aspera-cli 4.9.0 → 4.10.0

data/README.md

@@ -2,7 +2,7 @@
 
 [comment1]: # (Do not edit this README.md, edit docs/README.erb.md, for details, read docs/README.md)
 
-Version : 4.9.0
+Version : 4.10.0
 
 Laurent/2016-2022
 
@@ -14,7 +14,7 @@ Ruby Gem: [https://rubygems.org/gems/aspera-cli](https://rubygems.org/gems/asper
 
 Ruby Doc: [https://www.rubydoc.info/gems/aspera-cli](https://www.rubydoc.info/gems/aspera-cli)
 
-Minimum required Ruby version: >= 2.4. Deprecation notice: the minimum will be 2.5 in a future version.
+Minimum required Ruby version: >= 2.4. Deprecation notice: the minimum will be 2.7 in a future version.
 
 [Aspera APIs on IBM developer](https://developer.ibm.com/?size=30&q=aspera&DWContentType[0]=APIs)
 [Link 2](https://developer.ibm.com/apis/catalog/?search=aspera)
@@ -33,26 +33,25 @@ One can also [create one's own plugin](#createownplugin).
 
 `ascli` is designed to be used as a command line tool to:
 
-* execute commands on Aspera products
-* transfer to/from Aspera products
+- Execute commands remotely on Aspera products
+- Transfer to/from Aspera products
 
 So it is designed for:
 
-* Interactive operations on a text terminal (typically, VT100 compatible)
-* Batch operations in (shell) scripts (e.g. cron job)
+- Interactive operations on a text terminal (typically, VT100 compatible), e.g. for maintenance
+- Scripting, e.g. batch operations in (shell) scripts (e.g. cron job)
 
 `ascli` can be seen as a command line tool integrating:
 
-* a configuration file (config.yaml)
-* advanced command line options
-* cURL (for REST calls)
-* Aspera transfer (ascp)
+- A configuration file (config.yaml)
+- Advanced command line options
+- cURL (for REST calls)
+- Aspera transfer (ascp)
 
-One might be tempted to use it as an integration element, e.g. by building a command line programmatically, and then executing it. It is generally not a good idea.
-For such integration cases, e.g. performing operations and transfer to aspera products, it is preferred to use [Aspera APIs](https://ibm.biz/aspera_api):
+If the need is to perform operations programmatically in languages such as: C, Go, Python, nodejs, ... then it is better to directly use [Aspera APIs](https://ibm.biz/aspera_api)
 
-* Product APIs (REST) : e.g. AoC, Faspex, node
-* Transfer SDK : with gRPC interface and language stubs (C, C++, Python, .NET/C#, java, ruby, etc...)
+- Product APIs (REST) : e.g. AoC, Faspex, node
+- Transfer SDK : with gRPC interface and language stubs (C, C++, Python, .NET/C#, java, ruby, etc...)
 
 Using APIs (application REST API and transfer SDK) will prove to be easier to develop and maintain.
 
@@ -78,7 +77,7 @@ ascli --version
 ```
 
 ```bash
-4.9.0
+4.10.0
 ```
 
 ### First use
@@ -110,10 +109,10 @@ ascli server browse /
 
 If you want to use `ascli` with another server, and in order to make further calls more convenient, it is advised to define a [option preset](#lprt) for the server's authentication options. The following example will:
 
-* create a [option preset](#lprt)
-* define it as default for `server` plugin
-* list files in a folder
-* download a file
+- create a [option preset](#lprt)
+- define it as default for `server` plugin
+- list files in a folder
+- download a file
 
 ```bash
 ascli config preset update myserver --url=ssh://demo.asperasoft.com:33001 --username=asperaweb --password=_pass_here_
@@ -175,9 +174,9 @@ It is possible to install *either* directly on the host operating system (Linux,
 
 The direct installation is recommended and consists in installing:
 
-* [Ruby](#ruby) (version: >= 2.4. Deprecation notice: the minimum will be 2.5 in a future version)
-* [aspera-cli](#the_gem)
-* [Aspera SDK (ascp)](#fasp_prot)
+- [Ruby](#ruby) (version: >= 2.4. Deprecation notice: the minimum will be 2.7 in a future version)
+- [aspera-cli](#the_gem)
+- [Aspera SDK (ascp)](#fasp_prot)
 
 The following sections provide information on the various installation methods.
 
@@ -187,43 +186,56 @@ An internet connection is required for the installation. If you don't have inter
 
 This method installs a docker image that contains: Ruby, `ascli` and the FASP SDK.
 
-The image is: <https://hub.docker.com/r/martinlaurent/ascli>. It is built from this [Dockerfile](Dockerfile).
+The image is: <https://hub.docker.com/r/martinlaurent/ascli>.
+It is built from this [Dockerfile](Dockerfile).
 
-Ensure that you have Docker installed.
+Ensure that you have `docker` (or `podman`) installed.
 
 ```bash
 docker --version
 ```
 
-An example of wrapping script is provided: `dascli`. If you have installed `ascli`, the script `dascli` can be found:
+Download the script [`dascli`](../examples/dascli) from [the GIT repo](https://raw.githubusercontent.com/IBM/aspera-cli/main/examples/dascli) :
 
-```bash
-cp $(ascli conf gem path)/../examples/dascli ascli
-```
+> If you have installed `ascli`, the script `dascli` can also be found: `cp $(ascli conf gem path)/../examples/dascli ascli`
 
-Alternatively [download from the GIT repo](https://raw.githubusercontent.com/IBM/aspera-cli/main/examples/dascli) :
+Note that ascli is run inside the container, so transfers are also executed inside the container and do not have access to host storage by default.
 
-```bash
-curl -o ascli https://raw.githubusercontent.com/IBM/aspera-cli/main/examples/dascli
-```
+Some environment variables can be set to alter the behaviour of the script:
 
-```bash
-chmod a+x ascli
-```
+| env var     | description                        | default                  | example                  |
+|-------------|------------------------------------|--------------------------|--------------------------|
+| ASCLI__HOME  | configuration folder (persistency) | `$HOME/.aspera/ascli` | `$HOME/.ascliconfig`     |
+| docker_args | additional options to `docker`     | &lt;empty&gt;            | `--volume /Users:/Users` |
+| image       | container image name               | martinlaurent/ascli      |                          |
+| version     | container image version            | latest                   | `4.8.0.pre`              |
+
+The wrapping script maps the folder `$ASCLI__HOME` on host to `/home/cliuser/.aspera/ascli` in the container.
+(value expected in the container).
+This allows having persistent configuration on the host.
+
+To add local storage as a volume, you can use the env var `docker_args`:
 
-Install the container image:
+Example of use:
 
 ```bash
-./ascli install
-```
+curl -o ascli https://raw.githubusercontent.com/IBM/aspera-cli/main/examples/dascli
+chmod a+x ascli
+export ASCLI__HOME=$HOME/.ascliconf
+mkdir -p $ASCLI__HOME
+chmod -R 777 $ASCLI__HOME
+export xferdir=$HOME/xferdir
+mkdir -p $xferdir
+chmod -R 777 $xferdir
+export docker_args="--volume $xferdir:/xferfolder"
 
-Note that ascli is run in the container, so transfers are also executed in the container (not calling host, like for the regular ascli).
+./ascli conf init
 
-The wrapping script maps the folder `/usr/src/app/config` in the container to configuration folder `$HOME/.aspera/ascli` on host.
-This allows having persistent configuration.
+touch $xferdir/samplefile
+./ascli server upload /xferfolder/samplefile --to-folder=/Upload
+```
 
-To transfer to/from the native host, you will need to map a volume in docker or use the config folder (already mapped).
-To add local storage as a volume edit the script: `ascli` and add a `--volume` stanza near the existing one.
+> The local file (`samplefile`) is specified relative to storage view from container (`/xferfolder`) mapped to the host folder `$HOME/xferdir`
 
 ### <a id="ruby"></a>Ruby
 
@@ -231,7 +243,7 @@ Use this method to install on the native host.
 
 A ruby interpreter is required to run the tool or to use the gem and tool.
 
-Required Ruby version: >= 2.4. Deprecation notice: the minimum will be 2.5 in a future version.
+Required Ruby version: >= 2.4. Deprecation notice: the minimum will be 2.7 in a future version.
 
 *Ruby can be installed using any method* : rpm, yum, dnf, rvm, brew, windows installer, ... .
 
@@ -239,7 +251,7 @@ Refer to the following sections for a proposed method for specific operating sys
 
 The recommended installation method is `rvm` for systems with "bash-like" shell (Linux, macOS, Windows with cygwin, etc...).
 If the generic install is not suitable (e.g. Windows, no cygwin), you can use one of OS-specific install method.
-If you have a simpler better way to install Ruby : use it ! (version: >= 2.4. Deprecation notice: the minimum will be 2.5 in a future version)
+If you have a simpler better way to install Ruby : use it ! (version: >= 2.4. Deprecation notice: the minimum will be 2.7 in a future version)
 
 #### Generic: RVM: single user installation (not root)
 
@@ -247,18 +259,14 @@ Use this method which provides more flexibility.
 
 Install "rvm": follow [https://rvm.io/](https://rvm.io/) :
 
-Install the 2 keys
-
-```bash
-gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
-```
-
 Execute the shell/curl command. As regular user, it install in the user's home: `~/.rvm` .
 
 ```bash
 \curl -sSL https://get.rvm.io | bash -s stable
 ```
 
+Follow on-screen instructions to install keys, and then re-execute the command.
+
 If you keep the same terminal (not needed if re-login):
 
 ```bash
@@ -306,12 +314,11 @@ rvm version
 
 Install Latest stable Ruby:
 
-* Navigate to [https://rubyinstaller.org/](https://rubyinstaller.org/) &rarr; **Downloads**.
-* Download the latest Ruby installer **with devkit**. (Msys2 is needed to install some native extensions, such as `grpc`)
-* Execute the installer which installs by default in: `RubyVV-x64` (VV is the version number)
-* At the end of the installation procedure execute the Msys2 installer (ridk install) and select option 3 (msys and mingw)
-* Install the "mime info" file as specified in [this section](#mimeinfo).
-
+- Navigate to [https://rubyinstaller.org/](https://rubyinstaller.org/) &rarr; **Downloads**.
+- Download the latest Ruby installer **with devkit**. (Msys2 is needed to install some native extensions, such as `grpc`)
+- Execute the installer which installs by default in: `C:\RubyVV-x64` (VV is the version number)
+- At the end of the installation procedure, the Msys2 installer is automatically executed, select option 3 (msys and mingw)
+- for the installation of 
 #### macOS: pre-installed or `brew`
 
 macOS 10.13+ (High Sierra) comes with a recent Ruby. So you can use it directly. You will need to install aspera-cli using `sudo` :
@@ -420,8 +427,8 @@ ascli conf check_update
 Most file transfers will be done using the FASP protocol, using `ascp`.
 Only two additional files are required to perform an Aspera Transfer, which are part of Aspera SDK:
 
-* ascp
-* aspera-license (in same folder, or ../etc)
+- ascp
+- aspera-license (in same folder, or ../etc)
 
 This can be installed either be installing an Aspera transfer software, or using an embedded command:
 
@@ -443,11 +450,11 @@ The format is: `file:///<path>`, where `<path>` can be either a relative path (n
 
 If the embedded method is not used, the following packages are also suitable:
 
-* IBM Aspera Connect Client (Free)
-* IBM Aspera Desktop Client (Free)
-* IBM Aspera CLI (Free)
-* IBM Aspera High Speed Transfer Server (Licensed)
-* IBM Aspera High Speed Transfer EndPoint (Licensed)
+- IBM Aspera Connect Client (Free)
+- IBM Aspera Desktop Client (Free)
+- IBM Aspera CLI (Free)
+- IBM Aspera High Speed Transfer Server (Licensed)
+- IBM Aspera High Speed Transfer EndPoint (Licensed)
 
 For instance, Aspera Connect Client can be installed
 by visiting the page: [https://www.ibm.com/aspera/connect/](https://www.ibm.com/aspera/connect/).
@@ -465,28 +472,28 @@ A method to build one is provided here:
 
 The procedure:
 
-* Follow the non-root installation procedure with RVM, including gem
-* Archive (zip, tar) the main RVM folder (includes ascli):
+- Follow the non-root installation procedure with RVM, including gem
+- Archive (zip, tar) the main RVM folder (includes ascli):
 
 ```bash
 cd $HOME && tar zcvf rvm-ascli.tgz .rvm
 ```
 
-* Get the Aspera SDK.
+- Get the Aspera SDK.
 
 ```bash
 ascli conf --show-config --fields=sdk_url
 ```
 
-* Download the SDK archive from that URL.
+- Download the SDK archive from that URL.
 
 ```bash
 curl -Lso SDK.zip https://ibm.biz/aspera_sdk
 ```
 
-* Transfer those 2 files to the target system
+- Transfer those 2 files to the target system
 
-* On target system
+- On target system
 
 ```bash
 cd $HOME
@@ -498,7 +505,7 @@ source ~/.rvm/scripts/rvm
 ascli conf ascp install --sdk-url=file:///SDK.zip
 ```
 
-* Add those lines to shell init (`.profile`)
+- Add those lines to shell init (`.profile`)
 
 ```bash
 source ~/.rvm/scripts/rvm
@@ -508,27 +515,27 @@ source ~/.rvm/scripts/rvm
 
 The `aspera-cli` Gem provides a command line interface (CLI) which interacts with Aspera Products (mostly using REST APIs):
 
-* IBM Aspera High Speed Transfer Server (FASP and Node)
-* IBM Aspera on Cloud (including ATS)
-* IBM Aspera Faspex
-* IBM Aspera Shares
-* IBM Aspera Console
-* IBM Aspera Orchestrator
-* and more...
+- IBM Aspera High Speed Transfer Server (FASP and Node)
+- IBM Aspera on Cloud (including ATS)
+- IBM Aspera Faspex
+- IBM Aspera Shares
+- IBM Aspera Console
+- IBM Aspera Orchestrator
+- and more...
 
 `ascli` provides the following features:
 
-* Supports most Aspera server products (on-premise and SaaS)
-* Any command line options (products URL, credentials or any option) can be provided on command line, in configuration file, in env var, in files
-* Supports Commands, Option values and Parameters shortcuts
-* FASP [Transfer Agents](#agents) can be: local ascp, or Connect Client, or any transfer node
-* Transfer parameters can be altered by modification of [*transfer-spec*](#transferspec), this includes requiring multi-session
-* Allows transfers from products to products, essentially at node level (using the node transfer agent)
-* Supports FaspStream creation (using Node API)
-* Supports Watchfolder creation (using Node API)
-* Additional command plugins can be written by the user
-* Supports download of faspex and Aspera on Cloud "external" links
-* Supports "legacy" ssh based FASP transfers and remote commands (ascmd)
+- Supports most Aspera server products (on-premise and SaaS)
+- Any command line options (products URL, credentials or any option) can be provided on command line, in configuration file, in env var, in files
+- Supports Commands, Option values and Parameters shortcuts
+- FASP [Transfer Agents](#agents) can be: local ascp, or Connect Client, or any transfer node
+- Transfer parameters can be altered by modification of [*transfer-spec*](#transferspec), this includes requiring multi-session
+- Allows transfers from products to products, essentially at node level (using the node transfer agent)
+- Supports FaspStream creation (using Node API)
+- Supports Watchfolder creation (using Node API)
+- Additional command plugins can be written by the user
+- Supports download of faspex and Aspera on Cloud "external" links
+- Supports "legacy" ssh based FASP transfers and remote commands (ascmd)
 
 Basic usage is displayed by executing:
 
@@ -546,10 +553,10 @@ If you want to use `ascp` directly as a command line, refer to IBM Aspera docume
 
 Using `ascli` with plugin `server` for command line gives advantages over ascp:
 
-* automatic resume on error
-* configuration file
-* choice of transfer agents
-* integrated support of multi-session
+- automatic resume on error
+- configuration file
+- choice of transfer agents
+- integrated support of multi-session
 
 Moreover all `ascp` options are supported either through transfer spec parameters and with the possibility to provide `ascp` arguments directly when the `direct` agent is used (`EX_ascp_args`).
 
@@ -573,8 +580,8 @@ On Windows, `cmd.exe` is typically used.
 Windows process creation does not receive the list of arguments but just the whole line.
 It's up to the program to parse arguments. Ruby follows the Microsoft C/C++ parameter parsing rules.
 
-* [Windows: How Command Line Parameters Are Parsed](https://daviddeley.com/autohotkey/parameters/parameters.htm#RUBY)
-* [Understand Quoting and Escaping of Windows Command Line Arguments](http://www.windowsinspired.com/understanding-the-command-line-string-and-arguments-received-by-a-windows-program/)
+- [Windows: How Command Line Parameters Are Parsed](https://daviddeley.com/autohotkey/parameters/parameters.htm#RUBY)
+- [Understand Quoting and Escaping of Windows Command Line Arguments](http://www.windowsinspired.com/understanding-the-command-line-string-and-arguments-received-by-a-windows-program/)
 
 #### Extended Values (JSON, Ruby, ...)
 
@@ -666,9 +673,9 @@ Here a single quote or a backslash protects the double quote to avoid shell proc
 
 Construction of values with special characters is done like this:
 
-* First select a syntax to represent the extended value, e.g. JSON or Ruby
+- First select a syntax to represent the extended value, e.g. JSON or Ruby
 
-* Write the expression using this syntax, for example, using JSON:
+- Write the expression using this syntax, for example, using JSON:
 
 ```json
 {"title":"Test \" ' & \\"}
@@ -683,7 +690,7 @@ or using Ruby:
 
 Both `"` and `\` are special characters for JSON and Ruby and can be protected with `\` (unless Ruby's extended single quote notation `%q` is used).
   
