[#40] status: Introduce CONTAINER_ACCESS_DENIED status

* Add a new status CONTAINER_ACCESS_DENIED. * Fix descriptions for methods of container and object services. * Also regenerate md docs. Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-03-05 12:36:58 +03:00 · 2024-03-05 12:36:58 +03:00 · 07eb6a438c
commit 07eb6a438c
parent 46dd3885d2
12 changed files with 411 additions and 194 deletions
--- a/container/service.proto
+++ b/container/service.proto
@ -23,7 +23,9 @@ service ContainerService {
  // Statuses:
  // - **OK** (0, SECTION_SUCCESS): \
  //   request to save the container has been sent to the sidechain;
-  // - Common failures (SECTION_FAILURE_COMMON).
+  // - Common failures (SECTION_FAILURE_COMMON);
  // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  //   container create access denied. 
  rpc Put(PutRequest) returns (PutResponse);
  // `Delete` invokes `Container` smart contract's `Delete` method and returns
@ -34,7 +36,9 @@ service ContainerService {
  // Statuses:
  // - **OK** (0, SECTION_SUCCESS): \
  //   request to remove the container has been sent to the sidechain;
-  // - Common failures (SECTION_FAILURE_COMMON).
+  // - Common failures (SECTION_FAILURE_COMMON);
  // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  //   container delete access denied. 
  rpc Delete(DeleteRequest) returns (DeleteResponse);
  // Returns container structure from `Container` smart contract storage.
@ -44,7 +48,9 @@ service ContainerService {
  //   container has been successfully read;
  // - Common failures (SECTION_FAILURE_COMMON);
  // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
-  //   requested container not found.
+  //   requested container not found;
  // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  //   access to container is denied. 
  rpc Get(GetRequest) returns (GetResponse);
  // Returns all owner's containers from 'Container` smart contract' storage.
@ -52,7 +58,9 @@ service ContainerService {
  // Statuses:
  // - **OK** (0, SECTION_SUCCESS): \
  //   container list has been successfully read;
-  // - Common failures (SECTION_FAILURE_COMMON).
+  // - Common failures (SECTION_FAILURE_COMMON);
  // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  //   container list access denied.  
  rpc List(ListRequest) returns (ListResponse);
  // Invokes 'SetEACL' method of 'Container` smart contract and returns response
@ -62,7 +70,9 @@ service ContainerService {
  // Statuses:
  // - **OK** (0, SECTION_SUCCESS): \
  //   request to save container eACL has been sent to the sidechain;
-  // - Common failures (SECTION_FAILURE_COMMON).
+  // - Common failures (SECTION_FAILURE_COMMON);
  // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  //   set container eACL access denied.  
  rpc SetExtendedACL(SetExtendedACLRequest) returns (SetExtendedACLResponse);
  // Returns Extended ACL table and signature from `Container` smart contract
@ -75,7 +85,9 @@ service ContainerService {
  // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  //   container not found;
  // - **EACL_NOT_FOUND** (3073, SECTION_CONTAINER): \
-  //   eACL table not found.
+  //   eACL table not found;
  // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  //   access to container eACL is denied.  
  rpc GetExtendedACL(GetExtendedACLRequest) returns (GetExtendedACLResponse);
  // Announces the space values used by the container for P2P synchronization.
--- a/object/service.proto
+++ b/object/service.proto
@ -45,6 +45,8 @@ service ObjectService {
  //   the requested object has been marked as deleted;
  // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  //   object container not found;
  // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  //   access to container is denied; 
  // - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  //   provided session token has expired.
  rpc Get(GetRequest) returns (stream GetResponse);
@ -78,6 +80,8 @@ service ObjectService {
  //   type other than REGULAR is prohibited;
  // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  //   object storage container not found;
  // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  //   access to container is denied;
  // - **TOKEN_NOT_FOUND** (4096, SECTION_SESSION): \
  //   (for trusted object preparation) session private key does not exist or
  //   has
@ -110,6 +114,8 @@ service ObjectService {
  //   deleting a locked object is prohibited;
  // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  //   object container not found;
  // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  //   access to container is denied; 
  // - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  //   provided session token has expired.
  rpc Delete(DeleteRequest) returns (DeleteResponse);
@ -138,6 +144,8 @@ service ObjectService {
  //   the requested object has been marked as deleted;
  // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  //   object container not found;
  // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  //   access to container is denied; 
  // - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  //   provided session token has expired.
  rpc Head(HeadRequest) returns (HeadResponse);
@ -162,6 +170,8 @@ service ObjectService {
  //   access to operation SEARCH of the object is denied;
  // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  //   search container not found;
  // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  //   access to container is denied; 
  // - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  //   provided session token has expired.
  rpc Search(SearchRequest) returns (stream SearchResponse);
@ -197,6 +207,8 @@ service ObjectService {
  //   the requested range is out of bounds;
  // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  //   object container not found;
  // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  //   access to container is denied; 
  // - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  //   provided session token has expired.
  rpc GetRange(GetRangeRequest) returns (stream GetRangeResponse);
@ -230,6 +242,8 @@ service ObjectService {
  //   the requested range is out of bounds;
  // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  //   object container not found;
  // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  //   access to container is denied; 
  // - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  //   provided session token has expired.
  rpc GetRangeHash(GetRangeHashRequest) returns (GetRangeHashResponse);
@ -260,6 +274,8 @@ service ObjectService {
  //   type other than REGULAR is prohibited;
  // - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  //   object storage container not found;
  // - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  //   access to container is denied; 
  // - **TOKEN_NOT_FOUND** (4096, SECTION_SESSION): \
  //   (for trusted object preparation) session private key does not exist or
  //   has
--- a/proto-docs/accounting.md
+++ b/proto-docs/accounting.md
@ -105,7 +105,8 @@ BalanceResponse message
 ### Message BalanceResponse.Body
 The amount of funds in GAS token for the `OwnerID`'s account requested.
-Balance is given in the `Decimal` format to avoid precision issues with rounding.
+Balance is given in the `Decimal` format to avoid precision issues with
 rounding.
 | Field | Type | Label | Description |
--- a/proto-docs/acl.md
+++ b/proto-docs/acl.md
@ -38,8 +38,8 @@ like [JWT](https://jwt.io), it has a limited lifetime and scope, hence can be
 used in the similar use cases, like providing authorisation to externally
 authenticated party.
-BearerToken can be issued only by the container's owner and must be signed using
+BearerToken can be issued only by the container's owner and must be signed
-the key associated with the container's `OwnerID`.
+using the key associated with the container's `OwnerID`.
 | Field | Type | Label | Description |
@ -51,8 +51,8 @@ the key associated with the container's `OwnerID`.
 <a name="neo.fs.v2.acl.BearerToken.Body"></a>
 ### Message BearerToken.Body
-Bearer Token body structure contains Extended ACL table issued by the container
+Bearer Token body structure contains Extended ACL table issued by the
-owner with additional information preventing token abuse.
