Changelog

Source fields can now be tokenized for credentials on Enterprise plans. For sensitive values like a social security number that shouldn’t sit in plaintext, declare the relevant keys in a tokenized array inside auth_credentials. Deck vaults those values at write time and restores them at dispatch, so the agent can use them on the source without the values ever appearing in API responses.

Non-tokenized source fields are stored in the clear and readable when you retrieve the credential.

Tokenized fields are removed from source_fields on read; only their key names appear in the tokenized array. Auth secrets like password are always vaulted regardless of tokenized.

The Auth Component now supports mode="interaction" for surfacing MFA codes, security questions, and other mid-run prompts directly in your UI, without prompting your user for credentials again. Pass a credentialId or sourceId alongside a taskId, and the component skips straight to firing the task run, rendering any interaction that comes back in place.

Documentation →

Tasks now accept files as inputs. Declare a file field in a task’s input_schema and pass the file as base64 when running the task. Files up to 20MB are supported, and every file is malware-scanned before the run proceeds.

Two purpose values control what happens after upload. With attachment, the agent receives the file at run time and uses it on the source — uploading it to a portal, attaching it to a form, or referencing it while completing the task. With extraction, Deck processes the file directly against the task’s extraction_schema and returns structured JSON without executing the agent. Once a file has been uploaded, you can reuse it on future runs by passing its storage_id instead of the raw bytes.

Storage & document extraction documentation →

Any input field on a Deck task can now be tokenized. Rather than limiting tokenization to a fixed set of fields, you choose exactly which inputs get protected. Sensitive values like account numbers, personal identifiers, or payment information stay encrypted and never appear in plaintext in logs, webhooks, or API responses.

• Field-level control: Tokenize any input field on any task. You decide what’s sensitive, not the platform.
• Universal coverage: Works across all task types and sources. No special configuration per integration.
• End-to-end protection: Tokenized values are encrypted at rest and in transit.

Available on Enterprise plans only.

Deck now offers a SKILL.md file that teaches AI agents how to build Deck integrations. The file bundles a product summary, API quick reference, decision rules, common gotchas, and a verification checklist into a single document your agent can load at runtime. Download it from docs.deck.co/skill.md and drop it into your agent’s skills directory.

The Events page now surfaces aggregate delivery metrics for your event destinations. At a glance, you can track total events, delivered count, failed count, success rate, and retries across all your agents and tasks. Filter by time range (24h, 7d, 30d, 90d) to spot delivery issues and monitor destination health over time.

You can now define exactly which fields Deck extracts from captured documents. Pass an extraction_schema in your task’s storage config as a JSON Schema, and Deck uses it to guide parsing. Instead of getting back whatever the document happens to contain, you get structured JSON matching the fields you specified, including nested objects and arrays like line items. Pair it with the optional extraction_prompt field to give the extraction model natural-language guidance for tricky documents.

Documentation →

Stream your agent’s browser session in real time as it executes a task. Watch credential entry, page navigation, form interactions, and data extraction as they happen. Follow along with every step of the workflow instead of waiting for a session replay after completion.

A drop-in React component for secure credential capture and source authentication. <DeckAuthComponent /> handles source selection, username/password collection, MFA and security questions, and error states. Credentials go directly to the Credential Vault and never touch your systems.

• Live view: Pass taskRunView: "live" to show a real-time view of the agent working after credential submission, instead of a static status spinner.
• Session tokens: Create a short-lived token via POST /v2/token from your server and pass it to the component. All configuration lives on the component, not the token.
• Task linking: Pass a taskId to automatically fire a verification task run after credential creation. The component shows run status inline while the agent works.
• Update mode: Pass a credentialId to re-collect credentials for an existing credential instead of creating a new one.
• Theming and language: Full appearance customization (colors, borders, typography, logo) and fr-CA language support out of the box.

Install with npm install @deckco/auth. Auth Component documentation →

Credentials now support source_fields for passing additional login values beyond a username and password. If a source requires an account number, company ID, or similar field to authenticate, you can include them in auth_credentials.source_fields when creating or updating a credential.

source_fields composes with any auth_method. Values are encrypted at rest and redacted on read. At task run time, the agent resolves each entry by key into the login flow.

Credentials documentation →

Deck API v2 is a ground-up redesign of the platform. New resource model, new credential management, new event system, new console. Everything that made Deck work, redesigned for an improved developer experience when operating agent infrastructure at scale.