-* Then, since the value will be evaluated by shell, any shell special characters must be protected, either using preceding `\` for each character to protect, or by enclosing in single quote:
+- Then, since the value will be evaluated by shell, any shell special characters must be protected, either using preceding `\` for each character to protect, or by enclosing in single quote:
 
 ```bash
 ascli conf echo @json:{\"title\":\"Test\ \\\"\ \'\ \&\ \\\\\"} --format=json
@@ -748,10 +755,10 @@ There are two types of command line arguments: Commands and Options. Example :
 ascli command subcommand --option-name=VAL1 VAL2
 ```
 
-* executes *command*: `command subcommand`
-* with one *option*: `option_name`
-* this option is given a *value* of: `VAL1`
-* the command has one additional *argument*: `VAL2`
+- executes *command*: `command subcommand`
+- with one *option*: `option_name`
+- this option is given a *value* of: `VAL1`
+- the command has one additional *argument*: `VAL2`
 
 When the value of a command, option or argument is constrained by a fixed list of values, it is possible to use the first letters of the value only, provided that it uniquely identifies a value. For example `ascli conf ov` is the same as `ascli config overview`.
 
@@ -761,16 +768,16 @@ The value of options and arguments is evaluated with the [Extended Value Syntax]
 
 All options, e.g. `--log-level=debug`, are command line arguments that:
 
-* start with `--`
-* have a name, in lowercase, using `-` as word separator in name  (e.g. `--log-level=debug`)
-* have a value, separated from name with a `=`
-* can be used by prefix, provided that it is unique. E.g. `--log-l=debug` is the same as `--log-level=debug`
+- start with `--`
+- have a name, in lowercase, using `-` as word separator in name  (e.g. `--log-level=debug`)
+- have a value, separated from name with a `=`
+- can be used by prefix, provided that it is unique. E.g. `--log-l=debug` is the same as `--log-level=debug`
 
 Exceptions:
 
-* some options accept a short form, e.g. `-Ptoto` is equivalent to `--preset=toto`, refer to the manual or `-h`.
-* some options (flags) don't take a value, e.g. `-r`
-* the special option `--` stops option processing and is ignored, following command line arguments are taken as arguments, including the ones starting with a `-`. Example:
+- some options accept a short form, e.g. `-Ptoto` is equivalent to `--preset=toto`, refer to the manual or `-h`.
+- some options (flags) don't take a value, e.g. `-r`
+- the special option `--` stops option processing and is ignored, following command line arguments are taken as arguments, including the ones starting with a `-`. Example:
 
 ```bash
 ascli config echo -- --sample
@@ -786,9 +793,9 @@ Options can be optional or mandatory, with or without (hardcoded) default value.
 
 The value for *any* options can come from the following locations (in this order, last value evaluated overrides previous value):
 
-* [Configuration file](#configfile).
-* Environment variable
-* Command line
+- [Configuration file](#configfile).
+- Environment variable
+- Command line
 
 Environment variable starting with prefix: ASCLI_ are taken as option values, e.g. `ASCLI_OPTION_NAME` is for `--option-name`.
 
@@ -804,11 +811,11 @@ Some options and parameters are mandatory and other optional. By default, the to
 
 The behavior can be controlled with:
 
-* --interactive=&lt;yes|no&gt; (default=yes if STDIN is a terminal, else no)
-  * yes : missing mandatory parameters/options are asked to the user
-  * no : missing mandatory parameters/options raise an error message
-* --ask-options=&lt;yes|no&gt; (default=no)
-  * optional parameters/options are asked to user
+- --interactive=&lt;yes|no&gt; (default=yes if STDIN is a terminal, else no)
+  - yes : missing mandatory parameters/options are asked to the user
+  - no : missing mandatory parameters/options raise an error message
+- --ask-options=&lt;yes|no&gt; (default=no)
+  - optional parameters/options are asked to user
 
 ### Output
 
@@ -819,12 +826,12 @@ The information displayed depends on the action.
 
 Depending on action, the output will contain:
 
-* `single_object` : displayed as a 2 dimensional table: one line per attribute, first column is attribute name, and second is attribute value. Nested hashes are collapsed.
-* `object_list` : displayed as a 2 dimensional table: one line per item, one column per attribute.
-* `value_list` : a table with one column.
-* `empty` : nothing
-* `status` : a message
-* `other_struct` : a complex structure that cannot be displayed as an array
+- `single_object` : displayed as a 2 dimensional table: one line per attribute, first column is attribute name, and second is attribute value. Nested hashes are collapsed.
+- `object_list` : displayed as a 2 dimensional table: one line per item, one column per attribute.
+- `value_list` : a table with one column.
+- `empty` : nothing
+- `status` : a message
+- `other_struct` : a complex structure that cannot be displayed as an array
 
 #### Format of output
 
@@ -841,13 +848,13 @@ If transposition of single object is not desired, use option: `transpose_single`
 
 The style of output can be set using the `format` parameter, supporting:
 
-* `text` : Value as String
-* `table` : Text table
-* `ruby` : Ruby code
-* `json` : JSON code
-* `jsonpp` : JSON pretty printed
-* `yaml` : YAML
-* `csv` : Comma Separated Values
+- `text` : Value as String
+- `table` : Text table
+- `ruby` : Ruby code
+- `json` : JSON code
+- `jsonpp` : JSON pretty printed
+- `yaml` : YAML
+- `csv` : Comma Separated Values
 
 #### <a id="option_select"></a>Option: `select`: Filter on columns values for `object_list`
 
@@ -872,15 +879,15 @@ Note that `select` filters selected elements from the result of API calls, while
 
 Output messages are categorized in 3 types:
 
-* `info` output contain additional information, such as number of elements in a table
-* `data` output contain the actual output of the command (object, or list of objects)
-* `error`output contain error messages
+- `info` output contain additional information, such as number of elements in a table
+- `data` output contain the actual output of the command (object, or list of objects)
+- `error`output contain error messages
 
 The option `display` controls the level of output:
 
-* `info` displays all messages: `info`, `data`, and `error`
-* `data` display `data` and `error` messages
-* `error` display only error messages.
+- `info` displays all messages: `info`, `data`, and `error`
+- `data` display `data` and `error` messages
+- `error` display only error messages.
 
 By default, secrets are removed from output: option `show_secrets` defaults to `no`, unless `display` is `data`, to allows piping results.
 To hide secrets from output, set option `show_secrets` to `no`.
@@ -889,12 +896,12 @@ To hide secrets from output, set option `show_secrets` to `no`.
 
 By default, a table output will display one line per entry, and columns for each entries. Depending on the command, columns may include by default all properties, or only some selected properties. It is possible to define specific columns to be displayed, by setting the `fields` option to one of the following value:
 
-* DEF : default display of columns (that's the default, when not set)
-* ALL : all columns available
-* a,b,c : the list of attributes specified by the comma separated list
-* Array extended value: for instance, @json:'["a","b","c"]' same as above
-* +a,b,c : add selected properties to the default selection.
-* -a,b,c : remove selected properties from the default selection.
+- DEF : default display of columns (that's the default, when not set)
+- ALL : all columns available
+- a,b,c : the list of attributes specified by the comma separated list
+- Array extended value: for instance, @json:'["a","b","c"]' same as above
+- +a,b,c : add selected properties to the default selection.
+- -a,b,c : remove selected properties from the default selection.
 
 ### <a id="extended"></a>Extended Value Syntax
 
@@ -910,24 +917,24 @@ The difference between reader and decoder is order and ordinality. Both act like
 
 The following "readers" are supported (returns value in []):
 
-* @val:VALUE   : [String] prevent further special prefix processing, e.g. `--username=@val:laurent` sets the option `username` to value `laurent`.
-* @file:PATH   : [String] read value from a URL, e.g. `--fpac=@uri:http://serv/f.pac`
-* @uri:URL     : [String] read value from a file (prefix `~/` is replaced with the users home folder), e.g. `--key=@file:~/.ssh/mykey`
-* @path:PATH   : [String] performs path expansion (prefix `~/` is replaced with the users home folder), e.g. `--config-file=@path:~/sample_config.yml`
-* @env:ENVVAR  : [String] read from a named env var, e.g.--password=@env:MYPASSVAR
-* @stdin:      : [String] read from stdin (no value on right)
-* @preset:NAME : [Hash] get whole option preset value by name. Subvalues can also be used using `.` as separator. e.g. foo.bar is conf[foo][bar]
+- @val:VALUE   : [String] prevent further special prefix processing, e.g. `--username=@val:laurent` sets the option `username` to value `laurent`.
+- @file:PATH   : [String] read value from a URL, e.g. `--fpac=@uri:http://serv/f.pac`
+- @uri:URL     : [String] read value from a file (prefix `~/` is replaced with the users home folder), e.g. `--key=@file:~/.ssh/mykey`
+- @path:PATH   : [String] performs path expansion (prefix `~/` is replaced with the users home folder), e.g. `--config-file=@path:~/sample_config.yml`
+- @env:ENVVAR  : [String] read from a named env var, e.g.--password=@env:MYPASSVAR
+- @stdin:      : [String] read from stdin (no value on right)
+- @preset:NAME : [Hash] get whole option preset value by name. Subvalues can also be used using `.` as separator. e.g. foo.bar is conf[foo][bar]
 
 In addition it is possible to decode a value, using one or multiple decoders :
 
-* @base64: [String] decode a base64 encoded string
-* @json: [any] decode JSON values (convenient to provide complex structures)
-* @zlib: [String] uncompress data
-* @ruby: [any] execute ruby code
-* @csvt: [Array] decode a titled CSV value
-* @lines: [Array] split a string in multiple lines and return an array
-* @list: [Array] split a string in multiple items taking first character as separator and return an array
-* @incps: [Hash] include values of presets specified by key `incps` in input hash
+- @base64: [String] decode a base64 encoded string
+- @json: [any] decode JSON values (convenient to provide complex structures)
+- @zlib: [String] uncompress data
+- @ruby: [any] execute ruby code
+- @csvt: [Array] decode a titled CSV value
+- @lines: [Array] split a string in multiple lines and return an array
+- @list: [Array] split a string in multiple items taking first character as separator and return an array
+- @incps: [Hash] include values of presets specified by key `incps` in input hash
 
 To display the result of an extended value, use the `config echo` command.
 
@@ -1057,7 +1064,7 @@ The command `update` allows the easy creation of [option preset](#lprt) by simpl
 ascli config preset update demo_server --url=ssh://demo.asperasoft.com:33001 --username=asperaweb --password=_pass_here_ --ts=@json:'{"precalculate_job_size":true}'
 ```
 
-* This creates a [option preset](#lprt) `demo_server` with all provided options.
+- This creates a [option preset](#lprt) `demo_server` with all provided options.
 
 The command `set` allows setting individual options in a [option preset](#lprt).
 
@@ -1195,16 +1202,16 @@ demo_server:
 
 We can see here:
 
-* The configuration was created with CLI version 0.3.7
-* the default [option preset](#lprt) to load for `server` plugin is : `demo_server`
-* the [option preset](#lprt) `demo_server` defines some parameters: the URL and credentials
-* the default [option preset](#lprt) to load in any case is : `cli_default`
+- The configuration was created with CLI version 0.3.7
+- the default [option preset](#lprt) to load for `server` plugin is : `demo_server`
+- the [option preset](#lprt) `demo_server` defines some parameters: the URL and credentials
+- the default [option preset](#lprt) to load in any case is : `cli_default`
 
 Two [option presets](#lprt) are reserved:
 
-* `config` contains a single value: `version` showing the CLI
+- `config` contains a single value: `version` showing the CLI
 version used to create the configuration file. It is used to check compatibility.
-* `default` is reserved to define the default [option preset](#lprt) name used for known plugins.
+- `default` is reserved to define the default [option preset](#lprt) name used for known plugins.
 
 The user may create as many [option presets](#lprt) as needed. For instance, a particular [option preset](#lprt) can be created for a particular application instance and contain URL and credentials.
 
@@ -1233,11 +1240,11 @@ Some options are global, some options are available only for some plugins. (the
 
 Options are loaded using this algorithm:
 
-* If option `--no-default` (or `-N`) is specified, then no default value is loaded is loaded for the plugin
-* else it looks for the name of the plugin as key in section `default`, the value is the name of the default [option preset](#lprt) for it, and loads it.
-* If option `--preset=<name or extended value hash>` is specified (or `-Pxxxx`), this reads the [option preset](#lprt) specified from the configuration file, or of the value is a Hash, it uses it as options values.
-* Environment variables are evaluated
-* Command line options are evaluated
+- If option `--no-default` (or `-N`) is specified, then no default value is loaded is loaded for the plugin
+- else it looks for the name of the plugin as key in section `default`, the value is the name of the default [option preset](#lprt) for it, and loads it.
+- If option `--preset=<name or extended value hash>` is specified (or `-Pxxxx`), this reads the [option preset](#lprt) specified from the configuration file, or of the value is a Hash, it uses it as options values.
+- Environment variables are evaluated
+- Command line options are evaluated
 
 Parameters are evaluated in the order of command line.
 
@@ -1286,7 +1293,7 @@ ascli shares repo browse / --url=https://10.25.0.6 --username=john --password=_p
 
 This can also be provisioned in a config file:
 
-* Build [option preset](#lprt)
+- Build [option preset](#lprt)
 
 ```bash
 ascli config preset set shares06 url https://10.25.0.6
@@ -1306,19 +1313,19 @@ or
 ascli config preset update shares06 --url=https://10.25.0.6 --username=john --password=_pass_here_
 ```
 
-* Define this [option preset](#lprt) as the default [option preset](#lprt) for the specified plugin (`shares`)
+- Define this [option preset](#lprt) as the default [option preset](#lprt) for the specified plugin (`shares`)
 
 ```bash
 ascli config preset set default shares shares06
 ```
 
-* Display the content of configuration file in table format
+- Display the content of configuration file in table format
 
 ```bash
 ascli config overview
 ```
 
-* Execute a command on the shares application using default parameters
+- Execute a command on the shares application using default parameters
 
 ```bash
 ascli shares repo browse /
@@ -1326,66 +1333,67 @@ ascli shares repo browse /
 
 ### <a id="vault"></a>Secret Vault
 
-When a secret or password is needed, it is possible to store in the secret vault.
-
-By default the vault is defined using option `secrets`, which can be stored in the configuration file.
-
-#### Using system keychain
+Password and secrets are command options.
+They can be provided on command line, env vars, files etc.
+A more secure option is to retrieve values from a secret vault.
 
-Only on macOS.
+The vault is used with options `vault` and `vault_password`.
 
-It is possible to store secrets in macOS keychain (only read supported currently).
+`vault` defines the vault to be used and shall be a Hash, example:
 
-Set option `secrets` to value `system` to use the default keychain or use value `system:[name]` to use a custom keychain.
-
-#### Modern config file format: encrypted in config file
+```json
+{"type":"system","name":"ascli"}
+```
 
-It is possible to store and use secrets encrypted.
-For this use the `config vault` command.
+`vault_password` specifies the password for the vault.
+Although it can be specified on command line, for security reason you can hide the value.
+For example it can be specified on command line like this:
 
-The vault can be initialized with `config vault init`
+```bash
+export ASCLI_VAULT_PASSWORD
+read -s ASCLI_VAULT_PASSWORD
+```
 
-Then secrets can be manipulated using commands:
+#### Vault: System keychain
 
-* `set`
-* `get`
-* `list`
-* `delete`
+> **macOS only**
 
-Secrets must be uniquely identified by `url` and `username`. An optional description can be provided using option `value`.
+It is possible to manage secrets in macOS keychain (only read supported currently).
 
-#### Legacy config file format
+```json
+--vault=@json:'{"type":"system","name":"ascli"}'
+```
 
-THIS FORMAT WILL BE DEPRECATED
+#### Vault: Encrypted file
 
-The value provided can be a Hash, where keys are usernames (or access key id), and values are the associated password or secrets in clear.
+It is possible to store and use secrets encrypted in a file.
 
-For example, choose a repository name, for example `my_secrets`, and populate it like this:
+```json
+--vault=@json:'{"type":"file","name":"vault.bin"}'
+```
 
-```bash
-ascli conf id my_secrets set 'access_key1' 'secret1'
+`name` is the file path, absolute or relative to the config folder `ASCLI__HOME`.
 
-ascli conf id my_secrets set 'access_key2' 'secret2'
+#### Vault: Operations
 
-ascli conf id default get config
+For this use the `config vault` command.
 
-cli_default
-```
+Then secrets can be manipulated using commands:
 
-Here above, one has already set a `config` global preset to preset `cli_default` (refer to earlier in documentation).
-So the repository can be read by default like this (note the prefix `@val:` to avoid the evaluation of prefix `@preset:`):
+- `create`
+- `show`
+- `list`
+- `delete`
 
 ```bash
-ascli conf id cli_default set secrets @val:@preset:my_secrets
+ascli conf vault create mylabel @json:'{"password":"__value_here__","description":"for this account"}'
 ```
 
-A secret repository can always be selected at runtime using `--secrets=@preset:xxxx`, or `--secrets=@json:'{"accesskey1":"secret1"}'`
+#### <a id="config_finder"></a>Configuration Finder
 
-To test if a secret can be found use:
+When a secret is needed by a sub command, the command can search for existing configurations in the config file.
 
-```bash
-ascli conf vault get --username=access_key1
-```
+The lookup is done by comparing the service URL and username (or access key).
 
 ### <a id="private_key"></a>Private Key
 
@@ -1397,15 +1405,17 @@ The private key can be protected by a passphrase or not.
 If the key is protected by a passphrase, then it will be prompted.
 (some plugins support option `passphrase`)
 
-Several methods can be used to generate a key pair:
-
-The following commands use this variable:
+The following commands use the shell variable `PRIVKEYFILE`.
+Set it to the desired safe location of the private key.
+Typically, in `$HOME/.ssh` or `$HOME/.aspera/ascli`:
 
 ```bash
 PRIVKEYFILE=~/.aspera/ascli/my_private_key
 ```
 
-* `ascli`
+Several methods can be used to generate a key pair:
+
+- `ascli`
 
 The generated key is of type RSA, by default: 4096 bit.
 For convenience, the public key is also extracted with extension `.pub`.
@@ -1415,23 +1425,30 @@ The key is not passphrase protected.
 ascli config genkey ${PRIVKEYFILE} 4096
 ```
 
-* `ssh-keygen`
+- `ssh-keygen`
 
 Both private and public keys are generated, option `-N` is for passphrase.
 
 ```bash
-ssh-keygen -t rsa -b 4096 -N '' -f ${PRIVKEYFILE}
+ssh-keygen -t rsa -b 4096 -m PEM -N '' -f ${PRIVKEYFILE}
 ```
 
-* `openssl`
+- `openssl`
 
-openssl is sometimes compiled to support option `-nodes` (no DES, i.e. no passphrase, e.g. on macOS).
-To generate a private key pair without passphrase the following can be used on any system:
+To generate a private key pair with a passphrase the following can be used on any system:
 
 ```bash
-openssl genrsa -passout pass:dummypassword -out ${PRIVKEYFILE}.protected 4096
-openssl rsa -passin pass:dummypassword -in ${PRIVKEYFILE}.protected -out ${PRIVKEYFILE}
+openssl genrsa -passout pass:_passphrase_here_ -out ${PRIVKEYFILE}.protected 4096
 openssl rsa -pubout -in ${PRIVKEYFILE} -out ${PRIVKEYFILE}.pub
+```
+
+`openssl` is sometimes compiled to support option `-nodes` (no DES, i.e. no passphrase, e.g. on macOS).
+In that case, add option `-nodes` instead of `-passout pass:_passphrase_here_` to generate a key without passphrase.
+
+If option `-nodes` is not available, the passphrase can be removed using this method:
+
+```bash
+openssl rsa -passin pass:_passphrase_here_ -in ${PRIVKEYFILE}.protected -out ${PRIVKEYFILE}
 rm -f ${PRIVKEYFILE}.protected
 ```
 
@@ -1505,9 +1522,9 @@ REST APIs of Aspera legacy applications (Aspera Node, Faspex, Shares, Console, O
 
 Those are using options:
 
-* url
-* username
-* password
+- url
+- username
+- password
 
 Those can be provided using command line, parameter set, env var, see section above.
 
