refactor(keybase): switch to native SQLite serialization and deserialization

TODO.md

@@ -232,13 +232,13 @@ The following files implement UCAN v1.0.0-rc.1 using the official go-ucan librar
 
 ### 4.1 Key Share Actions
 
-- [ ] `CreateKeyShare(ctx, params) (*KeyShareResult, error)`
-- [ ] `ListKeyShares(ctx) ([]KeyShareResult, error)`
-- [ ] `GetKeyShareByID(ctx, shareID) (*KeyShareResult, error)`
-- [ ] `GetKeyShareByKeyID(ctx, keyID) (*KeyShareResult, error)`
-- [ ] `RotateKeyShare(ctx, shareID) error`
-- [ ] `ArchiveKeyShare(ctx, shareID) error`
-- [ ] `DeleteKeyShare(ctx, shareID) error`
+- [x] `CreateKeyShare(ctx, params) (*KeyShareResult, error)`
+- [x] `ListKeyShares(ctx) ([]KeyShareResult, error)`
+- [x] `GetKeyShareByID(ctx, shareID) (*KeyShareResult, error)`
+- [x] `GetKeyShareByKeyID(ctx, keyID) (*KeyShareResult, error)`
+- [x] `RotateKeyShare(ctx, shareID) error`
+- [x] `ArchiveKeyShare(ctx, shareID) error`
+- [x] `DeleteKeyShare(ctx, shareID) error`
 
 ### 4.2 UCAN Token Actions (v1.0.0-rc.1)
 
@@ -290,12 +290,12 @@ The following files implement UCAN v1.0.0-rc.1 using the official go-ucan librar
 
 ### 4.6 Account Actions (Extend Existing)
 
-- [ ] `CreateAccount(ctx, params) (*AccountResult, error)`
-- [ ] `ListAccountsByChain(ctx, chainID) ([]AccountResult, error)`
-- [ ] `GetDefaultAccount(ctx, chainID) (*AccountResult, error)`
-- [ ] `SetDefaultAccount(ctx, accountID, chainID) error`
-- [ ] `UpdateAccountLabel(ctx, accountID, label) error`
-- [ ] `DeleteAccount(ctx, accountID) error`
+- [x] `CreateAccount(ctx, params) (*AccountResult, error)`
+- [x] `ListAccountsByChain(ctx, chainID) ([]AccountResult, error)`
+- [x] `GetDefaultAccount(ctx, chainID) (*AccountResult, error)`
+- [x] `SetDefaultAccount(ctx, accountID, chainID) error`
+- [x] `UpdateAccountLabel(ctx, accountID, label) error`
+- [x] `DeleteAccount(ctx, accountID) error`
 
 ### 4.7 Credential Actions (Extend Existing)
 
@@ -327,23 +327,24 @@ The following files implement UCAN v1.0.0-rc.1 using the official go-ucan librar
 
 ### 5.1 Key Share Storage
 
-- [ ] Parse key share data from MPC protocol
-- [ ] Encrypt share data before storage
-- [ ] Store public key and chain code
-- [ ] Track party index and threshold
+- [x] Parse key share data from MPC protocol - `KeyShareInput` in generate
+- [x] Store public key and chain code - `CreateKeyShare` action
+- [x] Track party index and threshold - stored in `key_shares` table
+- [ ] Encrypt share data before storage - PRF key derivation needed
 
 ### 5.2 Account Derivation
 
+- [x] Basic address derivation from public key - `deriveCosmosAddress()`
+- [x] Create initial account during generate - `createInitialAccount()`
 - [ ] Implement BIP44 derivation path parsing
-- [ ] Derive addresses from public keys
 - [ ] Support multiple chains (Cosmos 118, Ethereum 60)
-- [ ] Generate proper address encoding per chain
+- [ ] Generate proper bech32 address encoding per chain
 
 ### 5.3 Key Rotation
 
-- [ ] Implement key rotation workflow
-- [ ] Archive old shares
-- [ ] Update status transitions
+- [x] Implement key rotation workflow - `RotateKeyShare` action
+- [x] Archive old shares - `ArchiveKeyShare` action
+- [x] Status transitions - managed in database
 - [ ] Handle rotation failures gracefully
 
 ---
@@ -364,11 +365,13 @@ The following files implement UCAN v1.0.0-rc.1 using the official go-ucan librar
 
 ### 6.2 Extend `generate` Function
 
+- [x] Accept optional MPC keyshare data in input
+- [x] Create initial keyshare if provided
+- [x] Create initial account from keyshare
 - [ ] Parse WebAuthn credential properly (CBOR/COSE format)
 - [ ] Extract public key from credential
 - [ ] Create initial verification method
 - [ ] Create initial credential record
-- [ ] Generate initial account (if key share provided)
 
 ### 6.3 Signing Function