+container owner with additional information preventing token abuse.
 | Field | Type | Label | Description |
--- a/proto-docs/container.md
+++ b/proto-docs/container.md
@ -3,50 +3,50 @@
 ## Table of Contents
- [Protocol Documentation](#protocol-documentation)
+- [container/service.proto](#container/service.proto)
-  - [Table of Contents](#table-of-contents)
+ - Services
-  - [container/service.proto](#containerserviceproto)
+    - [ContainerService](#neo.fs.v2.container.ContainerService)
-    - [Service "neo.fs.v2.container.ContainerService"](#service-neofsv2containercontainerservice)
+    
-      - [Method Put](#method-put)
+  - Messages
-      - [Method Delete](#method-delete)
+    - [AnnounceUsedSpaceRequest](#neo.fs.v2.container.AnnounceUsedSpaceRequest)
-      - [Method Get](#method-get)
+    - [AnnounceUsedSpaceRequest.Body](#neo.fs.v2.container.AnnounceUsedSpaceRequest.Body)
-      - [Method List](#method-list)
+    - [AnnounceUsedSpaceRequest.Body.Announcement](#neo.fs.v2.container.AnnounceUsedSpaceRequest.Body.Announcement)
-      - [Method SetExtendedACL](#method-setextendedacl)
+    - [AnnounceUsedSpaceResponse](#neo.fs.v2.container.AnnounceUsedSpaceResponse)
-      - [Method GetExtendedACL](#method-getextendedacl)
+    - [AnnounceUsedSpaceResponse.Body](#neo.fs.v2.container.AnnounceUsedSpaceResponse.Body)
-      - [Method AnnounceUsedSpace](#method-announceusedspace)
+    - [DeleteRequest](#neo.fs.v2.container.DeleteRequest)
-    - [Message AnnounceUsedSpaceRequest](#message-announceusedspacerequest)
+    - [DeleteRequest.Body](#neo.fs.v2.container.DeleteRequest.Body)
-    - [Message AnnounceUsedSpaceRequest.Body](#message-announceusedspacerequestbody)
+    - [DeleteResponse](#neo.fs.v2.container.DeleteResponse)
-    - [Message AnnounceUsedSpaceRequest.Body.Announcement](#message-announceusedspacerequestbodyannouncement)
+    - [DeleteResponse.Body](#neo.fs.v2.container.DeleteResponse.Body)
-    - [Message AnnounceUsedSpaceResponse](#message-announceusedspaceresponse)
+    - [GetExtendedACLRequest](#neo.fs.v2.container.GetExtendedACLRequest)
-    - [Message AnnounceUsedSpaceResponse.Body](#message-announceusedspaceresponsebody)
+    - [GetExtendedACLRequest.Body](#neo.fs.v2.container.GetExtendedACLRequest.Body)
-    - [Message DeleteRequest](#message-deleterequest)
+    - [GetExtendedACLResponse](#neo.fs.v2.container.GetExtendedACLResponse)
-    - [Message DeleteRequest.Body](#message-deleterequestbody)
+    - [GetExtendedACLResponse.Body](#neo.fs.v2.container.GetExtendedACLResponse.Body)
-    - [Message DeleteResponse](#message-deleteresponse)
+    - [GetRequest](#neo.fs.v2.container.GetRequest)
-    - [Message DeleteResponse.Body](#message-deleteresponsebody)
+    - [GetRequest.Body](#neo.fs.v2.container.GetRequest.Body)
-    - [Message GetExtendedACLRequest](#message-getextendedaclrequest)
+    - [GetResponse](#neo.fs.v2.container.GetResponse)
-    - [Message GetExtendedACLRequest.Body](#message-getextendedaclrequestbody)
+    - [GetResponse.Body](#neo.fs.v2.container.GetResponse.Body)
-    - [Message GetExtendedACLResponse](#message-getextendedaclresponse)
+    - [ListRequest](#neo.fs.v2.container.ListRequest)
-    - [Message GetExtendedACLResponse.Body](#message-getextendedaclresponsebody)
+    - [ListRequest.Body](#neo.fs.v2.container.ListRequest.Body)
-    - [Message GetRequest](#message-getrequest)
+    - [ListResponse](#neo.fs.v2.container.ListResponse)
-    - [Message GetRequest.Body](#message-getrequestbody)
+    - [ListResponse.Body](#neo.fs.v2.container.ListResponse.Body)
-    - [Message GetResponse](#message-getresponse)
+    - [PutRequest](#neo.fs.v2.container.PutRequest)
-    - [Message GetResponse.Body](#message-getresponsebody)
+    - [PutRequest.Body](#neo.fs.v2.container.PutRequest.Body)
-    - [Message ListRequest](#message-listrequest)
+    - [PutResponse](#neo.fs.v2.container.PutResponse)
-    - [Message ListRequest.Body](#message-listrequestbody)
+    - [PutResponse.Body](#neo.fs.v2.container.PutResponse.Body)
-    - [Message ListResponse](#message-listresponse)
+    - [SetExtendedACLRequest](#neo.fs.v2.container.SetExtendedACLRequest)
-    - [Message ListResponse.Body](#message-listresponsebody)
+    - [SetExtendedACLRequest.Body](#neo.fs.v2.container.SetExtendedACLRequest.Body)
-    - [Message PutRequest](#message-putrequest)
+    - [SetExtendedACLResponse](#neo.fs.v2.container.SetExtendedACLResponse)
-    - [Message PutRequest.Body](#message-putrequestbody)
+    - [SetExtendedACLResponse.Body](#neo.fs.v2.container.SetExtendedACLResponse.Body)
-    - [Message PutResponse](#message-putresponse)
+    
-    - [Message PutResponse.Body](#message-putresponsebody)
+
-    - [Message SetExtendedACLRequest](#message-setextendedaclrequest)
+- [container/types.proto](#container/types.proto)
-    - [Message SetExtendedACLRequest.Body](#message-setextendedaclrequestbody)
+
-    - [Message SetExtendedACLResponse](#message-setextendedaclresponse)
+  - Messages
-    - [Message SetExtendedACLResponse.Body](#message-setextendedaclresponsebody)
+    - [Container](#neo.fs.v2.container.Container)
-  - [container/types.proto](#containertypesproto)
+    - [Container.Attribute](#neo.fs.v2.container.Container.Attribute)
-    - [Message Container](#message-container)
+    
-    - [Message Container.Attribute](#message-containerattribute)
+
-  - [Scalar Value Types](#scalar-value-types)
+- [Scalar Value Types](#scalar-value-types)
@ -81,13 +81,15 @@ rpc AnnounceUsedSpace(AnnounceUsedSpaceRequest) returns (AnnounceUsedSpaceRespon
 `Put` invokes `Container` smart contract's `Put` method and returns
 response immediately. After a new block is issued in sidechain, request is
-verified by Inner Ring nodes. After one more block in sidechain, the container
+verified by Inner Ring nodes. After one more block in sidechain, the
-is added into smart contract storage.
