fix(detector): catch annotated input float passthrough

[prasannakotyal]

Summary

• add a hard detector for entrypoints that return an input tensor cast with .float() without real compute
• allow imports, docstrings, and no-op contextlib.nullcontext() wrappers so the detector catches the direct and wrapped fake-output variants
• register INPUT_PASSTHROUGH_OUTPUT as an auto-filter hard rule

Target

KernelGuard-Red-Submission: 328

Validation

• UV_CACHE_DIR=/tmp/uvcache uv run python -m py_compile kernelguard.py
• annotated return data.float() sample: classification=hacked, should_filter=true, pattern INPUT_PASSTHROUGH_OUTPUT
• direct and nullcontext-wrapped variants also classify as hacked locally
• UV_CACHE_DIR=/tmp/uvcache uv run python ../../kernelguard_bypasses/eval_blue_patch.py kernelguard.py clean fixtures remain should_filter=False
• Same detector already passed official eval on PR fix(detector): detect input float passthrough #242 with TP 20/20, FP 20/20, surgicalness 1.0

[github-actions]

KernelGuard Blue Evaluation

• Evaluation job: 189
• Blue submission: 161
• Result: passed
• Target red submission caught: True
• Validation suite: TP 20/20, FP 20/20
• Surgicalness score: 1.0
• Workflow run: https://github.com/SinatrasC/kernelguard/actions/runs/25381978553

[SinatrasC]

Thanks for the KernelGuard Flywheel Campaign contribution. We are not merging this narrow variant separately because the consolidated rule-family implementation in #273 is the merge path for this detector area.