@@ -1532,13 +1549,13 @@ Note that when using the `direct` agent (`ascp`), additional transfer logs can b
 
 Examples:
 
-* display debugging log on `stdout`:
+- display debugging log on `stdout`:
 
 ```bash
 ascli conf over --log-level=debug --logger=stdout
 ```
 
-* log errors to `syslog`:
+- log errors to `syslog`:
 
 ```bash
 ascli conf over --log-level=error --logger=syslog
@@ -1582,76 +1599,100 @@ ascli aoc admin res package list --http-options=@json:'{"read_timeout":10.0}'
 
 Some actions may require the use of a graphical tool:
 
-* a browser for Aspera on Cloud authentication (web auth method)
-* a text editor for configuration file edition
+- a browser for Aspera on Cloud authentication (web auth method)
+- a text editor for configuration file edition
 
 By default the CLI will assume that a graphical environment is available on windows, and on other systems, rely on the presence of the "DISPLAY" environment variable.
 It is also possible to force the graphical mode with option --ui :
 
-* `--ui=graphical` forces a graphical environment, a browser will be opened for URLs or a text editor for file edition.
-* `--ui=text` forces a text environment, the URL or file path to open is displayed on terminal.
+- `--ui=graphical` forces a graphical environment, a browser will be opened for URLs or a text editor for file edition.
+- `--ui=text` forces a text environment, the URL or file path to open is displayed on terminal.
 
 ### Proxy
 
-There are several types of network connections, each of them use a different mechanism to define a *proxy*.
+There are several types of network connections, each of them use a different mechanism to define a (forward) **proxy**:
 
-#### HTTP proxy for REST calls and transfers using HTTP gateway
+- Ruby HTTP: REST and HTTPGW client
+- Legacy Aspera HTTP/S Fallback
+- Aspera FASP
 
-To specify a HTTP proxy when ruby HTTP is used, set the `http_proxy` environment variable (lower case, preferred, or upper case).
-See [Ruby findproxy](https://rubyapi.org/3.0/o/uri/generic#method-i-find_proxy).
+Refer to the following sections.
 
-```bash
-export http_proxy=http://myproxy.org.net:3128
-```
+### Proxy for REST and HTTPGW
 
-Note that ruby expects a URL and `myproxy.org.net:3128` alone is not accepted.
+There are two possibilities to define an HTTP proxy to be used when Ruby HTTP is used.
 
-#### FASP proxy (forward) for transfers
+The `http_proxy` environment variable (**lower case**, preferred) can be set to the URL of the proxy, e.g. `http://myproxy.org.net:3128`.
+Refer to [Ruby findproxy](https://rubyapi.org/3.0/o/uri/generic#method-i-find_proxy).
 
-To specify a FASP proxy (forward), set the [*transfer-spec*](#transferspec) parameter: `EX_fasp_proxy_url` (only supported with the `direct` agent).
-
-#### HTTP proxy legacy Aspera HTTP fallback transfers
+> Note: Ruby expects a URL and `myproxy.org.net:3128` alone is **not** accepted.
 
-To specify a proxy for legacy HTTP fallback, set the [*transfer-spec*](#transferspec) parameter: `EX_http_proxy_url` (only supported with the `direct` agent).
-(It is also possible to use `EX_ascp_args` and native options in `direct`)
-
-#### Proxy auto config
+```bash
+export http_proxy=http://proxy.example.com:3128
+```
 
-The `fpac` option allows use of a [Proxy Auto Configuration (PAC)](https://en.wikipedia.org/wiki/Proxy_auto-config) script defined as javascript value.
-To read the script from a URL (`http:`, `https:` and `file:`), use: `@uri:`.
-A minimal script can be specified, for example like this, to define the use of a local proxy:
+The `fpac` option (function for proxy auto config) can be set to a [Proxy Auto Configuration (PAC)](https://en.wikipedia.org/wiki/Proxy_auto-config) javascript value.
+To read the script from a URL (`http:`, `https:` and `file:`), use prefix: `@uri:`.
+A minimal script can be specified to define the use of a local proxy:
 
 ```bash
-export ASCLI_FPAC='function FindProxyForURL(url, host){return "PROXY localhost:3128"}'
+ascli --fpac='function FindProxyForURL(url, host){return "PROXY localhost:3128"}' ...
 ```
 
-The PAC file will be used for any HTTP/HTTPS/REST connection, but not other (e.g. FASP, HTTP fallback, HTTPGW)
-
-The PAC file can be tested with command: `config proxy_check`. Example, using command line option:
+The result of a PAC file can be tested with command: `config proxy_check`.
+Example, using command line option:
 
 ```bash
-ascli conf proxy_check --fpac='function FindProxyForURL(url, host) {return "PROXY proxy.example.com:1234;DIRECT";}' http://example.com
+ascli conf proxy_check --fpac='function FindProxyForURL(url, host) {return "PROXY proxy.example.com:3128;DIRECT";}' http://example.com
+```
+
+```text
 PROXY proxy.example.com:1234;DIRECT
 ```
 
 ```bash
 ascli config proxy_check --fpac=@file:./proxy.pac http://www.example.com
+```
+
+```text
 PROXY proxy.example.com:8080
 ```
 
 ```bash
 ascli config proxy_check --fpac=@uri:http://server/proxy.pac http://www.example.com
+```
+
+```text
 PROXY proxy.example.com:8080
 ```
 
+If the proxy requires credentials, then use option `proxy_credentials` with username and password provided as an `Array`:
+
+```bash
+ascli --proxy-credentials=@json:'["__username_here__","__password_here__"]' ...
+```
+
+```bash
+ascli --proxy-credentials=@list::__username_here__:__password_here__ ...
+```
+
+### Proxy for Legacy Aspera HTTP/S Fallback
+
+To specify a proxy for legacy HTTP fallback, set the [*transfer-spec*](#transferspec) parameter: `EX_http_proxy_url` (only supported with the `direct` agent).
+(It is also possible to use `EX_ascp_args` and native options in `direct`)
+
+### FASP proxy (forward) for transfers
+
+To specify a FASP proxy (forward), set the [*transfer-spec*](#transferspec) parameter: `EX_fasp_proxy_url` (only supported with the `direct` agent).
+
 ### <a id="client"></a>FASP configuration
 
 The `config` plugin also allows specification for the use of a local FASP client. It provides the following commands for `ascp` subcommand:
 
-* `show` : shows the path of ascp used
-* `use` : list,download connect client versions available on internet
-* `products` : list Aspera transfer products available locally
-* `connect` : list,download connect client versions available on internet
+- `show` : shows the path of ascp used
+- `use` : list,download connect client versions available on internet
+- `products` : list Aspera transfer products available locally
+- `connect` : list,download connect client versions available on internet
 
 #### Show path of currently used `ascp`
 
@@ -1793,11 +1834,11 @@ This [*transfer-spec*](#transferspec) will be executed by a transfer client, her
 
 There are currently 3 agents:
 
-* [`direct`](#agt_direct) : a local execution of `ascp`
-* [`connect`](#agt_connect) : use of a local Connect Client
-* [`node`](#agt_node) : use of an Aspera Transfer Node (potentially *remote*).
-* [`httpgw`](#agt_httpgw) : use of an Aspera HTTP Gateway
-* [`trsdk`](#agt_trsdk) : use of Aspera Transfer SDK
+- [`direct`](#agt_direct) : a local execution of `ascp`
+- [`connect`](#agt_connect) : use of a local Connect Client
+- [`node`](#agt_node) : use of an Aspera Transfer Node (potentially *remote*).
+- [`httpgw`](#agt_httpgw) : use of an Aspera HTTP Gateway
+- [`trsdk`](#agt_trsdk) : use of Aspera Transfer SDK
 
 Note that all transfer operation are seen from the point of view of the agent.
 For instance, a node agent making an "upload", or "package send" operation,
@@ -1861,13 +1902,13 @@ To store ascp logs in file `aspera-scp-transfer.log` in a folder, use `--ts=@jso
 
 In addition to standard methods described in section [File List](#file_list), it is possible to specify the list of file using those additional methods:
 
-* Using the pseudo [*transfer-spec*](#transferspec) parameter `EX_file_list`
+- Using the pseudo [*transfer-spec*](#transferspec) parameter `EX_file_list`
 
 ```javascript
 --sources=@ts --ts=@json:'{"EX_file_list":"filelist.txt"}'
 ```
 
-* Using the pseudo [*transfer-spec*](#transferspec) parameter `EX_ascp_args`
+- Using the pseudo [*transfer-spec*](#transferspec) parameter `EX_ascp_args`
 
 ```javascript
 --sources=@ts --ts=@json:'{"EX_ascp_args":["--file-list","myfilelist"]}'
@@ -1907,7 +1948,16 @@ If the `password` value begins with `Bearer` then the `username` is expected to
 
 #### <a id="agt_httpgw"></a>HTTP Gateway
 
-If it possible to send using a HTTP gateway, in case FASP is not allowed. `transfer_info` shall have a single mandatory parameter: `url`.
+If it possible to send using a HTTP gateway, in case FASP is not allowed.
+
+Parameters provided in option `transfer_info` are:
+
+<table>
+<tr><th>Name</th><th>Type</th><th>Description</th></tr>
+<tr><td>url</td><td>string</td><td>URL of the HTTP GW</br>Mandatory</td></tr>
+<tr><td>upload_bar_refresh_sec</td><td>float</td><td>Refresh rate for upload progress bar</td></tr>
+<tr><td>upload_chunksize</td><td>int</td><td>Size in bytes of chunks for upload</td></tr>
+</table>
 
 Example:
 
@@ -1915,7 +1965,7 @@ Example:
 ascli faspex package recv --id=323 --transfer=httpgw --transfer-info=@json:'{"url":"https://asperagw.example.com:9443/aspera/http-gwy/v1"}'
 ```
 
-Note that the gateway only supports transfers authorized with a token.
+> The gateway only supports transfers authorized with a token.
 
 #### <a id="agt_trsdk"></a>Transfer SDK
 
@@ -1923,7 +1973,8 @@ Another possibility is to use the Transfer SDK daemon (asperatransferd).
 
 By default it will listen on local port `55002` on `127.0.0.1`.
 
-The gem `grpc` was removed from dependencies, as it requires compilation of a native part. So, to use the Transfer SDK you should install this gem:
+The gem `grpc` was removed from dependencies, as it requires compilation of a native part.
+So, to use the Transfer SDK you should install this gem:
 
 ```bash
 gem install grpc
@@ -1931,9 +1982,9 @@ gem install grpc
 
 On Windows the compilation may fail for various reasons (3.1.1):
 
-* `cannot find -lx64-ucrt-ruby310`
+- `cannot find -lx64-ucrt-ruby310`
    &rarr; copy the file `[Ruby main dir]\lib\libx64-ucrt-ruby310.dll.a` to `[Ruby main dir]\lib\libx64-ucrt-ruby310.a` (remove the dll extension)
-* `conflicting types for 'gettimeofday'`
+- `conflicting types for 'gettimeofday'`
   &rarr; edit the file `[Ruby main dir]/include/ruby-[version]/ruby/win32.h` and change the signature of `gettimeofday` to `gettimeofday(struct timeval *, void *)` ,i.e. change `struct timezone` to `void`
 
 ### <a id="transferspec"></a>Transfer Specification
@@ -1941,11 +1992,11 @@ On Windows the compilation may fail for various reasons (3.1.1):
 Some commands lead to file transfer (upload/download), all parameters necessary for this transfer
 is described in a [*transfer-spec*](#transferspec) (Transfer Specification), such as:
 
-* server address
-* transfer user name
-* credentials
-* file list
-* etc...
+- server address
+- transfer user name
+- credentials
+- file list
+- etc...
 
 `ascli` builds a default [*transfer-spec*](#transferspec) internally, so it is not necessary to provide additional parameters on the command line for this transfer.
 
@@ -1955,8 +2006,8 @@ It is possible to specify ascp options when the `transfer` option is set to [`di
 
 The use of a [*transfer-spec*](#transferspec) instead of `ascp` parameters has the advantage of:
 
-* common to all [Transfer Agent](#agents)
-* not dependent on command line limitations (special characters...)
+- common to all [Transfer Agent](#agents)
+- not dependent on command line limitations (special characters...)
 
 A [*transfer-spec*](#transferspec) is a Hash table, so it is described on the command line with the [Extended Value Syntax](#extended).
 
@@ -1967,9 +2018,9 @@ All standard [*transfer-spec*](#transferspec) parameters can be specified.
 
 References:
 
-* [Aspera Node API Documentation](https://developer.ibm.com/apis/catalog?search=%22aspera%20node%20api%22)&rarr;/opt/transfers
-* [Aspera Transfer SDK Documentation](https://developer.ibm.com/apis/catalog?search=%22aspera%20transfer%20sdk%22)&rarr;Guides&rarr;API Ref&rarr;Transfer Spec V1
-* [Aspera Connect SDK](https://d3gcli72yxqn2z.cloudfront.net/connect/v4/asperaweb-4.js) &rarr; search `The parameters for starting a transfer.`
+- [Aspera Node API Documentation](https://developer.ibm.com/apis/catalog?search=%22aspera%20node%20api%22)&rarr;/opt/transfers
+- [Aspera Transfer SDK Documentation](https://developer.ibm.com/apis/catalog?search=%22aspera%20transfer%20sdk%22)&rarr;Guides&rarr;API Ref&rarr;Transfer Spec V1
+- [Aspera Connect SDK](https://d3gcli72yxqn2z.cloudfront.net/connect/v4/asperaweb-4.js) &rarr; search `The parameters for starting a transfer.`
 
 Parameters can be displayed with commands:
 
@@ -1980,9 +2031,9 @@ ascli config ascp spec --select=@json:'{"d":"Y"}' --fields=-d,n,c
 
 Columns:
 
-* D=Direct (local `ascp` execution)
-* N=Node API
-* C=Connect Client
+- D=Direct (local `ascp` execution)
+- N=Node API
+- C=Connect Client
 
 `ascp` argument or environment variable is provided in description.
 
