey = x.Key.PublicKey
+	}
+	var ownerID user.ID
+	user.IDFromKey(&ownerID, ownerKey)
+
+	var ownerIDV2 refs.OwnerID
+	ownerID.WriteToV2(&ownerIDV2)
+
+	reqBody := new(v2session.CreateRequestBody)
+	reqBody.SetOwnerID(&ownerIDV2)
+	reqBody.SetExpiration(x.Expiration)
+
+	var meta v2session.RequestMetaHeader
+	writeXHeadersToMeta(x.XHeaders, &meta)
+
+	var req v2session.CreateRequest
+	req.SetBody(reqBody)
+	c.prepareRequest(&req, &meta)
+	return &req, nil
 }

 // ResSessionCreate groups resulting values of SessionCreate operation.
@ -42,10 +71,6 @@ type ResSessionCreate struct {
 	sessionKey []byte
 }

-func (x *ResSessionCreate) setID(id []byte) {
-	x.id = id
-}
-
 // ID returns identifier of the opened session in a binary FrostFS API protocol format.
 //
 // Client doesn't retain value so modification is safe.
@ -53,10 +78,6 @@ func (x ResSessionCreate) ID() []byte {
 	return x.id
 }

-func (x *ResSessionCreate) setSessionKey(key []byte) {
-	x.sessionKey = key
-}
-
 // PublicKey returns public key of the opened session in a binary FrostFS API protocol format.
 func (x ResSessionCreate) PublicKey() []byte {
 	return x.sessionKey
@ -68,9 +89,9 @@ func (x ResSessionCreate) PublicKey() []byte {
 //
 // Exactly one return value is non-nil. By default, server status is returned in res structure.
 // Any client's internal or transport errors are returned as `error`.
-// If PrmInit.ResolveFrostFSFailures has been called, unsuccessful
-// FrostFS status codes are returned as `error`, otherwise, are included
-// in the returned result structure.
+// If PrmInit.DisableFrostFSFailuresResolution has been called, unsuccessful
+// FrostFS status codes are included in the returned result structure,
+// otherwise, are also returned as `error`.
 //
 // Returns an error if parameters are set incorrectly (see PrmSessionCreate docs).
 // Context is required and must not be nil. It is used for network communication.
@ -78,62 +99,28 @@ func (x ResSessionCreate) PublicKey() []byte {
 // Return statuses:
 //   - global (see Client docs).
 func (c *Client) SessionCreate(ctx context.Context, prm PrmSessionCreate) (*ResSessionCreate, error) {
-	// check context
-	if ctx == nil {
-		return nil, errorMissingContext
+	req, err := prm.buildRequest(c)
+	if err != nil {
+		return nil, err
 	}

-	ownerKey := c.prm.key.PublicKey
-	if prm.keySet {
-		ownerKey = prm.key.PublicKey
-	}
-	var ownerID user.ID
-	user.IDFromKey(&ownerID, ownerKey)
-
-	var ownerIDV2 refs.OwnerID
-	ownerID.WriteToV2(&ownerIDV2)
-
-	// form request body
-	reqBody := new(v2session.CreateRequestBody)
-	reqBody.SetOwnerID(&ownerIDV2)
-	reqBody.SetExpiration(prm.exp)
-
-	// for request
-	var req v2session.CreateRequest
-
-	req.SetBody(reqBody)
-
-	// init call context
-
-	var (
-		cc  contextCall
-		res ResSessionCreate
-	)
-
-	c.initCallContext(&cc)
-	if prm.keySet {
-		cc.key = prm.key
+	if err := signature.SignServiceMessage(&c.prm.Key, req); err != nil {
+		return nil, fmt.Errorf("sign request: %w", err)
 	}

-	cc.meta = prm.prmCommonMeta
-	cc.req = &req
-	cc.statusRes = &res
-	cc.call = func() (responseV2, error) {
-		return rpcapi.CreateSession(&c.c, &req, client.WithContext(ctx))
+	resp, err := rpcapi.CreateSession(&c.c, req, client.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	var res ResSessionCreate
+	res.st, err = c.processResponse(resp)
+	if err != nil || !apistatus.IsSuccessful(res.st) {
+		return &res, err
 	}
-	cc.result = func(r responseV2) {
-		resp := r.(*v2session.CreateResponse)

 	body := resp.GetBody()
-
-		res.setID(body.GetID())
-		res.setSessionKey(body.GetSessionKey())
-	}
-
-	// process call
-	if !cc.processCall() {
-		return nil, cc.err
-	}
-
+	res.id = body.GetID()
+	res.sessionKey = body.GetSessionKey()
 	return &res, nil
 }
--- a/client/status/apemanager.go
+++ b/client/status/apemanager.go
@ -0,0 +1,53 @@
+package apistatus
+
+import (
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/apemanager"
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/status"
+)
+
+// APEManagerAccessDenied describes status of the failure because of the access control violation.
+// Instances provide Status and StatusV2 interfaces.
+type APEManagerAccessDenied struct {
+	v2 status.Status
+}
+
+const defaultAPEManagerAccessDeniedMsg = "apemanager access denied"
+
+func (x *APEManagerAccessDenied) Error() string {
+	msg := x.v2.Message()
+	if msg == "" {
+		msg = defaultAPEManagerAccessDeniedMsg
+	}
+
+	return errMessageStatusV2(
+		globalizeCodeV2(apemanager.StatusAPEManagerAccessDenied, apemanager.GlobalizeFail),
+		msg,
+	)
+}
+
+func (x *APEManagerAccessDenied) fromStatusV2(st *status.Status) {
+	x.v2 = *st
+}
+
+// ToStatusV2 converts APEManagerAccessDenied to v2's Status.
+// If the value was returned by FromStatusV2, returns the source message.
+// Otherwise, returns message with
+//   - code: APE_MANAGER_ACCESS_DENIED;
+//   - string message: "apemanager access denied";
+//   - details: empty.
+func (x APEManagerAccessDenied) ToStatusV2() *status.Status {
+	x.v2.SetCode(globalizeCodeV2(apemanager.StatusAPEManagerAccessDenied, apemanager.GlobalizeFail))
+	x.v2.SetMessage(defaultAPEManagerAccessDeniedMsg)
+	return &x.v2
+}
+
+// WriteReason writes human-readable access rejection reason.
+func (x *APEManagerAccessDenied) WriteReason(reason string) {
+	apemanager.WriteAccessDeniedDesc(&x.v2, reason)
+}
+
+// Reason returns human-readable access rejection reason returned by the server.
+// Returns empty value is reason is not presented.
+func (x APEManagerAccessDenied) Reason() string {
+	return apemanager.ReadAccessDeniedDesc(x.v2)
+}
--- a/client/status/common.go
+++ b/client/status/common.go
@ -14,7 +14,7 @@ type ServerInternal struct {
 	v2 status.Status
 }

-func (x ServerInternal) Error() string {
+func (x *ServerInternal) Error() string {
 	return errMessageStatusV2(
 		globalizeCodeV2(status.Internal, status.GlobalizeCommonFail),
 		x.v2.Message(),
@ -62,7 +62,7 @@ type WrongMagicNumber struct {
 	v2 status.Status
 }

-func (x WrongMagicNumber) Error() string {
+func (x *WrongMagicNumber) Error() string {
 	return errMessageStatusV2(
 		globalizeCodeV2(status.WrongMagicNumber, status.GlobalizeCommonFail),
 		x.v2.Message(),
@ -132,7 +132,7 @@ type SignatureVerification struct {

 const defaultSignatureVerificationMsg = "signature verification failed"

-func (x SignatureVerification) Error() string {
+func (x *SignatureVerification) Error() string {
 	msg := x.v2.Message()
 	if msg == "" {
 		msg = defaultSignatureVerificationMsg
@ -191,7 +191,7 @@ type NodeUnderMaintenance struct {
 const defaultNodeUnderMaintenanceMsg = "node is under maintenance"

 // Error implements the error interface.
-func (x NodeUnderMaintenance) Error() string {
+func (x *NodeUnderMaintenance) Error() string {
 	msg := x.Message()
 	if msg == "" {
 		msg = defaultNodeUnderMaintenanceMsg
--- a/client/status/container.go
+++ b/client/status/container.go
@ -13,7 +13,7 @@ type ContainerNotFound struct {

 const defaultContainerNotFoundMsg = "container not found"

-func (x ContainerNotFound) Error() string {
+func (x *ContainerNotFound) Error() string {
 	msg := x.v2.Message()
 	if msg == "" {
 		msg = defaultContainerNotFoundMsg
@ -51,7 +51,7 @@ type EACLNotFound struct {

 const defaultEACLNotFoundMsg = "eACL not found"

-func (x EACLNotFound) Error() string {
+func (x *EACLNotFound) Error() string {
 	msg := x.v2.Message()
 	if msg == "" {
 		msg = defaultEACLNotFoundMsg
--- a/client/status/object.go
+++ b/client/status/object.go
@ -13,7 +13,7 @@ type ObjectLocked struct {

 const defaultObjectLockedMsg = "object is locked"

-func (x ObjectLocked) Error() string {
+func (x *ObjectLocked) Error() string {
 	msg := x.v2.Message()
 	if msg == "" {
 		msg = defaultObjectLockedMsg
@ -50,7 +50,7 @@ type LockNonRegularObject struct {

 const defaultLockNonRegularObjectMsg = "locking non-regular object is forbidden"

-func (x LockNonRegularObject) Error() string {
+func (x *LockNonRegularObject) Error() string {
 	msg := x.v2.Message()
 	if msg == "" {
 		msg = defaultLockNonRegularObjectMsg
@ -87,7 +87,7 @@ type ObjectAccessDenied struct {

 const defaultObjectAccessDeniedMsg = "access to object operation denied"

-func (x ObjectAccessDenied) Error() string {
+func (x *ObjectAccessDenied) Error() string {
 	msg := x.v2.Message()
 	if msg == "" {
 		msg = defaultObjectAccessDeniedMsg
@ -135,7 +135,7 @@ type ObjectNotFound struct {

 const defaultObjectNotFoundMsg = "object not found"

-func (x ObjectNotFound) Error() string {
+func (x *ObjectNotFound) Error() string {
 	msg := x.v2.Message()
 	if msg == "" {
 		msg = defaultObjectNotFoundMsg
@ -172,7 +172,7 @@ type ObjectAlreadyRemoved struct {

 const defaultObjectAlreadyRemovedMsg = "object already removed"

-func (x ObjectAlreadyRemoved) Error() string {
+func (x *ObjectAlreadyRemoved) Error() string {
 	msg := x.v2.Message()
 	if msg == "" {
 		msg = defaultObjectAlreadyRemovedMsg
@ -210,7 +210,7 @@ type ObjectOutOfRange struct {

 const defaultObjectOutOfRangeMsg = "out of range"

-func (x ObjectOutOfRange) Error() string {
+func (x *ObjectOutOfRange) Error() string {
 	msg := x.v2.Message()
 	if msg == "" {
 		msg = defaultObjectOutOfRangeMsg
--- a/client/status/session.go
+++ b/client/status/session.go
@ -13,7 +13,7 @@ type SessionTokenNotFound struct {

 const defaultSessionTokenNotFoundMsg = "session token not found"

-func (x SessionTokenNotFound) Error() string {
+func (x *SessionTokenNotFound) Error() string {
 	msg := x.v2.Message()
 	if msg == "" {
 		msg = defaultSessionTokenNotFoundMsg
@ -50,7 +50,7 @@ type SessionTokenExpired struct {

 const defaultSessionTokenExpiredMsg = "expired session token"

-func (x SessionTokenExpired) Error() string {
+func (x *SessionTokenExpired) Error() string {
 	msg := x.v2.Message()
 	if msg == "" {
 		msg = defaultSessionTokenExpiredMsg
--- a/client/status/status.go
+++ b/client/status/status.go
@ -15,7 +15,7 @@ package apistatus
 // It should be noted that using direct typecasting is not a compatible approach.
 //
 // To transport statuses using the FrostFS API V2 protocol, see StatusV2 interface and FromStatusV2 and ToStatusV2 functions.
-type Status interface{}
+type Status any

 // ErrFromStatus converts Status instance to error if it is failed. Returns nil on successful Status.
 //
--- a/client/status/unrecognized.go
+++ b/client/status/unrecognized.go
@ -8,7 +8,7 @@ type unrecognizedStatusV2 struct {
 	v2 status.Status
 }

-func (x unrecognizedStatusV2) Error() string {
+func (x *unrecognizedStatusV2) Error() string {
 	return errMessageStatusV2("unrecognized", x.v2.Message())
 }

--- a/client/status/v2.go
+++ b/client/status/v2.go
@ -3,6 +3,7 @@ package apistatus
 import (
 	"fmt"

