Thank you for reading! Definitely will follow up on this story, but to briefly answer your questions:

• Yes, the basic idea is the same: mutations will also follow the schemas and you can predefine popular mutations if you’d like. Validations will be done using the types you defined an whether or not you made variables in your schemas required, by adding a ‘!’.
• Graphql is added as a layer on top of your database and uses connectors to connect to this database, models to retrieve information from them and resolvers to shape this information according to your schema’s. Packages like Apollo and Prisma can be used alongside popular ORM’s to optimize queries — or you could write your own in the models — and these packages also handle caching.
• Authorization is not that hard and can be done in the resolvers for small applications or the model for biggers ones, also see: https://blog.apollographql.com/authorization-in-graphql-452b1c402a9