aspera-cli 4.9.0 → 4.11.0

data/README.md

@@ -1,10 +1,13 @@
 # Command Line Interface for IBM Aspera products
+<!-- markdownlint-disable MD033 MD003 MD053 -->
 
 [comment1]: # (Do not edit this README.md, edit docs/README.erb.md, for details, read docs/README.md)
 
-Version : 4.9.0
+##
 
-Laurent/2016-2022
+Version : 4.11.0
+
+Laurent/2016-2023
 
 This gem provides the `ascli` Command Line Interface to IBM Aspera software.
 
@@ -14,9 +17,11 @@ Ruby Gem: [https://rubygems.org/gems/aspera-cli](https://rubygems.org/gems/asper
 
 Ruby Doc: [https://www.rubydoc.info/gems/aspera-cli](https://www.rubydoc.info/gems/aspera-cli)
 
-Minimum required Ruby version: >= 2.4. Deprecation notice: the minimum will be 2.5 in a future version.
+Minimum required Ruby version: >= 2.4.
+
+> **Deprecation notice**: the minimum Ruby version will be 2.7 in a future version.
 
-[Aspera APIs on IBM developer](https://developer.ibm.com/?size=30&q=aspera&DWContentType[0]=APIs)
+[Aspera APIs on IBM developer](https://developer.ibm.com/?size=30&q=aspera&DWContentType[0]=APIs&sort=title_asc)
 [Link 2](https://developer.ibm.com/apis/catalog/?search=aspera)
 
 Release notes: see [CHANGELOG.md](CHANGELOG.md)
@@ -33,26 +38,25 @@ One can also [create one's own plugin](#createownplugin).
 
 `ascli` is designed to be used as a command line tool to:
 
-* execute commands on Aspera products
-* transfer to/from Aspera products
+- Execute commands remotely on Aspera products
+- Transfer to/from Aspera products
 
 So it is designed for:
 
-* Interactive operations on a text terminal (typically, VT100 compatible)
-* Batch operations in (shell) scripts (e.g. cron job)
+- Interactive operations on a text terminal (typically, VT100 compatible), e.g. for maintenance
+- Scripting, e.g. batch operations in (shell) scripts (e.g. cron job)
 
 `ascli` can be seen as a command line tool integrating:
 
-* a configuration file (config.yaml)
-* advanced command line options
-* cURL (for REST calls)
-* Aspera transfer (ascp)
+- A configuration file (config.yaml)
+- Advanced command line options
+- cURL (for REST calls)
+- Aspera transfer (`ascp`)
 
-One might be tempted to use it as an integration element, e.g. by building a command line programmatically, and then executing it. It is generally not a good idea.
-For such integration cases, e.g. performing operations and transfer to aspera products, it is preferred to use [Aspera APIs](https://ibm.biz/aspera_api):
+If the need is to perform operations programmatically in languages such as: C, Go, Python, nodejs, ... then it is better to directly use [Aspera APIs](https://ibm.biz/aspera_api)
 
-* Product APIs (REST) : e.g. AoC, Faspex, node
-* Transfer SDK : with gRPC interface and language stubs (C, C++, Python, .NET/C#, java, ruby, etc...)
+- Product APIs (REST) : e.g. AoC, Faspex, node
+- Transfer SDK : with gRPC interface and language stubs (C, C++, Python, .NET/C#, java, ruby, etc...)
 
 Using APIs (application REST API and transfer SDK) will prove to be easier to develop and maintain.
 
@@ -64,7 +68,6 @@ In examples, command line operations are shown using a shell such: `bash` or `zs
 
 Command line parameters in examples beginning with `my_`, like `my_param_value` are user-provided value and not fixed value commands.
 
-
 ## Quick Start
 
 This section guides you from installation, first use and advanced use.
@@ -78,7 +81,7 @@ ascli --version
 ```
 
 ```bash
-4.9.0
+4.11.0
 ```
 
 ### First use
@@ -110,10 +113,10 @@ ascli server browse /
 
 If you want to use `ascli` with another server, and in order to make further calls more convenient, it is advised to define a [option preset](#lprt) for the server's authentication options. The following example will:
 
-* create a [option preset](#lprt)
-* define it as default for `server` plugin
-* list files in a folder
-* download a file
+- create a [option preset](#lprt)
+- define it as default for `server` plugin
+- list files in a folder
+- download a file
 
 ```bash
 ascli config preset update myserver --url=ssh://demo.asperasoft.com:33001 --username=asperaweb --password=_pass_here_
@@ -128,7 +131,7 @@ ascli config preset set default server myserver
 ```
 
 ```output
-updated: default&rarr;server to myserver
+updated: default &rarr; server to myserver
 ```
 
 ```bash
@@ -159,7 +162,7 @@ ascli server download /aspera-test-dir-large/200MB
 ```
 
 ```output
-Time: 00:00:02 ========================================================================================================== 100% 100 Mbps Time: 00:00:00
+Time: 00:00:02 =========================================================== 100% 100 Mbps Time: 00:00:00
 complete
 ```
 
@@ -175,9 +178,13 @@ It is possible to install *either* directly on the host operating system (Linux,
 
 The direct installation is recommended and consists in installing:
 
-* [Ruby](#ruby) (version: >= 2.4. Deprecation notice: the minimum will be 2.5 in a future version)
-* [aspera-cli](#the_gem)
-* [Aspera SDK (ascp)](#fasp_prot)
+- [Ruby](#ruby)
+- [aspera-cli](#the_gem)
+- [Aspera SDK (`ascp`)](#fasp_prot)
+
+Ruby version: >= 2.4.
+
+> **Deprecation notice**: the minimum Ruby version will be 2.7 in a future version.
 
 The following sections provide information on the various installation methods.
 
@@ -185,45 +192,136 @@ An internet connection is required for the installation. If you don't have inter
 
 ### Docker container
 
-This method installs a docker image that contains: Ruby, `ascli` and the FASP SDK.
+The image is: [martinlaurent/ascli](https://hub.docker.com/r/martinlaurent/ascli).
+The container contains: Ruby, `ascli` and the Aspera Transfer SDK.
+To use the container, ensure that you have `docker` (or `podman`) installed.
 
-The image is: <https://hub.docker.com/r/martinlaurent/ascli>. It is built from this [Dockerfile](Dockerfile).
+```bash
+docker --version
+```
 
-Ensure that you have Docker installed.
+**Wanna start quickly ?** With an interactive shell ? Execute this:
 
 ```bash
-docker --version
+docker run --tty --interactive --entrypoint bash martinlaurent/ascli:latest
 ```
 
-An example of wrapping script is provided: `dascli`. If you have installed `ascli`, the script `dascli` can be found:
+Then, execute individual `ascli` commands such as:
 
 ```bash
-cp $(ascli conf gem path)/../examples/dascli ascli
+ascli conf init
+ascli conf preset overview
+ascli conf ascp info
+ascli server ls /
 ```
 
-Alternatively [download from the GIT repo](https://raw.githubusercontent.com/IBM/aspera-cli/main/examples/dascli) :
+That is simple, but there are limitations:
+
+- Everything happens in the container
+- Any generated file in the container will be lost on container (shell) exit. Including configuration files and downloaded files.
+- No possibility to upload files located on the host system
+
+The container image is built from this [Dockerfile](Dockerfile): the entry point is `ascli` and the default command is `help`.
+
+The container can also be execute for individual commands like this: (add `ascli` commands and options at the end of the command line, e.g. `-v` to display the version)
 
 ```bash
-curl -o ascli https://raw.githubusercontent.com/IBM/aspera-cli/main/examples/dascli
+docker run --rm --tty --interactive martinlaurent/ascli:latest
 ```
 
+For more convenience, you may define a shell alias:
+
 ```bash
-chmod a+x ascli
+alias ascli='docker run --rm --tty --interactive martinlaurent/ascli:latest'
+```
+
+Then, you can execute the container like a local command:
+
+```bash
+ascli -v
+```
+
+```text
+4.11.0
+```
+
+In order to keep persistency of configuration on the host,
+you should mount your user's config folder to the container.
+To enable write access, a possibility is to run as `root` in the container (and set the default configuration folder to `/home/cliuser/.aspera/ascli`).
+Add options:
+
+```bash
+--user root --env ASCLI_HOME=/home/cliuser/.aspera/ascli --volume $HOME/.aspera/ascli:/home/cliuser/.aspera/ascli
+```
+
+> **Note:** if you are using a `podman machine`, e.g. on Macos , make sure that the folder is also shared between the VM and the host, so that sharing is: container &rarr; VM &rarr; Host: `podman machine init ... --volume="/Users:/Users"`
+
+As shown in the quick start, if you prefer to keep a running container with a shell and `ascli` available,
+you can change the entry point, add option:
+
+```bash
+--entrypoint bash
 ```
 
-Install the container image:
+You may also probably want that files downloaded in the container are in fact placed on the host.
+In this case you need also to mount the shared transfer folder:
 
 ```bash
-./ascli install
+--volume $HOME/xferdir:/xferfiles
 ```
 
-Note that ascli is run in the container, so transfers are also executed in the container (not calling host, like for the regular ascli).
+> **Note:** ascli is run inside the container, so transfers are also executed inside the container and do not have access to host storage by default.
 
-The wrapping script maps the folder `/usr/src/app/config` in the container to configuration folder `$HOME/.aspera/ascli` on host.
-This allows having persistent configuration.
+And if you want all the above, simply use all the options:
+
+```bash
+alias asclish="docker run --rm --tty --interactive --user root --env ASCLI_HOME=/home/cliuser/.aspera/ascli --volume $HOME/.aspera/ascli:/home/cliuser/.aspera/ascli --volume $HOME/xferdir:/xferfiles --entrypoint bash martinlaurent/ascli:latest"
+```
+
+```bash
+export xferdir=$HOME/xferdir
+mkdir -p $xferdir
+chmod -R 777 $xferdir
+mkdir -p $HOME/.aspera/ascli
+asclish
+```
 
-To transfer to/from the native host, you will need to map a volume in docker or use the config folder (already mapped).
-To add local storage as a volume edit the script: `ascli` and add a `--volume` stanza near the existing one.
+A convenience sample script is also provided: download the script [`dascli`](../examples/dascli) from [the GIT repo](https://raw.githubusercontent.com/IBM/aspera-cli/main/examples/dascli) :
+
+> **Note:** If you have installed `ascli`, the script `dascli` can also be found: `cp $(ascli conf gem path)/../examples/dascli ascli`
+
+Some environment variables can be set for this script to adapt its behaviour:
+
+| env var      | description                        | default                  | example                  |
+|--------------|------------------------------------|--------------------------|--------------------------|
+| ASCLI_HOME | configuration folder (persistency) | `$HOME/.aspera/ascli` | `$HOME/.ascliconfig`     |
+| docker_args  | additional options to `docker`     | &lt;empty&gt;            | `--volume /Users:/Users` |
+| image        | container image name               | martinlaurent/ascli      |                          |
+| version      | container image version            | latest                   | `4.8.0.pre`              |
+
+The wrapping script maps the folder `$ASCLI_HOME` on host to `/home/cliuser/.aspera/ascli` in the container.
+(value expected in the container).
+This allows having persistent configuration on the host.
+
+To add local storage as a volume, you can use the env var `docker_args`:
+
+Example of use:
+
+```bash
+curl -o ascli https://raw.githubusercontent.com/IBM/aspera-cli/main/examples/dascli
+chmod a+x ascli
+export xferdir=$HOME/xferdir
+mkdir -p $xferdir
+chmod -R 777 $xferdir
+export docker_args="--volume $xferdir:/xferfiles"
+
+./ascli conf init
+
+echo 'Local file to transfer' > $xferdir/samplefile.txt
+./ascli server upload /xferfiles/samplefile.txt --to-folder=/Upload
+```
+
+> **Note:** The local file (`samplefile.txt`) is specified relative to storage view from container (`/xferfiles`) mapped to the host folder `$HOME/xferdir`
 
 ### <a id="ruby"></a>Ruby
 
@@ -231,7 +329,9 @@ Use this method to install on the native host.
 
 A ruby interpreter is required to run the tool or to use the gem and tool.
 
-Required Ruby version: >= 2.4. Deprecation notice: the minimum will be 2.5 in a future version.
+Required Ruby version: >= 2.4.
+
+> **Deprecation notice**: the minimum Ruby version will be 2.7 in a future version.
 
 *Ruby can be installed using any method* : rpm, yum, dnf, rvm, brew, windows installer, ... .
 
@@ -239,7 +339,7 @@ Refer to the following sections for a proposed method for specific operating sys
 
 The recommended installation method is `rvm` for systems with "bash-like" shell (Linux, macOS, Windows with cygwin, etc...).
 If the generic install is not suitable (e.g. Windows, no cygwin), you can use one of OS-specific install method.
-If you have a simpler better way to install Ruby : use it ! (version: >= 2.4. Deprecation notice: the minimum will be 2.5 in a future version)
+If you have a simpler better way to install Ruby : use it !
 
 #### Generic: RVM: single user installation (not root)
 
@@ -247,18 +347,14 @@ Use this method which provides more flexibility.
 
 Install "rvm": follow [https://rvm.io/](https://rvm.io/) :
 
-Install the 2 keys
-
-```bash
-gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
-```
-
 Execute the shell/curl command. As regular user, it install in the user's home: `~/.rvm` .
 
 ```bash
 \curl -sSL https://get.rvm.io | bash -s stable
 ```
 
+Follow on-screen instructions to install keys, and then re-execute the command.
+
 If you keep the same terminal (not needed if re-login):
 
 ```bash
@@ -306,11 +402,10 @@ rvm version
 
 Install Latest stable Ruby:
 
-* Navigate to [https://rubyinstaller.org/](https://rubyinstaller.org/) &rarr; **Downloads**.
-* Download the latest Ruby installer **with devkit**. (Msys2 is needed to install some native extensions, such as `grpc`)
-* Execute the installer which installs by default in: `RubyVV-x64` (VV is the version number)
-* At the end of the installation procedure execute the Msys2 installer (ridk install) and select option 3 (msys and mingw)
-* Install the "mime info" file as specified in [this section](#mimeinfo).
+- Navigate to [https://rubyinstaller.org/](https://rubyinstaller.org/) &rarr; **Downloads**.
+- Download the latest Ruby installer **with devkit**. (Msys2 is needed to install some native extensions, such as `grpc`)
+- Execute the installer which installs by default in: `C:\RubyVV-x64` (VV is the version number)
+- At the end of the installation procedure, the Msys2 installer is automatically executed, select option 3 (msys and mingw)
 
 #### macOS: pre-installed or `brew`
 
@@ -330,15 +425,20 @@ brew install ruby
 
 If your Linux distribution provides a standard ruby package, you can use it provided that the version is compatible (check at beginning of section).
 
-Example: Centos 8 Stream
+Example: RHEL 8 and 9: basic installation
+
+```bash
+yum module install ruby:3.1
+```
+
+Example: RHEL 8, Centos 8 Stream: with extensions to compile native gems
 
 ```bash
 yum install make automake gcc gcc-c++ kernel-devel
 yum install redhat-rpm-config
 dnf module reset ruby
-dnf module enable ruby:3.0
-dnf module -y install ruby:3.0/common
-gem install aspera-cli
+dnf module enable ruby:3.1
+dnf module -y install ruby:3.1/common
 ```
 
 Other examples:
@@ -391,7 +491,7 @@ If you already have a Java JVM on your system (`java`), it is possible to use `j
 
 <https://www.jruby.org/download>
 
-Note that using jruby the startup time is longer than the native ruby, but transfer speed is not impacted (executed by `ascp` binary).
+> **Note:** Using jruby the startup time is longer than the native ruby, but the transfer speed is not impacted (executed by `ascp` binary).
 
 ### <a id="the_gem"></a>`aspera-cli` gem
 
@@ -420,8 +520,8 @@ ascli conf check_update
 Most file transfers will be done using the FASP protocol, using `ascp`.
 Only two additional files are required to perform an Aspera Transfer, which are part of Aspera SDK:
 
-* ascp
-* aspera-license (in same folder, or ../etc)
+- `ascp`
+- aspera-license (in same folder, or ../etc)
 
 This can be installed either be installing an Aspera transfer software, or using an embedded command:
 
@@ -443,11 +543,11 @@ The format is: `file:///<path>`, where `<path>` can be either a relative path (n
 
 If the embedded method is not used, the following packages are also suitable:
 
-* IBM Aspera Connect Client (Free)
-* IBM Aspera Desktop Client (Free)
-* IBM Aspera CLI (Free)
-* IBM Aspera High Speed Transfer Server (Licensed)
-* IBM Aspera High Speed Transfer EndPoint (Licensed)
+- IBM Aspera Connect Client (Free)
+- IBM Aspera Desktop Client (Free)
+- IBM Aspera CLI (Free)
+- IBM Aspera High Speed Transfer Server (Licensed)
+- IBM Aspera High Speed Transfer EndPoint (Licensed)
 
 For instance, Aspera Connect Client can be installed
 by visiting the page: [https://www.ibm.com/aspera/connect/](https://www.ibm.com/aspera/connect/).
@@ -460,33 +560,34 @@ Use of a local client ([`direct`](#agt_direct) transfer agent) is one of them, b
 
 ### <a id="offline_install"></a>Installation in air gapped environment
 
-Note that currently no pre-packaged version exist yet.
+> **Note:** no pre-packaged version is provided.
+
 A method to build one is provided here:
 
 The procedure:
 
-* Follow the non-root installation procedure with RVM, including gem
-* Archive (zip, tar) the main RVM folder (includes ascli):
+- Follow the non-root installation procedure with RVM, including gem
+- Archive (zip, tar) the main RVM folder (includes ascli):
 
 ```bash
 cd $HOME && tar zcvf rvm-ascli.tgz .rvm
 ```
 
-* Get the Aspera SDK.
+- Get the Aspera SDK.
 
 ```bash
 ascli conf --show-config --fields=sdk_url
 ```
 
-* Download the SDK archive from that URL.
+- Download the SDK archive from that URL.
 
 ```bash
 curl -Lso SDK.zip https://ibm.biz/aspera_sdk
 ```
 
-* Transfer those 2 files to the target system
+- Transfer those 2 files to the target system
 
-* On target system
+- On target system
 
 ```bash
 cd $HOME
@@ -498,7 +599,7 @@ source ~/.rvm/scripts/rvm
 ascli conf ascp install --sdk-url=file:///SDK.zip
 ```
 
-* Add those lines to shell init (`.profile`)
+- Add those lines to shell init (`.profile`)
 
 ```bash
 source ~/.rvm/scripts/rvm
@@ -508,27 +609,27 @@ source ~/.rvm/scripts/rvm
 
 The `aspera-cli` Gem provides a command line interface (CLI) which interacts with Aspera Products (mostly using REST APIs):
 
-* IBM Aspera High Speed Transfer Server (FASP and Node)
-* IBM Aspera on Cloud (including ATS)
-* IBM Aspera Faspex
-* IBM Aspera Shares
-* IBM Aspera Console
-* IBM Aspera Orchestrator
-* and more...
+- IBM Aspera High Speed Transfer Server (FASP and Node)
+- IBM Aspera on Cloud (including ATS)
+- IBM Aspera Faspex
+- IBM Aspera Shares
+- IBM Aspera Console
+- IBM Aspera Orchestrator
+- and more...
 
 `ascli` provides the following features:
 
-* Supports most Aspera server products (on-premise and SaaS)
-* Any command line options (products URL, credentials or any option) can be provided on command line, in configuration file, in env var, in files
-* Supports Commands, Option values and Parameters shortcuts
-* FASP [Transfer Agents](#agents) can be: local ascp, or Connect Client, or any transfer node
-* Transfer parameters can be altered by modification of [*transfer-spec*](#transferspec), this includes requiring multi-session
-* Allows transfers from products to products, essentially at node level (using the node transfer agent)
-* Supports FaspStream creation (using Node API)
-* Supports Watchfolder creation (using Node API)
-* Additional command plugins can be written by the user
-* Supports download of faspex and Aspera on Cloud "external" links
-* Supports "legacy" ssh based FASP transfers and remote commands (ascmd)
+- Supports most Aspera server products (on-premise and SaaS)
+- Any command line options (products URL, credentials or any option) can be provided on command line, in configuration file, in env var, in files
+- Supports Commands, Option values and Parameters shortcuts
+- FASP [Transfer Agents](#agents) can be: local `ascp`, or Connect Client, or any transfer node
+- Transfer parameters can be altered by modification of [*transfer-spec*](#transferspec), this includes requiring multi-session
+- Allows transfers from products to products, essentially at node level (using the node transfer agent)
+- Supports FaspStream creation (using Node API)
+- Supports Watchfolder creation (using Node API)
+- Additional command plugins can be written by the user
+- Supports download of faspex and Aspera on Cloud "external" links
+- Supports "legacy" ssh based FASP transfers and remote commands (ascmd)
 
 Basic usage is displayed by executing:
 
@@ -544,12 +645,12 @@ Not all `ascli` features are fully documented here, the user may explore command
 
 If you want to use `ascp` directly as a command line, refer to IBM Aspera documentation of either [Desktop Client](https://www.ibm.com/docs/en/asdc), [Endpoint](https://www.ibm.com/docs/en/ahte) or [Transfer Server](https://www.ibm.com/docs/en/ahts) where [a section on `ascp` can be found](https://www.ibm.com/docs/en/ahts/4.4?topic=linux-ascp-transferring-from-command-line).
 
-Using `ascli` with plugin `server` for command line gives advantages over ascp:
+Using `ascli` with plugin `server` for command line gives advantages over `ascp`:
 
-* automatic resume on error
-* configuration file
-* choice of transfer agents
-* integrated support of multi-session
+- automatic resume on error
+- configuration file
+- choice of transfer agents
+- integrated support of multi-session
 
 Moreover all `ascp` options are supported either through transfer spec parameters and with the possibility to provide `ascp` arguments directly when the `direct` agent is used (`EX_ascp_args`).
 
@@ -573,8 +674,8 @@ On Windows, `cmd.exe` is typically used.
 Windows process creation does not receive the list of arguments but just the whole line.
 It's up to the program to parse arguments. Ruby follows the Microsoft C/C++ parameter parsing rules.
 
-* [Windows: How Command Line Parameters Are Parsed](https://daviddeley.com/autohotkey/parameters/parameters.htm#RUBY)
-* [Understand Quoting and Escaping of Windows Command Line Arguments](http://www.windowsinspired.com/understanding-the-command-line-string-and-arguments-received-by-a-windows-program/)
+- [Windows: How Command Line Parameters Are Parsed](https://daviddeley.com/autohotkey/parameters/parameters.htm#RUBY)
+- [Understand Quoting and Escaping of Windows Command Line Arguments](http://www.windowsinspired.com/understanding-the-command-line-string-and-arguments-received-by-a-windows-program/)
 
 #### Extended Values (JSON, Ruby, ...)
 
@@ -597,7 +698,8 @@ ERROR: Argument: unprocessed values: ["2", "3"]
 ```
 
 `config echo` displays the value of the first argument using Ruby syntax: it surrounds a string with `"` and add `\` before special characters.
-Note that it gets its value after shell command line parsing and `ascli` extended value parsing.
+
+> **Note:** It gets its value after shell command line parsing and `ascli` extended value parsing.
 
 In the following examples (using a POSIX shell, such as `bash`), several sample commands are provided when equivalent.
 For all example, most of special character handling is not specific to `ascli`: It depoends on the underlying syntax: shell , JSON, etc...
@@ -606,7 +708,7 @@ Depending on the case, a different `format` is used to display the actual value.
 For example, in the simple string `Hello World`, the space character is special for the shell, so it must be escaped so that a single value is represented.
 
 Double quotes are processed by the shell to create a single string argument.
-For POSIX shells, single quotes can also be used in this case, or protext the special character ` ` (space) with a backslash.
+For POSIX shells, single quotes can also be used in this case, or protext the special character ` ` (space) with a backslash. <!-- markdownlint-disable-line -->
 
 ```bash
 ascli conf echo "Hello World" --format=text
@@ -621,8 +723,9 @@ Hello World
 #### Using a shell variable, parsed by shell, in an extended value
 
 To be evaluated by shell, the shell variable must not be in single quotes.
-Note we use a simple variable here: the variable is not necessarily an environment variable.
-Even if the variable contains spaces it makes only one argument to `ascli` because word parsing is made before variable expansion by shell. 
+Even if the variable contains spaces it makes only one argument to `ascli` because word parsing is made before variable expansion by shell.
+
+> **Note:** we use a simple variable here: the variable is not necessarily an environment variable.
 