@@ -1993,79 +2044,79 @@ Fields with EX_ prefix are extensions to transfer agent [`direct`](#agt_direct).
 <tr><td>EX_at_rest_password</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>DEPRECATED: Prefer to use standard parameter: content_protection_password<br/>(env:ASPERA_SCP_FILEPASS)</td></tr>
 <tr><td>EX_file_list</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>source file list</td></tr>
 <tr><td>EX_file_pair_list</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>source file pair list</td></tr>
-<tr><td>EX_http_proxy_url</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Specify the proxy server address used by HTTP Fallback<br/>(-x)</td></tr>
-<tr><td>EX_http_transfer_jpeg</td><td>int</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>HTTP transfers as JPEG file<br/>(-j)</td></tr>
+<tr><td>EX_http_proxy_url</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Specify the proxy server address used by HTTP Fallback<br/>(-x {string})</td></tr>
+<tr><td>EX_http_transfer_jpeg</td><td>int</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>HTTP transfers as JPEG file<br/>(-j {int})</td></tr>
 <tr><td>EX_license_text</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>License file text override.<br/>By default ascp looks for license file near executable.<br/>(env:ASPERA_SCP_LICENSE)</td></tr>
 <tr><td>EX_no_read</td><td>bool</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>no read source<br/>(--no-read)</td></tr>
 <tr><td>EX_no_write</td><td>bool</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>no write on destination<br/>(--no-write)</td></tr>
 <tr><td>EX_proxy_password</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Password used for Aspera proxy server authentication.<br/>May be overridden by password in URL EX_fasp_proxy_url.<br/>(env:ASPERA_PROXY_PASS)</td></tr>
-<tr><td>EX_ssh_key_paths</td><td>array</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Use public key authentication for SSH and specify the private key file paths<br/>(-i)</td></tr>
+<tr><td>EX_ssh_key_paths</td><td>array</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Use public key authentication for SSH and specify the private key file paths<br/>(-i {array})</td></tr>
 <tr><td>apply_local_docroot</td><td>bool</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>(--apply-local-docroot)</td></tr>
 <tr><td>authentication</td><td>string</td><td>&nbsp;</td><td>&nbsp;</td><td>Y</td><td>value=token for SSH bypass keys, else password asked if not provided.</td></tr>
-<tr><td>cipher</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>In transit encryption type.<br/>Allowed values: none, aes-128, aes-192, aes-256, aes-128-cfb, aes-192-cfb, aes-256-cfb, aes-128-gcm, aes-192-gcm, aes-256-gcm<br/>(-c)</td></tr>
+<tr><td>cipher</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>In transit encryption type.<br/>Allowed values: none, aes-128, aes-192, aes-256, aes-128-cfb, aes-192-cfb, aes-256-cfb, aes-128-gcm, aes-192-gcm, aes-256-gcm<br/>(-c (conversion){enum})</td></tr>
 <tr><td>cipher_allowed</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>returned by node API. Valid literals include "aes-128" and "none".</td></tr>
-<tr><td>content_protection</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Enable client-side encryption at rest. (CSEAR, content protection)<br/>Allowed values: encrypt, decrypt<br/>(--file-crypt)</td></tr>
+<tr><td>content_protection</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Enable client-side encryption at rest. (CSEAR, content protection)<br/>Allowed values: encrypt, decrypt<br/>(--file-crypt {enum})</td></tr>
 <tr><td>content_protection_password</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies CSEAR password. (content protection)<br/>(env:ASPERA_SCP_FILEPASS)</td></tr>
 <tr><td>cookie</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Metadata for transfer specified by application<br/>(env:ASPERA_SCP_COOKIE)</td></tr>
 <tr><td>create_dir</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies whether to create new directories.<br/>(-d)</td></tr>
 <tr><td>delete_before_transfer</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>Before transfer, delete files that exist at the destination but not at the source.<br/>The source and destination arguments must be directories that have matching names.<br/>Objects on the destination that have the same name but different type or size as objects<br/>on the source are not deleted.<br/>(--delete-before-transfer)</td></tr>
 <tr><td>delete_source</td><td>bool</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>Remove SRC files after transfer success<br/>(--remove-after-transfer)</td></tr>
 <tr><td>destination_root</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Destination root directory.</td></tr>
-<tr><td>dgram_size</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>UDP datagram size in bytes<br/>(-Z)</td></tr>
-<tr><td>direction</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Direction of transfer (on client side)<br/>Allowed values: send, receive<br/>(--mode)</td></tr>
-<tr><td>exclude_newer_than</td><td>int</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>skip src files with mtime > arg<br/>(--exclude-newer-than)</td></tr>
-<tr><td>exclude_older_than</td><td>int</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>skip src files with mtime < arg<br/>(--exclude-older-than)</td></tr>
-<tr><td>fasp_port</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies fasp (UDP) port.<br/>(-O)</td></tr>
+<tr><td>dgram_size</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>UDP datagram size in bytes<br/>(-Z {int})</td></tr>
+<tr><td>direction</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Direction of transfer (on client side)<br/>Allowed values: send, receive<br/>(--mode (conversion){enum})</td></tr>
+<tr><td>exclude_newer_than</td><td>int</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>skip src files with mtime > arg<br/>(--exclude-newer-than {int})</td></tr>
+<tr><td>exclude_older_than</td><td>int</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>skip src files with mtime < arg<br/>(--exclude-older-than {int})</td></tr>
+<tr><td>fasp_port</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies fasp (UDP) port.<br/>(-O {int})</td></tr>
 <tr><td>file_checksum</td><td>string</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>Enable checksum reporting for transferred files by specifying the hash to use.<br/>Allowed values: sha-512, sha-384, sha-256, sha1, md5, none</td></tr>
-<tr><td>http_fallback</td><td>bool<br/>string</td><td>Y</td><td>Y</td><td>Y</td><td>When true(1), attempts to perform an HTTP transfer if a FASP transfer cannot be performed.<br/>(-y)</td></tr>
-<tr><td>http_fallback_port</td><td>int</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Specifies http port when no cipher is used<br/>(-t)</td></tr>
-<tr><td>https_fallback_port</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies https port when cipher is used<br/>(-t)</td></tr>
+<tr><td>http_fallback</td><td>bool<br/>string</td><td>Y</td><td>Y</td><td>Y</td><td>When true(1), attempts to perform an HTTP transfer if a FASP transfer cannot be performed.<br/>(-y (conversion){bool}|{string})</td></tr>
+<tr><td>http_fallback_port</td><td>int</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Specifies http port when no cipher is used<br/>(-t {int})</td></tr>
+<tr><td>https_fallback_port</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies https port when cipher is used<br/>(-t {int})</td></tr>
 <tr><td>lock_min_rate</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
 <tr><td>lock_min_rate_kbps</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
 <tr><td>lock_rate_policy</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
 <tr><td>lock_target_rate</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
 <tr><td>lock_target_rate_kbps</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
 <tr><td>min_rate_cap_kbps</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
-<tr><td>min_rate_kbps</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Set the minimum transfer rate in kilobits per second.<br/>(-m)</td></tr>
-<tr><td>move_after_transfer</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>The relative path to which the files will be moved after the transfer at the source side.<br/>(--move-after-transfer)</td></tr>
+<tr><td>min_rate_kbps</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Set the minimum transfer rate in kilobits per second.<br/>(-m {int})</td></tr>
+<tr><td>move_after_transfer</td><td>string</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>The relative path to which the files will be moved after the transfer at the source side. Available as of 3.8.0.<br/>(--move-after-transfer {string})</td></tr>
 <tr><td>multi_session</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Use multi-session transfer. max 128.<br/>Each participant on one host needs an independent UDP (-O) port.<br/>Large files are split between sessions only when transferring with resume_policy=none.<br/></td></tr>
-<tr><td>multi_session_threshold</td><td>int</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>Split files across multiple ascp sessions if their size in bytes is greater than or equal to the specified value.<br/>(0=no file is split)<br/>(--multi-session-threshold)</td></tr>
-<tr><td>overwrite</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Overwrite destination files with the source files of the same name.<br/>Allowed values: never, always, diff, older, diff+older<br/>(--overwrite)</td></tr>
+<tr><td>multi_session_threshold</td><td>int</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>Split files across multiple ascp sessions if their size in bytes is greater than or equal to the specified value.<br/>(0=no file is split)<br/>(--multi-session-threshold {int})</td></tr>
+<tr><td>overwrite</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Overwrite destination files with the source files of the same name.<br/>Allowed values: never, always, diff, older, diff+older<br/>(--overwrite {enum})</td></tr>
 <tr><td>password</td><td>string</td><td>&nbsp;</td><td>Y</td><td>&nbsp;</td><td>Password for local Windows user when transfer user associated with node api user is not the same as the one running asperanoded.<br/>Allows impersonating the transfer user and have access to resources (e.g. network shares).<br/>Windows only, node api only.</td></tr>
 <tr><td>paths</td><td>array</td><td>Y</td><td>Y</td><td>Y</td><td>Array of path to the source (required) and a path to the destination (optional).</td></tr>
 <tr><td>precalculate_job_size</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies whether to precalculate the job size.<br/>(--precalculate-job-size)</td></tr>
 <tr><td>preserve_access_time</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>(--preserve-access-time)</td></tr>
-<tr><td>preserve_acls</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Preserve access control lists.<br/>Allowed values: none, native, metafile<br/>(--preserve-acls)</td></tr>
+<tr><td>preserve_acls</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Preserve access control lists.<br/>Allowed values: none, native, metafile<br/>(--preserve-acls {enum})</td></tr>
 <tr><td>preserve_creation_time</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>(--preserve-creation-time)</td></tr>
 <tr><td>preserve_file_owner_gid</td><td>bool</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Preserve the group ID for a file owner<br/>(--preserve-file-owner-gid)</td></tr>
 <tr><td>preserve_file_owner_uid</td><td>bool</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Preserve the user ID for a file owner<br/>(--preserve-file-owner-uid)</td></tr>
 <tr><td>preserve_modification_time</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>(--preserve-modification-time)</td></tr>
-<tr><td>preserve_remote_acls</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Preserve remote access control lists.<br/>Allowed values: none, native, metafile<br/>(--remote-preserve-acls)</td></tr>
+<tr><td>preserve_remote_acls</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Preserve remote access control lists.<br/>Allowed values: none, native, metafile<br/>(--remote-preserve-acls {enum})</td></tr>
 <tr><td>preserve_source_access_time</td><td>bool</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Preserve the time logged for when the source file was accessed<br/>(--preserve-source-access-time)</td></tr>
 <tr><td>preserve_times</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>(--preserve-times)</td></tr>
-<tr><td>proxy</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Specify the address of the Aspera high-speed proxy server.<br/>dnat(s)://[user[:password]@]server:port<br/>Default ports for DNAT and DNATS protocols are 9091 and 9092.<br/>Password, if specified here, overrides the value of environment variable ASPERA_PROXY_PASS.<br/>(--proxy)</td></tr>
-<tr><td>rate_policy</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>The transfer rate policy to use when sharing bandwidth.<br/>Allowed values: low, fair, high, fixed<br/>(--policy)</td></tr>
+<tr><td>proxy</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Specify the address of the Aspera high-speed proxy server.<br/>dnat(s)://[user[:password]@]server:port<br/>Default ports for DNAT and DNATS protocols are 9091 and 9092.<br/>Password, if specified here, overrides the value of environment variable ASPERA_PROXY_PASS.<br/>(--proxy {string})</td></tr>
+<tr><td>rate_policy</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>The transfer rate policy to use when sharing bandwidth.<br/>Allowed values: low, fair, high, fixed<br/>(--policy {enum})</td></tr>
 <tr><td>rate_policy_allowed</td><td>string</td><td>&nbsp;</td><td>&nbsp;</td><td>Y</td><td>Specifies most aggressive rate policy that is allowed.<br/>Returned by node API.<br/>Allowed values: low, fair, high, fixed</td></tr>
-<tr><td>remote_host</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>IP or fully qualified domain name of the remote server<br/>(--host)</td></tr>
+<tr><td>remote_host</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>IP or fully qualified domain name of the remote server<br/>(--host {string})</td></tr>
 <tr><td>remote_password</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>SSH session password<br/>(env:ASPERA_SCP_PASS)</td></tr>
-<tr><td>remote_user</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Remote user. Default value is "xfer" on node or connect.<br/>(--user)</td></tr>
+<tr><td>remote_user</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Remote user. Default value is "xfer" on node or connect.<br/>(--user {string})</td></tr>
 <tr><td>remove_after_transfer</td><td>bool</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>Remove SRC files after transfer success<br/>(--remove-after-transfer)</td></tr>
 <tr><td>remove_empty_directories</td><td>bool</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>Specifies whether to remove empty directories.<br/>(--remove-empty-directories)</td></tr>
 <tr><td>remove_empty_source_directory</td><td>bool</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Remove empty source subdirectories and remove the source directory itself, if empty<br/>(--remove-empty-source-directory)</td></tr>
 <tr><td>remove_skipped</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>Must also have remove_after_transfer set to true, Defaults to false, if true, skipped files will be removed as well.<br/>(--remove-skipped)</td></tr>
-<tr><td>resume_policy</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>If a transfer is interrupted or fails to finish, resume without re-transferring the whole files.<br/>Allowed values: none, attrs, sparse_csum, full_csum<br/>(-k)</td></tr>
+<tr><td>resume_policy</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>If a transfer is interrupted or fails to finish, resume without re-transferring the whole files.<br/>Allowed values: none, attrs, sparse_csum, full_csum<br/>(-k (conversion){enum})</td></tr>
 <tr><td>retry_duration</td><td>string<br/>int</td><td>&nbsp;</td><td>Y</td><td>Y</td><td>Specifies how long to wait before retrying transfer. (e.g. "5min")</td></tr>
-<tr><td>source_root</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Path to be prepended to each source path.<br/>This is either a conventional path or it can be a URI but only if there is no root defined.<br/>(--source-prefix64)</td></tr>
+<tr><td>source_root</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Path to be prepended to each source path.<br/>This is either a conventional path or it can be a URI but only if there is no root defined.<br/>(--source-prefix64 (conversion){string})</td></tr>
 <tr><td>source_root_id</td><td>string</td><td>&nbsp;</td><td>Y</td><td>&nbsp;</td><td>The file ID of the source root directory. Required when using Bearer token auth for the source node.</td></tr>
-<tr><td>src_base</td><td>string</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>Specify the prefix to be stripped off from each source object.<br/>The remaining portion of the source path is kept intact at the destination.<br/>Special care must be taken when used with cloud storage.<br/>(--src-base64)</td></tr>
-<tr><td>ssh_port</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies SSH (TCP) port. Default: local:22, other:33001<br/>(-P)</td></tr>
+<tr><td>src_base</td><td>string</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>Specify the prefix to be stripped off from each source object.<br/>The remaining portion of the source path is kept intact at the destination.<br/>Special care must be taken when used with cloud storage.<br/>(--src-base64 (conversion){string})</td></tr>
+<tr><td>ssh_port</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies SSH (TCP) port. Default: local:22, other:33001<br/>(-P {int})</td></tr>
 <tr><td>ssh_private_key</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Private key used for SSH authentication.<br/>Shall look like: -----BEGIN RSA PRIV4TE KEY-----\nMII...<br/>Note the JSON encoding: \n for newlines.<br/>(env:ASPERA_SCP_KEY)</td></tr>
 <tr><td>ssh_private_key_passphrase</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>The passphrase associated with the transfer user's SSH private key. Available as of 3.7.2.<br/>(env:ASPERA_SCP_PASS)</td></tr>
-<tr><td>sshfp</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Check it against server SSH host key fingerprint<br/>(--check-sshfp)</td></tr>
-<tr><td>symlink_policy</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Handle source side symbolic links<br/>Allowed values: follow, copy, copy+force, skip<br/>(--symbolic-links)</td></tr>
-<tr><td>tags</td><td>hash</td><td>Y</td><td>Y</td><td>Y</td><td>Metadata for transfer as JSON<br/>(--tags64)</td></tr>
+<tr><td>sshfp</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Check it against server SSH host key fingerprint<br/>(--check-sshfp {string})</td></tr>
+<tr><td>symlink_policy</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Handle source side symbolic links<br/>Allowed values: follow, copy, copy+force, skip<br/>(--symbolic-links {enum})</td></tr>
+<tr><td>tags</td><td>hash</td><td>Y</td><td>Y</td><td>Y</td><td>Metadata for transfer as JSON<br/>(--tags64 (conversion){hash})</td></tr>
 <tr><td>target_rate_cap_kbps</td><td>int</td><td>&nbsp;</td><td>&nbsp;</td><td>Y</td><td>Returned by upload/download_setup node API.</td></tr>
-<tr><td>target_rate_kbps</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies desired speed for the transfer.<br/>(-l)</td></tr>
+<tr><td>target_rate_kbps</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies desired speed for the transfer.<br/>(-l {int})</td></tr>
 <tr><td>target_rate_percentage</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
 <tr><td>title</td><td>string</td><td>&nbsp;</td><td>Y</td><td>Y</td><td>Title of the transfer</td></tr>
 <tr><td>token</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Authorization token: Bearer, Basic or ATM (Also arg -W)<br/>(env:ASPERA_SCP_TOKEN)</td></tr>
@@ -2078,8 +2129,8 @@ Fields with EX_ prefix are extensions to transfer agent [`direct`](#agt_direct).
 
 The destination folder is set by `ascli` by default to:
 
-* `.` for downloads
-* `/` for uploads
+- `.` for downloads
+- `/` for uploads
 
 It is specified by the [*transfer-spec*](#transferspec) parameter `destination_root`.
 As such, it can be modified with option: `--ts=@json:'{"destination_root":"<path>"}'`.
@@ -2101,7 +2152,7 @@ The `sources` and `src_type` options provide convenient ways to populate the tra
 
 Possible values for option `sources` are:
 
-* `@args` : (default) the list of files (or file pair) is directly provided on the command line (after commands): unused arguments (not starting with `-`) are considered as source files.
+- `@args` : (default) the list of files (or file pair) is directly provided on the command line (after commands): unused arguments (not starting with `-`) are considered as source files.
 So, by default, the list of files to transfer will be simply specified on the command line. Example:
 
   ```bash
@@ -2114,13 +2165,13 @@ So, by default, the list of files to transfer will be simply specified on the co
   ascli server upload --sources=@args --src-type=list ~/mysample.file secondfile
   ```
 
-* an [Extended Value](#extended) with type **Array of String**
+- an [Extended Value](#extended) with type **Array of String**
 
   > Note: extended values can be tested with the command `conf echo`
 
   Examples:
 
-  * Using extended value
+  - Using extended value
 
     Create the file list:
 
@@ -2135,28 +2186,28 @@ So, by default, the list of files to transfer will be simply specified on the co
     --sources=@lines:@file:myfilelist.txt
     ```
 
-  * Using JSON array
+  - Using JSON array
 
     ```javascript
     --sources=@json:'["file1","file2"]'
     ```
 
-  * Using STDIN, one path per line
+  - Using STDIN, one path per line
 
     ```bash
     --sources=@lines:@stdin:
     ```
 
-  * Using ruby code (one path per line in file)
+  - Using ruby code (one path per line in file)
 
     ```ruby
     --sources=@ruby:'File.read("myfilelist.txt").split("\n")'
     ```
 
-* `@ts` : the user provides the list of files directly in the `paths` field of transfer spec (option `ts`).
+- `@ts` : the user provides the list of files directly in the `paths` field of transfer spec (option `ts`).
 Examples:
 
-  * Using transfer spec
+  - Using transfer spec
 
   ```javascript
   --sources=@ts --ts=@json:'{"paths":[{"source":"file1"},{"source":"file2"}]}'
@@ -2168,8 +2219,8 @@ The option `src_type` allows specifying if the list specified in option `sources
 
 Supported values for `src_type` are:
 
-* `list` : (default) the path of destination is the same as source and each entry is a source file path
-* `pair` : the first element is the first source, the second element is the first destination, and so on.
+- `list` : (default) the path of destination is the same as source and each entry is a source file path
+- `pair` : the first element is the first source, the second element is the first destination, and so on.
 
 Example: Source file `200KB.1` is renamed `sample1` on destination:
 
@@ -2183,7 +2234,7 @@ ascli server upload --src-type=pair ~/Documents/Samples/200KB.1 /Upload/sample1
 
 Multi session, i.e. starting a transfer of a file set using multiple sessions (one ascp process per session) is supported on "direct" and "node" agents, not yet on connect.
 
-* when agent=node :
+- when agent=node :
 
 ```javascript
 --ts=@json:'{"multi_session":10,"multi_session_threshold":1}'
@@ -2191,16 +2242,15 @@ Multi session, i.e. starting a transfer of a file set using multiple sessions (o
 
 Multi-session is directly supported by the node daemon.
 
