Indeed, this is also my understanding and therefore a major challenge for me in securing my backend since mirroring the auto-generated mutations (add/update) with @lambda will require reinventing the wheel for subscription, deep querying, filtering, sorting, etc.
Nevertheless, I found the solution proposed by @abhimanyusinghgaur here GraphQL error: Non-nullable field was not present in result from Dgraph - #6 by abhimanyusinghgaur to potentially satisfy my use-case. Using the example in this thread, the createdAt and updatedAt fields can simply be disabled from mutations then post-hook can be used to populate the disabled fields. With this, everything else should work as expected.
@jdgamble555 does this make sense for your use-case?
@abhimanyusinghgaur Will be great if this feature will be available soon. Already in the roadmap, or any ETA?