fix: check_modified uses lexical containment, explicit is_symlink check

- check_modified() no longer calls _validate_rel_path (which resolves
  symlinks); uses lexical checks (is_absolute, '..' in parts) instead
- is_symlink() checked before is_file() so symlinks to files are still
  treated as modified
- Fixed templates_dir() docstring to match actual behavior

src/specify_cli/integrations/base.py

@@ -87,8 +87,8 @@ class IntegrationBase(ABC):
     def templates_dir(self) -> Path:
         """Return the path to this integration's bundled templates.
 
-        By convention, templates live in a ``templates/`` subdirectory next
+        By convention, templates live in a ``templates/`` subdirectory
-        to the integration's ``__init__.py``.
+        next to the file where the integration class is defined.
         """
         import inspect
 

src/specify_cli/integrations/manifest.py

@@ -113,14 +113,15 @@ class IntegrationManifest:
         """Return relative paths of tracked files whose content changed on disk."""
         modified: list[str] = []
         for rel, expected_hash in self._files.items():
-            try:
+            rel_path = Path(rel)
-                abs_path = _validate_rel_path(Path(rel), self.project_root)
+            # Skip paths that are absolute or attempt to escape the project root
-            except ValueError:
+            if rel_path.is_absolute() or ".." in rel_path.parts:
                 continue
-            if not abs_path.exists():
+            abs_path = self.project_root / rel_path
+            if not abs_path.exists() and not abs_path.is_symlink():
                 continue
-            # Treat non-regular-files (directories, symlinks) as modified
+            # Treat symlinks and non-regular-files as modified
-            if not abs_path.is_file():
+            if abs_path.is_symlink() or not abs_path.is_file():
                 modified.append(rel)
                 continue
             if _sha256(abs_path) != expected_hash: