add 2 Gemini SKUs

gam report vault
Added fromgmail to <EventType>
2026-06-20 14:11:37 +00:00 · 2024-05-31 19:36:56 +00:00 · 2024-05-31 19:36:12 +00:00 · 2024-05-31 12:26:06 -07:00 · 2024-05-29 19:13:46 -07:00 · 2024-05-29 10:49:31 -07:00
34 changed files with 1294 additions and 461 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -9,6 +9,7 @@ on:
 permissions:
  contents: read
  id-token: write
+  attestations: write

 defaults:
  run:
@@ -34,13 +35,11 @@ jobs:
            goal: build
            arch: x86_64
            openssl_archs: linux-x86_64
-            fullGamTest: yes
          - os: [self-hosted, linux, arm64]
            jid: 2
            goal: build
            arch: aarch64
            openssl_archs: linux-aarch64
-            fullGamTest: yes
          - os: ubuntu-20.04
            jid: 3
            goal: build
@@ -58,13 +57,11 @@ jobs:
            goal: build
            arch: x86_64
            openssl_archs: darwin64-x86_64
-            fullGamTest: yes
          - os: macos-14
            jid: 6
            goal: build
            arch: aarch64
            openssl_archs: darwin64-arm64
-            fullGamTest: yes
          - os: macos-14
            jid: 7
            goal: build
@@ -75,7 +72,6 @@ jobs:
            goal: build
            arch: Win64
            openssl_archs: VC-WIN64A
-            fullGamTest: yes
          - os: ubuntu-22.04
            goal: test
            python: "3.8"
@@ -118,7 +114,7 @@ jobs:
        with:
          path: |
            cache.tar.xz
-          key: gam-${{ matrix.jid }}-20240416
+          key: gam-${{ matrix.jid }}-20240526

      - name: Untar Cache archive
        if: matrix.goal == 'build' && steps.cache-python-ssl.outputs.cache-hit == 'true'
@@ -199,8 +195,9 @@ jobs:
          bash ./rust.sh -y
          source $HOME/.cargo/env
          # Install needed packages
-          brew update
-          brew install gpg swig
+          # brew update
+          # brew install gpg
+          brew install swig

      - name: Windows Configure VCode
        uses: ilammy/msvc-dev-cmd@v1
@@ -222,12 +219,6 @@ jobs:
            GAM_ARCHIVE_ARCH="x86_64"
            WIX_ARCH="x64"
            CHOC_OPS=""
-          elif [[ "${arch}" == "Win32" ]]; then
-            PYEXTERNALS_PATH="win32"
-            PYBUILDRELEASE_ARCH="Win32"
-            GAM_ARCHIVE_ARCH="x86"
-            WIX_ARCH="x86"
-            CHOC_OPS="--forcex86"
          fi
          if [[ "${RUNNER_OS}" == "macOS" ]]; then
            MAKE=make
@@ -497,22 +488,20 @@ jobs:
          cd pyinstaller
          export latest_release=$(git tag --list | grep -v dev | grep -v rc | sort -Vr | head -n1)
          #V6.0.0 causes errors on staticx
-          if [[ "${staticx}" == "yes" ]]; then
-            git checkout "v5.13.2"
-          elif [[ "${RUNNER_OS}" == "Windows" ]]; then
-            git checkout "v5.13.2"
-          elif [[ "${RUNNER_OS}" == "macOS" ]]; then
-            git checkout "v5.13.2"
-          else
-            git checkout "${latest_release}"
-          fi
+          #if [[ "${staticx}" == "yes" ]]; then
+          #  git checkout "v5.13.2"
+          #elif [[ "${RUNNER_OS}" == "Windows" ]]; then
+          #  git checkout "v5.13.2"
+          #elif [[ "${RUNNER_OS}" == "macOS" ]]; then
+          #  git checkout "v5.13.2"
+          #else
+          git checkout "${latest_release}"
+          #fi
          # remove pre-compiled bootloaders so we fail if bootloader compile fails
          rm -rvf PyInstaller/bootloader/*-*/*
          cd bootloader
+          export PYINSTALLER_BUILD_ARGS=""
          case "${arch}" in
-            "Win32")
-              export PYINSTALLER_BUILD_ARGS="--target-arch=32bit"
-              ;;
            "Win64")
              export PYINSTALLER_BUILD_ARGS="--target-arch=64bit"
              ;;
@@ -539,20 +528,31 @@ jobs:
          elif [[ "${RUNNER_OS}" == "Windows" ]]; then
            # Work around issue where PyInstaller picks up python3.dll from other Python versions
            # https://github.com/pyinstaller/pyinstaller/issues/7102
-            export PATH="/usr/bin"
+            export PATH="$(dirname ${PYTHON}):/usr/bin"
          else
            export gampath=$(realpath "${gampath}")
          fi
          export gam="${gampath}/gam"
          echo "gampath=${gampath}" >> $GITHUB_ENV
-          echo "gam=${gam}" >> $GITHUB_ENV
-          echo -e "GAM: ${gam}\nGAMPATH: ${gampath}"
          # TEMP force everything back to one file.
          export PYINSTALLER_BUILD_ONEFILE="yes"
          export distpath="./dist/gam"
          export gampath="${distpath}"
          "${PYTHON}" -m PyInstaller --clean --noconfirm --distpath="${distpath}" gam.spec
          cat build/gam/warn-gam.txt
+          if [ -x "$(command -v realpath)" ]; then
+               realpath=realpath
+             else
+               brew install coreutils
+               realpath=grealpath
+             fi
+          export gam=$(realpath "$gam")
+          if [[ "${RUNNER_OS}" == "Windows" ]]; then
+            export gam=$(cygpath -w "$gam")
+            echo "GAM on Windows at ${gam}"
+          fi
+          echo "gam=${gam}" >> $GITHUB_ENV
+          echo -e "GAM: ${gam}\nGAMPATH: ${gampath}"

      - name: Copy extra package files
        if: matrix.goal == 'build'
@@ -596,19 +596,26 @@ jobs:
          echo "GAM Version ${GAMVERSION}"
          echo "GAMVERSION=${GAMVERSION}" >> $GITHUB_ENV

+      - name: Attest Binary Provenance
+        uses: actions/attest-build-provenance@v1
+        if: matrix.goal == 'build'
+        with:
+          subject-path: ${{ env.gam }}
+
      - name: Linux/MacOS package
        if: runner.os != 'Windows' && matrix.goal == 'build'
        run: |
          if [[ "${RUNNER_OS}" == "macOS" ]]; then
-              GAM_ARCHIVE="gam-${GAMVERSION}-macos-${arch}.tar.xz"
+            GAM_ARCHIVE="gam-${GAMVERSION}-macos-${arch}.tar.xz"
          elif [[ "${RUNNER_OS}" == "Linux" ]]; then
-              if [[ "${staticx}" == "yes" ]]; then
-                libver="legacy"
-              else
-                libver="glibc$(ldd --version | awk '/ldd/{print $NF}')"
-              fi
-              GAM_ARCHIVE="gam-${GAMVERSION}-linux-$(arch)-${libver}.tar.xz"
+            if [[ "${staticx}" == "yes" ]]; then
+              libver="legacy"
+            else
+              libver="glibc$(ldd --version | awk '/ldd/{print $NF}')"
+            fi
+            GAM_ARCHIVE="gam-${GAMVERSION}-linux-$(arch)-${libver}.tar.xz"
          fi
+          echo "GAM Archive ${GAM_ARCHIVE}"
          tar -C dist/ --create --verbose --exclude-from "${GITHUB_WORKSPACE}/.github/actions/package_exclusions.txt" --file $GAM_ARCHIVE --xz gam

      - name: Windows package
@@ -643,7 +650,7 @@ jobs:
          echo "We successfully compiled Python ${this_python} and OpenSSL ${this_openssl}"

      - name: Live API tests push only
-        if: (github.event_name == 'push' || github.event_name == 'schedule') && matrix.fullGamTest == 'yes'
+        if: (github.event_name == 'push' || github.event_name == 'schedule')
        env:
          PASSCODE: ${{ secrets.PASSCODE }}
        run: |
@@ -730,7 +737,7 @@ jobs:
          $gam info group $newgroup
          $gam info cigroup $newgroup membertree
          # confirm mailbox is provisoned before continuing
-          $gam user $newuser waitformailbox
+          $gam user $newuser waitformailbox retries 20
          $gam user $newuser imap on
          $gam user $newuser show imap
          $gam user $newuser show delegates
@@ -744,7 +751,7 @@ jobs:
          $gam user $gam_user insertemail subject "GHA insert $newbase" file gam.py labels INBOX,UNREAD # yep body is gam code
          $gam user $gam_user sendemail subject "GHA send $gam_user $newbase" file gam.py recipient admin@pdl.jaylee.us
          $gam user $gam_user draftemail subject "GHA draft $newbase" message "Draft message test"
-          $gam csvfile sample.csv:email waitformailbox
+          $gam csvfile sample.csv:email waitformailbox retries 20
          $gam user $newuser delegate to "${newbase}-bulkuser-1" || if [ $? != 50 ]; then exit $?; fi # expect a 50 return code (delegation failed)
          $gam users "$gam_user $newbase-bulkuser-1 $newbase-bulkuser-2 $newbase-bulkuser-3" delete messages query in:anywhere maxtodelete 99999 doit || if [ $? != 60 ]; then exit $?; fi # expect a 60 return code (no messages)
          $gam users "$newbase-bulkuser-4 $newbase-bulkuser-5 $newbase-bulkuser-6" trash messages query in:anywhere maxtotrash 99999 doit || if [ $? != 60 ]; then exit $?; fi # expect a 60 return code (no messages)
@@ -852,15 +859,24 @@ jobs:
          fi
          tar cJvvf cache.tar.xz $tar_folders

+      - name: Attest Build Archive Provenance
+        uses: actions/attest-build-provenance@v1
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && matrix.goal == 'build'
+        with:
+          subject-path: |
+            src/gam*.tar.xz
+            src/gam*.zip
+            src/gam*.msi
+
      - name: Archive production artifacts
        uses: actions/upload-artifact@v4
        if: (github.event_name == 'push' || github.event_name == 'schedule') && matrix.goal != 'test'
        with:
          name: gam-binaries-${{ env.GAMOS }}-${{ env.arch }}-${{ matrix.jid }}
          path: |
-            src/*.tar.xz
-            src/*.zip
-            src/*.msi
+            src/gam*.tar.xz
+            src/gam*.zip
+            src/gam*.msi

  merge:
    if: (github.event_name == 'push' || github.event_name == 'schedule')
@@ -876,11 +892,6 @@ jobs:
          name: gam-binaries
          pattern: gam-binaries-*

-#      - name: Delete Artifacts
-#        uses: geekyeggo/delete-artifact@v4
-#        with:
-#          name: gam-binaries-*
-
  publish:
    if: github.event_name == 'push'
    runs-on: ubuntu-latest
--- a/docs/Authorization.md
+++ b/docs/Authorization.md
@@ -315,6 +315,9 @@ gam create project [admin <EmailAddress>] [project <ProjectID>]
        [projectname <ProjectName>] [parent <String>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
        [sadescription <ServiceAccountDescription>]
+        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+         (localkeysize 1024|2048|4096 [validityhours <Number>])|
+         (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]
 ```
 * `admin <EmailAddress>` - Google Workspace admin/GCP project manager; if omitted, you will be prompted for the address
 * `appname <String>` - Application name, defaults to `GAM`
@@ -326,6 +329,8 @@ gam create project [admin <EmailAddress>] [project <ProjectID>]
 * `sadisplayname <ServiceAccountDisplayName>` - Service account display name
 * `sadescription <ServiceAccountDescription>` - Service account description

+You can optionally specify the type of service account key with `algorithm|localkeysize|yubikey`: [Manage Service Account keys](#manage-service-account-keys)
+
 ## Use an existing project for GAM authorization
 Use an existing project to create and download two files: `client_secrets.json` for the Client and `oauth2service.json` for the Service Account.

@@ -335,8 +340,11 @@ Use an existing project to create and download two files: `client_secrets.json`
 * `<ServiceAccountDescription>` - `<ServiceAccountDisplayName>`

 ### Basic
-Use an existing project with default values for the service account. This is typically used when
-the system administrators have created a basic project and you now want to configure it as a GAM project.
+Use an existing uninitialized/uncredentialed project and configure it to be a GAM project; this typically used when
+the GCP  administrators have created a basic project because project creation is not available for most users.
+
+See Jay's notes about how to do this: https://github.com/GAM-team/GAM/wiki/GAM-with--minimal-GCP-rights
+
 ```
 gam use project [<EmailAddress>] [project <ProjectID>]
 ```
@@ -351,6 +359,9 @@ can not be re-downloaded.
 gam use project [admin <EmailAddress>] [project <ProjectID>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
        [sadescription <ServiceAccountDescription>]
+        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+         (localkeysize 1024|2048|4096 [validityhours <Number>])|
+         (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]
 ```
 * `admin <EmailAddress>` - Google Workspace admin/GCP project manager; if omitted, you will be prompted for the address
 * `project <ProjectID>` - An existing Google project ID; if omitted, you will be prompted for the ID
@@ -358,6 +369,8 @@ gam use project [admin <EmailAddress>] [project <ProjectID>]
 * `sadisplayname <ServiceAccountDisplayName>` - Service account display name
 * `sadescription <ServiceAccountDescription>` - Service account description

+You can optionally specify the type of service account key with `algorithm|localkeysize|yubikey`: [Manage Service Account keys](#manage-service-account-keys)
+
 ## Update an existing project for GAM authorization
 This command is used when GAM has added new capabilities that require additional APIs to be added to your project.
 ```
@@ -695,6 +708,9 @@ file or define a new section in `gam.cfg` that references a different `oauth2ser
 gam create|add svcacct [[admin] <EmailAddress>] [<ProjectIDEntity>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
        [sadescription <ServiceAccountDescription>]
+        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+         (localkeysize 1024|2048|4096 [validityhours <Number>])|
+         (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]
 ```
 * `<EmailAddress>` - Google Workspace admin/GCP project manager; if omitted, you will be prompted for the address

@@ -709,6 +725,8 @@ Use these options to select user-specified values..
 * `sadisplayname <ServiceAccountDisplayName>` - Service account display name
 * `sadescription <ServiceAccountDescription>` - Service account description

+You can optionally specify the type of service account key with `algorithm|localkeysize|yubikey`: [Manage Service Account keys](#manage-service-account-keys)
+
 After adding an additional service account, you can select specific access APIs for it.
 [Selective Service Account access](#selective-service-account-access)

@@ -765,6 +783,7 @@ There are several methods for generating private keys:
 * `localkeysize 1024` - Gam generates a 1024 bit key; this is not recommended
 * `localkeysize 2048` - Gam generates a 2048 bit key; this is the default
 * `localkeysize 4096` - Gam generates a 4096 bit key
+* `yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]` - [Using GAMADV-XTD3 with a YubiKey](Using-GAMADV-XTD3-with-a-YubiKey)

 When `localkeysize` is specified, the optional argument `validityhours <Number>` sets the length of time during which the key will be valid and should be used when the [GCP constraints/iam.serviceAccountKeyExpiryHours organization policy](https://cloud.google.com/resource-manager/docs/organization-policy/restricting-service-accounts#limit_key_expiry) is in use. Note that in order to account for system clock skew, GAM sets the key to be valid two minutes earlier than the current system time and thus it will also expire two minutes earlier.

