Skip to content

Discovery Providers Catalog

Reference for the Launcher’s discovery providers across Windows, macOS, Linux, web, and SaaS ecosystems. Use this page to understand what each provider does, which sources it reads from, and how it maps into the normalized application record.

What You'll Learn

  • Which discovery providers are available across desktop, CLI, web, and SaaS ecosystems
  • How providers populate the normalized application record (icons, metadata, handlers)
  • How live updates, deduplication, and capabilities differ by provider

See also:


1. Capability Matrix

Use this matrix to compare discovery providers by the types of applications they emit and cross-cutting behaviors such as icons, live updates, and deduplication.

ProviderKey (source.provider)PlatformsGUI appsCLI toolsWeb / SaaS appsIcons*Categories & handlers*Live updates
Windows Shortcutswindows.shortcutsWindows
Windows MSIX/UWPwindows.msixWindows
macOS LaunchServicesmacos.launchservicesmacOS
macOS Homebrewmacos.homebrewmacOS✅ (casks)✅ (formulae)
Linux Freedesktoplinux.freedesktopLinux
Linux Flatpaklinux.flatpakLinux
Linux Snaplinux.snapLinux
Docker Desktop Appscontainer.dockerDesktopWindows, macOS
CLI Tools on PATHcli.pathWindows, macOS, Linux
Native Path Applicationsnative.pathWindows, macOS, Linux
Portable Applicationsportable.appsWindows, macOS, Linux
Turbo Workspacesturbo.workspacesWindows, macOS, Linux
Web Bookmarksweb.bookmarksWindows, macOS, Linux
Web PWAsweb.pwaWindows, macOS, Linux✅ (PWA shells)
SaaS Catalog — Oktasaas.oktaWindows, macOS, Linux
SaaS Catalog — Microsoft 365saas.microsoft365Windows, macOS, Linux
SaaS Catalog — Genericsaas.genericWindows, macOS, Linux

Legend

  • ✅ = supported / primary behavior
  • ⚪ = not primary or not applicable

Notes

  • Icons*: All providers emit iconRef and basic metadata; icon quality depends on the underlying OS or catalog.
  • Categories & handlers*: Populated when the underlying platform or catalog exposes them (for example, MSIX/UWP, macOS .app, Linux .desktop).
  • Metadata: name, description, icon — all providers
  • Categories: MSIX/UWP, macOS .app, Linux .desktop; populated when provided by the OS manifest
  • Protocol/file handlers: surfaced to policy as capabilities; can be used to inform file associations
  • Live updates: supported by all providers
  • Deduplication across providers: supported (priority + heuristics)

2. Desktop OS Providers

Windows

macOS

Linux

3. Cross-Platform & Catalogs

4. Web, PWAs, and SaaS


Windows Shortcuts (provider: windows.shortcuts)

  • Sources
    • Start Menu (User): %APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs
    • Start Menu (All Users): %PROGRAMDATA%\\Microsoft\\Windows\\Start Menu\\Programs
    • Desktop (User): %USERPROFILE%\\Desktop
    • Desktop (Public): %PUBLIC%\\Desktop
    • PATH directories (flat scan, no recursion)
  • Supported manifests
    • .lnk (Windows shortcut)
    • .url (Internet shortcut)
    • .exe (direct executables)
  • Activation
    • type=file using the shortcut's target, arguments, and working directory
  • Updates
    • Real-time via filesystem watchers for Start Menu/Desktop; background full rescan every 5 minutes
    • PATH scanned at startup; changes to PATH environment variable require restarting Launcher

Windows MSIX/UWP (provider: windows.msix)

  • Sources
    • Shell apps view: shell:AppsFolder
    • AppX registration (per-user and system): registry and package catalog APIs
  • Supported manifests
    • MSIX/UWP packaged applications
  • Activation
    • type=aumid using the application’s AUMID (e.g., AppsFolder\\<PFN>!<AppId>) with ShellExecute
  • Metadata
    • Name, description, icons from AppxManifest.xml; categories mapped when present
  • Updates
    • Package install/uninstall events; background reconciliation every 5 minutes

macOS LaunchServices (provider: macos.launchservices)

  • Sources
    • /Applications, /System/Applications, and ~/Applications
    • LaunchServices database (lsregister)
  • Supported manifests
    • .app bundles (CFBundle*)
  • Activation
    • type=bundleId using: open -n -a "App Name" --args ... or open -b <CFBundleIdentifier> --args ...
  • Metadata
    • Info.plist (CFBundleName, CFBundleIdentifier, CFBundleIconFile, CFBundleDocumentTypes)
  • Updates
    • FSEvents on Applications folders; LaunchServices changes; background reconciliation every 5 minutes

Linux Freedesktop (provider: linux.freedesktop)

