Fix critical bugs, security issues, and code quality across all modules

- Replace bare except clauses with specific exceptions (JSONDecodeError, IOError, ValueError, TypeError)
- Add path traversal protection restricting navigation to ALLOWED_BASE_DIR
- Sanitize iframe URLs with scheme validation and html.escape to prevent XSS
- Extract duplicate to_float/to_int to module-level helpers in json_loader.py
- Replace silent modulo wrapping with clamped bounds checking via get_batch_item()
- Remove hardcoded IP 192.168.1.51:5800, default to empty string
- Add try/except around fragile batch history string parsing
- Add JSON schema validation (dict type check) in read_json_data()
- Add Python logging framework, replace print() calls
- Consolidate session state initialization into loop with defaults dict
- Guard streamlit_agraph import with try/except ImportError
- Add backup snapshot before history node deletion
- Add cycle detection in HistoryTree.commit()

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

tab_batch.py

@@ -85,13 +85,19 @@ def render_batch_processor(data, file_path, json_files, current_dir, selected_fi
 
     if bc3.button("➕ From History", use_container_width=True, disabled=not src_hist):
         if sel_hist:
-            idx = int(sel_hist.split(":")[0].replace("#", "")) - 1
-            item = DEFAULTS.copy()
-            h_item = src_hist[idx]
-            item.update(h_item)
-            if "loras" in h_item and isinstance(h_item["loras"], dict):
-                item.update(h_item["loras"])
-            add_sequence(item)
+            try:
+                idx = int(sel_hist.split(":")[0].replace("#", "")) - 1
+                if idx < 0 or idx >= len(src_hist):
+                    st.error(f"History index {idx + 1} out of range.")
+                else:
+                    item = DEFAULTS.copy()
+                    h_item = src_hist[idx]
+                    item.update(h_item)
+                    if "loras" in h_item and isinstance(h_item["loras"], dict):
+                        item.update(h_item["loras"])
+                    add_sequence(item)
+            except (ValueError, IndexError) as e:
+                st.error(f"Could not parse history selection: {e}")
 
     # --- RENDER LIST ---
     st.markdown("---")