-* when agent=direct :
+- when agent=direct :
 
 ```javascript
 --ts=@json:'{"multi_session":5,"multi_session_threshold":1,"resume_policy":"none"}'
 ```
 
-Note: resume policy of "attr" may cause problems. "none" or "sparse_csum"
-shall be preferred.
+Note: `resume_policy` set to `attr` may cause problems: `none` or `sparse_csum` shall be preferred.
 
-Multi-session spawn is done by `ascli`.
+`ascli` starts multiple `ascp` for Multi-session using `direct` agent.
 
 When multi-session is used, one separate UDP port is used per session (refer to `ascp` manual page).
 
@@ -2212,8 +2262,8 @@ using a passphrase, only known by users sharing files. Files stay encrypted on s
 
 activating CSEAR consists in using transfer spec parameters:
 
-* `content_protection` : activate encryption (`encrypt` for upload) or decryption (`decrypt` for download)
-* `content_protection_password` : the passphrase to be used.
+- `content_protection` : activate encryption (`encrypt` for upload) or decryption (`decrypt` for download)
+- `content_protection_password` : the passphrase to be used.
 
 Example: parameter to download a faspex package and decrypt on the fly
 
@@ -2229,25 +2279,25 @@ Note that up to version 4.6.0, the following parameters should be used for agent
 
 #### Transfer Spec Examples
 
-* Change target rate
+- Change target rate
 
 ```javascript
 --ts=@json:'{"target_rate_kbps":500000}'
 ```
 
-* Override the FASP SSH port to a specific TCP port:
+- Override the FASP SSH port to a specific TCP port:
 
 ```javascript
 --ts=@json:'{"ssh_port":33002}'
 ```
 
-* Force http fallback mode:
+- Force http fallback mode:
 
 ```javascript
 --ts=@json:'{"http_fallback":"force"}'
 ```
 
-* Activate progress when not activated by default on server
+- Activate progress when not activated by default on server
 
 ```javascript
 --ts=@json:'{"precalculate_job_size":true}'
@@ -2259,14 +2309,14 @@ In some conditions, it may be desirable to ensure that `ascli` is not executed s
 
 For instance when `ascli` is executed automatically on a schedule basis, one generally desire that a new execution is not started if a previous execution is still running because an on-going operation may last longer than the scheduling period:
 
-* Executing instances may pile-up and kill the system
-* The same file may be transferred by multiple instances at the same time.
-* `preview` may generate the same files in multiple instances.
+- Executing instances may pile-up and kill the system
+- The same file may be transferred by multiple instances at the same time.
+- `preview` may generate the same files in multiple instances.
 
 Usually the OS native scheduler already provides some sort of protection against parallel execution:
 
-* The Windows scheduler does this by default
-* Linux cron can leverage the utility [`flock`](https://linux.die.net/man/1/flock) to do the same:
+- The Windows scheduler does this by default
+- Linux cron can leverage the utility [`flock`](https://linux.die.net/man/1/flock) to do the same:
 
 ```bash
 /usr/bin/flock -w 0 /var/cron.lock ascli ...
@@ -2343,8 +2393,8 @@ faux:///filename?filesize
 
 where:
 
-* `filename` is the name that will be assigned to the file on the destination
-* `filesize` is the number of bytes that will be sent (in decimal).
+- `filename` is the name that will be assigned to the file on the destination
+- `filesize` is the number of bytes that will be sent (in decimal).
 
 Note: characters `?` and `&` are shell special characters (wildcard and backround), so `faux` file specification on command line should be protected (using quotes or `\`). If not, the shell may give error: `no matches found` or equivalent.
 
@@ -2358,8 +2408,8 @@ faux:///dirname?<arg1>=<val1>&...
 
 where:
 
-* `dirname` is the folder name and can contain `/` to specify a subfolder.
-* supported arguments are:
+- `dirname` is the folder name and can contain `/` to specify a subfolder.
+- supported arguments are:
 
 | Name   | Type | Description |
 |--------|------|-------------|
@@ -2372,19 +2422,19 @@ where:
 
 The sequence parameter is applied as follows:
 
-* If `seq` is `random` then each file size is:
+- If `seq` is `random` then each file size is:
 
-  * size +/- (inc * rand())
-  * Where rand is a random number between 0 and 1
-  * Note that file size must not be negative, inc will be set to size if it is greater than size
-  * Similarly, overall file size must be less than 8*2<sup>60</sup>. If size + inc is greater, inc will be reduced to limit size + inc to 7*2<sup>60</sup>.
+  - size +/- (inc * rand())
+  - Where rand is a random number between 0 and 1
+  - Note that file size must not be negative, inc will be set to size if it is greater than size
+  - Similarly, overall file size must be less than 8*2<sup>60</sup>. If size + inc is greater, inc will be reduced to limit size + inc to 7*2<sup>60</sup>.
 
-* If `seq` is `sequential` then each file size is:
+- If `seq` is `sequential` then each file size is:
 
-  * `size + ((fileindex - 1) * inc)`
-  * Where first file is index 1
-  * So file1 is `size` bytes, file2 is `size + inc` bytes, file3 is `size + inc * 2` bytes, etc.
-  * As with `random`, `inc` will be adjusted if `size + (count * inc)` is not less then 8*2<sup>60</sup>.
+  - `size + ((fileindex - 1) * inc)`
+  - Where first file is index 1
+  - So file1 is `size` bytes, file2 is `size + inc` bytes, file3 is `size + inc * 2` bytes, etc.
+  - As with `random`, `inc` will be adjusted if `size + (count * inc)` is not less then 8*2<sup>60</sup>.
 
 Filenames generated are of the form: `<file>_<00000 ... count>_<filesize>`
 
@@ -2392,19 +2442,19 @@ To discard data at the destination, the destination argument is set to `faux://`
 
 Examples:
 
-* Upload 20 gibibytes of random data to file myfile to directory /Upload
+- Upload 20 gibibytes of random data to file myfile to directory /Upload
 
 ```bash
 ascli server upload faux:///myfile\?20g --to-folder=/Upload
 ```
 
-* Upload a file /tmp/sample but do not save results to disk (no docroot on destination)
+- Upload a file /tmp/sample but do not save results to disk (no docroot on destination)
 
 ```bash
 ascli server upload /tmp/sample --to-folder=faux://
 ```
 
-* Upload a faux directory `mydir` containing 1 million files, sequentially with sizes ranging from 0 to 2 Mebibyte - 2 bytes, with the basename of each file being `testfile` to /Upload
+- Upload a faux directory `mydir` containing 1 million files, sequentially with sizes ranging from 0 to 2 Mebibyte - 2 bytes, with the basename of each file being `testfile` to /Upload
 
 ```bash
 ascli server upload "faux:///mydir?file=testfile&count=1m&size=0&inc=2&seq=sequential" --to-folder=/Upload
@@ -2415,7 +2465,7 @@ ascli server upload "faux:///mydir?file=testfile&count=1m&size=0&inc=2&seq=seque
 ```text
 ascli -h
 NAME
-        ascli -- a command line tool for Aspera Applications (v4.9.0)
+        ascli -- a command line tool for Aspera Applications (v4.10.0)
 
 SYNOPSIS
         ascli COMMANDS [OPTIONS] [ARGS]
@@ -2438,23 +2488,23 @@ COMMANDS
 OPTIONS
         Options begin with a '-' (minus), and value is provided on command line.
         Special values are supported beginning with special prefix @pfx:, where pfx is one of:
-        base64, json, zlib, ruby, csvt, lines, list, incps, val, file, path, env, uri, stdin, preset
+        base64, json, zlib, ruby, csvt, lines, list, incps, vault, val, file, path, env, uri, stdin, preset
         Dates format is 'DD-MM-YY HH:MM:SS', or 'now' or '-<num>h'
 
 ARGS
         Some commands require mandatory arguments, e.g. a path.
 
 OPTIONS: global
-        --interactive=ENUM           use interactive input of missing params: yes, [no]
-        --ask-options=ENUM           ask even optional options: yes, [no]
+        --interactive=ENUM           use interactive input of missing params: [no], yes
+        --ask-options=ENUM           ask even optional options: [no], yes
         --format=ENUM                output format: text, nagios, ruby, json, jsonpp, yaml, [table], csv
         --display=ENUM               output only some information: [info], data, error
         --fields=VALUE               comma separated list of fields, or ALL, or DEF
         --select=VALUE               select only some items in lists, extended value: hash (column, value)
         --table-style=VALUE          table display style
-        --flat-hash=ENUM             display hash values as additional keys: [yes], no
-        --transpose-single=ENUM      single object fields output vertically: [yes], no
-        --show-secrets=ENUM          show secrets on command output: yes, [no]
+        --flat-hash=ENUM             display hash values as additional keys: no, [yes]
+        --transpose-single=ENUM      single object fields output vertically: no, [yes]
+        --show-secrets=ENUM          show secrets on command output: [no], yes
     -h, --help                       Show this message.
         --bash-comp                  generate bash completion for command
         --show-config                Display parameters used for the provided action.
@@ -2467,10 +2517,10 @@ OPTIONS: global
         --lock-port=VALUE            prevent dual execution of a command, e.g. in cron
         --query=VALUE                additional filter for API calls (extended value) (some commands)
         --http-options=VALUE         options for http socket (extended value)
-        --insecure=ENUM              do not validate HTTPS certificate: [yes], no
-        --once-only=ENUM             process only new items (some commands): yes, [no]
-        --log-secrets=ENUM           show passwords in logs: yes, [no]
-        --cache-tokens=ENUM          save and reuse Oauth tokens: [yes], no
+        --insecure=ENUM              do not validate HTTPS certificate: no, [yes]
+        --once-only=ENUM             process only new items (some commands): [no], yes
+        --log-secrets=ENUM           show passwords in logs: [no], yes
+        --cache-tokens=ENUM          save and reuse Oauth tokens: no, [yes]
 
 COMMAND: config
 SUBCOMMANDS: list overview id preset open documentation genkey gem plugin flush_tokens echo wizard export_to_cli detect coffee ascp email_test smtp_settings proxy_check folder file check_update initdemo vault
@@ -2478,27 +2528,30 @@ OPTIONS:
         --value=VALUE                extended value for create, update, list filter
         --property=VALUE             name of property to set
         --id=VALUE                   resource identifier (modify,delete,show)
-        --bulk=ENUM                  Bulk operation (only some): yes, [no]
+        --bulk=ENUM                  Bulk operation (only some): [no], yes
+        --bfail=ENUM                 Bulk operation error handling: [no], yes
         --config-file=VALUE          read parameters from file in YAML format, current=/usershome/.aspera/ascli/config.yaml
     -N, --no-default                 do not load default configuration for plugin
-        --override=ENUM              Wizard: override existing value: yes, [no]
-        --use-generic-client=ENUM    Wizard: AoC: use global or org specific jwt client id: yes, [no]
-        --default=ENUM               Wizard: set as default configuration for specified plugin (also: update): yes, [no]
-        --test-mode=ENUM             Wizard: skip private key check step: yes, [no]
+        --override=ENUM              Wizard: override existing value: [no], yes
+        --use-generic-client=ENUM    Wizard: AoC: use global or org specific jwt client id: [no], yes
+        --default=ENUM               Wizard: set as default configuration for specified plugin (also: update): [no], yes
+        --test-mode=ENUM             Wizard: skip private key check step: [no], yes
     -P, --presetVALUE                load the named option preset from current config file
         --pkeypath=VALUE             Wizard: path to private key for JWT
-        --ascp-path=VALUE            path to ascp
-        --use-product=VALUE          use ascp from specified product
-        --smtp=VALUE                 smtp configuration (extended value: hash)
-        --fpac=VALUE                 proxy auto configuration script
-        --secret=VALUE               default secret
-        --secrets=VALUE              secret vault
+        --ascp-path=VALUE            Path to ascp
+        --use-product=VALUE          Use ascp from specified product
+        --smtp=VALUE                 SMTP configuration (extended value: hash)
+        --fpac=VALUE                 Proxy auto configuration script
+        --proxy-credentials=VALUE    HTTP proxy credentials (Array with user and password)
+        --secret=VALUE               Secret for access keys
+        --vault=VALUE                Vault for secrets
+        --vault-password=VALUE       Vault password
         --sdk-url=VALUE              URL to get SDK
         --sdk-folder=VALUE           SDK folder path
-        --notif-to=VALUE             email recipient for notification of transfers
-        --notif-template=VALUE       email ERB template for notification of transfers
-        --version-check-days=VALUE   period in days to check new version (zero to disable)
-        --plugin-folder=VALUE        folder where to find additional plugins
+        --notif-to=VALUE             Email recipient for notification of transfers
+        --notif-template=VALUE       Email ERB template for notification of transfers
+        --version-check-days=VALUE   Period in days to check new version (zero to disable)
+        --plugin-folder=VALUE        Folder where to find additional plugins
         --ts=VALUE                   override transfer spec values (Hash, use @json: prefix), current={"create_dir"=>true}
         --local-resume=VALUE         set resume policy (Hash, use @json: prefix), current=
         --to-folder=VALUE            destination folder for transfered files
@@ -2518,7 +2571,7 @@ OPTIONS:
 
 
 COMMAND: node
-SUBCOMMANDS: postprocess stream transfer cleanup forward access_key watch_folder service async central asperabrowser basic_token browse upload download api_details health events space info license mkdir mklink mkfile rename delete search
+SUBCOMMANDS: postprocess stream transfer cleanup forward access_key watch_folder service async sync central asperabrowser basic_token browse upload download api_details health events space info license mkdir mklink mkfile rename delete search
 OPTIONS:
         --url=VALUE                  URL of application, e.g. https://org.asperafiles.com
         --username=VALUE             username to log in
@@ -2537,7 +2590,7 @@ OPTIONS:
         --password=VALUE             user's password
         --params=VALUE               parameters hash table, use @json:{"param":"value"}
         --result=VALUE               specify result value as: 'work step:parameter'
-        --synchronous=ENUM           work step:parameter expected as result: yes, [no]
+        --synchronous=ENUM           work step:parameter expected as result: [no], yes
         --ret-style=ENUM             how return type is requested in api: header, arg, ext
         --auth-style=ENUM            authentication type: arg_pass, head_basic, apikey
 
@@ -2571,7 +2624,7 @@ OPTIONS:
 
 
 COMMAND: faspex5
-SUBCOMMANDS: health package admin user
+SUBCOMMANDS: health version user bearer_token package admin
 OPTIONS:
         --url=VALUE                  URL of application, e.g. https://org.asperafiles.com
         --username=VALUE             username to log in
@@ -2625,7 +2678,7 @@ OPTIONS:
         --case=VALUE                 basename of output for for test
         --scan-path=VALUE            subpath in folder id to start scan in (default=/)
         --scan-id=VALUE              forder id in storage to start scan in, default is access key main folder id
-        --mimemagic=ENUM             use Mime type detection of gem mimemagic: yes, [no]
+        --mimemagic=ENUM             use Mime type detection of gem mimemagic: [no], yes
         --overwrite=ENUM             when to overwrite result file: always, never, [mtime]
         --file-access=ENUM           how to read and write files in repository: [local], remote
         --max-size=VALUE             maximum size (in bytes) of preview file
@@ -2672,8 +2725,8 @@ OPTIONS:
         --new-user-option=VALUE      new user creation option for unknown package recipients
         --from-folder=VALUE          share to share source folder
         --scope=VALUE                OAuth scope for AoC API calls
-        --default-ports=ENUM         use standard FASP ports or get from node api: yes, [no]
-        --validate-metadata=ENUM     validate shared inbox metadata: yes, [no]
+        --default-ports=ENUM         use standard FASP ports or get from node api: [no], yes
+        --validate-metadata=ENUM     validate shared inbox metadata: [no], yes
 
 
 COMMAND: server
@@ -2755,9 +2808,9 @@ ascli config wizard --value=aoc
 
 Several types of OAuth authentication are supported:
 
-* JSON Web Token (JWT) : authentication is secured by a private key (recommended for CLI)
-* Web based authentication : authentication is made by user using a browser
-* URL Token : external users authentication with url tokens (public links)
+- JSON Web Token (JWT) : authentication is secured by a private key (recommended for CLI)
+- Web based authentication : authentication is made by user using a browser
+- URL Token : external users authentication with url tokens (public links)
 
 The authentication method is controlled by option `auth`.
 
@@ -2777,15 +2830,15 @@ Else you can use a specific OAuth API client_id, the first step is to declare `a
 
 Let's start by a registration with web based authentication (auth=web):
 
-* Open a web browser, log to your instance: e.g. `https://myorg.ibmaspera.com/`
-* Go to Apps&rarr;Admin&rarr;Organization&rarr;Integrations
-* Click "Create New"
-  * Client Name: `ascli`
-  * Redirect URIs: `http://localhost:12345`
-  * Origins: `localhost`
-  * uncheck "Prompt users to allow client to access"
-  * leave the JWT part for now
-* Save
+- Open a web browser, log to your instance: e.g. `https://myorg.ibmaspera.com/`
+- Go to Apps&rarr;Admin&rarr;Organization&rarr;Integrations
+- Click "Create New"
+  - Client Name: `ascli`
+  - Redirect URIs: `http://localhost:12345`
+  - Origins: `localhost`
+  - uncheck "Prompt users to allow client to access"
+  - leave the JWT part for now
+- Save
 
 Note: for web based authentication, `ascli` listens on a local port (e.g. specified by the redirect_uri, in this example: 12345), and the browser will provide the OAuth code there. For ``ascli`, HTTP is required, and 12345 is the default port.
 
