Harden CTO sandcastle provider gate

lib/cto-worker.sh

@@ -36,6 +36,18 @@ cmd_sandcastle() {
   [ -d "$target" ] || { echo "ERROR: target repo $target not found" >&2; return 1; }
   [ -f "$prompt_file" ] || { echo "ERROR: prompt file $prompt_file not found" >&2; return 1; }
 
+  case "$provider" in
+    docker|podman) ;;
+    noSandbox|nosandbox|head)
+      echo "BLOCK: unsafe sandcastle provider/strategy requires JP approval: $provider" >&2
+      return 1
+      ;;
+    *)
+      echo "BLOCK: unsupported sandcastle provider: $provider" >&2
+      return 1
+      ;;
+  esac
+
   # Hard rule: never run against read-only workspace siblings.
   case "$(basename "$target")" in
     hermes-agent|hermes-webui|marketingskills|sandcastle)