Currently, the mongostreams exposes all its commands as commands that do not require auth. The agent is expected to communicate via localhost and this it does so without using any auth and can trigger any of the commands that mongostreams exposes.

This is fine in the intended deployment of the system where mongostreams and the agent run as containers in a pod and where the mongostreams code is not part of the "general" mongod code.

There can be a potential problem if the deployment characteristics of the system change such that mongostreams becomes accessible via the network or if the mongostreams code becomes a part of the general mongod code.

To account for such hypothetical future scenarios, we can look into making all commands in mongostreams to require auth and have the agent authenticate before issuing commands.