Fix critical bugs, security issues, and code quality across all modules

- Replace bare except clauses with specific exceptions (JSONDecodeError, IOError, ValueError, TypeError)
- Add path traversal protection restricting navigation to ALLOWED_BASE_DIR
- Sanitize iframe URLs with scheme validation and html.escape to prevent XSS
- Extract duplicate to_float/to_int to module-level helpers in json_loader.py
- Replace silent modulo wrapping with clamped bounds checking via get_batch_item()
- Remove hardcoded IP 192.168.1.51:5800, default to empty string
- Add try/except around fragile batch history string parsing
- Add JSON schema validation (dict type check) in read_json_data()
- Add Python logging framework, replace print() calls
- Consolidate session state initialization into loop with defaults dict
- Guard streamlit_agraph import with try/except ImportError
- Add backup snapshot before history node deletion
- Add cycle detection in HistoryTree.commit()

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

history_tree.py

@@ -24,7 +24,18 @@ class HistoryTree:
 
     def commit(self, data, note="Snapshot"):
         new_id = str(uuid.uuid4())[:8]
-        
+
+        # Cycle detection: walk parent chain from head to verify no cycle
+        if self.head_id:
+            visited = set()
+            current = self.head_id
+            while current:
+                if current in visited:
+                    raise ValueError(f"Cycle detected in history tree at node {current}")
+                visited.add(current)
+                node = self.nodes.get(current)
+                current = node["parent"] if node else None
+
         active_branch = None
         for b_name, tip_id in self.branches.items():
             if tip_id == self.head_id: