@Exclude() marks a property to be omitted during serialization. @Expose() marks a property to be included when excludeExtraneousValues: true is used — a whitelist approach. ClassSerializerInterceptor from NestJS calls instanceToPlain() on every response, applying all @Exclude() and @Expose() rules automatically.
@Exclude() — blacklist approach: all properties included by default, decorated ones are stripped.
@Expose() with excludeExtraneousValues: true — whitelist approach: only decorated properties are included.
ClassSerializerInterceptor must be enabled globally for automatic serialization on every response.
Return class instances from controllers, not plain objects — @Exclude() has no effect on plain objects.
@Exclude({ toClassOnly: true }) — excludes only during deserialization, not serialization.