This entire conversation is confusing because people are mixing up authenticated encryption with key management/signing, but those are separate things.
Its possible that i am mistaken (not a crypto expert), but usually the term "authenticated encryption" means the ciphertext is verified to not have been modified by an attacker (to for example do a padding oracle attack, although that wouldnt apply to a stream cipher of course). It has nothing to do with authenticating the source of the message or verifying the entire message has not been replaced by a different valid ciphertext - that's a totally different thing.
So Age provides authenticated encryption. It does not prevent an attacker who knows the public key from substituting in a different ciphertext, because that has nothing to do with authenticated encryption.
The terminology here is very confusing, because "authenticity" means different things in different schemes: it might mean authenticity of the ciphertext (which age does provide), or it might mean authenticity of the plaintext (which age does not provide with X25519 identities).
With an X25519 identity, age will guarantee that, if you can decrypt, then you are decrypting a message that was encrypted to a public key that you have the private half of. This is an improvement over some schemes, where decryption is potentially malleable (with a small enough message and enough tries, an attacker can make you decrypt something that looks valid but wasn't actually encrypted correctly). But it can't guarantee that you should trust everything that's encrypted against your public key.
Its possible that i am mistaken (not a crypto expert), but usually the term "authenticated encryption" means the ciphertext is verified to not have been modified by an attacker (to for example do a padding oracle attack, although that wouldnt apply to a stream cipher of course). It has nothing to do with authenticating the source of the message or verifying the entire message has not been replaced by a different valid ciphertext - that's a totally different thing.
So Age provides authenticated encryption. It does not prevent an attacker who knows the public key from substituting in a different ciphertext, because that has nothing to do with authenticated encryption.