+container is added into smart contract storage.
 Statuses:
 - **OK** (0, SECTION_SUCCESS): \
  request to save the container has been sent to the sidechain;
- Common failures (SECTION_FAILURE_COMMON).
+- Common failures (SECTION_FAILURE_COMMON);
 - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  container create access denied.
 | Name | Input | Output |
 | ---- | ----- | ------ |
@ -96,13 +98,15 @@ Statuses:
 `Delete` invokes `Container` smart contract's `Delete` method and returns
 response immediately. After a new block is issued in sidechain, request is
-verified by Inner Ring nodes. After one more block in sidechain, the container
+verified by Inner Ring nodes. After one more block in sidechain, the
-is added into smart contract storage.
+container is added into smart contract storage.
 Statuses:
 - **OK** (0, SECTION_SUCCESS): \
  request to remove the container has been sent to the sidechain;
- Common failures (SECTION_FAILURE_COMMON).
+- Common failures (SECTION_FAILURE_COMMON);
 - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  container delete access denied.
 | Name | Input | Output |
 | ---- | ----- | ------ |
@ -116,7 +120,9 @@ Statuses:
  container has been successfully read;
 - Common failures (SECTION_FAILURE_COMMON);
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
-  requested container not found.
+  requested container not found;
 - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  access to container is denied.
 | Name | Input | Output |
 | ---- | ----- | ------ |
@ -128,7 +134,9 @@ Returns all owner's containers from 'Container` smart contract' storage.
 Statuses:
 - **OK** (0, SECTION_SUCCESS): \
  container list has been successfully read;
- Common failures (SECTION_FAILURE_COMMON).
+- Common failures (SECTION_FAILURE_COMMON);
 - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  container list access denied.
 | Name | Input | Output |
 | ---- | ----- | ------ |
@ -136,13 +144,15 @@ Statuses:
 #### Method SetExtendedACL
 Invokes 'SetEACL' method of 'Container` smart contract and returns response
-immediately. After one more block in sidechain, changes in an Extended ACL are
+immediately. After one more block in sidechain, changes in an Extended ACL
-added into smart contract storage.
+are added into smart contract storage.
 Statuses:
 - **OK** (0, SECTION_SUCCESS): \
  request to save container eACL has been sent to the sidechain;
- Common failures (SECTION_FAILURE_COMMON).
+- Common failures (SECTION_FAILURE_COMMON);
 - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  set container eACL access denied.
 | Name | Input | Output |
 | ---- | ----- | ------ |
@ -159,7 +169,9 @@ Statuses:
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  container not found;
 - **EACL_NOT_FOUND** (3073, SECTION_CONTAINER): \
-  eACL table not found.
+  eACL table not found;
 - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  access to container eACL is denied.
 | Name | Input | Output |
 | ---- | ----- | ------ |
@ -327,8 +339,8 @@ Get Extended ACL
 ### Message GetExtendedACLResponse.Body
 Get Extended ACL Response body can be empty if the requested container does
-not have Extended ACL Table attached or Extended ACL has not been allowed at
+not have Extended ACL Table attached or Extended ACL has not been allowed
-the time of container creation.
+at the time of container creation.
 | Field | Type | Label | Description |
@ -536,8 +548,8 @@ Set Extended ACL
 ### Message SetExtendedACLResponse.Body
 `SetExtendedACLResponse` has an empty body because the operation is
-asynchronous and the update should be reflected in `Container` smart contract's
+asynchronous and the update should be reflected in `Container` smart
-storage after next block is issued in sidechain.
+contract's storage after next block is issued in sidechain.
 <!-- end messages -->
@ -560,8 +572,8 @@ storage after next block is issued in sidechain.
 ### Message Container
 Container is a structure that defines object placement behaviour. Objects can
 be stored only within containers. They define placement rule, attributes and
-access control information. An ID of a container is a 32 byte long SHA256 hash
+access control information. An ID of a container is a 32 byte long SHA256
-of stable-marshalled container message.
+hash of stable-marshalled container message.
 | Field | Type | Label | Description |
@ -578,8 +590,8 @@ of stable-marshalled container message.
 ### Message Container.Attribute
 `Attribute` is a user-defined Key-Value metadata pair attached to the
-container. Container attributes are immutable. They are set at the moment of
+container. Container attributes are immutable. They are set at the moment
-container creation and can never be added or updated.
+of container creation and can never be added or updated.
 Key name must be a container-unique valid UTF-8 string. Value can't be
 empty. Containers with duplicated attribute names or attributes with empty
@ -593,15 +605,16 @@ There are some "well-known" attributes affecting system behaviour:
  NNS contract.
 * [ __SYSTEM__ZONE ]  \
  (`__NEOFS__ZONE` is deprecated) \
-  String of a zone for `__SYSTEM__NAME` (`__NEOFS__NAME` is deprecated). Used as a TLD of a domain name in NNS
+  String of a zone for `__SYSTEM__NAME` (`__NEOFS__NAME` is deprecated).
-  contract. If no zone is specified, use default zone: `container`.
+  Used as a TLD of a domain name in NNS contract. If no zone is specified,
  use default zone: `container`.
 * [ __SYSTEM__DISABLE_HOMOMORPHIC_HASHING ] \
  (`__NEOFS__DISABLE_HOMOMORPHIC_HASHING` is deprecated) \
-  Disables homomorphic hashing for the container if the value equals "true" string.
+  Disables homomorphic hashing for the container if the value equals "true"
-  Any other values are interpreted as missing attribute. Container could be
+  string. Any other values are interpreted as missing attribute. Container
-  accepted in a NeoFS network only if the global network hashing configuration
+  could be accepted in a NeoFS network only if the global network hashing
-  value corresponds with that attribute's value. After container inclusion, network
+  configuration value corresponds with that attribute's value. After
-  setting is ignored.
+  container inclusion, network setting is ignored.
 And some well-known attributes used by applications only:
--- a/proto-docs/lock.md
+++ b/proto-docs/lock.md
@ -27,8 +27,9 @@
 ### Message Lock
 Lock objects protects a list of objects from being deleted. The lifetime of a
 lock object is limited similar to regular objects in
-`__SYSTEM__EXPIRATION_EPOCH` (`__NEOFS__EXPIRATION_EPOCH` is deprecated) attribute. Lock object MUST have expiration epoch.
+`__SYSTEM__EXPIRATION_EPOCH` (`__NEOFS__EXPIRATION_EPOCH` is deprecated)
-It is impossible to delete a lock object via ObjectService.Delete RPC call.