@@ -2826,16 +2879,16 @@ a [private/public key pair](#private_key) must be used.
 
 If you are not using the built-in client_id and secret, JWT needs to be authorized in Aspera on Cloud. This can be done in two manners:
 
-* Graphically
+- Graphically
 
-  * Open a web browser, log to your instance: `https://myorg.ibmaspera.com/`
-  * Go to Apps&rarr;Admin&rarr;Organization&rarr;Integrations
-  * Click on the previously created application
-  * select tab : "JSON Web Token Auth"
-  * Modify options if necessary, for instance: activate both options in section "Settings"
-  * Click "Save"
+  - Open a web browser, log to your instance: `https://myorg.ibmaspera.com/`
+  - Go to Apps&rarr;Admin&rarr;Organization&rarr;Integrations
+  - Click on the previously created application
+  - select tab : "JSON Web Token Auth"
+  - Modify options if necessary, for instance: activate both options in section "Settings"
+  - Click "Save"
 
-* Using command line
+- Using command line
 
 ```bash
 ascli aoc admin res client list
@@ -2865,11 +2918,11 @@ The public key must be assigned to your user. This can be done in two manners:
 
 Open the previously generated public key located here: `$HOME/.aspera/ascli/my_private_key.pub`
 
-* Open a web browser, log to your instance: `https://myorg.ibmaspera.com/`
-* Click on the user's icon (top right)
-* Select "Account Settings"
-* Paste the *Public Key* in the "Public Key" section
-* Click on "Submit"
+- Open a web browser, log to your instance: `https://myorg.ibmaspera.com/`
+- Click on the user's icon (top right)
+- Select "Account Settings"
+- Paste the *Public Key* in the "Public Key" section
+- Click on "Submit"
 
 ##### Using command line
 
@@ -2900,9 +2953,9 @@ Note: the `aspera user info show` command can be used to verify modifications.
 
 To activate default use of JWT authentication for `ascli` using the [option preset](#lprt), do the following:
 
-* change auth method to JWT
-* provide location of private key
-* provide username to login as (OAuth "subject")
+- change auth method to JWT
+- provide location of private key
+- provide username to login as (OAuth "subject")
 
 Execute:
 
@@ -2962,13 +3015,13 @@ The option `query` can be optionally used. It expects a Hash using [Extended Val
 
 The following parameters are supported:
 
-* `q` : a filter on name of resource (case insensitive, matches if value is contained in name)
-* `sort`: name of fields to sort results, prefix with `-` for reverse order.
-* `max` : maximum number of items to retrieve (stop pages when the maximum is passed)
-* `pmax` : maximum number of pages to request (stop pages when the maximum is passed)
-* `page` : native api parameter, in general do not use (added by
-* `per_page` : native api parameter, number of items par api call, in general do not use
-* Other specific parameters depending on resource type.
+- `q` : a filter on name of resource (case insensitive, matches if value is contained in name)
+- `sort`: name of fields to sort results, prefix with `-` for reverse order.
+- `max` : maximum number of items to retrieve (stop pages when the maximum is passed)
+- `pmax` : maximum number of pages to request (stop pages when the maximum is passed)
+- `page` : native api parameter, in general do not use (added by
+- `per_page` : native api parameter, number of items par api call, in general do not use
+- Other specific parameters depending on resource type.
 
 Both `max` and `pmax` are processed internally in `ascli`, not included in actual API call and limit the number of successive pages requested to API. `ascli` will return all values using paging if not provided.
 
@@ -2982,19 +3035,19 @@ Other parameters depend on the type of entity (refer to AoC API).
 
 Examples:
 
-* List users with `laurent` in name:
+- List users with `laurent` in name:
 
 ```javascript
 ascli aoc admin res user list --query=--query=@json:'{"q":"laurent"}'
 ```
 
-* List users who logged-in before a date:
+- List users who logged-in before a date:
 
 ```javascript
 ascli aoc admin res user list --query=@json:'{"q":"last_login_at:<2018-05-28"}'
 ```
 
-* List external users and sort in reverse alphabetical order using name:
+- List external users and sort in reverse alphabetical order using name:
 
 ```javascript
 ascli aoc admin res user list --query=@json:'{"member_of_any_workspace":false,"sort":"-name"}'
@@ -3010,10 +3063,10 @@ Resources are identified by a unique `id`, as well as a unique `name` (case inse
 
 To execute an action on a specific resource, select it using one of those methods:
 
-* *recommended*: give id directly on command line *after the action*: `aoc admin res node show 123`
-* give name on command line *after the action*: `aoc admin res node show name abc`
-* provide option `id` : `aoc admin res node show --id=123`
-* provide option `name` : `aoc admin res node show --name=abc`
+- *recommended*: give id directly on command line *after the action*: `aoc admin res node show 123`
+- give name on command line *after the action*: `aoc admin res node show name abc`
+- provide option `id` : `aoc admin res node show --id=123`
+- provide option `name` : `aoc admin res node show --name=abc`
 
 #### <a id="res_create"></a>Creating a resource
 
@@ -3054,6 +3107,7 @@ If the command returns an error, example:
 |    | request_id: b0f45d5b-c00a-4711-acef-72b633f8a6ea                                  |
 |    | api.ibmaspera.com 422 Unprocessable Entity                                        |
 +----+-----------------------------------------------------------------------------------+```
+```
 
 Well, remove the offending parameters and try again.
 
@@ -3061,15 +3115,15 @@ Note that some properties that are shown in the web UI, such as membership, are
 
 #### Access Key secrets
 
-In order to access some administrative actions on "nodes" (in fact, access keys), the associated secret is required.
-It is usually provided using the `secret` option.
+In order to access some administrative actions on **nodes** (in fact, access keys), the associated secret is required.
+The secret is provided using the `secret` option.
 For example in a command like:
 
 ```bash
 ascli aoc admin res node --id=123 --secret="secret1" v3 info
 ```
 
-It is also possible to provide a set of secrets used on a regular basis using the [secret vault](#vault).
+It is also possible to store secrets in the [secret vault](#vault) and then automatically find the related secret using the [config finder](#config_finder).
 
 #### Activity
 
@@ -3097,7 +3151,7 @@ Thank you.
 
 The environment provided contains the following additional variable:
 
-* ev : all details on the transfer event
+- ev : all details on the transfer event
 
 Example:
 
@@ -3109,9 +3163,9 @@ ascli aoc admin analytics transfers --once-only=yes --lock-port=12345 \
 
 Options:
 
-* `once_only` keep track of last date it was called, so next call will get only new events
-* `query` filter (on API call)
-* `notify` send an email as specified by template, this could be places in a file with the `@file` modifier.
+- `once_only` keep track of last date it was called, so next call will get only new events
+- `query` filter (on API call)
+- `notify` send an email as specified by template, this could be places in a file with the `@file` modifier.
 
 Note this must not be executed in less than 5 minutes because the analytics interface accepts only a period of time between 5 minutes and 6 months. The period is [date of previous execution]..[now].
 
@@ -3321,7 +3375,7 @@ ascli aoc admin res user list --fields=email --select=@json:'{"member_of_any_wor
 
 #### Example: create a group, add to workspace and add user to group
 
-* Create the group and take note of `id`
+- Create the group and take note of `id`
 
 ```bash
 ascli aoc admin res group create @json:'{"name":"group 1","description":"my super group"}'
@@ -3329,7 +3383,7 @@ ascli aoc admin res group create @json:'{"name":"group 1","description":"my supe
 
 Group: `11111`
 
-* Get the workspace id
+- Get the workspace id
 
 ```bash
 ascli aoc admin res workspace list --query=@json:'{"q":"myworkspace"}' --fields=id --format=csv --display=data
@@ -3337,13 +3391,13 @@ ascli aoc admin res workspace list --query=@json:'{"q":"myworkspace"}' --fields=
 
 Workspace: 22222
 
-* Add group to workspace
+- Add group to workspace
 
 ```bash
 ascli aoc admin res workspace_membership create @json:'{"workspace_id":22222,"member_type":"user","member_id":11111}'
 ```
 
-* Get a user's id
+- Get a user's id
 
 ```bash
 ascli aoc admin res user list --query=@json:'{"q":"manu.macron@example.com"}' --fields=id --format=csv --display=data
@@ -3351,7 +3405,7 @@ ascli aoc admin res user list --query=@json:'{"q":"manu.macron@example.com"}' --
 
 User: 33333
 
-* Add user to group
+- Add user to group
 
 ```bash
 ascli aoc admin res group_membership create @json:'{"group_id":11111,"member_type":"user","member_id":33333}'
@@ -3430,8 +3484,8 @@ ascli aoc admin res client list --fields=id --format=csv|ascli aoc admin res cli
 
 AoC nodes as actually composed with two related entities:
 
-* An access key created on the Transfer Server (HSTS/ATS)
-* a `node` resource in the AoC application.
+- An access key created on the Transfer Server (HSTS/ATS)
+- a `node` resource in the AoC application.
 
 The web UI allows creation of both entities in one shot.
 For more flexibility, `ascli` allows this in two separate steps.
@@ -3439,7 +3493,7 @@ Note that when selecting "Use existing access key" in the web UI, this actually
 
 So, for example, the creation of a node using ATS in IBM Cloud looks like (see other example in this manual):
 
-* Create the access key on ATS
+- Create the access key on ATS
 
   The creation options are the ones of ATS API, refer to the [section on ATS](#ats_params) for more details and examples.
 
@@ -3447,9 +3501,11 @@ So, for example, the creation of a node using ATS in IBM Cloud looks like (see o
   ascli aoc admin ats access_key create --cloud=softlayer --region=eu-de --params=@json:'{"storage":{"type":"ibm-s3","bucket":"mybucket","credentials":{"access_key_id":"mykey","secret_access_key":"mysecret"},"path":"/"}}'
   ```
 
-  Once executed, the access key `id` and `secret`, randomly generated by the node api, is displayed: take note of it as the secrets will not be disclosed again.
+  Once executed, the access key `id` and `secret`, randomly generated by the node api, is displayed.
+  
+  > Note: Once returned by the API, the secret will not be available anymore, so store this preciously. ATS secrets can only be reset by asking to IBM support.
 
-* Create the AoC node entity
+- Create the AoC node entity
 
   First, Retrieve the ATS node address
 
@@ -3473,16 +3529,16 @@ Note the special case when the source files are located on "Aspera on Cloud" (i.
 
 Source files are located on "Aspera on cloud", when :
 
-* the server is Aspera on Cloud, and executing a download or recv
-* the agent is Aspera on Cloud, and executing an upload or send
+- the server is Aspera on Cloud, and executing a download or recv
+- the agent is Aspera on Cloud, and executing an upload or send
 
 In this case:
 
-* If there is a single file : specify the full path
-* Else, if there are multiple files:
-  * All source files must be in the same source folder
-  * Specify the source folder as first item in the list
-  * followed by the list of file names.
+- If there is a single file : specify the full path
+- Else, if there are multiple files:
+  - All source files must be in the same source folder
+  - Specify the source folder as first item in the list
+  - followed by the list of file names.
 
 ### Packages
 
@@ -3498,14 +3554,14 @@ ascli aoc packages send --value=[package extended value] [other parameters such
 
 Notes:
 
-* The `value` option can contain any supported package creation parameter. Refer to the AoC package creation API, or display an existing package in JSON to list attributes.
-* List allowed shared inbox destinations with: `ascli aoc packages shared_inboxes list`
-* Use fields: `recipients` and/or `bcc_recipients` to provide the list of recipients: user or shared inbox.
-  * Provide either ids as expected by API: `"recipients":[{"type":"dropbox","id":"1234"}]`
-  * or just names: `"recipients":[{"The Dest"}]` . ascli will resolve the list of email addresses and dropbox names to the expected type/id list, based on case insensitive partial match.
-* If a user recipient (email) is not already registered and the workspace allows external users, then the package is sent to an external user, and
-  * if the option `new_user_option` is `@json:{"package_contact":true}` (default), then a public link is sent and the external user does not need to create an account
-  * if the option `new_user_option` is `@json:{}`, then external users are invited to join the workspace
+- The `value` option can contain any supported package creation parameter. Refer to the AoC package creation API, or display an existing package in JSON to list attributes.
+- List allowed shared inbox destinations with: `ascli aoc packages shared_inboxes list`
+- Use fields: `recipients` and/or `bcc_recipients` to provide the list of recipients: user or shared inbox.
+  - Provide either ids as expected by API: `"recipients":[{"type":"dropbox","id":"1234"}]`
+  - or just names: `"recipients":[{"The Dest"}]` . ascli will resolve the list of email addresses and dropbox names to the expected type/id list, based on case insensitive partial match.
+- If a user recipient (email) is not already registered and the workspace allows external users, then the package is sent to an external user, and
+  - if the option `new_user_option` is `@json:{"package_contact":true}` (default), then a public link is sent and the external user does not need to create an account
+  - if the option `new_user_option` is `@json:{}`, then external users are invited to join the workspace
 
 #### Example: Send a package with one file to two users, using their email
 
@@ -3584,15 +3640,15 @@ It is possible to automatically download new packages, like using Aspera Cargo:
 ascli aoc packages recv --id=ALL --once-only=yes --lock-port=12345
 ```
 
-* `--id=ALL` (case sensitive) will download all packages
-* `--once-only=yes` keeps memory of any downloaded package in persistency files located in the configuration folder
-* `--lock-port=12345` ensures that only one instance is started at the same time, to avoid running two downloads in parallel
+- `--id=ALL` (case sensitive) will download all packages
+- `--once-only=yes` keeps memory of any downloaded package in persistency files located in the configuration folder
+- `--lock-port=12345` ensures that only one instance is started at the same time, to avoid running two downloads in parallel
 
 Typically, one would execute this command on a regular basis, using the method of your choice:
 
-* Windows: [Task Scheduler](https://docs.microsoft.com/en-us/windows/win32/taskschd/task-scheduler-start-page)
-* Linux/Unix: [cron](https://www.man7.org/linux/man-pages/man5/crontab.5.html)
-* etc...
+- Windows: [Task Scheduler](https://docs.microsoft.com/en-us/windows/win32/taskschd/task-scheduler-start-page)
+- Linux/Unix: [cron](https://www.man7.org/linux/man-pages/man5/crontab.5.html)
+- etc...
 
 ### Files
 
@@ -3610,37 +3666,37 @@ For creation, parameters are the same as for node api [permissions](https://deve
 Also, the pseudo key `with` is added: it will lookup the name in the contacts and fill the proper type and id.
 The pseudo parameter `link_name` allows changing default "shared as" name.
 
-* List permissions on a shared folder as user
+- List permissions on a shared folder as user
 
 ```bash
 ascli aoc files file --path=/shared_folder_test1 perm list
 ```
 
-* Share a personal folder with other users
+- Share a personal folder with other users
 
 ```bash
 ascli aoc files file --path=/shared_folder_test1 perm create @json:'{"with":"laurent"}'
 ```
 
-* Revoke shared access
+- Revoke shared access
 
 ```bash
 ascli aoc files file --path=/shared_folder_test1 perm delete 6161
 ```
 
-* List shared folders in node
+- List shared folders in node
 
 ```bash
 ascli aoc admin res node --id=8669 shared_folders
 ```
 
-* List shared folders in workspace
+- List shared folders in workspace
 
 ```bash
 ascli aoc admin res workspace --id=10818 shared_folders
 ```
 
-* List members of shared folder
+- List members of shared folder
 
 ```bash
 ascli aoc admin res node --id=8669 v4 perm 82 show
@@ -3654,11 +3710,11 @@ Although optional, the creation of [option preset](#lprt) is recommended to avoi
 
 Procedure to send a file from org1 to org2:
 
-* Get access to Organization 1 and create a [option preset](#lprt): e.g. `org1`, for instance, use the [Wizard](#aocwizard)
-* Check that access works and locate the source file e.g. `mysourcefile`, e.g. using command `files browse`
-* Get access to Organization 2 and create a [option preset](#lprt): e.g. `org2`
-* Check that access works and locate the destination folder `mydestfolder`
-* execute the following:
+- Get access to Organization 1 and create a [option preset](#lprt): e.g. `org1`, for instance, use the [Wizard](#aocwizard)
+- Check that access works and locate the source file e.g. `mysourcefile`, e.g. using command `files browse`
+- Get access to Organization 2 and create a [option preset](#lprt): e.g. `org2`
+- Check that access works and locate the destination folder `mydestfolder`
+- execute the following:
 
 ```bash
 ascli -Porg1 aoc files node_info /mydestfolder --format=json --display=data | ascli -Porg2 aoc files upload mysourcefile --transfer=node --transfer-info=@json:@stdin:
@@ -3666,15 +3722,15 @@ ascli -Porg1 aoc files node_info /mydestfolder --format=json --display=data | as
 
 Explanation:
 
