GraphQL Authorization

I’m new to Kong and new to graphQL.
I found this Connecting the Dots: Kong for GraphQL Endpoints | Kong Inc. that links to GitHub - rakutentech/kong-plugin-graphql-operation-whitelist: Whitelist operations that your consumers can send to your GraphQL server..

This seems like an excellent idea abut am interested to know why it’s not been touched for a while/ if it’s still valid code/ why Kong haven’t taken this on as an official plugin/ Is there a different way of doing this? It seems to make sense to have this control in the Gateway rather than in the graphql serving application at any code level… thanks in advance for any advice/corrections to my naive and newbie thinking…

best wishes