@@ -790,16 +809,12 @@ The two forms of the command are equivalent; the second form is used by Basic Ga
 ```
 gam create sakey
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION 
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 gam rotate sakey retain_existing
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION 
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 ```
 To distribute `oauth2service.json` files with unique private keys perform the following steps:
 ```
@@ -820,16 +835,12 @@ The two forms of the command are equivalent; the second form is used by Basic Ga
 ```
 gam update sakey
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION 
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
-gam rotate sakey replace_existing
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
+gam rotate sakey replace_current
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION 
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 ```
 ## Replace all existing Service Account keys
 Create a new Service Account private key; all existing private keys are revoked.
@@ -843,16 +854,12 @@ The two forms of the command are equivalent; the second form is used by Basic Ga
 ```
 gam replace sakeys
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION 
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 gam rotate sakeys retain_none
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION 
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 ```
 ## Delete Service Account keys
 You can delete Service Accounts keys thus revoking access for that key. Generally, you will
@@ -875,10 +882,8 @@ any `oauth2service.json` file to other users, you must redistribute the updated
 ```
 gam upload sakey [admin <EmailAddress>]
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION 
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 ```
 ## Display Service Account keys
 There are system keys and user keys; user keys are what Gam uses; GCP uses system keys.
--- a/docs/Basic-Items.md
+++ b/docs/Basic-Items.md
@@ -457,6 +457,7 @@
 <ResellerID> ::= <String>
 <ResourceID> ::= <String>
 <SchemaName> ::= <String>
+<SchemaNameField> ::= <SchemaName>.<FieldName>
 <Section> ::= <String>
 <SendAsContent> ::=
        (sig|signature|htmlsig <String>)|
@@ -513,6 +514,7 @@
 <Title> ::= <String>
 <ToDriveAttribute> ::=
        (tdaddsheet [<Boolean>])|
+        (tdalert <EmailAddress>)*|
        (tdbackupsheet (id:<Number>)|<String>)|
        (tdcellnumberformat text|number)|
        (tdcellwrap clip|overflow|wrap)|
@@ -520,17 +522,20 @@
        (tdcopysheet (id:<Number>)|<String>)|
        (tddescription <String>)|
        (tdfileid <DriveFileID>)|
+        (tdfrom <EmailAddress>)|
        (tdlocalcopy [<Boolean>])|
        (tdlocale <Locale>)|
        (tdnobrowser [<Boolean>])|
        (tdnoemail [<Boolean>])|
        (tdnoescapechar [<Boolean>])|
+        (tdnotify [<Boolean>])|
        (tdparent (id:<DriveFolderID>)|<DriveFolderName>)|
        (tdretaintitle [<Boolean>])|
        (tdshare <EmailAddress> commenter|reader|writer)*|
        (tdsheet (id:<Number>)|<String>)|
        (tdsheettimestamp [<Boolean>] [tdsheettimeformat <String>])
        (tdsheettitle <String>)|
+        (tdsubject <String>)|
        ([tdsheetdaysoffset <Number>] [tdsheethoursoffset <Number>])|
        (tdtimestamp [<Boolean>] [tdtimeformat <String>]
            [tddaysoffset <Number>] [tdhoursoffset <Number>])|
--- a/docs/Bulk-Processing.md
+++ b/docs/Bulk-Processing.md
@@ -42,6 +42,7 @@ Batch files can contain the following types of lines:
  * GAM prints \<String\> and waits for the user to press any key
  * GAM continues
 * sleep \<Integer\> - Batch processing will suspend for \<Integer\> seconds before the next command line is processed
+  * To be effective, this should immediately follow commit-batch
 * print \<String\> - Print \<String\> on stderr
 * set \<KeywordString\> \<ValueString\>
  * Subsequent lines will have %\<KeywordString\>% replaced with \<ValueString\>
@@ -129,25 +130,29 @@ gam csv gsheet <user> <fileID> "<sheetName>" gam update user "~primaryEmail" add
 ## CSV files with redirection and select
 You should use the `multiprocess` option on any redirected files: `csv`, `stdout`, `stderr`.
 ```
-gam redirect csv ./filelistperms.csv multiprocess csv Users.csv gam user ~primaryEmail print filelist fields id,title,permissions,owners.emailaddress
+gam redirect csv ./filelistperms.csv multiprocess csv Users.csv gam user ~primaryEmail print filelist fields id,name,mimetype,basicpermissions
+gam redirect csv - multiprocess todrive csv Users.csv gam user ~primaryEmail print filelist fields id,name,mimetype,basicpermissions
 ```

 If you want to select a `gam.cfg` section for the command, you can select the section at the outer `gam` and save it
 or select the section at the inner `gam`.
 ```
-gam select <Section> save redirect csv ./filelistperms.csv multiprocess csv Users.csv gam user ~primaryEmail print filelist fields id,title,permissions,owners.emailaddress
-gam redirect csv ./filelistperms.csv multiprocess csv Users.csv gam select <Section> user ~primaryEmail print filelist fields id,title,permissions,owners.emailaddress
+gam select <Section> save redirect csv ./filelistperms.csv multiprocess csv Users.csv gam user ~primaryEmail print filelist fields id,name,mimetype,basicpermissions
+gam redirect csv ./filelistperms.csv multiprocess csv Users.csv gam select <Section> user ~primaryEmail print filelist fields id,name,mimetype,basicpermissions
+gam select <Section> save redirect csv - multiprocess todrive csv Users.csv gam user ~primaryEmail print filelist fields id,name,mimetype,basicpermissions
+gam redirect csv - multiprocess todrive csv Users.csv gam select <Section> user ~primaryEmail print filelist fields id,name,mimetype,basicpermissions
 ```

 ## Automatic batch processing
 You can enable automatic batch (parallel) processing when issuing commands of the form `gam <UserTypeEntity> ...`.
 In the following example, if the number of users in group sales@domain.com exceeds 1, then the `print filelist` command will be processed in parallel.
 ```
-gam config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess group sales@domain.com print filelist fields id,title,permissions,owners.emailaddress
+gam config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess group sales@domain.com print filelist fields id,name,mimetype,basicpermissions
+gam config auto_batch_min 1 redirect csv - multiprocess todrive group sales@domain.com print filelist fields id,name,mimetype,basicpermissions
 ```
 With automatic batch processing, you should use the `multiprocess` option on any redirected files: `csv`, `stdout`, `stderr`.

 If you want to select a `gam.cfg` section for the command, you must select and save it for it to be processed correctly.
 ```
-gam select <Section> save config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess group sales@domain.com print filelist fields id,title,permissions,owners.emailaddress
+gam select <Section> save config auto_batch_min 1 redirect csv ./filelistperms.csv multiprocess group sales@domain.com print filelist fields id,name,mimetype,basicpermissions
 ```
--- a/docs/CSV-Input-Filtering.md
+++ b/docs/CSV-Input-Filtering.md
@@ -83,11 +83,17 @@ Name:value form.
 * Each `<FieldNameFilter>:<RowValueFilter>` pair should be enclosed in `'`.
 * If `<FieldNameFilter>` contains a `:` or a space, it should be enclosed in `\"`.
 * If `<RegularExpression>` or `<DataSelector>` in `<RowValueFilter>` contain a space, it should be enclosed in `\"`.
+* If `<FieldNameFilter>` or `<RegularExpression>` in `<RowValueFilter>` contain a `\` to escape a special character
+or enter a special sequence, enter `\\\` on Linux and Mac OS, `\\` on Windows,

-Example:
+Examples:
 ```
 csv_input_row_filter "'\"accounts:used_quota_in_mb\":count>15000'"
 csv_input_row_filter "'email:data:\"csvfile gsheet:email user@domain.com FileID Sheet1\"'"
+Linux and Mac OS
+csv_input_row_filter "'phones.\\\d+.value:regex:(?:^\\\(510\\\) )|(?:^510[- ])\\\d{3}-\\\d{4}'"
+Windows
+csv_input_row_filter "'phones.\\d+.value:regex:(?:^\\(510\\) )|(?:^510[- ])\\d{3}-\\d{4}'"
 ```
 JSON form.
 ```
--- a/docs/CSV-Output-Filtering.md
+++ b/docs/CSV-Output-Filtering.md
@@ -89,13 +89,16 @@ Name:value form.
 * If `<FieldNameFilter>` contains a `:` or a space, it should be enclosed in `\"`.
 * If `<RegularExpression>` or `<DataSelector>` in `<RowValueFilter>` contain a space, it should be enclosed in `\"`.
 * If `<FieldNameFilter>` or `<RegularExpression>` in `<RowValueFilter>` contain a `\` to escape a special character
-or enter a special sequence, enter `\\\`.
+or enter a special sequence, enter `\\\` on Linux and Mac OS, `\\` on Windows,

-Example:
+Examples:
 ```
 csv_output_row_filter "'\"accounts:used_quota_in_mb\":count>15000'"
 csv_output_row_filter "'email:data:\"csvfile gsheet:email user@domain.com FileID Sheet1\"'"
+Linux and Mac OS
 csv_output_row_filter "'phones.\\\d+.value:regex:(?:^\\\(510\\\) )|(?:^510[- ])\\\d{3}-\\\d{4}'"
+Windows
+csv_output_row_filter "'phones.\\d+.value:regex:(?:^\\(510\\) )|(?:^510[- ])\\d{3}-\\d{4}'"
 ```
 JSON form.
 ```
--- a/docs/Calendars-Events.md
+++ b/docs/Calendars-Events.md
@@ -178,6 +178,7 @@ Client access works when accessing Resource calendars.
 <EventType> ::=
        default|
        focustime|
+        fromgmail|
        outofoffice|
        workinglocation
 <EventTypeList> ::= "<EventType>(,<EventType>)*"
@@ -360,11 +361,13 @@ The Google Calendar API processes `<EventSelectProperty>*`; you may specify none
 GAM processes `<EventMatchProperty>*`; you may specify none or multiple properties.
 * `matchfield attendees <EmailAddressEntity>` - All of the attendees in `<EmailAddressEntity>` must be present
 * `matchfield attendeesonlydomainlist <DomainNameList>` - All attendee's email addresses must be in a domain in `<DomainNameList>`
-  * For example, this lets you look for events with all attendees in your internal domains
+  * For example, this lets you look for events with all attendees in your internal domains. You should include `resource.calendar.google.com`
+    in `<DomainNameList>` if the events use resources.
 * `matchfield attendeesdomainlist <DomainNameList>` - Some attendee's email address must be in a domain in `<DomainNameList>`
  * For example, this lets you look for events with attendees in specific external domains
 * `matchfield attendeesnotdomainlist <DomainNameList>` - Some attendee's email address must be in a domain not in `<DomainNameList>`
-  * For example, this lets you look for events with attendees not in your internal domains
+  * For example, this lets you look for events with attendees not in your internal domains. You should include `resource.calendar.google.com`
+    in `<DomainNameList>` if the events use resources.
 * `matchfield attendeespattern <RegularExpression>` - Some attendee's email address must match `<RegularExpression>`
 * `matchfield attendeesstatus [<AttendeeAttendance>] [<AttendeeStatus>] <EmailAddressEntity>` - All of the attendees in `<EmailAddressEntity>` must be present
 and must have the specified values.
--- a/docs/ChromeOS-Devices.md
+++ b/docs/ChromeOS-Devices.md
@@ -105,6 +105,7 @@ The second form is backwards compatible with Standard GAM and selection with `<C
        annotatedlocation|location|
        annotateduser|user|
        autoupdateexpiration|
+        autoupdatethrough|
        backlightinfo|
        bootmode|
        cpuinfo|
@@ -117,6 +118,9 @@ The second form is backwards compatible with Standard GAM and selection with `<C
        dockmacaddress|
        ethernetmacaddress|
        ethernetmacaddress0|
+        extendedsupporteligible|
+        extendedsupportstart|
+        extendedsupportenabled|
        firmwareversion|
        firstenrollmenttime|
        lastdeprovisiontimestamp|
--- a/docs/Context-Aware-Access-Levels.md
+++ b/docs/Context-Aware-Access-Levels.md
@@ -23,7 +23,7 @@ gam update project
 ```

 ## API documentation
-* https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies/list
+* https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies

 ## Grant Service Account Rights to Manage CAA
 In order for GAM to manage CAA access levels, you need to grant your service account a special role for your GCP organization.
--- a/docs/Drive-File-Selection.md
+++ b/docs/Drive-File-Selection.md
@@ -182,7 +182,7 @@ gam user testuser show fileinfo anydrivefilename "Test File"
 gam user testuser show fileinfo anydrivefilename:"Test File"
 ```
 ## Select file ownership
-By default, files the user owns are sisplayed; you can select the ownership characteristic.
+By default, files the user owns are displayed; you can select the ownership characteristic.
 ```
 anyowner|(showownedby any|me|others)
 ```
--- a/docs/GamUpdates.md
+++ b/docs/GamUpdates.md
@@ -10,6 +10,118 @@ Add the `-s` option to the end of the above commands to suppress creating the `g

 See [Downloads](https://github.com/taers232c/GAMADV-XTD3/wiki/Downloads) for Windows or other options, including manual installation

+### 6.76.10
+
+Added `fromgmail` to `<EventType>` that can be used in `gam calendars <CalendarEntity> print|show events ... eventtype fromgmail`.
+
+* See: https://workspaceupdates.googleblog.com/2024/05/google-calendar-api-event-type-fromgmail.html
+
+### 6.76.09
+
+Updated `gam update|delete|info adminrole` to handle the following error:
+```
+ERROR: 400: failedPrecondition - Precondition check failed.
+```
+
+### 6.76.08
+
+Updated `<SchemaNameList>` to `"<SchemaName>|<SchemaFieldName>(,<SchemaName>|<SchemaFieldName>)*"`
+that allows `schemas <SchemaNameList>` in `gam info user` and `gam print users` to display all fields or selected fields
+of the specified custom schemas.
+
+### 6.76.07
+
+Fixed bug where control-C was not recognized when GAM had processed all rows in a CSV file
+and was `Waiting for N running processes to finish before terminating`.
+
+### 6.76.06
+
+Fixed bug in `gam <UserTypeEntity> print messages ... positivecountsonly` where message counts with value 0 were deiplayed.
+
+Added option `addcsvdata <FieldName> <String>` to `gam <UserTypeEntity> print|messages` that adds
+additional columns of data to the CSV file output.
+
+Added option `showusagebytes` to `gam <UserTypeEntity> print|show drivesettings` that displays
+the following fields in bytes ```usageBytes,usageInDriveBytes,usageInDriveTrashBytes```
+in addition to the fields in their formatted form with units: ```usage,usageInDrive,usageInDriveTrash```.
+This will be most useful with `print` as the rows can be sorted based on the `usagexxxBytes` columns.
+
+### 6.76.05
+
+Added options `deletefromoldowner`, `addtonewowner <CalendarAttribute>*` and `nolistmessages`
+to `gam <UserTypeEntity> transfer calendars <UserItem>` that allow manipulation of the
+source and target user's calendar lists.
+
+* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Calendars-Access#transfer-calendar-ownership
+
+### 6.76.04
+
+Added the following fields to `<CrOSFieldName>`:
+```
+autoupdatethrough
+extendedsupporteligible
+extendedsupportstart
+extendedsupportenabled
+```
+
+### 6.76.03
+
+Added option `folderpathonly [<Boolean>]` to the following commands that causes GAM
+to display only the folder names when displaying the path to a file. This folder only path
+an be used in  `gam <UserTypeEntity> create drivefolderpath` to recreate the folder hierarchy.
+```
+gam <UserTypeEntity> info drivefile ... filepath|fullpath
+gam <UserTypeEntity> show fileinfo ... filepath|fullpath
+gam <UserTypeEntity> print|show filepath
+gam <UserTypeEntity> print filelist ... filepath|fullpath
+```
+
+### 6.76.02
+
+Updated `gam update group` to handle the following error:
+```
+ERROR: 400: invalidArgument - Failed request validation in update settings: WHO_CAN_VIEW_MEMBERSHIP_CANNOT_BE_BROADER_THAN_WHO_CAN_SEE_GROUP
+```
+
+### 6.76.01
+
+Fixed bug in `gam create vaulthold matter <MatterItem> ... corpus calendar` that caused a trap.
+
+### 6.76.00
+
+Updated versions of `gam create|use project` that use keyword options to also accept the following options
+to define non-default Service Account key characteristics.
+```
+(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+(localkeysize 1024|2048|4096 [validityhours <Number>])|
+(yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber <String>)
+```
+
+### 6.75.05
+
+Added option `csv [todrive <ToDriveAttribute>*]` to `gam <UserTypeEntity> archive|delete|modify|spam|trash|untrash messages|threads`
+that causes GAM to display the command results in CSV form.
+
+### 6.75.04
+
+Added a command to print user counts by OrgUnit. By default, all users in the workspace are counted;
+you can specify a domain to only count users in that domain.
+```
+gam print usercountsbyorgunit [todrive <ToDriveAttribute>*]
+        [domain <String>]
+```
+
+Added option `uploadattachments [<DriveFileParentAttribute>]` to `gam <UserTypeEntity> show messages|threads` that
+causes GAM to upload all message attachments to the user's `My Drive`, the default, or to a specific folder.
+The existing option `attachmentnamepattern <RegularExpression>` can be used to select attachments to upload.
+
+### 6.75.03
+
+Fixed bug in `gam batch|tbatch` where the line `sleep <Integer>` in the batch file caused the error:
+```
+ERROR: Invalid argument: Expected <gam|commit-batch|print>
+```
+
 ### 6.75.02

 Updated `gam report  <ActivityApplictionName>` to retry/handle the following error:
--- a/docs/Groups-Membership.md
+++ b/docs/Groups-Membership.md
@@ -1,5 +1,6 @@
 Groups - Membership
 - [API documentation](#api-documentation)
+- [Query documentation](#query-documentation)
 - [Python Regular Expressions](Python-Regular-Expressions) Match function
 - [Definitions](#definitions)
 - [Collections of Users](#collections-of-users)
@@ -18,6 +19,10 @@
 ## API documentation
 * https://developers.google.com/admin-sdk/directory/v1/reference/members

+## Query documentation
+* https://developers.google.com/admin-sdk/directory/v1/guides/search-groups
+* https://cloud.google.com/identity/docs/reference/rest/v1/groups#dynamicgroupquery
+
 ## Definitions
 See [Collections of Items](Collections-of-Items)
 ```
--- a/docs/How-to-Upgrade-from-Standard-GAM.md
+++ b/docs/How-to-Upgrade-from-Standard-GAM.md
@@ -335,7 +335,7 @@ writes the credentials into the file oauth2.txt.
 admin@server:/Users/admin/bin/gamadv-xtd3$ rm -f /Users/admin/GAMConfig/oauth2.txt
 admin@server:/Users/admin/bin/gamadv-xtd3$ ./gam version
 WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: /Users/admin/GAMConfig/oauth2.txt, Not Found
-GAMADV-XTD3 6.75.02 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.76.10 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
 Python 3.12.3 64-bit final
 MacOS Sonoma 14.4.1 x86_64
@@ -1009,7 +1009,7 @@ writes the credentials into the file oauth2.txt.
 C:\GAMADV-XTD3>del C:\GAMConfig\oauth2.txt
 C:\GAMADV-XTD3>gam version
 WARNING: Config File: C:\GAMConfig\gam.cfg, Section: DEFAULT, Item: oauth2_txt, Value: C:\GAMConfig\oauth2.txt, Not Found
-GAMADV-XTD3 6.75.02 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.76.10 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
 Python 3.12.3 64-bit final
 Windows-10-10.0.17134 AMD64
--- a/docs/Install-GAM-as-Python-Library.md
+++ b/docs/Install-GAM-as-Python-Library.md
@@ -9,7 +9,7 @@ Scroll down to Install Git

 You can install GAM as a Python library with pip.
 ```
-pip install git+https://github.com/taers232c/GAMADV-XTD3.git#subdirectory=src --use-pep517
+pip install git+https://github.com/taers232c/GAMADV-XTD3.git#subdirectory=src
 ```

 Or as a PEP 508 Requirement Specifier, e.g. in requirements.txt file:
@@ -29,7 +29,7 @@ dependencies = [

 Target a specific revision or tag:
 ```
-advanced-gam-for-google-workspace @ git+https://github.com/taers232c/GAMADV-XTD3.git@v6.58.00#subdirectory=src
+advanced-gam-for-google-workspace @ git+https://github.com/taers232c/GAMADV-XTD3.git@v6.76.01#subdirectory=src
 ```

 ## Using the library
--- a/docs/List-Items.md
+++ b/docs/List-Items.md
@@ -85,7 +85,7 @@
 <QueryMobileList> ::= "<QueryMobile>(,<QueryMobile>)*"
 <QueryUserList> ::= "<QueryUser>(,<QueryUser>)*"
 <ResourceIDList> ::= "<ResourceID>(,<ResourceID>)*"
-<SchemaNameList> ::= "<SchemaName>(,<SchemaName>)*"
+<SchemaNameList> ::= "<SchemaName>|<SchemaFieldName>(,<SchemaName>|<SchemaFieldName>)*"
 <SerialNumberList> ::= "<SerialNumber>(,<SerialNumber>)*"
 <ServiceAccountKeyList> ::= "<ServiceAccountKey>(,<ServiceAccountKey>)*"
 <SiteACLScopeList> ::= "<SiteACLScope>(,<SiteACLScope>)*"
--- a/docs/Other-Resources.md
+++ b/docs/Other-Resources.md
@@ -4,14 +4,15 @@ The following are links to contributions of others in support of GAMADV-XTD3.

 Thank you.

-* Gabriel Clifton - https://docs.google.com/document/d/1p32QOBTr89GaG7RfCafSbFuhlUQ9r3qBM_666E0xvQM/edit
-* Steve Larsen - https://docs.google.com/spreadsheets/d/1MzzA-u-cmoQcJnQOovCnZcEKMjvOyFhfkdFdf10X_GI/edit
-* Iain Macleod - https://docs.google.com/document/d/1QxWAPdhROcx70OXLpSD9Trh3vs-nJKSMiaMZCTwOOTg/edit?pli=1#heading=h.2a2azzpy36k0
-* Kevin Melillo -  https://github.com/KevinMelilloIEEE/gam-script
-* James Seymour - https://sites.google.com/jis.edu.bn/gam-commands/home
 * Amado Tejada - https://github.com/amadotejada/GAMpass
-* Workspace Admins YouTube Channel - https://youtube.com/@googleworkspaceadmins
+* Brecht Sannen - https://gcloud.devoteam.com/blog/what-is-google-apps-manager-gam/
+* Gabriel Clifton - https://docs.google.com/document/d/1p32QOBTr89GaG7RfCafSbFuhlUQ9r3qBM_666E0xvQM/edit
 * Goldy Arora - https://www.goldyarora.com/license-notifier/
-* Paul Ogier (Taming.Tech) - GAMADV-XTD3 Tutorials https://www.youtube.com/watch?v=g9LDeyXQNLI&list=PL_dLiK09pJVhKJxZHNk9CHK0q5hkZ856w
+* Iain Macleod - https://docs.google.com/document/d/1QxWAPdhROcx70OXLpSD9Trh3vs-nJKSMiaMZCTwOOTg/edit?pli=1#heading=h.2a2azzpy36k0
+* James Seymour - https://sites.google.com/jis.edu.bn/gam-commands/home
+* Kevin Melillo -  https://github.com/KevinMelilloIEEE/gam-script
 * Paul Ogier (Taming.Tech) - GAMADV-XTD3 Course on Udemy https://taming.tech/GAMCourse
-* Paul Ogier (Taming.Tech) - https://taming.tech/taming-gam-a-practical-guide-to-gam-and-gamadv-xtd3/
+* Paul Ogier (Taming.Tech) - GAMADV-XTD3 Tutorials https://www.youtube.com/watch?v=g9LDeyXQNLI&list=PL_dLiK09pJVhKJxZHNk9CHK0q5hkZ856w
+* Paul Ogier (Taming.Tech) - https://taming.tech/taming-gam-a-practical-guide-to-gam-and-gamadv-xtd3/
+* Steve Larsen - https://docs.google.com/spreadsheets/d/1MzzA-u-cmoQcJnQOovCnZcEKMjvOyFhfkdFdf10X_GI/edit
+* Workspace Admins YouTube Channel - https://youtube.com/@googleworkspaceadmins
--- a/docs/Users-Calendars-Access.md
+++ b/docs/Users-Calendars-Access.md
@@ -37,6 +37,17 @@ Calendar ACL roles (as seen in Calendar GUI):
 <UniqueID> ::= id:<String>
 <UserItem> ::= <EmailAddress>|<UniqueID>|<String>

+<CalendarAttribute> ::=
+        (backgroundcolor <ColorValue>)|
+        (color <CalendarColorName>)|
+        (colorindex|colorid <CalendarColorIndex>)|
+        (foregroundcolor <ColorValue>)|
+        (hidden <Boolean>)|
+        (notification clear|(email <CalendarEmailNotificatonEventTypeList>))|
+        (reminder clear|(email|pop <Number>)|(<Number> email|pop))|
+        (selected <Boolean>)|
+        (summary <String>)
+
 <CalendarSettings> ::=
        (description <String>)|
        (location <String>)|
@@ -134,15 +145,15 @@ The `quotechar <Character>` option allows you to choose an alternate quote chara
 ## Transfer calendar ownership

 You can transfer ownership of calendars from one user to another; only non-primary calendars owned by the source user can be transferred.
-You can update calendar settings as part of the transfer. In description, location and summary, #email#, #user# and #username# will be replaced
-by the original owner's full email address or just the name portion; #timestamp# will be replaced by the current date and time.
 ```
-gam <UserTypeEntity> transfer calendars <UserItem> <UserCalendarEntity>
+gam <UserTypeEntity> transfer calendars|seccals <UserItem> [<UserCalendarEntity>]
        [keepuser | (retainrole <CalendarACLRole>)] [sendnotifications <Boolean>]
        [noretentionmessages]
        [<CalendarSettings>] [append description|location|summary] [noupdatemessages]
-gam <UserTypeEntity> transfer seccals <UserItem> [keepuser] [sendnotifications <Boolean>]
+        [deletefromoldowner] [addtonewowner <CalendarAttribute>*] [nolistmessages]
 ```
+If `<UserCalendarEntity>` is not specified, all of a user's owned secondary calendars will be transferrdd.
+
 By default, the users in `<UserTypeEntity>` retain no role in the transferred calendars.
 * `keepuser` - The users in `<UserTypeEntity>` retain their ownership.
 * `retainrole <CalendarACLRole>` - The users in `<UserTypeEntity>` retain the specified role.
@@ -150,11 +161,23 @@ By default, the users in `<UserTypeEntity>` retain no role in the transferred ca

 By default, when you add or update a calendar ACL, a notification is sent to the affected users; use `sendnotifications false` to suppress sending the notifications.

