Fix critical bugs, security issues, and code quality across all modules

- Replace bare except clauses with specific exceptions (JSONDecodeError, IOError, ValueError, TypeError)
- Add path traversal protection restricting navigation to ALLOWED_BASE_DIR
- Sanitize iframe URLs with scheme validation and html.escape to prevent XSS
- Extract duplicate to_float/to_int to module-level helpers in json_loader.py
- Replace silent modulo wrapping with clamped bounds checking via get_batch_item()
- Remove hardcoded IP 192.168.1.51:5800, default to empty string
- Add try/except around fragile batch history string parsing
- Add JSON schema validation (dict type check) in read_json_data()
- Add Python logging framework, replace print() calls
- Consolidate session state initialization into loop with defaults dict
- Guard streamlit_agraph import with try/except ImportError
- Add backup snapshot before history node deletion
- Add cycle detection in HistoryTree.commit()

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

tab_timeline_wip.py

@@ -2,9 +2,17 @@ import streamlit as st
 import json
 from history_tree import HistoryTree
 from utils import save_json
-from streamlit_agraph import agraph, Node, Edge, Config
+
+try:
+    from streamlit_agraph import agraph, Node, Edge, Config
+    _HAS_AGRAPH = True
+except ImportError:
+    _HAS_AGRAPH = False
 
 def render_timeline_wip(data, file_path):
+    if not _HAS_AGRAPH:
+        st.error("The `streamlit-agraph` package is required for this tab. Install it with: `pip install streamlit-agraph`")
+        return
     tree_data = data.get("history_tree", {})
     if not tree_data:
         st.info("No history timeline exists.")