 ```bash
 MYVAR="Hello World"
@@ -666,9 +769,9 @@ Here a single quote or a backslash protects the double quote to avoid shell proc
 
 Construction of values with special characters is done like this:
 
-* First select a syntax to represent the extended value, e.g. JSON or Ruby
+- First select a syntax to represent the extended value, e.g. JSON or Ruby
 
-* Write the expression using this syntax, for example, using JSON:
+- Write the expression using this syntax, for example, using JSON:
 
 ```json
 {"title":"Test \" ' & \\"}
@@ -683,7 +786,7 @@ or using Ruby:
 
 Both `"` and `\` are special characters for JSON and Ruby and can be protected with `\` (unless Ruby's extended single quote notation `%q` is used).
   
-* Then, since the value will be evaluated by shell, any shell special characters must be protected, either using preceding `\` for each character to protect, or by enclosing in single quote:
+- Then, since the value will be evaluated by shell, any shell special characters must be protected, either using preceding `\` for each character to protect, or by enclosing in single quote:
 
 ```bash
 ascli conf echo @json:{\"title\":\"Test\ \\\"\ \'\ \&\ \\\\\"} --format=json
@@ -748,10 +851,10 @@ There are two types of command line arguments: Commands and Options. Example :
 ascli command subcommand --option-name=VAL1 VAL2
 ```
 
-* executes *command*: `command subcommand`
-* with one *option*: `option_name`
-* this option is given a *value* of: `VAL1`
-* the command has one additional *argument*: `VAL2`
+- executes *command*: `command subcommand`
+- with one *option*: `option_name`
+- this option is given a *value* of: `VAL1`
+- the command has one additional *argument*: `VAL2`
 
 When the value of a command, option or argument is constrained by a fixed list of values, it is possible to use the first letters of the value only, provided that it uniquely identifies a value. For example `ascli conf ov` is the same as `ascli config overview`.
 
@@ -761,16 +864,16 @@ The value of options and arguments is evaluated with the [Extended Value Syntax]
 
 All options, e.g. `--log-level=debug`, are command line arguments that:
 
-* start with `--`
-* have a name, in lowercase, using `-` as word separator in name  (e.g. `--log-level=debug`)
-* have a value, separated from name with a `=`
-* can be used by prefix, provided that it is unique. E.g. `--log-l=debug` is the same as `--log-level=debug`
+- start with `--`
+- have a name, in lowercase, using `-` as word separator in name  (e.g. `--log-level=debug`)
+- have a value, separated from name with a `=`
+- can be used by prefix, provided that it is unique. E.g. `--log-l=debug` is the same as `--log-level=debug`
 
 Exceptions:
 
-* some options accept a short form, e.g. `-Ptoto` is equivalent to `--preset=toto`, refer to the manual or `-h`.
-* some options (flags) don't take a value, e.g. `-r`
-* the special option `--` stops option processing and is ignored, following command line arguments are taken as arguments, including the ones starting with a `-`. Example:
+- some options accept a short form, e.g. `-Ptoto` is equivalent to `--preset=toto`, refer to the manual or `-h`.
+- some options (flags) don't take a value, e.g. `-r`
+- the special option `--` stops option processing and is ignored, following command line arguments are taken as arguments, including the ones starting with a `-`. Example:
 
 ```bash
 ascli config echo -- --sample
@@ -780,15 +883,15 @@ ascli config echo -- --sample
 "--sample"
 ```
 
-Note that here, `--sample` is taken as an argument, and not as an option, due to `--`.
+> **Note:** Here, `--sample` is taken as an argument, and not as an option, due to `--`.
 
 Options can be optional or mandatory, with or without (hardcoded) default value. Options can be placed anywhere on command line and evaluated in order.
 
 The value for *any* options can come from the following locations (in this order, last value evaluated overrides previous value):
 
-* [Configuration file](#configfile).
-* Environment variable
-* Command line
+- [Configuration file](#configfile).
+- Environment variable
+- Command line
 
 Environment variable starting with prefix: ASCLI_ are taken as option values, e.g. `ASCLI_OPTION_NAME` is for `--option-name`.
 
@@ -804,11 +907,11 @@ Some options and parameters are mandatory and other optional. By default, the to
 
 The behavior can be controlled with:
 
-* --interactive=&lt;yes|no&gt; (default=yes if STDIN is a terminal, else no)
-  * yes : missing mandatory parameters/options are asked to the user
-  * no : missing mandatory parameters/options raise an error message
-* --ask-options=&lt;yes|no&gt; (default=no)
-  * optional parameters/options are asked to user
+- --interactive=&lt;yes|no&gt; (default=yes if STDIN is a terminal, else no)
+  - yes : missing mandatory parameters/options are asked to the user
+  - no : missing mandatory parameters/options raise an error message
+- --ask-options=&lt;yes|no&gt; (default=no)
+  - optional parameters/options are asked to user
 
 ### Output
 
@@ -819,12 +922,12 @@ The information displayed depends on the action.
 
 Depending on action, the output will contain:
 
-* `single_object` : displayed as a 2 dimensional table: one line per attribute, first column is attribute name, and second is attribute value. Nested hashes are collapsed.
-* `object_list` : displayed as a 2 dimensional table: one line per item, one column per attribute.
-* `value_list` : a table with one column.
-* `empty` : nothing
-* `status` : a message
-* `other_struct` : a complex structure that cannot be displayed as an array
+- `single_object` : displayed as a 2 dimensional table: one line per attribute, first column is attribute name, and second is attribute value. Nested hashes are collapsed.
+- `object_list` : displayed as a 2 dimensional table: one line per item, one column per attribute.
+- `value_list` : a table with one column.
+- `empty` : nothing
+- `status` : a message
+- `other_struct` : a complex structure that cannot be displayed as an array
 
 #### Format of output
 
@@ -841,13 +944,13 @@ If transposition of single object is not desired, use option: `transpose_single`
 
 The style of output can be set using the `format` parameter, supporting:
 
-* `text` : Value as String
-* `table` : Text table
-* `ruby` : Ruby code
-* `json` : JSON code
-* `jsonpp` : JSON pretty printed
-* `yaml` : YAML
-* `csv` : Comma Separated Values
+- `text` : Value as String
+- `table` : Text table
+- `ruby` : Ruby code
+- `json` : JSON code
+- `jsonpp` : JSON pretty printed
+- `yaml` : YAML
+- `csv` : Comma Separated Values
 
 #### <a id="option_select"></a>Option: `select`: Filter on columns values for `object_list`
 
@@ -866,21 +969,21 @@ ascli aoc admin res user list --fields=name,email,ats_admin --query=@json:'{"sor
 :...............................:..................................:...........:
 ```
 
-Note that `select` filters selected elements from the result of API calls, while the `query` parameters gives filtering parameters to the API when listing elements.
+> **Note:** `select` filters selected elements from the result of API calls, while the `query` parameters gives filtering parameters to the API when listing elements.
 
 #### Verbosity of output
 
 Output messages are categorized in 3 types:
 
-* `info` output contain additional information, such as number of elements in a table
-* `data` output contain the actual output of the command (object, or list of objects)
-* `error`output contain error messages
+- `info` output contain additional information, such as number of elements in a table
+- `data` output contain the actual output of the command (object, or list of objects)
+- `error`output contain error messages
 
 The option `display` controls the level of output:
 
-* `info` displays all messages: `info`, `data`, and `error`
-* `data` display `data` and `error` messages
-* `error` display only error messages.
+- `info` displays all messages: `info`, `data`, and `error`
+- `data` display `data` and `error` messages
+- `error` display only error messages.
 
 By default, secrets are removed from output: option `show_secrets` defaults to `no`, unless `display` is `data`, to allows piping results.
 To hide secrets from output, set option `show_secrets` to `no`.
@@ -889,12 +992,12 @@ To hide secrets from output, set option `show_secrets` to `no`.
 
 By default, a table output will display one line per entry, and columns for each entries. Depending on the command, columns may include by default all properties, or only some selected properties. It is possible to define specific columns to be displayed, by setting the `fields` option to one of the following value:
 
-* DEF : default display of columns (that's the default, when not set)
-* ALL : all columns available
-* a,b,c : the list of attributes specified by the comma separated list
-* Array extended value: for instance, @json:'["a","b","c"]' same as above
-* +a,b,c : add selected properties to the default selection.
-* -a,b,c : remove selected properties from the default selection.
+- DEF : default display of columns (that's the default, when not set)
+- ALL : all columns available
+- a,b,c : the list of attributes specified by the comma separated list
+- Array extended value: for instance, @json:'["a","b","c"]' same as above
+- +a,b,c : add selected properties to the default selection.
+- -a,b,c : remove selected properties from the default selection.
 
 ### <a id="extended"></a>Extended Value Syntax
 
@@ -910,24 +1013,24 @@ The difference between reader and decoder is order and ordinality. Both act like
 
 The following "readers" are supported (returns value in []):
 
-* @val:VALUE   : [String] prevent further special prefix processing, e.g. `--username=@val:laurent` sets the option `username` to value `laurent`.
-* @file:PATH   : [String] read value from a URL, e.g. `--fpac=@uri:http://serv/f.pac`
-* @uri:URL     : [String] read value from a file (prefix `~/` is replaced with the users home folder), e.g. `--key=@file:~/.ssh/mykey`
-* @path:PATH   : [String] performs path expansion (prefix `~/` is replaced with the users home folder), e.g. `--config-file=@path:~/sample_config.yml`
-* @env:ENVVAR  : [String] read from a named env var, e.g.--password=@env:MYPASSVAR
-* @stdin:      : [String] read from stdin (no value on right)
-* @preset:NAME : [Hash] get whole option preset value by name. Subvalues can also be used using `.` as separator. e.g. foo.bar is conf[foo][bar]
+- @val:VALUE   : [String] prevent further special prefix processing, e.g. `--username=@val:laurent` sets the option `username` to value `laurent`.
+- @file:PATH   : [String] read value from a URL, e.g. `--fpac=@uri:http://serv/f.pac`
+- @uri:URL     : [String] read value from a file (prefix `~/` is replaced with the users home folder), e.g. `--key=@file:~/.ssh/mykey`
+- @path:PATH   : [String] performs path expansion (prefix `~/` is replaced with the users home folder), e.g. `--config-file=@path:~/sample_config.yml`
+- @env:ENVVAR  : [String] read from a named env var, e.g.--password=@env:MYPASSVAR
+- @stdin:      : [String] read from stdin (no value on right)
+- @preset:NAME : [Hash] get whole option preset value by name. Subvalues can also be used using `.` as separator. e.g. `foo.bar` is `conf[foo][bar]`
 
 In addition it is possible to decode a value, using one or multiple decoders :
 
-* @base64: [String] decode a base64 encoded string
-* @json: [any] decode JSON values (convenient to provide complex structures)
-* @zlib: [String] uncompress data
-* @ruby: [any] execute ruby code
-* @csvt: [Array] decode a titled CSV value
-* @lines: [Array] split a string in multiple lines and return an array
-* @list: [Array] split a string in multiple items taking first character as separator and return an array
-* @incps: [Hash] include values of presets specified by key `incps` in input hash
+- @base64: [String] decode a base64 encoded string
+- @json: [any] decode JSON values (convenient to provide complex structures)
+- @zlib: [String] uncompress data
+- @ruby: [any] execute ruby code
+- @csvt: [Array] decode a titled CSV value
+- @lines: [Array] split a string in multiple lines and return an array
+- @list: [Array] split a string in multiple items taking first character as separator and return an array
+- @incps: [Hash] include values of presets specified by key `incps` in input hash
 
 To display the result of an extended value, use the `config echo` command.
 
@@ -978,7 +1081,7 @@ ascli config echo @incps:@json:'{"hello":true,"incps":["config"]}'
 {"version"=>"0.9", "hello"=>true}
 ```
 
-Note that `@incps:@json:'{"incps":["config"]}'` or `@incps:@ruby:'{"incps"=>["config"]}'` is equivalent to: `@preset:config`
+> **Note:** `@incps:@json:'{"incps":["config"]}'` or `@incps:@ruby:'{"incps"=>["config"]}'` are equivalent to: `@preset:config`
 
 ### <a id="native"></a>Structured Value
 
@@ -1057,7 +1160,7 @@ The command `update` allows the easy creation of [option preset](#lprt) by simpl
 ascli config preset update demo_server --url=ssh://demo.asperasoft.com:33001 --username=asperaweb --password=_pass_here_ --ts=@json:'{"precalculate_job_size":true}'
 ```
 
-* This creates a [option preset](#lprt) `demo_server` with all provided options.
+- This creates a [option preset](#lprt) `demo_server` with all provided options.
 
 The command `set` allows setting individual options in a [option preset](#lprt).
 
@@ -1090,6 +1193,8 @@ If necessary, the configuration file can opened in a text editor with:
 ascli config open
 ```
 
+> **Note:** this starts the editor specified by env var `EDITOR` if defined.
+
 Older format for commands are still supported:
 
 ```bash
@@ -1108,7 +1213,7 @@ This preset name is reserved and contains an array of key-value , where the key
 
 When a plugin is invoked, the preset associated with the name of the plugin is loaded, unless the option --no-default (or -N) is used.
 
-Note that special plugin name: `config` can be associated with a preset that is loaded initially, typically used for default values.
+> **Note:** Special plugin name: `config` can be associated with a preset that is loaded initially, typically used for default values.
 
 Operations on this preset are done using regular `config` operations:
 
@@ -1124,9 +1229,9 @@ ascli config preset get default _plugin_name_
 "_default_preset_for_plugin_"
 ```
 
-#### <a id="lplugconf"></a>Special Plugin: config
+#### <a id="config"></a>Plugin: `config`: CLI Configuration
 
-Plugin `config` (not to be confused with Option preset config) is used to configure `ascli` but it also contains global options.
+Plugin `config` is used to configure `ascli` and also contains global options.
 
 When `ascli` starts, it looks for the `default` Option preset and if there is a value for `config`, if so, it loads the option values for any plugin used.
 
@@ -1195,16 +1300,16 @@ demo_server:
 
 We can see here:
 
-* The configuration was created with CLI version 0.3.7
-* the default [option preset](#lprt) to load for `server` plugin is : `demo_server`
-* the [option preset](#lprt) `demo_server` defines some parameters: the URL and credentials
-* the default [option preset](#lprt) to load in any case is : `cli_default`
+- The configuration was created with CLI version 0.3.7
+- the default [option preset](#lprt) to load for `server` plugin is : `demo_server`
+- the [option preset](#lprt) `demo_server` defines some parameters: the URL and credentials
+- the default [option preset](#lprt) to load in any case is : `cli_default`
 
 Two [option presets](#lprt) are reserved:
 
-* `config` contains a single value: `version` showing the CLI
+- `config` contains a single value: `version` showing the CLI
 version used to create the configuration file. It is used to check compatibility.
-* `default` is reserved to define the default [option preset](#lprt) name used for known plugins.
+- `default` is reserved to define the default [option preset](#lprt) name used for known plugins.
 
 The user may create as many [option presets](#lprt) as needed. For instance, a particular [option preset](#lprt) can be created for a particular application instance and contain URL and credentials.
 
@@ -1233,11 +1338,11 @@ Some options are global, some options are available only for some plugins. (the
 
 Options are loaded using this algorithm:
 
-* If option `--no-default` (or `-N`) is specified, then no default value is loaded is loaded for the plugin
-* else it looks for the name of the plugin as key in section `default`, the value is the name of the default [option preset](#lprt) for it, and loads it.
-* If option `--preset=<name or extended value hash>` is specified (or `-Pxxxx`), this reads the [option preset](#lprt) specified from the configuration file, or of the value is a Hash, it uses it as options values.
-* Environment variables are evaluated
-* Command line options are evaluated
+- If option `--no-default` (or `-N`) is specified, then no default value is loaded is loaded for the plugin
+- else it looks for the name of the plugin as key in section `default`, the value is the name of the default [option preset](#lprt) for it, and loads it.
+- If option `--preset=<name or extended value hash>` is specified (or `-Pxxxx`), this reads the [option preset](#lprt) specified from the configuration file, or of the value is a Hash, it uses it as options values.
+- Environment variables are evaluated
+- Command line options are evaluated
 
 Parameters are evaluated in the order of command line.
 
@@ -1286,7 +1391,7 @@ ascli shares repo browse / --url=https://10.25.0.6 --username=john --password=_p
 
 This can also be provisioned in a config file:
 
-* Build [option preset](#lprt)
+- Build [option preset](#lprt)
 
 ```bash
 ascli config preset set shares06 url https://10.25.0.6
@@ -1306,19 +1411,19 @@ or
 ascli config preset update shares06 --url=https://10.25.0.6 --username=john --password=_pass_here_
 ```
 
-* Define this [option preset](#lprt) as the default [option preset](#lprt) for the specified plugin (`shares`)
+- Define this [option preset](#lprt) as the default [option preset](#lprt) for the specified plugin (`shares`)
 
 ```bash
 ascli config preset set default shares shares06
 ```
 
-* Display the content of configuration file in table format
+- Display the content of configuration file in table format
 
 ```bash
 ascli config overview
 ```
 
-* Execute a command on the shares application using default parameters
+- Execute a command on the shares application using default parameters
 
 ```bash
 ascli shares repo browse /
@@ -1326,67 +1431,86 @@ ascli shares repo browse /
 
 ### <a id="vault"></a>Secret Vault
 
-When a secret or password is needed, it is possible to store in the secret vault.
+Password and secrets are command options.
+They can be provided on command line, env vars, files etc.
+A more secure option is to retrieve values from a secret vault.
 
-By default the vault is defined using option `secrets`, which can be stored in the configuration file.
+The vault is used with options `vault` and `vault_password`.
 
-#### Using system keychain
+`vault` defines the vault to be used and shall be a Hash, example:
 
-Only on macOS.
+```json
+{"type":"system","name":"ascli"}
+```
 
-It is possible to store secrets in macOS keychain (only read supported currently).
+`vault_password` specifies the password for the vault.
+Although it can be specified on command line, for security reason you can hide the value.
+For example it can be securely specified on command line like this:
 
-Set option `secrets` to value `system` to use the default keychain or use value `system:[name]` to use a custom keychain.
+```bash
+export ASCLI_VAULT_PASSWORD
+read -s ASCLI_VAULT_PASSWORD
+```
 
-#### Modern config file format: encrypted in config file
+#### Vault: System keychain
 
-It is possible to store and use secrets encrypted.
-For this use the `config vault` command.
+> **Note:** **macOS only**
 
-The vault can be initialized with `config vault init`
+It is possible to manage secrets in macOS keychain (only read supported currently).
 
-Then secrets can be manipulated using commands:
+```json
+--vault=@json:'{"type":"system","name":"ascli"}'
+```
 
-* `set`
-* `get`
-* `list`
-* `delete`
+#### Vault: Encrypted file
 
-Secrets must be uniquely identified by `url` and `username`. An optional description can be provided using option `value`.
+It is possible to store and use secrets encrypted in a file.
 
-#### Legacy config file format
+```json
+--vault=@json:'{"type":"file","name":"vault.bin"}'
+```
+
+`name` is the file path, absolute or relative to the config folder `ASCLI_HOME`.
 
-THIS FORMAT WILL BE DEPRECATED
+#### Vault: Operations
 
-The value provided can be a Hash, where keys are usernames (or access key id), and values are the associated password or secrets in clear.
+For this use the `config vault` command.
+
+Then secrets can be manipulated using commands:
 
-For example, choose a repository name, for example `my_secrets`, and populate it like this:
+- `create`
+- `show`
+- `list`
+- `delete`
 
 ```bash
-ascli conf id my_secrets set 'access_key1' 'secret1'
+ascli conf vault create mylabel @json:'{"password":"__value_here__","description":"for this account"}'
+```
 
-ascli conf id my_secrets set 'access_key2' 'secret2'
+#### <a id="config_finder"></a>Configuration Finder
 
-ascli conf id default get config
+When a secret is needed by a sub command, the command can search for existing configurations in the config file.
 
-cli_default
-```
+The lookup is done by comparing the service URL and username (or access key).
+
+#### Securing passwords and secrets
 
-Here above, one has already set a `config` global preset to preset `cli_default` (refer to earlier in documentation).
-So the repository can be read by default like this (note the prefix `@val:` to avoid the evaluation of prefix `@preset:`):
+A passwords can be saved in clear in a [option preset](#lprt) together with other account information (URL, username, etc...).
+Example:
 
 ```bash
-ascli conf id cli_default set secrets @val:@preset:my_secrets
+`ascli` conf preset update myconf --url=... --username=... --password=...
 ```
 
-A secret repository can always be selected at runtime using `--secrets=@preset:xxxx`, or `--secrets=@json:'{"accesskey1":"secret1"}'`
-
-To test if a secret can be found use:
+For a more secure storage one can do:
 
 ```bash
-ascli conf vault get --username=access_key1
+`ascli` conf preset update myconf --url=... --username=... --password=@val:@vault:myconf.password
+`ascli` conf vault create myconf @json:'{"password":"__value_here__"}'
 ```
 
+> **Note:** use `@val:` in front of `@vault:` so that the extended value is not evaluated.
+
 ### <a id="private_key"></a>Private Key
 
 Some applications allow the user to be authenticated using a private key (Server, AoC, Faspex5, ...).
@@ -1397,15 +1521,17 @@ The private key can be protected by a passphrase or not.
 If the key is protected by a passphrase, then it will be prompted.
 (some plugins support option `passphrase`)
 
-Several methods can be used to generate a key pair:
-
-The following commands use this variable:
+The following commands use the shell variable `PRIVKEYFILE`.
+Set it to the desired safe location of the private key.
+Typically, in `$HOME/.ssh` or `$HOME/.aspera/ascli`:
 
 ```bash
 PRIVKEYFILE=~/.aspera/ascli/my_private_key
 ```
 
-* `ascli`
+Several methods can be used to generate a key pair:
+
+- `ascli`
 
 The generated key is of type RSA, by default: 4096 bit.
 For convenience, the public key is also extracted with extension `.pub`.
@@ -1415,23 +1541,30 @@ The key is not passphrase protected.
 ascli config genkey ${PRIVKEYFILE} 4096
 ```
 
-* `ssh-keygen`
+- `ssh-keygen`
 
 Both private and public keys are generated, option `-N` is for passphrase.
 
 ```bash
-ssh-keygen -t rsa -b 4096 -N '' -f ${PRIVKEYFILE}
+ssh-keygen -t rsa -b 4096 -m PEM -N '' -f ${PRIVKEYFILE}
 ```
 
-* `openssl`
+- `openssl`
 
-openssl is sometimes compiled to support option `-nodes` (no DES, i.e. no passphrase, e.g. on macOS).
-To generate a private key pair without passphrase the following can be used on any system:
+To generate a private key pair with a passphrase the following can be used on any system:
 
 ```bash
-openssl genrsa -passout pass:dummypassword -out ${PRIVKEYFILE}.protected 4096
-openssl rsa -passin pass:dummypassword -in ${PRIVKEYFILE}.protected -out ${PRIVKEYFILE}
+openssl genrsa -passout pass:_passphrase_here_ -out ${PRIVKEYFILE}.protected 4096
 openssl rsa -pubout -in ${PRIVKEYFILE} -out ${PRIVKEYFILE}.pub
+```
+
+`openssl` is sometimes compiled to support option `-nodes` (no DES, i.e. no passphrase, e.g. on macOS).
+In that case, add option `-nodes` instead of `-passout pass:_passphrase_here_` to generate a key without passphrase.
+
+If option `-nodes` is not available, the passphrase can be removed using this method:
+
+```bash
+openssl rsa -passin pass:_passphrase_here_ -in ${PRIVKEYFILE}.protected -out ${PRIVKEYFILE}
 rm -f ${PRIVKEYFILE}.protected
 ```
 
@@ -1505,9 +1638,9 @@ REST APIs of Aspera legacy applications (Aspera Node, Faspex, Shares, Console, O
 
 Those are using options:
 
-* url
-* username
-* password
+- url
+- username
+- password
 
 Those can be provided using command line, parameter set, env var, see section above.
 
@@ -1528,17 +1661,17 @@ Available loggers: `stdout`, `stderr`, `syslog`.
 
 Available levels: `debug`, `info`, `warn`, `error`.
 
-Note that when using the `direct` agent (`ascp`), additional transfer logs can be activated using `ascp` option `EX_ascp_args`, see [`direct`](#agt_direct).
+> **Note:** When using the `direct` agent (`ascp`), additional transfer logs can be activated using `ascp` option `EX_ascp_args`, see [`direct`](#agt_direct).
 
 Examples:
 
-* display debugging log on `stdout`:
+- display debugging log on `stdout`:
 
 ```bash
 ascli conf over --log-level=debug --logger=stdout
 ```
 
-* log errors to `syslog`:
+- log errors to `syslog`:
 
 ```bash
 ascli conf over --log-level=error --logger=syslog
@@ -1582,76 +1715,100 @@ ascli aoc admin res package list --http-options=@json:'{"read_timeout":10.0}'
 
 Some actions may require the use of a graphical tool:
 
-* a browser for Aspera on Cloud authentication (web auth method)
-* a text editor for configuration file edition
+- a browser for Aspera on Cloud authentication (web auth method)
+- a text editor for configuration file edition
 
 By default the CLI will assume that a graphical environment is available on windows, and on other systems, rely on the presence of the "DISPLAY" environment variable.
 It is also possible to force the graphical mode with option --ui :
 
-* `--ui=graphical` forces a graphical environment, a browser will be opened for URLs or a text editor for file edition.
-* `--ui=text` forces a text environment, the URL or file path to open is displayed on terminal.
+- `--ui=graphical` forces a graphical environment, a browser will be opened for URLs or a text editor for file edition.
+- `--ui=text` forces a text environment, the URL or file path to open is displayed on terminal.
 
 ### Proxy
 
-There are several types of network connections, each of them use a different mechanism to define a *proxy*.
+There are several types of network connections, each of them use a different mechanism to define a (forward) **proxy**:
 
-#### HTTP proxy for REST calls and transfers using HTTP gateway
-
-To specify a HTTP proxy when ruby HTTP is used, set the `http_proxy` environment variable (lower case, preferred, or upper case).
-See [Ruby findproxy](https://rubyapi.org/3.0/o/uri/generic#method-i-find_proxy).
-
-```bash
-export http_proxy=http://myproxy.org.net:3128
-```
+- Ruby HTTP: REST and HTTPGW client
+- Legacy Aspera HTTP/S Fallback
+- Aspera FASP
 
-Note that ruby expects a URL and `myproxy.org.net:3128` alone is not accepted.
+Refer to the following sections.
 
-#### FASP proxy (forward) for transfers
+### Proxy for REST and HTTPGW
 
-To specify a FASP proxy (forward), set the [*transfer-spec*](#transferspec) parameter: `EX_fasp_proxy_url` (only supported with the `direct` agent).
+There are two possibilities to define an HTTP proxy to be used when Ruby HTTP is used.
 
-#### HTTP proxy legacy Aspera HTTP fallback transfers
+The `http_proxy` environment variable (**lower case**, preferred) can be set to the URL of the proxy, e.g. `http://myproxy.org.net:3128`.
+Refer to [Ruby findproxy](https://rubyapi.org/3.0/o/uri/generic#method-i-find_proxy).
 
-To specify a proxy for legacy HTTP fallback, set the [*transfer-spec*](#transferspec) parameter: `EX_http_proxy_url` (only supported with the `direct` agent).
-(It is also possible to use `EX_ascp_args` and native options in `direct`)
+> **Note:** Ruby expects a URL and `myproxy.org.net:3128` alone is **not** accepted.
 
-#### Proxy auto config
+```bash
+export http_proxy=http://proxy.example.com:3128
+```
 
-The `fpac` option allows use of a [Proxy Auto Configuration (PAC)](https://en.wikipedia.org/wiki/Proxy_auto-config) script defined as javascript value.
-To read the script from a URL (`http:`, `https:` and `file:`), use: `@uri:`.
-A minimal script can be specified, for example like this, to define the use of a local proxy:
+The `fpac` option (function for proxy auto config) can be set to a [Proxy Auto Configuration (PAC)](https://en.wikipedia.org/wiki/Proxy_auto-config) javascript value.
+To read the script from a URL (`http:`, `https:` and `file:`), use prefix: `@uri:`.
+A minimal script can be specified to define the use of a local proxy:
 
 ```bash
-export ASCLI_FPAC='function FindProxyForURL(url, host){return "PROXY localhost:3128"}'
+ascli --fpac='function FindProxyForURL(url, host){return "PROXY localhost:3128"}' ...
 ```
 
-The PAC file will be used for any HTTP/HTTPS/REST connection, but not other (e.g. FASP, HTTP fallback, HTTPGW)
-
-The PAC file can be tested with command: `config proxy_check`. Example, using command line option:
+The result of a PAC file can be tested with command: `config proxy_check`.
+Example, using command line option:
 
 ```bash
-ascli conf proxy_check --fpac='function FindProxyForURL(url, host) {return "PROXY proxy.example.com:1234;DIRECT";}' http://example.com
+ascli conf proxy_check --fpac='function FindProxyForURL(url, host) {return "PROXY proxy.example.com:3128;DIRECT";}' http://example.com
+```
+
+```text
 PROXY proxy.example.com:1234;DIRECT
 ```
 
 ```bash
 ascli config proxy_check --fpac=@file:./proxy.pac http://www.example.com
+```
+
+```text
 PROXY proxy.example.com:8080
 ```
 
 ```bash
 ascli config proxy_check --fpac=@uri:http://server/proxy.pac http://www.example.com
+```
+
+```text
 PROXY proxy.example.com:8080
 ```
 
+If the proxy requires credentials, then use option `proxy_credentials` with username and password provided as an `Array`:
+
+```bash
+ascli --proxy-credentials=@json:'["__username_here__","__password_here__"]' ...
+```
+
+```bash
+ascli --proxy-credentials=@list::__username_here__:__password_here__ ...
+```
+
+### Proxy for Legacy Aspera HTTP/S Fallback
+
+To specify a proxy for legacy HTTP fallback, set the [*transfer-spec*](#transferspec) parameter: `EX_http_proxy_url` (only supported with the `direct` agent).
+(It is also possible to use `EX_ascp_args` and native options in `direct`)
+
+### FASP proxy (forward) for transfers
+
+To specify a FASP proxy (forward), set the [*transfer-spec*](#transferspec) parameter: `EX_fasp_proxy_url` (only supported with the `direct` agent).
+
 ### <a id="client"></a>FASP configuration
 
 The `config` plugin also allows specification for the use of a local FASP client. It provides the following commands for `ascp` subcommand:
 
-* `show` : shows the path of ascp used
-* `use` : list,download connect client versions available on internet
-* `products` : list Aspera transfer products available locally
-* `connect` : list,download connect client versions available on internet
+- `show` : shows the path of `ascp` used
+- `use` : list,download connect client versions available on internet
+- `products` : list Aspera transfer products available locally
+- `connect` : list,download connect client versions available on internet
 
 #### Show path of currently used `ascp`
 
@@ -1677,9 +1834,9 @@ ascli config ascp info
 
 #### Selection of `ascp` location for [`direct`](#agt_direct) agent
 
-By default, `ascli` uses any found local product with ascp, including SDK.
+By default, `ascli` uses any found local product with `ascp`, including SDK.
 
-To temporarily use an alternate ascp path use option `ascp_path` (`--ascp-path=`)
+To temporarily use an alternate `ascp` path use option `ascp_path` (`--ascp-path=`)
 
 For a permanent change, the command `config ascp use` sets the same parameter for the global default.
 
@@ -1730,11 +1887,11 @@ ascli config ascp products list
 
 #### Selection of local client for `ascp` for [`direct`](#agt_direct) agent
 
-If no ascp is selected, this is equivalent to using option: `--use-product=FIRST`.
+If no `ascp` is selected, this is equivalent to using option: `--use-product=FIRST`.
 
-Using the option use_product finds the ascp binary of the selected product.
+Using the option use_product finds the `ascp` binary of the selected product.
 
-To permanently use the ascp of a product:
+To permanently use the `ascp` of a product:
 