+You can update calendar settings as part of the transfer. In description, location and summary, #email#, #user# and #username# will be replaced
+by the original owner's full email address or just the name portion; #timestamp# will be replaced by the current date and time.
 * `<CalendarSettings>` - The value specified will replace the existing value.
 * `append description|location|summary` - The specified <CalendarSettings> value will be appended to the existing value.
 * `noupdatemessages` - Suppress the settings update messages.

+You can manipulate the old and new owner's calendar lists.
+* `deletefromoldowner` - Delete the calendar from the old owner's calendar list
+* `addtonewowner <CalendarAttribute>*` - Add the calendar to the new owner's calendar list; optionally specify attributes
+* `nolistmessages` - Suppress the calendar list add/delete messages.
+
 ### Example
+Transfer a secondary calendar from oldowner to newowner. Remove the calendar from the old owner's calendar list and add to the new owner's  calendar list.
+```
+gam user oldowner@domain.com transfer calendars newowner@domain.com c_aaa123zzz@group.calendar.google.com removefromoldowner addtonewowner
+```
+
 Transfer ownership of all non-primary calendars from oldowner to newowner; append a message to the calendar description noting the old owner and the time of transfer.
 ```
 gam user oldowner@domain.com transfer calendars newowner@domain.com minaccessrole owner description "(Transferred from #user# on #timestamp#)" append description
--- a/docs/Users-Calendars-Events.md
+++ b/docs/Users-Calendars-Events.md
@@ -243,6 +243,7 @@
 <EventType> ::=
        default|
        focustime|
+        fromgmail|
        outofoffice|
        workinglocation
 <EventTypeList> ::= "<EventType>(,<EventType>)*"
@@ -442,11 +443,13 @@ The Google Calendar API processes `<EventSelectProperty>*`; you may specify none
 GAM processes `<EventMatchProperty>*`; you may specify none or multiple properties.
 * `matchfield attendees <EmailAddressEntity>` - All of the attendees in `<EmailAddressEntity>` must be present
 * `matchfield attendeesonlydomainlist <DomainNameList>` - All attendee's email addresses must be in a domain in `<DomainNameList>`
-  * For example, this lets you look for events with all attendees in your internal domains
+  * For example, this lets you look for events with all attendees in your internal domains. You should include `resource.calendar.google.com`
+    in `<DomainNameList>` if the events use resources.
 * `matchfield attendeesdomainlist <DomainNameList>` - Some attendee's email address must be in a domain in `<DomainNameList>`
  * For example, this lets you look for events with attendees in specific external domains
 * `matchfield attendeesnotdomainlist <DomainNameList>` - Some attendee's email address must be in a domain not in `<DomainNameList>`
-  * For example, this lets you look for events with attendees not in your internal domains
+  * For example, this lets you look for events with attendees not in your internal domains. You should include `resource.calendar.google.com`
+    in `<DomainNameList>` if the events use resources.
 * `matchfield attendeespattern <RegularExpression>` - Some attendee's email address must match `<RegularExpression>`
 * `matchfield attendeesstatus [<AttendeeAttendance>] [<AttendeeStatus>] <EmailAddressEntity>` - All of the attendees in `<EmailAddressEntity>` must be present
 and must have the specified values.
--- a/docs/Users-Drive-Activity-Settings.md
+++ b/docs/Users-Drive-Activity-Settings.md
@@ -141,10 +141,16 @@ The `quotechar <Character>` option allows you to choose an alternate quote chara
 ```
 gam <UserTypeEntity> print drivesettings [todrive <ToDriveAttribute>*]
        [allfields|<DriveSettingsFieldName>*|(fields <DriveSettingsFieldNameList>)]
-        [delimiter <Character>]
+        [delimiter <Character>] [showusagebytes]
 gam <UserTypeEntity> show drivesettings
        [allfields|<DriveSettingsFieldName>*|(fields <DriveSettingsFieldNameList>)]
-        [delimiter <Character>]
+        [delimiter <Character>] [showusagebytes]
 ```
 If no fields are selected, these fields will be displayed:
    `name,appInstalled,largestChangeId,limit,maxUploadSize,permissionId,rootFolderId,usage,usageInDrive,usageInDriveTrash`
+
+By default, these fields are displayed in formatted form with units: ```usage,usageInDrive,usageInDriveTrash```.
+
+The option `showusagebytes` also displays the following fields in bytes ```usageBytes,usageInDriveBytes,usageInDriveTrashBytes```.
+
+This will be most useful with `print` as the rows can be sorted based on the `usagexxxBytes` columns.
--- a/docs/Users-Drive-Files-Display.md
+++ b/docs/Users-Drive-Files-Display.md
@@ -396,7 +396,7 @@ Display file details in indented keyword: value format. The two forms are equiva
 ```
 gam <UserTypeEntity> show fileinfo <DriveFileEntity>
        [returnidonly]
-        [filepath|fullpath] [pathdelimiter <Character>]
+        [filepath|fullpath] [folderpathonly [<Boolean>]] [pathdelimiter <Character>]
        [allfields|<DriveFieldName>*|(fields <DriveFieldNameList>)]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
        [showdrivename] [showshareddrivepermissions]
@@ -406,7 +406,7 @@ gam <UserTypeEntity> show fileinfo <DriveFileEntity>
        [formatjson]
 gam <UserTypeEntity> info drivefile <DriveFileEntity>
        [returnidonly]
-        [filepath|fullpath] [pathdelimiter <Character>]
+        [filepath|fullpath] [folderpathonly [<Boolean>]] [pathdelimiter <Character>]
        [allfields|<DriveFieldName>*|(fields <DriveFieldNameList>)]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
        [showdrivename] [showshareddrivepermissions]
@@ -421,6 +421,10 @@ Use `filepath` to display the path(s) to the files in `<DriveFileEntity>`.

 Use `fullpath` to add additional path information indicating that a file is an Orphan or Shared with me.

+By default, the path to a file includes the file name as the last element of the path.
+Use `folderpathonly` to display only the folder names when displaying the path to a file. This folder only path
+an be used in  `gam <UserTypeEntity> create drivefolderpath` to recreate the folder hierarchy.
+
 By default, file path components are separated by `/`; use `pathdelimiter <Character>` to use `<Character>` as the separator.

 When `allfields` is specified (or no fields are specified), use `showdrivename` to display Shared(Team) Drive names.
@@ -479,16 +483,21 @@ By default, Gam displays the information as an indented list of keys and values.
 gam <UserTypeEntity> show filepath <DriveFileEntity>
        [returnpathonly]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
-        [stripcrsfromname] [fullpath] [pathdelimiter <Character>]
+        [stripcrsfromname]
+        [folderpathonly [<Boolean>]] [fullpath] [pathdelimiter <Character>]
 gam <UserTypeEntity> print filepath <DriveFileEntity> [todrive <ToDriveAttribute>*]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
-        [stripcrsfromname] [fullpath] [pathdelimiter <Character>]
-        [oneitemperrow]
+        [stripcrsfromname] [oneitemperrow]
+        [fullpath] [folderpathonly [<Boolean>]] [pathdelimiter <Character>]
 ```
 Use `returnpathonly` to display just the file path of the files in `<DriveFileEntity>`.

 Use `fullpath` to add additional path information indicating that a file is an Orphan or Shared with me.

+By default, the path to a file includes the file name as the last element of the path.
+Use `folderpathonly` to display only the folder names when displaying the path to a file. This folder only path
+an be used in  `gam <UserTypeEntity> create drivefolderpath` to recreate the folder hierarchy.
+
 By default, file path components are separated by `/`; use `pathdelimiter <Character>` to use `<Character>` as the separator.

 The `stripcrsfromname` option strips nulls, carriage returns and linefeeds from drive file names.
@@ -1009,8 +1018,9 @@ gam <UserTypeEntity> print|show filelist [todrive <ToDriveAttribute>*]
        [excludetrashed]
        [maxfiles <Integer>] [nodataheaders <String>]
        [countsonly [summary none|only|plus] [summaryuser <String>]
-                    [showsource] [showsize] [showmimetypesize]] [countsrowfilter]
-        [filepath|fullpath [pathdelimiter <Character>] [addpathstojson] [showdepth]] [buildtree]
+                    [showsource] [showsize] [showmimetypesize]]
+        [countsrowfilter]
+        [filepath|fullpath [folderpathonly [<Boolean>]] [pathdelimiter <Character>] [addpathstojson] [showdepth]] [buildtree]
        [allfields|<DriveFieldName>*|(fields <DriveFieldNameList>)]
        [showdrivename] [showshareddrivepermissions]
        [(showlabels details|ids)|(includelabels <DriveLabelIDList>)]
@@ -1026,6 +1036,10 @@ When `allfields` is specified (or no fields are specified), use `showshareddrive
 when shared drives are queried/selected. In this case, the Drive API returns the permission IDs
 but not the permissions themselves so GAM makes an additional API call per file to get the permissions.

+By default, when `showimimetype` and `filepath|fullpath`are both specified, GAM locally filters files by MimeType;
+this may be slow if the user has a large number of files. Adding the option `mimetypeinquery` or `mimetypeinquery true`
+causes GAM to have Google filter files by MimeType; this will increase performance.
+
 See [Select files for Display file counts, list, tree](#select-files-for-display-file-counts-list-tree)

 ## File selection by name and entity shortcuts for Display file list
@@ -1117,13 +1131,13 @@ By default, when a folder is selected, only its contents are displayed.
 ## Choose what fields to display
 If no query or select is performed, use these options to get file path information:
 * `filepath|fullpath` - For files and folders, display the full path(s) to them starting at the root (My Drive)
-* `addcsvdata <FieldName> <String>` - Add additional columns of data from the command line to the output
 * `addpathstojson` - When this option and `formatjson` are specified, the path information will be included in the
 JSON data rather than as additional columns
+* `addcsvdata <FieldName> <String>` - Add additional columns of data from the command line to the output

 When used with `filepath` or `fullpath`, `showdepth` will display a `depth` column.
 Files/folders directly in `My Drive` are at depth 0, the depth increases by 1
-for each containing folder. For files with multiple parents, the maximum depth is displayed.
+for each containing folder.

 If a query or select is performed, use these options to get file path information:
 * `filepath` - For files, no path information is shown; for folders, the paths of all of its children are shown starting at the selected folder
@@ -1131,6 +1145,10 @@ If a query or select is performed, use these options to get file path informatio
 * `addpathstojson` - When this option and `formatjson` are specified, the path information will be included in the
 JSON data rather than as additional columns

+By default, the path to a file includes the file name as the last element of the path.
+Use `folderpathonly` to display only the folder names when displaying the path to a file. This folder only path
+an be used in  `gam <UserTypeEntity> create drivefolderpath` to recreate the folder hierarchy.
+
 By default, file path components are separated by `/`; use `pathdelimiter <Character>` to use `<Character>` as the separator.

 By default, only the fields `id` and `webViewLink` are displayed.
--- a/docs/Users-Gmail-Messages-Threads.md
+++ b/docs/Users-Gmail-Messages-Threads.md
@@ -23,6 +23,7 @@
  - [Print only options](#print-only-options)
  - [Show only options](#show-only-options)
  - [Download attachments](#download-attachments)
+  - [Upload attachments](#upload-attachments)
  - [Display messages sent by delegates for delegator](#display-messages-sent-by-delegates-for-delegator)
 - [User attribute `replace <Tag> <UserReplacement>` processing](Tag-Replace)

@@ -180,6 +181,20 @@ Block emails between specific user groups
        (gdoc|ghtml <UserGoogleDoc>)|
        (gcsdoc|gcshtml <StorageBucketObjectName>)|
        (emlfile <FileName> [charset <Charset>]))
+
+<DriveFolderID> ::= <String>
+<DriveFolderName> ::= <String>
+<SharedDriveID> ::= <String>
+<SharedDriveName> ::= <String>
+
+<DriveFileParentAttribute> ::=
+        (parentid <DriveFolderID>)|
+        (parentname <DriveFolderName>)|
+        (anyownerparentname <DriveFolderName>)|
+        (teamdriveparentid <DriveFolderID>)|
+        (teamdriveparent <SharedDriveName>)|
+        (teamdriveparentid <SharedDriveID> teamdriveparentname <DriveFolderName>)|
+        (teamdriveparent <SharedDriveName> teamdriveparentname <DriveFolderName>)
 ```
 ## Message queries with dates
 ```
@@ -345,10 +360,25 @@ Your command line will have: `embedimage file1.jpg image1` embedimage file2.jpg
 gam <UserTypeEntity> archive messages <GroupItem>
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_archive <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 ```

 Messages are archived to the group specified by `<GroupItem>`.

+By default, the command results are displayed as indented keys and values. Use the `csv` option
+to display the command results in CSV form.
+```
+$ gam user user@domain.com archive messages ids 18e9fc6581b9acab,18e9fc58c5491f4c    
+User: user@domain.com, Archive 2 Messages
+  User: user@domain.com, Message: 18e9fc6581b9acab, Archived (1/2)
+  User: user@domain.com, Message: 18e9fc58c5491f4c, Archived (2/2)
+$ gam user user@domain.com archive messages ids 18e9fc6581b9acab,18e9fc58c5491f4c csv
+User: user@domain.com, Archive 2 Messages
+User,id,action,error
+user@domain.com,18e9fc6581b9acab,Archived,
+user@domain.com,18e9fc58c5491f4c,Archived,
+```
+
 See below for message selection.

 ## Export messages/threads
@@ -406,20 +436,40 @@ See below for message selection.
 gam <UserTypeEntity> delete messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_delete <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> modify messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_modify <Number>])|(ids <MessageIDEntity>)
        (addlabel <LabelName>)* (removelabel <LabelName>)*
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> spam messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_spam <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> trash messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_trash <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> untrash messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_untrash <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 ```
+
+By default, the command results are displayed as indented keys and values. Use the `csv` option
+to display the command results in CSV form.
+```
+$ gam user user@domain.com delete messages ids 18e9fc6581b9acab,18e9fc58c5491f4c    
+User: user@domain.com, Delete 2 Messages
+  User: user@domain.com, Message: 18e9fc6581b9acab, Deleted (1/2)
+  User: user@domain.com, Message: 18e9fc58c5491f4c, Deleted (2/2)
+$ gam user user@domain.com delete messages ids 18e9fc6581b9acab,18e9fc58c5491f4c csv
+User: user@domain.com, Delete 2 Messages
+User,id,action,error
+user@domain.com,18e9fc6581b9acab,Deleted,
+user@domain.com,18e9fc58c5491f4c,Deleted,
+```
+
 ### Manage a specific set of messages
 * `ids <MessageIDEntity>` - A list of message ids

@@ -506,6 +556,7 @@ By default, Gam displays all messages.
  * `labelmatchpattern xyz` - Label must start with xyz
  * `labelmatchpattern .*xyz.*` - Label must contain xyz
  * `labelmatchpattern .*xyz` - Label must end with xyz
+  * `labelmatchpattern ^xyz$` - Label must extctly match xyz
 * `sendermatchpattern <RegularExpression>` - Only display messages if the sender matches the `<RegularExpression>`

 When `matchlabel <LabelName>` is specified, the following characters are replaced with a `-` in the generated query.
@@ -595,6 +646,16 @@ By default, when downloading attachments, an existing local file will not be ove
 * `overwrite true` - Overwite an existing file
 * `overwrite false` - Do not overwite an existing file; add a numeric prefix and create a new file

+## Upload attachments
+These options are valid with `show'.
+
+By default, message attachments are not uploaded to Google Drive.
+* `uploadattachments` - Upload message attachments
+* `attachmentnamepattern <RegularExpression>` - Limit the attachments uploaded to those whose names match `<RegularExpression>`
+
+By default, message attachments are uploaded to the root of the user's My Drive.
+* `<DriveFileParentAttributeh>` - Specify an alternate location for the uploaded attachments
+
 ## Display messages sent by delegates for delegator
 Display messages sent by a particular delegate for a delegator; the message is
 from the delegator but sent by the delegate.
--- a/docs/Users.md
+++ b/docs/Users.md
@@ -37,6 +37,7 @@
 - [Print user domain counts](#print-user-domain-counts)
    - [Print domain counts for users in a specific domain and/or selected by a query](#print-domain-counts-for-users-in-a-specific-domain-and-or-selected-by-a-query)
    - [Print domain counts for users specified by `<UserTypeEntity>`](#print-domain-counts-for-users-specified-by-usertypeentity)
+- [Print user counts by OrgUnit](print-user-counts-by-orgunit)
 - [Print user list](#print-user-list)
 - [Display user counts](#display-user-counts)
 - [Verify domain membership]($verify-domain-membership)
@@ -109,6 +110,11 @@ queries "`"orgUnitPath=\'/Students/Lower\ School/2027\'`",`"orgUnitPath=\'/Stude
 <QueryUser> ::= <String>
        See: https://developers.google.com/admin-sdk/directory/v1/guides/search-users

+<FieldName> ::= <String>
+<SchemaName> ::= <String>
+<SchemaNameField> ::= <SchemaName>.<FieldName>
+<SchemaNameList> ::= "<SchemaName>|<SchemaFieldName>(,<SchemaName>|<SchemaFieldName>)*"
+
 <StorageBucketName> ::= <String>
 <StorageObjectName> ::= <String>
 <StorageBucketObjectName> ::=
@@ -487,7 +493,7 @@ clearschema <SchemaName>
 ```
 Clear a specific field in a schema:
 ```
-clearschema <SchemaName>.<FieldName>
+clearschema <SchemaNameField>
 ```