Key improvements:

• More complete endpoint coverage: Every resource—agents, sources, credentials, sessions, tasks, events—has dedicated endpoints with prefixed IDs (agt_, src_, cred_, trun_).
• Typed input and output schemas: Tasks define explicit I/O schemas. Input is validated on submission, output is validated on completion. You get consistent, schema-validated JSON regardless of source.
• Credential Vault: Dedicated endpoints for storing, updating, and deleting credentials. Credentials are verified automatically on first use for a task, and incorrect credentials move to a queryable invalid state.
• Complete event system: Create multiple destinations (webhooks, SQS, Pub/Sub), subscribe to specific event types, track deliveries, and replay failures.
• Consistent error handling with improved clarity: Errors return a structured errors array with type, code, field, and message fields for deterministic recovery.

Deck v2 API documentation →

Deck now supports automated parsing for fetched utility bills. When a document is found during a job run, Deck will structure the document contents as a JSON payload and send a DocumentExtractionSuccess webhook.

Replay and audit the work of your agents from the Deck Dashboard. Session replay captures screenshots of your agents work every 5 seconds and gives you a powerful way to track your integration and troubleshoot issues.

Creating a connection in Deck with the EnsureConnection job now optionally accepts an external_id input to link users in your own system to Deck.

The new dashboard gives you new insight and observability into your Deck integration.

• View, search, and filter for connections and job runs
• Debug easier with new connection logs
• View and download documents produced from jobs
• See all webhook deliveries and payloads
• New sandbox onboarding to create jobs more quickly

Retrieve the output of a job in addition to its status with the new GET /jobs/{job_id} endpoint.

Documentation →

Cancel a running EnsureConnection job with POST /jobs/{job_guid}/cancel. This allows you to cancel a connection to a source.

The Deck API now supports idempotency keys, allowing you to safely retry requests without performing the same operation twice. Include an optional idempotency key header in your requests, and if a network error or timeout occurs, you can resend the same request with the same key.

Documentation →

Added a new endpoint to check the status of a job. You can now retrieve the current status of any job using the GET /jobs/{job_guid}/status endpoint. This allows you to check a job’s status before a webhook arrives.

API Reference →

This release introduces the CreateSource endpoint, enabling users to generate new sources directly through the API Reference without needing the Dashboard, with built-in validation for seamless job access.

We’ve also added Agent Warmup, allowing agents to pre-load pages for faster logins, and implemented an 8-hour session timeout that automatically retries stalled tasks to ensure continuous operation.

Additionally, EnsureConnection now supports Access Tokens for connections without user presence, and document uploads have been redesigned to improve privacy by requiring client-hosted file URLs, ensuring no sensitive data is stored internally.

Added encryption directly from the Dashboard, improved webhook and widget configuration, team name setup, and error message accuracy.

Launched the Deck Dashboard for AI Bot job creation, added file retrieval flows and widget connection, improved MFA handling, data formatting, sandboxing, job retries, and agent speed, with automatic HMAC key creation for new teams.

Released the Deck Product Framework for internet data operations, added job submission endpoint and webhooks, enhanced data support, reliability, AI generation, PDF automation, and login handling, migrated API to Kubernetes, and secured webhooks with HMAC.

Added new connection and sustainability endpoints, introduced studio file management and account switch endpoints, and deprecated the old /connection/get endpoint.

Added sustainability statement and account endpoints, enabled charge categorization support, and implemented various bug fixes.

Expanded MFA support, added new Link configurations and fields, introduced a “Connection completed” webhook, and updated responses for connection data.

Added interval data support, new Link widget upload and manual input options, a provider addition feature, a /connection/destroy endpoint, and dynamic sandbox data.

Improved Sherlock’s PDF extraction, launched interval data, added document upload and delegated connection APIs, enhanced data accuracy and support tools, and improved universal connectors.

Enabled document upload to JSON, enhanced delegated connection APIs and Sherlock accuracy, improved internal tools, and updated universal connectors.

Launched Connection Debugger in the Dashboard, improved the Core Connection Engine, upgraded Sustainability and Bill endpoints, and enhanced universal connectors.

Added webhook features, MFA and security question flows in Sandbox, dashboard auto-refresh settings, and related API endpoints.

Improved authorization speed, added Link configuration for skipping source selection, and launched the universal connector.

Updated Sustainability Data Table, improved PDF data extraction, and added sustainability invoice and charge endpoints.

Revamped the Sustainability Data Table format for better readability.

Launched Sherlock, Deck’s PDF data extraction accuracy tool.