-* `-Porg1 aoc` use Aspera on Cloud plugin and load credentials for `org1`
-* `files node_info /mydestfolder` generate transfer information including node api credential and root id, suitable for the next command
-* `--format=json` format the output in JSON (instead of default text table)
-* `--display=data` display only the result, and remove other information, such as workspace name
-* `|` the standard output of the first command is fed into the second one
-* `-Porg2 aoc` use Aspera on Cloud plugin and load credentials for `org2`
-* `files upload mysourcefile` upload the file named `mysourcefile` (located in `org1`)
-* `--transfer=node` use transfer agent type `node` instead of default [`direct`](#agt_direct)
-* `--transfer-info=@json:@stdin:` provide `node` transfer agent information, i.e. node API credentials, those are expected in JSON format and read from standard input
+- `-Porg1 aoc` use Aspera on Cloud plugin and load credentials for `org1`
+- `files node_info /mydestfolder` generate transfer information including node api credential and root id, suitable for the next command
+- `--format=json` format the output in JSON (instead of default text table)
+- `--display=data` display only the result, and remove other information, such as workspace name
+- `|` the standard output of the first command is fed into the second one
+- `-Porg2 aoc` use Aspera on Cloud plugin and load credentials for `org2`
+- `files upload mysourcefile` upload the file named `mysourcefile` (located in `org1`)
+- `--transfer=node` use transfer agent type `node` instead of default [`direct`](#agt_direct)
+- `--transfer-info=@json:@stdin:` provide `node` transfer agent information, i.e. node API credentials, those are expected in JSON format and read from standard input
 
 #### Find Files
 
@@ -3682,34 +3738,34 @@ The command `aoc files find [--value=expression]` will recursively scan storage
 
 The expression can be of 3 formats:
 
-* empty (default) : all files, equivalent to value: `exec:true`
-* not starting with `exec:` : the expression is a regular expression, using [Ruby Regex](https://ruby-doc.org/core/Regexp.html) syntax. equivalent to value: `exec:f['name'].match(/expression/)`
+- empty (default) : all files, equivalent to value: `exec:true`
+- not starting with `exec:` : the expression is a regular expression, using [Ruby Regex](https://ruby-doc.org/core/Regexp.html) syntax. equivalent to value: `exec:f['name'].match(/expression/)`
 
 For instance, to find files with a special extension, use `--value='\.myext$'`
 
-* starting with `exec:` : the Ruby code after the prefix is executed for each entry found. The entry variable name is `f`. The file is displayed if the result of the expression is true;
+- starting with `exec:` : the Ruby code after the prefix is executed for each entry found. The entry variable name is `f`. The file is displayed if the result of the expression is true;
 
 Examples of expressions: (using like this: `--value=exec:'<expression>'`)
 
-* Find files more recent than 100 days
+- Find files more recent than 100 days
 
 ```bash
 f["type"].eql?("file") and (DateTime.now-DateTime.parse(f["modified_time"]))<100
 ```
 
-* Find files older than 1 year on a given node and store in file list
+- Find files older than 1 year on a given node and store in file list
 
 ```bash
 ascli aoc admin res node --name='my node name' --secret='_secret_here_' v4 find / --fields=path --value='exec:f["type"].eql?("file") and (DateTime.now-DateTime.parse(f["modified_time"]))<100' --format=csv > my_file_list.txt
 ```
 
-* Delete the files, one by one
+- Delete the files, one by one
 
 ```bash
 cat my_file_list.txt|while read path;do echo ascli aoc admin res node --name='my node name' --secret='_secret_here_' v4 delete "$path" ;done
 ```
 
-* Delete the files in bulk
+- Delete the files in bulk
 
 ```bash
 cat my_file_list.txt | ascli aoc admin res node --name='my node name' --secret='_secret_here_' v3 delete @lines:@stdin:
@@ -3812,9 +3868,9 @@ aoc user workspaces list
 
 ATS is usable either :
 
-* from an AoC subscription : ascli aoc admin ats : use AoC authentication
+- from an AoC subscription : ascli aoc admin ats : use AoC authentication
 
-* or from an IBM Cloud subscription : ascli ats : use IBM Cloud API key authentication
+- or from an IBM Cloud subscription : ascli ats : use IBM Cloud API key authentication
 
 ### IBM Cloud ATS : creation of api key
 
@@ -3843,8 +3899,8 @@ UUID          ApiKey-05b8fadf-e7fe-4bc4-93a9-6fd348c5ab1f
 
 References:
 
-* [https://console.bluemix.net/docs/iam/userid_keys.html#userapikey](https://console.bluemix.net/docs/iam/userid_keys.html#userapikey)
-* [https://ibm.ibmaspera.com/helpcenter/transfer-service](https://ibm.ibmaspera.com/helpcenter/transfer-service)
+- [https://console.bluemix.net/docs/iam/userid_keys.html#userapikey](https://console.bluemix.net/docs/iam/userid_keys.html#userapikey)
+- [https://ibm.ibmaspera.com/helpcenter/transfer-service](https://ibm.ibmaspera.com/helpcenter/transfer-service)
 
 Then, to register the key by default for the ats plugin, create a preset. Execute:
 
@@ -3987,8 +4043,8 @@ server upload testfile.bin --to-folder=NEW_SERVER_FOLDER --ts=@json:'{"multi_ses
 
 If SSH is the session control protocol (i.e. not WSS), then following session authentication methods are supported:
 
-* SSH password
-* SSH keys (Multiple SSH key paths can be provided.)
+- SSH password
+- SSH keys (Multiple SSH key paths can be provided.)
 
 If username is not provided, the default transfer user `xfer` is used.
 
@@ -4030,10 +4086,10 @@ ERROR -- net.ssh.authentication.agent: could not connect to ssh-agent: pageant p
 
 This means that you don't have such an SSH agent running, then:
 
-* check env var: `SSH_AGENT_SOCK`
-* check if the SSH key is protected with a passphrase (then, use the `passphrase` SSH option)
-* [check the manual](https://net-ssh.github.io/ssh/v1/chapter-2.html#s2)
-* To disable the use of `ssh-agent`, use the option `ssh_options` like this:
+- check env var: `SSH_AGENT_SOCK`
+- check if the SSH key is protected with a passphrase (then, use the `passphrase` SSH option)
+- [check the manual](https://net-ssh.github.io/ssh/v1/chapter-2.html#s2)
+- To disable the use of `ssh-agent`, use the option `ssh_options` like this:
 
 ```bash
 ascli server --ssh-options=@ruby:'{use_agent: false}' ...
@@ -4061,15 +4117,15 @@ This plugin gives access to capabilities provided by HSTS node API.
 
 It is possible to:
 
-* browse
-* transfer (upload / download)
-* ...
+- browse
+- transfer (upload / download)
+- ...
 
 For transfers, it is possible to control how transfer is authorized using option: `token_type`:
 
-* `aspera` : api `<upload|download>_setup` is called to create the transfer spec including the Aspera token, used as is.
-* `hybrid` : same as `aspera`, but token is replaced with basic token like `basic`
-* `basic` : transfer spec is created like this:
+- `aspera` : api `<upload|download>_setup` is called to create the transfer spec including the Aspera token, used as is.
+- `hybrid` : same as `aspera`, but token is replaced with basic token like `basic`
+- `basic` : transfer spec is created like this:
 
 ```javascript
 {
@@ -4111,8 +4167,8 @@ Refer to [Aspera documentation](https://download.asperasoft.com/download/docs/en
 
 `ascli` supports remote operations through the node API. Operations are:
 
-* Start watchd and watchfolderd services running as a system user having access to files
-* configure a watchfolder to define automated transfers
+- Start watchd and watchfolderd services running as a system user having access to files
+- configure a watchfolder to define automated transfers
 
 ```javascript
 ascli node service create @json:'{"id":"mywatchd","type":"WATCHD","run_as":{"user":"user1"}}'
@@ -4170,8 +4226,11 @@ ascli node access_key create --value=@json:'{"id":"eudemo-sedemo","secret":"myst
 ```bash
 node -N -Ptst_node_preview access_key create --value=@json:'{"id":"aoc_1","storage":{"type":"local","path":"/"}}'
 node -N -Ptst_node_preview access_key delete aoc_1
-node access_key do my_aoc_ak_name br /
-node access_key list
+node -Pnode_srv access_key do my_aoc_ak_name br /
+node -Pnode_srv access_key list
+node -Pnode_srv service create @json:'{"id":"service1","type":"WATCHD","run_as":{"user":"user1"}}'
+node -Pnode_srv service delete service1
+node -Pnode_srv service list
 node api_details
 node async bandwidth 1
 node async counters 1
@@ -4195,10 +4254,18 @@ node mkfile /delfile1 "hello world"
 node mklink /todelete /tdlink
 node rename / delfile1 delfile
 node search / --value=@json:'{"sort":"mtime"}'
-node service create @json:'{"id":"service1","type":"WATCHD","run_as":{"user":"user1"}}'
-node service delete service1
-node service list
 node space /
+node sync bandwidth my_syncid
+node sync counters my_syncid
+node sync create --value=@json:'{"configuration":{"name":"sync1","local":{"path":"my_local_path"},"remote":{"host":"my_host","port":my_port,"user":"my_username","pass":"my_password","path":"my_remote_path"}}}'
+node sync delete my_syncid
+node sync files my_syncid
+node sync list
+node sync show my_syncid
+node sync start my_syncid
+node sync state my_syncid
+node sync stop my_syncid
+node sync summary my_syncid
 node transfer list --value=@json:'{"active_only":true}'
 node upload --to-folder="folder_1" --sources=@ts --ts=@json:'{"paths":[{"source":"/aspera-test-dir-small/10MB.1"}],"precalculate_job_size":true}' --transfer=node --transfer-info=@json:'{"url":"my_node_url","username":"my_node_user","password":"my_node_pass"}'
 node upload --username=my_aoc_ak_name --password=my_aoc_ak_secret testfile.bin --token-type=basic
@@ -4208,79 +4275,81 @@ node upload testfile.bin --to-folder=folder_1 --ts=@json:'{"target_rate_cap_kbps
 
 ## Plugin: IBM Aspera Faspex5
 
-This is currently in beta, limited operations are supported.
-
-This was tested with version Beta 5.
-
-The API is listed in [Faspex 5 API Reference](https://developer.ibm.com/apis/catalog/?search=faspex) under "IBM Aspera Faspex API".
-
-### Faspex 5 authentication
+IBM Aspera's newer self-managed application.
 
 3 authentication methods are supported:
 
-* jwt
-* web
-* boot
+- jwt
+- web
+- boot
 
-#### Faspex 5 using JWT
+### Faspex 5 JWT authentication
 
-This is the preferred method to use.
+This is the **recomended** method to use.
 
 For `jwt`, create an API client in Faspex with JWT support:
 
-* Select a private key file: if you don't have any refer to section [Private Key](#private_key)
-* Navigate to the web UI: Admin &rarr; Configurations &rarr; API Clients &rarr; Create
-* Activate JWT
-* Paste public key in the appropriate section
-* Click on Create Button
-* Take note of Client Id (and Client Secret, but not used in current version)
+- Select a private key file: if you don't have any refer to section [Private Key](#private_key)
+- Navigate to the web UI: Admin &rarr; Configurations &rarr; API Clients &rarr; Create
+- Activate JWT
+- Paste **public** key in the appropriate section
+- Click on Create Button
+- Take note of Client Id (and Client Secret, but not used in current version)
 
 Then use these options:
 
 ```text
 --auth=jwt
---client-id=xxx
---client-secret=xxx
---username=xxx
+--client-id=_client_id_here_
+--client-secret=_secret_here_
+--username=_username_here_
 --private-key=@file:.../path/to/key.pem
 ```
 
-#### Faspex 5 using web browser
+> The `private_key` option must contain the PEM value of the private key which can be read from a file using the modifier: `@file:`, e.g. `@file:/path/to/key.pem`.
+
+### Faspex 5 web authentication
 
 For `web` method, create an API client in Faspex without JWT:
 
-* Navigate to the web UI: Admin &rarr; Configurations &rarr; API Clients &rarr; Create
-* Do not Activate JWT
-* enter `https://127.0.0.1:8888` in the redirect URI
-* Click on Create Button
-* Take note of Client Id (and Client Secret, but not used in current version)
+- Navigate to the web UI: Admin &rarr; Configurations &rarr; API Clients &rarr; Create
+- Do not Activate JWT
+- Set **Redirect URI** to `https://127.0.0.1:8888`
+- Click on Create Button
+- Take note of Client Id (and Client Secret, but not used in current version)
 
 Then use options:
 
 ```text
 --auth=web
---client-id=xxx
---client-secret=xxx
+--client-id=_client_id_here_
+--client-secret=_secret_here_
 --redirect-uri=https://127.0.0.1:8888
 ```
 
-#### Faspex 5 using bootstrap
+### Faspex 5 bootstrap authentication
 
 For `boot` method: (will be removed in future)
 
-* open a browser
-* start developer mode
-* login to faspex 5
-* find the first API call with `Authorization` token, and copy it (kind of base64 long string)
+- Open a Web Browser
+- Start developer mode
+- Login to Faspex 5
+- Find the first API call with `Authorization` header, and copy the value of the token (series of base64 values with dots)
 
-Use it as password and use `--auth=boot`.
+Use this token as password and use `--auth=boot`.
 
 ```bash
-ascli conf id f5boot update --url=https://localhost/aspera/faspex --auth=boot --password=ABC.DEF.GHI...
+ascli conf id f5boot update --url=https://localhost/aspera/faspex --auth=boot --password=_token_here_
 ```
 
 ### Faspex 5 sample commands
 
+Most commands are directly REST API calls.
+Parameters to commandsa are carried through option `value`, as extended value.
+Usually using JSON format with prefix `@json:`.
+
+> The API is listed in [Faspex 5 API Reference](https://developer.ibm.com/apis/catalog?search="faspex+5") under **IBM Aspera Faspex API**.
+
 ```bash
 faspex5 admin res accounts list
 faspex5 admin res contacts list
@@ -4291,27 +4360,28 @@ faspex5 admin res registrations list
 faspex5 admin res saml_configs list
 faspex5 admin res shared_inboxes list
 faspex5 admin res workgroups list
+faspex5 bearer_token
 faspex5 health
 faspex5 package list --value=@json:'{"mailbox":"inbox","state":["released"]}'
 faspex5 package receive "my_package_id" --to-folder=.  --ts=@json:'{"content_protection_password":"abc123_yo"}'
 faspex5 package send --value=@json:'{"title":"test title","recipients":[{"name":"my_f5_user"}]}' testfile.bin --ts=@json:'{"content_protection_password":"_content_prot_here_"}'
 ```
 
-### Faspex 5 other examples
+Other examples:
 
-* List all shared inboxes
+- List all shared inboxes
 
 ```javascript
 ascli faspex5 admin res shared list --value=@json:'{"all":true}' --fields=id,name
 ```
 
-* Create Metadata profile
+- Create Metadata profile
 
 ```javascript
 ascli faspex5 admin res metadata_profiles create --value=@json:'{"name":"the profile","default":false,"title":{"max_length":200,"illegal_chars":[]},"note":{"max_length":400,"illegal_chars":[],"enabled":false},"fields":[{"ordering":0,"name":"field1","type":"text_area","require":true,"illegal_chars":[],"max_length":100},{"ordering":1,"name":"fff2","type":"option_list","require":false,"choices":["opt1","opt2"]}]}'
 ```
 
-* Create a Shared inbox with specific metadata profile
+- Create a Shared inbox with specific metadata profile
 
 ```javascript
 ascli faspex5 admin res shared create --value=@json:'{"name":"the shared inbox","metadata_profile_id":1}'
@@ -4321,8 +4391,8 @@ ascli faspex5 admin res shared create --value=@json:'{"name":"the shared inbox",
 
 Notes:
 
-* The command "v4" requires the use of APIv4, refer to the Faspex Admin manual on how to activate.
-* For full details on Faspex API, refer to: [Reference on Developer Site](https://developer.ibm.com/apis/catalog/?search=faspex)
+- The command "v4" requires the use of APIv4, refer to the Faspex Admin manual on how to activate.
+- For full details on Faspex API, refer to: [Reference on Developer Site](https://developer.ibm.com/apis/catalog/?search=faspex)
 
 ### Listing Packages
 
@@ -4336,18 +4406,18 @@ By default it looks in box `inbox`, but the following boxes are also supported:
 
 A user can receive a package because the recipient is:
 
-* the user himself (default)
-* the user is member of a dropbox/workgroup: filter using option `recipient` set with value `*<name of dropbox/workgroup>`
+- the user himself (default)
+- the user is member of a dropbox/workgroup: filter using option `recipient` set with value `*<name of dropbox/workgroup>`
 
 #### Option `query`
 
 As inboxes may be large, it is possible to use the following query parameters:
 
-* `count` : (native) number items in one API call (default=0, equivalent to 10)
-* `page` : (native) id of page in call (default=0)
-* `startIndex` : (native) index of item to start, default=0, oldest index=0
-* `max` : maximum number of items
-* `pmax` : maximum number of pages
+- `count` : (native) number items in one API call (default=0, equivalent to 10)
+- `page` : (native) id of page in call (default=0)
+- `startIndex` : (native) index of item to start, default=0, oldest index=0
+- `max` : maximum number of items
+- `pmax` : maximum number of pages
 
 (SQL query is `LIMIT <startIndex>, <count>`)
 
@@ -4367,9 +4437,9 @@ List a maximum of 20 items grouped by pages of 20, with maximum 2 pages in recei
 
 The command is `package recv`, possible methods are:
 
-* provide a package id with option `id`
-* provide a public link with option `link`
-* provide a `faspe:` URI with option `link`
+- provide a package id with option `id`
+- provide a public link with option `link`
+- provide a `faspe:` URI with option `link`
 
 ```bash
 ascli faspex package recv --id=12345
@@ -4401,8 +4471,8 @@ If the recipient is a dropbox or workgroup: provide the name of the dropbox or w
 
 Additional optional parameters in `delivery_info`:
 
-* Package Note: : `"note":"note this and that"`
-* Package Metadata: `"metadata":{"Meta1":"Val1","Meta2":"Val2"}`
+- Package Note: : `"note":"note this and that"`
+- Package Metadata: `"metadata":{"Meta1":"Val1","Meta2":"Val2"}`
 
 ### Email notification on transfer
 
@@ -4508,16 +4578,16 @@ Aspera Shares supports the "node API" for the file transfer part. (Shares 1 and
 