 ```bash
 ascli config ascp products use 'Aspera Connect'
@@ -1780,7 +1937,7 @@ ascli config ascp connect version 'Aspera Connect for Mac Intel' download enclos
 ```
 
 ```output
-Time: 00:00:02 ======================================================================= 100% 27766 KB/sec Time: 00:00:02
+Time: 00:00:02 =========================================================== 100% 27766 KB/sec Time: 00:00:02
 Downloaded: IBMAsperaConnectInstaller-3.11.2.63.dmg
 ```
 
@@ -1793,21 +1950,21 @@ This [*transfer-spec*](#transferspec) will be executed by a transfer client, her
 
 There are currently 3 agents:
 
-* [`direct`](#agt_direct) : a local execution of `ascp`
-* [`connect`](#agt_connect) : use of a local Connect Client
-* [`node`](#agt_node) : use of an Aspera Transfer Node (potentially *remote*).
-* [`httpgw`](#agt_httpgw) : use of an Aspera HTTP Gateway
-* [`trsdk`](#agt_trsdk) : use of Aspera Transfer SDK
+- [`direct`](#agt_direct) : a local execution of `ascp`
+- [`connect`](#agt_connect) : use of a local Connect Client
+- [`node`](#agt_node) : use of an Aspera Transfer Node (potentially *remote*).
+- [`httpgw`](#agt_httpgw) : use of an Aspera HTTP Gateway
+- [`trsdk`](#agt_trsdk) : use of Aspera Transfer SDK
 
-Note that all transfer operation are seen from the point of view of the agent.
-For instance, a node agent making an "upload", or "package send" operation,
+> **Note:** All transfer operations are seen from the point of view of the agent.
+For example, a node agent executing an "upload", or "package send" operation
 will effectively push files to the related server from the agent node.
 
-`ascli` standardizes on the use of a [*transfer-spec*](#transferspec) instead of *raw* ascp options to provide parameters for a transfer session, as a common method for those three Transfer Agents.
+`ascli` standardizes on the use of a [*transfer-spec*](#transferspec) instead of *native* `ascp` options to provide parameters for a transfer session, as a common method for those three Transfer Agents.
 
 #### <a id="agt_direct"></a>Direct
 
-The `direct` agent directly executes a local ascp.
+The `direct` agent directly executes a local `ascp`.
 This is the default agent for `ascli`.
 This is equivalent to option `--transfer=direct`.
 `ascli` will detect locally installed Aspera products, including SDK, and use `ascp` from that component.
@@ -1815,18 +1972,17 @@ Refer to section [FASP](#client).
 
 The `transfer_info` option accepts the following optional parameters to control multi-session, Web Socket Session and Resume policy:
 
-<table>
-<tr><th>Name</th><th>Type</th><th>Description</th></tr>
-<tr><td>wss</td><td>Bool</td><td>Web Socket Session<br/>Enable use of web socket session in case it is available<br/>Default: false</td></tr>
-<tr><td>spawn_timeout_sec</td><td>Float</td><td>Multi session<br/>Verification time that ascp is running<br/>Default: 3</td></tr>
-<tr><td>spawn_delay_sec</td><td>Float</td><td>Multi session<br/>Delay between startup of sessions<br/>Default: 2</td></tr>
-<tr><td>multi_incr_udp</td><td>Bool</td><td>Multi Session<br/>Increment UDP port on multi-session<br/>If true, each session will have a different UDP port starting at `fasp_port` (or default 33001)<br/>Else, each session will use `fasp_port` (or `ascp` default)<br/>Default: true</td></tr>
-<tr><td>resume</td><td>Hash</td><td>Resume<br/>parameters<br/>See below</td></tr>
-<tr><td>resume.iter_max</td><td>int</td><td>Resume<br/>Max number of retry on error<br/>Default: 7</td></tr>
-<tr><td>resume.sleep_initial</td><td>int</td><td>Resume<br/>First Sleep before retry<br/>Default: 2</td></tr>
-<tr><td>resume.sleep_factor</td><td>int</td><td>Resume<br/>Multiplier of sleep period between attempts<br/>Default: 2</td></tr>
-<tr><td>resume.sleep_max</td><td>int</td><td>Resume<br/>Default: 60</td></tr>
-</table>
+| Name                 | Type  | Description |
+|----------------------|-------|-------------|
+| wss                  | Bool  | Web Socket Session<br/>Enable use of web socket session in case it is available<br/>Default: true |
+| spawn_timeout_sec    | Float | Multi session<br/>Verification time that `ascp` is running<br/>Default: 3 |
+| spawn_delay_sec      | Float | Multi session<br/>Delay between startup of sessions<br/>Default: 2 |
+| multi_incr_udp       | Bool  | Multi Session<br/>Increment UDP port on multi-session<br/>If true, each session will have a different UDP port starting at `fasp_port` (or default 33001)<br/>Else, each session will use `fasp_port` (or `ascp` default)<br/>Default: true |
+| resume               | Hash  | Resume<br/>parameters<br/>See below |
+| resume.iter_max      | int   | Resume<br/>Max number of retry on error<br/>Default: 7 |
+| resume.sleep_initial | int   | Resume<br/>First Sleep before retry<br/>Default: 2 |
+| resume.sleep_factor  | int   | Resume<br/>Multiplier of sleep period between attempts<br/>Default: 2 |
+| resume.sleep_max     | int   | Resume<br/>Default: 60 |
 
 In case of transfer interruption, the agent will **resume** a transfer up to `iter_max` time.
 Sleep between iterations is:
@@ -1849,35 +2005,46 @@ ascli ... --transfer-info=@json:'{"wss":true,"resume":{"iter_max":20}}'
 ascli ... --transfer-info=@json:'{"spawn_delay_sec":2.5,"multi_incr_udp":false}'
 ```
 
-Note that the `direct` agent supports additional `transfer_spec` parameters starting with `EX_` (extended).
+> **Note:** The `direct` agent supports additional `transfer_spec` parameters starting with `EX_` (extended).
 In particular the field, `EX_ascp_args` which is a list of additional command line options to `ascp`.
 
-This can be useful to activate logging using option `-L` of ascp.
+This can be useful to activate logging using option `-L` of `ascp`.
 For example the option `--ts=@json:'{"EX_ascp_args":["-DDL-"]}'` will activate debug level 2 for `ascp` (`DD`), and display those logs on the terminal (`-`).
 This is useful if the transfer fails.
-To store ascp logs in file `aspera-scp-transfer.log` in a folder, use `--ts=@json:'{"EX_ascp_args":["-L","/path/to/folder"]}'`.
+To store `ascp` logs in file `aspera-scp-transfer.log` in a folder, use `--ts=@json:'{"EX_ascp_args":["-L","/path/to/folder"]}'`.
 
-> Implementation note: when transfer agent [`direct`](#agt_direct) is used, the list of files to transfer is provided to `ascp` using either `--file-list` or `--file-pair-list` and a file list (or pair) file generated in a temporary folder. (unless `--file-list` or `--file-pair-list` is provided in option `ts` in `EX_ascp_args`).
+> **Note:** Implementation note: when transfer agent [`direct`](#agt_direct) is used, the list of files to transfer is provided to `ascp` using either `--file-list` or `--file-pair-list` and a file list (or pair) file generated in a temporary folder. (unless `--file-list` or `--file-pair-list` is provided in option `ts` in `EX_ascp_args`).
 
 In addition to standard methods described in section [File List](#file_list), it is possible to specify the list of file using those additional methods:
 
-* Using the pseudo [*transfer-spec*](#transferspec) parameter `EX_file_list`
+- Using the pseudo [*transfer-spec*](#transferspec) parameter `EX_file_list`
 
 ```javascript
 --sources=@ts --ts=@json:'{"EX_file_list":"filelist.txt"}'
 ```
 
-* Using the pseudo [*transfer-spec*](#transferspec) parameter `EX_ascp_args`
+- Using the pseudo [*transfer-spec*](#transferspec) parameter `EX_ascp_args`
 
 ```javascript
 --sources=@ts --ts=@json:'{"EX_ascp_args":["--file-list","myfilelist"]}'
 ```
 
-> File lists is shown here, there are also similar options for file pair lists.
+> **Note:** File lists is shown here, there are also similar options for file pair lists.
+>
+> **Note:** Those 2 additional methods avoid the creation of a copy of the file list: if the standard options `--sources=@lines:@file:... --src-type=...` are used, then the file is list read and parsed, and a new file list is created in a temporary folder.
+>
+> **Note:** Those methods have limitations: they apply **only** to the [`direct`](#agt_direct) transfer agent (i.e. local `ascp`) and not for Aspera on Cloud.
 
-> Those 2 additional methods avoid the creation of a copy of the file list: if the standard options `--sources=@lines:@file:... --src-type=...` are used, then the file is list read and parsed, and a new file list is created in a temporary folder.
+In addition to special transfer spec parameter `EX_ascp_args`, it is possible to provide the same `ascp` options using option `ascp_opts` of `ascli`.
+This option expects an `Array`, which can be conveniently provided with extended syntax `@list:`
 
-> Those methods have limitations: they apply **only** to the [`direct`](#agt_direct) transfer agent (i.e. local `ascp`) and not for Aspera on Cloud.
+```bash
+ascli server download /aspera-test-dir-large/200MB --ascp-opts=@list:' -l 10m -k 3'
+```
+
+> **Note:** Using `@list:`, the use of quotes and leading character "space" here is important: The `@list:` expects a single string which must not be parsed by the shell (so protected with quotes) and the leading space is the separator character.
+>
+> **Note:** The option `ascp_opts` are appended to `EX_ascp_args` if present.
 
 #### <a id="agt_connect"></a>IBM Aspera Connect Client GUI
 
@@ -1889,13 +2056,12 @@ By specifying option: `--transfer=node`, the CLI will start transfers in an Aspe
 Transfer Server using the Node API, either on a local or remote node.
 Parameters provided in option `transfer_info` are:
 
-<table>
-<tr><th>Name</th><th>Type</th><th>Description</th></tr>
-<tr><td>url</td><td>string</td><td>URL of the node API</br>Mandatory</td></tr>
-<tr><td>username</td><td>string</td><td>node api user or access key</br>Mandatory</td></tr>
-<tr><td>password</td><td>string</td><td>password, secret or bearer token</br>Mandatory</td></tr>
-<tr><td>root_id</td><td>string</td><td>password or secret</br>Mandatory only for bearer token</td></tr>
-</table>
+| Name | Type | Description |
+|------|------|-------------|
+| url | string | URL of the node API</br>Mandatory |
+| username | string | node api user or access key</br>Mandatory |
+| password | string | password, secret or bearer token</br>Mandatory |
+| root_id | string | password or secret</br>Mandatory only for bearer token |
 
 Like any other option, `transfer_info` can get its value from a pre-configured [option preset](#lprt) :
 `--transfer-info=@preset:<psetname>` or be specified using the extended value syntax :
@@ -1907,7 +2073,15 @@ If the `password` value begins with `Bearer` then the `username` is expected to
 
 #### <a id="agt_httpgw"></a>HTTP Gateway
 
-If it possible to send using a HTTP gateway, in case FASP is not allowed. `transfer_info` shall have a single mandatory parameter: `url`.
+If it possible to send using a HTTP gateway, in case FASP is not allowed.
+
+Parameters provided in option `transfer_info` are:
+
+| Name | Type | Description |
+|------|------|-------------|
+| url | string | URL of the HTTP GW</br>Mandatory |
+| upload_bar_refresh_sec | float | Refresh rate for upload progress bar |
+| upload_chunksize | int | Size in bytes of chunks for upload |
 
 Example:
 
@@ -1915,7 +2089,7 @@ Example:
 ascli faspex package recv --id=323 --transfer=httpgw --transfer-info=@json:'{"url":"https://asperagw.example.com:9443/aspera/http-gwy/v1"}'
 ```
 
-Note that the gateway only supports transfers authorized with a token.
+> **Note:** The gateway only supports transfers authorized with a token.
 
 #### <a id="agt_trsdk"></a>Transfer SDK
 
@@ -1923,7 +2097,8 @@ Another possibility is to use the Transfer SDK daemon (asperatransferd).
 
 By default it will listen on local port `55002` on `127.0.0.1`.
 
-The gem `grpc` was removed from dependencies, as it requires compilation of a native part. So, to use the Transfer SDK you should install this gem:
+The gem `grpc` was removed from dependencies, as it requires compilation of a native part.
+So, to use the Transfer SDK you should install this gem:
 
 ```bash
 gem install grpc
@@ -1931,9 +2106,9 @@ gem install grpc
 
 On Windows the compilation may fail for various reasons (3.1.1):
 
-* `cannot find -lx64-ucrt-ruby310`
+- `cannot find -lx64-ucrt-ruby310`
    &rarr; copy the file `[Ruby main dir]\lib\libx64-ucrt-ruby310.dll.a` to `[Ruby main dir]\lib\libx64-ucrt-ruby310.a` (remove the dll extension)
-* `conflicting types for 'gettimeofday'`
+- `conflicting types for 'gettimeofday'`
   &rarr; edit the file `[Ruby main dir]/include/ruby-[version]/ruby/win32.h` and change the signature of `gettimeofday` to `gettimeofday(struct timeval *, void *)` ,i.e. change `struct timezone` to `void`
 
 ### <a id="transferspec"></a>Transfer Specification
@@ -1941,22 +2116,22 @@ On Windows the compilation may fail for various reasons (3.1.1):
 Some commands lead to file transfer (upload/download), all parameters necessary for this transfer
 is described in a [*transfer-spec*](#transferspec) (Transfer Specification), such as:
 
-* server address
-* transfer user name
-* credentials
-* file list
-* etc...
+- server address
+- transfer user name
+- credentials
+- file list
+- etc...
 
 `ascli` builds a default [*transfer-spec*](#transferspec) internally, so it is not necessary to provide additional parameters on the command line for this transfer.
 
 If needed, it is possible to modify or add any of the supported [*transfer-spec*](#transferspec) parameter using the `ts` option. The `ts` option accepts a [Structured Value](#native) containing one or several [*transfer-spec*](#transferspec) parameters. Multiple `ts` options on command line are cumulative.
 
-It is possible to specify ascp options when the `transfer` option is set to [`direct`](#agt_direct) using the special [*transfer-spec*](#transferspec) parameter: `EX_ascp_args`. Example: `--ts=@json:'{"EX_ascp_args":["-l","100m"]}'`. This is especially useful for ascp command line parameters not supported yet in the transfer spec.
+It is possible to specify `ascp` options when the `transfer` option is set to [`direct`](#agt_direct) using the special [*transfer-spec*](#transferspec) parameter: `EX_ascp_args`. Example: `--ts=@json:'{"EX_ascp_args":["-l","100m"]}'`. This is especially useful for `ascp` command line parameters not supported yet in the transfer spec.
 
 The use of a [*transfer-spec*](#transferspec) instead of `ascp` parameters has the advantage of:
 
-* common to all [Transfer Agent](#agents)
-* not dependent on command line limitations (special characters...)
+- common to all [Transfer Agent](#agents)
+- not dependent on command line limitations (special characters...)
 
 A [*transfer-spec*](#transferspec) is a Hash table, so it is described on the command line with the [Extended Value Syntax](#extended).
 
@@ -1967,9 +2142,9 @@ All standard [*transfer-spec*](#transferspec) parameters can be specified.
 
 References:
 
-* [Aspera Node API Documentation](https://developer.ibm.com/apis/catalog?search=%22aspera%20node%20api%22)&rarr;/opt/transfers
-* [Aspera Transfer SDK Documentation](https://developer.ibm.com/apis/catalog?search=%22aspera%20transfer%20sdk%22)&rarr;Guides&rarr;API Ref&rarr;Transfer Spec V1
-* [Aspera Connect SDK](https://d3gcli72yxqn2z.cloudfront.net/connect/v4/asperaweb-4.js) &rarr; search `The parameters for starting a transfer.`
+- [Aspera Node API Documentation](https://developer.ibm.com/apis/catalog?search=%22aspera%20node%20api%22) &rarr; /opt/transfers
+- [Aspera Transfer SDK Documentation](https://developer.ibm.com/apis/catalog?search=%22aspera%20transfer%20sdk%22) &rarr; Guides &rarr; API Ref &rarr; Transfer Spec V1
+- [Aspera Connect SDK](https://d3gcli72yxqn2z.cloudfront.net/connect/v4/asperaweb-4.js) &rarr; search `The parameters for starting a transfer.`
 
 Parameters can be displayed with commands:
 
@@ -1980,106 +2155,106 @@ ascli config ascp spec --select=@json:'{"d":"Y"}' --fields=-d,n,c
 
 Columns:
 
-* D=Direct (local `ascp` execution)
-* N=Node API
-* C=Connect Client
+- D=Direct (local `ascp` execution)
+- N=Node API
+- C=Connect Client
 
 `ascp` argument or environment variable is provided in description.
 
 Fields with EX_ prefix are extensions to transfer agent [`direct`](#agt_direct). (only in `ascli`).
 
