Appearance
Discovery Providers Catalog
Reference for the Launcher’s discovery providers across Windows, macOS, Linux, web, and SaaS ecosystems. Use this page to understand what each provider does, which sources it reads from, and how it maps into the normalized application record.
What You'll Learn
- Which discovery providers are available across desktop, CLI, web, and SaaS ecosystems
- How providers populate the normalized application record (icons, metadata, handlers)
- How live updates, deduplication, and capabilities differ by provider
See also:
1. Capability Matrix
Use this matrix to compare discovery providers by the types of applications they emit and cross-cutting behaviors such as icons, live updates, and deduplication.
| Provider | Key (source.provider) | Platforms | GUI apps | CLI tools | Web / SaaS apps | Icons* | Categories & handlers* | Live updates |
|---|---|---|---|---|---|---|---|---|
| Windows Shortcuts | windows.shortcuts | Windows | ✅ | ⚪ | ⚪ | ✅ | ⚪ | ✅ |
| Windows MSIX/UWP | windows.msix | Windows | ✅ | ⚪ | ⚪ | ✅ | ✅ | ✅ |
| macOS LaunchServices | macos.launchservices | macOS | ✅ | ⚪ | ⚪ | ✅ | ✅ | ✅ |
| macOS Homebrew | macos.homebrew | macOS | ✅ (casks) | ✅ (formulae) | ⚪ | ✅ | ⚪ | ✅ |
| Linux Freedesktop | linux.freedesktop | Linux | ✅ | ⚪ | ⚪ | ✅ | ✅ | ✅ |
| Linux Flatpak | linux.flatpak | Linux | ✅ | ⚪ | ⚪ | ✅ | ✅ | ✅ |
| Linux Snap | linux.snap | Linux | ✅ | ✅ | ⚪ | ✅ | ✅ | ✅ |
| Docker Desktop Apps | container.dockerDesktop | Windows, macOS | ✅ | ✅ | ⚪ | ✅ | ⚪ | ✅ |
| CLI Tools on PATH | cli.path | Windows, macOS, Linux | ⚪ | ✅ | ⚪ | ⚪ | ⚪ | ✅ |
| Native Path Applications | native.path | Windows, macOS, Linux | ✅ | ✅ | ⚪ | ✅ | ⚪ | ✅ |
| Portable Applications | portable.apps | Windows, macOS, Linux | ✅ | ✅ | ⚪ | ✅ | ⚪ | ✅ |
| Turbo Workspaces | turbo.workspaces | Windows, macOS, Linux | ✅ | ✅ | ⚪ | ✅ | ⚪ | ✅ |
| Web Bookmarks | web.bookmarks | Windows, macOS, Linux | ⚪ | ⚪ | ✅ | ✅ | ⚪ | ✅ |
| Web PWAs | web.pwa | Windows, macOS, Linux | ✅ (PWA shells) | ⚪ | ✅ | ✅ | ⚪ | ✅ |
| SaaS Catalog — Okta | saas.okta | Windows, macOS, Linux | ⚪ | ⚪ | ✅ | ✅ | ⚪ | ✅ |
| SaaS Catalog — Microsoft 365 | saas.microsoft365 | Windows, macOS, Linux | ⚪ | ⚪ | ✅ | ✅ | ⚪ | ✅ |
| SaaS Catalog — Generic | saas.generic | Windows, macOS, Linux | ⚪ | ⚪ | ✅ | ✅ | ⚪ | ✅ |
Legend
- ✅ = supported / primary behavior
- ⚪ = not primary or not applicable
Notes
- Icons*: All providers emit
iconRefand basic metadata; icon quality depends on the underlying OS or catalog. - Categories & handlers*: Populated when the underlying platform or catalog exposes them (for example, MSIX/UWP, macOS .app, Linux .desktop).