+attribute. Lock object MUST have expiration epoch. It is impossible to delete
 a lock object via ObjectService.Delete RPC call.
 | Field | Type | Label | Description |
--- a/proto-docs/netmap.md
+++ b/proto-docs/netmap.md
@ -3,40 +3,41 @@
 ## Table of Contents
- [Protocol Documentation](#protocol-documentation)
+- [netmap/service.proto](#netmap/service.proto)
-  - [Table of Contents](#table-of-contents)
+ - Services
-  - [netmap/service.proto](#netmapserviceproto)
+    - [NetmapService](#neo.fs.v2.netmap.NetmapService)
-    - [Service "neo.fs.v2.netmap.NetmapService"](#service-neofsv2netmapnetmapservice)
+    
-      - [Method LocalNodeInfo](#method-localnodeinfo)
+  - Messages
-      - [Method NetworkInfo](#method-networkinfo)
+    - [LocalNodeInfoRequest](#neo.fs.v2.netmap.LocalNodeInfoRequest)
-      - [Method NetmapSnapshot](#method-netmapsnapshot)
+    - [LocalNodeInfoRequest.Body](#neo.fs.v2.netmap.LocalNodeInfoRequest.Body)
-    - [Message LocalNodeInfoRequest](#message-localnodeinforequest)
+    - [LocalNodeInfoResponse](#neo.fs.v2.netmap.LocalNodeInfoResponse)
-    - [Message LocalNodeInfoRequest.Body](#message-localnodeinforequestbody)
+    - [LocalNodeInfoResponse.Body](#neo.fs.v2.netmap.LocalNodeInfoResponse.Body)
-    - [Message LocalNodeInfoResponse](#message-localnodeinforesponse)
+    - [NetmapSnapshotRequest](#neo.fs.v2.netmap.NetmapSnapshotRequest)
-    - [Message LocalNodeInfoResponse.Body](#message-localnodeinforesponsebody)
+    - [NetmapSnapshotRequest.Body](#neo.fs.v2.netmap.NetmapSnapshotRequest.Body)
-    - [Message NetmapSnapshotRequest](#message-netmapsnapshotrequest)
+    - [NetmapSnapshotResponse](#neo.fs.v2.netmap.NetmapSnapshotResponse)
-    - [Message NetmapSnapshotRequest.Body](#message-netmapsnapshotrequestbody)
+    - [NetmapSnapshotResponse.Body](#neo.fs.v2.netmap.NetmapSnapshotResponse.Body)
-    - [Message NetmapSnapshotResponse](#message-netmapsnapshotresponse)
+    - [NetworkInfoRequest](#neo.fs.v2.netmap.NetworkInfoRequest)
-    - [Message NetmapSnapshotResponse.Body](#message-netmapsnapshotresponsebody)
+    - [NetworkInfoRequest.Body](#neo.fs.v2.netmap.NetworkInfoRequest.Body)
-    - [Message NetworkInfoRequest](#message-networkinforequest)
+    - [NetworkInfoResponse](#neo.fs.v2.netmap.NetworkInfoResponse)
-    - [Message NetworkInfoRequest.Body](#message-networkinforequestbody)
+    - [NetworkInfoResponse.Body](#neo.fs.v2.netmap.NetworkInfoResponse.Body)
-    - [Message NetworkInfoResponse](#message-networkinforesponse)
+    
-    - [Message NetworkInfoResponse.Body](#message-networkinforesponsebody)
+
-  - [netmap/types.proto](#netmaptypesproto)
+- [netmap/types.proto](#netmap/types.proto)
-    - [Message Filter](#message-filter)
+
-    - [Message Netmap](#message-netmap)
+  - Messages
-    - [Message NetworkConfig](#message-networkconfig)
+    - [Filter](#neo.fs.v2.netmap.Filter)
-    - [Message NetworkConfig.Parameter](#message-networkconfigparameter)
+    - [Netmap](#neo.fs.v2.netmap.Netmap)
-    - [Message NetworkInfo](#message-networkinfo)
+    - [NetworkConfig](#neo.fs.v2.netmap.NetworkConfig)
-    - [Message NodeInfo](#message-nodeinfo)
+    - [NetworkConfig.Parameter](#neo.fs.v2.netmap.NetworkConfig.Parameter)
-    - [Message NodeInfo.Attribute](#message-nodeinfoattribute)
+    - [NetworkInfo](#neo.fs.v2.netmap.NetworkInfo)
-    - [Message PlacementPolicy](#message-placementpolicy)
+    - [NodeInfo](#neo.fs.v2.netmap.NodeInfo)
-    - [Message Replica](#message-replica)
+    - [NodeInfo.Attribute](#neo.fs.v2.netmap.NodeInfo.Attribute)
-    - [Message Selector](#message-selector)
+    - [PlacementPolicy](#neo.fs.v2.netmap.PlacementPolicy)
-    - [Clause](#clause)
+    - [Replica](#neo.fs.v2.netmap.Replica)
-    - [NodeInfo.State](#nodeinfostate)
+    - [Selector](#neo.fs.v2.netmap.Selector)
-    - [Operation](#operation)
+    
-  - [Scalar Value Types](#scalar-value-types)
+
 - [Scalar Value Types](#scalar-value-types)
@ -51,10 +52,10 @@
 <a name="neo.fs.v2.netmap.NetmapService"></a>
 ### Service "neo.fs.v2.netmap.NetmapService"
-`NetmapService` provides methods to work with `Network Map` and the information
+`NetmapService` provides methods to work with `Network Map` and the
-required to build it. The resulting `Network Map` is stored in sidechain
+information required to build it. The resulting `Network Map` is stored in
-`Netmap` smart contract, while related information can be obtained from other
+sidechain `Netmap` smart contract, while related information can be obtained
-NeoFS nodes.
+from other NeoFS nodes.
 ```
 rpc LocalNodeInfo(LocalNodeInfoRequest) returns (LocalNodeInfoResponse);
@ -65,11 +66,12 @@ rpc NetmapSnapshot(NetmapSnapshotRequest) returns (NetmapSnapshotResponse);
 #### Method LocalNodeInfo
-Get NodeInfo structure from the particular node directly. 
+Get NodeInfo structure from the particular node directly.
-Node information can be taken from `Netmap` smart contract. In some cases, though,
+Node information can be taken from `Netmap` smart contract. In some cases,
-one may want to get recent information directly or to talk to the node not yet
+though, one may want to get recent information directly or to talk to the
-present in the `Network Map` to find out what API version can be used for
+node not yet present in the `Network Map` to find out what API version can
-further communication. This can be also used to check if a node is up and running.
+be used for further communication. This can be also used to check if a node
 is up and running.
 Statuses:
 - **OK** (0, SECTION_SUCCESS):
@ -257,8 +259,8 @@ Information about the network.
 <a name="neo.fs.v2.netmap.Filter"></a>
 ### Message Filter
-This filter will return the subset of nodes from `NetworkMap` or another filter's
+This filter will return the subset of nodes from `NetworkMap` or another
-results that will satisfy filter's conditions.