-<table><tr><th>Field</th><th>Type</th><th>D</th><th>N</th><th>C</th><th>Description</th></tr>
-<tr><td>EX_ascp_args</td><td>array</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Add native command line arguments to ascp</td></tr>
-<tr><td>EX_at_rest_password</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>DEPRECATED: Prefer to use standard parameter: content_protection_password<br/>(env:ASPERA_SCP_FILEPASS)</td></tr>
-<tr><td>EX_file_list</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>source file list</td></tr>
-<tr><td>EX_file_pair_list</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>source file pair list</td></tr>
-<tr><td>EX_http_proxy_url</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Specify the proxy server address used by HTTP Fallback<br/>(-x)</td></tr>
-<tr><td>EX_http_transfer_jpeg</td><td>int</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>HTTP transfers as JPEG file<br/>(-j)</td></tr>
-<tr><td>EX_license_text</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>License file text override.<br/>By default ascp looks for license file near executable.<br/>(env:ASPERA_SCP_LICENSE)</td></tr>
-<tr><td>EX_no_read</td><td>bool</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>no read source<br/>(--no-read)</td></tr>
-<tr><td>EX_no_write</td><td>bool</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>no write on destination<br/>(--no-write)</td></tr>
-<tr><td>EX_proxy_password</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Password used for Aspera proxy server authentication.<br/>May be overridden by password in URL EX_fasp_proxy_url.<br/>(env:ASPERA_PROXY_PASS)</td></tr>
-<tr><td>EX_ssh_key_paths</td><td>array</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Use public key authentication for SSH and specify the private key file paths<br/>(-i)</td></tr>
-<tr><td>apply_local_docroot</td><td>bool</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>(--apply-local-docroot)</td></tr>
-<tr><td>authentication</td><td>string</td><td>&nbsp;</td><td>&nbsp;</td><td>Y</td><td>value=token for SSH bypass keys, else password asked if not provided.</td></tr>
-<tr><td>cipher</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>In transit encryption type.<br/>Allowed values: none, aes-128, aes-192, aes-256, aes-128-cfb, aes-192-cfb, aes-256-cfb, aes-128-gcm, aes-192-gcm, aes-256-gcm<br/>(-c)</td></tr>
-<tr><td>cipher_allowed</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>returned by node API. Valid literals include "aes-128" and "none".</td></tr>
-<tr><td>content_protection</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Enable client-side encryption at rest. (CSEAR, content protection)<br/>Allowed values: encrypt, decrypt<br/>(--file-crypt)</td></tr>
-<tr><td>content_protection_password</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies CSEAR password. (content protection)<br/>(env:ASPERA_SCP_FILEPASS)</td></tr>
-<tr><td>cookie</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Metadata for transfer specified by application<br/>(env:ASPERA_SCP_COOKIE)</td></tr>
-<tr><td>create_dir</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies whether to create new directories.<br/>(-d)</td></tr>
-<tr><td>delete_before_transfer</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>Before transfer, delete files that exist at the destination but not at the source.<br/>The source and destination arguments must be directories that have matching names.<br/>Objects on the destination that have the same name but different type or size as objects<br/>on the source are not deleted.<br/>(--delete-before-transfer)</td></tr>
-<tr><td>delete_source</td><td>bool</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>Remove SRC files after transfer success<br/>(--remove-after-transfer)</td></tr>
-<tr><td>destination_root</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Destination root directory.</td></tr>
-<tr><td>dgram_size</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>UDP datagram size in bytes<br/>(-Z)</td></tr>
-<tr><td>direction</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Direction of transfer (on client side)<br/>Allowed values: send, receive<br/>(--mode)</td></tr>
-<tr><td>exclude_newer_than</td><td>int</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>skip src files with mtime > arg<br/>(--exclude-newer-than)</td></tr>
-<tr><td>exclude_older_than</td><td>int</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>skip src files with mtime < arg<br/>(--exclude-older-than)</td></tr>
-<tr><td>fasp_port</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies fasp (UDP) port.<br/>(-O)</td></tr>
-<tr><td>file_checksum</td><td>string</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>Enable checksum reporting for transferred files by specifying the hash to use.<br/>Allowed values: sha-512, sha-384, sha-256, sha1, md5, none</td></tr>
-<tr><td>http_fallback</td><td>bool<br/>string</td><td>Y</td><td>Y</td><td>Y</td><td>When true(1), attempts to perform an HTTP transfer if a FASP transfer cannot be performed.<br/>(-y)</td></tr>
-<tr><td>http_fallback_port</td><td>int</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Specifies http port when no cipher is used<br/>(-t)</td></tr>
-<tr><td>https_fallback_port</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies https port when cipher is used<br/>(-t)</td></tr>
-<tr><td>lock_min_rate</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
-<tr><td>lock_min_rate_kbps</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
-<tr><td>lock_rate_policy</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
-<tr><td>lock_target_rate</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
-<tr><td>lock_target_rate_kbps</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
-<tr><td>min_rate_cap_kbps</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
-<tr><td>min_rate_kbps</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Set the minimum transfer rate in kilobits per second.<br/>(-m)</td></tr>
-<tr><td>move_after_transfer</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>The relative path to which the files will be moved after the transfer at the source side.<br/>(--move-after-transfer)</td></tr>
-<tr><td>multi_session</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Use multi-session transfer. max 128.<br/>Each participant on one host needs an independent UDP (-O) port.<br/>Large files are split between sessions only when transferring with resume_policy=none.<br/></td></tr>
-<tr><td>multi_session_threshold</td><td>int</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>Split files across multiple ascp sessions if their size in bytes is greater than or equal to the specified value.<br/>(0=no file is split)<br/>(--multi-session-threshold)</td></tr>
-<tr><td>overwrite</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Overwrite destination files with the source files of the same name.<br/>Allowed values: never, always, diff, older, diff+older<br/>(--overwrite)</td></tr>
-<tr><td>password</td><td>string</td><td>&nbsp;</td><td>Y</td><td>&nbsp;</td><td>Password for local Windows user when transfer user associated with node api user is not the same as the one running asperanoded.<br/>Allows impersonating the transfer user and have access to resources (e.g. network shares).<br/>Windows only, node api only.</td></tr>
-<tr><td>paths</td><td>array</td><td>Y</td><td>Y</td><td>Y</td><td>Array of path to the source (required) and a path to the destination (optional).</td></tr>
-<tr><td>precalculate_job_size</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies whether to precalculate the job size.<br/>(--precalculate-job-size)</td></tr>
-<tr><td>preserve_access_time</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>(--preserve-access-time)</td></tr>
-<tr><td>preserve_acls</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Preserve access control lists.<br/>Allowed values: none, native, metafile<br/>(--preserve-acls)</td></tr>
-<tr><td>preserve_creation_time</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>(--preserve-creation-time)</td></tr>
-<tr><td>preserve_file_owner_gid</td><td>bool</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Preserve the group ID for a file owner<br/>(--preserve-file-owner-gid)</td></tr>
-<tr><td>preserve_file_owner_uid</td><td>bool</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Preserve the user ID for a file owner<br/>(--preserve-file-owner-uid)</td></tr>
-<tr><td>preserve_modification_time</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>(--preserve-modification-time)</td></tr>
-<tr><td>preserve_remote_acls</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Preserve remote access control lists.<br/>Allowed values: none, native, metafile<br/>(--remote-preserve-acls)</td></tr>
-<tr><td>preserve_source_access_time</td><td>bool</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Preserve the time logged for when the source file was accessed<br/>(--preserve-source-access-time)</td></tr>
-<tr><td>preserve_times</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>(--preserve-times)</td></tr>
-<tr><td>proxy</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Specify the address of the Aspera high-speed proxy server.<br/>dnat(s)://[user[:password]@]server:port<br/>Default ports for DNAT and DNATS protocols are 9091 and 9092.<br/>Password, if specified here, overrides the value of environment variable ASPERA_PROXY_PASS.<br/>(--proxy)</td></tr>
-<tr><td>rate_policy</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>The transfer rate policy to use when sharing bandwidth.<br/>Allowed values: low, fair, high, fixed<br/>(--policy)</td></tr>
-<tr><td>rate_policy_allowed</td><td>string</td><td>&nbsp;</td><td>&nbsp;</td><td>Y</td><td>Specifies most aggressive rate policy that is allowed.<br/>Returned by node API.<br/>Allowed values: low, fair, high, fixed</td></tr>
-<tr><td>remote_host</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>IP or fully qualified domain name of the remote server<br/>(--host)</td></tr>
-<tr><td>remote_password</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>SSH session password<br/>(env:ASPERA_SCP_PASS)</td></tr>
-<tr><td>remote_user</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Remote user. Default value is "xfer" on node or connect.<br/>(--user)</td></tr>
-<tr><td>remove_after_transfer</td><td>bool</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>Remove SRC files after transfer success<br/>(--remove-after-transfer)</td></tr>
-<tr><td>remove_empty_directories</td><td>bool</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>Specifies whether to remove empty directories.<br/>(--remove-empty-directories)</td></tr>
-<tr><td>remove_empty_source_directory</td><td>bool</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Remove empty source subdirectories and remove the source directory itself, if empty<br/>(--remove-empty-source-directory)</td></tr>
-<tr><td>remove_skipped</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>Must also have remove_after_transfer set to true, Defaults to false, if true, skipped files will be removed as well.<br/>(--remove-skipped)</td></tr>
-<tr><td>resume_policy</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>If a transfer is interrupted or fails to finish, resume without re-transferring the whole files.<br/>Allowed values: none, attrs, sparse_csum, full_csum<br/>(-k)</td></tr>
-<tr><td>retry_duration</td><td>string<br/>int</td><td>&nbsp;</td><td>Y</td><td>Y</td><td>Specifies how long to wait before retrying transfer. (e.g. "5min")</td></tr>
-<tr><td>source_root</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Path to be prepended to each source path.<br/>This is either a conventional path or it can be a URI but only if there is no root defined.<br/>(--source-prefix64)</td></tr>
-<tr><td>source_root_id</td><td>string</td><td>&nbsp;</td><td>Y</td><td>&nbsp;</td><td>The file ID of the source root directory. Required when using Bearer token auth for the source node.</td></tr>
-<tr><td>src_base</td><td>string</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>Specify the prefix to be stripped off from each source object.<br/>The remaining portion of the source path is kept intact at the destination.<br/>Special care must be taken when used with cloud storage.<br/>(--src-base64)</td></tr>
-<tr><td>ssh_port</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies SSH (TCP) port. Default: local:22, other:33001<br/>(-P)</td></tr>
-<tr><td>ssh_private_key</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>Private key used for SSH authentication.<br/>Shall look like: -----BEGIN RSA PRIV4TE KEY-----\nMII...<br/>Note the JSON encoding: \n for newlines.<br/>(env:ASPERA_SCP_KEY)</td></tr>
-<tr><td>ssh_private_key_passphrase</td><td>string</td><td>Y</td><td>&nbsp;</td><td>&nbsp;</td><td>The passphrase associated with the transfer user's SSH private key. Available as of 3.7.2.<br/>(env:ASPERA_SCP_PASS)</td></tr>
-<tr><td>sshfp</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Check it against server SSH host key fingerprint<br/>(--check-sshfp)</td></tr>
-<tr><td>symlink_policy</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Handle source side symbolic links<br/>Allowed values: follow, copy, copy+force, skip<br/>(--symbolic-links)</td></tr>
-<tr><td>tags</td><td>hash</td><td>Y</td><td>Y</td><td>Y</td><td>Metadata for transfer as JSON<br/>(--tags64)</td></tr>
-<tr><td>target_rate_cap_kbps</td><td>int</td><td>&nbsp;</td><td>&nbsp;</td><td>Y</td><td>Returned by upload/download_setup node API.</td></tr>
-<tr><td>target_rate_kbps</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>Specifies desired speed for the transfer.<br/>(-l)</td></tr>
-<tr><td>target_rate_percentage</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
-<tr><td>title</td><td>string</td><td>&nbsp;</td><td>Y</td><td>Y</td><td>Title of the transfer</td></tr>
-<tr><td>token</td><td>string</td><td>Y</td><td>Y</td><td>Y</td><td>Authorization token: Bearer, Basic or ATM (Also arg -W)<br/>(env:ASPERA_SCP_TOKEN)</td></tr>
-<tr><td>use_ascp4</td><td>bool</td><td>Y</td><td>Y</td><td>&nbsp;</td><td>specify version of protocol</td></tr>
-<tr><td>wss_enabled</td><td>bool</td><td>Y</td><td>Y</td><td>Y</td><td>&nbsp;</td></tr>
-<tr><td>wss_port</td><td>int</td><td>Y</td><td>Y</td><td>Y</td><td>TCP port used for websocket service feed.</td></tr>
-</table>
+| Field | Type | D | N | C | Description |
+|-------|------|---|---|---|-------------|
+| EX_ascp_args | array | Y | &nbsp; | &nbsp; | Add native command line arguments to ascp |
+| EX_at_rest_password | string | Y | &nbsp; | &nbsp; | DEPRECATED: Prefer to use standard parameter: content_protection_password<br/>(env:ASPERA_SCP_FILEPASS) |
+| EX_file_list | string | Y | &nbsp; | &nbsp; | source file list |
+| EX_file_pair_list | string | Y | &nbsp; | &nbsp; | source file pair list |
+| EX_http_proxy_url | string | Y | &nbsp; | &nbsp; | Specify the proxy server address used by HTTP Fallback<br/>(-x {string}) |
+| EX_http_transfer_jpeg | int | Y | &nbsp; | &nbsp; | HTTP transfers as JPEG file<br/>(-j {int}) |
+| EX_license_text | string | Y | &nbsp; | &nbsp; | License file text override.<br/>By default ascp looks for license file near executable.<br/>(env:ASPERA_SCP_LICENSE) |
+| EX_no_read | bool | Y | &nbsp; | &nbsp; | no read source<br/>(--no-read) |
+| EX_no_write | bool | Y | &nbsp; | &nbsp; | no write on destination<br/>(--no-write) |
+| EX_proxy_password | string | Y | &nbsp; | &nbsp; | Password used for Aspera proxy server authentication.<br/>May be overridden by password in URL EX_fasp_proxy_url.<br/>(env:ASPERA_PROXY_PASS) |
+| EX_ssh_key_paths | array | Y | &nbsp; | &nbsp; | Use public key authentication for SSH and specify the private key file paths<br/>(-i {array}) |
+| apply_local_docroot | bool | Y | &nbsp; | &nbsp; | (--apply-local-docroot) |
+| authentication | string | &nbsp; | &nbsp; | Y | value=token for SSH bypass keys, else password asked if not provided. |
+| cipher | string | Y | Y | Y | In transit encryption type.<br/>Allowed values: none, aes-128, aes-192, aes-256, aes-128-cfb, aes-192-cfb, aes-256-cfb, aes-128-gcm, aes-192-gcm, aes-256-gcm<br/>(-c (conversion){enum}) |
+| cipher_allowed | string | Y | Y | Y | returned by node API. Valid literals include "aes-128" and "none". |
+| content_protection | string | Y | Y | Y | Enable client-side encryption at rest. (CSEAR, content protection)<br/>Allowed values: encrypt, decrypt<br/>(--file-crypt {enum}) |
+| content_protection_password | string | Y | Y | Y | Specifies CSEAR password. (content protection)<br/>(env:ASPERA_SCP_FILEPASS) |
+| cookie | string | Y | Y | Y | Metadata for transfer specified by application<br/>(env:ASPERA_SCP_COOKIE) |
+| create_dir | bool | Y | Y | Y | Specifies whether to create new directories.<br/>(-d) |
+| delete_before_transfer | bool | Y | Y | Y | Before transfer, delete files that exist at the destination but not at the source.<br/>The source and destination arguments must be directories that have matching names.<br/>Objects on the destination that have the same name but different type or size as objects<br/>on the source are not deleted.<br/>(--delete-before-transfer) |
+| delete_source | bool | Y | Y | &nbsp; | Remove SRC files after transfer success<br/>(--remove-after-transfer) |
+| destination_root | string | Y | Y | Y | Destination root directory. |
+| dgram_size | int | Y | Y | Y | UDP datagram size in bytes<br/>(-Z {int}) |
+| direction | string | Y | Y | Y | Direction of transfer (on client side)<br/>Allowed values: send, receive<br/>(--mode (conversion){enum}) |
+| exclude_newer_than | int | Y | &nbsp; | &nbsp; | skip src files with mtime > arg<br/>(--exclude-newer-than {int}) |
+| exclude_older_than | int | Y | &nbsp; | &nbsp; | skip src files with mtime < arg<br/>(--exclude-older-than {int}) |
+| fasp_port | int | Y | Y | Y | Specifies fasp (UDP) port.<br/>(-O {int}) |
+| file_checksum | string | Y | Y | &nbsp; | Enable checksum reporting for transferred files by specifying the hash to use.<br/>Allowed values: sha-512, sha-384, sha-256, sha1, md5, none |
+| http_fallback | bool<br/>string | Y | Y | Y | When true(1), attempts to perform an HTTP transfer if a FASP transfer cannot be performed.<br/>(-y (conversion){bool}|{string}) |
+| http_fallback_port | int | Y | &nbsp; | &nbsp; | Specifies http port when no cipher is used<br/>(-t {int}) |
+| https_fallback_port | int | Y | Y | Y | Specifies https port when cipher is used<br/>(-t {int}) |
+| lock_min_rate | bool | Y | Y | Y | &nbsp; |
+| lock_min_rate_kbps | bool | Y | Y | Y | &nbsp; |
+| lock_rate_policy | bool | Y | Y | Y | &nbsp; |
+| lock_target_rate | bool | Y | Y | Y | &nbsp; |
+| lock_target_rate_kbps | bool | Y | Y | Y | &nbsp; |
+| min_rate_cap_kbps | int | Y | Y | Y | &nbsp; |
+| min_rate_kbps | int | Y | Y | Y | Set the minimum transfer rate in kilobits per second.<br/>(-m {int}) |
+| move_after_transfer | string | Y | Y | &nbsp; | The relative path to which the files will be moved after the transfer at the source side. Available as of 3.8.0.<br/>(--move-after-transfer {string}) |
+| multi_session | int | Y | Y | Y | Use multi-session transfer. max 128.<br/>Each participant on one host needs an independent UDP (-O) port.<br/>Large files are split between sessions only when transferring with resume_policy=none.<br/> |
+| multi_session_threshold | int | Y | Y | &nbsp; | Split files across multiple ascp sessions if their size in bytes is greater than or equal to the specified value.<br/>(0=no file is split)<br/>(--multi-session-threshold {int}) |
+| overwrite | string | Y | Y | Y | Overwrite destination files with the source files of the same name.<br/>Allowed values: never, always, diff, older, diff+older<br/>(--overwrite {enum}) |
+| password | string | &nbsp; | Y | &nbsp; | Password for local Windows user when transfer user associated with node api user is not the same as the one running asperanoded.<br/>Allows impersonating the transfer user and have access to resources (e.g. network shares).<br/>Windows only, node api only. |
+| paths | array | Y | Y | Y | Array of path to the source (required) and a path to the destination (optional). |
+| precalculate_job_size | bool | Y | Y | Y | Specifies whether to precalculate the job size.<br/>(--precalculate-job-size) |
+| preserve_access_time | bool | Y | Y | Y | (--preserve-access-time) |
+| preserve_acls | string | Y | &nbsp; | &nbsp; | Preserve access control lists.<br/>Allowed values: none, native, metafile<br/>(--preserve-acls {enum}) |
+| preserve_creation_time | bool | Y | Y | Y | (--preserve-creation-time) |
+| preserve_file_owner_gid | bool | Y | &nbsp; | &nbsp; | Preserve the group ID for a file owner<br/>(--preserve-file-owner-gid) |
+| preserve_file_owner_uid | bool | Y | &nbsp; | &nbsp; | Preserve the user ID for a file owner<br/>(--preserve-file-owner-uid) |
+| preserve_modification_time | bool | Y | Y | Y | (--preserve-modification-time) |
+| preserve_remote_acls | string | Y | &nbsp; | &nbsp; | Preserve remote access control lists.<br/>Allowed values: none, native, metafile<br/>(--remote-preserve-acls {enum}) |
+| preserve_source_access_time | bool | Y | &nbsp; | &nbsp; | Preserve the time logged for when the source file was accessed<br/>(--preserve-source-access-time) |
+| preserve_times | bool | Y | Y | Y | (--preserve-times) |
+| proxy | string | Y | &nbsp; | &nbsp; | Specify the address of the Aspera high-speed proxy server.<br/>dnat(s)://[user[:password]@]server:port<br/>Default ports for DNAT and DNATS protocols are 9091 and 9092.<br/>Password, if specified here, overrides the value of environment variable ASPERA_PROXY_PASS.<br/>(--proxy {string}) |
+| rate_policy | string | Y | Y | Y | The transfer rate policy to use when sharing bandwidth.<br/>Allowed values: low, fair, high, fixed<br/>(--policy {enum}) |
+| rate_policy_allowed | string | &nbsp; | &nbsp; | Y | Specifies most aggressive rate policy that is allowed.<br/>Returned by node API.<br/>Allowed values: low, fair, high, fixed |
+| remote_host | string | Y | Y | Y | IP or fully qualified domain name of the remote server<br/>(--host {string}) |
+| remote_password | string | Y | Y | Y | SSH session password<br/>(env:ASPERA_SCP_PASS) |
+| remote_user | string | Y | Y | Y | Remote user. Default value is "xfer" on node or connect.<br/>(--user {string}) |
+| remove_after_transfer | bool | Y | Y | &nbsp; | Remove SRC files after transfer success<br/>(--remove-after-transfer) |
+| remove_empty_directories | bool | Y | Y | &nbsp; | Specifies whether to remove empty directories.<br/>(--remove-empty-directories) |
+| remove_empty_source_directory | bool | Y | &nbsp; | &nbsp; | Remove empty source subdirectories and remove the source directory itself, if empty<br/>(--remove-empty-source-directory) |
+| remove_skipped | bool | Y | Y | Y | Must also have remove_after_transfer set to true, Defaults to false, if true, skipped files will be removed as well.<br/>(--remove-skipped) |
+| resume_policy | string | Y | Y | Y | If a transfer is interrupted or fails to finish, resume without re-transferring the whole files.<br/>Allowed values: none, attrs, sparse_csum, full_csum<br/>(-k (conversion){enum}) |
+| retry_duration | string<br/>int | &nbsp; | Y | Y | Specifies how long to wait before retrying transfer. (e.g. "5min") |
+| source_root | string | Y | Y | Y | Path to be prepended to each source path.<br/>This is either a conventional path or it can be a URI but only if there is no root defined.<br/>(--source-prefix64 (conversion){string}) |
+| source_root_id | string | &nbsp; | Y | &nbsp; | The file ID of the source root directory. Required when using Bearer token auth for the source node. |
+| src_base | string | Y | Y | &nbsp; | Specify the prefix to be stripped off from each source object.<br/>The remaining portion of the source path is kept intact at the destination.<br/>Special care must be taken when used with cloud storage.<br/>(--src-base64 (conversion){string}) |
+| ssh_port | int | Y | Y | Y | Specifies SSH (TCP) port. Default: local:22, other:33001<br/>(-P {int}) |
+| ssh_private_key | string | Y | &nbsp; | &nbsp; | Private key used for SSH authentication.<br/>Shall look like: -----BEGIN RSA PRIV4TE KEY-----&sol;nMII...<br/>Note the JSON encoding: &sol;n for newlines.<br/>(env:ASPERA_SCP_KEY) |
+| ssh_private_key_passphrase | string | Y | &nbsp; | &nbsp; | The passphrase associated with the transfer user's SSH private key. Available as of 3.7.2.<br/>(env:ASPERA_SCP_PASS) |
+| sshfp | string | Y | Y | Y | Check it against server SSH host key fingerprint<br/>(--check-sshfp {string}) |
+| symlink_policy | string | Y | Y | Y | Handle source side symbolic links<br/>Allowed values: follow, copy, copy+force, skip<br/>(--symbolic-links {enum}) |
+| tags | hash | Y | Y | Y | Metadata for transfer as JSON<br/>(--tags64 (conversion){hash}) |
+| target_rate_cap_kbps | int | &nbsp; | &nbsp; | Y | Returned by upload/download_setup node API. |
+| target_rate_kbps | int | Y | Y | Y | Specifies desired speed for the transfer.<br/>(-l {int}) |
+| target_rate_percentage | string | Y | Y | Y | &nbsp; |
+| title | string | &nbsp; | Y | Y | Title of the transfer |
+| token | string | Y | Y | Y | Authorization token: Bearer, Basic or ATM (Also arg -W)<br/>(env:ASPERA_SCP_TOKEN) |
+| use_ascp4 | bool | Y | Y | &nbsp; | specify version of protocol |
+| wss_enabled | bool | Y | Y | Y | &nbsp; |
+| wss_port | int | Y | Y | Y | TCP port used for websocket service feed. |
 
 #### Destination folder for transfers
 
 The destination folder is set by `ascli` by default to:
 
-* `.` for downloads
-* `/` for uploads
+- `.` for downloads
+- `/` for uploads
 
 It is specified by the [*transfer-spec*](#transferspec) parameter `destination_root`.
 As such, it can be modified with option: `--ts=@json:'{"destination_root":"<path>"}'`.
@@ -2101,7 +2276,7 @@ The `sources` and `src_type` options provide convenient ways to populate the tra
 
 Possible values for option `sources` are:
 
-* `@args` : (default) the list of files (or file pair) is directly provided on the command line (after commands): unused arguments (not starting with `-`) are considered as source files.
+- `@args` : (default) the list of files (or file pair) is directly provided on the command line (after commands): unused arguments (not starting with `-`) are considered as source files.
 So, by default, the list of files to transfer will be simply specified on the command line. Example:
 
   ```bash
@@ -2114,13 +2289,13 @@ So, by default, the list of files to transfer will be simply specified on the co
   ascli server upload --sources=@args --src-type=list ~/mysample.file secondfile
   ```
 
-* an [Extended Value](#extended) with type **Array of String**
+- an [Extended Value](#extended) with type **Array of String**
 
-  > Note: extended values can be tested with the command `conf echo`
+  > **Note:** extended values can be tested with the command `conf echo`
 
   Examples:
 
-  * Using extended value
+  - Using extended value
 
     Create the file list:
 
@@ -2135,28 +2310,28 @@ So, by default, the list of files to transfer will be simply specified on the co
     --sources=@lines:@file:myfilelist.txt
     ```
 
-  * Using JSON array
+  - Using JSON array
 
     ```javascript
     --sources=@json:'["file1","file2"]'
     ```
 
-  * Using STDIN, one path per line
+  - Using STDIN, one path per line
 
     ```bash
     --sources=@lines:@stdin:
     ```
 
-  * Using ruby code (one path per line in file)
+  - Using ruby code (one path per line in file)
 
     ```ruby
     --sources=@ruby:'File.read("myfilelist.txt").split("\n")'
     ```
 
-* `@ts` : the user provides the list of files directly in the `paths` field of transfer spec (option `ts`).
+- `@ts` : the user provides the list of files directly in the `paths` field of transfer spec (option `ts`).
 Examples:
 
-  * Using transfer spec
+  - Using transfer spec
 
   ```javascript
   --sources=@ts --ts=@json:'{"paths":[{"source":"file1"},{"source":"file2"}]}'
@@ -2164,12 +2339,12 @@ Examples:
 
 The option `src_type` allows specifying if the list specified in option `sources` is a simple file list or if it is a file pair list.
 
-> Note: Option `src_type` is not used if option `sources` is set to `@ts`
+> **Note:** Option `src_type` is not used if option `sources` is set to `@ts`
 
 Supported values for `src_type` are:
 
-* `list` : (default) the path of destination is the same as source and each entry is a source file path
-* `pair` : the first element is the first source, the second element is the first destination, and so on.
+- `list` : (default) the path of destination is the same as source and each entry is a source file path
+- `pair` : the first element is the first source, the second element is the first destination, and so on.
 
 Example: Source file `200KB.1` is renamed `sample1` on destination:
 
@@ -2177,13 +2352,13 @@ Example: Source file `200KB.1` is renamed `sample1` on destination:
 ascli server upload --src-type=pair ~/Documents/Samples/200KB.1 /Upload/sample1
 ```
 
-> Note there are some specific rules to specify file list when using "Aspera on Cloud", refer to the AoC plugin section.
+> **Note:** There are some specific rules to specify a file list when using **Aspera on Cloud**, refer to the AoC plugin section.
 
 #### <a id="multisession"></a>Support of multi-session
 
-Multi session, i.e. starting a transfer of a file set using multiple sessions (one ascp process per session) is supported on "direct" and "node" agents, not yet on connect.
+Multi session, i.e. starting a transfer of a file set using multiple sessions (one `ascp` process per session) is supported on "direct" and "node" agents, not yet on connect.
 
-* when agent=node :
+- when agent=node :
 
 ```javascript
 --ts=@json:'{"multi_session":10,"multi_session_threshold":1}'
@@ -2191,16 +2366,15 @@ Multi session, i.e. starting a transfer of a file set using multiple sessions (o
 
 Multi-session is directly supported by the node daemon.
 
-* when agent=direct :
+- when agent=direct :
 
 ```javascript
 --ts=@json:'{"multi_session":5,"multi_session_threshold":1,"resume_policy":"none"}'
 ```
 
-Note: resume policy of "attr" may cause problems. "none" or "sparse_csum"
-shall be preferred.
+Note: `resume_policy` set to `attr` may cause problems: `none` or `sparse_csum` shall be preferred.
 
-Multi-session spawn is done by `ascli`.
+`ascli` starts multiple `ascp` for Multi-session using `direct` agent.
 
 When multi-session is used, one separate UDP port is used per session (refer to `ascp` manual page).
 
@@ -2212,8 +2386,8 @@ using a passphrase, only known by users sharing files. Files stay encrypted on s
 
 activating CSEAR consists in using transfer spec parameters:
 
-* `content_protection` : activate encryption (`encrypt` for upload) or decryption (`decrypt` for download)
-* `content_protection_password` : the passphrase to be used.
+- `content_protection` : activate encryption (`encrypt` for upload) or decryption (`decrypt` for download)
+- `content_protection_password` : the passphrase to be used.
 
 Example: parameter to download a faspex package and decrypt on the fly
 
@@ -2221,7 +2395,7 @@ Example: parameter to download a faspex package and decrypt on the fly
 --ts=@json:'{"content_protection":"decrypt","content_protection_password":"_pass_here_"}'
 ```
 
-Note that up to version 4.6.0, the following parameters should be used for agent `direct`:
+> **Note:** Up to version `ascli` 4.6.0, the following parameters should be used for agent `direct`:
 
 ```javascript
 --ts=@json:'{"EX_ascp_args":["--file-crypt=decrypt"],"EX_at_rest_password":"_secret_here_"}'
@@ -2229,44 +2403,48 @@ Note that up to version 4.6.0, the following parameters should be used for agent
 
 #### Transfer Spec Examples
 
-* Change target rate
+- Change target rate
 
 ```javascript
 --ts=@json:'{"target_rate_kbps":500000}'
 ```
 
-* Override the FASP SSH port to a specific TCP port:
+- Override the FASP SSH port to a specific TCP port:
 
 ```javascript
 --ts=@json:'{"ssh_port":33002}'
 ```
 
-* Force http fallback mode:
+- Force http fallback mode:
 
 ```javascript
 --ts=@json:'{"http_fallback":"force"}'
 ```
 
-* Activate progress when not activated by default on server
+- Activate progress when not activated by default on server
 
 ```javascript
 --ts=@json:'{"precalculate_job_size":true}'
 ```
 
-### <a id="scheduling"></a>Lock for exclusive execution
+### <a id="scheduling"></a>Scheduling
+
+It is useful to configure automated scheduled execution.
+
+#### <a id="locking"></a>Locking for exclusive execution
 
-In some conditions, it may be desirable to ensure that `ascli` is not executed several times in parallel.
+It is also useful to ensure that `ascli` is not executed several times in parallel.
 
 For instance when `ascli` is executed automatically on a schedule basis, one generally desire that a new execution is not started if a previous execution is still running because an on-going operation may last longer than the scheduling period:
 
-* Executing instances may pile-up and kill the system
-* The same file may be transferred by multiple instances at the same time.
-* `preview` may generate the same files in multiple instances.
+- Executing instances may pile-up and kill the system
+- The same file may be transferred by multiple instances at the same time.
+- `preview` may generate the same files in multiple instances.
 
 Usually the OS native scheduler already provides some sort of protection against parallel execution:
 
-* The Windows scheduler does this by default
-* Linux cron can leverage the utility [`flock`](https://linux.die.net/man/1/flock) to do the same:
+- The Windows scheduler does this by default
+- Linux cron can leverage the utility [`flock`](https://linux.die.net/man/1/flock) to do the same:
 
 ```bash
 /usr/bin/flock -w 0 /var/cron.lock ascli ...
@@ -2289,6 +2467,18 @@ The first instance will sleep 30 seconds, the second one will immediately exit l
 WARN -- : Another instance is already running (Address already in use - bind(2) for "127.0.0.1" port 12345).
 ```
 
+#### <a id="scheduler"></a>Scheduler
+
+`ascli` does not provide an internal scheduler.
+
+Instead, use the service provided by the Operating system:
+
+- Windows: [Task Scheduler](https://docs.microsoft.com/en-us/windows/win32/taskschd/task-scheduler-start-page)
+- Linux/Unix: [cron](https://www.man7.org/linux/man-pages/man5/crontab.5.html)
+- etc...
+
+Linux also provides `anacron`, if tasks are hourly or daily.
+
 ### "Proven&ccedil;ale"
 
 `ascp`, the underlying executable implementing Aspera file transfer using FASP, has a capability to not only access the local file system (using system's `open`,`read`,`write`,`close` primitives), but also to do the same operations on other data storage such as S3, Hadoop and others. This mechanism is call *PVCL*. Several *PVCL* adapters are available, some are embedded in `ascp`
@@ -2343,8 +2533,8 @@ faux:///filename?filesize
 
 where:
 
-* `filename` is the name that will be assigned to the file on the destination
-* `filesize` is the number of bytes that will be sent (in decimal).
+- `filename` is the name that will be assigned to the file on the destination
+- `filesize` is the number of bytes that will be sent (in decimal).
 
 Note: characters `?` and `&` are shell special characters (wildcard and backround), so `faux` file specification on command line should be protected (using quotes or `\`). If not, the shell may give error: `no matches found` or equivalent.
 
@@ -2358,8 +2548,8 @@ faux:///dirname?<arg1>=<val1>&...
 
 where:
 
-* `dirname` is the folder name and can contain `/` to specify a subfolder.
-* supported arguments are:
+- `dirname` is the folder name and can contain `/` to specify a subfolder.
+- supported arguments are:
 
 | Name   | Type | Description |
 |--------|------|-------------|
@@ -2372,19 +2562,19 @@ where:
 
 The sequence parameter is applied as follows:
 
-* If `seq` is `random` then each file size is:
+- If `seq` is `random` then each file size is:
 
-  * size +/- (inc * rand())
-  * Where rand is a random number between 0 and 1
-  * Note that file size must not be negative, inc will be set to size if it is greater than size
-  * Similarly, overall file size must be less than 8*2<sup>60</sup>. If size + inc is greater, inc will be reduced to limit size + inc to 7*2<sup>60</sup>.
+  - size +/- (inc * rand())
+  - Where rand is a random number between 0 and 1
+  - Note that file size must not be negative, inc will be set to size if it is greater than size
+  - Similarly, overall file size must be less than 8*2<sup>60</sup>. If size + inc is greater, inc will be reduced to limit size + inc to 7*2<sup>60</sup>.
 
-* If `seq` is `sequential` then each file size is:
+- If `seq` is `sequential` then each file size is:
 
-  * `size + ((fileindex - 1) * inc)`
-  * Where first file is index 1
-  * So file1 is `size` bytes, file2 is `size + inc` bytes, file3 is `size + inc * 2` bytes, etc.
-  * As with `random`, `inc` will be adjusted if `size + (count * inc)` is not less then 8*2<sup>60</sup>.
+  - `size + ((fileindex - 1) * inc)`
+  - Where first file is index 1
+  - So file1 is `size` bytes, file2 is `size + inc` bytes, file3 is `size + inc * 2` bytes, etc.
+  - As with `random`, `inc` will be adjusted if `size + (count * inc)` is not less then 8*2<sup>60</sup>.
 
 Filenames generated are of the form: `<file>_<00000 ... count>_<filesize>`
 
@@ -2392,19 +2582,19 @@ To discard data at the destination, the destination argument is set to `faux://`
 
 Examples:
 
-* Upload 20 gibibytes of random data to file myfile to directory /Upload
+- Upload 20 gibibytes of random data to file myfile to directory /Upload
 
 ```bash
 ascli server upload faux:///myfile\?20g --to-folder=/Upload
 ```
 
-* Upload a file /tmp/sample but do not save results to disk (no docroot on destination)
+- Upload a file /tmp/sample but do not save results to disk (no docroot on destination)
 