- Metadata: name, description, icon — all providers
- Categories: MSIX/UWP, macOS .app, Linux .desktop; populated when provided by the OS manifest
- Protocol/file handlers: surfaced to policy as capabilities; can be used to inform file associations
- Live updates: supported by all providers
- Deduplication across providers: supported (priority + heuristics)
2. Desktop OS Providers
Windows
macOS
Linux
3. Cross-Platform & Catalogs
4. Web, PWAs, and SaaS
Windows Shortcuts (provider: windows.shortcuts)
- Sources
- Start Menu (User):
%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs - Start Menu (All Users):
%PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs - Desktop (User):
%USERPROFILE%\\Desktop - Desktop (Public):
%PUBLIC%\\Desktop - PATH directories (flat scan, no recursion)
- Start Menu (User):
- Supported manifests
- .lnk (Windows shortcut)
- .url (Internet shortcut)
- .exe (direct executables)
- Activation
type=fileusing the shortcut's target, arguments, and working directory
- Updates
- Real-time via filesystem watchers for Start Menu/Desktop; background full rescan every 5 minutes
- PATH scanned at startup; changes to PATH environment variable require restarting Launcher
Windows MSIX/UWP (provider: windows.msix)
- Sources
- Shell apps view:
shell:AppsFolder - AppX registration (per-user and system): registry and package catalog APIs
- Shell apps view:
- Supported manifests
- MSIX/UWP packaged applications
- Activation
type=aumidusing the application’s AUMID (e.g.,AppsFolder\\<PFN>!<AppId>) with ShellExecute
- Metadata
- Name, description, icons from AppxManifest.xml; categories mapped when present
- Updates
- Package install/uninstall events; background reconciliation every 5 minutes
macOS LaunchServices (provider: macos.launchservices)
- Sources
/Applications,/System/Applications, and~/Applications- LaunchServices database (lsregister)
- Supported manifests
- .app bundles (CFBundle*)
- Activation
type=bundleIdusing:open -n -a "App Name" --args ...oropen -b <CFBundleIdentifier> --args ...
- Metadata
- Info.plist (CFBundleName, CFBundleIdentifier, CFBundleIconFile, CFBundleDocumentTypes)
- Updates
- FSEvents on Applications folders; LaunchServices changes; background reconciliation every 5 minutes
Linux Freedesktop (provider: linux.freedesktop)
- Sources
- System:
/usr/share/applications - User:
~/.local/share/applications
- System:
- Supported manifests
- .desktop files (Freedesktop specification)
- Activation
type=desktopExec;Exec field parsed per field-code rules (%f,%F,%u,%U,%i,%c,%k)
- Metadata
- Name, Comment, Icon, Categories from .desktop; localized keys respected
- Updates
- Inotify on application directories; background reconciliation every 5 minutes
macOS Homebrew (provider: macos.homebrew)
- Sources
- Homebrew formula and cask installations for the current user/system
- Supported entries
- Formulae that install CLI tools (binaries in Homebrew’s bin directories)
- Casks that install
.appbundles or other GUI entry points
- Activation
- CLI entries:
type=filewith the resolved binary path - GUI entries:
type=bundleIdortype=filepointing at the installed.app, launched viaopen
- CLI entries:
- Metadata
- Name, description, homepage, and categories from Homebrew metadata; tags annotate tap and source
- Options
options.includeTaps/options.excludeTapsoptions.includeApps/options.excludeAppsoptions.classifyCli: boolean
- Updates
- Detect Homebrew installs/uninstalls where possible; periodic reconciliation every 5 minutes
Linux Flatpak (provider: linux.flatpak)
- Sources
- Flatpak system and user installations (for example,
flathubremote)
- Flatpak system and user installations (for example,
- Supported entries
- Installed Flatpak applications with application ids
- Activation
- Typically
type=desktopExecusing a resolvedflatpak run <appId>command
- Typically
- Metadata
- Name, description, icon, and categories from Flatpak metadata and associated
.desktopfiles
- Name, description, icon, and categories from Flatpak metadata and associated
- Options
options.remotes: string[]— allowlisted Flatpak remotesoptions.includeApps/options.excludeApps— patterns on application ids