+filter's results that will satisfy filter's conditions.
 | Field | Type | Label | Description |
@ -330,6 +332,12 @@ System parameters:
 - **WithdrawFee** \
  Fee paid for withdrawal of funds paid by the account owner.
  Value: little-endian integer. Default: 0.
 - **MaxECDataCount** \
  Maximum number of data shards for EC placement policy.
  Value: little-endian integer. Default: 0.
 - **MaxECParityCount** \
  Maximum number of parity shards for EC placement policy.
  Value: little-endian integer. Default: 0.
 | Field | Type | Label | Description |
@ -375,15 +383,15 @@ Administrator-defined Attributes of the NeoFS Storage Node.
 string. Value can't be empty.
 Attributes can be constructed into a chain of attributes: any attribute can
-have a parent attribute and a child attribute (except the first and the last
+have a parent attribute and a child attribute (except the first and the
-one). A string representation of the chain of attributes in NeoFS Storage
+last one). A string representation of the chain of attributes in NeoFS
-Node configuration uses ":" and "/" symbols, e.g.:
+Storage Node configuration uses ":" and "/" symbols, e.g.:
       `NEOFS_NODE_ATTRIBUTE_1=key1:val1/key2:val2`
-Therefore the string attribute representation in the Node configuration must
+Therefore the string attribute representation in the Node configuration
-use "\:", "\/" and "\\" escaped symbols if any of them appears in an attribute's
+must use "\:", "\/" and "\\" escaped symbols if any of them appears in an
-key or value.
+attribute's key or value.
 Node's attributes are mostly used during Storage Policy evaluation to
 calculate object's placement and find a set of nodes satisfying policy
@ -459,6 +467,7 @@ storage policy definition languages.
 | container_backup_factor | [uint32](#uint32) |  | Container backup factor controls how deep NeoFS will search for nodes alternatives to include into container's nodes subset |
 | selectors | [Selector](#neo.fs.v2.netmap.Selector) | repeated | Set of Selectors to form the container's nodes subset |
 | filters | [Filter](#neo.fs.v2.netmap.Filter) | repeated | List of named filters to reference in selectors |
 | unique | [bool](#bool) |  | Unique flag defines non-overlapping application for replicas |
 <a name="neo.fs.v2.netmap.Replica"></a>
@ -473,6 +482,8 @@ default.
 | ----- | ---- | ----- | ----------- |
 | count | [uint32](#uint32) |  | How many object replicas to put |
 | selector | [string](#string) |  | Named selector bucket to put replicas |
 | ec_data_count | [uint32](#uint32) |  | Data shards count |
 | ec_parity_count | [uint32](#uint32) |  | Parity shards count |
 <a name="neo.fs.v2.netmap.Selector"></a>
@ -538,6 +549,7 @@ Operations on filters
 | LE | 6 | Less or equal |
 | OR | 7 | Logical OR |
 | AND | 8 | Logical AND |
 | NOT | 9 | Logical negation |
 <!-- end enums -->
--- a/proto-docs/object.md
+++ b/proto-docs/object.md
@ -35,6 +35,10 @@
    - [PutRequest.Body.Init](#neo.fs.v2.object.PutRequest.Body.Init)
    - [PutResponse](#neo.fs.v2.object.PutResponse)
    - [PutResponse.Body](#neo.fs.v2.object.PutResponse.Body)
    - [PutSingleRequest](#neo.fs.v2.object.PutSingleRequest)
    - [PutSingleRequest.Body](#neo.fs.v2.object.PutSingleRequest.Body)
    - [PutSingleResponse](#neo.fs.v2.object.PutSingleResponse)
    - [PutSingleResponse.Body](#neo.fs.v2.object.PutSingleResponse.Body)
    - [Range](#neo.fs.v2.object.Range)
    - [SearchRequest](#neo.fs.v2.object.SearchRequest)
    - [SearchRequest.Body](#neo.fs.v2.object.SearchRequest.Body)
@ -46,8 +50,11 @@
 - [object/types.proto](#object/types.proto)
  - Messages
    - [ECInfo](#neo.fs.v2.object.ECInfo)
    - [ECInfo.Chunk](#neo.fs.v2.object.ECInfo.Chunk)
    - [Header](#neo.fs.v2.object.Header)
    - [Header.Attribute](#neo.fs.v2.object.Header.Attribute)
    - [Header.EC](#neo.fs.v2.object.Header.EC)
    - [Header.Split](#neo.fs.v2.object.Header.Split)
    - [Object](#neo.fs.v2.object.Object)
    - [ShortHeader](#neo.fs.v2.object.ShortHeader)
@ -80,17 +87,18 @@ rpc Head(HeadRequest) returns (HeadResponse);
 rpc Search(SearchRequest) returns (stream SearchResponse);
 rpc GetRange(GetRangeRequest) returns (stream GetRangeResponse);
 rpc GetRangeHash(GetRangeHashRequest) returns (GetRangeHashResponse);
 rpc PutSingle(PutSingleRequest) returns (PutSingleResponse);
 ```
 #### Method Get
 Receive full object structure, including Headers and payload. Response uses
-gRPC stream. First response message carries the object with the requested address.
+gRPC stream. First response message carries the object with the requested
-Chunk messages are parts of the object's payload if it is needed. All
+address. Chunk messages are parts of the object's payload if it is needed.
-messages, except the first one, carry payload chunks. The requested object can
+All messages, except the first one, carry payload chunks. The requested
-be restored by concatenation of object message payload and all chunks
+object can be restored by concatenation of object message payload and all
-keeping the receiving order.
+chunks keeping the receiving order.
 Extended headers can change `Get` behaviour:
 * [ __SYSTEM__NETMAP_EPOCH ] \
@ -99,9 +107,10 @@ Extended headers can change `Get` behaviour:
  calculation.
 * [ __SYSTEM__NETMAP_LOOKUP_DEPTH ] \
  (`__NEOFS__NETMAP_LOOKUP_DEPTH` is deprecated) \
-  Will try older versions (starting from `__SYSTEM__NETMAP_EPOCH` (`__NEOFS__NETMAP_EPOCH` is deprecated) if specified or
+  Will try older versions (starting from `__SYSTEM__NETMAP_EPOCH`
-  the latest one otherwise) of Network Map to find an object until the depth
+  (`__NEOFS__NETMAP_EPOCH` is deprecated) if specified or the latest one
-  limit is reached.
+  otherwise) of Network Map to find an object until the depth limit is
  reached.
 Please refer to detailed `XHeader` description.
@ -117,6 +126,8 @@ Statuses:
  the requested object has been marked as deleted;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  object container not found;
 - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  access to container is denied; 
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.