 ```bash
 shares admin share list
-shares admin share user_permissions 9
+shares admin share user_permissions 1
 shares admin user app_authorizations 1
 shares admin user list
 shares admin user share_permissions 1
 shares repository browse /
 shares repository delete my_shares_upload/testfile.bin
 shares repository download --to-folder=. my_shares_upload/testfile.bin
-shares repository download --to-folder=. my_shares_upload/testfile.bin --transfer=httpgw --transfer-info=@json:'{"url":"https://my_http_gw_fqdn/aspera/http-gwy/v1"}'
+shares repository download --to-folder=. my_shares_upload/testfile.bin --transfer=httpgw --transfer-info=@json:'{"url":"https://my_http_gw_fqdn/aspera/http-gwy"}'
 shares repository upload --to-folder=my_shares_upload testfile.bin
-shares repository upload --to-folder=my_shares_upload testfile.bin --transfer=httpgw --transfer-info=@json:'{"url":"https://my_http_gw_fqdn/aspera/http-gwy/v1"}'
+shares repository upload --to-folder=my_shares_upload testfile.bin --transfer=httpgw --transfer-info=@json:'{"url":"https://my_http_gw_fqdn/aspera/http-gwy"}'
 ```
 
 ## Plugin: Console
@@ -4525,8 +4595,9 @@ shares repository upload --to-folder=my_shares_upload testfile.bin --transfer=ht
 ### Console sample commands
 
 ```bash
-console transfer current list 
-console transfer smart list 
+console health
+console transfer current list
+console transfer smart list
 console transfer smart sub my_job_id @json:'{"source":{"paths":["my_file_name"]},"source_type":"user_selected"}'
 ```
 
@@ -4560,10 +4631,10 @@ There are two possibilities to provide credentials. If you already have the endp
 
 If you have those parameters already, then following options shall be provided:
 
-* `bucket` bucket name
-* `endpoint` storage endpoint url, e.g. `https://s3.hkg02.cloud-object-storage.appdomain.cloud`
-* `apikey` API Key
-* `crn` resource instance id
+- `bucket` bucket name
+- `endpoint` storage endpoint url, e.g. `https://s3.hkg02.cloud-object-storage.appdomain.cloud`
+- `apikey` API Key
+- `crn` resource instance id
 
 For example, let us create a default configuration:
 
@@ -4617,9 +4688,9 @@ The field `apikey` is for option `apikey`
 
 The required options for this method are:
 
-* `bucket` bucket name
-* `region` bucket region, e.g. eu-de
-* `service_credentials` see below
+- `bucket` bucket name
+- `region` bucket region, e.g. eu-de
+- `service_credentials` see below
 
 For example, let us create a default configuration:
 
@@ -4669,9 +4740,9 @@ The `preview` generates thumbnails (office, images, video) and video previews on
 It uses the **node API** of Aspera HSTS and requires use of Access Keys and it's **storage root**.
 Several parameters can be used to tune several aspects:
 
-* Methods for detection of new files needing generation
-* Methods for generation of video preview
-* Parameters for video handling
+- Methods for detection of new files needing generation
+- Methods for generation of video preview
+- Parameters for video handling
 
 ### Aspera Server configuration
 
@@ -4713,10 +4784,10 @@ Note: the HSTS parameter (max_request_file_create_size_kb) is in *kiloBytes* whi
 
 The tool requires the following external tools available in the `PATH`:
 
-* ImageMagick : `convert` `composite`
-* OptiPNG : `optipng`
-* FFmpeg : `ffmpeg` `ffprobe`
-* Libreoffice : `libreoffice`
+- ImageMagick : `convert` `composite`
+- OptiPNG : `optipng`
+- FFmpeg : `ffmpeg` `ffprobe`
+- Libreoffice : `libreoffice`
 
 Here shown on Redhat/CentOS.
 
@@ -4752,13 +4823,13 @@ If you don't want to have preview for office documents or if it is too complex y
 
 The generation of preview in based on the use of `unoconv` and `libreoffice`
 
-* CentOS 8
+- CentOS 8
 
 ```bash
 dnf install unoconv
 ```
 
-* Amazon Linux
+- Amazon Linux
 
 ```bash
 amazon-linux-extras enable libreoffice
@@ -4851,19 +4922,19 @@ Note that the logging options are kept in the cronfile instead of conf file to a
 
 The tool generates preview files using those commands:
 
-* `trevents` : only recently uploaded files will be tested (transfer events)
-* `events` : only recently uploaded files will be tested (file events: not working)
-* `scan` : recursively scan all files under the access key&apos;s "storage root"
-* `test` : test using a local file
+- `trevents` : only recently uploaded files will be tested (transfer events)
+- `events` : only recently uploaded files will be tested (file events: not working)
+- `scan` : recursively scan all files under the access key&apos;s "storage root"
+- `test` : test using a local file
 
 Once candidate are selected, once candidates are selected,
 a preview is always generated if it does not exist already,
 else if a preview already exist, it will be generated
 using one of three values for the `overwrite` option:
 
-* `always` : preview is always generated, even if it already exists and is newer than original
-* `never` : preview is generated only if it does not exist already
-* `mtime` : preview is generated only if the original file is newer than the existing
+- `always` : preview is always generated, even if it already exists and is newer than original
+- `never` : preview is generated only if it does not exist already
+- `mtime` : preview is generated only if the original file is newer than the existing
 
 Deletion of preview for deleted source files: not implemented yet (TODO).
 
@@ -4887,8 +4958,8 @@ For instance to filter out files beginning with `._` do:
 
 Two types of preview can be generated:
 
-* png: thumbnail
-* mp4: video preview (only for video)
+- png: thumbnail
+- mp4: video preview (only for video)
 
 Use option `skip_format` to skip generation of a format.
 
@@ -4896,11 +4967,11 @@ Use option `skip_format` to skip generation of a format.
 
 The preview generator supports rendering of those file categories:
 
-* image
-* pdf
-* plaintext
-* office
-* video
+- image
+- pdf
+- plaintext
+- office
+- video
 
 To avoid generation for some categories, specify a list using option `skip_types`.
 
@@ -4923,31 +4994,31 @@ In this case the `preview` command will first analyze the file content using mim
 
 If the `mimemagic` gem complains about missing mime info file:
 
-* any OS:
+- any OS:
 
-  * Examine the error message
-  * Download the file: <https://gitlab.freedesktop.org/xdg/shared-mime-info/-/raw/master/data/freedesktop.org.xml.in>
-  * move and rename this file to one of the locations expected by mimemagic as specified in the error message
+  - Examine the error message
+  - Download the file: <https://gitlab.freedesktop.org/xdg/shared-mime-info/-/raw/master/data/freedesktop.org.xml.in>
+  - move and rename this file to one of the locations expected by mimemagic as specified in the error message
 
-* Windows:
+- Windows:
 
-  * Download the file: <https://gitlab.freedesktop.org/xdg/shared-mime-info/-/raw/master/data/freedesktop.org.xml.in>
-  * Place this file in the root of Ruby (or elsewhere): `C:\RubyVV-x64\freedesktop.org.xml.in`
-  * Set a global variable using `SystemPropertiesAdvanced.exe` or using `cmd` (replace `VV` with version) to the exact path of this file:
+  - Download the file: <https://gitlab.freedesktop.org/xdg/shared-mime-info/-/raw/master/data/freedesktop.org.xml.in>
+  - Place this file in the root of Ruby (or elsewhere): `C:\RubyVV-x64\freedesktop.org.xml.in`
+  - Set a global variable using `SystemPropertiesAdvanced.exe` or using `cmd` (replace `VV` with version) to the exact path of this file:
 
   ```cmd
   SETX FREEDESKTOP_MIME_TYPES_PATH C:\RubyVV-x64\freedesktop.org.xml.in
   ```
 
-  * Close the `cmd` and restart a new one if needed to get refreshed env vars
+  - Close the `cmd` and restart a new one if needed to get refreshed env vars
 
-* Linux:
+- Linux:
 
 ```bash
 yum install shared-mime-info
 ```
 
-* macOS:
+- macOS:
 
 ```bash
 brew install shared-mime-info
@@ -5033,9 +5104,9 @@ The template is the full SMTP message, including headers.
 
 The following variables are defined by default:
 
-* from_name
-* from_email
-* to
+- from_name
+- from_email
+- to
 
 Other variables are defined depending on context.
 
@@ -5058,10 +5129,10 @@ A default e-mail template is used, but it can be overridden with option `notif_t
 
 The environment provided contains the following additional variables:
 
-* subject
-* body
-* global_transfer_status
-* ts
+- subject
+- body
+- global_transfer_status
+- ts
 
 Example of template:
 
@@ -5079,9 +5150,9 @@ This gem comes with a second executable tool providing a simplified standardized
 
 It aims at simplifying the startup of a FASP session from a programmatic stand point as formatting a [*transfer-spec*](#transferspec) is:
 
-* common to Aspera Node API (HTTP POST /ops/transfer)
-* common to Aspera Connect API (browser javascript startTransfer)
-* easy to generate by using any third party language specific JSON library
+- common to Aspera Node API (HTTP POST /ops/transfer)
+- common to Aspera Connect API (browser javascript startTransfer)
+- easy to generate by using any third party language specific JSON library
 
 Hopefully, IBM integrates this diectly in `ascp`, and this tool is made redundant.
 
@@ -5097,8 +5168,8 @@ During execution, it generates all low level events, one per line, in JSON forma
 
 Note that there are special "extended" [*transfer-spec*](#transferspec) parameters supported by `asession`:
 
-* `EX_loglevel` to change log level of the tool
-* `EX_file_list_folder` to set the folder used to store (exclusively, because of garbage collection) generated file lists. By default it is `[system tmp folder]/[username]_asession_filelists`
+- `EX_loglevel` to change log level of the tool
+- `EX_file_list_folder` to set the folder used to store (exclusively, because of garbage collection) generated file lists. By default it is `[system tmp folder]/[username]_asession_filelists`
 
 Note that in addition, many "EX_" [*transfer-spec*](#transferspec) parameters are supported for the [`direct`](#agt_direct) transfer agent (used by `asession`), refer to section [*transfer-spec*](#transferspec).
 
@@ -5176,13 +5247,14 @@ EXAMPLES
 
 ### Requirements
 
-`ascli` maybe used as a simple hot folder engine. A hot folder being defined as a tool that:
+`ascli` maybe used as a simple hot folder engine.
+A hot folder being defined as a tool that:
 
-* locally (or remotely) detects new files in a top folder
-* send detected files to a remote (respectively, local) repository
-* only sends new files, do not re-send already sent files
-* optionally: sends only files that are not still "growing"
-* optionally: after transfer of files, deletes or moves to an archive
+- locally (or remotely) detects new files in a top folder
+- send detected files to a remote (respectively, local) repository
+- only sends new files, do not re-send already sent files
+- optionally: sends only files that are not still "growing"
+- optionally: after transfer of files, deletes or moves to an archive
 
 In addition: the detection should be made "continuously" or on specific time/date.
 
@@ -5190,43 +5262,53 @@ In addition: the detection should be made "continuously" or on specific time/dat
 
 The general idea is to rely on :
 
-* existing `ascp` features for detection and transfer
-* take advantage of `ascli` configuration capabilities and server side knowledge
-* the OS scheduler for reliability and continuous operation
+- existing `ascp` features for detection and transfer
+- take advantage of `ascli` configuration capabilities and server side knowledge
+- the OS scheduler for reliability and continuous operation
 
 #### ascp features
 
 Interesting ascp features are found in its arguments: (see ascp manual):
 
-* `ascp` already takes care of sending only "new" files: option `-k 1,2,3`, or transfer_spec: `resume_policy`
-* `ascp` has some options to remove or move files after transfer: `--remove-after-transfer`, `--move-after-transfer`, `--remove-empty-directories`
-* `ascp` has an option to send only files not modified since the last X seconds: `--exclude-newer-than` (--exclude-older-than)
-* `--src-base` if top level folder name shall not be created on destination
+- `ascp` already takes care of sending only "new" files: option `-k 1,2,3` (`resume_policy`)
+- `ascp` has some options to remove or move files after transfer: `--remove-after-transfer`, `--move-after-transfer`, `--remove-empty-directories` (`remove_after_transfer`, `move_after_transfer`, `remove_empty_directories`)
+- `ascp` has an option to send only files not modified since the last X seconds: `--exclude-newer-than`, `--exclude-older-than` (`exclude_newer_than`,`exclude_older_than`)
+- `--src-base` (`src_base`) if top level folder name shall not be created on destination
 
 Note that:
 
-* `ascli` takes transfer parameters exclusively as a transfer_spec, with `--ts` parameter.
-* most, but not all native ascp arguments are available as standard transfer_spec parameters
-* native ascp arguments can be provided with the [*transfer-spec*](#transferspec) parameter: EX_ascp_args (array), only for the [`direct`](#agt_direct) transfer agent (not connect or node)
+- `ascli` takes transfer parameters exclusively as a [*transfer-spec*](#transferspec), with `--ts` parameter.
+- most, but not all, native `ascp` arguments are available as standard [*transfer-spec*](#transferspec) parameters
+- native ascp arguments can be provided with the [*transfer-spec*](#transferspec) parameter: `EX_ascp_args` (array), only for the [`direct`](#agt_direct) transfer agent (not others, like connect or node)
 
 #### server side and configuration
 
-Virtually any transfer on a "repository" on a regular basis might emulate a hot folder. Note that file detection is not based on events (inotify, etc...), but on a stateless scan on source side.
+Virtually any transfer on a "repository" on a regular basis might emulate a hot folder.
+> file detection is not based on events (inotify, etc...), but on a simple folder scan on source side.
 
-Note: parameters may be saved in a [option preset](#lprt) and used with `-P`.
+> parameters may be saved in a [option preset](#lprt) and used with `-P`.
 
 #### Scheduling
 
-Once `ascli` parameters are defined, run the command using the OS native scheduler, e.g. every minutes, or 5 minutes, etc... Refer to section [Scheduling](#scheduling).
+Once `ascli` parameters are defined, run the command using the OS native scheduler, e.g. every minutes, or 5 minutes, etc...
+Refer to section [Scheduling](#scheduling). (on use of option `lock_port`)
 
-### Example: upload folder
+### Example: upload hot folder
 
 ```javascript
-ascli server upload source_hot --to-folder=/Upload/target_hot --lock-port=12345 --ts=@json:'{"EX_ascp_args":["--remove-after-transfer","--remove-empty-directories","--exclude-newer-than=-8","--src-base","source_hot"]}'
+ascli server upload source_hot --to-folder=/Upload/target_hot --lock-port=12345 --ts=@json:'{"remove_after_transfer":true,"remove_empty_directories":true,"exclude_newer_than:-8,"src_base":"source_hot"}'
 ```
 
-The local folder (here, relative path: source_hot) is sent (upload) to basic fasp server, source files are deleted after transfer. growing files will be sent only once they don't grow anymore (based on an 8-second cooloff period). If a transfer takes more than the execution period, then the subsequent execution is skipped (lock-port).
+The local folder (here, relative path: `source_hot`) is sent (upload) to an aspera server.
+Source files are deleted after transfer.
+Growing files will be sent only once they don't grow anymore (based on an 8-second cooloff period).
+If a transfer takes more than the execution period, then the subsequent execution is skipped (`lock_port`) preventing multiple concurrent runs.
 
+### Example: unidirectional synchronization
+
+```javascript
+ascli server upload source_sync --to-folder=/Upload/target_sync --lock-port=12345 --ts=@json:'{"resume_policy":"sparse_csum","exclude_newer_than:-8,"src_base":"source_sync"}'
+```
 ## Health check and Nagios
 
 Most plugin provide a `health` command that will check the health status of the application. Example:
@@ -5245,9 +5327,9 @@ ascli console health
 
 Typically, the health check uses the REST API of the application with the following exception: the `server` plugin allows checking health by:
 
-* issuing a transfer to the server
-* checking web app status with `asctl all:status`
-* checking daemons process status
+- issuing a transfer to the server
+- checking web app status with `asctl all:status`
+- checking daemons process status
 
 `ascli` can be called by Nagios to check the health status of an Aspera server. The output can be made compatible to Nagios with option `--format=nagios` :
 
@@ -5271,9 +5353,9 @@ OK - [NP:running, MySQL:running, Mongrels:running, Background:running, DS:runnin
 
 Main components:
 
-* `Aspera` generic classes for REST and OAuth
-* `Aspera::Fasp`: starting and monitoring transfers. It can be considered as a FASPManager class for Ruby.
-* `Aspera::Cli`: `ascli`.
+- `Aspera` generic classes for REST and OAuth
+- `Aspera::Fasp`: starting and monitoring transfers. It can be considered as a FASPManager class for Ruby.
+- `Aspera::Cli`: `ascli`.
 
 A working example can be found in the gem, example:
 
@@ -5310,15 +5392,15 @@ When I joined Aspera, there was only one CLI: `ascp`, which is the implementatio
 
 There were a few pitfalls:
 
-* The tool was written in the aging `perl` language while most Aspera application products (but the Transfer Server) are written in `ruby`.
-* The tool was only for transfers, but not able to call other products APIs
+- The tool was written in the aging `perl` language while most Aspera application products (but the Transfer Server) are written in `ruby`.
+- The tool was only for transfers, but not able to call other products APIs
 
 So, it evolved into `ascli`:
 
-* portable: works on platforms supporting `ruby` (and `ascp`)
-* easy to install with the `gem` utility
-* supports transfers with multiple [Transfer Agents](#agents), that&apos;s why transfer parameters moved from ascp command line to [*transfer-spec*](#transferspec) (more reliable , more standard)
-* `ruby` is consistent with other Aspera products
+- portable: works on platforms supporting `ruby` (and `ascp`)
+- easy to install with the `gem` utility
+- supports transfers with multiple [Transfer Agents](#agents), that&apos;s why transfer parameters moved from ascp command line to [*transfer-spec*](#transferspec) (more reliable , more standard)
+- `ruby` is consistent with other Aspera products
 
 ## Common problems