  • Sources
    • System: /usr/share/applications
    • User: ~/.local/share/applications
  • Supported manifests
    • .desktop files (Freedesktop specification)
  • Activation
    • type=desktopExec; Exec field parsed per field-code rules (%f, %F, %u, %U, %i, %c, %k)
  • Metadata
    • Name, Comment, Icon, Categories from .desktop; localized keys respected
  • Updates
    • Inotify on application directories; background reconciliation every 5 minutes

macOS Homebrew (provider: macos.homebrew)

  • Sources
    • Homebrew formula and cask installations for the current user/system
  • Supported entries
    • Formulae that install CLI tools (binaries in Homebrew’s bin directories)
    • Casks that install .app bundles or other GUI entry points
  • Activation
    • CLI entries: type=file with the resolved binary path
    • GUI entries: type=bundleId or type=file pointing at the installed .app, launched via open
  • Metadata
    • Name, description, homepage, and categories from Homebrew metadata; tags annotate tap and source
  • Options
    • options.includeTaps / options.excludeTaps
    • options.includeApps / options.excludeApps
    • options.classifyCli: boolean
  • Updates
    • Detect Homebrew installs/uninstalls where possible; periodic reconciliation every 5 minutes

Linux Flatpak (provider: linux.flatpak)

  • Sources
    • Flatpak system and user installations (for example, flathub remote)
  • Supported entries
    • Installed Flatpak applications with application ids
  • Activation
    • Typically type=desktopExec using a resolved flatpak run <appId> command
  • Metadata
    • Name, description, icon, and categories from Flatpak metadata and associated .desktop files
  • Options
    • options.remotes: string[] — allowlisted Flatpak remotes
    • options.includeApps / options.excludeApps — patterns on application ids
  • Updates
    • Monitor Flatpak install/uninstall; periodic reconciliation every 5 minutes

Linux Snap (provider: linux.snap)

  • Sources
    • Snapd installed snap list
  • Supported entries
    • Installed snaps that expose desktop entries or primary commands
  • Activation
    • GUI snaps: type=desktopExec based on registered desktop entries
    • CLI snaps: type=file or desktopExec using the shim installed on PATH or snap run
  • Metadata
    • Name, summary, categories, and channel from snap metadata
  • Options
    • options.channels: string[] — allowed channels (for example, stable, candidate)
    • options.includeApps / options.excludeApps
    • options.classifyCli: boolean
  • Updates
    • Monitor snap install/uninstall; periodic reconciliation every 5 minutes

Docker Desktop Apps (provider: container.dockerDesktop)

  • Sources
    • Docker Desktop’s local application/catalog metadata where available
    • Optionally, labeled containers or compose stacks marked as launchable desktop apps
  • Supported entries
    • Containerized applications designed to run via Docker Desktop as desktop/GUI apps or managed CLI tools
  • Activation
    • type=file or desktopExec pointing at a Docker Desktop launcher or wrapper (for example, a docker-desktop helper with app id arguments)
  • Metadata
    • Name, description, icon, and tags (for example, image reference, registry, namespace) from Docker Desktop metadata
  • Options
    • options.allowedRegistries / options.allowedNamespaces
    • options.includeApps / options.excludeApps
  • Updates
    • Monitor Docker Desktop catalog changes; periodic reconciliation every 5 minutes

CLI Tools on PATH (provider: cli.path)

  • Sources
    • Executables discovered from the process PATH on Windows, macOS, and Linux
    • Optional additional includePaths to scan specific directories not on PATH
  • Supported manifests
    • Native executables and scripts (Windows: .exe, .cmd, .bat, .ps1; macOS: Mach-O, .app for bundle launches; Linux: ELF, .sh)
  • Activation
    • type=file using the resolved absolute file path; working directory defaults to the file’s parent
  • Options
    • filters.include / filters.exclude applied to command name, resolved path, and provider ref
    • options.includePaths: string[] — additional directories to scan
    • options.signature: { requireSigned: boolean, allowedPublishers: string[] } (Windows/macOS)
  • Updates
    • Watch PATH directories and includePaths where possible; periodic rescan every 5 minutes

Native Path Applications (provider: native.path)

  • Sources
    • Configured paths (directories to scan)
    • Optional scanSystemPath to include the system PATH environment variable
  • Supported manifests
    • Native executables (Windows: .exe; macOS: .app; Linux: binaries)
  • Activation
    • type=file using the resolved absolute file path
  • Metadata
    • Name and icon extracted from the executable or app bundle
  • Options
    • options.paths: string[] — directories to scan (e.g., ["C:\\Windows\\System32"])
    • options.patterns: (string | object)[] — allowlist patterns or mapping objects
      • String: glob pattern (e.g., "notepad.exe")
      • Object: { "match": "glob", "displayName": "Display Name" }
    • options.scanSystemPath: boolean — include system PATH (default: false)
  • Updates
    • File watchers on configured paths; periodic rescan every 5 minutes
  • Example
    json
    {
      "type": "native.path",
      "enabled": true,
      "options": {
        "paths": ["C:\\Windows\\System32"],
        "patterns": [
          "mspaint.exe",
          { "match": "notepad.exe", "displayName": "Corporate Text Editor" }
        ]
      }
    }