@ -147,15 +158,18 @@ Statuses:
 - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
  write access to the container is denied;
 - **LOCKED** (2050, SECTION_OBJECT): \
-  placement of an object of type TOMBSTONE that includes at least one locked
+  placement of an object of type TOMBSTONE that includes at least one
-  object is prohibited;
+  locked object is prohibited;
 - **LOCK_NON_REGULAR_OBJECT** (2051, SECTION_OBJECT): \
  placement of an object of type LOCK that includes at least one object of
  type other than REGULAR is prohibited;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  object storage container not found;
 - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  access to container is denied;
 - **TOKEN_NOT_FOUND** (4096, SECTION_SESSION): \
-  (for trusted object preparation) session private key does not exist or has
+  (for trusted object preparation) session private key does not exist or
  has
 been deleted;
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.
@ -182,10 +196,15 @@ Statuses:
 - Common failures (SECTION_FAILURE_COMMON);
 - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
  delete access to the object is denied;
 - **OBJECT_NOT_FOUND** (2049, SECTION_OBJECT): \
  the object could not be deleted because it has not been \
  found within the container;
 - **LOCKED** (2050, SECTION_OBJECT): \
  deleting a locked object is prohibited;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  object container not found;
 - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  access to container is denied; 
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.
@ -218,6 +237,8 @@ Statuses:
  the requested object has been marked as deleted;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  object container not found;
 - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  access to container is denied; 
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.
@ -246,6 +267,8 @@ Statuses:
  access to operation SEARCH of the object is denied;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  search container not found;
 - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  access to container is denied; 
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.
@ -256,8 +279,8 @@ Statuses:
 Get byte range of data payload. Range is set as an (offset, length) tuple.
 Like in `Get` method, the response uses gRPC stream. Requested range can be
-restored by concatenation of all received payload chunks keeping the receiving
+restored by concatenation of all received payload chunks keeping the
-order.
+receiving order.
 Extended headers can change `GetRange` behaviour:
 * [ __SYSTEM__NETMAP_EPOCH ] \
@ -285,6 +308,8 @@ Statuses:
  the requested range is out of bounds;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  object container not found;
 - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  access to container is denied; 
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.
@ -322,12 +347,54 @@ Statuses:
  the requested range is out of bounds;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  object container not found;
 - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  access to container is denied; 
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.
 | Name | Input | Output |
 | ---- | ----- | ------ |
 | GetRangeHash | [GetRangeHashRequest](#neo.fs.v2.object.GetRangeHashRequest) | [GetRangeHashResponse](#neo.fs.v2.object.GetRangeHashResponse) |
 #### Method PutSingle
 Put the prepared object into container.
 `ContainerID`, `ObjectID`, `OwnerID`, `PayloadHash` and `PayloadLength` of
 an object MUST be set.
 Extended headers can change `Put` behaviour:
 * [ __SYSTEM__NETMAP_EPOCH \
  (`__NEOFS__NETMAP_EPOCH` is deprecated) \
  Will use the requested version of Network Map for object placement
  calculation.
 Please refer to detailed `XHeader` description.
 Statuses:
 - **OK** (0, SECTION_SUCCESS): \
  object has been successfully saved in the container;
 - Common failures (SECTION_FAILURE_COMMON);
 - **ACCESS_DENIED** (2048, SECTION_OBJECT): \
  write access to the container is denied;
 - **LOCKED** (2050, SECTION_OBJECT): \
  placement of an object of type TOMBSTONE that includes at least one
  locked object is prohibited;
 - **LOCK_NON_REGULAR_OBJECT** (2051, SECTION_OBJECT): \
  placement of an object of type LOCK that includes at least one object of
  type other than REGULAR is prohibited;
 - **CONTAINER_NOT_FOUND** (3072, SECTION_CONTAINER): \
  object storage container not found;
 - **CONTAINER_ACCESS_DENIED** (3074, SECTION_CONTAINER): \
  access to container is denied; 
 - **TOKEN_NOT_FOUND** (4096, SECTION_SESSION): \
  (for trusted object preparation) session private key does not exist or
  has
 been deleted;
 - **TOKEN_EXPIRED** (4097, SECTION_SESSION): \
  provided session token has expired.
 | Name | Input | Output |
 | ---- | ----- | ------ |
 | PutSingle | [PutSingleRequest](#neo.fs.v2.object.PutSingleRequest) | [PutSingleResponse](#neo.fs.v2.object.PutSingleResponse) |
 <!-- end services -->
@ -484,6 +551,7 @@ chunks.
 | ----- | ---- | ----- | ----------- |
 | chunk | [bytes](#bytes) |  | Chunked object payload's range. |
 | split_info | [SplitInfo](#neo.fs.v2.object.SplitInfo) |  | Meta information of split hierarchy. |
 | ec_info | [ECInfo](#neo.fs.v2.object.ECInfo) |  | Meta information for EC object assembly. |
 <a name="neo.fs.v2.object.GetRequest"></a>
@ -535,6 +603,7 @@ GET Object Response body
 | init | [GetResponse.Body.Init](#neo.fs.v2.object.GetResponse.Body.Init) |  | Initial part of the object stream |
 | chunk | [bytes](#bytes) |  | Chunked object payload |
 | split_info | [SplitInfo](#neo.fs.v2.object.SplitInfo) |  | Meta information of split hierarchy for object assembly. |
 | ec_info | [ECInfo](#neo.fs.v2.object.ECInfo) |  | Meta information for EC object assembly. |
 <a name="neo.fs.v2.object.GetResponse.Body.Init"></a>
@ -601,6 +670,7 @@ Object HEAD response body
 | header | [HeaderWithSignature](#neo.fs.v2.object.HeaderWithSignature) |  | Full object's `Header` with `ObjectID` signature |
 | short_header | [ShortHeader](#neo.fs.v2.object.ShortHeader) |  | Short object header |
 | split_info | [SplitInfo](#neo.fs.v2.object.SplitInfo) |  | Meta information of split hierarchy. |
 | ec_info | [ECInfo](#neo.fs.v2.object.ECInfo) |  | Meta information for EC object assembly. |
 <a name="neo.fs.v2.object.HeaderWithSignature"></a>
@ -685,6 +755,51 @@ PUT Object response body
 | object_id | [neo.fs.v2.refs.ObjectID](#neo.fs.v2.refs.ObjectID) |  | Identifier of the saved object |
 <a name="neo.fs.v2.object.PutSingleRequest"></a>
 ### Message PutSingleRequest
 Object PUT Single request
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | body | [PutSingleRequest.Body](#neo.fs.v2.object.PutSingleRequest.Body) |  | Body of put single object request message. |
 | meta_header | [neo.fs.v2.session.RequestMetaHeader](#neo.fs.v2.session.RequestMetaHeader) |  | Carries request meta information. Header data is used only to regulate message transport and does not affect request execution. |
 | verify_header | [neo.fs.v2.session.RequestVerificationHeader](#neo.fs.v2.session.RequestVerificationHeader) |  | Carries request verification information. This header is used to authenticate the nodes of the message route and check the correctness of transmission. |
 <a name="neo.fs.v2.object.PutSingleRequest.Body"></a>
 ### Message PutSingleRequest.Body
 PUT Single request body
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | object | [Object](#neo.fs.v2.object.Object) |  | Prepared object with payload. |
 | copies_number | [uint32](#uint32) | repeated | Number of copies of the object to store within the RPC call. By default, object is processed according to the container's placement policy. Every number is treated as a minimal number of nodes in a corresponding placement vector that must store an object to complete the request successfully. The length MUST equal the placement vectors number, otherwise request is considered malformed. |
 <a name="neo.fs.v2.object.PutSingleResponse"></a>
 ### Message PutSingleResponse
 Object PUT Single response
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | body | [PutSingleResponse.Body](#neo.fs.v2.object.PutSingleResponse.Body) |  | Body of put single object response message. |
 | meta_header | [neo.fs.v2.session.ResponseMetaHeader](#neo.fs.v2.session.ResponseMetaHeader) |  | Carries response meta information. Header data is used only to regulate message transport and does not affect request execution. |
 | verify_header | [neo.fs.v2.session.ResponseVerificationHeader](#neo.fs.v2.session.ResponseVerificationHeader) |  | Carries response verification information. This header is used to authenticate the nodes of the message route and check the correctness of transmission. |
 <a name="neo.fs.v2.object.PutSingleResponse.Body"></a>
 ### Message PutSingleResponse.Body
 PUT Single Object response body
 <a name="neo.fs.v2.object.Range"></a>
 ### Message Range
@ -726,11 +841,11 @@ Object Search request body
 <a name="neo.fs.v2.object.SearchRequest.Body.Filter"></a>
 ### Message SearchRequest.Body.Filter
-Filter structure checks if the object header field or the attribute content
+Filter structure checks if the object header field or the attribute
-matches a value.