 ## Create a user
@@ -613,7 +619,7 @@ gam update user <UserItem> [ignorenullpassword] <UserAttribute>*
        [updateoufromgroup <FileName> [charset <Charset>]
            [columndelimiter <Character>] [noescapechar <Boolean>] [quotechar <Character>]
            [fields <FieldNameList>] [keyfield <FieldName>] [datafield <FieldName>]]
-        [clearschema <SchemaName>] [clearschema <SchemaName>.<FieldName>]
+        [clearschema <SchemaName>|<SchemaNameField>]
        [createifnotfound] [notfoundpassword random|<Password>]
        (groups [<GroupRole>] [[delivery] <DeliverySetting>] <GroupEntity>)*
        [alias|aliases <EmailAddressList>]
@@ -634,7 +640,7 @@ gam update users <UserTypeEntity> [ignorenullpassword] <UserAttribute>*
        [updateoufromgroup <FileName> [charset <Charset>]
            [columndelimiter <Character>] [noescapechar <Boolean>] [quotechar <Character>]
            [fields <FieldNameList>] [keyfield <FieldName>] [datafield <FieldName>]]
-        [clearschema <SchemaName>] [clearschema <SchemaName>.<FieldName>]
+        [clearschema <SchemaName>|<SchemaNameField>]
        [createifnotfound] [notfoundpassword random|<Password>]
        (groups [<GroupRole>] [[delivery] <DeliverySetting>] <GroupEntity>)*
        [alias|aliases <EmailAddressList>]
@@ -655,7 +661,7 @@ gam <UserTypeEntity> update users [ignorenullpassword] <UserAttribute>*
        [updateoufromgroup <FileName> [charset <Charset>]
            [columndelimiter <Character>] [noescapechar <Boolean>] [quotechar <Character>]
            [fields <FieldNameList>] [keyfield <FieldName>] [datafield <FieldName>]]
-        [clearschema <SchemaName>] [clearschema <SchemaName>.<FieldName>]
+        [clearschema <SchemaName>|<SchemaNameField>]
        [createifnotfound] [notfoundpassword random|<Password>]
        (groups [<GroupRole>] [[delivery] <DeliverySetting>] <GroupEntity>)*
        [alias|aliases <EmailAddressList>]
@@ -953,7 +959,7 @@ Starting in version `5.23.01`, the variable `quick_info_user` was added to `gam.

 These existing options enable the display of additional information.
 * `(products|product <ProductIDList>)|(skus|sku <SKUIDList>)` - Display license information for a selected list of products/SKUs.
-* `schemas|custom|customschemas <SchemaNameList>` - Display the specified custom schemas
+* `schemas|custom|customschemas <SchemaNameList>` - Display all fields or selected fields of the specified custom schemas

 By default, Gam displays fields that only an adminstrator can view.
 * `userview` - Only display fields that other users in the domain can view.
@@ -1063,8 +1069,8 @@ By default, Gam displays only the primary email address for each user.
 * `allfields|basic` - Display all non custom schema fields for each user.
 * `full` - Display all fields including  all custom schema fields for each user.
 * `<UserFieldName>* [fields <UserFieldNameList>]` - Only display selected fields.
-* `schemas|custom all` - Get custom schema information for all schemas.
-* `schemas|custom <SchemaNameList>` - Get custom schema information for a selected list of schemas.
+* `schemas|custom all` - Display custom schema information for all schemas.
+* `schemas|custom <SchemaNameList>` - Display all fields or selected fields of the specified custom schemas