- Updates
- Monitor Flatpak install/uninstall; periodic reconciliation every 5 minutes
Linux Snap (provider: linux.snap)
- Sources
- Snapd installed snap list
- Supported entries
- Installed snaps that expose desktop entries or primary commands
- Activation
- GUI snaps:
type=desktopExecbased on registered desktop entries - CLI snaps:
type=fileordesktopExecusing the shim installed on PATH orsnap run
- GUI snaps:
- Metadata
- Name, summary, categories, and channel from snap metadata
- Options
options.channels: string[]— allowed channels (for example,stable,candidate)options.includeApps/options.excludeAppsoptions.classifyCli: boolean
- Updates
- Monitor snap install/uninstall; periodic reconciliation every 5 minutes
Docker Desktop Apps (provider: container.dockerDesktop)
- Sources
- Docker Desktop’s local application/catalog metadata where available
- Optionally, labeled containers or compose stacks marked as launchable desktop apps
- Supported entries
- Containerized applications designed to run via Docker Desktop as desktop/GUI apps or managed CLI tools
- Activation
type=fileordesktopExecpointing at a Docker Desktop launcher or wrapper (for example, adocker-desktophelper with app id arguments)
- Metadata
- Name, description, icon, and tags (for example, image reference, registry, namespace) from Docker Desktop metadata
- Options
options.allowedRegistries/options.allowedNamespacesoptions.includeApps/options.excludeApps
- Updates
- Monitor Docker Desktop catalog changes; periodic reconciliation every 5 minutes
CLI Tools on PATH (provider: cli.path)
- Sources
- Executables discovered from the process PATH on Windows, macOS, and Linux
- Optional additional includePaths to scan specific directories not on PATH
- Supported manifests
- Native executables and scripts (Windows: .exe, .cmd, .bat, .ps1; macOS: Mach-O, .app for bundle launches; Linux: ELF, .sh)
- Activation
type=fileusing the resolved absolute file path; working directory defaults to the file’s parent
- Options
- filters.include / filters.exclude applied to command name, resolved path, and provider ref
- options.includePaths: string[] — additional directories to scan
- options.signature: { requireSigned: boolean, allowedPublishers: string[] } (Windows/macOS)
- Updates
- Watch PATH directories and includePaths where possible; periodic rescan every 5 minutes
Native Path Applications (provider: native.path)
- Sources
- Configured
paths(directories to scan) - Optional
scanSystemPathto include the system PATH environment variable
- Configured
- Supported manifests
- Native executables (Windows: .exe; macOS: .app; Linux: binaries)
- Activation
type=fileusing the resolved absolute file path
- Metadata
- Name and icon extracted from the executable or app bundle
- Options
options.paths: string[] — directories to scan (e.g.,["C:\\Windows\\System32"])options.patterns: (string | object)[] — allowlist patterns or mapping objects- String: glob pattern (e.g.,
"notepad.exe") - Object:
{ "match": "glob", "displayName": "Display Name" }
- String: glob pattern (e.g.,
options.scanSystemPath: boolean — include system PATH (default: false)
- Updates
- File watchers on configured paths; periodic rescan every 5 minutes
- Examplejson
{ "type": "native.path", "enabled": true, "options": { "paths": ["C:\\Windows\\System32"], "patterns": [ "mspaint.exe", { "match": "notepad.exe", "displayName": "Corporate Text Editor" } ] } }
Portable Applications (provider: portable.apps)
- Sources
- Configured scanRoots on local NTFS/APFS/ext volumes and explicitly allow-listed UNC/NFS shares
- Portable folder patterns (single-EXE directories, macOS .app bundles, Linux app folders)
- Supported manifests
- Executables and scripts in portable directories; macOS .app bundles
- Activation
type=fileusing the primary executable inside the portable folder; Launcher mounts the app folder read-only by default
- Options
- options.scanRoots: string[] (supports environment variables)
- options.allowedExtensions: [".exe", ".cmd", ".bat", ".ps1", ".app", ".sh"]
- options.maxDepth: number; options.followSymlinks: boolean