+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/apemanager"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
@ -92,6 +93,12 @@ func FromStatusV2(st *status.Status) Status {
 		case session.StatusTokenExpired:
 			decoder = new(SessionTokenExpired)
 		}
+	case apemanager.LocalizeFailStatus(&code):
+		//nolint:exhaustive
+		switch code {
+		case apemanager.StatusAPEManagerAccessDenied:
+			decoder = new(APEManagerAccessDenied)
+		}
 	}

 	if decoder == nil {
@ -123,7 +130,7 @@ func ToStatusV2(st Status) *status.Status {
 	return internalErrorStatus
 }

-func errMessageStatusV2(code interface{}, msg string) string {
+func errMessageStatusV2(code any, msg string) string {
 	const (
 		noMsgFmt = "status: code = %v"
 		msgFmt   = noMsgFmt + " message = %s"
--- a/client/status/v2_test.go
+++ b/client/status/v2_test.go
@ -12,7 +12,7 @@ func TestToStatusV2(t *testing.T) {
 	type statusConstructor func() apistatus.Status

 	for _, testItem := range [...]struct {
-		status    interface{} // Status or statusConstructor
+		status    any // Status or statusConstructor
 		codeV2    uint64
 		messageV2 string
 	}{
@ -125,6 +125,12 @@ func TestToStatusV2(t *testing.T) {
 			}),
 			codeV2: 4097,
 		},
+		{
+			status: (statusConstructor)(func() apistatus.Status {
+				return new(apistatus.APEManagerAccessDenied)
+			}),
+			codeV2: 5120,
+		},
 		{
 			status: (statusConstructor)(func() apistatus.Status {
 				return new(apistatus.NodeUnderMaintenance)
@ -165,7 +171,7 @@ func TestFromStatusV2(t *testing.T) {
 	type statusConstructor func() apistatus.Status

 	for _, testItem := range [...]struct {
-		status    interface{} // Status or statusConstructor
+		status    any // Status or statusConstructor
 		codeV2    uint64
 		messageV2 string
 	}{
@ -278,6 +284,12 @@ func TestFromStatusV2(t *testing.T) {
 			}),
 			codeV2: 4097,
 		},
+		{
+			status: (statusConstructor)(func() apistatus.Status {
+				return new(apistatus.APEManagerAccessDenied)
+			}),
+			codeV2: 5120,
+		},
 		{
 			status: (statusConstructor)(func() apistatus.Status {
 				return new(apistatus.NodeUnderMaintenance)
--- a/container/acl/acl.go
+++ b/container/acl/acl.go
@ -9,6 +9,7 @@ import "strconv"
 // use corresponding constants and/or methods instead.
 type Op uint32

+// nolint: unused
 const (
 	opZero Op = iota // extreme value for testing

@ -53,6 +54,7 @@ func (x Op) String() string {
 // use corresponding constants and/or methods instead.
 type Role uint32

+// nolint: unused
 const (
 	roleZero Role = iota // extreme value for testing

--- a/container/acl/util.go
+++ b/container/acl/util.go
@ -7,14 +7,6 @@ func setBit(num *uint32, n uint8) {
 	*num |= 1 << n
 }

-// resets n-th bit in num (starting at 0).
-func resetBit(num *uint32, n uint8) {
-	var mask uint32
-	setBit(&mask, n)
-
-	*num &= ^mask
-}
-
 // checks if n-th bit in num is set (starting at 0).
 func isBitSet(num uint32, n uint8) bool {
 	mask := uint32(1 << n)
--- a/container/acl/util_test.go
+++ b/container/acl/util_test.go
@ -22,9 +22,6 @@ func TestBits(t *testing.T) {

 	setBit(&num, 6)
 	require.EqualValues(t, 0b1011110, num)
-
-	resetBit(&num, 1)
-	require.EqualValues(t, 0b1011100, num)
 }

 func TestOpBits(t *testing.T) {
--- a/container/container.go
+++ b/container/container.go
@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"strconv"
+	"strings"
 	"time"

 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
@ -16,7 +17,6 @@ import (
 	frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
 	frostfsecdsa "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto/ecdsa"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
-	subnetid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/subnet/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/version"
 	"github.com/google/uuid"
@ -96,6 +96,16 @@ func (x *Container) readFromV2(m container.Container, checkFieldPresence bool) e
 		return errors.New("missing placement policy")
 	}

+	if err := checkAttributes(m); err != nil {
+		return err
+	}
+
+	x.v2 = m
+
+	return nil
+}
+
+func checkAttributes(m container.Container) error {
 	attrs := m.GetAttributes()
 	mAttr := make(map[string]struct{}, len(attrs))
 	var key, val string
@ -117,10 +127,8 @@ func (x *Container) readFromV2(m container.Container, checkFieldPresence bool) e
 			return fmt.Errorf("empty attribute value %s", key)
 		}

-		switch key {
-		case container.SysAttributeSubnet:
-			err = new(subnetid.ID).DecodeString(val)
-		case attributeTimestamp:
+		var err error
+		if key == attributeTimestamp {
 			_, err = strconv.ParseInt(val, 10, 64)
 		}

@ -130,9 +138,6 @@ func (x *Container) readFromV2(m container.Container, checkFieldPresence bool) e

 		mAttr[key] = struct{}{}
 	}
-
-	x.v2 = m
-
 	return nil
 }

@ -292,7 +297,7 @@ func (x Container) PlacementPolicy() (res netmap.PlacementPolicy) {
 //
 // SetAttribute overwrites existing attribute value.
 //
-// See also Attribute, IterateAttributes.
+// See also Attribute, IterateAttributes, IterateUserAttributes.
 func (x *Container) SetAttribute(key, value string) {
 	if key == "" {
 		panic("empty attribute key")
@ -320,7 +325,7 @@ func (x *Container) SetAttribute(key, value string) {
 // Attribute reads value of the Container attribute by key. Empty result means
 // attribute absence.
 //
-// See also SetAttribute, IterateAttributes.
+// See also SetAttribute, IterateAttributes, IterateUserAttributes.
 func (x Container) Attribute(key string) string {
 	attrs := x.v2.GetAttributes()
 	for i := range attrs {
@ -343,6 +348,21 @@ func (x Container) IterateAttributes(f func(key, val string)) {
 	}
 }

+// IterateUserAttributes iterates over user Container attributes and passes them
+// into f. The handler MUST NOT be nil.
+//
+// See also SetAttribute, Attribute.
+func (x Container) IterateUserAttributes(f func(key, val string)) {
+	attrs := x.v2.GetAttributes()
+	for _, attr := range attrs {
+		key := attr.GetKey()
+		if !strings.HasPrefix(key, container.SysAttributePrefix) &&
+			!strings.HasPrefix(key, container.SysAttributePrefixNeoFS) {
+			f(key, attr.GetValue())
+		}
+	}
+}
+
 // SetName sets human-readable name of the Container. Name MUST NOT be empty.
 //
 // See also Name.
@ -383,28 +403,6 @@ func CreatedAt(cnr Container) time.Time {
 	return time.Unix(sec, 0)
 }

-// SetSubnet places the Container on the specified FrostFS subnet. If called,
-// container nodes will only be selected from the given subnet, otherwise from
-// the entire network.
-func SetSubnet(cnr *Container, subNet subnetid.ID) {
-	cnr.SetAttribute(container.SysAttributeSubnet, subNet.EncodeToString())
-}
-
-// Subnet return container subnet set using SetSubnet.
-//
-// Zero Container is bound to zero subnet.
-func Subnet(cnr Container) (res subnetid.ID) {
-	val := cnr.Attribute(container.SysAttributeSubnet)
-	if val != "" {
-		err := res.DecodeString(val)
-		if err != nil {
-			panic(fmt.Sprintf("invalid subnet attribute: %s (%v)", val, err))
-		}
-	}
-
-	return
-}
-
 const attributeHomoHashEnabled = "true"

 // DisableHomomorphicHashing sets flag to disable homomorphic hashing of the
@ -419,7 +417,8 @@ func DisableHomomorphicHashing(cnr *Container) {
 //
 // Zero Container has enabled hashing.
 func IsHomomorphicHashingDisabled(cnr Container) bool {
-	return cnr.Attribute(container.SysAttributeHomomorphicHashing) == attributeHomoHashEnabled
+	return cnr.Attribute(container.SysAttributeHomomorphicHashing) == attributeHomoHashEnabled ||
+		cnr.Attribute(container.SysAttributeHomomorphicHashingNeoFS) == attributeHomoHashEnabled
 }

 // Domain represents information about container domain registered in the NNS
@ -465,10 +464,12 @@ func WriteDomain(cnr *Container, domain Domain) {
 // ReadDomain reads Domain from the Container. Returns value with empty name
 // if domain is not specified.
 func ReadDomain(cnr Container) (res Domain) {
-	name := cnr.Attribute(container.SysAttributeName)
-	if name != "" {
+	if name := cnr.Attribute(container.SysAttributeName); name != "" {
 		res.SetName(name)
 		res.SetZone(cnr.Attribute(container.SysAttributeZone))
+	} else if name = cnr.Attribute(container.SysAttributeNameNeoFS); name != "" {
+		res.SetName(name)
+		res.SetZone(cnr.Attribute(container.SysAttributeZoneNeoFS))
 	}

 	return
--- a/container/container_test.go
+++ b/container/container_test.go
@ -15,8 +15,6 @@ import (
 	containertest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/test"
 	frostfscrypto "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/crypto"
 	netmaptest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap/test"
-	subnetid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/subnet/id"
-	subnetidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/subnet/id/test"
 	usertest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user/test"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/version"
 	"github.com/google/uuid"
@ -80,7 +78,7 @@ func TestContainer_Owner(t *testing.T) {

 	val = containertest.Container()

-	owner := *usertest.ID()
+	owner := usertest.ID()

 	val.SetOwner(owner)

@ -152,7 +150,7 @@ func assertContainsAttribute(t *testing.T, m v2container.Container, key, val str
 }

 func TestContainer_Attribute(t *testing.T) {
-	const attrKey1, attrKey2 = "key1", "key2"
+	const attrKey1, attrKey2 = v2container.SysAttributePrefix + "key1", v2container.SysAttributePrefixNeoFS + "key2"
 	const attrVal1, attrVal2 = "val1", "val2"

 	val := containertest.Container()
@ -160,6 +158,12 @@ func TestContainer_Attribute(t *testing.T) {
 	val.SetAttribute(attrKey1, attrVal1)
 	val.SetAttribute(attrKey2, attrVal2)

+	var i int
+	val.IterateUserAttributes(func(key, val string) {
+		i++
+	})
+	require.Equal(t, 1, i)
+
 	var msg v2container.Container
 	val.WriteToV2(&msg)

@ -233,28 +237,6 @@ func TestSetCreationTime(t *testing.T) {
 	require.Equal(t, creat.Unix(), container.CreatedAt(val2).Unix())
 }

-func TestSetSubnet(t *testing.T) {
-	var val container.Container
-
-	require.True(t, subnetid.IsZero(container.Subnet(val)))
-
-	val = containertest.Container()
-
-	sub := subnetidtest.ID()
-
-	container.SetSubnet(&val, sub)
-
-	var msg v2container.Container
-	val.WriteToV2(&msg)
-
-	assertContainsAttribute(t, msg, v2container.SysAttributeSubnet, sub.EncodeToString())
-
-	var val2 container.Container
-	require.NoError(t, val2.ReadFromV2(msg))
-
-	require.Equal(t, sub, container.Subnet(val))
-}
-
 func TestDisableHomomorphicHashing(t *testing.T) {
 	var val container.Container

--- a/container/id/id_test.go
+++ b/container/id/id_test.go
@ -1,8 +1,8 @@
 package cid_test

 import (
+	"crypto/rand"
 	"crypto/sha256"
-	"math/rand"
 	"testing"

 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
--- a/container/id/test/id.go
+++ b/container/id/test/id.go
@ -1,8 +1,8 @@
 package cidtest

 import (
+	"crypto/rand"
 	"crypto/sha256"
-	"math/rand"

 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 )
@ -11,7 +11,7 @@ import (
 func ID() cid.ID {
 	checksum := [sha256.Size]byte{}

-	rand.Read(checksum[:])
+	_, _ = rand.Read(checksum[:])

 	return IDWithChecksum(checksum)
 }
--- a/container/size.go
+++ b/container/size.go
@ -1,104 +0,0 @@
-package container
-
-import (
-	"errors"
-	"fmt"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-)
-
-// SizeEstimation groups information about estimation of the size of the data
-// stored in the FrostFS container.
-//
-// SizeEstimation is mutually compatible with git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container.UsedSpaceAnnouncement
-// message. See ReadFromV2 / WriteToV2 methods.
-type SizeEstimation struct {
-	m container.UsedSpaceAnnouncement
-}
-
-// ReadFromV2 reads SizeEstimation from the container.UsedSpaceAnnouncement message.
-// Checks if the message conforms to FrostFS API V2 protocol.
-//
-// See also WriteToV2.
-func (x *SizeEstimation) ReadFromV2(m container.UsedSpaceAnnouncement) error {
-	cnrV2 := m.GetContainerID()
-	if cnrV2 == nil {
-		return errors.New("missing container")
-	}
-
-	var cnr cid.ID
-
-	err := cnr.ReadFromV2(*cnrV2)
-	if err != nil {
-		return fmt.Errorf("invalid container: %w", err)
-	}
-
-	x.m = m
-
-	return nil
-}
-
-// WriteToV2 writes SizeEstimation into the container.UsedSpaceAnnouncement message.
-// The message MUST NOT be nil.
-//
-// See also ReadFromV2.
-func (x SizeEstimation) WriteToV2(m *container.UsedSpaceAnnouncement) {
-	*m = x.m
-}
-
-// SetEpoch sets epoch when estimation of the container data size was calculated.
-//
-// See also Epoch.
-func (x *SizeEstimation) SetEpoch(epoch uint64) {
-	x.m.SetEpoch(epoch)
-}
-
-// Epoch return epoch set using SetEpoch.
-//
-// Zero SizeEstimation represents estimation in zero epoch.
-func (x SizeEstimation) Epoch() uint64 {
-	return x.m.GetEpoch()
-}
-
-// SetContainer specifies the container for which the amount of data is estimated.
-// Required by the FrostFS API protocol.
-//
-// See also Container.
-func (x *SizeEstimation) SetContainer(cnr cid.ID) {
-	var cidV2 refs.ContainerID
-	cnr.WriteToV2(&cidV2)
-
-	x.m.SetContainerID(&cidV2)
-}
-
-// Container returns container set using SetContainer.
-//
-// Zero SizeEstimation is not bound to any container (returns zero) which is
-// incorrect according to FrostFS API protocol.
-func (x SizeEstimation) Container() (res cid.ID) {
-	m := x.m.GetContainerID()
-	if m != nil {
-		err := res.ReadFromV2(*m)
-		if err != nil {
-			panic(fmt.Errorf("unexpected error from cid.ID.ReadFromV2: %w", err))
-		}
-	}
-
-	return
-}
-
-// SetValue sets estimated amount of data (in bytes) in the specified container.
-//
-// See also Value.
-func (x *SizeEstimation) SetValue(value uint64) {
-	x.m.SetUsedSpace(value)
-}
-
-// Value returns data size estimation set using SetValue.
-//
-// Zero SizeEstimation has zero value.
-func (x SizeEstimation) Value() uint64 {
-	return x.m.GetUsedSpace()
-}
--- a/container/size_test.go
+++ b/container/size_test.go
@ -1,94 +0,0 @@
-package container_test
-
-import (
-	"crypto/sha256"
-	"testing"
-
-	v2container "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-	cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test"
-	"github.com/stretchr/testify/require"
-)
-
-func TestSizeEstimation_Epoch(t *testing.T) {
-	var val container.SizeEstimation
-
-	require.Zero(t, val.Epoch())
-
-	const epoch = 123
-
-	val.SetEpoch(epoch)
-	require.EqualValues(t, epoch, val.Epoch())
-
-	var msg v2container.UsedSpaceAnnouncement
-	val.WriteToV2(&msg)
-
-	require.EqualValues(t, epoch, msg.GetEpoch())
-}
-
-func TestSizeEstimation_Container(t *testing.T) {
-	var val container.SizeEstimation
-
-	require.Zero(t, val.Container())
-
-	cnr := cidtest.ID()
-
-	val.SetContainer(cnr)
-	require.True(t, val.Container().Equals(cnr))
-
-	var msg v2container.UsedSpaceAnnouncement
-	val.WriteToV2(&msg)
-
-	var msgCnr refs.ContainerID
-	cnr.WriteToV2(&msgCnr)
-
-	require.Equal(t, &msgCnr, msg.GetContainerID())
-}
-
-func TestSizeEstimation_Value(t *testing.T) {
-	var val container.SizeEstimation
-
-	require.Zero(t, val.Value())
-
-	const value = 876
-
-	val.SetValue(value)
-	require.EqualValues(t, value, val.Value())
-
-	var msg v2container.UsedSpaceAnnouncement
-	val.WriteToV2(&msg)
-
-	require.EqualValues(t, value, msg.GetUsedSpace())
-}
-
-func TestSizeEstimation_ReadFromV2(t *testing.T) {
-	const epoch = 654
-	const value = 903
-	var cnrMsg refs.ContainerID
-
-	var msg v2container.UsedSpaceAnnouncement
-
-	var val container.SizeEstimation
-
-	require.Error(t, val.ReadFromV2(msg))
-
-	msg.SetContainerID(&cnrMsg)
-
-	require.Error(t, val.ReadFromV2(msg))
-
-	cnrMsg.SetValue(make([]byte, sha256.Size))
-
-	var cnr cid.ID
-	require.NoError(t, cnr.ReadFromV2(cnrMsg))
-
-	msg.SetEpoch(epoch)
-	msg.SetUsedSpace(value)
-
-	require.NoError(t, val.ReadFromV2(msg))
-
-	require.EqualValues(t, epoch, val.Epoch())
-	require.EqualValues(t, value, val.Value())
-	require.EqualValues(t, cnr, val.Container())
-}
--- a/container/test/generate.go
+++ b/container/test/generate.go
@ -5,7 +5,6 @@ import (

 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
-	cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test"
 	netmaptest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap/test"
 	usertest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user/test"
 )
@ -16,22 +15,13 @@ func Container() (x container.Container) {

 	x.Init()
 	x.SetAttribute("some attribute", "value")
-	x.SetOwner(*owner)
+	x.SetOwner(owner)
 	x.SetBasicACL(BasicACL())
 	x.SetPlacementPolicy(netmaptest.PlacementPolicy())

 	return x
 }

-// SizeEstimation returns random container.SizeEstimation.
-func SizeEstimation() (x container.SizeEstimation) {
-	x.SetContainer(cidtest.ID())
-	x.SetEpoch(rand.Uint64())
-	x.SetValue(rand.Uint64())
-
-	return x
-}
-
 // BasicACL returns random acl.Basic.
 func BasicACL() (x acl.Basic) {
 	x.FromBits(rand.Uint32())
--- a/crypto/crypto_test.go
+++ b/crypto/crypto_test.go
@ -1,7 +1,7 @@
 package frostfscrypto_test

 import (
-	"math/rand"
+	"crypto/rand"
 	"testing"

 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
--- a/doc/image/filter_illustration.svg
+++ b/doc/image/filter_illustration.svg
--- a/doc/image/placement_policy.svg
+++ b/doc/image/placement_policy.svg
--- a/doc/image/rep_illustration.svg
+++ b/doc/image/rep_illustration.svg
--- a/doc/image/sample_netmap.svg
+++ b/doc/image/sample_netmap.svg
--- a/doc/image/select_illustration.svg
+++ b/doc/image/select_illustration.svg
--- a/doc/policy.md
+++ b/doc/policy.md
@ -0,0 +1,446 @@
+# Placement Policy
+
+This document describes placement policies, their purpose, syntax and semantics.
+
+## Index
+
+- [Introduction](#introduction)
+- [Operations](#operations)
+  - [Basic Expressions](#basic-expressions)
+  - [`FILTER`](#filter)
+  - [`SELECT`](#select)
+  - [`REP`](#rep)
+- [Policies](#policies)
+  - [The policy playground](#the-policy-playground)
+  - [`CBF`](#cbf)
+  - [`UNIQUE`](#unique)
+  - [More examples](#more-examples)
+- [Appendix 1: Operators](#appendix-1-operators)
+- [Appendix 2: Policy playground commands](#appendix-2-policy-playground-commands)
+
+## Introduction
+
+The purpose of a **placement policy** is to determine whichs node(s) of a frostfs system will store an object. Namely, given a **netmap** (a set of nodes) and a placement policy, a subset of those nodes is selected to store a given object. An important aspect is that since nodes in a netmap come and go due to distributed nature of the system, this selection must be deterministic and consistent, i.e. different nodes must come to the same conclusion as long as they share the same view of the netmap.
+
+> ℹ️ Throughout this document, we will consider each node as a dictionary of attributes and a global unique ID.
+
+One way to think about the placement policy, is as a pipeline of operations which begins with a set of nodes (the entire netmap) and gradually refine it into only the nodes that will be in charge of storing the object. More specifically, each operation in this pipeline takes a set of nodes and transforms it into a subset of those nodes. The transformation is done purely on the basis of the node attributes.
+
+![Placement policy as a pipeline](./image/placement_policy.svg)
+
+The three main operations are:
+1. `FILTER`: filters a set of nodes based on their attributes.
+2. `SELECT`: selects a specific amount of nodes from a set of nodes based on certain conditions.
+3. `REP`: specifies how many nodes (and which ones) from a set of nodes are used to store an object.
+
+In the next sections, we will explore each of them in detail.
+
+## Operations
+
+### Basic Expressions
+
+Before exploring the operations in detail, we must get acquainted with the basic expressions that appear in a placement policy. As mentioned above, the placement policy operates solely on the basis of node attributes, and as such, basic expressions mostly revolve around node attribute comparison.
+
+A comparison expression expresses whether a node attribute equals a specified value:
+```
+AttributeName Operation AttributeValue
+```
+
+For example, the following expression
+```sql
+City EQ 'Moscow'
+```
+asserts that the node attribute `City` equals the value `Moscow`.
+
+Comparison expressions can be nested via boolean operators and parentheses. For example, the following expression:
+```sql
+(City EQ 'Moscow') AND (Disks GT 2)
+```
+asserts that the node attribute `City` equals the value `Moscow` and the node attribute `Disks` must be greater than `2`. Note that the arguments can be either a string or a number.
+
+See [Appendix 1](#appendix-1-operators) for a complete list of supported operators.
+
+### `FILTER`
+
+A `FILTER` operation takes as input a set of nodes and returns a subset of those nodes. It's useful for selecting nodes that have (or lack) specific attributes. Its basic syntax is as follows:
+```bnf
+FILTER <expr> AS <id>
+```
+
+For example, the following filter
+```sql
+FILTER Color EQ 'Red' AS RedNodes
+```
+selects those nodes for which the `Color` attribute equals `Red`, and discards the rest. The filter's identifier is `RedNodes`, which can be used to reference it in other parts of the placement policy. For example, you could reference the above filter in another filter as follows
+```sql
+FILTER @RedNodes AND (City EQ 'Moscow') AS RedMoscowNodes
+```
+which would select those nodes for which the `Color` attribute equals `Red` and the `City` attribute equals `Moscow`. You can think of the `@` operator as embedding the referenced filter expression verbatim where it's used. This makes it easy to compose filters. However, filters can be referenced via `@` only within filter expressions. In other places you can simply use the filter identifier directly.
+
+> ⚠️ Every filter requires a unique identifier. What would be the use of a filter that you cannot reference?
+
+The following diagram illustrates the filter operation
+
+![FILTER](./image/filter_illustration.svg)
+
+where the nodes are represented as colored circles, with their color representing the value of their `Color` attribute, respectively.
+
+> ℹ️ A filter referring to all nodes in the netmap always exists and can be referenced by `*`.
+
+### `SELECT`
+
+A `SELECT` operation specifies how many and which nodes from a subset previously obtained from a `FILTER` will be available to build replica groups for object storage. It's not that different from a `FILTER` in that it transforms a set of nodes into a subset of those, but while a `FILTER` cannot control the size of the resulting subset and other characteristics, a `SELECT` can.
+
+Its basic syntax is as follows:
+```bnf
+SELECT <count> {IN (SAME|DISTINCT) <attribute>} FROM <filter> {AS <id>}
+```
+
+In a nutshell, a `SELECT` takes a filter result as input and outputs a specific number of nodes, optionally enforcing that all output nodes must either share or differ in a specific attribute. Note that only the output node count and the source filter are required.
+
+Let's see some examples
+```sql
+-- Selects exactly one node from the entire netmap
+SELECT 1 FROM *  
+
+-- Same as above, but with an identifier for the selection
+SELECT 1 FROM * AS ONE  
+
+-- Selects two nodes from the RedOrBlueNodes filter, such that both selected nodes
+-- share the same value for the Color attribute, i.e. both red or both blue.
+SELECT 2 IN SAME Color FROM RedOrBlueNodes
+
+-- Selects two nodes from the RedOrBlueNodes filter, such that the selected nodes
+-- have distinct values for the Color attribute, i.e. one red and one blue.
+-- The selection is also given an identifier.
+SELECT 2 IN DISTINCT Color FROM RedOrBlueNodes AS MyNodes
+```
+
+The last example is illustrated in the following diagram:
+
+![SELECT](./image/select_illustration.svg)
+
+> ℹ️ At this point, notice that while `FILTER`'s output is always unique (namely, every node in the input is either filtered in or out), that is not always the case for `SELECT`. In the last example above, there is more than one way to select two nodes with distinct `Color` attribute. Because we require the output to be deterministic and consistent (so that all nodes agree on which nodes to store a given object without having to commmunicate with each other), we need a way to reach this consensus efficiently. Internally, the policy engine uses [Rendezvouz Hashing](https://en.wikipedia.org/wiki/Rendezvous_hashing) to ensure this. If you want more control over what nodes are actually selected, you can always use narrower filters/selections to ensure this.
+
+### `REP`
+
+A `REP` operation specifies how many copies of an object need to be stored (`REP` stands for "replica"). A placement policy can contain multiple replica operations, with each of them representing a replica group, i.e. a group of objects associated with the same replica. Following our analogy with a pipeline, `REP` operations are the sink or output nodes.
+
+Its basic syntax is as follows:
+```bnf
+REP <count> {IN <select>}
+```
+
+If a select is not specified, then the entire netmap is used as input. The only exception to this rule is when exactly 1 replica and 1 selector are being present: in this case the only selector is being used instead of the whole netmap.
+The resulting nodes will be used to actually store objects and they constitute a replica group (or simply, "a replica").
+
+Examples
+```sql
+-- A replica consisting of a single copy, stored in an arbitrary node of the netmap.
+REP 1
+
+-- A replica consisting of three copies, each stored in a different node from the selection
+-- identified as 'MyNodes'.
+REP 3 IN MyNodes
+```
+
+The following diagram illustrates the `REP` operation:
+
+![REP](./image/rep_illustration.svg)
+
+> ⚠️ Notice that although we use `REP 1` in the examples, in real life scenarios you almost always want to have more than a single node in each replica for redundancy.
+
+## Policies
+
+In order to specify a complete placement policy, we just need to assemble it from the operations described above.
+
+Its basic (simplified) syntax is as follows:
+```bnf
+<rep>+ <select>* <filter>*
+```
+
+We begin by stating all our `REP` operations, followed by all the `SELECT` operations and finally all the `FILTER` operations. Note that this is the reverse order in which they are applied. Also note that at least one `REP` operation is required.
+
+Here's a complete example:
+```sql
+REP 1 IN MyNodes
+SELECT 2 IN DISTINCT Color FROM RedOrBlueNodes AS MyNodes
+FILTER Color EQ 'Red' AS RedNodes
+FILTER Color EQ 'Blue' AS BlueNodes
+FILTER @RedNodes OR @BlueNodes AS RedOrBlueNodes
+```
+
+In additional to this basic syntax, there are a couple of additional useful options to specify which nodes and how many nodes are actually selected to store objects. We explore these in the next sections.
+
+### The policy playground
+
+> ℹ️ This section assumes you have an up-to-date version of the `frostfs-cli`.
+
+While simple placement policies have predictable results that can be understood at a glance, more complex ones need careful consideration before deployment. In order to simplify understanding a policy's outcome and experimenting while learning, a builtin tool is provided as part of the `frostfs-cli` for this purpose: the policy playground.
+
+For the remainder of this guide, we will use the policy playground to setup a virtual netmap (that is, one that doesn't require any networking or deployment) and test various policies. In order to visualize this netmap easily, each node will have three attributes: a character, a shape and a color
+
+![Sample Netmap](./image/sample_netmap.svg)
+
+We can start the policy playground as follows:
+```sh
+$ frostfs-cli container policy-playground
+>
+```
+
+Since we didn't pass any endpoint, the initial netmap is empty, which we can verify with the `ls` command (to list the nodes in the netmap):
+```sh
+> ls
+>
+```
+
+Nows let's add virtual nodes to represent our test netmap in the figure above
+```sh
+> add 01 Char:A Shape:Circle  Color:Blue
+> add 02 Char:B Shape:Circle  Color:Green
+> add 03 Char:C Shape:Circle  Color:Red
+> add 04 Char:D Shape:Square  Color:Blue
+> add 05 Char:E Shape:Square  Color:Green
+> add 06 Char:F Shape:Square  Color:Red
+> add 07 Char:G Shape:Diamond Color:Blue
+> add 08 Char:H Shape:Diamond Color:Green
+> add 09 Char:I Shape:Diamond Color:Red
+```
+
+and verify that the netmap now contains what we expect
+```sh
+> ls
+	 1: id=06 attrs={Char:F Shape:Square Color:Red}
+	 2: id=08 attrs={Char:H Shape:Diamond Color:Green}
+	 3: id=01 attrs={Char:A Shape:Circle Color:Blue}
+	 4: id=04 attrs={Char:D Shape:Square Color:Blue}
+	 5: id=05 attrs={Char:E Shape:Square Color:Green}
+	 6: id=09 attrs={Char:I Shape:Diamond Color:Red}
+	 7: id=02 attrs={Char:B Shape:Circle Color:Green}
+	 8: id=03 attrs={Char:C Shape:Circle Color:Red}
+	 9: id=07 attrs={Char:G Shape:Diamond Color:Blue}
+```
+
+With our sample netmap setup, we can now continue.
+
+### `CBF`
+
+Consider the following policy:
+
+```sql
+REP 1
+```
+
+It builds a replica consisting of one copy, selected from the entire netmap. If we evaluate this policy in our sample netmap, we obtain a result which is probably unexpected:
+
+```sh
+> eval REP 1
+	 1: [06 05 02]
+```
+
+The `eval` commands evaluates a policy and lists in a separate line the nodes selected for each `REP` operation, in the order they appear in the policy. We were expecting a single node, but we got three instead. The reason is that there's a policy-wide parameter called **container backup factor** (or CBF). This parameter is a multiplier which controls the maximum number of storage nodes: for example, if a policy requires 10 nodes and the CBF is 3, it means that the policy can store an object in up to 10 × 3 nodes. However, if there are not enough nodes and fewer (but at least 10) are used, this is not considered an error.
+
+The default value for CBF is `3`, which explains our result above, given than every node in the netmap agrees with the policy. The CBF can be explicitly set in the policy right after the `REP` operations. For example
+
+```sh
+> eval REP 1 CBF 1
+	 1: [06]
+```
+
+results in what we expected in the first example. On the other hand
+
+```sh
+> eval REP 1 IN MyNodes SELECT 1 IN SAME Char FROM * AS MyNodes
+	 1: [01]
+```
+
+results in a single node despite the default CBF, because there are not enough nodes compatible with the selection.
+
+### `UNIQUE`
+
+Consider the following policy:
+```sql
+REP 1
+REP 1
+CBF 2
+```
+
+If we evaluate it
+```sh
+> eval REP 1 REP 1 CBF 2
+	 1: [06 05]
+	 2: [06 05]
+```
+
+we find that each replica gets two nodes, in accordance with the CBF. However, these nodes are exactly the same and this might not be desirable. In order to force the policy engine to select different nodes for each replica, we can use the `UNIQUE` option, which is specified right before the `REP` operations.
+
+In our example, if we change it to
+```sql
+UNIQUE
+REP 1
+REP 1
+CBF 2
+```
+
+and evaluate it
+
+```sh
+> eval UNIQUE REP 1 REP 1 CBF 2
+	 1: [06 05]
+	 2: [02 03]
+```
+
+we now find that the nodes selected for each replica are now distinct from each other.
+
+### More examples
+
+This section presents some more examples of placement policies and their result when applied to the sample netmap. Try to figure out the result before looking at it or evaluating the policy.
+
+#### Example #1
+```sql
+REP 1 IN TwoRedNodes
+SELECT 2 FROM RedNodes AS TwoRedNodes
+FILTER Color EQ 'Red' AS RedNodes
+```
+
+<details>
+<summary>Result</summary>
+
+```sh
+> eval REP 1 IN TwoRedNodes SELECT 2 FROM RedNodes AS TwoRedNodes FILTER Color EQ 'Red' AS RedNodes
+	 1: [06 09 03]
+```
+
+</details>
+
+#### Example #2
+```sql
+REP 1 IN TwoRedNodes
+REP 1 IN TwoRedNodes
+SELECT 2 FROM RedNodes AS TwoRedNodes
+FILTER Color EQ 'Red' AS RedNodes
+```
+
+<details>
+<summary>Result</summary>
+
+```sh
+> eval REP 1 REP 1 IN TwoRedNodes SELECT 2 FROM RedNodes AS TwoRedNodes FILTER Color EQ 'Red' AS RedNodes
+	 1: [06 09 03]
+	 2: [06 09 03]
+```
+
+</details>
+
+#### Example #3
+```sql
+REP 2 IN MyNodes
+REP 2 IN MyNodes
+SELECT 2 FROM RedOrBlueNodes AS MyNodes
+FILTER Color EQ 'Red' AS RedNodes
+FILTER Color EQ 'Blue' AS BlueNodes
+FILTER @RedNodes OR @BlueNodes AS RedOrBlueNodes
+```
+
+<details>
+<summary>Result</summary>
+
+```sh
+> eval REP 2 IN MyNodes REP 2 IN MyNodes SELECT 2 FROM RedOrBlueNodes AS MyNodes FILTER Color EQ 'Red' AS RedNodes FILTER Color EQ 'Blue' AS BlueNodes FILTER @RedNodes OR @BlueNodes AS RedOrBlueNodes
+	 1: [06 01 04 03 09 07]
+	 2: [06 01 04 03 09 07]
+```
+
+</details>
+
+#### Example #4
+```sql
+REP 2 IN MyRedNodes
+REP 2 IN MyBlueNodes
+CBF 1
+SELECT 2 FROM RedNodes AS MyRedNodes
+SELECT 2 FROM BlueNodes AS MyBlueNodes
+FILTER Color EQ 'Red' AS RedNodes
+FILTER Color EQ 'Blue' AS BlueNodes
+```
+
+<details>
+<summary>Result</summary>
+
+```sh
+> eval REP 2 IN MyRedNodes REP 2 IN MyBlueNodes CBF 1 SELECT 2 FROM RedNodes AS MyRedNodes SELECT 2 FROM BlueNodes AS MyBlueNodes FILTER Color EQ 'Red' AS RedNodes FILTER Color EQ 'Blue' AS BlueNodes
+	 1: [06 03]
+	 2: [01 04]
+```
+
+</details>
+
+#### Example #5
+```sql
+UNIQUE
+REP 1 IN MyGreenNodes
+REP 1 IN MyGreenNodes
+REP 1 IN MyGreenNodes
+CBF 1
+SELECT 1 FROM GreenNodes AS MyGreenNodes
+FILTER Color EQ 'Green' AS GreenNodes
+```
+
+<details>
+<summary>Result</summary>
+
+```sh
+> eval UNIQUE REP 1 IN MyGreenNodes REP 1 IN MyGreenNodes REP 1 IN MyGreenNodes CBF 1 SELECT 1 FROM GreenNodes AS MyGreenNodes FILTER Color EQ 'Green' AS GreenNodes
+	 1: [05]
+	 2: [02]
+	 3: [08]
+```
+
+</details>
+
+#### Example #6
+```sql
+REP 1 IN MyNodes
+REP 2
+CBF 2
+SELECT 1 FROM CuteNodes AS MyNodes
+FILTER (Color EQ 'Blue') AND NOT (Shape EQ 'Circle' OR Shape EQ 'Square') AS CuteNodes
+```
+
+<details>
+<summary>Result</summary>
+
+```sh
+eval REP 1 IN MyNodes REP 2  CBF 2 SELECT 1 FROM CuteNodes AS MyNodes FILTER (Color EQ 'Blue') AND NOT (Shape EQ 'Circle' OR Shape EQ 'Square') AS CuteNodes
+	 1: [07]
+	 2: [06 05 02 03]
+```
+
+</details>
+
+## Appendix 1: Operators
+
+Comparison operators (all binary):
+- `EQ`: equals
+- `NE`: not equal
+- `GE`: greater or equal
+- `GT`: greater than
+- `LE`: less or equal
+- `LT`: less than
+
+Logical operators:
+- `NOT`: negation (unary)
+- `AND`: conjunction (binary)
+- `OR`: disjunction (binary)
+
+Others:
+- `@`: filter reference
+- `(`: left parenthesis
+- `)`: right parenthesis
+
+## Appendix 2: Policy playground commands
+
+- `ls`: list nodes in the current netmap and their attributes
+- `add`: add a node to the current netmap. If it already exists, it will be overwritten.
+- `remove`: remove a node from the current netmap.
+- `eval`: evaluate a placement policy on the current netmap.
--- a/eacl/filter_test.go
+++ b/eacl/filter_test.go
@ -4,7 +4,6 @@ import (
 	"strconv"
 	"testing"