 By default, when aliases are displayed, all aliases are displayed. Use `aliasmatchpattern <RegularExpression>`
 to limit the display of aliases to those that match `<RegularExpression>`.
@@ -1242,6 +1248,15 @@ $ more UsersList.csv
 ["testuser1@domain.org",  "testuser2@domain.org",  "testuser3@domain.org",  "testuser4@domain.org"] 
 ```

+## Print user counts by OrgUnit
+Display the count of archived, suspended and total users in each OrgUnit; display a grand total.
+
+By default, all users in the workspace are counted; you can specify a domain to only count users in that domain.
+```
+gam print usercountsbyorgunit [todrive <ToDriveAttribute>*]
+        [domain <String>]
+```
+
 ## Display user counts
 Display the number of users in an entity.
 ```
--- a/docs/Vault-Takeout.md
+++ b/docs/Vault-Takeout.md
@@ -546,7 +546,7 @@ The `shownames` argument controls whether account and org unit names are display
 ## Vault Holds
 ## Create Vault Holds
 ```
-gam create vaulthold|hold matter <MatterItem> [name <String>] corpus drive|mail|groups|hangouts_chat
+gam create vaulthold|hold matter <MatterItem> [name <String>] corpus calendar|drive|mail|groups|hangouts_chat|voice
        [(accounts|groups|users <EmailItemList>) | (orgunit|org|ou <OrgUnit>)]
        [query <QueryVaultCorpus>]
        [terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>]
@@ -560,10 +560,12 @@ Specify the name of the hold:
 * `default` - The hold will be named `GAM <corpus> Hold - <Time>`

 Specify the corpus of data, this option is required:
+* `calendar`
 * `drive`
 * `mail`
 * `groups`
 * `hangouts_chat`
+* `voice`

 Specify the search method, this option is required:
 * `accounts|groups|users <EmailAddressEntity>` - Search all accounts specified in `<EmailAddressEntity>`
--- a/docs/Version-and-Help.md
+++ b/docs/Version-and-Help.md
@@ -1,9 +1,9 @@
-# Version and Help
+\# Version and Help

 Print the current version of Gam with details
 ```
 gam version
-GAMADV-XTD3 6.75.02 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.76.10 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
 Python 3.12.3 64-bit final
 MacOS Sonoma 14.4.1 x86_64
@@ -15,7 +15,7 @@ Time: 2023-06-02T21:10:00-07:00
 Print the current version of Gam with details and time offset information
 ```
 gam version timeoffset
-GAMADV-XTD3 6.75.02 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.76.10 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
 Python 3.12.3 64-bit final
 MacOS Sonoma 14.4.1 x86_64
@@ -27,7 +27,7 @@ Your system time differs from www.googleapis.com by less than 1 second
 Print the current version of Gam with extended details and SSL information
 ```
 gam version extended
-GAMADV-XTD3 6.75.02 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
+GAMADV-XTD3 6.76.10 - https://github.com/taers232c/GAMADV-XTD3 - pythonsource
 Ross Scroggs <ross.scroggs@gmail.com>
 Python 3.12.3 64-bit final
 MacOS Sonoma 14.4.1 x86_64
@@ -64,7 +64,7 @@ MacOS High Sierra 10.13.6 x86_64
 Path: /Users/Admin/bin/gamadv-xtd3
 Version Check:
  Current: 5.35.08
-   Latest: 6.75.02
+   Latest: 6.76.10
 echo $?
 1
 ```
@@ -72,7 +72,7 @@ echo $?
 Print the current version number without details
 ```
 gam version simple
-6.75.02
+6.76.10
 ```
 In Linux/MacOS you can do:
 ```
@@ -82,7 +82,7 @@ echo $VER
 Print the current version of Gam and address of this Wiki
 ```
 gam help
-GAM 6.75.02 - https://github.com/taers232c/GAMADV-XTD3
+GAM 6.76.10 - https://github.com/taers232c/GAMADV-XTD3
 Ross Scroggs <ross.scroggs@gmail.com>
 Python 3.12.3 64-bit final
 MacOS Sonoma 14.4.1 x86_64
--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@@ -546,6 +546,7 @@ If an item contains spaces, it should be surrounded by ".
 <ResellerID> ::= <String>
 <ResourceID> ::= <String>
 <SchemaName> ::= <String>
+<SchemaNameField> ::= <SchemaName>.<FieldName>
 <Section> ::= <String>
 <SendAsContent> ::=
        (sig|signature|htmlsig <String>)|
@@ -626,7 +627,7 @@ If an item contains spaces, it should be surrounded by ".
        (tdsubject <String>)|
        ([tdsheetdaysoffset <Number>] [tdsheethoursoffset <Number>])|
        (tdtimestamp [<Boolean>] [tdtimeformat <String>]
-            ([tddaysoffset <Number>] [tdhoursoffset <Number>])|
+            [tddaysoffset <Number>] [tdhoursoffset <Number>])|
        (tdtimezone <TimeZone>)|
        (tdtitle <String>)|
        (tdupdatesheet [<Boolean>])|
@@ -725,7 +726,7 @@ If an item contains spaces, it should be surrounded by ".
 <QueryMobileList> ::= "<QueryMobile>(,<QueryMobile>)*"
 <QueryUserList> ::= "<QueryUser>(,<QueryUser>)*"
 <ResourceIDList> ::= "<ResourceID>(,<ResourceID>)*"
-<SchemaNameList> ::= "<SchemaName>(,<SchemaName>)*"
+<SchemaNameList> ::= "<SchemaName>|<SchemaFieldName>(,<SchemaName>|<SchemaFieldName>)*"
 <SerialNumberList> ::= "<SerialNumber>(,<SerialNumber>)*"
 <ServiceAccountKeyList> ::= "<ServiceAccountKey>(,<ServiceAccountKey>)*"
 <SiteACLScopeList> ::= "<SiteACLScope>(,<SiteACLScope>)*"
@@ -1338,10 +1339,16 @@ gam create project [admin <EmailAddress>] [project <ProjectID>]
        [projectname <ProjectName>] [parent <String>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
        [sadescription <ServiceAccountDescription>]
+        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+         (localkeysize 1024|2048|4096 [validityhours <Number>])|
+         (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]
 gam use project [<EmailAddress>] [<ProjectID>]
 gam use project [admin <EmailAddress>] [project <ProjectID>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
        [sadescription <ServiceAccountDescription>]
+        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+         (localkeysize 1024|2048|4096 [validityhours <Number>])|
+         (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]
 gam update project [[admin] <EmailAddress>] [<ProjectIDEntity>]
 gam delete project [[admin] <EmailAddress>] [<ProjectIDEntity>]
 gam show projects [[admin] <EmailAddress>] [all|<ProjectIDEntity>]
@@ -1354,6 +1361,9 @@ gam info currentprojectid
 gam create|add svcacct [[admin] <EmailAddress>] [<ProjectIDEntity>]
        [saname <ServiceAccountName>] [sadisplayname <ServiceAccountDisplayName>]
        [sadescription <ServiceAccountDescription>]
+        [(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+         (localkeysize 1024|2048|4096 [validityhours <Number>])|
+         (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)]
 gam delete svcacct [[admin] <EmailAddress>] [<ProjectIDEntity>]
        (saemail <ServiceAccountEmail>)|(saname <ServiceAccountName>)|(sauniqueid <ServiceAccountUniqueID>)
 gam check svcacct <UserTypeEntity> (scope|scopes <APIScopeURLList>)*
@@ -1367,51 +1377,35 @@ gam print svcaccts [[admin] <EmailAddress>] [all|<ProjectIDEntity>]

 gam create sakey
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (localkeysize 1024|2048|4096)|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 gam rotate sakey|sakeys retain_existing
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)

 gam update sakey
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 gam rotate sakey|sakeys replace_current
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)

 gam replace sakeys
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (localkeysize 1024|2048|4096)|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)
 gam rotate sakey|sakeys retain_none
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)

 gam upload sakey [admin <EmailAddress>]
        (algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
-        ((localkeysize 1024|2048|4096 [validityhours <Number>])|
-        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE
-         yubikey_serialnumber <Number>
-         [localkeysize 1024|2048|4096])
+        (localkeysize 1024|2048|4096 [validityhours <Number>])|
+        (yubikey yubikey_pin yubikey_slot AUTHENTICATION|SIGNATURE yubikey_serialnumber <Number>)

 gam delete sakeys <ServiceAccountKeyList>+ [doit]
 gam show sakeys [all|system|user]
@@ -2237,6 +2231,7 @@ gam <CrOSTypeEntity> update <CrOSAttribute>+ [quickcrosmove [<Boolean>]] [nobatc
        annotatedlocation|location|
        annotateduser|user|
        autoupdateexpiration|
+        autoupdatethrough|
        backlightinfo|
        bootmode|
        cpuinfo|
@@ -2249,6 +2244,9 @@ gam <CrOSTypeEntity> update <CrOSAttribute>+ [quickcrosmove [<Boolean>]] [nobatc
        dockmacaddress|
        ethernetmacaddress|
        ethernetmacaddress0|
+        extendedsupporteligible|
+        extendedsupportstart|
+        extendedsupportenabled|
        firmwareversion|
        firstenrollmenttime|
        lastdeprovisiontimestamp|
@@ -4223,7 +4221,8 @@ gam report usage customer [todrive <ToDriveAttribute>*]
        rules|
        saml|
        token|tokens|oauthtoken|
-        useraccounts
+        useraccounts|
+        vault

 gam report <ActivityApplicationName> [todrive <ToDriveAttribute>*]
        [(user all|<UserItem>)|(orgunit|org|ou <OrgUnitPath> [showorgunit])|(select <UserTypeEntity>)]
@@ -4994,7 +4993,7 @@ gam <UserTypeEntity> show teamdriveacls
        (field:<UserReplacementField>)|
        (field:<UserReplacementFieldSubfield>)|
        (field:<UserReplacementFieldSubfieldMatchSubfield>)|
-        (schema:<SchemaName>.<FieldName>)|
+        (schema:<SchemaNameField>)|
        <String>

 # Vault/Takeout
@@ -5104,7 +5103,7 @@ gam show vaultexports|exports
        [fields <VaultExportFieldNameList>] [shownames]
        [formatjson]

-gam create vaulthold|hold matter <MatterItem> [name <String>] corpus drive|mail|groups|hangouts_chat
+gam create vaulthold|hold matter <MatterItem> [name <String>] corpus calendar|drive|mail|groups|hangouts_chat|voice
        [(accounts|groups|users <EmailItemList>) | (orgunit|org|ou <OrgUnit>)]
        [query <QueryVaultCorpus>]
        [terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>]
@@ -5259,9 +5258,9 @@ gam download storagefile <StorageBucketObjectName>
        (recoveryemail <EmailAddress>)|
        (recoveryphone <string>)|
        (suspend|suspended <Boolean>)|
-        (<SchemaName>.<FieldName> [scalarnonempty|
-                                   [multivalued|multivalue|value|multinonempty [type home|other|work|(custom <String>)]]]
-                                  <String>)
+        (<SchemaNameField> [scalarnonempty|
+                             [multivalued|multivalue|value|multinonempty [type home|other|work|(custom <String>)]]]
+                           <String>)

 <UserMultiAttribute> ::=
        (address type home|other|work|(custom <String>)
@@ -5350,7 +5349,7 @@ gam update user <UserItem> [ignorenullpassword] <UserAttribute>*
            [columndelimiter <Character>] [noescapechar <Boolean>] [quotechar <Character>]
            [fields <FieldNameList>] [keyfield <FieldName>] [datafield <FieldName>]]
        [immutableous <OrgUnitEntity>]|
-        [clearschema <SchemaName>] [clearschema <SchemaName>.<FieldName>]
+        [clearschema <SchemaName> |  <SchemaNameField>]
        [createifnotfound] [notfoundpassword (random [<Integer>])|blocklogin|<Password>]
        (groups [<GroupRole>] [[delivery] <DeliverySetting>] <GroupEntity>)*
        [alias|aliases <EmailAddressList>]
@@ -5385,7 +5384,7 @@ gam update users <UserTypeEntity> [ignorenullpassword] <UserAttribute>*
        [updateoufromgroup <FileName> [charset <CharSet>]
            [columndelimiter <Character>] [noescapechar <Boolean>] [quotechar <Character>]
            [fields <FieldNameList>] [keyfield <FieldName>] [datafield <FieldName>]]
-        [clearschema <SchemaName>] [clearschema <SchemaName>.<FieldName>]
+        [clearschema <SchemaName>|<SchemaNameField>]
        [createifnotfound] [notfoundpassword (random [<Integer>])|blocklogin|<Password>]
        (groups [<GroupRole>] [[delivery] <DeliverySetting>] <GroupEntity>)*
        [alias|aliases <EmailAddressList>]
@@ -5418,7 +5417,7 @@ gam <UserTypeEntity> update users [ignorenullpassword] <UserAttribute>*
        [verifynotinvitable] [noactionifalias]
        [updateprimaryemail <RegularExpression> <EmailReplacement>]
        [updateoufromgroup <CSVFileInput> [keyfield <FieldName>] [datafield <FieldName>]]
-        [clearschema <SchemaName>] [clearschema <SchemaName>.<FieldName>]
+        [clearschema <SchemaName> | <SchemaNameField>]
        [createifnotfound] [notfoundpassword (random [<Integer>])|blocklogin|<Password>]
        (groups [<GroupRole>] [[delivery] <DeliverySetting>] <GroupEntity>)*
        [alias|aliases <EmailAddressList>]
@@ -5529,6 +5528,11 @@ gam <UserTypeEntity> print users [todrive <ToDriveAttribute>*]
        [formatjson [quotechar <Character>]] [countsonly|countonly]
        [issuspended <Boolean>]

+Print user counts by OrgUnits
+
+gam print usercountsbyorgunit [todrive <ToDriveAttribute>*]
+        [domain <String>]
+
 Print lists of users

 gam <UserTypeEntity> print userlist [todrive <ToDriveAttribute>*]
@@ -5699,12 +5703,12 @@ gam <UserTypeEntity> print calendaracls <UserCalendarEntity> [todrive <ToDriveAt
