Guards on GraphQL resolvers must use GqlExecutionContext.create(context) to access the GraphQL context — ctx.switchToHttp() returns undefined in a GraphQL resolver. Apply guards with @UseGuards() on the resolver method or class. Combine with @Public() and Reflector for opt-out public routes.
GqlExecutionContext.create(context) is mandatory — switchToHttp() returns undefined in GraphQL.
ctx.getContext().req gives access to the HTTP request forwarded in the GraphQLModule context factory.
Register guards globally via APP_GUARD token so all resolvers are protected by default.
Use @Public() + Reflector for opt-out public queries — safer than whitelisting routes.
GqlExecutionContext works in guards, interceptors, and exception filters for GraphQL resolvers.