 ```bash
 ascli server upload /tmp/sample --to-folder=faux://
 ```
 
-* Upload a faux directory `mydir` containing 1 million files, sequentially with sizes ranging from 0 to 2 Mebibyte - 2 bytes, with the basename of each file being `testfile` to /Upload
+- Upload a faux directory `mydir` containing 1 million files, sequentially with sizes ranging from 0 to 2 Mebibyte - 2 bytes, with the basename of each file being `testfile` to /Upload
 
 ```bash
 ascli server upload "faux:///mydir?file=testfile&count=1m&size=0&inc=2&seq=sequential" --to-folder=/Upload
@@ -2415,7 +2605,7 @@ ascli server upload "faux:///mydir?file=testfile&count=1m&size=0&inc=2&seq=seque
 ```text
 ascli -h
 NAME
-        ascli -- a command line tool for Aspera Applications (v4.9.0)
+        ascli -- a command line tool for Aspera Applications (v4.11.0)
 
 SYNOPSIS
         ascli COMMANDS [OPTIONS] [ARGS]
@@ -2438,23 +2628,23 @@ COMMANDS
 OPTIONS
         Options begin with a '-' (minus), and value is provided on command line.
         Special values are supported beginning with special prefix @pfx:, where pfx is one of:
-        base64, json, zlib, ruby, csvt, lines, list, incps, val, file, path, env, uri, stdin, preset
+        base64, json, zlib, ruby, csvt, lines, list, incps, vault, val, file, path, env, uri, stdin, preset
         Dates format is 'DD-MM-YY HH:MM:SS', or 'now' or '-<num>h'
 
 ARGS
         Some commands require mandatory arguments, e.g. a path.
 
 OPTIONS: global
-        --interactive=ENUM           use interactive input of missing params: yes, [no]
-        --ask-options=ENUM           ask even optional options: yes, [no]
+        --interactive=ENUM           use interactive input of missing params: [no], yes
+        --ask-options=ENUM           ask even optional options: [no], yes
         --format=ENUM                output format: text, nagios, ruby, json, jsonpp, yaml, [table], csv
         --display=ENUM               output only some information: [info], data, error
         --fields=VALUE               comma separated list of fields, or ALL, or DEF
         --select=VALUE               select only some items in lists, extended value: hash (column, value)
         --table-style=VALUE          table display style
-        --flat-hash=ENUM             display hash values as additional keys: [yes], no
-        --transpose-single=ENUM      single object fields output vertically: [yes], no
-        --show-secrets=ENUM          show secrets on command output: yes, [no]
+        --flat-hash=ENUM             display hash values as additional keys: no, [yes]
+        --transpose-single=ENUM      single object fields output vertically: no, [yes]
+        --show-secrets=ENUM          show secrets on command output: [no], yes
     -h, --help                       Show this message.
         --bash-comp                  generate bash completion for command
         --show-config                Display parameters used for the provided action.
@@ -2465,52 +2655,55 @@ OPTIONS: global
         --log-level=ENUM             Log level: debug, info, [warn], error, fatal, unknown
         --logger=ENUM                log method: [stderr], stdout, syslog
         --lock-port=VALUE            prevent dual execution of a command, e.g. in cron
-        --query=VALUE                additional filter for API calls (extended value) (some commands)
         --http-options=VALUE         options for http socket (extended value)
-        --insecure=ENUM              do not validate HTTPS certificate: [yes], no
-        --once-only=ENUM             process only new items (some commands): yes, [no]
-        --log-secrets=ENUM           show passwords in logs: yes, [no]
-        --cache-tokens=ENUM          save and reuse Oauth tokens: [yes], no
+        --insecure=ENUM              do not validate HTTPS certificate: no, [yes]
+        --once-only=ENUM             process only new items (some commands): [no], yes
+        --log-secrets=ENUM           show passwords in logs: [no], yes
+        --cache-tokens=ENUM          save and reuse Oauth tokens: no, [yes]
 
 COMMAND: config
-SUBCOMMANDS: list overview id preset open documentation genkey gem plugin flush_tokens echo wizard export_to_cli detect coffee ascp email_test smtp_settings proxy_check folder file check_update initdemo vault
+SUBCOMMANDS: ascp check_update coffee detect documentation echo email_test export_to_cli file flush_tokens folder gem genkey id initdemo list lookup open overview plugin preset proxy_check secure smtp_settings vault wizard
 OPTIONS:
+        --query=VALUE                additional filter for API calls (extended value) (some commands)
         --value=VALUE                extended value for create, update, list filter
         --property=VALUE             name of property to set
         --id=VALUE                   resource identifier (modify,delete,show)
-        --bulk=ENUM                  Bulk operation (only some): yes, [no]
+        --bulk=ENUM                  Bulk operation (only some): [no], yes
+        --bfail=ENUM                 Bulk operation error handling: [no], yes
         --config-file=VALUE          read parameters from file in YAML format, current=/usershome/.aspera/ascli/config.yaml
     -N, --no-default                 do not load default configuration for plugin
-        --override=ENUM              Wizard: override existing value: yes, [no]
-        --use-generic-client=ENUM    Wizard: AoC: use global or org specific jwt client id: yes, [no]
-        --default=ENUM               Wizard: set as default configuration for specified plugin (also: update): yes, [no]
-        --test-mode=ENUM             Wizard: skip private key check step: yes, [no]
+        --override=ENUM              Wizard: override existing value: [no], yes
+        --use-generic-client=ENUM    Wizard: AoC: use global or org specific jwt client id: [no], yes
+        --default=ENUM               Wizard: set as default configuration for specified plugin (also: update): [no], yes
+        --test-mode=ENUM             Wizard: skip private key check step: [no], yes
     -P, --presetVALUE                load the named option preset from current config file
         --pkeypath=VALUE             Wizard: path to private key for JWT
-        --ascp-path=VALUE            path to ascp
-        --use-product=VALUE          use ascp from specified product
-        --smtp=VALUE                 smtp configuration (extended value: hash)
-        --fpac=VALUE                 proxy auto configuration script
-        --secret=VALUE               default secret
-        --secrets=VALUE              secret vault
+        --ascp-path=VALUE            Path to ascp
+        --use-product=VALUE          Use ascp from specified product
+        --smtp=VALUE                 SMTP configuration (extended value: hash)
+        --fpac=VALUE                 Proxy auto configuration script
+        --proxy-credentials=VALUE    HTTP proxy credentials (Array with user and password)
+        --secret=VALUE               Secret for access keys
+        --vault=VALUE                Vault for secrets
+        --vault-password=VALUE       Vault password
         --sdk-url=VALUE              URL to get SDK
         --sdk-folder=VALUE           SDK folder path
-        --notif-to=VALUE             email recipient for notification of transfers
-        --notif-template=VALUE       email ERB template for notification of transfers
-        --version-check-days=VALUE   period in days to check new version (zero to disable)
-        --plugin-folder=VALUE        folder where to find additional plugins
-        --ts=VALUE                   override transfer spec values (Hash, use @json: prefix), current={"create_dir"=>true}
-        --local-resume=VALUE         set resume policy (Hash, use @json: prefix), current=
-        --to-folder=VALUE            destination folder for transfered files
-        --sources=VALUE              how list of transfered files is provided (@args,@ts,Array)
-        --src-type=ENUM              type of file list: list, pair
-        --transfer=ENUM              type of transfer agent: direct, node, connect, httpgw, trsdk
-        --transfer-info=VALUE        parameters for transfer agent
-        --progress=ENUM              type of progress bar: none, native, multi
+        --notif-to=VALUE             Email recipient for notification of transfers
+        --notif-template=VALUE       Email ERB template for notification of transfers
+        --version-check-days=VALUE   Period in days to check new version (zero to disable)
+        --plugin-folder=VALUE        Folder where to find additional plugins
+        --ts=VALUE                   Override transfer spec values (Hash, e.g. use @json: prefix), current={"create_dir"=>true}
+        --to-folder=VALUE            Destination folder for transfered files
+        --sources=VALUE              How list of transfered files is provided (@args,@ts,Array)
+        --ascp-opts=VALUE            Options for ascp in its native format
+        --src-type=ENUM              Type of file list: list, pair
+        --transfer=ENUM              Type of transfer agent: direct, node, connect, httpgw, trsdk
+        --transfer-info=VALUE        Parameters for transfer agent
+        --progress=ENUM              Type of progress bar: none, native, multi
 
 
 COMMAND: shares
-SUBCOMMANDS: health repository admin
+SUBCOMMANDS: admin health repository
 OPTIONS:
         --url=VALUE                  URL of application, e.g. https://org.asperafiles.com
         --username=VALUE             username to log in
@@ -2518,7 +2711,7 @@ OPTIONS:
 
 
 COMMAND: node
-SUBCOMMANDS: postprocess stream transfer cleanup forward access_key watch_folder service async central asperabrowser basic_token browse upload download api_details health events space info license mkdir mklink mkfile rename delete search
+SUBCOMMANDS: access_key api_details asperabrowser async basic_token browse central delete download events health info license mkdir mkfile mklink rename search service space stream sync transfer upload watch_folder
 OPTIONS:
         --url=VALUE                  URL of application, e.g. https://org.asperafiles.com
         --username=VALUE             username to log in
@@ -2526,18 +2719,20 @@ OPTIONS:
         --validator=VALUE            identifier of validator (optional for central)
         --asperabrowserurl=VALUE     URL for simple aspera web ui
         --sync-name=VALUE            sync name
+        --path=VALUE                 file or folder path for gen4 operation "file"
         --token-type=ENUM            Type of token used for transfers: aspera, basic, hybrid
+        --default-ports=ENUM         use standard FASP ports or get from node api (gen4): [no], yes
 
 
 COMMAND: orchestrator
-SUBCOMMANDS: health info workflow plugins processes
+SUBCOMMANDS: health info plugins processes workflow
 OPTIONS:
         --url=VALUE                  URL of application, e.g. https://org.asperafiles.com
         --username=VALUE             username to log in
         --password=VALUE             user's password
         --params=VALUE               parameters hash table, use @json:{"param":"value"}
         --result=VALUE               specify result value as: 'work step:parameter'
-        --synchronous=ENUM           work step:parameter expected as result: yes, [no]
+        --synchronous=ENUM           work step:parameter expected as result: [no], yes
         --ret-style=ENUM             how return type is requested in api: header, arg, ext
         --auth-style=ENUM            authentication type: arg_pass, head_basic, apikey
 
@@ -2559,7 +2754,7 @@ OPTIONS:
 
 
 COMMAND: ats
-SUBCOMMANDS: cluster access_key api_key aws_trust_policy
+SUBCOMMANDS: access_key api_key aws_trust_policy cluster
 OPTIONS:
         --ibm-api-key=VALUE          IBM API key, see https://cloud.ibm.com/iam/apikeys
         --instance=VALUE             ATS instance in ibm cloud
@@ -2571,7 +2766,7 @@ OPTIONS:
 
 
 COMMAND: faspex5
-SUBCOMMANDS: health package admin user
+SUBCOMMANDS: admin bearer_token health package user version
 OPTIONS:
         --url=VALUE                  URL of application, e.g. https://org.asperafiles.com
         --username=VALUE             username to log in
@@ -2579,7 +2774,7 @@ OPTIONS:
         --client-id=VALUE            OAuth client identifier
         --client-secret=VALUE        OAuth client secret
         --redirect-uri=VALUE         OAuth redirect URI for web authentication
-        --auth=ENUM                  OAuth type of authentication: web, jwt, boot
+        --auth=ENUM                  OAuth type of authentication: boot, web, jwt
         --private-key=VALUE          OAuth JWT RSA private key PEM value (prefix file path with @file:)
         --passphrase=VALUE           RSA private key passphrase
 
@@ -2597,7 +2792,7 @@ OPTIONS:
 
 
 COMMAND: faspex
-SUBCOMMANDS: health package source me dropbox v4 address_book login_methods
+SUBCOMMANDS: address_book dropbox health login_methods me package source v4
 OPTIONS:
         --url=VALUE                  URL of application, e.g. https://org.asperafiles.com
         --username=VALUE             username to log in
@@ -2611,7 +2806,7 @@ OPTIONS:
 
 
 COMMAND: preview
-SUBCOMMANDS: scan events trevents check test
+SUBCOMMANDS: check events scan test trevents
 OPTIONS:
         --url=VALUE                  URL of application, e.g. https://org.asperafiles.com
         --username=VALUE             username to log in
@@ -2625,7 +2820,7 @@ OPTIONS:
         --case=VALUE                 basename of output for for test
         --scan-path=VALUE            subpath in folder id to start scan in (default=/)
         --scan-id=VALUE              forder id in storage to start scan in, default is access key main folder id
-        --mimemagic=ENUM             use Mime type detection of gem mimemagic: yes, [no]
+        --mimemagic=ENUM             use Mime type detection of gem mimemagic: [no], yes
         --overwrite=ENUM             when to overwrite result file: always, never, [mtime]
         --file-access=ENUM           how to read and write files in repository: [local], remote
         --max-size=VALUE             maximum size (in bytes) of preview file
@@ -2646,14 +2841,14 @@ OPTIONS:
 
 
 COMMAND: sync
-SUBCOMMANDS: start admin
+SUBCOMMANDS: admin start
 OPTIONS:
-        --parameters=VALUE           extended value for session set definition
-        --session-name=VALUE         name of session to use for admin commands, by default first one
+        --sync-info=VALUE            Information for sync instance and sessions (Hash)
+        --sync-session=VALUE         Name of session to use for admin commands. default: first in parameters
 
 
 COMMAND: aoc
-SUBCOMMANDS: reminder servers bearer_token organization tier_restrictions user packages files admin automation gateway
+SUBCOMMANDS: admin automation bearer_token files gateway organization packages reminder servers tier_restrictions user
 OPTIONS:
         --url=VALUE                  URL of application, e.g. https://org.asperafiles.com
         --username=VALUE             username to log in
@@ -2664,20 +2859,28 @@ OPTIONS:
         --client-secret=VALUE        OAuth API client passcode
         --redirect-uri=VALUE         OAuth API client redirect URI
         --private-key=VALUE          OAuth JWT RSA private key PEM value (prefix file path with @file:)
-        --passphrase=VALUE           RSA private key passphrase
-        --workspace=VALUE            name of workspace
-        --name=VALUE                 resource name
-        --path=VALUE                 file or folder path
-        --link=VALUE                 public link to shared resource
-        --new-user-option=VALUE      new user creation option for unknown package recipients
-        --from-folder=VALUE          share to share source folder
         --scope=VALUE                OAuth scope for AoC API calls
-        --default-ports=ENUM         use standard FASP ports or get from node api: yes, [no]
-        --validate-metadata=ENUM     validate shared inbox metadata: yes, [no]
+        --passphrase=VALUE           RSA private key passphrase
+        --workspace=VALUE            Name of workspace
+        --name=VALUE                 Resource name (prefer to use keyword name)
+        --link=VALUE                 Public link to shared resource
+        --new-user-option=VALUE      New user creation option for unknown package recipients
+        --from-folder=VALUE          Source folder for Folder-to-Folder transfer
+        --validate-metadata=ENUM     Validate shared inbox metadata: [no], yes
+
+COMMAND: node
+SUBCOMMANDS: access_key api_details asperabrowser async basic_token browse central delete download events health info license mkdir mkfile mklink rename search service space stream sync transfer upload watch_folder
+OPTIONS:
+        --validator=VALUE            identifier of validator (optional for central)
+        --asperabrowserurl=VALUE     URL for simple aspera web ui
+        --sync-name=VALUE            sync name
+        --path=VALUE                 file or folder path for gen4 operation "file"
+        --token-type=ENUM            Type of token used for transfers: aspera, basic, hybrid
+        --default-ports=ENUM         use standard FASP ports or get from node api (gen4): [no], yes
 
 
 COMMAND: server
-SUBCOMMANDS: health download upload browse delete rename ls rm mv du info mkdir cp df md5sum
+SUBCOMMANDS: browse cp delete df download du health info ls md5sum mkdir mv rename rm sync upload
 OPTIONS:
         --url=VALUE                  URL of application, e.g. https://org.asperafiles.com
         --username=VALUE             username to log in
@@ -2687,7 +2890,7 @@ OPTIONS:
 
 
 COMMAND: console
-SUBCOMMANDS: transfer health
+SUBCOMMANDS: health transfer
 OPTIONS:
         --url=VALUE                  URL of application, e.g. https://org.asperafiles.com
         --username=VALUE             username to log in
@@ -2698,7 +2901,7 @@ OPTIONS:
 
 ```
 
-Note that actions and parameter values can be written in short form.
+> **Note:** commands and parameter values can be written in short form.
 
 ### Bulk creation and deletion of resources
 
@@ -2706,7 +2909,7 @@ Bulk creation and deletion of resources are possible using option `bulk` (yes,no
 In that case, the operation expects an Array of Hash instead of a simple Hash using the [Extended Value Syntax](#extended).
 This option is available only for some of the resources: if you need it: try and see if the entities you try to create or delete support this option.
 
-## <a id="aoc"></a>Plugin: Aspera on Cloud
+## <a id="aoc"></a>Plugin: `aoc`: IBM Aspera on Cloud
 
 Aspera on Cloud uses the more advanced Oauth v2 mechanism for authentication (HTTP Basic authentication is not supported).
 
@@ -2749,15 +2952,15 @@ ascli config wizard --value=aoc
 
 ### <a id="aocmanual"></a>Configuration: using manual setup
 
-> If you used the wizard (recommended): skip this section.
+> **Note:** If you used the wizard (recommended): skip this section.
 
 #### Configuration details
 
 Several types of OAuth authentication are supported:
 
-* JSON Web Token (JWT) : authentication is secured by a private key (recommended for CLI)
-* Web based authentication : authentication is made by user using a browser
-* URL Token : external users authentication with url tokens (public links)
+- JSON Web Token (JWT) : authentication is secured by a private key (recommended for CLI)
+- Web based authentication : authentication is made by user using a browser
+- URL Token : external users authentication with url tokens (public links)
 
 The authentication method is controlled by option `auth`.
 
@@ -2773,19 +2976,19 @@ If you use the built-in client_id and client_secret, skip this and do not set th
 
 Else you can use a specific OAuth API client_id, the first step is to declare `ascli` in Aspera on Cloud using the admin interface.
 
-(official documentation: <https://ibmaspera.com/help/admin/organization/registering_an_api_client> ).
+([AoC documentation: Registering an API Client](https://ibmaspera.com/help/admin/organization/registering_an_api_client) ).
 
 Let's start by a registration with web based authentication (auth=web):
 
-* Open a web browser, log to your instance: e.g. `https://myorg.ibmaspera.com/`
-* Go to Apps&rarr;Admin&rarr;Organization&rarr;Integrations
-* Click "Create New"
-  * Client Name: `ascli`
-  * Redirect URIs: `http://localhost:12345`
-  * Origins: `localhost`
-  * uncheck "Prompt users to allow client to access"
-  * leave the JWT part for now
-* Save
+- Open a web browser, log to your instance: e.g. `https://myorg.ibmaspera.com/`
+- Go to Apps &rarr; Admin &rarr; Organization &rarr; Integrations
+- Click "Create New"
+  - Client Name: `ascli`
+  - Redirect URIs: `http://localhost:12345`
+  - Origins: `localhost`
+  - uncheck "Prompt users to allow client to access"
+  - leave the JWT part for now
+- Save
 
 Note: for web based authentication, `ascli` listens on a local port (e.g. specified by the redirect_uri, in this example: 12345), and the browser will provide the OAuth code there. For ``ascli`, HTTP is required, and 12345 is the default port.
 
@@ -2826,16 +3029,16 @@ a [private/public key pair](#private_key) must be used.
 
 If you are not using the built-in client_id and secret, JWT needs to be authorized in Aspera on Cloud. This can be done in two manners:
 
-* Graphically
+- Graphically
 
-  * Open a web browser, log to your instance: `https://myorg.ibmaspera.com/`
-  * Go to Apps&rarr;Admin&rarr;Organization&rarr;Integrations
-  * Click on the previously created application
-  * select tab : "JSON Web Token Auth"
-  * Modify options if necessary, for instance: activate both options in section "Settings"
-  * Click "Save"
+  - Open a web browser, log to your instance: `https://myorg.ibmaspera.com/`
+  - Go to Apps &rarr; Admin &rarr; Organization &rarr; Integrations
+  - Click on the previously created application
+  - select tab : "JSON Web Token Auth"
+  - Modify options if necessary, for instance: activate both options in section "Settings"
+  - Click "Save"
 
-* Using command line
+- Using command line
 
 ```bash
 ascli aoc admin res client list
@@ -2865,11 +3068,11 @@ The public key must be assigned to your user. This can be done in two manners:
 
 Open the previously generated public key located here: `$HOME/.aspera/ascli/my_private_key.pub`
 
-* Open a web browser, log to your instance: `https://myorg.ibmaspera.com/`
-* Click on the user's icon (top right)
-* Select "Account Settings"
-* Paste the *Public Key* in the "Public Key" section
-* Click on "Submit"
+- Open a web browser, log to your instance: `https://myorg.ibmaspera.com/`
+- Click on the user's icon (top right)
+- Select "Account Settings"
+- Paste the *Public Key* in the "Public Key" section
+- Click on "Submit"
 
 ##### Using command line
 
@@ -2900,9 +3103,9 @@ Note: the `aspera user info show` command can be used to verify modifications.
 
 To activate default use of JWT authentication for `ascli` using the [option preset](#lprt), do the following:
 
-* change auth method to JWT
-* provide location of private key
-* provide username to login as (OAuth "subject")
+- change auth method to JWT
+- provide location of private key
+- provide username to login as (OAuth "subject")
 
 Execute:
 
@@ -2962,13 +3165,13 @@ The option `query` can be optionally used. It expects a Hash using [Extended Val
 
 The following parameters are supported:
 
-* `q` : a filter on name of resource (case insensitive, matches if value is contained in name)
-* `sort`: name of fields to sort results, prefix with `-` for reverse order.
-* `max` : maximum number of items to retrieve (stop pages when the maximum is passed)
-* `pmax` : maximum number of pages to request (stop pages when the maximum is passed)
-* `page` : native api parameter, in general do not use (added by
-* `per_page` : native api parameter, number of items par api call, in general do not use
-* Other specific parameters depending on resource type.
+- `q` : a filter on name of resource (case insensitive, matches if value is contained in name)
+- `sort`: name of fields to sort results, prefix with `-` for reverse order.
+- `max` : maximum number of items to retrieve (stop pages when the maximum is passed)
+- `pmax` : maximum number of pages to request (stop pages when the maximum is passed)
+- `page` : native api parameter, in general do not use (added by
+- `per_page` : native api parameter, number of items par api call, in general do not use
+- Other specific parameters depending on resource type.
 
 Both `max` and `pmax` are processed internally in `ascli`, not included in actual API call and limit the number of successive pages requested to API. `ascli` will return all values using paging if not provided.
 
@@ -2982,19 +3185,19 @@ Other parameters depend on the type of entity (refer to AoC API).
 
 Examples:
 
-* List users with `laurent` in name:
+- List users with `laurent` in name:
 
 ```javascript
 ascli aoc admin res user list --query=--query=@json:'{"q":"laurent"}'
 ```
 
-* List users who logged-in before a date:
+- List users who logged-in before a date:
 
 ```javascript
 ascli aoc admin res user list --query=@json:'{"q":"last_login_at:<2018-05-28"}'
 ```
 
-* List external users and sort in reverse alphabetical order using name:
+- List external users and sort in reverse alphabetical order using name:
 
 ```javascript
 ascli aoc admin res user list --query=@json:'{"member_of_any_workspace":false,"sort":"-name"}'
@@ -3002,7 +3205,7 @@ ascli aoc admin res user list --query=@json:'{"member_of_any_workspace":false,"s
 
 Refer to the AoC API for full list of query parameters, or use the browser in developer mode with the web UI.
 
-Note the option `select` can also be used to further refine selection, refer to [section earlier](#option_select).
+> **Note:** The option `select` can also be used to further refine selection, refer to [section earlier](#option_select).
 
 #### <a id="res_select"></a>Selecting a resource
 
@@ -3010,10 +3213,10 @@ Resources are identified by a unique `id`, as well as a unique `name` (case inse
 
 To execute an action on a specific resource, select it using one of those methods:
 
-* *recommended*: give id directly on command line *after the action*: `aoc admin res node show 123`
-* give name on command line *after the action*: `aoc admin res node show name abc`
-* provide option `id` : `aoc admin res node show --id=123`
-* provide option `name` : `aoc admin res node show --name=abc`
+- *recommended*: give id directly on command line *after the action*: `aoc admin res node show 123`
+- give name on command line *after the action*: `aoc admin res node show name abc`
+- provide option `id` : `aoc admin res node show --id=123`
+- provide option `name` : `aoc admin res node show --name=abc`
 
 #### <a id="res_create"></a>Creating a resource
 
@@ -3054,22 +3257,23 @@ If the command returns an error, example:
 |    | request_id: b0f45d5b-c00a-4711-acef-72b633f8a6ea                                  |
 |    | api.ibmaspera.com 422 Unprocessable Entity                                        |
 +----+-----------------------------------------------------------------------------------+```
+```
 
 Well, remove the offending parameters and try again.
 
-Note that some properties that are shown in the web UI, such as membership, are not listed directly in the resource, but instead another resource is created to link a user and its group: `group_membership`
+> **Note:** Some properties that are shown in the web UI, such as membership, are not listed directly in the resource, but instead another resource is created to link a user and its group: `group_membership`
 
 #### Access Key secrets
 
-In order to access some administrative actions on "nodes" (in fact, access keys), the associated secret is required.
-It is usually provided using the `secret` option.
+In order to access some administrative actions on **nodes** (in fact, access keys), the associated secret is required.
+The secret is provided using the `secret` option.
 For example in a command like:
 
 ```bash
 ascli aoc admin res node --id=123 --secret="secret1" v3 info
 ```
 
-It is also possible to provide a set of secrets used on a regular basis using the [secret vault](#vault).
+It is also possible to store secrets in the [secret vault](#vault) and then automatically find the related secret using the [config finder](#config_finder).
 
 #### Activity
 
@@ -3097,7 +3301,7 @@ Thank you.
 
 The environment provided contains the following additional variable:
 
-* ev : all details on the transfer event
+- ev : all details on the transfer event
 
 Example:
 
@@ -3109,11 +3313,11 @@ ascli aoc admin analytics transfers --once-only=yes --lock-port=12345 \
 
 Options:
 
-* `once_only` keep track of last date it was called, so next call will get only new events
-* `query` filter (on API call)
-* `notify` send an email as specified by template, this could be places in a file with the `@file` modifier.
+- `once_only` keep track of last date it was called, so next call will get only new events
+- `query` filter (on API call)
+- `notify` send an email as specified by template, this could be places in a file with the `@file` modifier.
 
-Note this must not be executed in less than 5 minutes because the analytics interface accepts only a period of time between 5 minutes and 6 months. The period is [date of previous execution]..[now].
+> **Note:** This must not be executed in less than 5 minutes because the analytics interface accepts only a period of time between 5 minutes and 6 months. The period is [date of previous execution]..[now].
 