        [noselfowner] (addcsvdata <FieldName> <String>)*
        [formatjson [quotechar <Character>]]

-Transfer ownership of a selection of users calendars to another user
+Transfer ownership of a selection of a users secondary calendars to another user

-gam <UserTypeEntity> transfer calendars <UserItem> <UserCalendarEntity>
+gam <UserTypeEntity> transfer calendars|seccals <UserItem> [<UserCalendarEntity>]
        [keepuser | (retainrole <CalendarACLRole>)] [sendnotifications <Boolean>] [noretentionmessages]
-        <CalendarSettings>] [append description|location|summary] [noupdatemessages]
-gam <UserTypeEntity> transfer seccals <UserItem> [keepuser] [sendnotifications <Boolean>]
+        <CalendarSettings>* [append description|location|summary] [noupdatemessages]
+        [deletefromoldowner] [addtonewowner <CalendarAttribute>*] [nolistmessages]

 <AttendeeAttendance> ::= optional|required
 <AttendeeStatus> ::= accepted|declined|needsaction|tentative
@@ -6247,7 +6251,7 @@ gam <UserTypeEntity> untrash drivefile <DriveFileEntity>

 gam <UserTypeEntity> info drivefile <DriveFileEntity>
        [returnidonly]
-        [filepath|fullpath] [pathdelimiter <Character>]
+        [filepath|fullpath] [folderpathonly [<Boolean>]] [pathdelimiter <Character>]
        [allfields|<DriveFieldName>*|(fields <DriveFieldNameList>)]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
        [showdrivename] [showshareddrivepermissions]
@@ -6730,7 +6734,7 @@ gam <UserTypeEntity> collect orphans

 gam <UserTypeEntity> show fileinfo <DriveFileEntity>
        [returnidonly]
-        [filepath|fullpath] [pathdelimiter <Character>]
+        [filepath|fullpath] [folderpathonly [<Boolean>]] [pathdelimiter <Character>]
        [allfields|<DriveFieldName>*|(fields <DriveFieldNameList>)]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
        [showdrivename] [showshareddrivepermissions]
@@ -6740,13 +6744,14 @@ gam <UserTypeEntity> show fileinfo <DriveFileEntity>
        [formatjson]

 gam <UserTypeEntity> show filepath <DriveFileEntity>
-        [returnidonly]
+        [returnpathonly]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
-        [stripcrsfromname] [fullpath] [pathdelimiter <Character>]
+        [stripcrsfromname]
+        [fullpath] [folderpathonly [<Boolean>]] [pathdelimiter <Character>]
 gam <UserTypeEntity> print filepath <DriveFileEntity> [todrive <ToDriveAttribute>*]
        (orderby <DriveFileOrderByFieldName> [ascending|descending])*
-        [stripcrsfromname] [fullpath] [pathdelimiter <Character>]
-        [oneitemperrow]
+        [stripcrsfromname] [oneitemperrow]
+        [fullpath] [folderpathonly [<Boolean>]] [pathdelimiter <Character>]

 gam <UserTypeEntity> print filecounts [todrive <ToDriveAttribute>*]
        [((query <QueryDriveFile>) | (fullquery <QueryDriveFile>) | <DriveFileQueryShortcut>)
@@ -6840,7 +6845,7 @@ gam <UserTypeEntity> print filelist [todrive <ToDriveAttribute>*]
        [countsonly [summary none|only|plus] [summaryuser <String>]
                    [showsource] [showsize] [showmimetypesize]]
        [countsrowfilter]
-        [filepath|fullpath [pathdelimiter <Character>] [addpathstojson] [showdepth]] [buildtree]
+        [filepath|fullpath [folderpathonly [<Boolean>]] [pathdelimiter <Character>] [addpathstojson] [showdepth]] [buildtree]
        [allfields|<DriveFieldName>*|(fields <DriveFieldNameList>)]
        [showdrivename] [showshareddrivepermissions]
        [(showlabels details|ids)|(includelabels <DriveLabelIDList>)]
@@ -6901,8 +6906,12 @@ gam <UserTypeEntity> print|show driveactivity [todrive <ToDriveAttribute>*]
        usageindrivetrash
 <DriveSettingsFieldNameList> ::= "<DriveSettingsFieldName>(,<DriveSettingsFieldName>)*"

-gam <UserTypeEntity> print drivesettings [todrive <ToDriveAttribute>*] [allfields|<DriveSettingsFieldName>*|(fields <DriveSettingsFieldNameList>)] [delimiter <Character>]
-gam <UserTypeEntity> show drivesettings [allfields|<DriveSettingsFieldName>*|(fields <DriveSettingsFieldNameList>)] [delimiter <Character>]
+gam <UserTypeEntity> print drivesettings [todrive <ToDriveAttribute>*]
+        [allfields|<DriveSettingsFieldName>*|(fields <DriveSettingsFieldNameList>)]
+        [delimiter <Character>] [showusagebytes]
+gam <UserTypeEntity> show drivesettings
+        [allfields|<DriveSettingsFieldName>*|(fields <DriveSettingsFieldNameList>)]
+        [delimiter <Character>] [showusagebytes]

 gam <UserTypeEntity> print emptydrivefolders [todrive <ToDriveAttribute>*]
        [select <DriveFileEntity>]
@@ -7162,22 +7171,28 @@ gam <UserTypeEntity> insert message
 gam <UserTypeEntity> archive messages <GroupItem>
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_archive <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> delete messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_delete <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> modify messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_modify <Number>])|(ids <MessageIDEntity>)
        (addlabel <LabelName>)* (removelabel <LabelName>)*
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> spam messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_spam <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> trash messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_trash <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]
 gam <UserTypeEntity> untrash messages|threads
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+
         [quick|notquick] [doit] [max_to_untrash <Number>])|(ids <MessageIDEntity>)
+        [csv [todrive <ToDriveAttribute>*]]

 gam <UserTypeEntity> export message|messages
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])+ [quick|notquick] [doit] [max_to_export <Number>])|(ids <MessageIDEntity>)
@@ -7202,9 +7217,10 @@ gam <UserTypeEntity> show messages|threads
        [countsonly|positivecountsonly] [useronly]
        [headers all|<SMTPHeaderList>] [dateheaderformat iso|rfc2822|<String>] [dateheaderconverttimezone [<Boolean>]]
        [showlabels] [delimiter <Character>] [showbody] [showdate] [showsize] [showsnippet]
-        [showattachments [attachmentnamepattern <RegularExpression>] [noshowtextplain]]
-        [saveattachments [attachmentnamepattern <RegularExpression>]]
-            [targetfolder <FilePath>] [overwrite [<Boolean>]]
+        [[attachmentnamepattern <RegularExpression>]
+            [showattachments [noshowtextplain]]
+            [saveattachments [targetfolder <FilePath>] [overwrite [<Boolean>]]]
+            [uploadattachments [<DriveFileParentAttribute>]]]
 gam <UserTypeEntity> print messages|threads [todrive <ToDriveAttribute>*]
        (((query <QueryGmail> [querytime<String> <Date>]*) (matchlabel <LabelName>) [or|and])*
         [quick|notquick] [max_to_print <Number>] [includespamtrash])|(ids <MessageIDEntity>)
@@ -7212,8 +7228,10 @@ gam <UserTypeEntity> print messages|threads [todrive <ToDriveAttribute>*]
        [countsonly|positivecountsonly] [useronly]
        [headers all|<SMTPHeaderList>] [dateheaderformat iso|rfc2822|<String> [dateheaderconverttimezone [<Boolean>]]]
        [showlabels] [delimiter <Character>] [showbody] [showdate] [showsize] [showsnippet]
-        [showattachments [attachmentnamepattern <RegularExpression>]]
-        [convertcrnl]
+        [convertcrnl] [delimiter <Character>]
+        [[attachmentnamepattern <RegularExpression>]
+            [showattachments [noshowtextplain]]]
+        (addcsvdata <FieldName> <String>)*

 # Users - Gmail - Profile

--- a/src/GamUpdate.txt
+++ b/src/GamUpdate.txt
@@ -2,6 +2,118 @@

 Merged GAM-Team version

+6.76.10
+
+Added `fromgmail` to `<EventType>` that can be used in `gam calendars <CalendarEntity> print|show events ... eventtype fromgmail`.
+
+* See: https://workspaceupdates.googleblog.com/2024/05/google-calendar-api-event-type-fromgmail.html
+
+6.76.09
+
+Updated `gam update|delete|info adminrole` to handle the following error:
+```
+ERROR: 400: failedPrecondition - Precondition check failed.
+```
+
+6.76.08
+
+Updated `<SchemaNameList>` to `"<SchemaName>|<SchemaFieldName>(,<SchemaName>|<SchemaFieldName>)*"`
+that allows `schemas <SchemaNameList>` in `gam info user` and `gam print users` to display all fields or selected fields
+of the specified custom schemas.
+
+6.76.07
+
+Fixed bug where control-C was not recognized when GAM had processed all rows in a CSV file
+and was `Waiting for N running processes to finish before terminating`.
+
+6.76.06
+
+Fixed bug in `gam <UserTypeEntity> print messages ... positivecountsonly` where message counts with value 0 were deiplayed.
+
+Added option `addcsvdata <FieldName> <String>` to `gam <UserTypeEntity> print|messages` that adds
+additional columns of data to the CSV file output.
+
+Added option `showusagebytes` to `gam <UserTypeEntity> print|show drivesettings` that displays
+the following fields in bytes ```usageBytes,usageInDriveBytes,usageInDriveTrashBytes```
+in addition to the fields in their formatted form with units: ```usage,usageInDrive,usageInDriveTrash```.
+This will be most useful with `print` as the rows can be sorted based on the `usagexxxBytes` columns.
+
+6.76.05
+
+Added options `deletefromoldowner`, `addtonewowner <CalendarAttribute>*` and `nolistmessages`
+to `gam <UserTypeEntity> transfer calendars <UserItem>` that allow manipulation of the
+old and new owners's calendar lists.
+
+* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Calendars-Access#transfer-calendar-ownership
+
+6.76.04
+
+Added the following fields to `<CrOSFieldName>`:
+```
+autoupdatethrough
+extendedsupporteligible
+extendedsupportstart
+extendedsupportenabled
+```
+
+6.76.03
+
+Added option `folderpathonly [<Boolean>]` to the following commands that causes GAM
+to display only the folder names when displaying the path to a file. This folder only path
+an be used in  `gam <UserTypeEntity> create drivefolderpath` to recreate the folder hierarchy.
+```
+gam <UserTypeEntity> info drivefile ... filepath|fullpath
+gam <UserTypeEntity> show fileinfo ... filepath|fullpath
+gam <UserTypeEntity> print|show filepath
+gam <UserTypeEntity> print filelist ... filepath|fullpath
+```
+
+6.76.02
+
+Updated `gam update group` to handle the following error:
+```
+ERROR: 400: invalidArgument - Failed request validation in update settings: WHO_CAN_VIEW_MEMBERSHIP_CANNOT_BE_BROADER_THAN_WHO_CAN_SEE_GROUP
+```
+
+6.76.01
+
+Fixed bug in `gam create vaulthold matter <MatterItem> ... corpus calendar` that caused a trap.
+
+6.76.00
+
+Updated versions of `gam create|use project` that use keyword options to also accept the following options
+to define non-default Service Account key characteristics.
+```
+(algorithm KEY_ALG_RSA_1024|KEY_ALG_RSA_2048)|
+(localkeysize 1024|2048|4096 [validityhours <Number>])|
+(yubikey yubikey_pin yubikey_slot AUTHENTICATION yubikey_serialnumber <String>)
+```
+
+6.75.05
+
+Added option `csv [todrive <ToDriveAttribute>*]` to `gam <UserTypeEntity> archive|delete|modify|spam|trash|untrash messages|threads`
+that causes GAM to display the command results in CSV form.
+
+6.75.04
+
+Added a command to print user counts by OrgUnit. By default, all users in the workspace are counted;
+you can specify a domain to only count users in that domain.
+```
+gam print usercountsbyorgunit [todrive <ToDriveAttribute>*]
+        [domain <String>]
+```
+
+Added option `uploadattachments [<DriveFileParentAttribute>]` to `gam <UserTypeEntity> show messages|threads` that
+causes GAM to upload all message attachments to the user's `My Drive`, the default, or to a specific folder.
+The existing option `attachmentnamepattern <RegularExpression>` can be used to select attachments to upload.
+
+6.75.03
+
+Fixed bug in `gam batch|tbatch` where the line `sleep <Integer>` in the batch file caused the error:
+```
+ERROR: Invalid argument: Expected <gam|commit-batch|print>
+```
+
 6.75.02

 Updated `gam report  <ActivityApplictionName>` to retry/handle the following error:
--- a/src/gam-install.sh
+++ b/src/gam-install.sh
@@ -162,13 +162,14 @@ fi

 if [ -z ${GHCLIENT+x} ]; then
  check_type="unauthenticated"
+  echo_yellow "Checking GitHub URL $release_url for $gamversion GAM release ($check_type)..."
+  release_json=$(curl -s "$release_url" 2>&1 /dev/null)
 else
  check_type="authenticated"
+  echo_yellow "Checking GitHub URL $release_url for $gamversion GAM release ($check_type)..."
+  release_json=$(curl -s "$GHCLIENT" "$release_url" 2>&1 /dev/null)
 fi

-echo_yellow "Checking GitHub URL $release_url for $gamversion GAM release ($check_type)..."
-release_json=$(curl -s "$GHCLIENT" "$release_url" 2>&1 /dev/null)
-
 echo_yellow "Getting file and download URL..."
 # Python is sadly the nearest to universal way to safely handle JSON with Bash
 # At least this code should be compatible with just about any Python version ever
@@ -241,7 +242,11 @@ trap "rm -rf $temp_archive_dir" EXIT

 echo_yellow "Downloading file $name from $browser_download_url to $temp_archive_dir ($check_type)..."
