The app store rules are designed to target scammers and criminals. Sometimes honest people do get caught in them when they don't think about how their innocent plans could be exploited by someone who isn't innocent.
2.4.5v is for privilege escalation. Don't do that.
2.4.5iv is for dynamically changing behaviour. This is an image uploading app that has a gambling app as an "easter egg".
The guidelines explicity say that "Apps distributed via the Mac App Store may host plug-ins or extensions that are enabled with mechanisms other than the App Store." The key part there is that the download and install cannot be automatic. The user has to do that on their own. You can help them via your website as much as you want. You have to be more careful inside the app.
As long as you explain exactly what your app does in the comments, you should be fine. The bigger problem is customer confusion for the downloads, installs, etc. They are completely ignorant of the sandbox and the hoops required for it. You are the one they will blame when it doesn't work as expected. I sure wish Apple would separate the payment infrastructure from the Mac App Store environment. For me, the 30% is a great deal for a great service. It is those Mac App Store restrictions that are the big pain.
I don't know anything about mach XPC sockets, so I can't help there. I would caution you against trying to get to fancy. If you are going the plug-in route, you have so many other options. Just execute the build tools via the command line. Use a security-scoped bookmark to reference the plug-in.