diff --git a/pkg/tools/awarenessgroups/config_decoder.go b/pkg/tools/awarenessgroups/config_decoder.go
index 996b5e555..b50dc776c 100644
--- a/pkg/tools/awarenessgroups/config_decoder.go
+++ b/pkg/tools/awarenessgroups/config_decoder.go
@@ -49,7 +49,7 @@ func (d *Decoder) Decode(value string) error {
 			}
 			nsurl, err := url.Parse(item)
 			if err != nil {
-				return errors.WithStack(err)
+				return errors.Wrapf(err, "failed to parse url %s", item)
 			}
 			awarenessGroups[i] = append(awarenessGroups[i], nsurl)
 		}
@@ -95,7 +95,7 @@ func validateParentheses(value string) error {
 	}
 
 	if parenthesesCounter != 0 {
-		return errors.WithStack(errors.New("parenteses are not balanced"))
+		return errors.New("parenteses are not balanced")
 	}
 	return nil
 }
diff --git a/pkg/tools/debug/self.go b/pkg/tools/debug/self.go
index 27f02aaa9..0d5515501 100644
--- a/pkg/tools/debug/self.go
+++ b/pkg/tools/debug/self.go
@@ -112,7 +112,10 @@ func Self(envVariableParts ...string) error {
 	// Make the syscall.Exec
 	logrus.Infof("About to exec: \"%s %s\"", dlv, strings.Join(args[1:], " "))
 	// About to debug this not working at host rather than container level
-	return errors.WithStack(syscall.Exec(dlv, args, envv))
+	if err = syscall.Exec(dlv, args, envv); err != nil {
+		return errors.Wrapf(err, "failed to exec: \"%s %s\"", dlv, strings.Join(args[1:], " "))
+	}
+	return nil
 }
 
 // envVariable - convert the envVariableParts to a proper env variable
diff --git a/pkg/tools/dnsconfig/config_decoder.go b/pkg/tools/dnsconfig/config_decoder.go
index cd3974718..ba333b8db 100644
--- a/pkg/tools/dnsconfig/config_decoder.go
+++ b/pkg/tools/dnsconfig/config_decoder.go
@@ -33,7 +33,7 @@ type Decoder []*networkservice.DNSConfig
 func (d *Decoder) Decode(v string) error {
 	var c []*networkservice.DNSConfig
 	if err := json.Unmarshal([]byte(v), &c); err != nil {
-		return errors.WithStack(err)
+		return errors.Wrap(err, "failed to parse a JSON-encoded data and store the result")
 	}
 	*d = Decoder(c)
 	return nil
diff --git a/pkg/tools/grpcfdutils/transceiver.go b/pkg/tools/grpcfdutils/transceiver.go
index e0aa4a9e7..bdfc3e39d 100644
--- a/pkg/tools/grpcfdutils/transceiver.go
+++ b/pkg/tools/grpcfdutils/transceiver.go
@@ -46,7 +46,7 @@ type notifiableFDTransceiver struct {
 func (w *notifiableFDTransceiver) RecvFileByURL(urlStr string) (<-chan *os.File, error) {
 	recv, err := w.FDTransceiver.RecvFileByURL(urlStr)
 	if err != nil {
-		return nil, errors.WithStack(err)
+		return nil, errors.Wrapf(err, "failed to receive file by url %s", urlStr)
 	}
 
 	var fileCh = make(chan *os.File)
diff --git a/pkg/tools/ippool/ippool.go b/pkg/tools/ippool/ippool.go
index b59d19f6f..7ecb55315 100644
--- a/pkg/tools/ippool/ippool.go
+++ b/pkg/tools/ippool/ippool.go
@@ -235,7 +235,7 @@ func (tree *IPPool) Pull() (net.IP, error) {
 func (tree *IPPool) PullIPString(ipString string, exclude ...*IPPool) (*net.IPNet, error) {
 	ip, _, err := net.ParseCIDR(ipString)
 	if err != nil {
-		return nil, errors.WithStack(err)
+		return nil, errors.Wrapf(err, "failed to parse %s as a CIDR", ipString)
 	}
 
