chore- Add lang security rules and PR create flow

.cursor/rules/manifest.json

@@ -2,7 +2,7 @@
   "version": "mohxki3f",
   "releaseTag": "rules-2026.04.28.1777338695005",
   "generated": "2026-04-28T01:11:35.067Z",
-  "lastUpdated": "2026-05-04T20:21:41.457Z",
+  "lastUpdated": "2026-06-09T18:03:38.886Z",
   "lastUpdateReleaseTag": "rules-2026.04.28.1777338695005",
   "installedDomains": [
     "security-global",
@@ -80,10 +80,22 @@
     "security-lang/security-lang-node.mdc": {
       "sha256": "9019cc2470bbfc6d01c5c34aff42498a91b59ca9766a34a79de1ebe93cc6c587",
       "domain": "security-lang"
+    },
+    "security-lang/security-lang-python.mdc": {
+      "sha256": "ed404b0b4c21e1ffd4cd9bd28222ac29f68027cdba2e767a9ca1ca13872141b4",
+      "domain": "security-lang"
+    },
+    "security-lang/security-lang-c.mdc": {
+      "sha256": "96c7a93ca810550cad2e84aa9ff360d63d4fa8eb48eb849070e1b19ff9d0e2e3",
+      "domain": "security-lang"
+    },
+    "security-lang/security-lang-cpp.mdc": {
+      "sha256": "133472889ee8070bc0d022525974df629ee7cb3c3b118c1e1eef640dda51567e",
+      "domain": "security-lang"
     }
   },
   "stats": {
-    "totalFiles": 18,
+    "totalFiles": 21,
     "missingFiles": 0,
     "domains": 2
   }

.cursor/rules/pr-rules.mdc

@@ -1,9 +1,10 @@
 ---
+description: PR title, body, and post-create Jira comment conventions for this repo
 alwaysApply: true
 ---
 # Pull requests (PRs)
 
-When you draft or review a pull request title or description (for example in GitHub/GitLab or when asked in Agent chat), follow these conventions.
+When you draft, review, or **create** a pull request title or description (for example in GitHub/GitLab or when asked in Agent chat), follow these conventions.
 
 ## Deriving the Jira issue
 
@@ -97,6 +98,25 @@ Replace the key and URL with the actual ticket. If multiple tickets apply, list
 No ticket
 ```
 
+## Creating a PR — workflow
+
+When the user asks you to **create** a pull request, run this sequence:
+
+1. Inspect branch state (`git status`, diffs vs base, commit history) and draft the title and body using the conventions above.
+2. Push the branch to the remote with `-u` when it is not already published.
+3. Create the PR with `gh pr create` (HEREDOC body). Return the PR URL to the user.
+4. **Comment on linked Jira ticket(s)** — final step; do not skip when a ticket applies:
+   - **When** the branch name includes a Jira issue ID (or the PR `# Context` → `## Jira` section links one or more tickets): add a comment on **each** linked ticket with the PR URL.
+   - **When** `## Jira` is `No ticket`: skip this step.
+   - **Comment body** (one line; adjust only the PR URL):
+
+     ```text
+     Pull request: https://github.com/<org>/<repo>/pull/<number>
+     ```
+
+   - Prefer the **Jira MCP server** (`user-jira`) to post the comment when it is available and authenticated.
+   - If Jira MCP is unavailable or the comment fails, tell the user which ticket(s) still need the PR link and include the URL so they can add it manually.
+
 ## Example (full PR description)
 
 ```markdown

.cursor/rules/security-lang/security-lang-c.mdc

@@ -0,0 +1,42 @@
+---
+description: 
+globs: **/*.c,**/*.h
+alwaysApply: false
+---
+# Secure C Development
+
+These rules apply to all C source and header files in the repository and aim to prevent memory corruption, code injection, and unsafe system behavior.
+
+All violations must include a clear explanation of which rule was triggered and why, to help developers understand and fix the issue effectively.  
+Generated code must not violate these rules. If a rule is violated, a comment must be added explaining the issue and suggesting a correction.
+
+## 1. Avoid Unsafe Functions
+- **Rule:** Do not use functions like `gets`, `strcpy`, `sprintf`, or `scanf` with `%s`. Use bounded or safer alternatives like `fgets`, `strncpy`, or `snprintf`.
+
+## 2. Always Validate Input Lengths
+- **Rule:** Validate the length of user or external input before copying, storing, or processing it to prevent buffer overflows.
+
+## 3. Initialize All Pointers and Memory
+- **Rule:** All pointers and allocated memory must be explicitly initialized before use.
+
+## 4. Check All Memory Allocations
+- **Rule:** Check the result of `malloc`, `calloc`, or `realloc` for `NULL` before using the returned pointer.
+
+## 5. Avoid Format String Vulnerabilities
+- **Rule:** Never pass user-controlled strings directly as the format argument to functions like `printf`, `fprintf`, or `syslog`.
+
+## 6. Free All Allocated Memory
+- **Rule:** All dynamic memory must be properly freed to avoid memory leaks. Avoid double-free and use-after-free errors.
+
+## 7. Do Not Trust Environment Variables
+- **Rule:** Environment variables must not be used directly in sensitive operations like file access, exec calls, or security checks without validation.
+
+## 8. Avoid System and Shell Calls with Input
+- **Rule:** Do not use `system()`, `popen()`, or similar functions with user-controlled input. Use direct APIs when possible.
+
+## 9. Limit Pointer Arithmetic and Casting
+- **Rule:** Avoid unnecessary pointer arithmetic and type casting that can bypass bounds or type safety.
+
+## 10. Use Static Analysis and Compiler Warnings
+- **Rule:** Enable strict compiler warnings (`-Wall -Wextra -Werror`) and use static analysis tools (e.g., `clang-tidy`, `cppcheck`) to detect risky patterns.
+