direct-access-raises-list-access-filters

IN premise

API functions for single-node access (`show_node`, `explain_node`, `trace_assumptions`) raise `PermissionError` on forbidden nodes, while list/export functions (`list_nodes`, `search`, `export_network`) silently exclude them from results.

Summary

When you ask about a specific node by name, the system will block you with an error if you're not allowed to see it. But when you browse or search, forbidden nodes simply don't appear in the results — you won't even know they exist. This means the access control behaves differently depending on whether you're doing a targeted lookup versus a broad query, which matters for how callers should handle permissions.

Details

Sourceentries/2026/04/29/tests-test_access_tags.md