-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl"
 	v2acl "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl"
 	"github.com/stretchr/testify/require"
 )
@ -83,8 +82,8 @@ func TestFilter_ToV2(t *testing.T) {

 		require.Empty(t, filterV2.GetKey())
 		require.Empty(t, filterV2.GetValue())
-		require.Equal(t, acl.HeaderTypeUnknown, filterV2.GetHeaderType())
-		require.Equal(t, acl.MatchTypeUnknown, filterV2.GetMatchType())
+		require.Equal(t, v2acl.HeaderTypeUnknown, filterV2.GetHeaderType())
+		require.Equal(t, v2acl.MatchTypeUnknown, filterV2.GetMatchType())
 	})

 	t.Run("reserved types", func(t *testing.T) {
--- a/eacl/record.go
+++ b/eacl/record.go
@ -125,7 +125,7 @@ func (r *Record) AddObjectContainerIDFilter(m Match, id cid.ID) {
 }

 // AddObjectOwnerIDFilter adds filter by object owner ID.
-func (r *Record) AddObjectOwnerIDFilter(m Match, id *user.ID) {
+func (r *Record) AddObjectOwnerIDFilter(m Match, id user.ID) {
 	r.addObjectReservedFilter(m, fKeyObjOwnerID, id)
 }

--- a/eacl/record_test.go
+++ b/eacl/record_test.go
@ -225,14 +225,6 @@ func TestReservedRecords(t *testing.T) {
 			key:   v2acl.FilterObjectType,
 			value: "TOMBSTONE",
 		},
-		{
-			f: func(r *Record) {
-				require.True(t, typ.FromString("STORAGE_GROUP"))
-				r.AddObjectTypeFilter(MatchStringEqual, *typ)
-			},
-			key:   v2acl.FilterObjectType,
-			value: "STORAGE_GROUP",
-		},
 	}

 	for n, testCase := range testSuit {
--- a/eacl/target_test.go
+++ b/eacl/target_test.go
@ -4,7 +4,6 @@ import (
 	"crypto/ecdsa"
 	"testing"

-	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl"
 	v2acl "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/acl"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/stretchr/testify/require"
@ -79,7 +78,7 @@ func TestTarget_ToV2(t *testing.T) {
 		// convert to v2 message
 		targetV2 := target.ToV2()

-		require.Equal(t, acl.RoleUnknown, targetV2.GetRole())
+		require.Equal(t, v2acl.RoleUnknown, targetV2.GetRole())
 		require.Nil(t, targetV2.GetKeys())
 	})
 }
--- a/eacl/test/benchmark_test.go
+++ b/eacl/test/benchmark_test.go
@ -2,7 +2,7 @@ package eacltest

 import (
 	"bytes"
-	"math/rand"
+	"crypto/rand"
 	"testing"

 	cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test"
--- a/eacl/validator.go
+++ b/eacl/validator.go
@ -7,8 +7,7 @@ import (
 // Validator is a tool that calculates
 // the action on a request according
 // to the extended ACL rule table.
-type Validator struct {
-}
+type Validator struct{}

 // NewValidator creates and initializes a new Validator using options.
 func NewValidator() *Validator {
--- a/eacl/validator_test.go
+++ b/eacl/validator_test.go
@ -1,7 +1,7 @@
 package eacl

 import (
-	"math/rand"
+	"crypto/rand"
 	"testing"

 	"github.com/stretchr/testify/require"
--- a/go.mod
+++ b/go.mod
@ -1,44 +1,55 @@
 module git.frostfs.info/TrueCloudLab/frostfs-sdk-go

-go 1.18
+go 1.22

 require (
-	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.11.2-0.20230307104236-f69d2ad83c51
-	git.frostfs.info/TrueCloudLab/frostfs-contract v0.0.0-20230307110621-19a8ef2d02fb
-	git.frostfs.info/TrueCloudLab/hrw v1.2.0
+	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240906121927-afb18ef231c4
+	git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e
+	git.frostfs.info/TrueCloudLab/hrw v1.2.1
 	git.frostfs.info/TrueCloudLab/tzhash v1.8.0
-	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20221202181307-76fa05c21b12
-	github.com/google/uuid v1.3.0
-	github.com/hashicorp/golang-lru/v2 v2.0.1
+	github.com/antlr4-go/antlr/v4 v4.13.0
+	github.com/google/uuid v1.6.0
+	github.com/hashicorp/golang-lru/v2 v2.0.7
+	github.com/klauspost/reedsolomon v1.12.1
 	github.com/mr-tron/base58 v1.2.0
-	github.com/nspcc-dev/neo-go v0.100.1
-	github.com/stretchr/testify v1.8.1
-	go.uber.org/atomic v1.10.0
-	go.uber.org/zap v1.24.0
+	github.com/nspcc-dev/neo-go v0.106.3
+	github.com/stretchr/testify v1.9.0
+	go.uber.org/zap v1.27.0
+	google.golang.org/grpc v1.62.0
+	google.golang.org/protobuf v1.34.2
+	gopkg.in/yaml.v3 v3.0.1
 )

