test: stabilize qwen oauth env tests and gateway fixtures

src/providers/mod.rs

@@ -1453,6 +1453,7 @@ pub fn list_providers() -> Vec<ProviderInfo> {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use std::sync::{Mutex, OnceLock};
 
     struct EnvGuard {
         key: &'static str,
@@ -1481,6 +1482,13 @@ mod tests {
         }
     }
 
+    fn env_lock() -> std::sync::MutexGuard<'static, ()> {
+        static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
+        LOCK.get_or_init(|| Mutex::new(()))
+            .lock()
+            .expect("env lock poisoned")
+    }
+
     #[test]
     fn resolve_provider_credential_prefers_explicit_argument() {
         let resolved = resolve_provider_credential("openrouter", Some("  explicit-key  "));
@@ -1489,6 +1497,7 @@ mod tests {
 
     #[test]
     fn resolve_provider_credential_uses_minimax_oauth_env_for_placeholder() {
+        let _env_lock = env_lock();
         let _oauth_guard = EnvGuard::set(MINIMAX_OAUTH_TOKEN_ENV, Some("oauth-token"));
         let _api_guard = EnvGuard::set(MINIMAX_API_KEY_ENV, Some("api-key"));
         let _refresh_guard = EnvGuard::set(MINIMAX_OAUTH_REFRESH_TOKEN_ENV, None);
@@ -1500,6 +1509,7 @@ mod tests {
 
     #[test]
     fn resolve_provider_credential_falls_back_to_minimax_api_key_for_placeholder() {
+        let _env_lock = env_lock();
         let _oauth_guard = EnvGuard::set(MINIMAX_OAUTH_TOKEN_ENV, None);
         let _api_guard = EnvGuard::set(MINIMAX_API_KEY_ENV, Some("api-key"));
         let _refresh_guard = EnvGuard::set(MINIMAX_OAUTH_REFRESH_TOKEN_ENV, None);
@@ -1511,6 +1521,7 @@ mod tests {
 
     #[test]
     fn resolve_provider_credential_placeholder_ignores_generic_api_key_fallback() {
+        let _env_lock = env_lock();
         let _oauth_guard = EnvGuard::set(MINIMAX_OAUTH_TOKEN_ENV, None);
         let _api_guard = EnvGuard::set(MINIMAX_API_KEY_ENV, None);
         let _refresh_guard = EnvGuard::set(MINIMAX_OAUTH_REFRESH_TOKEN_ENV, None);
@@ -1536,6 +1547,7 @@ mod tests {
 
     #[test]
     fn resolve_qwen_oauth_context_prefers_explicit_override() {
+        let _env_lock = env_lock();
         let fake_home = format!("/tmp/zeroclaw-qwen-oauth-home-{}", std::process::id());
         let _home_guard = EnvGuard::set("HOME", Some(fake_home.as_str()));
         let _token_guard = EnvGuard::set(QWEN_OAUTH_TOKEN_ENV, Some("oauth-token"));
@@ -1552,6 +1564,7 @@ mod tests {
 
     #[test]
     fn resolve_qwen_oauth_context_uses_env_token_and_resource_url() {
+        let _env_lock = env_lock();
         let fake_home = format!("/tmp/zeroclaw-qwen-oauth-home-{}-env", std::process::id());
         let _home_guard = EnvGuard::set("HOME", Some(fake_home.as_str()));
         let _token_guard = EnvGuard::set(QWEN_OAUTH_TOKEN_ENV, Some("oauth-token"));
@@ -1573,6 +1586,7 @@ mod tests {
 
     #[test]
     fn resolve_qwen_oauth_context_reads_cached_credentials_file() {
+        let _env_lock = env_lock();
         let fake_home = format!("/tmp/zeroclaw-qwen-oauth-home-{}-file", std::process::id());
         let creds_dir = PathBuf::from(&fake_home).join(".qwen");
         std::fs::create_dir_all(&creds_dir).unwrap();
@@ -1600,6 +1614,7 @@ mod tests {
 
     #[test]
     fn resolve_qwen_oauth_context_placeholder_does_not_use_dashscope_fallback() {
+        let _env_lock = env_lock();
         let fake_home = format!(
             "/tmp/zeroclaw-qwen-oauth-home-{}-placeholder",
             std::process::id()