No, it's not compatible with receiving official over-the-air updates. Similarly to if you build and signed the OS properly, you'll need to make each of the updates yourself. Unlike building and signing the OS properly, you will not have the basic security model intact but rather will be massively rolling back security and trusting a huge portion of the OS with root access. Giving root to a massive portion of the OS destroys the fine grained access control and isolation model used throughout the OS. It makes exploitation much easier to do and much easier to hide. It also makes persistence a given since persistent root access can be given out which means an attacker doesn't need any verified boot bypass anymore. It's odd to go through all this effort to continue signing the OS for verified boot while losing the main verified boot security model which makes it useful.
If you want root access, build and sign userdebug builds with ro.adb.secure=1, which is officially supported by GrapheneOS and only exposes root access via ADB which you should only use from the computer where you're building the OS.
It would be possible to add some kind of key combination at boot to disable loading user installed applications, etc. and instead making a terminal with root access available. Not clear how that's really useful though. Instead, what these projects are doing is giving out root access to a massive portion of the OS in order to be able to give out full root access to apps. This is used as a shortcut to implement features in a way that massively reduces security even if you never use it. Implementing those features properly integrated into the OS following the principle of least privilege is the proper approach. Most of the features people believe they need this hack to achieve are doable without it, such as filtering traffic with your own firewall rules while also using a VPN which is a standard Android feature available to apps.
