Fix critical bugs, security issues, and code quality across all modules

- Replace bare except clauses with specific exceptions (JSONDecodeError, IOError, ValueError, TypeError)
- Add path traversal protection restricting navigation to ALLOWED_BASE_DIR
- Sanitize iframe URLs with scheme validation and html.escape to prevent XSS
- Extract duplicate to_float/to_int to module-level helpers in json_loader.py
- Replace silent modulo wrapping with clamped bounds checking via get_batch_item()
- Remove hardcoded IP 192.168.1.51:5800, default to empty string
- Add try/except around fragile batch history string parsing
- Add JSON schema validation (dict type check) in read_json_data()
- Add Python logging framework, replace print() calls
- Consolidate session state initialization into loop with defaults dict
- Guard streamlit_agraph import with try/except ImportError
- Add backup snapshot before history node deletion
- Add cycle detection in HistoryTree.commit()

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

tab_timeline.py

@@ -1,4 +1,5 @@
 import streamlit as st
+import copy
 import json
 import graphviz
 import time
@@ -137,6 +138,10 @@ def render_timeline_tab(data, file_path):
             st.warning("Deleting a node cannot be undone.")
             if st.button("🗑️ Delete This Node", type="primary"):
                 if selected_node['id'] in htree.nodes:
+                    # Backup current tree state before destructive operation
+                    if "history_tree_backup" not in data:
+                        data["history_tree_backup"] = []
+                    data["history_tree_backup"].append(copy.deepcopy(htree.to_dict()))
                     del htree.nodes[selected_node['id']]
                     for b, tip in list(htree.branches.items()):
                         if tip == selected_node['id']: