function from(value: SignatureInput): BrandedSignature

type SignatureInput =
  | Uint8Array
  | { r: Uint8Array; s: Uint8Array; v?: number; algorithm?: SignatureAlgorithm }
  | { signature: Uint8Array; algorithm: 'ed25519' }
  | BrandedSignature

// From compact bytes (defaults to secp256k1)
const sig1 = Signature(bytes64);

// From ECDSA components
const sig2 = Signature({
  r: rBytes,
  s: sBytes,
  v: 27,
  algorithm: 'secp256k1'
});

// From P-256 components
const sig3 = Signature({
  r: rBytes,
  s: sBytes,
  algorithm: 'p256'
});

// From Ed25519
const sig4 = Signature({
  signature: ed25519Bytes,
  algorithm: 'ed25519'
});

// Idempotent
const sig5 = Signature(sig1);
console.log(sig5 === sig1); // true

function fromSecp256k1(
  r: Uint8Array,
  s: Uint8Array,
  v?: number
): BrandedSignature

// Ethereum transaction signature
const sig = Signature.fromSecp256k1(
  Hex.toBytes("0x1234..."), // r (32 bytes)
  Hex.toBytes("0x5678..."), // s (32 bytes)
  27 // v
);

console.log(sig.algorithm); // "secp256k1"
console.log(sig.v); // 27
console.log(sig.length); // 64

// Without recovery ID
const sig2 = Signature.fromSecp256k1(r, s);
console.log(sig2.v); // undefined

// From transaction
const txSig = Signature.fromSecp256k1(
  transaction.r,
  transaction.s,
  transaction.v
);

// EIP-155 transaction
const eip155V = transaction.v; // e.g., 37 for chainId 1

// Convert to standard recovery ID
const standardV = eip155V < 35 ? eip155V : ((eip155V - 35) % 2) + 27;

const sig = Signature.fromSecp256k1(r, s, standardV);

function fromP256(
  r: Uint8Array,
  s: Uint8Array
): BrandedSignature

// P-256 signature
const sig = Signature.fromP256(rBytes, sBytes);

console.log(sig.algorithm); // "p256"
console.log(sig.v); // undefined
console.log(sig.length); // 64

// From WebCrypto ECDSA
const cryptoSig = await crypto.subtle.sign(
  { name: "ECDSA", hash: "SHA-256" },
  privateKey,
  message
);
const r = cryptoSig.slice(0, 32);
const s = cryptoSig.slice(32, 64);
const sig = Signature.fromP256(r, s);

function fromEd25519(signature: Uint8Array): BrandedSignature

// Ed25519 signature
const sig = Signature.fromEd25519(sigBytes);

console.log(sig.algorithm); // "ed25519"
console.log(sig.length); // 64

// From @noble/ed25519
import * as ed from '@noble/ed25519';

const secretKey = ed.utils.randomPrivateKey();
const publicKey = await ed.getPublicKey(secretKey);
const message = new TextEncoder().encode("hello");
const signature = await ed.sign(message, secretKey);

const sig = Signature.fromEd25519(signature);

function fromCompact(
  bytes: Uint8Array,
  algorithm: SignatureAlgorithm
): BrandedSignature

// Parse compact ECDSA
const compact = Hex.toBytes("0x1234...5678"); // 64 bytes
const sig = Signature.fromCompact(compact, 'secp256k1');

// Ed25519 from compact
const ed25519Compact = Bytes64();
const sig2 = Signature.fromCompact(ed25519Compact, 'ed25519');

// Algorithm determines interpretation
const secp = Signature.fromCompact(bytes, 'secp256k1');
console.log(Signature.getR(secp)); // First 32 bytes

const ed = Signature.fromCompact(bytes, 'ed25519');
console.log(Signature.getR(ed)); // Throws (Ed25519 has no r)

ECDSA (secp256k1, p256):
[0-31]   r component (32 bytes)
[32-63]  s component (32 bytes)

Ed25519:
[0-63]   signature (64 bytes)

function fromDER(
  der: Uint8Array,
  algorithm: 'secp256k1' | 'p256',
  v?: number
): BrandedSignature

// Parse DER signature
const derBytes = Hex.toBytes("0x3045..."); // DER encoding
const sig = Signature.fromDER(derBytes, 'secp256k1', 27);

// From Bitcoin transaction
const bitcoinSig = transaction.scriptSig; // DER + hashType
const der = bitcoinSig.slice(0, -1); // Remove hashType byte
const sig = Signature.fromDER(der, 'secp256k1');

// P-256 DER
const p256Der = certificate.signature;
const sig = Signature.fromDER(p256Der, 'p256');

SEQUENCE {
  INTEGER r
  INTEGER s
}

Example:
30 45       SEQUENCE, 69 bytes
   02 21    INTEGER, 33 bytes (r)
      00    Padding (if high bit set)
      ... r value ...
   02 20    INTEGER, 32 bytes (s)
      ... s value ...

// DER encodes integers minimally
const r = new Uint8Array([0x00, 0xff, 0x12, ...]); // 33 bytes
const s = new Uint8Array([0x7f, 0x34, ...]); // 32 bytes

// Parsed to 32-byte components
const sig = Signature.fromDER(der, 'secp256k1');
console.log(Signature.getR(sig).length); // 32
console.log(Signature.getS(sig).length); // 32

// Fastest: direct component construction
const sig1 = Signature.fromSecp256k1(r, s, 27);

// Fast: minimal parsing
const sig2 = Signature.fromCompact(bytes, 'secp256k1');

// Slower: DER parsing overhead
const sig3 = Signature.fromDER(der, 'secp256k1', 27);

// Variable: depends on input type
const sig4 = Signature(input);

try {
  const sig = Signature.fromSecp256k1(r, s, 27);
} catch (err) {
  if (err instanceof InvalidSignatureLengthError) {
    console.error('Invalid component length:', err.message);
  }
}

try {
  const sig = Signature.fromDER(der, 'secp256k1');
} catch (err) {
  if (err instanceof InvalidDERError) {
    console.error('DER parsing failed:', err.message);
  }
}

try {
  const sig = Signature(unknownInput);
} catch (err) {
  if (err instanceof InvalidSignatureFormatError) {
    console.error('Unsupported format:', err.message);
  }
}

// Type-safe construction
const sig: BrandedSignature = Signature.fromSecp256k1(r, s, 27);

// Algorithm inferred from constructor
if (sig.algorithm === 'secp256k1') {
  // TypeScript knows v might be defined
  console.log(sig.v);
}

// Generic signature handling
function createSignature<T extends SignatureAlgorithm>(
  algorithm: T,
  data: Uint8Array
): BrandedSignature {
  // Type-safe dispatch based on algorithm
}