test(config-audit): add marketplace-small/medium/large scanner fixtures

plugins/config-audit/tests/fixtures/marketplace-large/.claude/settings.json

@@ -0,0 +1,14 @@
+{
+  "$schema": "https://json.schemastore.org/claude-code-settings.json",
+  "permissions": {
+    "allow": [
+      "Bash(npm run *)",
+      "Read(src/**)",
+      "Read(packages/**)",
+      "Read(plugins/**)",
+      "Write(dist/**)"
+    ],
+    "deny": ["Read(./.env)", "Read(**/secrets/**)"]
+  },
+  "effortLevel": "high"
+}

plugins/config-audit/tests/fixtures/marketplace-large/.claude/shared-errors.md

@@ -0,0 +1,9 @@
+# Shared Error-Handling Patterns
+
+- Subclass `Error` with typed messages
+- Never swallow errors silently
+- Prefer `Result<T, E>` return types in business logic
+- Log only at boundaries, never inside pure functions
+- Validate inputs only at the system edge
+- Treat all third-party API responses as untrusted input
+- Bail early on contract violations rather than degrading silently

plugins/config-audit/tests/fixtures/marketplace-large/.claude/shared-naming.md

@@ -0,0 +1,7 @@
+# Shared Naming Conventions
+
+- `camelCase` for variables, function parameters, function names
+- `PascalCase` for classes, interfaces, type aliases
+- `UPPER_SNAKE_CASE` for module-level constants
+- kebab-case for filenames and directory names
+- `_leading_underscore` for unused parameters explicitly retained

plugins/config-audit/tests/fixtures/marketplace-large/.claude/shared-tests.md

@@ -0,0 +1,9 @@
+# Shared Test Patterns
+
+- One fixture per scenario under `tests/fixtures/{name}/`
+- `describe(...)` + `it(...)` from `node:test`
+- Co-locate tests with their implementation as `*.test.mjs`
+- Prefer table-driven tests for permutations
+- Reset module-level state in `beforeEach` to keep tests isolated
+- Use `execFile` for CLI subprocess tests
+- Avoid mocks for I/O at fixture boundaries — read real files instead