- options.uncAllowlist: string[] — explicit allow-listed network locations
- options.signature:
- Updates
- File watchers on scanRoots where supported; background reconciliation every 5 minutes
Turbo Workspaces (provider: turbo.workspaces)
- Sources
- Turbo Server Workspace catalogs for trusted domains the user is signed in to
- Locally subscribed workspaces when offline (cached catalog)
- Supported entries
- Workspace applications the user is entitled to; metadata from Workspace configuration
- Activation
type=fileusing the workspace startup executable and arguments resolved at launch time
- Options
- options.domains: string[] — trusted domains to query
- options.includeWorkspaces / options.excludeWorkspaces: patterns
- options.requireLogin: boolean; options.offlineMode: "subscribedOnly" | "hideAll" | "showCached"
- Updates
- Live updates when connected; background refresh and cache reconciliation
Web Bookmarks (provider: web.bookmarks)
- Sources
- Browser bookmark stores (Chromium/Chrome/Edge/Firefox) per-profile (opt-in paths)
- Enterprise-provided bookmark exports (JSON) and curated bookmark feeds
- Supported manifests
- HTTPS links and deep links
- Activation
type=urlusing configured/default browser; optional profile selection; browser flags via activation.args
- Options
- options.browsers: ["edge", "chrome", "chromium", "firefox", "safari", "system"]
- options.includeProfiles / options.excludeProfiles: patterns per browser
- options.includeFolders / options.excludeFolders: bookmark folder filters
- options.importRules: allow/deny by host/path (glob/regex)
- options.defaultBrowser: string; options.defaultProfile: string
- Updates
- Watch bookmark databases when supported; periodic rescan every 5 minutes
Web PWAs (provider: web.pwa)
- Sources
- Browser web app registries per profile (Edge/Chromium/Chrome)
- Supported manifests
- Installed Progressive Web Apps
- Activation
type=pwaIdwith pwa.browser, pwa.profile, and pwa.appId; falls back to type=url if not installed and policy allows
- Metadata
- From web manifest and installed app metadata; fallback to site title and favicon
- Options
- options.browsers: ["edge", "chrome", "chromium"]
- options.profiles: patterns; options.requireInstalled: boolean
- options.defaultBrowser / options.defaultProfile
- Updates
- Monitor web app registries; periodic rescan every 5 minutes
SaaS Catalog — Okta (provider: saas.okta)
- Sources
- Okta assigned applications for the signed-in user via allowed domains/tenants
- Supported entries
- SaaS applications with launch URLs and optional deep links
- Activation
type=urlwith browser/profile selection; pair with Identity Access policy for SSO token adapters
- Options
- options.domain: string; options.includeApps / options.excludeApps: patterns
- options.preferDeepLink: boolean; options.defaultBrowser / options.defaultProfile
- options.offlineMode: "subscribedOnly" | "hideAll" | "showCached"
- Updates
- Live updates when connected; background refresh and cache reconciliation
SaaS Catalog — Microsoft 365 (provider: saas.microsoft365)
- Sources
- Microsoft 365/Entra assigned apps for the signed-in user (Graph)
- Supported entries
- SaaS applications and Microsoft 365 apps with launch URLs
- Activation
type=urlwith browser/profile selection; pair with Identity Access policy for SSO token adapters
- Options
- options.tenantId: string; options.includeApps / options.excludeApps: patterns
- options.preferDeepLink: boolean; options.defaultBrowser / options.defaultProfile
- options.offlineMode: "subscribedOnly" | "hideAll" | "showCached"
- Updates
- Live updates when connected; background refresh and cache reconciliation
SaaS Catalog — Generic (provider: saas.generic)
- Sources
- Enterprise JSON feeds or SCIM/OIDC-backed catalogs of SaaS apps
- Supported entries
- SaaS applications with launch URLs
- Activation
type=urlwith browser/profile selection
- Options
- options.feedUrl: string; authentication options as required by the feed
- options.includeApps / options.excludeApps: patterns; options.defaultBrowser / options.defaultProfile
- Updates
- Live updates when connected; background refresh and cache reconciliation
