these are all valid points, except for the // swift-tools-version: which is not really involved here.
using a plugin that does not match the version of the toolchain you are using is not correct usage. so source generators should never run (or ideally, be built at all) as part of a CI matrix, or be enabled by default for end users. this precludes using them as buildTools; all source generators should run as command plugins, using them otherwise is fundamentally unsafe.
right now in swift-json, i am using:
#if swift(>=5.8) && (os(Linux) || os(macOS))
plugins.append(.package(url: "https://github.com/kelvin13/swift-package-factory",
branch: "swift-DEVELOPMENT-SNAPSHOT-2022-08-18-a"))
#endif
in the package manifest. this effectively requires having the swift-DEVELOPMENT-SNAPSHOT-2022-08-18-a installed in order to develop (as opposed to just use) the package. this makes it harder to contribute to the project, and ideally SPM would be able to detect the currently-installed toolchain, and choose the appropriate tag of swift-package-factory to include as a dependency. but right now SPM cannot do this.