fix: inject SERVICE_NAME/SERVICE_PORT for app components in batch path

AddComponentBatch was missing the SERVICE_NAME injection that AddComponent
has. When an app-react component (e.g. creator-ui) was rendered via the
batch endpoint alongside a service component, {{SERVICE_NAME}} in App.tsx.tmpl
was never substituted — rendering the literal string into the repo.

Fix: scan the batch's own code requests for a service component first
(since the service isn't in the DB yet during batch processing), then
fall back to findFirstServiceComponent from DB.

This is the same AddComponent vs AddComponentBatch parity gap that caused
the JWT_SECRET issue (RC-2). The auth API URL in every app-react project
was broken when deployed via the batch endpoint.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

internal/service/component_batch.go

@@ -153,6 +153,30 @@ func (s *ComponentService) AddComponentBatch(ctx context.Context, projectID stri
 			"DOMAIN":         projectDomain,
 		}
 
+		// For frontend apps, inject the primary service name/port for API proxy.
+		// Check the batch itself first (service not yet in DB), then fall back to DB.
+		if componentType.IsAppComponent() {
+			var svcName string
+			var svcPort int
+			for _, r := range codeReqs {
+				if domain.ComponentType(r.Type) == domain.ComponentTypeService {
+					svcName = r.Name
+					svcPort = r.Port
+					break
+				}
+			}
+			if svcName == "" {
+				if svc := s.findFirstServiceComponent(ctx, projectID); svc != nil {
+					svcName = svc.Name
+					svcPort = svc.Port
+				}
+			}
+			if svcName != "" {
+				vars["SERVICE_NAME"] = svcName
+				vars["SERVICE_PORT"] = strconv.Itoa(svcPort)
+			}
+		}
+
 		// Get component template files
 		componentFiles, err := s.templateProvider.GetComponentFiles(ctx, req.Type, componentPath, vars)
 		if err != nil {