 #### Transfer: Using specific transfer ports
 
@@ -3321,7 +3525,7 @@ ascli aoc admin res user list --fields=email --select=@json:'{"member_of_any_wor
 
 #### Example: create a group, add to workspace and add user to group
 
-* Create the group and take note of `id`
+- Create the group and take note of `id`
 
 ```bash
 ascli aoc admin res group create @json:'{"name":"group 1","description":"my super group"}'
@@ -3329,7 +3533,7 @@ ascli aoc admin res group create @json:'{"name":"group 1","description":"my supe
 
 Group: `11111`
 
-* Get the workspace id
+- Get the workspace id
 
 ```bash
 ascli aoc admin res workspace list --query=@json:'{"q":"myworkspace"}' --fields=id --format=csv --display=data
@@ -3337,13 +3541,13 @@ ascli aoc admin res workspace list --query=@json:'{"q":"myworkspace"}' --fields=
 
 Workspace: 22222
 
-* Add group to workspace
+- Add group to workspace
 
 ```bash
 ascli aoc admin res workspace_membership create @json:'{"workspace_id":22222,"member_type":"user","member_id":11111}'
 ```
 
-* Get a user's id
+- Get a user's id
 
 ```bash
 ascli aoc admin res user list --query=@json:'{"q":"manu.macron@example.com"}' --fields=id --format=csv --display=data
@@ -3351,7 +3555,7 @@ ascli aoc admin res user list --query=@json:'{"q":"manu.macron@example.com"}' --
 
 User: 33333
 
-* Add user to group
+- Add user to group
 
 ```bash
 ascli aoc admin res group_membership create @json:'{"group_id":11111,"member_type":"user","member_id":33333}'
@@ -3430,16 +3634,17 @@ ascli aoc admin res client list --fields=id --format=csv|ascli aoc admin res cli
 
 AoC nodes as actually composed with two related entities:
 
-* An access key created on the Transfer Server (HSTS/ATS)
-* a `node` resource in the AoC application.
+- An access key created on the Transfer Server (HSTS/ATS)
+- a `node` resource in the AoC application.
 
 The web UI allows creation of both entities in one shot.
 For more flexibility, `ascli` allows this in two separate steps.
-Note that when selecting "Use existing access key" in the web UI, this actually skips access key creation (first step).
+
+> **Note:** When selecting "Use existing access key" in the web UI, this actually skips access key creation (first step).
 
 So, for example, the creation of a node using ATS in IBM Cloud looks like (see other example in this manual):
 
-* Create the access key on ATS
+- Create the access key on ATS
 
   The creation options are the ones of ATS API, refer to the [section on ATS](#ats_params) for more details and examples.
 
@@ -3447,9 +3652,11 @@ So, for example, the creation of a node using ATS in IBM Cloud looks like (see o
   ascli aoc admin ats access_key create --cloud=softlayer --region=eu-de --params=@json:'{"storage":{"type":"ibm-s3","bucket":"mybucket","credentials":{"access_key_id":"mykey","secret_access_key":"mysecret"},"path":"/"}}'
   ```
 
-  Once executed, the access key `id` and `secret`, randomly generated by the node api, is displayed: take note of it as the secrets will not be disclosed again.
+  Once executed, the access key `id` and `secret`, randomly generated by the node api, is displayed.
+  
+  > **Note:** Once returned by the API, the secret will not be available anymore, so store this preciously. ATS secrets can only be reset by asking to IBM support.
 
-* Create the AoC node entity
+- Create the AoC node entity
 
   First, Retrieve the ATS node address
 
@@ -3467,22 +3674,23 @@ Creation of a node with a self-managed node is similar, but the command `aoc adm
 
 ### List of files to transfer
 
-Source files are provided as a list with the `sources` option. Refer to section [File list](#file_list)
+Source files are provided as a list with the `sources` option.
+Refer to section [File list](#file_list)
 
-Note the special case when the source files are located on "Aspera on Cloud" (i.e. using access keys and the `file id` API).
+> **Note:** A special case is when the source files are located on **Aspera on Cloud** (i.e. using access keys and the `file id` API).
 
 Source files are located on "Aspera on cloud", when :
 
-* the server is Aspera on Cloud, and executing a download or recv
-* the agent is Aspera on Cloud, and executing an upload or send
+- the server is Aspera on Cloud, and executing a download or recv
+- the agent is Aspera on Cloud, and executing an upload or send
 
 In this case:
 
-* If there is a single file : specify the full path
-* Else, if there are multiple files:
-  * All source files must be in the same source folder
-  * Specify the source folder as first item in the list
-  * followed by the list of file names.
+- If there is a single file : specify the full path
+- Else, if there are multiple files:
+  - All source files must be in the same source folder
+  - Specify the source folder as first item in the list
+  - followed by the list of file names.
 
 ### Packages
 
@@ -3498,14 +3706,14 @@ ascli aoc packages send --value=[package extended value] [other parameters such
 
 Notes:
 
-* The `value` option can contain any supported package creation parameter. Refer to the AoC package creation API, or display an existing package in JSON to list attributes.
-* List allowed shared inbox destinations with: `ascli aoc packages shared_inboxes list`
-* Use fields: `recipients` and/or `bcc_recipients` to provide the list of recipients: user or shared inbox.
-  * Provide either ids as expected by API: `"recipients":[{"type":"dropbox","id":"1234"}]`
-  * or just names: `"recipients":[{"The Dest"}]` . ascli will resolve the list of email addresses and dropbox names to the expected type/id list, based on case insensitive partial match.
-* If a user recipient (email) is not already registered and the workspace allows external users, then the package is sent to an external user, and
-  * if the option `new_user_option` is `@json:{"package_contact":true}` (default), then a public link is sent and the external user does not need to create an account
-  * if the option `new_user_option` is `@json:{}`, then external users are invited to join the workspace
+- The `value` option can contain any supported package creation parameter. Refer to the AoC package creation API, or display an existing package in JSON to list attributes.
+- List allowed shared inbox destinations with: `ascli aoc packages shared_inboxes list`
+- Use fields: `recipients` and/or `bcc_recipients` to provide the list of recipients: user or shared inbox.
+  - Provide either ids as expected by API: `"recipients":[{"type":"dropbox","id":"1234"}]`
+  - or just names: `"recipients":[{"The Dest"}]` . ascli will resolve the list of email addresses and dropbox names to the expected type/id list, based on case insensitive partial match.
+- If a user recipient (email) is not already registered and the workspace allows external users, then the package is sent to an external user, and
+  - if the option `new_user_option` is `@json:{"package_contact":true}` (default), then a public link is sent and the external user does not need to create an account
+  - if the option `new_user_option` is `@json:{}`, then external users are invited to join the workspace
 
 #### Example: Send a package with one file to two users, using their email
 
@@ -3584,23 +3792,32 @@ It is possible to automatically download new packages, like using Aspera Cargo:
 ascli aoc packages recv --id=ALL --once-only=yes --lock-port=12345
 ```
 
-* `--id=ALL` (case sensitive) will download all packages
-* `--once-only=yes` keeps memory of any downloaded package in persistency files located in the configuration folder
-* `--lock-port=12345` ensures that only one instance is started at the same time, to avoid running two downloads in parallel
+- `--id=ALL` (case sensitive) will download all packages
+- `--once-only=yes` keeps memory of any downloaded package in persistency files located in the configuration folder
+- `--lock-port=12345` ensures that only one instance is started at the same time, to avoid running two downloads in parallel
 
-Typically, one would execute this command on a regular basis, using the method of your choice:
-
-* Windows: [Task Scheduler](https://docs.microsoft.com/en-us/windows/win32/taskschd/task-scheduler-start-page)
-* Linux/Unix: [cron](https://www.man7.org/linux/man-pages/man5/crontab.5.html)
-* etc...
+Typically, one would execute this command on a regular basis, using the method of your choice: see [Scheduler](#scheduler).
 
 ### Files
 
-Folder sharing app.
+The Files application presents a **Home** folder to users in a given workspace.
+Files located here are either user's files, or shared folders.
 
 #### Download Files
 
-Download of files is straightforward using command: `aoc files download`
+The general download command is:
+
+```bash
+ascli aoc files download <source folder path> <source filename 1> ...
+```
+
+I.e. the first argument is the source folder, and the following arguments are the source file names in this folder.
+
+If a single file or folder is to be downloaded, then a single argument can be provided.
+
+```bash
+ascli aoc files download <single file path>
+```
 
 #### Shared folders
 
@@ -3610,37 +3827,37 @@ For creation, parameters are the same as for node api [permissions](https://deve
 Also, the pseudo key `with` is added: it will lookup the name in the contacts and fill the proper type and id.
 The pseudo parameter `link_name` allows changing default "shared as" name.
 
-* List permissions on a shared folder as user
+- List permissions on a shared folder as user
 
 ```bash
 ascli aoc files file --path=/shared_folder_test1 perm list
 ```
 
-* Share a personal folder with other users
+- Share a personal folder with other users
 
 ```bash
 ascli aoc files file --path=/shared_folder_test1 perm create @json:'{"with":"laurent"}'
 ```
 
-* Revoke shared access
+- Revoke shared access
 
 ```bash
 ascli aoc files file --path=/shared_folder_test1 perm delete 6161
 ```
 
-* List shared folders in node
+- List shared folders in node
 
 ```bash
 ascli aoc admin res node --id=8669 shared_folders
 ```
 
-* List shared folders in workspace
+- List shared folders in workspace
 
 ```bash
 ascli aoc admin res workspace --id=10818 shared_folders
 ```
 
-* List members of shared folder
+- List members of shared folder
 
 ```bash
 ascli aoc admin res node --id=8669 v4 perm 82 show
@@ -3654,11 +3871,11 @@ Although optional, the creation of [option preset](#lprt) is recommended to avoi
 
 Procedure to send a file from org1 to org2:
 
-* Get access to Organization 1 and create a [option preset](#lprt): e.g. `org1`, for instance, use the [Wizard](#aocwizard)
-* Check that access works and locate the source file e.g. `mysourcefile`, e.g. using command `files browse`
-* Get access to Organization 2 and create a [option preset](#lprt): e.g. `org2`
-* Check that access works and locate the destination folder `mydestfolder`
-* execute the following:
+- Get access to Organization 1 and create a [option preset](#lprt): e.g. `org1`, for instance, use the [Wizard](#aocwizard)
+- Check that access works and locate the source file e.g. `mysourcefile`, e.g. using command `files browse`
+- Get access to Organization 2 and create a [option preset](#lprt): e.g. `org2`
+- Check that access works and locate the destination folder `mydestfolder`
+- execute the following:
 
 ```bash
 ascli -Porg1 aoc files node_info /mydestfolder --format=json --display=data | ascli -Porg2 aoc files upload mysourcefile --transfer=node --transfer-info=@json:@stdin:
@@ -3666,15 +3883,15 @@ ascli -Porg1 aoc files node_info /mydestfolder --format=json --display=data | as
 
 Explanation:
 
-* `-Porg1 aoc` use Aspera on Cloud plugin and load credentials for `org1`
-* `files node_info /mydestfolder` generate transfer information including node api credential and root id, suitable for the next command
-* `--format=json` format the output in JSON (instead of default text table)
-* `--display=data` display only the result, and remove other information, such as workspace name
-* `|` the standard output of the first command is fed into the second one
-* `-Porg2 aoc` use Aspera on Cloud plugin and load credentials for `org2`
-* `files upload mysourcefile` upload the file named `mysourcefile` (located in `org1`)
-* `--transfer=node` use transfer agent type `node` instead of default [`direct`](#agt_direct)
-* `--transfer-info=@json:@stdin:` provide `node` transfer agent information, i.e. node API credentials, those are expected in JSON format and read from standard input
+- `-Porg1 aoc` use Aspera on Cloud plugin and load credentials for `org1`
+- `files node_info /mydestfolder` generate transfer information including node api credential and root id, suitable for the next command
+- `--format=json` format the output in JSON (instead of default text table)
+- `--display=data` display only the result, and remove other information, such as workspace name
+- `|` the standard output of the first command is fed into the second one
+- `-Porg2 aoc` use Aspera on Cloud plugin and load credentials for `org2`
+- `files upload mysourcefile` upload the file named `mysourcefile` (located in `org1`)
+- `--transfer=node` use transfer agent type `node` instead of default [`direct`](#agt_direct)
+- `--transfer-info=@json:@stdin:` provide `node` transfer agent information, i.e. node API credentials, those are expected in JSON format and read from standard input
 
 #### Find Files
 
@@ -3682,34 +3899,34 @@ The command `aoc files find [--value=expression]` will recursively scan storage
 
 The expression can be of 3 formats:
 
-* empty (default) : all files, equivalent to value: `exec:true`
-* not starting with `exec:` : the expression is a regular expression, using [Ruby Regex](https://ruby-doc.org/core/Regexp.html) syntax. equivalent to value: `exec:f['name'].match(/expression/)`
+- empty (default) : all files, equivalent to value: `exec:true`
+- not starting with `exec:` : the expression is a regular expression, using [Ruby Regex](https://ruby-doc.org/core/Regexp.html) syntax. equivalent to value: `exec:f['name'].match(/expression/)`
 
 For instance, to find files with a special extension, use `--value='\.myext$'`
 
-* starting with `exec:` : the Ruby code after the prefix is executed for each entry found. The entry variable name is `f`. The file is displayed if the result of the expression is true;
+- starting with `exec:` : the Ruby code after the prefix is executed for each entry found. The entry variable name is `f`. The file is displayed if the result of the expression is true;
 
 Examples of expressions: (using like this: `--value=exec:'<expression>'`)
 
-* Find files more recent than 100 days
+- Find files more recent than 100 days
 
 ```bash
 f["type"].eql?("file") and (DateTime.now-DateTime.parse(f["modified_time"]))<100
 ```
 
-* Find files older than 1 year on a given node and store in file list
+- Find files older than 1 year on a given node and store in file list
 
 ```bash
 ascli aoc admin res node --name='my node name' --secret='_secret_here_' v4 find / --fields=path --value='exec:f["type"].eql?("file") and (DateTime.now-DateTime.parse(f["modified_time"]))<100' --format=csv > my_file_list.txt
 ```
 
-* Delete the files, one by one
+- Delete the files, one by one
 
 ```bash
 cat my_file_list.txt|while read path;do echo ascli aoc admin res node --name='my node name' --secret='_secret_here_' v4 delete "$path" ;done
 ```
 
-* Delete the files in bulk
+- Delete the files in bulk
 
 ```bash
 cat my_file_list.txt | ascli aoc admin res node --name='my node name' --secret='_secret_here_' v3 delete @lines:@stdin:
@@ -3718,18 +3935,17 @@ cat my_file_list.txt | ascli aoc admin res node --name='my node name' --secret='
 ### AoC sample commands
 
 ```bash
-aoc -N remind --username=my_aoc_user_email
-aoc -N servers
 aoc admin analytics transfers --query=@json:'{"status":"completed","direction":"receive"}' --notif-to=my_recipient_email --notif-template=@ruby:'%Q{From: <%=from_name%> <<%=from_email%>>\nTo: <<%=to%>>\nSubject: <%=ev["files_completed"]%> files received\n\n<%=ev.to_yaml%>}'
 aoc admin ats access_key create --cloud=aws --region=my_aws_bucket_region --params=@json:'{"id":"ak_aws","name":"my test key AWS","storage":{"type":"aws_s3","bucket":"my_aws_bucket_name","credentials":{"access_key_id":"my_aws_bucket_key","secret_access_key":"my_aws_bucket_secret"},"path":"/"}}'
-aoc admin ats access_key create --cloud=softlayer --region=my_icos_bucket_region --params=@json:'{"id":"akibmcloud","secret":"somesecret","name":"my test key","storage":{"type":"ibm-s3","bucket":"my_icos_bucket_name","credentials":{"access_key_id":"my_icos_bucket_key","secret_access_key":"my_icos_bucket_secret"},"path":"/"}}'
-aoc admin ats access_key delete akibmcloud
+aoc admin ats access_key create --cloud=softlayer --region=my_icos_bucket_region --params=@json:'{"id":"ak1ibmcloud","secret":"somesecret","name":"my test key","storage":{"type":"ibm-s3","bucket":"my_icos_bucket_name","credentials":{"access_key_id":"my_icos_bucket_key","secret_access_key":"my_icos_bucket_secret"},"path":"/"}}'
+aoc admin ats access_key delete ak1ibmcloud
 aoc admin ats access_key list --fields=name,id
-aoc admin ats access_key node akibmcloud --secret=somesecret browse /
+aoc admin ats access_key node ak1ibmcloud --secret=somesecret browse /
 aoc admin ats cluster clouds
 aoc admin ats cluster list
 aoc admin ats cluster show --cloud=aws --region=eu-west-1
 aoc admin ats cluster show 1f412ae7-869a-445c-9c05-02ad16813be2
+aoc admin auth_providers list
 aoc admin res application list
 aoc admin res client list
 aoc admin res client_access_key list
@@ -3750,14 +3966,15 @@ aoc admin res self show
 aoc admin res short_link list
 aoc admin res user list
 aoc admin res workspace_membership list
-aoc admin resource node --name=my_aoc_ak_name --secret=my_aoc_ak_secret v3 access_key create --value=@json:'{"id":"testsub1","storage":{"path":"/folder1"}}'
-aoc admin resource node --name=my_aoc_ak_name --secret=my_aoc_ak_secret v3 events
-aoc admin resource node --name=my_aoc_ak_name --secret=my_aoc_ak_secret v4 browse /
-aoc admin resource node --name=my_aoc_ak_name --secret=my_aoc_ak_secret v4 delete /folder1
-aoc admin resource node --name=my_aoc_ak_name --secret=my_aoc_ak_secret v4 mkdir /folder1
-aoc admin resource node v3 name my_aoc_ak_name --secret=my_aoc_ak_secret access_key delete testsub1
+aoc admin resource node --name=my_aoc_ak_name --secret=my_aoc_ak_secret do browse /
+aoc admin resource node --name=my_aoc_ak_name --secret=my_aoc_ak_secret do delete /folder1
+aoc admin resource node --name=my_aoc_ak_name --secret=my_aoc_ak_secret do mkdir /folder1
+aoc admin resource node --name=my_aoc_ak_name --secret=my_aoc_ak_secret do v3 access_key create --value=@json:'{"id":"testsub1","storage":{"path":"/folder1"}}'
+aoc admin resource node --name=my_aoc_ak_name --secret=my_aoc_ak_secret do v3 events
+aoc admin resource node do name my_aoc_ak_name --secret=my_aoc_ak_secret v3 access_key delete testsub1
 aoc admin resource workspace list
 aoc admin resource workspace_membership list --fields=ALL --query=@json:'{"page":1,"per_page":50,"embed":"member","inherited":false,"workspace_id":11363,"sort":"name"}'
+aoc admin subscription
 aoc automation workflow action my_wf_id create --value=@json:'{"name":"toto"}'
 aoc automation workflow create --value=@json:'{"name":"test_workflow"}'
 aoc automation workflow delete my_wf_id
@@ -3769,10 +3986,11 @@ aoc faspex
 aoc files bearer /
 aoc files bearer_token_node / --cache-tokens=no
 aoc files browse /
-aoc files browse / -N --link=my_aoc_publink_folder
+aoc files browse / --link=my_aoc_publink_folder
 aoc files delete /testsrc
 aoc files download --transfer=connect /200KB.1
-aoc files file permission --path=/ascli_test list
+aoc files file modify --path=my_aoc_test_folder
+aoc files file permission --path=my_aoc_test_folder list
 aoc files file show --path=/200KB.1
 aoc files file show my_file_id
 aoc files find / --value='\.partial$'
@@ -3782,12 +4000,14 @@ aoc files rename /somefolder testdst
 aoc files short_link create --to-folder=/testdst --value=private
 aoc files short_link create --to-folder=/testdst --value=public
 aoc files short_link list --value=@json:'{"purpose":"shared_folder_auth_link"}'
+aoc files sync admin status --to-folder=/testdst --sync-info=@json:'{"sessions":[{"name":"s2","direction":"pull","local_dir":"syncdir","reset":true}]}'
+aoc files sync start --to-folder=/testdst --sync-info=@json:'{"sessions":[{"name":"s2","direction":"pull","local_dir":"syncdir","reset":true}]}'
 aoc files transfer --from-folder=/testsrc --to-folder=/testdst testfile.bin
+aoc files upload --to-folder=/ testfile.bin --link=my_aoc_publink_folder
 aoc files upload --to-folder=/testsrc testfile.bin
-aoc files upload -N --to-folder=/ testfile.bin --link=my_aoc_publink_folder
 aoc files upload Test.pdf --transfer=node --transfer-info=@json:@stdin:
 aoc files v3 info
-aoc org -N --link=my_aoc_publink_recv_from_aocuser
+aoc org --link=my_aoc_publink_recv_from_aocuser
 aoc organization
 aoc packages browse "my_package_id" /contents
 aoc packages list
@@ -3796,25 +4016,27 @@ aoc packages recv "my_package_id" --to-folder=.
 aoc packages recv ALL --to-folder=. --once-only=yes --lock-port=12345
 aoc packages send --value=@json:'{"name":"Important files delivery","recipients":["my_email_external_user"]}' --new-user-option=@json:'{"package_contact":true}' testfile.bin
 aoc packages send --value=@json:'{"name":"Important files delivery","recipients":["my_email_internal_user"],"note":"my note"}' testfile.bin
+aoc packages send --value=@json:'{"name":"Important files delivery"}' testfile.bin --link=my_aoc_publink_send_aoc_user --password=my_aoc_publink_send_use_pass
+aoc packages send --value=@json:'{"name":"Important files delivery"}' testfile.bin --link=my_aoc_publink_send_shd_inbox
 aoc packages send --workspace="my_aoc_shbx_ws" --value=@json:'{"name":"Important files delivery","recipients":["my_aoc_shbx_name"],"metadata":[{"input_type":"single-text","name":"Project Id","values":["123"]},{"input_type":"single-dropdown","name":"Type","values":["Opt2"]},{"input_type":"multiple-checkbox","name":"CheckThose","values":["Check1","Check2"]},{"input_type":"date","name":"Optional Date","values":["2021-01-13T15:02:00.000Z"]}]}' testfile.bin
 aoc packages send --workspace="my_aoc_shbx_ws" --value=@json:'{"name":"Important files delivery","recipients":["my_aoc_shbx_name"],"metadata":{"Project Id":"456","Type":"Opt2","CheckThose":["Check1","Check2"],"Optional Date":"2021-01-13T15:02:00.000Z"}}' testfile.bin
 aoc packages send --workspace="my_aoc_shbx_ws" --value=@json:'{"name":"Important files delivery","recipients":["my_aoc_shbx_name"]}' testfile.bin
-aoc packages send -N --value=@json:'{"name":"Important files delivery"}' testfile.bin --link=my_aoc_publink_send_aoc_user --password=my_aoc_publink_send_use_pass
-aoc packages send -N --value=@json:'{"name":"Important files delivery"}' testfile.bin --link=my_aoc_publink_send_shd_inbox
 aoc packages shared_inboxes list
+aoc remind --username=my_aoc_user_email
+aoc servers
 aoc user profile modify @json:'{"name":"dummy change"}'
 aoc user profile show
 aoc user workspaces current
 aoc user workspaces list
 ```
 
-## <a id="ats"></a>Plugin: Aspera Transfer Service
+## <a id="ats"></a>Plugin: `ats`: IBM Aspera Transfer Service
 
 ATS is usable either :
 
-* from an AoC subscription : ascli aoc admin ats : use AoC authentication
+- from an AoC subscription : ascli aoc admin ats : use AoC authentication
 
-* or from an IBM Cloud subscription : ascli ats : use IBM Cloud API key authentication
+- or from an IBM Cloud subscription : ascli ats : use IBM Cloud API key authentication
 
 ### IBM Cloud ATS : creation of api key
 
@@ -3843,8 +4065,8 @@ UUID          ApiKey-05b8fadf-e7fe-4bc4-93a9-6fd348c5ab1f
 
 References:
 
-* [https://console.bluemix.net/docs/iam/userid_keys.html#userapikey](https://console.bluemix.net/docs/iam/userid_keys.html#userapikey)
-* [https://ibm.ibmaspera.com/helpcenter/transfer-service](https://ibm.ibmaspera.com/helpcenter/transfer-service)
+- [https://console.bluemix.net/docs/iam/userid_keys.html#userapikey](https://console.bluemix.net/docs/iam/userid_keys.html#userapikey)
+- [https://ibm.ibmaspera.com/helpcenter/transfer-service](https://ibm.ibmaspera.com/helpcenter/transfer-service)
 
 Then, to register the key by default for the ats plugin, create a preset. Execute:
 
@@ -3929,13 +4151,15 @@ The parameters provided to ATS for access key creation are the ones of [ATS API]
 ### ATS sample commands
 
 ```bash
-ats access_key cluster akibmcloud --secret=somesecret
+ats access_key cluster ak2ibmcloud --secret=somesecret
 ats access_key create --cloud=aws --region=my_aws_bucket_region --params=@json:'{"id":"ak_aws","name":"my test key AWS","storage":{"type":"aws_s3","bucket":"my_aws_bucket_name","credentials":{"access_key_id":"my_aws_bucket_key","secret_access_key":"my_aws_bucket_secret"},"path":"/"}}'
-ats access_key create --cloud=softlayer --region=my_icos_bucket_region --params=@json:'{"id":"akibmcloud","secret":"somesecret","name":"my test key","storage":{"type":"ibm-s3","bucket":"my_icos_bucket_name","credentials":{"access_key_id":"my_icos_bucket_key","secret_access_key":"my_icos_bucket_secret"},"path":"/"}}'
+ats access_key create --cloud=softlayer --region=my_icos_bucket_region --params=@json:'{"id":"ak2ibmcloud","secret":"somesecret","name":"my test key","storage":{"type":"ibm-s3","bucket":"my_icos_bucket_name","credentials":{"access_key_id":"my_icos_bucket_key","secret_access_key":"my_icos_bucket_secret"},"path":"/"}}'
+ats access_key delete ak2ibmcloud
 ats access_key delete ak_aws
-ats access_key delete akibmcloud
+ats access_key entitlement ak2ibmcloud
 ats access_key list --fields=name,id
-ats access_key node akibmcloud browse / --secret=somesecret
+ats access_key node ak2ibmcloud browse / --secret=somesecret
+ats access_key show ak2ibmcloud
 ats api_key create
 ats api_key instances
 ats api_key list
@@ -3945,17 +4169,21 @@ ats cluster show --cloud=aws --region=eu-west-1
 ats cluster show 1f412ae7-869a-445c-9c05-02ad16813be2
 ```
 
-## Plugin: IBM Aspera High Speed Transfer Server (transfer)
+## <a id="server"></a>Plugin: `server`: IBM Aspera High Speed Transfer Server (SSH)
 
-This plugin uses SSH as a session protocol (using commands `ascp` and `ascmd`) and does not use the node API.
+The `server` plugin is used for operations on Aspera HSTS using SSH authentication.
 It is the legacy way of accessing an Aspera Server, often used for server to server transfers.
-Modern mode is to use the node API and transfer tokens.
+An SSH session is established, authenticated with either a password or an SSH private key,
+then commands `ascp` (for transfers) and `ascmd` (for file operations) are executed.
+
+> **Note:** The URL to be provided is usually: `ssh://_server_address_:33001`
 
 ### Server sample commands
 