 require (
 	git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 // indirect
 	git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/gorilla/websocket v1.4.2 // indirect
-	github.com/hashicorp/golang-lru v0.6.0 // indirect
-	github.com/nspcc-dev/go-ordered-json v0.0.0-20220111165707-25110be27d22 // indirect
-	github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20221202075445-cb5c18dc73eb // indirect
-	github.com/nspcc-dev/rfc6979 v0.2.0 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/snappy v0.0.1 // indirect
+	github.com/gorilla/websocket v1.5.1 // indirect
+	github.com/holiman/uint256 v1.2.4 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.6 // indirect
+	github.com/nspcc-dev/go-ordered-json v0.0.0-20240301084351-0246b013f8b2 // indirect
+	github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240727093519-1a48f1ce43ec // indirect
+	github.com/nspcc-dev/rfc6979 v0.2.1 // indirect
+	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/spaolacci/murmur3 v1.1.0 // indirect
-	go.uber.org/multierr v1.9.0 // indirect
-	golang.org/x/crypto v0.4.0 // indirect
-	golang.org/x/exp v0.0.0-20221227203929-1b447090c38c // indirect
-	golang.org/x/net v0.3.0 // indirect
-	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
-	golang.org/x/sys v0.3.0 // indirect
-	golang.org/x/text v0.5.0 // indirect
-	google.golang.org/genproto v0.0.0-20200825200019-8632dd797987 // indirect
-	google.golang.org/grpc v1.48.0 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
+	github.com/prometheus/client_golang v1.19.0 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.48.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954 // indirect
+	github.com/twmb/murmur3 v1.1.8 // indirect
+	go.etcd.io/bbolt v1.3.9 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/crypto v0.27.0 // indirect
+	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect
+	golang.org/x/net v0.29.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.25.0 // indirect
+	golang.org/x/text v0.18.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,738 +1,204 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.11.2-0.20230307104236-f69d2ad83c51 h1:l4+K1hN+NuWNtlZZoV8yRRP3Uu7PifL05ukEqKcb0Ks=
-git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.11.2-0.20230307104236-f69d2ad83c51/go.mod h1:n0DxKYulu2Ar73R6OcNF34LiL/Xa+iDR7GZuaOChbLE=
-git.frostfs.info/TrueCloudLab/frostfs-contract v0.0.0-20230307110621-19a8ef2d02fb h1:S/TrbOOu9qEXZRZ9/Ddw7crnxbBUQLo68PSzQWYrc9M=
-git.frostfs.info/TrueCloudLab/frostfs-contract v0.0.0-20230307110621-19a8ef2d02fb/go.mod h1:nkR5gaGeez3Zv2SE7aceP0YwxG2FzIB5cGKpQO2vV2o=
+git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240906121927-afb18ef231c4 h1:HKBcChYr1XRlkC9+4+aKBcq+/GlvkRgh8yj/o2bw1yc=
+git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240906121927-afb18ef231c4/go.mod h1:HgovqNsNpI6oerXroi+6rMkppM5HvMyDI5DTGzGsJ6g=
+git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e h1:kcBqZBiFIUBATUqEuvVigtkJJWQ2Gug/eYXn967o3M4=
+git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e/go.mod h1:F/fe1OoIDKr5Bz99q4sriuHDuf3aZefZy9ZsCqEtgxc=
 git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 h1:FxqFDhQYYgpe41qsIHVOcdzSVCB8JNSfPG7Uk4r2oSk=
 git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0/go.mod h1:RUIKZATQLJ+TaYQa60X2fTDwfuhMfm8Ar60bQ5fr+vU=
-git.frostfs.info/TrueCloudLab/hrw v1.2.0 h1:KvAES7xIqmQBGd2q8KanNosD9+4BhU/zqD5Kt5KSflk=
-git.frostfs.info/TrueCloudLab/hrw v1.2.0/go.mod h1:mq2sbvYfO+BB6iFZwYBkgC0yc6mJNx+qZi4jW918m+Y=
+git.frostfs.info/TrueCloudLab/hrw v1.2.1 h1:ccBRK21rFvY5R1WotI6LNoPlizk7qSvdfD8lNIRudVc=
+git.frostfs.info/TrueCloudLab/hrw v1.2.1/go.mod h1:C1Ygde2n843yTZEQ0FP69jYiuaYV0kriLvP4zm8JuvM=
 git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0 h1:M2KR3iBj7WpY3hP10IevfIB9MURr4O9mwVfJ+SjT3HA=
 git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0/go.mod h1:okpbKfVYf/BpejtfFTfhZqFP+sZ8rsHrP8Rr/jYPNRc=
 git.frostfs.info/TrueCloudLab/tzhash v1.8.0 h1:UFMnUIk0Zh17m8rjGHJMqku2hCgaXDqjqZzS4gsb4UA=
 git.frostfs.info/TrueCloudLab/tzhash v1.8.0/go.mod h1:dhY+oy274hV8wGvGL4MwwMpdL3GYvaX1a8GQZQHvlF8=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/CityOfZion/neo-go v0.62.1-pre.0.20191114145240-e740fbe708f8/go.mod h1:MJCkWUBhi9pn/CrYO1Q3P687y2KeahrOPS9BD9LDGb0=
-github.com/CityOfZion/neo-go v0.70.1-pre.0.20191209120015-fccb0085941e/go.mod h1:0enZl0az8xA6PVkwzEOwPWVJGqlt/GO4hA4kmQ5Xzig=
-github.com/CityOfZion/neo-go v0.70.1-pre.0.20191212173117-32ac01130d4c/go.mod h1:JtlHfeqLywZLswKIKFnAp+yzezY4Dji9qlfQKB2OD/I=
-github.com/CityOfZion/neo-go v0.71.1-pre.0.20200129171427-f773ec69fb84/go.mod h1:FLI526IrRWHmcsO+mHsCbj64pJZhwQFTLJZu+A4PGOA=
-github.com/Workiva/go-datastructures v1.0.50/go.mod h1:Z+F2Rca0qCsVYDS8z7bAGm8f3UkzuWYS/oBZz5a7VVA=
-github.com/abiosoft/ishell v2.0.0+incompatible/go.mod h1:HQR9AqF2R3P4XXpMpI0NAzgHf/aS6+zVXRj14cVk9qg=
-github.com/abiosoft/ishell/v2 v2.0.2/go.mod h1:E4oTCXfo6QjoCart0QYa5m9w4S+deXs/P/9jA77A9Bs=
-github.com/abiosoft/readline v0.0.0-20180607040430-155bce2042db/go.mod h1:rB3B4rKii8V21ydCbIzH5hZiCQE7f5E9SzUb/ZZx530=
-github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/alicebob/gopher-json v0.0.0-20180125190556-5a6b3ba71ee6/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc=
-github.com/alicebob/miniredis v2.5.0+incompatible/go.mod h1:8HZjEj4yU0dwhYHky+DxYx+6BMjkBbe5ONFIF1MXffk=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210521073959-f0d4d129b7f1/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
-github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20221202181307-76fa05c21b12 h1:npHgfD4Tl2WJS3AJaMUi5ynGDPUBfkg3U3fCzDyXZ+4=
-github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20221202181307-76fa05c21b12/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM=
-github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
-github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
+github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ=
-github.com/btcsuite/btcd v0.22.0-beta/go.mod h1:9n5ntfhhHQBIhUvlhDvD3Qg6fRUj4jkN0VB8L8svzOA=
-github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA=
-github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg=
-github.com/btcsuite/btcutil v1.0.3-0.20201208143702-a53e38424cce/go.mod h1:0DVlHczLPewLcPGEIeUEzfOJhqGPQ0mJJRDBtD307+o=
-github.com/btcsuite/go-socks v0.0.0-20170105172521-4720035b7bfd/go.mod h1:HHNXQzUsZCxOoE+CPiyCTO6x34Zs86zZUiwtpXoGdtg=
-github.com/btcsuite/goleveldb v0.0.0-20160330041536-7834afc9e8cd/go.mod h1:F+uVaaLLH7j4eDXPRvw78tMflu7Ie2bzYOH4Y8rRKBY=
-github.com/btcsuite/goleveldb v1.0.0/go.mod h1:QiK9vBlgftBg6rWQIj6wFzbPfRjiykIEhBH4obrXJ/I=
-github.com/btcsuite/snappy-go v0.0.0-20151229074030-0bdef8d06723/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg3lh6TiUghc=
-github.com/btcsuite/snappy-go v1.0.0/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg3lh6TiUghc=
-github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792/go.mod h1:ghJtEyQwv5/p4Mg4C0fgbePVuGr935/5ddU9Z3TmDRY=
-github.com/btcsuite/winsvc v1.0.0/go.mod h1:jsenWakMcC0zFBFurPLEAyrnc/teJEM1O46fmI40EZs=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash/v2 v2.1.0/go.mod h1:dgIUBU3pDso/gPgZ1osOZ0iQf77oPR28Tjxl5dIMyVM=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/davecgh/go-spew v0.0.0-20171005155431-ecdeabc65495/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/bits-and-blooms/bitset v1.8.0 h1:FD+XqgOZDUxxZ8hzoBFuV9+cGWY9CslN6d5MS5JVb4c=
+github.com/bits-and-blooms/bitset v1.8.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/consensys/bavard v0.1.13 h1:oLhMLOFGTLdlda/kma4VOJazblc7IM5y5QPd2A/YjhQ=
+github.com/consensys/bavard v0.1.13/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI=
+github.com/consensys/gnark-crypto v0.12.2-0.20231013160410-1f65e75b6dfb h1:f0BMgIjhZy4lSRHCXFbQst85f5agZAjtDMixQqBWNpc=
+github.com/consensys/gnark-crypto v0.12.2-0.20231013160410-1f65e75b6dfb/go.mod h1:v2Gy7L/4ZRosZ7Ivs+9SfUDr0f5UlG+EM5t7MPHiLuY=
+github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
-github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 h1:YLtO71vCjJRCBcrPMtQ9nqBsqpA1m5sE92cU+pd5Mcc=
-github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
-github.com/decred/dcrd/lru v1.0.0/go.mod h1:mxKOwFd7lFjN2GZYsiz/ecgqR6kkYAl+0pz0tEMk218=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
-github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/etcd-io/bbolt v1.3.3/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
-github.com/flynn-archive/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:rZfgFAXFS/z/lEd6LJmf9HVZ1LkgYiHx5pHhV5DR16M=
-github.com/frankban/quicktest v1.14.0/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09mUdL/ijj8og=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
+github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA=
+github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
-github.com/go-redis/redis v6.10.2+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-yaml/yaml v2.1.0+incompatible/go.mod h1:w2MrLa16VYP0jy6N7M5kHaCkaLENm+P+Tv+MfurjSw0=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.0-20170215233205-553a64147049/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/hashicorp/golang-lru v0.6.0 h1:uL2shRDx7RTrOrTCUZEGP/wJUFiUI8QT6E7z5o8jga4=
-github.com/hashicorp/golang-lru v0.6.0/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/hashicorp/golang-lru/v2 v2.0.1 h1:5pv5N1lT1fjLg2VQ5KWc7kmucp2x/kvFOnxuVTqZ6x4=
-github.com/hashicorp/golang-lru/v2 v2.0.1/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
-github.com/holiman/uint256 v1.2.0/go.mod h1:y4ga/t+u+Xwd7CpDgZESaRcWy0I7XMlTMA25ApIH5Jw=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
+github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
+github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
+github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/holiman/uint256 v1.2.4 h1:jUc4Nk8fm9jZabQuqr2JzednajVmBpC+oiTiXZJEApU=
+github.com/holiman/uint256 v1.2.4/go.mod h1:EOMSn4q6Nyt9P6efbI3bueV4e1b3dGlUCXeiRV4ng7E=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
-github.com/jrick/logrotate v1.0.0/go.mod h1:LNinyqDIJnpAur+b8yyulnQw/wDuN1+BYKlTRt3OuAQ=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/kkdai/bstream v0.0.0-20161212061736-f391b8402d23/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc=
+github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/klauspost/reedsolomon v1.12.1 h1:NhWgum1efX1x58daOBGCFWcxtEhOhXKKl1HAPQUp03Q=
+github.com/klauspost/reedsolomon v1.12.1/go.mod h1:nEi5Kjb6QqtbofI6s+cbG/j1da11c96IBYBSnVGtuBs=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
-github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/mr-tron/base58 v1.1.2/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
+github.com/mmcloughlin/addchain v0.4.0 h1:SobOdjm2xLj1KkXN5/n0xTIWyZA2+s99UCY1iPfkHRY=
+github.com/mmcloughlin/addchain v0.4.0/go.mod h1:A86O+tHqZLMNO4w6ZZ4FlVQEadcoqkyU72HC5wJ4RlU=
 github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o=
 github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/nspcc-dev/dbft v0.0.0-20191205084618-dacb1a30c254/go.mod h1:w1Ln2aT+dBlPhLnuZhBV+DfPEdS2CHWWLp5JTScY3bw=
-github.com/nspcc-dev/dbft v0.0.0-20191209120240-0d6b7568d9ae/go.mod h1:3FjXOoHmA51EGfb5GS/HOv7VdmngNRTssSeQ729dvGY=
-github.com/nspcc-dev/dbft v0.0.0-20200117124306-478e5cfbf03a/go.mod h1:/YFK+XOxxg0Bfm6P92lY5eDSLYfp06XOdL8KAVgXjVk=
-github.com/nspcc-dev/dbft v0.0.0-20200219114139-199d286ed6c1/go.mod h1:O0qtn62prQSqizzoagHmuuKoz8QMkU3SzBoKdEvm3aQ=
-github.com/nspcc-dev/dbft v0.0.0-20210721160347-1b03241391ac/go.mod h1:U8MSnEShH+o5hexfWJdze6uMFJteP0ko7J2frO7Yu1Y=
-github.com/nspcc-dev/dbft v0.0.0-20220902113116-58a5e763e647/go.mod h1:g9xisXmX9NP9MjioaTe862n9SlZTrP+6PVUWLBYOr98=
-github.com/nspcc-dev/go-ordered-json v0.0.0-20210915112629-e1b6cce73d02/go.mod h1:79bEUDEviBHJMFV6Iq6in57FEOCMcRhfQnfaf0ETA5U=
-github.com/nspcc-dev/go-ordered-json v0.0.0-20220111165707-25110be27d22 h1:n4ZaFCKt1pQJd7PXoMJabZWK9ejjbLOVrkl/lOUmshg=
-github.com/nspcc-dev/go-ordered-json v0.0.0-20220111165707-25110be27d22/go.mod h1:79bEUDEviBHJMFV6Iq6in57FEOCMcRhfQnfaf0ETA5U=
-github.com/nspcc-dev/hrw v1.0.9/go.mod h1:l/W2vx83vMQo6aStyx2AuZrJ+07lGv2JQGlVkPG06MU=
-github.com/nspcc-dev/neo-go v0.73.1-pre.0.20200303142215-f5a1b928ce09/go.mod h1:pPYwPZ2ks+uMnlRLUyXOpLieaDQSEaf4NM3zHVbRjmg=
-github.com/nspcc-dev/neo-go v0.98.0/go.mod h1:E3cc1x6RXSXrJb2nDWXTXjnXk3rIqVN8YdFyWv+FrqM=
-github.com/nspcc-dev/neo-go v0.99.4/go.mod h1:mKTolfRUfKjFso5HPvGSQtUZc70n0VKBMs16eGuC5gA=
-github.com/nspcc-dev/neo-go v0.100.1 h1:yugxbQRdzM+ObVa5mtr9/n4rYjxSIrryne8MVr9NBwU=
-github.com/nspcc-dev/neo-go v0.100.1/go.mod h1:Nnp7F4e9IBccsgtCeLtUWV+0T6gk1PtP5HRtA13hUfc=
-github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220927123257-24c107e3a262/go.mod h1:23bBw0v6pBYcrWs8CBEEDIEDJNbcFoIh8pGGcf2Vv8s=
-github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20221202075445-cb5c18dc73eb h1:GFxfkpXEYAbMIr69JpKOsQWeLOaGrd49HNAor8uDW+A=
-github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20221202075445-cb5c18dc73eb/go.mod h1:23bBw0v6pBYcrWs8CBEEDIEDJNbcFoIh8pGGcf2Vv8s=
-github.com/nspcc-dev/neofs-api-go/v2 v2.11.0-pre.0.20211201134523-3604d96f3fe1/go.mod h1:oS8dycEh8PPf2Jjp6+8dlwWyEv2Dy77h/XhhcdxYEFs=
-github.com/nspcc-dev/neofs-api-go/v2 v2.11.1/go.mod h1:oS8dycEh8PPf2Jjp6+8dlwWyEv2Dy77h/XhhcdxYEFs=
-github.com/nspcc-dev/neofs-crypto v0.2.0/go.mod h1:F/96fUzPM3wR+UGsPi3faVNmFlA9KAEAUQR7dMxZmNA=
-github.com/nspcc-dev/neofs-crypto v0.2.3/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
-github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
-github.com/nspcc-dev/neofs-crypto v0.4.0/go.mod h1:6XJ8kbXgOfevbI2WMruOtI+qUJXNwSGM/E9eClXxPHs=
-github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4=
-github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40=
-github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
-github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE=
-github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
+github.com/nspcc-dev/dbft v0.2.0 h1:sDwsQES600OSIMncV176t2SX5OvB14lzeOAyKFOkbMI=
+github.com/nspcc-dev/dbft v0.2.0/go.mod h1:oFE6paSC/yfFh9mcNU6MheMGOYXK9+sPiRk3YMoz49o=
+github.com/nspcc-dev/go-ordered-json v0.0.0-20240301084351-0246b013f8b2 h1:mD9hU3v+zJcnHAVmHnZKt3I++tvn30gBj2rP2PocZMk=
+github.com/nspcc-dev/go-ordered-json v0.0.0-20240301084351-0246b013f8b2/go.mod h1:U5VfmPNM88P4RORFb6KSUVBdJBDhlqggJZYGXGPxOcc=
+github.com/nspcc-dev/neo-go v0.106.3 h1:HEyhgkjQY+HfBzotMJ12xx2VuOUphkngZ4kEkjvXDtE=
+github.com/nspcc-dev/neo-go v0.106.3/go.mod h1:3vEwJ2ld12N7HRGCaH/l/7EwopplC/+8XdIdPDNmD/M=
+github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240727093519-1a48f1ce43ec h1:vDrbVXF2+2uP0RlkZmem3QYATcXCu9BzzGGCNsNcK7Q=
+github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240727093519-1a48f1ce43ec/go.mod h1:/vrbWSHc7YS1KSYhVOyyeucXW/e+1DkVBOgnBEXUCeY=
+github.com/nspcc-dev/rfc6979 v0.2.1 h1:8wWxkamHWFmO790GsewSoKUSJjVnL1fmdRpokU/RgRM=
+github.com/nspcc-dev/rfc6979 v0.2.1/go.mod h1:Tk7h5kyUWkhjyO3zUgFFhy1v2vQv3BvQEntakdtqrWc=
+github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA=
 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
-github.com/onsi/gomega v1.4.1/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM=
 github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.2.1/go.mod h1:XMU6Z2MjaRKVu/dC1qupJI9SiNkDYzz3xecMgSW/F+U=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
-github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
+github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
+github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/syndtr/goleveldb v0.0.0-20180307113352-169b1b37be73/go.mod h1:Z4AUp2Km+PwemOoO/VB5AOx9XSsIItzFjoJlOSiYmn0=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954 h1:xQdMZ1WLrgkkvOZ/LDQxjVxMLdby7osSh4ZEVa5sIjs=
 github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954/go.mod h1:u2MKkTVTVJWe5D1rCvame8WqhBd88EuIwODJZ1VHCPM=
-github.com/twmb/murmur3 v1.1.5/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo=
-github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/gopher-lua v0.0.0-20190514113301-1cd887cd7036/go.mod h1:gqRgreBUhTSL0GeU64rtZ3Uq3wtjOa/TB2YfrtkCbVQ=
-github.com/yuin/gopher-lua v0.0.0-20191128022950-c6266f4fe8d7/go.mod h1:gqRgreBUhTSL0GeU64rtZ3Uq3wtjOa/TB2YfrtkCbVQ=
-go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
-go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
-go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
-go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
-go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
-go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
-go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
-golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+github.com/twmb/murmur3 v1.1.8 h1:8Yt9taO/WN3l08xErzjeschgZU2QSrwm1kclYq+0aRg=
+github.com/twmb/murmur3 v1.1.8/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ=
+github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU=
+github.com/urfave/cli/v2 v2.27.2 h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI=
+github.com/urfave/cli/v2 v2.27.2/go.mod h1:g0+79LmHHATl7DAcHO99smiR/T7uGLw84w8Y42x+4eM=
+github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 h1:+qGGcbkzsfDQNPPe9UDgpxAWQrhbbBXOYJFQDq/dtJw=
+github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913/go.mod h1:4aEEwZQutDLsQv2Deui4iYQ6DWTxR14g6m8Wv88+Xqk=
+go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI=
+go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200115085410-6d4e4cb37c7d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
-golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20221227203929-1b447090c38c h1:Govq2W3bnHJimHT2ium65kXcI7ZzTniZHcFATnLJM0Q=
-golang.org/x/exp v0.0.0-20221227203929-1b447090c38c/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
-golang.org/x/net v0.0.0-20180719180050-a680a1efc54d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
+golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
+golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
+golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.3.0 h1:VWL6FNY2bEEmsGVKabSlHu5Irp34xmMRoqb/9lF9lxk=
-golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo=
+golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190204203706-41f3e6584952/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
-golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210429154555-c04ba851c2a4/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
+golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
-golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180318012157-96caea41033d/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
+golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20201022035929-9cf592e881e9/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987 h1:PDIOdWxZ8eRizhKa1AAvY53xsvLB1cWorMjslvY3VA8=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
-google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w=
-google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
+google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk=
+google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
 google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/abiosoft/ishell.v2 v2.0.0/go.mod h1:sFp+cGtH6o4s1FtpVPTMcHq2yue+c4DGOVohJCPUzwY=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+rsc.io/tmplfunc v0.0.3 h1:53XFQh69AfOa8Tw0Jm7t+GV7KZhOi6jzsCzTtKbMvzU=
+rsc.io/tmplfunc v0.0.3/go.mod h1:AG3sTPzElb1Io3Yg4voV9AGZJuleGAwaVRxL9M49PhA=
--- a/netmap/aggregator.go
+++ b/netmap/aggregator.go
@ -1,8 +1,6 @@
 package netmap