 	return tree.PullIP(ip, exclude...)
diff --git a/pkg/tools/ippool/prefixpool.go b/pkg/tools/ippool/prefixpool.go
index ccf815d4a..d55bd9fc2 100644
--- a/pkg/tools/ippool/prefixpool.go
+++ b/pkg/tools/ippool/prefixpool.go
@@ -48,7 +48,7 @@ func (pool *PrefixPool) AddPrefixes(prefixes ...string) error {
 	for _, prefix := range prefixes {
 		_, ipNet, err := net.ParseCIDR(prefix)
 		if err != nil {
-			return errors.WithStack(err)
+			return errors.Wrapf(err, "failed to parse %s as CIDR", prefix)
 		}
 		pool.ip4.AddNet(ipNet)
 		pool.ip6.AddNet(ipNet)
@@ -61,7 +61,7 @@ func (pool *PrefixPool) ExcludePrefixes(prefixes ...string) error {
 	for _, prefix := range prefixes {
 		_, ipNet, err := net.ParseCIDR(prefix)
 		if err != nil {
-			return errors.WithStack(err)
+			return errors.Wrapf(err, "failed to parse %s as CIDR", prefix)
 		}
 		pool.ip4.Exclude(ipNet)
 		pool.ip6.Exclude(ipNet)
diff --git a/pkg/tools/monitorconnection/authorize/common.go b/pkg/tools/monitorconnection/authorize/common.go
index 7a1c792ba..f746a7198 100644
--- a/pkg/tools/monitorconnection/authorize/common.go
+++ b/pkg/tools/monitorconnection/authorize/common.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2022 Cisco and/or its affiliates.
+// Copyright (c) 2022-2023 Cisco and/or its affiliates.
 //
 // SPDX-License-Identifier: Apache-2.0
 //
@@ -18,6 +18,8 @@ package authorize
 
 import (
 	"context"
+
+	"github.com/pkg/errors"
 )
 
 // Policy represents authorization policy for monitor connection.
@@ -37,7 +39,7 @@ func (l *policiesList) check(ctx context.Context, srv MonitorOpaInput) error {
 			continue
 		}
 		if err := policy.Check(ctx, srv); err != nil {
-			return err
+			return errors.Wrap(err, "an error occurred during authorization policy check")
 		}
 	}
 	return nil
diff --git a/pkg/tools/monitorconnection/authorize/server_test.go b/pkg/tools/monitorconnection/authorize/server_test.go
index 2d6720f0a..b3c3bdc2c 100644
--- a/pkg/tools/monitorconnection/authorize/server_test.go
+++ b/pkg/tools/monitorconnection/authorize/server_test.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2022 Cisco and/or its affiliates.
+// Copyright (c) 2022-2023 Cisco and/or its affiliates.
 //
 // SPDX-License-Identifier: Apache-2.0
 //
@@ -30,6 +30,7 @@ import (
 	"google.golang.org/grpc/peer"
 	"google.golang.org/grpc/status"
 
+	"github.com/pkg/errors"
 	"github.com/spiffe/go-spiffe/v2/spiffeid"
 
 	"github.com/networkservicemesh/sdk/pkg/tools/monitorconnection/authorize"
@@ -207,7 +208,7 @@ func TestAuthzEndpoint(t *testing.T) {
 					return
 				}
 				require.NotNil(t, err, "monitorConnections expected to be denied")
-				s, ok := status.FromError(err)
+				s, ok := status.FromError(errors.Cause(err))
 				require.True(t, ok, "error without error status code"+err.Error())
 				require.Equal(t, s.Code(), codes.PermissionDenied, "wrong error status code")
 			}
diff --git a/pkg/tools/opa/opainput.go b/pkg/tools/opa/opainput.go
index 2b2b69c49..9af6c2209 100644
--- a/pkg/tools/opa/opainput.go
+++ b/pkg/tools/opa/opainput.go
@@ -82,11 +82,11 @@ func ParseX509Cert(authInfo credentials.AuthInfo) *x509.Certificate {
 func convertToMap(model interface{}) (map[string]interface{}, error) {
 	jsonConn, err := json.Marshal(model)
 	if err != nil {
-		return nil, errors.WithStack(err)
+		return nil, errors.Wrap(err, "failed to convert a provided model into JSON")
 	}
 	var rv map[string]interface{}
 	if err := json.Unmarshal(jsonConn, &rv); err != nil {
-		return nil, errors.WithStack(err)
+		return nil, errors.Wrap(err, "failed to parse a JSON-encoded data and store the result")
 	}
 	if rv == nil {
 		rv = make(map[string]interface{})
diff --git a/pkg/tools/prefixpool/prefixpool.go b/pkg/tools/prefixpool/prefixpool.go
index c88aea267..487bdbb52 100644
--- a/pkg/tools/prefixpool/prefixpool.go
+++ b/pkg/tools/prefixpool/prefixpool.go
@@ -55,7 +55,7 @@ func New(prefixes ...string) (*PrefixPool, error) {
 	for _, prefix := range prefixes {
 		_, _, err := net.ParseCIDR(prefix)
 		if err != nil {
-			return nil, errors.WithStack(err)
+			return nil, errors.Wrapf(err, "failed to parse %s as CIDR", prefix)
 		}
 	}
 	return &PrefixPool{
@@ -144,8 +144,7 @@ func (impl *PrefixPool) ExcludePrefixes(excludedPrefixes []string) (removedPrefi
 	}
 	/* Raise an error, if there aren't any available prefixes left after excluding */
 	if len(copyPrefixes) == 0 {
-		err := errors.New("IPAM: The available address pool is empty, probably intersected by excludedPrefix")
-		return nil, errors.WithStack(err)
+		return nil, errors.New("IPAM: The available address pool is empty, probably intersected by excludedPrefix")
 	}
 	/* Everything should be fine, update the available prefixes with what's left */
 	impl.prefixes = copyPrefixes
@@ -206,7 +205,7 @@ func (impl *PrefixPool) Extract(connectionID string, family networkservice.IpFam
 