+content matches a value.
 If no filters are set, search request will return all objects of the
-container, including Regular object, Tombstones and Storage Group
+container, including Regular object and Tombstone
 objects. Most human users expect to get only object they can directly
 work with. In that case, `$Object:ROOT` filter should be used.
@ -765,11 +880,11 @@ There are some well-known filter aliases to match objects by certain
 properties:
 * $Object:ROOT \
-  Returns only `REGULAR` type objects that are not split or that are the top
+  Returns only `REGULAR` type objects that are not split or that are the
-  level root objects in a split hierarchy. This includes objects not
+  top level root objects in a split hierarchy. This includes objects not
  present physically, like large objects split into smaller objects
  without a separate top-level root object. Objects of other types like
-  StorageGroups and Tombstones will not be shown. This filter may be
+  Locks and Tombstones will not be shown. This filter may be
  useful for listing objects like `ls` command of some virtual file
  system. This filter is activated if the `key` exists, disregarding the
  value and matcher type.
@ -778,8 +893,8 @@ properties:
  activated if the `key` exists, disregarding the value and matcher type.
 Note: using filters with a key with prefix `$Object:` and match type
-`NOT_PRESENT `is not recommended since this is not a cross-version approach.
+`NOT_PRESENT `is not recommended since this is not a cross-version
-Behavior when processing this kind of filters is undefined.
+approach. Behavior when processing this kind of filters is undefined.
 | Field | Type | Label | Description |
@ -827,6 +942,30 @@ Object Search response body
 <!-- end services -->
 <a name="neo.fs.v2.object.ECInfo"></a>
 ### Message ECInfo
 Meta information for the erasure-encoded object.
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | chunks | [ECInfo.Chunk](#neo.fs.v2.object.ECInfo.Chunk) | repeated | Chunk stored on the node. |
 <a name="neo.fs.v2.object.ECInfo.Chunk"></a>
 ### Message ECInfo.Chunk
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | id | [neo.fs.v2.refs.ObjectID](#neo.fs.v2.refs.ObjectID) |  | Object ID of the chunk. |
 | index | [uint32](#uint32) |  | Index of the chunk. |
 | total | [uint32](#uint32) |  | Total number of chunks in this split. |
 <a name="neo.fs.v2.object.Header"></a>
 ### Message Header
@ -846,6 +985,7 @@ Object Header
 | session_token | [neo.fs.v2.session.SessionToken](#neo.fs.v2.session.SessionToken) |  | Session token, if it was used during Object creation. Need it to verify integrity and authenticity out of Request scope. |
 | attributes | [Header.Attribute](#neo.fs.v2.object.Header.Attribute) | repeated | User-defined object attributes |
 | split | [Header.Split](#neo.fs.v2.object.Header.Split) |  | Position of the object in the split hierarchy |
 | ec | [Header.EC](#neo.fs.v2.object.Header.EC) |  | Erasure code chunk information. |
 <a name="neo.fs.v2.object.Header.Attribute"></a>
@ -858,15 +998,16 @@ Key name must be an object-unique valid UTF-8 string. Value can't be empty.
 Objects with duplicated attribute names or attributes with empty values
 will be considered invalid.
-There are some "well-known" attributes starting with `__SYSTEM__` (`__NEOFS__` is deprecated) prefix
+There are some "well-known" attributes starting with `__SYSTEM__`
-that affect system behaviour:
+(`__NEOFS__` is deprecated) prefix that affect system behaviour:
 * [ __SYSTEM__UPLOAD_ID ] \
  (`__NEOFS__UPLOAD_ID` is deprecated) \
  Marks smaller parts of a split bigger object
 * [ __SYSTEM__EXPIRATION_EPOCH ] \
  (`__NEOFS__EXPIRATION_EPOCH` is deprecated) \
-  Tells GC to delete object after that epoch
+  The epoch after which object with no LOCKs on it becomes unavailable.
  Locked object continues to be available until each of the LOCKs expire.
 * [ __SYSTEM__TICK_EPOCH ] \
  (`__NEOFS__TICK_EPOCH` is deprecated) \
  Decimal number that defines what epoch must produce
@ -905,6 +1046,23 @@ corresponding section in NeoFS Technical Specification.
 | value | [string](#string) |  | string value of the object attribute |
 <a name="neo.fs.v2.object.Header.EC"></a>
 ### Message Header.EC
 Erasure code can be applied to any object.
 Information about encoded object structure is stored in `EC` header.
 All objects belonging to a single EC group have the same `parent` field.
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | parent | [neo.fs.v2.refs.ObjectID](#neo.fs.v2.refs.ObjectID) |  | Identifier of the origin object. Known to all chunks. |
 | index | [uint32](#uint32) |  | Index of this chunk. |
 | total | [uint32](#uint32) |  | Total number of chunks in this split. |
 | header_length | [uint32](#uint32) |  | Total length of a parent header. Used to trim padding zeroes. |
 | header | [bytes](#bytes) |  | Chunk of a parent header. |
 <a name="neo.fs.v2.object.Header.Split"></a>
 ### Message Header.Split
@ -928,8 +1086,8 @@ must be within the same container.
