feat!: reboot CLI as the agentage Memory client (setup + status)

[vreshch]

What

v0.25.0 - the CLI is now the agentage Memory client. Foundation release: two commands, zero daemons, e2e in-repo.

• agentage setup - OAuth 2.1 sign-in: fresh DCR public client per run + PKCE + one-shot localhost callback; tokens in ~/.agentage/auth.json (0600). Flags: --disconnect (revoke + remove), --reauth, --no-browser (prints the URL; also the lever the e2e uses).
• agentage status - one line per fact: version, target, sign-in state (validated via OAuth introspection, auto refresh-once), endpoint health. --json supported.
• e2e/ (Playwright) - @smoke version + degraded status; @p0 full headless sign-in round trip against live dev (the test plays "the browser": session cookie -> authorize 302 -> the CLI's localhost callback). Self-contained - signs up a throwaway dev account when E2E_AUTH_* secrets are absent. Runs on every PR via e2e.yml.

Removed (BREAKING): every agent-runtime command (run/agents/runs/machines/schedules/projects/vault/daemon/logs/create/config/whoami/completions/update), the local daemon, hub sync, discovery - ~18k LOC. Runtime deps reduced to chalk + commander + open; src/package-guard.test.ts keeps it that way in CI.

Why

The CLI is rebooting around agentage Memory (vault feature memory-cli, v0.1 foundation). whoami folded into status. connect/clone come next as 0.2/0.3.

Notes for review

• Status shows sign-in state, not yet email/plan/memories: backend REST accepts session cookies only (its middleware introspects the session endpoint, which returns null for OAuth access tokens). Tokens validate fine against the OAuth introspection endpoint, so status uses that. Account details light up with a small OAuth-bearer bridge in the backend middleware (follow-up in agentage/web).
• Fresh DCR registration per setup run because the registered redirect URI binds the ephemeral callback port (one per run - far under the DCR rate cap).
• Public-repo hygiene: no roadmap, internal hosts, or provider details in README/CLAUDE.md/code.

Verified (live against dev)

Full headless round trip - run by hand AND as the in-repo e2e suite:

$ npm run build && npm run test:e2e
  ✓ setup signs in, status confirms, disconnect cleans up @p0 (1.6s)
  ✓ version identifies the memory client line @smoke
  ✓ unauthenticated status degrades with a setup hint @smoke
  ✓ status never leaks a stack trace when signed out @smoke
  4 passed (2.6s)

$ agentage setup --no-browser        # + scripted sign-in/authorize
Signed in.
version    0.25.0
target     dev.agentage.io (development)
auth       ✓ signed in (token valid until 2026-06-12T19:54:29.710Z)
endpoint   ✓ https://dev.agentage.io/api reachable

$ agentage setup --disconnect
Disconnected - local credentials removed.

npm run verify green: 49 unit tests, coverage 92/83/85/93 (thresholds 65/70/70/70). The e2e.yml check on this PR runs the same suite from CI.

Follow-ups (separate PRs)

1. agentage/web: OAuth-bearer bridge in backend requireAuth so status can show email/plan/memories
2. Publish 0.25.0 via the release workflow + npm deprecate the 0.24.x agent-runtime line

[github-actions]

🎉 PR Validation ✅ PASSED

Commit: ed39f2b2f0f690d04c35eb6e497073f98dd68a73
Branch: feature/memory-cli-v01

Checks:

• ✅ Release guard (no version/changelog changes)
• ✅ Dependencies installed
• ✅ Type check passed
• ✅ Linting passed
• ✅ Format check passed
• ✅ Tests + coverage passed
• ✅ Build successful

Ready to merge! ✨

---

🔗 View workflow run
⏰ Generated at: 2026-06-12T19:10:00.443Z

[vreshch]

Moved the e2e suite INTO this repo per review direction: ./e2e (Playwright), runs in e2e.yml on every PR against live dev - no cross-repo secrets (throwaway account by default). Verified locally: 4/4 green incl. the @p0 OAuth round trip. agentage/e2e#69 is closed.