-import (
-	"sort"
-)
+import "slices"

 type (
 	// aggregator can calculate some value across all netmap
@ -24,10 +22,10 @@ type (

 	minAgg struct {
 		min      float64
+		minFound bool
 	}

 	meanIQRAgg struct {
-		k   float64
 		arr []float64
 	}

@ -73,16 +71,10 @@ func newMinAgg() aggregator {
 	return new(minAgg)
 }

-// newMeanIQRAgg returns an aggregator which
-// computes mean value of values from IQR interval.
-func newMeanIQRAgg() aggregator {
-	return new(meanIQRAgg)
-}
-
 // newReverseMinNorm returns a normalizer which
 // normalize values in range of 0.0 to 1.0 to a minimum value.
-func newReverseMinNorm(min float64) normalizer {
-	return &reverseMinNorm{min: min}
+func newReverseMinNorm(minV float64) normalizer {
+	return &reverseMinNorm{min: minV}
 }

 // newSigmoidNorm returns a normalizer which
@ -102,7 +94,13 @@ func (a *meanAgg) Compute() float64 {
 }

 func (a *minAgg) Add(n float64) {
-	if a.min == 0 || n < a.min {
+	if !a.minFound {
+		a.min = n
+		a.minFound = true
+		return
+	}
+
+	if n < a.min {
 		a.min = n
 	}
 }
@ -111,6 +109,10 @@ func (a *minAgg) Compute() float64 {
 	return a.min
 }

+func (a *meanIQRAgg) clear() {
+	a.arr = a.arr[:0]
+}
+
 func (a *meanIQRAgg) Add(n float64) {
 	a.arr = append(a.arr, n)
 }
@ -121,25 +123,24 @@ func (a *meanIQRAgg) Compute() float64 {
 		return 0
 	}

-	sort.Slice(a.arr, func(i, j int) bool { return a.arr[i] < a.arr[j] })
+	slices.Sort(a.arr)

-	var min, max float64
+	var minV, maxV float64

 	const minLn = 4

 	if l < minLn {
-		min, max = a.arr[0], a.arr[l-1]
+		minV, maxV = a.arr[0], a.arr[l-1]
 	} else {
 		start, end := l/minLn, l*3/minLn-1
-		iqr := a.k * (a.arr[end] - a.arr[start])
-		min, max = a.arr[start]-iqr, a.arr[end]+iqr
+		minV, maxV = a.arr[start], a.arr[end]
 	}

 	count := 0
 	sum := float64(0)

 	for _, e := range a.arr {
-		if e >= min && e <= max {
+		if e >= minV && e <= maxV {
 			sum += e
 			count++
 		}
@ -149,11 +150,7 @@ func (a *meanIQRAgg) Compute() float64 {
 }

 func (r *reverseMinNorm) Normalize(w float64) float64 {
-	if w == 0 {
-		return 0
-	}
-
-	return r.min / w
+	return (r.min + 1) / (w + 1)
 }

 func (r *sigmoidNorm) Normalize(w float64) float64 {
--- a/netmap/aggregator_test.go
+++ b/netmap/aggregator_test.go
@ -0,0 +1,44 @@
+package netmap
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestMinAgg(t *testing.T) {
+	tests := []struct {
+		vals []float64
+		res  float64
+	}{
+		{
+			vals: []float64{1, 2, 3, 0, 10},
+			res:  0,
+		},
+		{
+			vals: []float64{10, 0, 10, 0},
+			res:  0,
+		},
+		{
+			vals: []float64{0, 1, 2, 3, 10},
+			res:  0,
+		},
+		{
+			vals: []float64{0, 0, 0, 0},
+			res:  0,
+		},
+		{
+			vals: []float64{10, 10, 10, 10},
+			res:  10,
+		},
+	}
+
+	for _, test := range tests {
+		a := newMinAgg()
+		for _, val := range test.vals {
+			a.Add(val)
+		}
+
+		require.Equal(t, test.res, a.Compute())
+	}
+}
--- a/netmap/bench_test.go
+++ b/netmap/bench_test.go
@ -0,0 +1,58 @@
+package netmap
+
+import (
+	"testing"
+
+	cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test"
+	"github.com/stretchr/testify/require"
+)
+
+func BenchmarkNetmap_ContainerNodes(b *testing.B) {
+	nodes := []NodeInfo{
+		nodeInfoFromAttributes("Country", "Russia", "Order", "1"),
+		nodeInfoFromAttributes("Country", "Germany", "Order", "2"),
+		nodeInfoFromAttributes("Country", "Russia", "Order", "3"),
+		nodeInfoFromAttributes("Country", "France", "Order", "4"),
+		nodeInfoFromAttributes("Country", "France", "Order", "5"),
+		nodeInfoFromAttributes("Country", "Russia", "Order", "6"),
+		nodeInfoFromAttributes("Country", "Russia", "Order", "7"),
+		nodeInfoFromAttributes("Country", "Germany", "Order", "8"),
+		nodeInfoFromAttributes("Country", "Germany", "Order", "9"),
+		nodeInfoFromAttributes("Country", "Russia", "Order", "10"),
+		nodeInfoFromAttributes("Country", "China", "Order", "11"),
+		nodeInfoFromAttributes("Country", "China", "Order", "12"),
+		nodeInfoFromAttributes("Country", "Finland", "Order", "13"),
+		nodeInfoFromAttributes("Country", "Finland", "Order", "14"),
+		nodeInfoFromAttributes("Country", "España", "Order", "15"),
+		nodeInfoFromAttributes("Country", "España", "Order", "16"),
+	}
+
+	var nm NetMap
+	nm.SetNodes(nodes)
+
+	policies := []string{
+		`REP 2`,
+		`REP 2 IN X CBF 2 SELECT 2 FROM * AS X`,
+	}
+	cnr := cidtest.ID()
+
+	pivot := make([]byte, 32)
+	cnr.Encode(pivot)
+
+	for i := range policies {
+		b.Run(policies[i], func(b *testing.B) {
+			var p PlacementPolicy
+			require.NoError(b, p.DecodeString(policies[i]))
+
+			b.ResetTimer()
+			b.ReportAllocs()
+
+			for i := 0; i < b.N; i++ {
+				_, err := nm.ContainerNodes(p, pivot)
+				if err != nil {
+					b.Fatal(err)
+				}
+			}
+		})
+	}
+}
--- a/netmap/context.go
+++ b/netmap/context.go
@ -35,6 +35,15 @@ type context struct {

 	// container backup factor
 	cbf uint32
+
+	// nodes already used in previous selections, which is needed when the placement
+	// policy uses the UNIQUE flag. Nodes marked as used are not used in subsequent
+	// base selections.
+	usedNodes map[uint64]bool
+
+	// If true, returns an error when netmap does not contain enough nodes for selection.
+	// By default best effort is taken.
+	strict bool
 }

 // Various validation errors.
@ -58,6 +67,7 @@ func newContext(nm NetMap) *context {

 		numCache:   make(map[string]uint64),
 		weightFunc: defaultWeightFunc(nm.nodes),
+		usedNodes:  make(map[uint64]bool),
 	}
 }

@ -76,16 +86,22 @@ func (c *context) setCBF(cbf uint32) {
 	}
 }

+func (c *context) addUsedNodes(ns ...NodeInfo) {
+	for _, n := range ns {
+		c.usedNodes[n.hash] = true
+	}
+}
+
 func defaultWeightFunc(ns nodes) weightFunc {
 	mean := newMeanAgg()
-	min := newMinAgg()
+	minV := newMinAgg()

 	for i := range ns {
 		mean.Add(float64(ns[i].capacity()))
-		min.Add(float64(ns[i].Price()))
+		minV.Add(float64(ns[i].Price()))
 	}

 	return newWeightFunc(
 		newSigmoidNorm(mean.Compute()),
-		newReverseMinNorm(min.Compute()))
+		newReverseMinNorm(minV.Compute()))
 }
--- a/netmap/filter.go
+++ b/netmap/filter.go
@ -39,7 +39,7 @@ func (c *context) processFilter(f netmap.Filter, top bool) error {
 	inner := f.GetFilters()

