Every commit to EdgeVault carries a Developer Certificate of Origin sign-off — a one-line assertion that you wrote the change (or otherwise have the right to submit it) under the project's license. CI rejects unsigned commits.
A CLA assigns rights to a company; the DCO asserts provenance and nothing more. For an open-core project, the DCO keeps contributions honest without asking contributors to sign anything away. The certificate text itself lives at developercertificate.org.