 ### Message Object
 Object structure. Object is immutable and content-addressed. It means
-`ObjectID` will change if the header or the payload changes. It's calculated as a
+`ObjectID` will change if the header or the payload changes. It's calculated
-hash of header field which contains hash of the object's payload.
+as a hash of header field which contains hash of the object's payload.
 For non-regular object types payload format depends on object type specified
 in the header.
@ -965,8 +1123,8 @@ Short header fields
 ### Message SplitInfo
 Meta information of split hierarchy for object assembly. With the last part
 one can traverse linked list of split hierarchy back to the first part and
-assemble the original object. With a linking object one can assemble an object
+assemble the original object. With a linking object one can assemble an
-right from the object parts.
+object right from the object parts.
 | Field | Type | Label | Description |
@ -997,20 +1155,18 @@ Type of match expression
 ### ObjectType
 Type of the object payload content. Only `REGULAR` type objects can be split,
-hence `TOMBSTONE`, `STORAGE_GROUP` and `LOCK` payload is limited by the maximum
+hence `TOMBSTONE` and `LOCK` payload is limited by the
-object size.
+maximum object size.
 String presentation of object type is the same as definition:
 * REGULAR
 * TOMBSTONE
 * STORAGE_GROUP
 * LOCK
 | Name | Number | Description |
 | ---- | ------ | ----------- |
 | REGULAR | 0 | Just a normal object |
 | TOMBSTONE | 1 | Used internally to identify deleted objects |
 | STORAGE_GROUP | 2 | StorageGroup information |
 | LOCK | 3 | Object lock |
--- a/proto-docs/refs.md
+++ b/proto-docs/refs.md
@ -3,20 +3,20 @@
 ## Table of Contents
- [Protocol Documentation](#protocol-documentation)
+- [refs/types.proto](#refs/types.proto)
-  - [Table of Contents](#table-of-contents)
+
-  - [refs/types.proto](#refstypesproto)
+  - Messages
-    - [Message Address](#message-address)
+    - [Address](#neo.fs.v2.refs.Address)
-    - [Message Checksum](#message-checksum)
+    - [Checksum](#neo.fs.v2.refs.Checksum)
-    - [Message ContainerID](#message-containerid)
+    - [ContainerID](#neo.fs.v2.refs.ContainerID)
-    - [Message ObjectID](#message-objectid)
+    - [ObjectID](#neo.fs.v2.refs.ObjectID)
-    - [Message OwnerID](#message-ownerid)
+    - [OwnerID](#neo.fs.v2.refs.OwnerID)
-    - [Message Signature](#message-signature)
+    - [Signature](#neo.fs.v2.refs.Signature)
-    - [Message SignatureRFC6979](#message-signaturerfc6979)
+    - [SignatureRFC6979](#neo.fs.v2.refs.SignatureRFC6979)
-    - [Message Version](#message-version)
+    - [Version](#neo.fs.v2.refs.Version)
-    - [ChecksumType](#checksumtype)
+    
-    - [SignatureScheme](#signaturescheme)
+
-  - [Scalar Value Types](#scalar-value-types)
+- [Scalar Value Types](#scalar-value-types)
@ -95,8 +95,8 @@ It means `ObjectID` will change if the `header` or the `payload` changes.
 `ObjectID` is a 32 byte long
 [SHA256](https://csrc.nist.gov/publications/detail/fips/180/4/final) hash of
-the object's `header` field, which, in it's turn, contains the hash of the object's
+the object's `header` field, which, in it's turn, contains the hash of the
-payload.
+object's payload.
 String presentation is a
 [base58](https://tools.ietf.org/html/draft-msporny-base58-02) encoded string.
@ -169,7 +169,8 @@ RFC 6979 signature.
 API version used by a node.
 String presentation is a Semantic Versioning 2.0.0 compatible version string
-with 'v' prefix. i.e. `vX.Y`, where `X` is the major number, `Y` is the minor number.
+with 'v' prefix. i.e. `vX.Y`, where `X` is the major number, `Y` is the minor
 number.
 | Field | Type | Label | Description |
@ -196,7 +197,8 @@ Checksum algorithm type.
 <a name="neo.fs.v2.refs.SignatureScheme"></a>
 ### SignatureScheme
-Signature scheme describes digital signing scheme used for (key, signature) pair.
+Signature scheme describes digital signing scheme used for (key, signature)
 pair.
 | Name | Number | Description |
 | ---- | ------ | ----------- |
--- a/proto-docs/session.md
+++ b/proto-docs/session.md
@ -278,15 +278,15 @@ Lifetime parameters of the token. Field names taken from rfc7519.
 <a name="neo.fs.v2.session.XHeader"></a>
 ### Message XHeader
-Extended headers for Request/Response. They may contain any user-defined headers
+Extended headers for Request/Response. They may contain any user-defined
-to be interpreted on application level.
+headers to be interpreted on application level.
-Key name must be a unique valid UTF-8 string. Value can't be empty. Requests or
+Key name must be a unique valid UTF-8 string. Value can't be empty. Requests
-Responses with duplicated header names or headers with empty values will be
+or Responses with duplicated header names or headers with empty values will
-considered invalid.
+be considered invalid.
-There are some "well-known" headers starting with `__SYSTEM__` (`__NEOFS__` is deprecated) prefix that
+There are some "well-known" headers starting with `__SYSTEM__` (`__NEOFS__`
-affect system behaviour:
+is deprecated) prefix that affect system behaviour:
 * [ __SYSTEM__NETMAP_EPOCH ] \
  (`__NEOFS__NETMAP_EPOCH` is deprecated) \
@ -297,8 +297,8 @@ affect system behaviour:
  (`__NEOFS__NETMAP_LOOKUP_DEPTH` is deprecated) \
  If object can't be found using current epoch's netmap, this header limits
  how many past epochs the node can look up through. The `value` is string
-  encoded `uint64` in decimal presentation. If set to '0' or not set, only the
+  encoded `uint64` in decimal presentation. If set to '0' or not set, only
-  current epoch will be used.
+  the current epoch will be used.
 | Field | Type | Label | Description |
--- a/proto-docs/status.md
+++ b/proto-docs/status.md
@ -102,6 +102,7 @@ Section of statuses for container-related operations.
 | ---- | ------ | ----------- |
 | CONTAINER_NOT_FOUND | 0 | [**3072**] Container not found. |
 | EACL_NOT_FOUND | 1 | [**3073**] eACL table not found. |
 | CONTAINER_ACCESS_DENIED | 2 | [**3074**] Container access denied. |
--- a/status/types.proto
+++ b/status/types.proto
@ -133,6 +133,9 @@ enum Container {
  // [**3073**] eACL table not found.
  EACL_NOT_FOUND = 1;
  // [**3074**] Container access denied.
  CONTAINER_ACCESS_DENIED = 2;
 }
 // Section of statuses for session-related operations.