 	ip, ipNet, err := net.ParseCIDR(result[0])
 	if err != nil {
-		return nil, nil, nil, errors.WithStack(err)
+		return nil, nil, nil, errors.Wrapf(err, "failed to parse %s as CIDR", result[0])
 	}
 
 	src, err := incrementIP(ip, ipNet)
@@ -300,7 +299,7 @@ func (impl *PrefixPool) GetConnectionInformation(connectionID string) (ipNet str
 func (impl *PrefixPool) Intersect(prefix string) (intersection bool, err error) {
 	_, subnet, err := net.ParseCIDR(prefix)
 	if err != nil {
-		return false, errors.WithStack(err)
+		return false, errors.Wrapf(err, "failed to parse %s as CIDR", prefix)
 	}
 
 	for _, p := range impl.prefixes {
@@ -334,7 +333,7 @@ func ExtractPrefixes(prefixes []string, requests ...*networkservice.ExtraPrefixR
 	for _, request := range requests {
 		err := request.IsValid()
 		if err != nil {
-			return nil, prefixes, errors.WithStack(err)
+			return nil, prefixes, errors.Wrapf(err, "request %s is not valid", request.String())
 		}
 	}
 
@@ -535,7 +534,7 @@ func getSubnets(prefixes []string) (map[string]*net.IPNet, error) {
 	for _, prefix := range prefixes {
 		_, subnet, err := net.ParseCIDR(prefix)
 		if err != nil {
-			return nil, errors.Wrapf(err, "Wrong CIDR: %v", prefix)
+			return nil, errors.Wrapf(err, "failed to parse %s as CIDR", prefix)
 		}
 		subnets[prefix] = subnet
 	}
diff --git a/pkg/tools/prefixpool/prefixpool_test.go b/pkg/tools/prefixpool/prefixpool_test.go
index 34aedfd6c..a25d0e65d 100644
--- a/pkg/tools/prefixpool/prefixpool_test.go
+++ b/pkg/tools/prefixpool/prefixpool_test.go
@@ -241,7 +241,8 @@ func TestPrefixPoolValidation(t *testing.T) {
 	require.Nil(t, err)
 	_, err = prefixpool.New("10.20.0.0/56")
 	if assert.Error(t, err) {
-		expectedErr := errors.WithStack(&net.ParseError{Type: "CIDR address", Text: "10.20.0.0/56"})
-		require.Equal(t, expectedErr.Error(), err.Error())
+		expectedErr := &net.ParseError{Type: "CIDR address", Text: "10.20.0.0/56"}
+		withStachErr := errors.Wrapf(expectedErr, "failed to parse %s as CIDR", "10.20.0.0/56")
+		require.Equal(t, withStachErr.Error(), err.Error())
 	}
 }
diff --git a/pkg/tools/sandbox/utils.go b/pkg/tools/sandbox/utils.go
index 0cfd860e4..43e349b08 100644
--- a/pkg/tools/sandbox/utils.go
+++ b/pkg/tools/sandbox/utils.go
@@ -1,5 +1,7 @@
 // Copyright (c) 2020-2022 Doc.ai and/or its affiliates.
 //
+// Copyright (c) 2023 Cisco and/or its affiliates.
+//
 // SPDX-License-Identifier: Apache-2.0
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -23,6 +25,7 @@ import (
 
