[P0] cpe void T3 — intent-token flow + safety rail

[Railly]

Context

`cpe void` is shaped (cpe void prepare returns intent-token, `cpe factura void` consumes it) but the action is stubbed. This is the only T3 in the spec and the only safety gap remaining in the SOAP CPE flow now that NC/ND ship in PR #9.

Today voiding is done via:

• NC for facturas (`cpe nc emit --tipoNota 01`)
• Comunicación de Baja for boletas (`cpe baja send`)

T3 should orchestrate the right one based on tipo doc + plazo.

Scope

• `sunat cpe void prepare --serie F001 --numero 1234` returns intent-token (10 min TTL)
• `sunat cpe factura void --serie F001 --numero 1234 --intent-token X --motivo "..." --yes`
  • For Factura: emit NC with tipoNota=01 (Anulación)
  • For Boleta: trigger Comunicación de Baja
• Reject if plazo violated (>3 days for NC, >7 days for Baja)
• Audit T3 with intent token consumption

Success criteria

• Cannot void without prior `cpe void prepare` (intent-token gate)
• TTL enforced server-side (file-based or in-memory + persisted)
• Live verified end-to-end against SUNAT beta
• LIMITATIONS.md: `cpe void` row → 🔬

References

• LIMITATIONS.md → "NC, ND" section (PR feat(cpe): NC + ND end-to-end via sunat-direct, verified live #9 closed driver matrix; void is the remaining gap)
• src/cpe/RESEARCH.md → T3 design notes