 ```bash
-server -N -Ptst_server_bykey -Plocal_user br /
+server br /
 server browse /
+server browse NEW_SERVER_FOLDER/testfile.bin
 server browse folder_1/target_hot
 server cp NEW_SERVER_FOLDER/testfile.bin folder_1/200KB.2
 server delete NEW_SERVER_FOLDER
@@ -3971,34 +4199,39 @@ server md5sum NEW_SERVER_FOLDER/testfile.bin
 server mkdir NEW_SERVER_FOLDER --logger=stdout
 server mkdir folder_1/target_hot
 server mv folder_1/200KB.2 folder_1/to.delete
+server sync admin status --sync-info=@json:'{"name":"sync2","local":{"path":"syncdir"}}'
+server sync admin status --sync-session=mysync --sync-info=@json:'{"sessions":[{"name":"mysync","local_dir":"syncdir"}]}'
+server sync start --sync-info=@json:'{"name":"sync2","local":{"path":"syncdir"},"remote":{"path":"'"NEW_SERVER_FOLDER"'"},"reset":true,"quiet":false}'
+server sync start --sync-info=@json:'{"sessions":[{"name":"mysync","direction":"pull","remote_dir":"'"NEW_SERVER_FOLDER"'","local_dir":"syncdir","reset":true}]}'
 server upload --sources=@ts --ts=@json:'{"EX_ascp_args":["--file-list","'"filelist.txt"'"]}' --to-folder=NEW_SERVER_FOLDER 
 server upload --sources=@ts --ts=@json:'{"EX_ascp_args":["--file-pair-list","'"filepairlist.txt"'"]}'
 server upload --sources=@ts --ts=@json:'{"EX_file_list":"'"filelist.txt"'"}' --to-folder=NEW_SERVER_FOLDER
 server upload --sources=@ts --ts=@json:'{"EX_file_pair_list":"'"filepairlist.txt"'"}'
 server upload --sources=@ts --ts=@json:'{"paths":[{"source":"testfile.bin","destination":"NEW_SERVER_FOLDER/othername"}]}'
 server upload --src-type=pair --sources=@json:'["testfile.bin","NEW_SERVER_FOLDER/othername"]'
-server upload --src-type=pair testfile.bin NEW_SERVER_FOLDER/othername --notif-to=my_recipient_email
+server upload --src-type=pair testfile.bin NEW_SERVER_FOLDER/othername --notif-to=my_recipient_email --ascp-opts=@list:' -l 10m'
 server upload --src-type=pair testfile.bin folder_1/with_options --ts=@json:'{"cipher":"aes-192-gcm","content_protection":"encrypt","content_protection_password":"_secret_here_","cookie":"biscuit","create_dir":true,"delete_before_transfer":false,"delete_source":false,"exclude_newer_than":1,"exclude_older_than":10000,"fasp_port":33001,"http_fallback":false,"multi_session":0,"overwrite":"diff+older","precalculate_job_size":true,"preserve_access_time":true,"preserve_creation_time":true,"rate_policy":"fair","resume_policy":"sparse_csum","symlink_policy":"follow"}'
 server upload --to-folder=folder_1/target_hot --lock-port=12345 --ts=@json:'{"EX_ascp_args":["--remove-after-transfer","--remove-empty-directories","--exclude-newer-than=-8","--src-base","source_hot"]}' source_hot
-server upload testfile.bin --to-folder=NEW_SERVER_FOLDER --ts=@json:'{"multi_session":3,"multi_session_threshold":1,"resume_policy":"none","target_rate_kbps":1500}' --transfer-info=@json:'{"spawn_delay_sec":2.5}' --progress=multi
+server upload testfile.bin --to-folder=NEW_SERVER_FOLDER --ts=@json:'{"multi_session":3,"multi_session_threshold":1,"resume_policy":"none","target_rate_kbps":1500}' --transfer-info=@json:'{"spawn_delay_sec":2.5,"multi_incr_udp":false}' --progress=multi
 ```
 
 ### Authentication on Server with SSH session
 
-If SSH is the session control protocol (i.e. not WSS), then following session authentication methods are supported:
+If SSH is the session protocol (by default i.e. not WSS), then following session authentication methods are supported:
 
-* SSH password
-* SSH keys (Multiple SSH key paths can be provided.)
+- `password`: SSH password
+- `ssh_keys`: SSH keys (Multiple SSH key paths can be provided.)
 
-If username is not provided, the default transfer user `xfer` is used.
+If `username` is not provided then the default transfer user `xfer` is used.
 
-If no SSH password or key is provided and a transfer token is provided in transfer spec (option `ts`), then standard SSH bypass keys are used. Example:
+If no SSH password or key is provided and a transfer token is provided in transfer spec (option `ts`), then standard SSH bypass keys are used.
+Example:
 
-```javascript
-ascli server --url=ssh://... --ts=@json:'{"token":"Basic abc123"}'
+```bash
+ascli server --url=ssh://_server_address_:33001 ... --ts=@json:'{"token":"Basic abc123"}'
 ```
 
-> Note: If you need to use the Aspera public keys, then specify an empty token: `--ts=@json:'{"token":""}'` : Aspera public SSH keys will be used, but the protocol will ignore the empty token.
+> **Note:** If you need to use the Aspera public keys, then specify an empty token: `--ts=@json:'{"token":""}'` : Aspera public SSH keys will be used, but the protocol will ignore the empty token.
 
 The value of the `ssh_keys` option can be a single value or an array.
 Each value is a **path** to a private key and is expanded (`~` is replaced with the user's home folder).
@@ -4011,7 +4244,7 @@ ascli server --ssh-keys=@list:,~/.ssh/id_rsa
 ascli server --ssh-keys=@json:'["~/.ssh/id_rsa"]'
 ```
 
-For non-transfer related command (browse, delete), the ruby SSH client library `Net::SSH` is used and provides several options settable using option `ssh_options`.
+For file operation command (browse, delete), the ruby SSH client library `Net::SSH` is used and provides several options settable using option `ssh_options`.
 For a list of SSH client options, refer to the ruby documentation of [Net::SSH](http://net-ssh.github.io/net-ssh/Net/SSH.html).
 
 By default the SSH library expect that a local ssh-agent is running.
@@ -4030,10 +4263,10 @@ ERROR -- net.ssh.authentication.agent: could not connect to ssh-agent: pageant p
 
 This means that you don't have such an SSH agent running, then:
 
-* check env var: `SSH_AGENT_SOCK`
-* check if the SSH key is protected with a passphrase (then, use the `passphrase` SSH option)
-* [check the manual](https://net-ssh.github.io/ssh/v1/chapter-2.html#s2)
-* To disable the use of `ssh-agent`, use the option `ssh_options` like this:
+- Check env var: `SSH_AGENT_SOCK`
+- Check if the SSH key is protected with a passphrase (then, use the `passphrase` SSH option)
+- [check the manual](https://net-ssh.github.io/ssh/v1/chapter-2.html#s2)
+- To disable the use of `ssh-agent`, use the option `ssh_options` like this:
 
 ```bash
 ascli server --ssh-options=@ruby:'{use_agent: false}' ...
@@ -4041,7 +4274,17 @@ ascli server --ssh-options=@ruby:'{use_agent: false}' ...
 
 This can also be set as default using a global preset.
 
-### Example
+### Other session channels for `server`
+
+URL schemes `local` and `https` are also supported, mainly for testing purpose.
+(`--url=local:` , `--url=https://...`)
+
+- `local` will execute `ascmd` locally, instead of using a SSH cnnection.
+- `https` will use Web Socket Session: This requires the use of a transfer token. For example a `Basic` token can be used.
+
+As, most of the time, SSH is used, if an `http` scheme is provided without token, the plugin will fallback to SSH and port 33001.
+
+### Examples: `server`
 
 One can test the `server` application using the well known demo server:
 
@@ -4053,7 +4296,7 @@ ascli server download /aspera-test-dir-large/200MB
 
 `initdemo` creates a [option preset](#lprt) `demoserver` and set it as default for plugin `server`.
 
-## Plugin: IBM Aspera High Speed Transfer Server (node)
+## <a id="node"></a>Plugin: `node`: IBM Aspera High Speed Transfer Server Node
 
 This plugin gives access to capabilities provided by HSTS node API.
 
@@ -4061,27 +4304,27 @@ This plugin gives access to capabilities provided by HSTS node API.
 
 It is possible to:
 
-* browse
-* transfer (upload / download)
-* ...
+- browse
+- transfer (upload / download)
+- ...
 
 For transfers, it is possible to control how transfer is authorized using option: `token_type`:
 
-* `aspera` : api `<upload|download>_setup` is called to create the transfer spec including the Aspera token, used as is.
-* `hybrid` : same as `aspera`, but token is replaced with basic token like `basic`
-* `basic` : transfer spec is created like this:
+- `aspera` : api `<upload|download>_setup` is called to create the transfer spec including the Aspera token, used as is.
+- `hybrid` : same as `aspera`, but token is replaced with basic token like `basic`
+- `basic` : transfer spec is created like this:
 
 ```javascript
 {
-  "remote_host": address of node url,
+  "remote_host": "<address of node url>",
   "remote_user": "xfer",
   "ssh_port": 33001,
   "token": "Basic <base 64 encoded user/pass>",
-  "direction": send/receive
+  "direction": "[send|receive]"
 }
 ```
 
-Note that the port is assumed to be the default SSH port `33001` and transfer user is assumed to be `xfer`.
+> **Note:** the port is assumed to be the default Aspera SSH port `33001` and transfer user is assumed to be `xfer`.
 
 ### Central
 
@@ -4111,8 +4354,8 @@ Refer to [Aspera documentation](https://download.asperasoft.com/download/docs/en
 
 `ascli` supports remote operations through the node API. Operations are:
 
-* Start watchd and watchfolderd services running as a system user having access to files
-* configure a watchfolder to define automated transfers
+- Start watchd and watchfolderd services running as a system user having access to files
+- configure a watchfolder to define automated transfers
 
 ```javascript
 ascli node service create @json:'{"id":"mywatchd","type":"WATCHD","run_as":{"user":"user1"}}'
@@ -4168,9 +4411,19 @@ ascli node access_key create --value=@json:'{"id":"eudemo-sedemo","secret":"myst
 ### Node sample commands
 
 ```bash
-node -N -Ptst_node_preview access_key create --value=@json:'{"id":"aoc_1","storage":{"type":"local","path":"/"}}'
-node -N -Ptst_node_preview access_key delete aoc_1
-node access_key do my_aoc_ak_name br /
+node access_key create --value=@json:'{"id":"aoc_1","storage":{"type":"local","path":"/"}}'
+node access_key delete aoc_1
+node access_key do my_aoc_ak_name browse /
+node access_key do my_aoc_ak_name delete /folder2
+node access_key do my_aoc_ak_name delete testfile1
+node access_key do my_aoc_ak_name download testfile1 --to-folder=.
+node access_key do my_aoc_ak_name file show --path=/testfile1
+node access_key do my_aoc_ak_name file show 1
+node access_key do my_aoc_ak_name find /
+node access_key do my_aoc_ak_name mkdir /folder1
+node access_key do my_aoc_ak_name node_info /
+node access_key do my_aoc_ak_name rename /folder1 folder2
+node access_key do my_aoc_ak_name upload 'faux:///testfile1?1k' --default_ports=no
 node access_key list
 node api_details
 node async bandwidth 1
@@ -4182,7 +4435,7 @@ node async show ALL
 node basic_token
 node browse / -r
 node delete /todelete
-node delete @list:,/todelete,/tdlink,/delfile
+node delete @list:,folder_1/todelete,folder_1/tdlink,folder_1/delfile
 node delete folder_1/10MB.1
 node delete testfile.bin
 node download testfile.bin --to-folder=.
@@ -4190,15 +4443,26 @@ node download testfile.bin --to-folder=. --token-type=hybrid
 node health
 node info --fpac='function FindProxyForURL(url,host){return "DIRECT"}'
 node license
-node mkdir /todelete
-node mkfile /delfile1 "hello world"
-node mklink /todelete /tdlink
-node rename / delfile1 delfile
+node mkdir folder_1/todelete
+node mkfile folder_1/delfile1 "hello world"
+node mklink folder_1/todelete folder_1/tdlink
+node rename folder_1 delfile1 delfile
 node search / --value=@json:'{"sort":"mtime"}'
 node service create @json:'{"id":"service1","type":"WATCHD","run_as":{"user":"user1"}}'
 node service delete service1
 node service list
 node space /
+node sync bandwidth my_syncid
+node sync counters my_syncid
+node sync create --value=@json:'{"configuration":{"name":"sync1","local":{"path":"my_local_path"},"remote":{"host":"my_host","port":my_port,"user":"my_username","pass":"my_password","path":"my_remote_path"}}}'
+node sync delete my_syncid
+node sync files my_syncid
+node sync list
+node sync show my_syncid
+node sync start my_syncid
+node sync state my_syncid
+node sync stop my_syncid
+node sync summary my_syncid
 node transfer list --value=@json:'{"active_only":true}'
 node upload --to-folder="folder_1" --sources=@ts --ts=@json:'{"paths":[{"source":"/aspera-test-dir-small/10MB.1"}],"precalculate_job_size":true}' --transfer=node --transfer-info=@json:'{"url":"my_node_url","username":"my_node_user","password":"my_node_pass"}'
 node upload --username=my_aoc_ak_name --password=my_aoc_ak_secret testfile.bin --token-type=basic
@@ -4206,123 +4470,130 @@ node upload testfile.bin --to-folder=folder_1 --ts=@json:'{"target_rate_cap_kbps
 node upload testfile.bin --to-folder=folder_1 --ts=@json:'{"target_rate_cap_kbps":10000}' --token-type=hybrid
 ```
 
-## Plugin: IBM Aspera Faspex5
-
-This is currently in beta, limited operations are supported.
+## <a id="faspex5"></a>Plugin: `faspex5`: IBM Aspera Faspex v5
 
-This was tested with version Beta 5.
-
-The API is listed in [Faspex 5 API Reference](https://developer.ibm.com/apis/catalog/?search=faspex) under "IBM Aspera Faspex API".
-
-### Faspex 5 authentication
+IBM Aspera's newer self-managed application.
 
 3 authentication methods are supported:
 
-* jwt
-* web
-* boot
+- jwt
+- web
+- boot
 
-#### Faspex 5 using JWT
+### Faspex 5 JWT authentication
 
-This is the preferred method to use.
+This is the **recomended** method to use.
 
 For `jwt`, create an API client in Faspex with JWT support:
 
-* Select a private key file: if you don't have any refer to section [Private Key](#private_key)
-* Navigate to the web UI: Admin &rarr; Configurations &rarr; API Clients &rarr; Create
-* Activate JWT
-* Paste public key in the appropriate section
-* Click on Create Button
-* Take note of Client Id (and Client Secret, but not used in current version)
+- Select a private key file: if you don't have any refer to section [Private Key](#private_key)
+- Navigate to the web UI: Admin &rarr; Configurations &rarr; API Clients &rarr; Create
+- Activate JWT
+- Paste **public** key in the appropriate section
+- Click on Create Button
+- Take note of Client Id (and Client Secret, but not used in current version)
 
 Then use these options:
 
 ```text
 --auth=jwt
---client-id=xxx
---client-secret=xxx
---username=xxx
+--client-id=_client_id_here_
+--client-secret=_secret_here_
+--username=_username_here_
 --private-key=@file:.../path/to/key.pem
 ```
 
-#### Faspex 5 using web browser
+> **Note:** The `private_key` option must contain the PEM value of the private key which can be read from a file using the modifier: `@file:`, e.g. `@file:/path/to/key.pem`.
+
+### Faspex 5 web authentication
 
 For `web` method, create an API client in Faspex without JWT:
 
-* Navigate to the web UI: Admin &rarr; Configurations &rarr; API Clients &rarr; Create
-* Do not Activate JWT
-* enter `https://127.0.0.1:8888` in the redirect URI
-* Click on Create Button
-* Take note of Client Id (and Client Secret, but not used in current version)
+- Navigate to the web UI: Admin &rarr; Configurations &rarr; API Clients &rarr; Create
+- Do not Activate JWT
+- Set **Redirect URI** to `https://127.0.0.1:8888`
+- Click on Create Button
+- Take note of Client Id (and Client Secret, but not used in current version)
 
 Then use options:
 
 ```text
 --auth=web
---client-id=xxx
---client-secret=xxx
+--client-id=_client_id_here_
+--client-secret=_secret_here_
 --redirect-uri=https://127.0.0.1:8888
 ```
 
-#### Faspex 5 using bootstrap
+### Faspex 5 bootstrap authentication
 
 For `boot` method: (will be removed in future)
 
-* open a browser
-* start developer mode
-* login to faspex 5
-* find the first API call with `Authorization` token, and copy it (kind of base64 long string)
+- Open a Web Browser
+- Start developer mode
+- Login to Faspex 5
+- Find the first API call with `Authorization` header, and copy the value of the token (series of base64 values with dots)
 
-Use it as password and use `--auth=boot`.
+Use this token as password and use `--auth=boot`.
 
 ```bash
-ascli conf id f5boot update --url=https://localhost/aspera/faspex --auth=boot --password=ABC.DEF.GHI...
+ascli conf id f5boot update --url=https://localhost/aspera/faspex --auth=boot --password=_token_here_
 ```
 
 ### Faspex 5 sample commands
 
+Most commands are directly REST API calls.
+Parameters to commandsa are carried through option `value`, as extended value.
+Usually using JSON format with prefix `@json:`.
+
+> **Note:** The API is listed in [Faspex 5 API Reference](https://developer.ibm.com/apis/catalog?search="faspex+5") under **IBM Aspera Faspex API**.
+
 ```bash
 faspex5 admin res accounts list
 faspex5 admin res contacts list
 faspex5 admin res jobs list
+faspex5 admin res metadata_profiles list
 faspex5 admin res node list --value=@json:'{"type":"received","subtype":"mypackages"}'
 faspex5 admin res oauth_clients list
 faspex5 admin res registrations list
 faspex5 admin res saml_configs list
 faspex5 admin res shared_inboxes list
 faspex5 admin res workgroups list
+faspex5 bearer_token
 faspex5 health
 faspex5 package list --value=@json:'{"mailbox":"inbox","state":["released"]}'
 faspex5 package receive "my_package_id" --to-folder=.  --ts=@json:'{"content_protection_password":"abc123_yo"}'
 faspex5 package send --value=@json:'{"title":"test title","recipients":[{"name":"my_f5_user"}]}' testfile.bin --ts=@json:'{"content_protection_password":"_content_prot_here_"}'
+faspex5 package show "my_package_id"
+faspex5 user profile modify @json:'{"preference":{"connect_disabled":false}}'
+faspex5 user profile show
 ```
 
-### Faspex 5 other examples
+Other examples:
 
-* List all shared inboxes
+- List all shared inboxes
 
 ```javascript
 ascli faspex5 admin res shared list --value=@json:'{"all":true}' --fields=id,name
 ```
 
-* Create Metadata profile
+- Create Metadata profile
 
 ```javascript
 ascli faspex5 admin res metadata_profiles create --value=@json:'{"name":"the profile","default":false,"title":{"max_length":200,"illegal_chars":[]},"note":{"max_length":400,"illegal_chars":[],"enabled":false},"fields":[{"ordering":0,"name":"field1","type":"text_area","require":true,"illegal_chars":[],"max_length":100},{"ordering":1,"name":"fff2","type":"option_list","require":false,"choices":["opt1","opt2"]}]}'
 ```
 
-* Create a Shared inbox with specific metadata profile
+- Create a Shared inbox with specific metadata profile
 
 ```javascript
 ascli faspex5 admin res shared create --value=@json:'{"name":"the shared inbox","metadata_profile_id":1}'
 ```
 
-## Plugin: IBM Aspera Faspex (4.x)
+## <a id="faspex"></a>Plugin: `faspex`: IBM Aspera Faspex v4
 
 Notes:
 
-* The command "v4" requires the use of APIv4, refer to the Faspex Admin manual on how to activate.
-* For full details on Faspex API, refer to: [Reference on Developer Site](https://developer.ibm.com/apis/catalog/?search=faspex)
+- The command "v4" requires the use of APIv4, refer to the Faspex Admin manual on how to activate.
+- For full details on Faspex API, refer to: [Reference on Developer Site](https://developer.ibm.com/apis/catalog/?search=faspex)
 
 ### Listing Packages
 
@@ -4336,18 +4607,18 @@ By default it looks in box `inbox`, but the following boxes are also supported:
 
 A user can receive a package because the recipient is:
 
-* the user himself (default)
-* the user is member of a dropbox/workgroup: filter using option `recipient` set with value `*<name of dropbox/workgroup>`
+- the user himself (default)
+- the user is member of a dropbox/workgroup: filter using option `recipient` set with value `*<name of dropbox/workgroup>`
 
 #### Option `query`
 
 As inboxes may be large, it is possible to use the following query parameters:
 
-* `count` : (native) number items in one API call (default=0, equivalent to 10)
-* `page` : (native) id of page in call (default=0)
-* `startIndex` : (native) index of item to start, default=0, oldest index=0
-* `max` : maximum number of items
-* `pmax` : maximum number of pages
+- `count` : (native) number items in one API call (default=0, equivalent to 10)
+- `page` : (native) id of page in call (default=0)
+- `startIndex` : (native) index of item to start, default=0, oldest index=0
+- `max` : maximum number of items
+- `pmax` : maximum number of pages
 
 (SQL query is `LIMIT <startIndex>, <count>`)
 
@@ -4367,9 +4638,9 @@ List a maximum of 20 items grouped by pages of 20, with maximum 2 pages in recei
 
 The command is `package recv`, possible methods are:
 
-* provide a package id with option `id`
-* provide a public link with option `link`
-* provide a `faspe:` URI with option `link`
+- provide a package id with option `id`
+- provide a public link with option `link`
+- provide a `faspe:` URI with option `link`
 
 ```bash
 ascli faspex package recv --id=12345
@@ -4401,8 +4672,8 @@ If the recipient is a dropbox or workgroup: provide the name of the dropbox or w
 
 Additional optional parameters in `delivery_info`:
 
-* Package Note: : `"note":"note this and that"`
-* Package Metadata: `"metadata":{"Meta1":"Val1","Meta2":"Val2"}`
+- Package Note: : `"note":"note this and that"`
+- Package Metadata: `"metadata":{"Meta1":"Val1","Meta2":"Val2"}`
 
 ### Email notification on transfer
 
@@ -4500,7 +4771,7 @@ faspex v4 wmembership list
 faspex v4 workgroup list
 ```
 
-## Plugin: IBM Aspera Shares
+## <a id="shares"></a>Plugin: `shares`: IBM Aspera Shares v1
 
 Aspera Shares supports the "node API" for the file transfer part. (Shares 1 and 2)
 
@@ -4508,33 +4779,39 @@ Aspera Shares supports the "node API" for the file transfer part. (Shares 1 and
 
 ```bash
 shares admin share list
-shares admin share user_permissions 9
+shares admin share list --fields=-status,status_message
+shares admin share user_permissions 1
 shares admin user app_authorizations 1
+shares admin user ldap_import --value=the_name
 shares admin user list
+shares admin user saml_import --value=@json:'{"id":"the_id","name_id":"the_name"}'
 shares admin user share_permissions 1
+shares health
 shares repository browse /
 shares repository delete my_shares_upload/testfile.bin
 shares repository download --to-folder=. my_shares_upload/testfile.bin
-shares repository download --to-folder=. my_shares_upload/testfile.bin --transfer=httpgw --transfer-info=@json:'{"url":"https://my_http_gw_fqdn/aspera/http-gwy/v1"}'
+shares repository download --to-folder=. my_shares_upload/testfile.bin --transfer=httpgw --transfer-info=@json:'{"url":"https://my_http_gw_fqdn/aspera/http-gwy"}'
 shares repository upload --to-folder=my_shares_upload testfile.bin
-shares repository upload --to-folder=my_shares_upload testfile.bin --transfer=httpgw --transfer-info=@json:'{"url":"https://my_http_gw_fqdn/aspera/http-gwy/v1"}'
+shares repository upload --to-folder=my_shares_upload testfile.bin --transfer=httpgw --transfer-info=@json:'{"url":"https://my_http_gw_fqdn/aspera/http-gwy"}'
 ```
 
-## Plugin: Console
+## <a id="console"></a>Plugin: `console`: IBM Aspera Console
 
 ### Console sample commands
 
 ```bash
-console transfer current list 
-console transfer smart list 
+console health
+console transfer current list
+console transfer smart list
 console transfer smart sub my_job_id @json:'{"source":{"paths":["my_file_name"]},"source_type":"user_selected"}'
 ```
 
-## Plugin: Orchestrator
+## <a id="orchestrator"></a>Plugin: `orchestrator`:IBM Aspera Orchestrator
 
 ### Orchestrator sample commands
 
 ```bash
+orchestrator health
 orchestrator info
 orchestrator plugins
 orchestrator processes
@@ -4548,22 +4825,24 @@ orchestrator workflow status ALL
 orchestrator workflow status my_orch_workflow_id
 ```
 
-## Plugin: IBM Cloud Object Storage
+## <a id="cos"></a>Plugin: `cos`: IBM Cloud Object Storage
 
 The IBM Cloud Object Storage provides the possibility to execute transfers using FASP.
 It uses the same transfer service as Aspera on Cloud, called Aspera Transfer Service (ATS).
 Available ATS regions: [https://status.aspera.io](https://status.aspera.io)
 
-There are two possibilities to provide credentials. If you already have the endpoint, apikey and CRN, use the first method. If you don't have credentials but have access to the IBM Cloud console, then use the second method.
+There are two possibilities to provide credentials.
+If you already have the endpoint, apikey and CRN, use the first method.
+If you don't have credentials but have access to the IBM Cloud console, then use the second method.
 
 ### Using endpoint, apikey and Resource Instance ID (CRN)
 
 If you have those parameters already, then following options shall be provided:
 
-* `bucket` bucket name
-* `endpoint` storage endpoint url, e.g. `https://s3.hkg02.cloud-object-storage.appdomain.cloud`
-* `apikey` API Key
-* `crn` resource instance id
+- `bucket` bucket name
+- `endpoint` storage endpoint url, e.g. `https://s3.hkg02.cloud-object-storage.appdomain.cloud`
+- `apikey` API Key
+- `crn` resource instance id
 
 For example, let us create a default configuration:
 
@@ -4576,9 +4855,17 @@ Then, jump to the transfer example.
 
 ### Using service credential file
 
-If you are the COS administrator and don't have yet the credential: Service credentials are directly created using the IBM cloud web ui. Navigate to:
+If you are the COS administrator and don't have yet the credential:
+Service credentials are directly created using the IBM cloud Console (web UI).
+Navigate to:
 
-Navigation Menu &rarr; Resource List &rarr; Storage &rarr; Cloud Object Storage &rarr; Service Credentials &rarr; &lt;select or create credentials&gt; &rarr; view credentials &rarr; copy
+- &rarr; Navigation Menu
+- &rarr; [Resource List](https://cloud.ibm.com/resources)
+- &rarr; [Storage](https://cloud.ibm.com/objectstorage)
+- &rarr; Select your storage instance
+- &rarr; Service Credentials
+- &rarr; New credentials (Leave default role: Writer, no special options)
+- &rarr; Copy to clipboard
 
 Then save the copied value to a file, e.g. : `$HOME/cos_service_creds.json`
 
@@ -4617,9 +4904,9 @@ The field `apikey` is for option `apikey`
 
 The required options for this method are:
 
-* `bucket` bucket name
-* `region` bucket region, e.g. eu-de
-* `service_credentials` see below
+- `bucket` bucket name
+- `region` bucket region, e.g. eu-de
+- `service_credentials` see below
 
 For example, let us create a default configuration:
 
@@ -4639,39 +4926,51 @@ ascli cos node info
 ascli cos node upload 'faux:///sample1G?1g'
 ```
 
-Note: we generate a dummy file `sample1G` of size 2GB using the `faux` PVCL (man ascp and section above), but you can of course send a real file by specifying a real file instead.
+Note: we generate a dummy file `sample1G` of size 2GB using the `faux` PVCL (man `ascp` and section above), but you can of course send a real file by specifying a real file instead.
 
