Tell me if there is a better place to put this feedback, but I was just going through the docs for @auth in GraphQL mode and read:
Currently, Dgraph evaluates
updaterules before the mutation. Our auth support is still in beta and we may extend this for example to make theupdaterule an invariant of the mutation, or enforce pre and post conditions, or even allow custom logic to validate the update data.
I’m not sure that this is the latest status as this is very “in-development” at the moment as far as I understand, but I wanted to note that I think having a “pre-update validation” and a “post-update validation” for the auth rules makes a lot of sense. Maybe I’m late to the game and it’s already been done. 
Anyway, like the docs mentioned doing the validation either before or after has a big impact on what kind of validation you can do, and I think there are valid use-cases for both.
I think that being able to set when to run what validator would be very intuitive. For example, the possible options you would then have as a user would be:
- Just set a
beforevalidator - Just set an
aftervalidator - Set a
beforevalidator and a separateaftervalidator - Set a
bothor maybebeforeAndAftervalidator that will be run before and after and serves as a convenience for when the validation is the same for both runs
Those are just my thoughts. Tell me if I should put these in a GitHub issue instead.