Are directives always applied to the schema and can be used as a middleware to restrict access?

I was reading the article above, and It says this:

One drawback of this approach is that it does not guarantee fields will be wrapped if they are added to the schema after AuthDirective is applied

but I am not sure if this means that directives are not guaranteed to be applied or not to each field in the schema.

I believe this is merely noting that a schema is a JavaScript object that can in theory be transformed after it has been initialized — though GraphQLSchemas are intended to be immutable (they are according to their typings, there’s conceivable ways of working around this at runtime). It’s important to be clear about things like this in documentation, particularly when it’s pertaining to auth concerns.

If you are doing some exotic transformation the schema after it’s been built (e.g., something like schema.getType('Foo').getFields()['bar'] = ...), then you’d want to make sure the schema is re-visited (the visitor functions apply a AST “visit” pattern to the way they traverse and apply their transformations).

If you’re not changing the schema after it’s passed to ApolloServer — as is typically the case — you should not need to worry about this subtlety/word-of-caution.

Does that make sense?