 	switch op := f.GetOp(); op {
-	case netmap.AND, netmap.OR:
+	case netmap.AND, netmap.OR, netmap.NOT:
 		for i := range inner {
 			if err := c.processFilter(inner[i], false); err != nil {
 				return fmt.Errorf("process inner filter #%d: %w", i, err)
@ -79,6 +79,13 @@ func (c *context) processFilter(f netmap.Filter, top bool) error {
 // and missing node properties are considered as a regular fail.
 func (c *context) match(f *netmap.Filter, b NodeInfo) bool {
 	switch f.GetOp() {
+	case netmap.NOT:
+		inner := f.GetFilters()
+		fSub := &inner[0]
+		if name := inner[0].GetName(); name != "" {
+			fSub = c.processedFilters[name]
+		}
+		return !c.match(fSub, b)
 	case netmap.AND, netmap.OR:
 		inner := f.GetFilters()
 		for i := range inner {
--- a/netmap/json_tests/cbf_default.json
+++ b/netmap/json_tests/cbf_default.json
@ -1,100 +0,0 @@
-{
-  "name": "default CBF is 3",
-  "nodes": [
-    {
-      "attributes": [
-        {
-          "key": "Location",
-          "value": "Europe"
-        },
-        {
-          "key": "Country",
-          "value": "RU"
-        },
-        {
-          "key": "City",
-          "value": "St.Petersburg"
-        }
-      ]
-    },
-    {
-      "attributes": [
-        {
-          "key": "Location",
-          "value": "Europe"
-        },
-        {
-          "key": "Country",
-          "value": "RU"
-        },
-        {
-          "key": "City",
-          "value": "Moscow"
-        }
-      ]
-    },
-    {
-      "attributes": [
-        {
-          "key": "Location",
-          "value": "Europe"
-        },
-        {
-          "key": "Country",
-          "value": "DE"
-        },
-        {
-          "key": "City",
-          "value": "Berlin"
-        }
-      ]
-    },
-    {
-      "attributes": [
-        {
-          "key": "Location",
-          "value": "Europe"
-        },
-        {
-          "key": "Country",
-          "value": "FR"
-        },
-        {
-          "key": "City",
-          "value": "Paris"
-        }
-      ]
-    }
-  ],
-  "tests": {
-    "set default CBF": {
-      "policy": {
-        "replicas": [
-          {
-            "count": 1,
-            "selector": "EU"
-          }
-        ],
-        "containerBackupFactor": 0,
-        "selectors": [
-          {
-            "name": "EU",
-            "count": 1,
-            "clause": "SAME",
-            "attribute": "Location",
-            "filter": "*"
-          }
-        ],
-        "filters": [],
-        "subnetId": null
-      },
-      "result": [
-        [
-          0,
-          1,
-          2
-        ]
-      ]
-    }
-  }
-}
--- a/netmap/json_tests/cbf_minimal.json
+++ b/netmap/json_tests/cbf_minimal.json
@ -1,101 +0,0 @@
-{
-  "name": "Real node count multiplier is in range [1, specified CBF]",
-  "nodes": [
-    {
-      "attributes": [
-        {
-          "key": "ID",
-          "value": "1"
-        },
-        {
-          "key": "Country",
-          "value": "DE"
-        }
-      ]
-    },
-    {
-      "attributes": [
-        {
-          "key": "ID",
-          "value": "2"
-        },
-        {
-          "key": "Country",
-          "value": "DE"
-        }
-      ]
-    },
-    {
-      "attributes": [
-        {
-          "key": "ID",
-          "value": "3"
-        },
-        {
-          "key": "Country",
-          "value": "DE"
-        }
-      ]
-    }
-  ],
-  "tests": {
-    "select 2, CBF is 2": {
-      "policy": {
-        "replicas": [
-          {
-            "count": 1,
-            "selector": "X"
-          }
-        ],
-        "containerBackupFactor": 2,
-        "selectors": [
-          {
-            "name": "X",
-            "count": 2,
-            "clause": "SAME",
-            "attribute": "Country",
-            "filter": "*"
-          }
-        ],
-        "filters": [],
-        "subnetId": null
-      },
-      "result": [
-        [
-          0,
-          1,
-          2
-        ]
-      ]
-    },
-    "select 3, CBF is 2": {
-      "policy": {
-        "replicas": [
-          {
-            "count": 1,
-            "selector": "X"
-          }
-        ],
-        "containerBackupFactor": 2,
-        "selectors": [
-          {
-            "name": "X",
-            "count": 3,
-            "clause": "SAME",
-            "attribute": "Country",
-            "filter": "*"
-          }
-        ],
-        "filters": [],
-        "subnetId": null
-      },
-      "result": [
-        [
-          0,
-          1,
-          2
-        ]
-      ]
-    }
-  }
-}
--- a/netmap/json_tests/cbf_requirements.json
+++ b/netmap/json_tests/cbf_requirements.json
@ -1,159 +0,0 @@
-{
-  "name": "CBF requirements",
-  "nodes": [
-    {
-      "attributes": [
-        {
-          "key": "ID",
-          "value": "1"
-        },
-        {
-          "key": "Attr",
-          "value": "Same"
-        }
-      ]
-    },
-    {
-      "attributes": [
-        {
-          "key": "ID",
-          "value": "2"
-        },
-        {
-          "key": "Attr",
-          "value": "Same"
-        }
-      ]
-    },
-    {
-      "attributes": [
-        {
-          "key": "ID",
-          "value": "3"
-        },
-        {
-          "key": "Attr",
-          "value": "Same"
-        }
-      ]
-    },
-    {
-      "attributes": [
-        {
-          "key": "ID",
-          "value": "4"
-        },
-        {
-          "key": "Attr",
-          "value": "Same"
-        }
-      ]
-    }
-  ],
-  "tests": {
-    "default CBF, no selector": {
-      "policy": {
-        "replicas": [
-          {
-            "count": 2,
-            "selector": ""
-          }
-        ],
-        "containerBackupFactor": 0,
-        "selectors": [],
-        "filters": [],
-        "subnetId": null
-      },
-      "result": [
-        [
-          0,
-          2,
-          1,
-          3
-        ]
-      ]
-    },
-    "explicit CBF, no selector": {
-      "policy": {
-        "replicas": [
-          {
-            "count": 2,
-            "selector": ""
-          }
-        ],
-        "containerBackupFactor": 3,
-        "selectors": [],
-        "filters": [],
-        "subnetId": null
-      },
-      "result": [
-        [
-          0,
-          2,
-          1,
-          3
-        ]
-      ]
-    },
-    "select distinct, weak CBF": {
-      "policy": {
-        "replicas": [
-          {
-            "count": 2,
-            "selector": "X"
-          }
-        ],
-        "containerBackupFactor": 3,
-        "selectors": [
-          {
-            "name": "X",
-            "count": 2,
-            "clause": "DISTINCT",
-            "attribute": "",
-            "filter": "*"
-          }
-        ],
-        "filters": [],
-        "subnetId": null
-      },
-      "result": [
-        [
-          0,
-          2,
-          1,
-          3
-        ]
-      ]
-    },
-    "select same, weak CBF": {
-      "policy": {
-        "replicas": [
-          {
-            "count": 2,
-            "selector": "X"
-          }
-        ],
-        "containerBackupFactor": 3,
-        "selectors": [
-          {
-            "name": "X",
-            "count": 2,
-            "clause": "SAME",
-            "attribute": "Attr",
-            "filter": "*"
-          }
-        ],
-        "filters": [],
-        "subnetId": null
-      },
-      "result": [
-        [
-          0,
-          1,
-          2,
-          3
-        ]
-      ]
-    }
-  }
-}
--- a/netmap/json_tests/filter_complex.json
+++ b/netmap/json_tests/filter_complex.json
@ -1,387 +0,0 @@
-{
-  "name": "compound filter",
-  "nodes": [
-    {
-      "attributes": [
-        {
-          "key": "Storage",
-          "value": "SSD"
-        },
-        {
-          "key": "Rating",
-          "value": "10"
-        },
-        {
-          "key": "IntField",
-          "value": "100"
-        },
-        {
-          "key": "Param",
-          "value": "Value1"
-        }
-      ]
-    }
-  ],
-  "tests": {
-    "good": {
-      "policy": {
-        "replicas": [
-          {
-            "count": 1,
-            "selector": "S"
-          }
-        ],
-        "containerBackupFactor": 1,
-        "selectors": [
-          {
-            "name": "S",
-            "count": 1,
-            "clause": "DISTINCT",
-            "attribute": "",
-            "filter": "Main"
-          }
-        ],
-        "filters": [
-          {
-            "name": "StorageSSD",
-            "key": "Storage",
-            "op": "EQ",
-            "value": "SSD",
-            "filters": []
-          },
-          {
-            "name": "GoodRating",
-            "key": "Rating",
-            "op": "GE",
-            "value": "4",
-            "filters": []
-          },
-          {
-            "name": "Main",
-            "key": "",
-            "op": "AND",
-            "value": "",
-            "filters": [
-              {
-                "name": "StorageSSD",
-                "key": "",
-                "op": "OPERATION_UNSPECIFIED",
-                "value": "",
-                "filters": []
-              },
-              {
-                "name": "",
-                "key": "IntField",
-                "op": "LT",
-                "value": "123",
-                "filters": []
-              },
-              {
-                "name": "GoodRating",
-                "key": "",
-                "op": "OPERATION_UNSPECIFIED",
-                "value": "",
-                "filters": []
-              },
-              {
-                "name": "",
-                "key": "",
-                "op": "OR",
-                "value": "",
-                "filters": [
-                  {
-                    "name": "",
-                    "key": "Param",
-                    "op": "EQ",
-                    "value": "Value1",
-                    "filters": []
-                  },
-                  {
-                    "name": "",
-                    "key": "Param",
-                    "op": "EQ",
-                    "value": "Value2",
-                    "filters": []
-                  }
-                ]
-              }
-            ]
-          }
-        ],
-        "subnetId": null
-      },
-      "result": [
-        [
-          0
-        ]
-      ]
-    },
-    "bad storage type": {
-      "policy": {
-        "replicas": [
-          {
-            "count": 1,
-            "selector": "S"
-          }
-        ],
-        "containerBackupFactor": 1,
-        "selectors": [
-          {
-            "name": "S",
-            "count": 1,
-            "clause": "DISTINCT",
-            "attribute": "",
-            "filter": "Main"
-          }
-        ],
-        "filters": [
-          {
-            "name": "StorageSSD",
-            "key": "Storage",
-            "op": "EQ",
-            "value": "HDD",
-            "filters": []
-          },
-          {
-            "name": "GoodRating",
-            "key": "Rating",
-            "op": "GE",
-            "value": "4",
-            "filters": []
-          },
-          {
-            "name": "Main",
-            "key": "",
-            "op": "AND",
-            "value": "",
-            "filters": [
-              {
-                "name": "StorageSSD",
-                "key": "",
-                "op": "OPERATION_UNSPECIFIED",
-                "value": "",
-                "filters": []
-              },
-              {
-                "name": "",
-                "key": "IntField",
-                "op": "LT",
-                "value": "123",
-                "filters": []
-              },
-              {
-                "name": "GoodRating",
-                "key": "",
-                "op": "OPERATION_UNSPECIFIED",
-                "value": "",
-                "filters": []
-              },
-              {
-                "name": "",
-                "key": "",
-                "op": "OR",
-                "value": "",
-                "filters": [
-                  {
-                    "name": "",
-                    "key": "Param",
-                    "op": "EQ",
-                    "value": "Value1",
-                    "filters": []
-                  },
-                  {
-                    "name": "",
-                    "key": "Param",
-                    "op": "EQ",
-                    "value": "Value2",
-                    "filters": []
-                  }
-                ]
-              }
-            ]
-          }
-        ],
-        "subnetId": null
-      },
-      "error": "not enough nodes"
-    },
-    "bad rating": {
-      "policy": {
-        "replicas": [
-          {
-            "count": 1,
-            "selector": "S"
-          }
-        ],
-        "containerBackupFactor": 1,
-        "selectors": [
-          {
-            "name": "S",
-            "count": 1,
-            "clause": "DISTINCT",
-            "attribute": "",
-            "filter": "Main"
-          }
-        ],
-        "filters": [
-          {
-            "name": "StorageSSD",
-            "key": "Storage",
-            "op": "EQ",
-            "value": "SSD",
-            "filters": []
-          },
-          {
-            "name": "GoodRating",
-            "key": "Rating",
-            "op": "GE",
-            "value": "15",
-            "filters": []
-          },
-          {
-            "name": "Main",
-            "key": "",
-            "op": "AND",
-            "value": "",
-            "filters": [
-              {
-                "name": "StorageSSD",
-                "key": "",
-                "op": "OPERATION_UNSPECIFIED",
-                "value": "",
-                "filters": []
-              },
-              {
-                "name": "",
-                "key": "IntField",
-                "op": "LT",
-                "value": "123",
-                "filters": []
-              },
-              {
-                "name": "GoodRating",
-                "key": "",
-                "op": "OPERATION_UNSPECIFIED",
-                "value": "",
-                "filters": []
-              },
-              {
-                "name": "",
-                "key": "",
-                "op": "OR",
-                "value": "",
-                "filters": [
-                  {
-                    "name": "",
-                    "key": "Param",
-                    "op": "EQ",
-                    "value": "Value1",
-                    "filters": []
-                  },
-                  {
-                    "name": "",
-                    "key": "Param",
-                    "op": "EQ",
-                    "value": "Value2",
-                    "filters": []
-                  }
-                ]
-              }
-            ]
-          }
-        ],
-        "subnetId": null
-      },
-      "error": "not enough nodes"
-    },
-    "bad param": {
-      "policy": {
-        "replicas": [
-          {
-            "count": 1,
-            "selector": "S"
-          }
-        ],
-        "containerBackupFactor": 1,
-        "selectors": [
-          {
-            "name": "S",
-            "count": 1,
-            "clause": "DISTINCT",
-            "attribute": "",
-            "filter": "Main"
-          }
-        ],
-        "filters": [
-          {
-            "name": "StorageSSD",
-            "key": "Storage",
-            "op": "EQ",
-            "value": "SSD",
-            "filters": []
-          },
-          {
-            "name": "GoodRating",
-            "key": "Rating",
-            "op": "GE",
-            "value": "4",
-            "filters": []
-          },
-          {
-            "name": "Main",
-            "key": "",
-            "op": "AND",
-            "value": "",
-            "filters": [
-              {
-                "name": "StorageSSD",
-                "key": "",
-                "op": "OPERATION_UNSPECIFIED",
-                "value": "",
-                "filters": []
-              },
-              {
-                "name": "",
-                "key": "IntField",
-                "op": "LT",
-                "value": "123",
-                "filters": []
-              },
-              {
-                "name": "GoodRating",
-                "key": "",
-                "op": "OPERATION_UNSPECIFIED",
-                "value": "",
-                "filters": []
-              },
-              {
-                "name": "",
-                "key": "",
-                "op": "OR",
-                "value": "",
-                "filters": [
-                  {
-                    "name": "",
-                    "key": "Param",
-                    "op": "EQ",
-                    "value": "Value0",
-                    "filters": []
-                  },
-                  {
-                    "name": "",
-                    "key": "Param",
-                    "op": "EQ",
-                    "value": "Value2",
-                    "filters": []
-                  }
-                ]
-              }
-            ]
-          }
-        ],
-        "subnetId": null
-      },
-      "error": "not enough nodes"
-    }
-  }
-}
--- a/Show more
+++ b/Show more