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/google/uuid"
+	"github.com/pkg/errors"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 
@@ -80,7 +83,7 @@ func GenerateTestToken(_ credentials.AuthInfo) (string, time.Time, error) {
 	}
 
 	tok, err := jwt.NewWithClaims(jwt.SigningMethodHS256, claims).SignedString([]byte("supersecret"))
-	return tok, expireTime, err
+	return tok, expireTime, errors.Wrapf(err, "failed to create a new Token, method %s, subject %s", jwt.SigningMethodHS256.Name, claims.Subject)
 }
 
 // GenerateExpiringToken returns a token generator with the specified expiration duration.
@@ -94,7 +97,7 @@ func GenerateExpiringToken(duration time.Duration) token.GeneratorFunc {
 		}
 
 		tok, err := jwt.NewWithClaims(jwt.SigningMethodHS256, claims).SignedString([]byte("supersecret"))
-		return tok, expireTime, err
+		return tok, expireTime, errors.Wrapf(err, "failed to create a new Token, method %s, subject %s", jwt.SigningMethodHS256.Name, claims.Subject)
 	}
 }
 
diff --git a/pkg/tools/spiffejwt/token.go b/pkg/tools/spiffejwt/token.go
index 62a21060e..9cc3d8981 100644
--- a/pkg/tools/spiffejwt/token.go
+++ b/pkg/tools/spiffejwt/token.go
@@ -54,7 +54,7 @@ func TokenGeneratorFunc(source x509svid.Source, maxTokenLifeTime time.Duration)
 					peerCert := tlsInfo.State.PeerCertificates[0]
 					peerSpiffeID, err2 := x509svid.IDFromCert(peerCert)
 					if err2 != nil {
-						return "", time.Time{}, err2
+						return "", time.Time{}, errors.Wrap(err2, "failed to extract the SPIFFE ID from the URI SAN of the provided peer certificate")
 					}
 					if peerCert.NotAfter.Before(expireTime) {
 						expireTime = peerCert.NotAfter
@@ -64,6 +64,6 @@ func TokenGeneratorFunc(source x509svid.Source, maxTokenLifeTime time.Duration)
 			}
 		}
 		tok, err := jwt.NewWithClaims(jwt.SigningMethodES256, claims).SignedString(ownSVID.PrivateKey)
-		return tok, expireTime, errors.WithStack(err)
+		return tok, expireTime, errors.Wrapf(err, "failed to create a new Token, method %s, subject %s", jwt.SigningMethodHS256.Name, claims.Subject)
 	}
 }
diff --git a/pkg/tools/token/context.go b/pkg/tools/token/context.go
index 489751f61..6b0d15a81 100644
--- a/pkg/tools/token/context.go
+++ b/pkg/tools/token/context.go
@@ -1,5 +1,7 @@
 // Copyright (c) 2021 Doc.ai and/or its affiliates.
 //
+// Copyright (c) 2023 Cisco and/or its affiliates.
+//
 // SPDX-License-Identifier: Apache-2.0
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -53,7 +55,7 @@ func FromContext(ctx context.Context) (string, time.Time, error) {
 	expireTime, err := time.Parse(time.RFC3339Nano, rawExpiration)
 
 	if err != nil {
-		return "", time.Time{}, errors.WithStack(err)
+		return "", time.Time{}, errors.Wrapf(err, "failed to parse time, layout %s, value %s", time.RFC3339Nano, rawExpiration)
 	}
 
 	return token, expireTime, nil
diff --git a/pkg/tools/token/creds.go b/pkg/tools/token/creds.go
index 7fca881ed..58110a556 100644
--- a/pkg/tools/token/creds.go
+++ b/pkg/tools/token/creds.go
@@ -47,7 +47,7 @@ func (creds *perRPCCredentials) GetRequestMetadata(ctx context.Context, _ ...str
 	tok, expire, err := creds.genTokenFunc(authInfo)
 
 	if err != nil {
-		return nil, errors.WithStack(err)
+		return nil, errors.Wrap(err, "failed to generate a token")
 	}
 
 	return map[string]string{