CommitService#filter_shas_with_signatures uses Rugged
This RPCs will receive a number of object IDs (the commit shas), and for each check if this commit has a signature attached. If so, it sends back that SHA, else it withholds it.
The tricky part is that we can't shell out right now, to just mimic the behaviour of: Rugged::Commit.extract_signature(repository.rugged, sha)
. That is check if a signature is attached. I wonder if this RPC is best ported right to Go, as we do have logic to extract signatures.