 ### COS sample commands
 
 ```bash
-cos -N --bucket=my_icos_bucket_name --endpoint=my_icos_bucket_endpoint --apikey=my_icos_bucket_apikey --crn=my_icos_resource_instance_id node info
-cos -N --bucket=my_icos_bucket_name --region=my_icos_bucket_region --service-credentials=@json:@file:service_creds.json node info
+cos --bucket=my_icos_bucket_name --endpoint=my_icos_bucket_endpoint --apikey=my_icos_bucket_apikey --crn=my_icos_resource_instance_id node info
+cos --bucket=my_icos_bucket_name --region=my_icos_bucket_region --service-credentials=@json:@file:service_creds.json node info
 cos node access_key show self
 cos node download testfile.bin --to-folder=.
 cos node info
 cos node upload testfile.bin
 ```
 
-## Plugin: IBM Aspera Sync
+## <a id="async"></a>Plugin: `async`: IBM Aspera Sync
 
 A basic plugin to start an "async" using `ascli`.
-The main advantage is the possibility to start from ma configuration file, using `ascli` standard options.
+The main advantage over bare `async` command line is the possibility to use a configuration file, using `ascli` standard options.
+
+Also, the `sync` command is also made available through the `server sync` and `aoc files sync` commands.
+In this case, some of the `sync` parameters are fill from parameters of the related plugin.
+
+> **Note:** All `sync` commands require an `async` enabled license and availability of the `async` executable (and `asyncadmin`).
+>
+> **Note:** Two JSON syntax are supported for option `sync_info`.
+> The first is same sync payload as specified on the `async` option `--conf` or in the latest node API, this is the prefered syntax and allows a single session definition.
+> The second (legacy) is specific to `ascli` and allows definition of multiple sync sessions in a single command, although usually only one sync session is defined.
+
+Documentation on Async node API can be found on [IBM Developer Portal](https://developer.ibm.com/apis/catalog?search=%22aspera%20sync%20api%22).
 
 ### Sync sample commands
 
 ```bash
-sync start --parameters=@json:'{"sessions":[{"name":"test","reset":true,"remote_dir":"/sync_test","local_dir":"contents","host":"my_remote_host","tcp_port":33001,"user":"my_remote_user","private_key_path":"my_local_user_key"}]}'
+sync admin status --sync-info=@json:'{"sessions":[{"name":"test","local_dir":"contents"}]}'
+sync start --sync-info=@json:'{"instance":{"quiet":true},"sessions":[{"name":"test","reset":true,"remote_dir":"/sync_test","local_dir":"contents","host":"my_remote_host","tcp_port":33001,"user":"my_remote_user","private_key_paths":["my_local_user_key"]}]}'
 ```
 
-## Plugin: Preview
+## <a id="preview"></a>Plugin: `preview`: Preview generator for AoC
 
 The `preview` generates thumbnails (office, images, video) and video previews on storage for use primarily in the Aspera on Cloud application.
 It uses the **node API** of Aspera HSTS and requires use of Access Keys and it's **storage root**.
 Several parameters can be used to tune several aspects:
 
-* Methods for detection of new files needing generation
-* Methods for generation of video preview
-* Parameters for video handling
+- Methods for detection of new files needing generation
+- Methods for generation of video preview
+- Parameters for video handling
 
 ### Aspera Server configuration
 
@@ -4713,10 +5012,10 @@ Note: the HSTS parameter (max_request_file_create_size_kb) is in *kiloBytes* whi
 
 The tool requires the following external tools available in the `PATH`:
 
-* ImageMagick : `convert` `composite`
-* OptiPNG : `optipng`
-* FFmpeg : `ffmpeg` `ffprobe`
-* Libreoffice : `libreoffice`
+- ImageMagick : `convert` `composite`
+- OptiPNG : `optipng`
+- FFmpeg : `ffmpeg` `ffprobe`
+- Libreoffice : `libreoffice`
 
 Here shown on Redhat/CentOS.
 
@@ -4752,13 +5051,13 @@ If you don't want to have preview for office documents or if it is too complex y
 
 The generation of preview in based on the use of `unoconv` and `libreoffice`
 
-* CentOS 8
+- CentOS 8
 
 ```bash
 dnf install unoconv
 ```
 
-* Amazon Linux
+- Amazon Linux
 
 ```bash
 amazon-linux-extras enable libreoffice
@@ -4775,7 +5074,7 @@ The preview generator is run as a user, preferably a regular user (not root). Wh
 
 Like any `ascli` commands, parameters can be passed on command line or using a configuration [option preset](#lprt).  The configuration file must be created with the same user used to run so that it is properly used on runtime.
 
-Note that the `xfer` user has a special protected shell: `aspshell`, so changing identity requires specification of alternate shell:
+The `xfer` user has a special protected shell: `aspshell`, so changing identity requires specification of alternate shell:
 
 ```bash
 su -s /bin/bash - xfer
@@ -4798,11 +5097,11 @@ This shall list the contents of the storage root of the access key.
 
 ### Execution
 
-The tool intentionally supports only a "one shot" mode (no infinite loop) in order to avoid having a hanging process or using too many resources (calling REST api too quickly during the scan or event method).
-It needs to be run on a regular basis to create or update preview files. For that use your best
-reliable scheduler. For instance use "CRON" on Linux or Task Scheduler on Windows.
+The tool intentionally supports only a **one shot** mode (no infinite loop) in order to avoid having a hanging process or using too many resources (calling REST api too quickly during the scan or event method).
+It needs to be run on a regular basis to create or update preview files.
+For that use your best reliable scheduler, see [Scheduling](#scheduling).
 
-Typically, for "Access key" access, the system/transfer is `xfer`. So, in order to be consistent have generate the appropriate access rights, the generation process should be run as user `xfer`.
+Typically, for **Access key** access, the system/transfer is `xfer`. So, in order to be consistent have generate the appropriate access rights, the generation process should be run as user `xfer`.
 
 Lets do a one shot test, using the configuration previously created:
 
@@ -4818,12 +5117,12 @@ On subsequent run it reads this file and check that previews are generated for t
 
 ### Configuration for Execution in scheduler
 
-Here is an example of configuration for use with cron on Linux.
-Adapt the scripts to your own preference.
+Here is an example of configuration for use with `cron` on Linux.
+Adapt the scripts to your own needs.
 
 We assume here that a configuration preset was created as shown previously.
 
-Lets first setup a script that will be used in the scheduler and sets up the environment.
+Lets first setup a script that will be used in the scheduler and set up the environment.
 
 Example of startup script `cron_ascli`, which sets the Ruby environment and adds some timeout protection:
 
@@ -4845,25 +5144,25 @@ crontab<<EOF
 EOF
 ```
 
-Note that the logging options are kept in the cronfile instead of conf file to allow execution on command line with output on command line.
+> **Note:** The logging options are kept here in the cronfile instead of conf file to allow execution on command line with output on command line.
 
 ### Candidate detection for creation or update (or deletion)
 
 The tool generates preview files using those commands:
 
-* `trevents` : only recently uploaded files will be tested (transfer events)
-* `events` : only recently uploaded files will be tested (file events: not working)
-* `scan` : recursively scan all files under the access key&apos;s "storage root"
-* `test` : test using a local file
+- `trevents` : only recently uploaded files will be tested (transfer events)
+- `events` : only recently uploaded files will be tested (file events: not working)
+- `scan` : recursively scan all files under the access key&apos;s "storage root"
+- `test` : test using a local file
 
 Once candidate are selected, once candidates are selected,
 a preview is always generated if it does not exist already,
 else if a preview already exist, it will be generated
 using one of three values for the `overwrite` option:
 
-* `always` : preview is always generated, even if it already exists and is newer than original
-* `never` : preview is generated only if it does not exist already
-* `mtime` : preview is generated only if the original file is newer than the existing
+- `always` : preview is always generated, even if it already exists and is newer than original
+- `never` : preview is generated only if it does not exist already
+- `mtime` : preview is generated only if the original file is newer than the existing
 
 Deletion of preview for deleted source files: not implemented yet (TODO).
 
@@ -4887,8 +5186,8 @@ For instance to filter out files beginning with `._` do:
 
 Two types of preview can be generated:
 
-* png: thumbnail
-* mp4: video preview (only for video)
+- png: thumbnail
+- mp4: video preview (only for video)
 
 Use option `skip_format` to skip generation of a format.
 
@@ -4896,11 +5195,11 @@ Use option `skip_format` to skip generation of a format.
 
 The preview generator supports rendering of those file categories:
 
-* image
-* pdf
-* plaintext
-* office
-* video
+- image
+- pdf
+- plaintext
+- office
+- video
 
 To avoid generation for some categories, specify a list using option `skip_types`.
 
@@ -4923,31 +5222,31 @@ In this case the `preview` command will first analyze the file content using mim
 
 If the `mimemagic` gem complains about missing mime info file:
 
-* any OS:
+- any OS:
 
-  * Examine the error message
-  * Download the file: <https://gitlab.freedesktop.org/xdg/shared-mime-info/-/raw/master/data/freedesktop.org.xml.in>
-  * move and rename this file to one of the locations expected by mimemagic as specified in the error message
+  - Examine the error message
+  - Download the file: [freedesktop.org.xml.in](https://gitlab.freedesktop.org/xdg/shared-mime-info/-/raw/master/data/freedesktop.org.xml.in)
+  - move and rename this file to one of the locations expected by mimemagic as specified in the error message
 
-* Windows:
+- Windows:
 
-  * Download the file: <https://gitlab.freedesktop.org/xdg/shared-mime-info/-/raw/master/data/freedesktop.org.xml.in>
-  * Place this file in the root of Ruby (or elsewhere): `C:\RubyVV-x64\freedesktop.org.xml.in`
-  * Set a global variable using `SystemPropertiesAdvanced.exe` or using `cmd` (replace `VV` with version) to the exact path of this file:
+  - Download the file: [freedesktop.org.xml.in](https://gitlab.freedesktop.org/xdg/shared-mime-info/-/raw/master/data/freedesktop.org.xml.in)
+  - Place this file in the root of Ruby (or elsewhere): `C:\RubyVV-x64\freedesktop.org.xml.in`
+  - Set a global variable using `SystemPropertiesAdvanced.exe` or using `cmd` (replace `VV` with version) to the exact path of this file:
 
   ```cmd
   SETX FREEDESKTOP_MIME_TYPES_PATH C:\RubyVV-x64\freedesktop.org.xml.in
   ```
 
-  * Close the `cmd` and restart a new one if needed to get refreshed env vars
+  - Close the `cmd` and restart a new one if needed to get refreshed env vars
 
-* Linux:
+- Linux:
 
 ```bash
 yum install shared-mime-info
 ```
 
-* macOS:
+- macOS:
 
 ```bash
 brew install shared-mime-info
@@ -4986,17 +5285,17 @@ preview trevents --once-only=yes --skip-types=office --log-level=info
 Aspera CLI can send email, for that setup SMTP configuration. This is done with option `smtp`.
 
 The `smtp` option is a hash table (extended value) with the following fields:
-<table>
-<tr><th>field</th><th>default</th><th>example</th><th>description</th></tr>
-<tr><td>`server`</td><td>-</td><td>smtp.gmail.com</td><td>SMTP server address</td></tr>
-<tr><td>`tls`</td><td>true</td><td>false</td><td>use of TLS</td></tr>
-<tr><td>`port`</td><td>587 for tls<br/>25 else</td><td>587</td><td>port for service</td></tr>
-<tr><td>`domain`</td><td>domain of server</td><td>gmail.com</td><td>email domain of user</td></tr>
-<tr><td>`username`</td><td>-</td><td>john@example.com</td><td>user to authenticate on SMTP server, leave empty for open auth.</td></tr>
-<tr><td>`password`</td><td>-</td><td>MyP@ssword</td><td>password for above username</td></tr>
-<tr><td>`from_email`</td><td>username if defined</td><td>laurent.martin.l@gmail.com</td><td>address used if received replies</td></tr>
-<tr><td>`from_name`</td><td>same as email</td><td>John Wayne</td><td>display name of sender</td></tr>
-</table>
+
+| field        | default             | example                    | description                      |
+|--------------|---------------------|----------------------------|----------------------------------|
+| `server`     | -                   | smtp.gmail.com             | SMTP server address              |
+| `tls`        | true                | false                      | use of TLS                       |
+| `port`       | TLS: 587<br/>25     | 587                        | port for service                 |
+| `domain`     | domain of server    | gmail.com                  | email domain of user             |
+| `username`   | -                   | john@example.com           | user to authenticate on SMTP server, leave empty for open auth. |
+| `password`   | -                   | my_password_here           | password for above username      |
+| `from_email` | username if defined | johnny@example.com         | address used if receiver replies |
+| `from_name`  | same as email       | John Wayne                 | display name of sender           |
 
 ### Example of configuration
 
@@ -5033,9 +5332,9 @@ The template is the full SMTP message, including headers.
 
 The following variables are defined by default:
 
-* from_name
-* from_email
-* to
+- `from_name`
+- `from_email`
+- `to`
 
 Other variables are defined depending on context.
 
@@ -5058,10 +5357,10 @@ A default e-mail template is used, but it can be overridden with option `notif_t
 
 The environment provided contains the following additional variables:
 
-* subject
-* body
-* global_transfer_status
-* ts
+- subject
+- body
+- global_transfer_status
+- ts
 
 Example of template:
 
@@ -5079,9 +5378,9 @@ This gem comes with a second executable tool providing a simplified standardized
 
 It aims at simplifying the startup of a FASP session from a programmatic stand point as formatting a [*transfer-spec*](#transferspec) is:
 
-* common to Aspera Node API (HTTP POST /ops/transfer)
-* common to Aspera Connect API (browser javascript startTransfer)
-* easy to generate by using any third party language specific JSON library
+- common to Aspera Node API (HTTP POST /ops/transfer)
+- common to Aspera Connect API (browser javascript startTransfer)
+- easy to generate by using any third party language specific JSON library
 
 Hopefully, IBM integrates this diectly in `ascp`, and this tool is made redundant.
 
@@ -5091,26 +5390,26 @@ The tool expect one single argument: a [*transfer-spec*](#transferspec).
 
 If no argument is provided, it assumes a value of: `@json:@stdin:`, i.e. a JSON formatted [*transfer-spec*](#transferspec) on stdin.
 
-Note that if JSON is the format, one has to specify `@json:` to tell the tool to decode the hash using JSON.
+> **Note:** If JSON is the format, specify `@json:` to tell `ascli` to decode the hash using JSON syntax.
 
 During execution, it generates all low level events, one per line, in JSON format on stdout.
 
-Note that there are special "extended" [*transfer-spec*](#transferspec) parameters supported by `asession`:
+There are special "extended" [*transfer-spec*](#transferspec) parameters supported by `asession`:
 
-* `EX_loglevel` to change log level of the tool
-* `EX_file_list_folder` to set the folder used to store (exclusively, because of garbage collection) generated file lists. By default it is `[system tmp folder]/[username]_asession_filelists`
+- `EX_loglevel` to change log level of the tool
+- `EX_file_list_folder` to set the folder used to store (exclusively, because of garbage collection) generated file lists. By default it is `[system tmp folder]/[username]_asession_filelists`
 
-Note that in addition, many "EX_" [*transfer-spec*](#transferspec) parameters are supported for the [`direct`](#agt_direct) transfer agent (used by `asession`), refer to section [*transfer-spec*](#transferspec).
+> **Note:** In addition, many "EX_" [*transfer-spec*](#transferspec) parameters are supported for the [`direct`](#agt_direct) transfer agent (used by `asession`), refer to section [*transfer-spec*](#transferspec).
 
 ### Comparison of interfaces
 
-<table>
-<tr><th>feature/tool</th><th>asession</th><th>ascp</th><th>FaspManager</th><th>Transfer SDK</th></tr>
-<tr><td>language integration</td><td>any</td><td>any</td><td>C/C++<br/>C#/.net<br/>Go<br/>Python<br/>java<br/></td><td>many</td></tr>
-<tr><td>required additional components to ascp</td><td>Ruby<br/>Aspera</td><td>-</td><td>library<br/>(headers)</td><td>daemon</td></tr>
-<tr><td>startup</td><td>JSON on stdin<br/>(standard APIs:<br/>JSON.generate<br/>Process.spawn)</td><td>command line arguments</td><td>API</td><td>daemon</td></tr>
-<tr><td>events</td><td>JSON on stdout</td><td>none by default<br/>or need to open management port<br/>and proprietary text syntax</td><td>callback</td><td>callback</td></tr>
-<tr><td>platforms</td><td>any with ruby and ascp</td><td>any with ascp (and SDK if compiled)</td><td>any with ascp</td><td>any with ascp and transfer daemon</td></tr></table>
+| feature/tool | asession | `ascp` | FaspManager | Transfer SDK |
+|--------------|----------|--------|-------------|--------------|
+| language integration | any | any | C/C++<br/>C#/.net<br/>Go<br/>Python<br/>java<br/> | many |
+| required additional components to `ascp` | Ruby<br/>Aspera | - | library<br/>(headers) | daemon |
+| startup | JSON on stdin<br/>(standard APIs:<br/>JSON.generate<br/>Process.spawn) | command line arguments | API | daemon |
+| events | JSON on stdout | none by default<br/>or need to open management port<br/>and proprietary text syntax | callback | callback |
+| platforms | any with ruby and `ascp` | any with `ascp` (and SDK if compiled) | any with `ascp` | any with `ascp` and transfer daemon |
 
 ### Simple session
 
@@ -5122,13 +5421,13 @@ Create a file `session.json` with:
 
 Then start the session:
 
-```
+```bash
 asession < session.json
 ```
 
 ### Asynchronous commands and Persistent session
 
-`asession` also supports asynchronous commands (on the management port). Instead of the traditional text protocol as described in ascp manual, the format for commands is: one single line per command, formatted in JSON, where parameters shall be "snake" style, for example: `LongParameter` -&gt; `long_parameter`
+`asession` also supports asynchronous commands (on the management port). Instead of the traditional text protocol as described in `ascp` manual, the format for commands is: one single line per command, formatted in JSON, where parameters shall be "snake" style, for example: `LongParameter` -&gt; `long_parameter`
 
 This is particularly useful for a persistent session ( with the [*transfer-spec*](#transferspec) parameter: `"keepalive":true` )
 
@@ -5176,13 +5475,14 @@ EXAMPLES
 
 ### Requirements
 
-`ascli` maybe used as a simple hot folder engine. A hot folder being defined as a tool that:
+`ascli` maybe used as a simple hot folder engine.
+A hot folder being defined as a tool that:
 
-* locally (or remotely) detects new files in a top folder
-* send detected files to a remote (respectively, local) repository
-* only sends new files, do not re-send already sent files
-* optionally: sends only files that are not still "growing"
-* optionally: after transfer of files, deletes or moves to an archive
+- locally (or remotely) detects new files in a top folder
+- send detected files to a remote (respectively, local) repository
+- only sends new files, do not re-send already sent files
+- optionally: sends only files that are not still "growing"
+- optionally: after transfer of files, deletes or moves to an archive
 
 In addition: the detection should be made "continuously" or on specific time/date.
 
@@ -5190,42 +5490,67 @@ In addition: the detection should be made "continuously" or on specific time/dat
 
 The general idea is to rely on :
 
-* existing `ascp` features for detection and transfer
-* take advantage of `ascli` configuration capabilities and server side knowledge
-* the OS scheduler for reliability and continuous operation
+- existing `ascp` features for detection and transfer
+- take advantage of `ascli` configuration capabilities and server side knowledge
+- the OS scheduler for reliability and continuous operation
 
-#### ascp features
+#### `ascp` features
 
-Interesting ascp features are found in its arguments: (see ascp manual):
+Interesting `ascp` features are found in its arguments: (see `ascp` manual):
 
-* `ascp` already takes care of sending only "new" files: option `-k 1,2,3`, or transfer_spec: `resume_policy`
-* `ascp` has some options to remove or move files after transfer: `--remove-after-transfer`, `--move-after-transfer`, `--remove-empty-directories`
-* `ascp` has an option to send only files not modified since the last X seconds: `--exclude-newer-than` (--exclude-older-than)
-* `--src-base` if top level folder name shall not be created on destination
+- `ascp` already takes care of sending only "new" files: option `-k 1,2,3` (`resume_policy`)
+- `ascp` has some options to remove or move files after transfer: `--remove-after-transfer`, `--move-after-transfer`, `--remove-empty-directories` (`remove_after_transfer`, `move_after_transfer`, `remove_empty_directories`)
+- `ascp` has an option to send only files not modified since the last X seconds: `--exclude-newer-than`, `--exclude-older-than` (`exclude_newer_than`,`exclude_older_than`)
+- `--src-base` (`src_base`) if top level folder name shall not be created on destination
 
 Note that:
 
-* `ascli` takes transfer parameters exclusively as a transfer_spec, with `--ts` parameter.
-* most, but not all native ascp arguments are available as standard transfer_spec parameters
-* native ascp arguments can be provided with the [*transfer-spec*](#transferspec) parameter: EX_ascp_args (array), only for the [`direct`](#agt_direct) transfer agent (not connect or node)
+- `ascli` takes transfer parameters exclusively as a [*transfer-spec*](#transferspec), with `--ts` parameter.
+- most, but not all, native `ascp` arguments are available as standard [*transfer-spec*](#transferspec) parameters
+- native `ascp` arguments can be provided with the [*transfer-spec*](#transferspec) parameter: `EX_ascp_args` (array), only for the [`direct`](#agt_direct) transfer agent (not others, like connect or node)
 
 #### server side and configuration
 
-Virtually any transfer on a "repository" on a regular basis might emulate a hot folder. Note that file detection is not based on events (inotify, etc...), but on a stateless scan on source side.
+Virtually any transfer on a "repository" on a regular basis might emulate a hot folder.
 
-Note: parameters may be saved in a [option preset](#lprt) and used with `-P`.
+> **Note:** file detection is not based on events (inotify, etc...), but on a simple folder scan on source side.
+>
+> **Note:** parameters may be saved in a [option preset](#lprt) and used with `-P`.
 
 #### Scheduling
 
-Once `ascli` parameters are defined, run the command using the OS native scheduler, e.g. every minutes, or 5 minutes, etc... Refer to section [Scheduling](#scheduling).
+Once `ascli` parameters are defined, run the command using the OS native scheduler, e.g. every minutes, or 5 minutes, etc...
+Refer to section [Scheduling](#scheduling). (on use of option `lock_port`)
 
-### Example: upload folder
+### Example: upload hot folder
 
-```javascript
-ascli server upload source_hot --to-folder=/Upload/target_hot --lock-port=12345 --ts=@json:'{"EX_ascp_args":["--remove-after-transfer","--remove-empty-directories","--exclude-newer-than=-8","--src-base","source_hot"]}'
+```bash
+ascli server upload source_hot --to-folder=/Upload/target_hot --lock-port=12345 --ts=@json:'{"remove_after_transfer":true,"remove_empty_directories":true,"exclude_newer_than:-8,"src_base":"source_hot"}'
+```
+
+The local folder (here, relative path: `source_hot`) is sent (upload) to an aspera server.
+Source files are deleted after transfer.
+Growing files will be sent only once they don't grow anymore (based on an 8-second cooloff period).
+If a transfer takes more than the execution period, then the subsequent execution is skipped (`lock_port`) preventing multiple concurrent runs.
+
+### Example: unidirectional synchronization (upload) to server
+
+```bash
+ascli server upload source_sync --to-folder=/Upload/target_sync --lock-port=12345 --ts=@json:'{"resume_policy":"sparse_csum","exclude_newer_than":-8,"src_base":"source_sync"}'
+```
+
+This can also be used with other folder-based applications: Aspera on Cloud, Shares, Node:
+
+### Example: unidirectional synchronization (download) from Aspera on Cloud Files
+
+```bash
+ascli aoc files download . --to-folder=. --lock-port=12345 --progress=none --display=data \
+--ts=@json:'{"resume_policy":"sparse_csum","target_rate_kbps":50000,"exclude_newer_than":-8,"delete_before_transfer":true}'
 ```
 
-The local folder (here, relative path: source_hot) is sent (upload) to basic fasp server, source files are deleted after transfer. growing files will be sent only once they don't grow anymore (based on an 8-second cooloff period). If a transfer takes more than the execution period, then the subsequent execution is skipped (lock-port).
+> **Note:** option `delete_before_transfer` will delete files locally, if they are not present on remote side.
+>
+> **Note:** options `progress` and `display` limit output for headless operation (e.g. cron job)
 
 ## Health check and Nagios
 
@@ -5245,9 +5570,9 @@ ascli console health
 
 Typically, the health check uses the REST API of the application with the following exception: the `server` plugin allows checking health by:
 
-* issuing a transfer to the server
-* checking web app status with `asctl all:status`
-* checking daemons process status
+- issuing a transfer to the server
+- checking web app status with `asctl all:status`
+- checking daemons process status
 
 `ascli` can be called by Nagios to check the health status of an Aspera server. The output can be made compatible to Nagios with option `--format=nagios` :
 
@@ -5271,9 +5596,9 @@ OK - [NP:running, MySQL:running, Mongrels:running, Background:running, DS:runnin
 
 Main components:
 
-* `Aspera` generic classes for REST and OAuth
-* `Aspera::Fasp`: starting and monitoring transfers. It can be considered as a FASPManager class for Ruby.
-* `Aspera::Cli`: `ascli`.
+- `Aspera` generic classes for REST and OAuth
+- `Aspera::Fasp`: starting and monitoring transfers. It can be considered as a FASPManager class for Ruby.
+- `Aspera::Cli`: `ascli`.
 
 A working example can be found in the gem, example:
 
@@ -5302,23 +5627,23 @@ aoc.read('self')
 
 ## Changes (Release notes)
 
-See <CHANGELOG.md>
+See [CHANGELOG.md](CHANGELOG.md)
 
 ## History
 
-When I joined Aspera, there was only one CLI: `ascp`, which is the implementation of the FASP protocol, but there was no CLI to access the various existing products (Server, Faspex, Shares). Once, Serban (founder) provided a shell script able to create a Faspex Package using Faspex REST API. Since all products relate to file transfers using FASP (ascp), I thought it would be interesting to have a unified CLI for transfers using FASP. Also, because there was already the `ascp` tool, I thought of an extended tool : `eascp.pl` which was accepting all `ascp` options for transfer but was also able to transfer to Faspex and Shares (destination was a kind of URI for the applications).
+When I joined Aspera, there was only one CLI: `ascp`, which is the implementation of the FASP protocol, but there was no CLI to access the various existing products (Server, Faspex, Shares). Once, Serban (founder) provided a shell script able to create a Faspex Package using Faspex REST API. Since all products relate to file transfers using FASP (`ascp`), I thought it would be interesting to have a unified CLI for transfers using FASP. Also, because there was already the `ascp` tool, I thought of an extended tool : `eascp.pl` which was accepting all `ascp` options for transfer but was also able to transfer to Faspex and Shares (destination was a kind of URI for the applications).
 
 There were a few pitfalls:
 
-* The tool was written in the aging `perl` language while most Aspera application products (but the Transfer Server) are written in `ruby`.
-* The tool was only for transfers, but not able to call other products APIs
+- The tool was written in the aging `perl` language while most Aspera application products (but the Transfer Server) are written in `ruby`.
+- The tool was only for transfers, but not able to call other products APIs
 
 So, it evolved into `ascli`:
 
-* portable: works on platforms supporting `ruby` (and `ascp`)
-* easy to install with the `gem` utility
-* supports transfers with multiple [Transfer Agents](#agents), that&apos;s why transfer parameters moved from ascp command line to [*transfer-spec*](#transferspec) (more reliable , more standard)
-* `ruby` is consistent with other Aspera products
+- portable: works on platforms supporting `ruby` (and `ascp`)
+- easy to install with the `gem` utility
+- supports transfers with multiple [Transfer Agents](#agents), that&apos;s why transfer parameters moved from `ascp` command line to [*transfer-spec*](#transferspec) (more reliable , more standard)
+- `ruby` is consistent with other Aspera products
 
 ## Common problems