v0.9.2 — Plugin API extensions + security hardening

What's new

Plugin API

• yafm.openInApp(entry, bundleId) — open any file in a specific app from a plugin. Requires contribute:action capability. Dangerous extensions (.sh, .command, .scpt, .workflow, .pkg, …) prompt the user before opening.
• yafm.readEXIF(entry) — read EXIF/TIFF metadata (camera, date, dimensions) from image files. Requires read:exif. GPS intentionally excluded.
• Two example plugins seeded on first run (open-with, exif-info), disabled by default.

UX

• iCloud status indicator — cloud-download icon appears next to files not yet downloaded from iCloud Drive.
• ⌘⇧C → Copy Full Path (was palette/menu only).
• Capability chips in Settings ▸ Plugins now show readable labels (columns, read EXIF, open apps & clipboard, …).

Security hardening

• C-1: openInApp guards against executable extensions with a warning alert.
• C-2: Plugin file handles scoped per JSContext — one plugin can't enumerate another's handles.
• P1-A: Removed Trust.signed — no fake "Signed" badge until cryptographic verification ships.
• P1-B: PluginValueCache generation token — in-flight async tasks discard stale results on reload.
• P2-1: Native __yafm_* bridges wrapped in IIFE and deleted from globalThis.
• P2-2: yafm.readText capped at 500 calls per directory view.

Installing

This DMG is unnotarized (no paid Apple Developer account yet). To open on first launch:

• Right-click yafm.app → Open → Open, or
• System Settings → Privacy & Security → Open Anyway, or
• xattr -dr com.apple.quarantine /Applications/yafm.app

Full changelog: CHANGELOG.md