 # Save archive to temp w/o losing our path
-(cd "$temp_archive_dir" && curl -O -L $GHCLIENT $browser_download_url)
+if [ -z ${GHCLIENT+x} ]; then
+  (cd "$temp_archive_dir" && curl -O -L $browser_download_url)
+else
+  (cd "$temp_archive_dir" && curl -O -L $GHCLIENT $browser_download_url)
+fi

 mkdir -p "$target_dir"

--- a/src/gam/init.py
+++ b/src/gam/init.py
--- a/src/gam/gamlib/glapi.py
+++ b/src/gam/gamlib/glapi.py
@@ -29,8 +29,10 @@ CBCM = 'cbcm'
 CHAT = 'chat'
 CHAT_EVENTS = 'chatevents'
 CHAT_MEMBERSHIPS = 'chatmemberships'
+CHAT_MEMBERSHIPS_ADMIN = 'chatmembershipsadmin'
 CHAT_MESSAGES = 'chatmessages'
 CHAT_SPACES = 'chatspaces'
+CHAT_SPACES_ADMIN = 'chatspacesadmin'
 CHAT_SPACES_DELETE = 'chatspacesdelete'
 CHROMEMANAGEMENT = 'chromemanagement'
 CHROMEMANAGEMENT_APPDETAILS = 'chromemanagementappdetails'
@@ -72,6 +74,7 @@ KEEP = 'keep'
 LICENSING = 'licensing'
 LOOKERSTUDIO = 'datastudio'
 OAUTH2 = 'oauth2'
+ORGPOLICY = 'orgpolicy'
 PEOPLE = 'people'
 PEOPLE_DIRECTORY = 'peopledirectory'
 PEOPLE_OTHERCONTACTS = 'peopleothercontacts'
@@ -112,7 +115,8 @@ REQUIRED_SCOPES_SET = set(REQUIRED_SCOPES)
 JWT_APIS = {
  ACCESSCONTEXTMANAGER: [CLOUD_PLATFORM_SCOPE],
  CHAT: ['https://www.googleapis.com/auth/chat.bot'],
-  CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE]
+  CLOUDRESOURCEMANAGER: [CLOUD_PLATFORM_SCOPE],
+  ORGPOLICY: [CLOUD_PLATFORM_SCOPE],
  }
 #
 APIS_NEEDING_ACCESS_TOKEN = {
@@ -195,8 +199,10 @@ _INFO = {
  CHAT: {'name': 'Chat API', 'version': 'v1', 'v2discovery': True},
  CHAT_EVENTS: {'name': 'Chat API - Events', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
  CHAT_MEMBERSHIPS: {'name': 'Chat API - Memberships', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
+  CHAT_MEMBERSHIPS_ADMIN: {'name': 'Chat API - Admin Memberships', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
  CHAT_MESSAGES: {'name': 'Chat API - Messages', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
  CHAT_SPACES: {'name': 'Chat API - Spaces', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
+  CHAT_SPACES_ADMIN: {'name': 'Chat API - Admin  Spaces', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
  CHAT_SPACES_DELETE: {'name': 'Chat API - Spaces Delete', 'version': 'v1', 'v2discovery': True, 'mappedAPI': CHAT},
  CLASSROOM: {'name': 'Classroom API', 'version': 'v1', 'v2discovery': True},
  CHROMEMANAGEMENT: {'name': 'Chrome Management API', 'version': 'v1', 'v2discovery': True},
@@ -236,6 +242,7 @@ _INFO = {
  LICENSING: {'name': 'License Manager API', 'version': 'v1', 'v2discovery': True},
  LOOKERSTUDIO: {'name': 'Looker Studio API', 'version': 'v1', 'v2discovery': True, 'localjson': True},
  OAUTH2: {'name': 'OAuth2 API', 'version': 'v2', 'v2discovery': False},
+  ORGPOLICY: {'name': 'Organization Policy API', 'version': 'v2', 'v2discovery': True},
  PEOPLE: {'name': 'People API', 'version': 'v1', 'v2discovery': True},
  PEOPLE_DIRECTORY: {'name': 'People Directory API', 'version': 'v1', 'v2discovery': True, 'mappedAPI': PEOPLE},
  PEOPLE_OTHERCONTACTS: {'name': 'People  API - Other Contacts', 'version': 'v1', 'v2discovery': True, 'mappedAPI': PEOPLE},
@@ -511,6 +518,10 @@ _SVCACCT_SCOPES = [
   'api': CHAT_MEMBERSHIPS,
   'subscopes': READONLY,
   'scope': 'https://www.googleapis.com/auth/chat.memberships'},
+#  {'name': 'Chat API - Admin Memberships',
+#   'api': CHAT_MEMBERSHIPS_ADMIN,
+#   'subscopes': READONLY,
+#    'scope': 'https://www.googleapis.com/auth/chat.admin.memberships'},
  {'name': 'Chat API - Messages',
   'api': CHAT_MESSAGES,
   'subscopes': READONLY,
@@ -519,6 +530,10 @@ _SVCACCT_SCOPES = [
   'api': CHAT_SPACES,
   'subscopes': READONLY,
   'scope': 'https://www.googleapis.com/auth/chat.spaces'},
+#  {'name': 'Chat API - Admin Spaces',
+#   'api': CHAT_SPACES_ADMIN,
+#   'subscopes': READONLY,
+#   'scope': 'https://www.googleapis.com/auth/chat.admin.spaces'},
  {'name': 'Chat API - Spaces Delete',
   'api': CHAT_SPACES_DELETE,
   'subscopes': [],
--- a/src/gam/gamlib/glclargs.py
+++ b/src/gam/gamlib/glclargs.py
@@ -776,6 +776,7 @@ class GamCLArgs():
  ARG_TRUSTEDAPPS = 'trustedapps'
  ARG_USER = 'user'
  ARG_USERS = 'users'
+  ARG_USERCOUNTSBYORGUNIT = 'usercountsbyorgunit'
  ARG_USERINVITATION = 'userinvitation'
  ARG_USERINVITATIONS = 'userinvitations'
  ARG_USERLIST = 'userlist'
--- a/src/gam/gamlib/glgapi.py
+++ b/src/gam/gamlib/glgapi.py
@@ -263,7 +263,8 @@ GROUP_GET_RETRY_REASONS = [INVALID, SYSTEM_ERROR, SERVICE_NOT_AVAILABLE]
 GROUP_CREATE_THROW_REASONS = [DUPLICATE, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, INVALID, INVALID_INPUT]
 GROUP_UPDATE_THROW_REASONS = [GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, INVALID, INVALID_INPUT]
 GROUP_SETTINGS_THROW_REASONS = [NOT_FOUND, GROUP_NOT_FOUND, DOMAIN_NOT_FOUND, DOMAIN_CANNOT_USE_APIS, FORBIDDEN, SYSTEM_ERROR, PERMISSION_DENIED,
-                                INVALID, INVALID_PARAMETER, INVALID_ATTRIBUTE_VALUE, INVALID_INPUT, SERVICE_LIMIT, SERVICE_NOT_AVAILABLE, AUTH_ERROR, REQUIRED]
+                                INVALID, INVALID_ARGUMENT, INVALID_PARAMETER, INVALID_ATTRIBUTE_VALUE, INVALID_INPUT,
+                                SERVICE_LIMIT, SERVICE_NOT_AVAILABLE, AUTH_ERROR, REQUIRED]
 GROUP_SETTINGS_RETRY_REASONS = [INVALID, SERVICE_LIMIT, SERVICE_NOT_AVAILABLE]
 GROUP_LIST_THROW_REASONS = [RESOURCE_NOT_FOUND, DOMAIN_NOT_FOUND, FORBIDDEN, BAD_REQUEST]
 GROUP_LIST_USERKEY_THROW_REASONS = GROUP_LIST_THROW_REASONS+[INVALID_MEMBER, INVALID_INPUT]
--- a/src/gam/gamlib/glglobals.py
+++ b/src/gam/gamlib/glglobals.py
@@ -171,6 +171,10 @@ RATE_CHECK_COUNT = 'rccn'
 RATE_CHECK_START = 'rcst'
 # Section name from outer gam, passed to inner gams
 SECTION = 'sect'
+# Enable/disable "Getting ... " messages
+SHOW_GETTINGS = 'shog'
+# Enable/disable NL at end of "Got ..." messages
+SHOW_GETTINGS_GOT_NL = 'shgn'
 # redirected files
 SAVED_STDOUT = 'svso'
 STDERR = 'stde'
@@ -287,6 +291,8 @@ Globals = {
  RATE_CHECK_COUNT: 0,
  RATE_CHECK_START: 0,
  SECTION: None,
+  SHOW_GETTINGS: True,
+  SHOW_GETTINGS_GOT_NL: False,
  SAVED_STDOUT: None,
  STDERR: {},
  STDOUT: {},
--- a/src/gam/gamlib/glmsgs.py
+++ b/src/gam/gamlib/glmsgs.py
@@ -111,7 +111,7 @@ Proceed to the authentication steps.
 SYSTEM_TIME_STATUS = 'System time status'
 YOUR_SYSTEM_TIME_DIFFERS_FROM_GOOGLE = 'Your system time differs from {0} by {1}'
 PRESS_ENTER_ONCE_AUTHORIZATION_IS_COMPLETE = 'Press enter once authorization is complete.'
-SERVICE_ACCOUNT_API_DISABLED = '{0} not enabled. Please run "gam update project" and "gam user user@domain.com check serviceaccount"'
+SERVICE_ACCOUNT_API_DISABLED = '{0} not enabled. Please run "gam update project" and "gam user user@domain.com update serviceaccount"'
 SERVICE_ACCOUNT_PRIVATE_KEY_AUTHENTICATION = 'Service Account Private Key Authentication'
 SERVICE_ACCOUNT_CHECK_PRIVATE_KEY_AGE = 'Service Account Private Key age; Google recommends rotating keys on a routine basis'
 SERVICE_ACCOUNT_PRIVATE_KEY_AGE = 'Service Account Private Key age: {0} days'
@@ -162,7 +162,7 @@ ALREADY_EXISTS_USE_MERGE_ARGUMENT = 'Already exists; use the "merge" argument to
 API_ACCESS_DENIED = 'API access Denied'
 API_CALLS_RETRY_DATA = 'API calls retry data\n'
 API_CHECK_CLIENT_AUTHORIZATION = 'Please make sure the Client ID: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam oauth create\n'
-API_CHECK_SVCACCT_AUTHORIZATION = 'Please make sure the Service Account Client name: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam user {2} check serviceaccount\n'
+API_CHECK_SVCACCT_AUTHORIZATION = 'Please make sure the Service Account Client name: {0} is authorized for the appropriate API or scopes:\n{1}\n\nRun: gam user {2} update serviceaccount\n'
 API_ERROR_SETTINGS = 'API error, some settings not set'
 ARE_BOTH_REQUIRED = 'Arguments {0} and {1} are both required'
 ARE_MUTUALLY_EXCLUSIVE = 'Arguments {0} and {1} are mutually exclusive'
--- a/src/gam/gamlib/glskus.py
+++ b/src/gam/gamlib/glskus.py
@@ -92,6 +92,10 @@ _SKUS = {
    'product': '101047', 'aliases': ['gwlabs', 'workspacelabs'], 'displayName': 'Google Workspace Labs'},
  '1010470003': {
    'product': '101047', 'aliases': ['geminibiz'], 'displayName': 'Gemini Business'},
+  '1010470006': {
+    'product': '101047', 'aliases': ['aisecurity'], 'displayName': 'AI Security'},
+  '1010470007': {
+    'product': '101047', 'aliases': ['aimeetingsandmessaging'], 'displayName': 'AI Meetings and Messaging'},
  '1010490001': {
    'product': '101049', 'aliases': ['eeu'], 'displayName': 'Endpoint Education Upgrade'},
  'Google-Apps': {
Author	SHA1	Message	Date
Jay Lee	1f9624ad5c	add 2 Gemini SKUs	2024-05-31 19:36:56 +00:00
Jay Lee	9c9ddff973	gam report vault	2024-05-31 19:36:12 +00:00
Ross Scroggs	f1636c7768	Added `fromgmail` to `<EventType>`	2024-05-31 12:26:06 -07:00
Ross Scroggs	0ebefda760	Updated `gam update\|delete\|info adminrole` to handle the following error: ERROR: 400: failedPrecondition - Precondition check failed.	2024-05-29 19:13:46 -07:00
Ross Scroggs	5a335fb57b	Updated `<SchemaNameList>` to allow schema fields	2024-05-29 10:49:31 -07:00
Ross Scroggs	db95cbcfa4	Fixed control-C bug	2024-05-28 13:06:19 -07:00
Ross Scroggs	33d9949283	MacOS swig: it's here/it's not	2024-05-26 17:35:09 -07:00
Ross Scroggs	41078d5ff6	Fix Windows build, cleanup	2024-05-26 16:21:06 -07:00
Ross Scroggs	52316774ad	Disable Chat Admin APIs	2024-05-25 09:36:34 -07:00
Ross Scroggs	ce545ad062	Chat Admin APIs default to off	2024-05-25 09:02:10 -07:00
Ross Scroggs	2e5df12df1	Update print messages and print drivesettings	2024-05-25 08:35:11 -07:00
Jay Lee	46b9de642d	actions: remove fullGamTest logic Ensure live Google API tests run on test runners so we are exercising our code against Python versions other than the version used by GAM binaries. These runners generally finish fastest anyway since they never need to compile OpenSSL, Python or PyInstaller.	2024-05-22 21:29:04 -04:00
Jay Lee	a9d600234c	[no ci] actions: macOS runner now ships with rust, gnupg and swig	2024-05-22 21:15:33 -04:00
Jay Lee	5c8b69e8b7	actions: move PyInstaller back to latest to see what happens	2024-05-22 21:08:58 -04:00
Ross Scroggs	29792677d7	Added option `showusagebytes` to `gam <UserTypeEntity> print\|show drivesettings`	2024-05-22 13:18:02 -07:00
Ross Scroggs	7de9e986e0	Updated transfer calendars to manipulate calendar lists	2024-05-19 09:49:06 -07:00
Ross Scroggs	2b711be6a4	Merge branch 'main' of https://github.com/GAM-team/GAM	2024-05-17 11:05:06 -07:00
Ross Scroggs	16ef9e60d5	Add new fields to CrOSFieldName	2024-05-17 11:05:03 -07:00
Jay Lee	4d1a31c6bf	[actions] else not lse	2024-05-17 13:16:07 -04:00
Ross Scroggs	5a5b98cccb	Added option `folderpathonly [<Boolean>]` to commands that display paths	2024-05-17 07:42:32 -07:00
Ross Scroggs	f94afedfa8	Fix typo	2024-05-16 16:18:03 -07:00
Ross Scroggs	c9996f4942	MacOS 14.5 curl doesn't like empty arguments	2024-05-16 09:59:16 -07:00
Ross Scroggs	d32942a1d7	Updated `gam update group` to handle the following error: ERROR: 400: invalidArgument - Failed request validation in update settings: WHO_CAN_VIEW_MEMBERSHIP_CANNOT_BE_BROADER_THAN_WHO_CAN_SEE_GROUP	2024-05-14 11:34:59 -07:00
Ross Scroggs	95d1e4ab7c	Updated `gam update group` to handle the following error: ERROR: 400: invalidArgument - Failed request validation in update settings: WHO_CAN_VIEW_MEMBERSHIP_CANNOT_BE_BROADER_THAN_WHO_CAN_SEE_GROUP	2024-05-14 11:30:22 -07:00
Ross Scroggs	dd4fb084e6	Update docs; improve error message on missing SA scope	2024-05-14 08:10:42 -07:00
Ross Scroggs	2c039c3730	Fix missing scope issue; other minor fixs	2024-05-13 20:17:22 -07:00
Jay Lee	0cef0aecb5	retain None type for user, not empty string	2024-05-13 16:53:43 +00:00
Ross Scroggs	4ed9d7ac1f	Fixed bug in `gam create vaulthold ... corpus calendar` that caused a trap.	2024-05-09 10:10:29 -07:00
Ross Scroggs	21b2093b55	Updated versions of `gam create\|use project`	2024-05-07 20:00:23 -07:00
Jay Lee	d4ea2ec978	Update build.yml	2024-05-06 10:57:55 -04:00
Jay Lee	8cffa6e394	Update build.yml	2024-05-06 10:47:12 -04:00
Jay Lee	58337e0722	actions: fix gam location with realpath	2024-05-06 10:31:28 -04:00
Jay Lee	cedbae36b7	actions: missing export	2024-05-06 10:13:17 -04:00
Jay Lee	d5e9df41fb	actions: fix Windows gam.exe location	2024-05-06 09:53:18 -04:00
Jay Lee	e7323f0b74	actions: archives are in src/	2024-05-06 09:43:10 -04:00
Jay Lee	00d3600881	actions: GH Attestation for GAM executables and packages https://github.blog/changelog/2024-05-02-artifact-attestations-public-beta/ attest that GAM was built on GitHub actions to help end users validate they're running a legit GAM binary.	2024-05-06 09:35:49 -04:00
Ross Scroggs	4c799aaf10	Added option `csv [todrive <ToDriveAttribute>*]` to message processing commands	2024-05-04 18:39:09 -07:00
Ross Scroggs	a8938f84f0	print user counts by ou, upload message attachments	2024-05-03 17:52:54 -07:00
Ross Scroggs	ab5aa02bf8	Fixed bug in `gam batch\|tbatch`	2024-05-02 15:14:11 -07:00