Portable Applications (provider: portable.apps)

  • Sources
    • Configured scanRoots on local NTFS/APFS/ext volumes and explicitly allow-listed UNC/NFS shares
    • Portable folder patterns (single-EXE directories, macOS .app bundles, Linux app folders)
  • Supported manifests
    • Executables and scripts in portable directories; macOS .app bundles
  • Activation
    • type=file using the primary executable inside the portable folder; Launcher mounts the app folder read-only by default
  • Options
    • options.scanRoots: string[] (supports environment variables)
    • options.allowedExtensions: [".exe", ".cmd", ".bat", ".ps1", ".app", ".sh"]
    • options.maxDepth: number; options.followSymlinks: boolean
    • options.uncAllowlist: string[] — explicit allow-listed network locations
    • options.signature:
  • Updates
    • File watchers on scanRoots where supported; background reconciliation every 5 minutes

Turbo Workspaces (provider: turbo.workspaces)

  • Sources
    • Turbo Server Workspace catalogs for trusted domains the user is signed in to
    • Locally subscribed workspaces when offline (cached catalog)
  • Supported entries
    • Workspace applications the user is entitled to; metadata from Workspace configuration
  • Activation
    • type=file using the workspace startup executable and arguments resolved at launch time
  • Options
    • options.domains: string[] — trusted domains to query
    • options.includeWorkspaces / options.excludeWorkspaces: patterns
    • options.requireLogin: boolean; options.offlineMode: "subscribedOnly" | "hideAll" | "showCached"
  • Updates
    • Live updates when connected; background refresh and cache reconciliation

Web Bookmarks (provider: web.bookmarks)

  • Sources
    • Browser bookmark stores (Chromium/Chrome/Edge/Firefox) per-profile (opt-in paths)
    • Enterprise-provided bookmark exports (JSON) and curated bookmark feeds
  • Supported manifests
    • HTTPS links and deep links
  • Activation
    • type=url using configured/default browser; optional profile selection; browser flags via activation.args
  • Options
    • options.browsers: ["edge", "chrome", "chromium", "firefox", "safari", "system"]
    • options.includeProfiles / options.excludeProfiles: patterns per browser
    • options.includeFolders / options.excludeFolders: bookmark folder filters
    • options.importRules: allow/deny by host/path (glob/regex)
    • options.defaultBrowser: string; options.defaultProfile: string
  • Updates
    • Watch bookmark databases when supported; periodic rescan every 5 minutes

Web PWAs (provider: web.pwa)

  • Sources
    • Browser web app registries per profile (Edge/Chromium/Chrome)
  • Supported manifests
    • Installed Progressive Web Apps
  • Activation
    • type=pwaId with pwa.browser, pwa.profile, and pwa.appId; falls back to type=url if not installed and policy allows
  • Metadata
    • From web manifest and installed app metadata; fallback to site title and favicon
  • Options
    • options.browsers: ["edge", "chrome", "chromium"]
    • options.profiles: patterns; options.requireInstalled: boolean
    • options.defaultBrowser / options.defaultProfile
  • Updates
    • Monitor web app registries; periodic rescan every 5 minutes

SaaS Catalog — Okta (provider: saas.okta)

  • Sources
    • Okta assigned applications for the signed-in user via allowed domains/tenants
  • Supported entries
    • SaaS applications with launch URLs and optional deep links
  • Activation
    • type=url with browser/profile selection; pair with Identity Access policy for SSO token adapters
  • Options
    • options.domain: string; options.includeApps / options.excludeApps: patterns
    • options.preferDeepLink: boolean; options.defaultBrowser / options.defaultProfile
    • options.offlineMode: "subscribedOnly" | "hideAll" | "showCached"
  • Updates
    • Live updates when connected; background refresh and cache reconciliation

SaaS Catalog — Microsoft 365 (provider: saas.microsoft365)

  • Sources
    • Microsoft 365/Entra assigned apps for the signed-in user (Graph)
  • Supported entries
    • SaaS applications and Microsoft 365 apps with launch URLs
  • Activation
    • type=url with browser/profile selection; pair with Identity Access policy for SSO token adapters
  • Options
    • options.tenantId: string; options.includeApps / options.excludeApps: patterns
    • options.preferDeepLink: boolean; options.defaultBrowser / options.defaultProfile
    • options.offlineMode: "subscribedOnly" | "hideAll" | "showCached"
  • Updates
    • Live updates when connected; background refresh and cache reconciliation

SaaS Catalog — Generic (provider: saas.generic)

  • Sources
    • Enterprise JSON feeds or SCIM/OIDC-backed catalogs of SaaS apps
  • Supported entries
    • SaaS applications with launch URLs
  • Activation
    • type=url with browser/profile selection
  • Options
    • options.feedUrl: string; authentication options as required by the feed
    • options.includeApps / options.excludeApps: patterns; options.defaultBrowser / options.defaultProfile
  • Updates
    • Live updates when connected; background refresh and cache reconciliation