diff --git a/Cargo.lock b/Cargo.lock
index cea6dfbb..1341fd99 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3681,6 +3681,15 @@ dependencies = [
  "windows-sys 0.48.0",
 ]
 
+[[package]]
+name = "nu-ansi-term"
+version = "0.50.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d4a28e057d01f97e61255210fcff094d74ed0466038633e95017f5beb68e4399"
+dependencies = [
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "num-bigint"
 version = "0.4.6"
@@ -6343,6 +6352,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2054a14f5307d601f88daf0553e1cbf472acc4f2c51afab632431cdcd72124d5"
 dependencies = [
  "matchers",
+ "nu-ansi-term",
  "once_cell",
  "regex-automata",
  "sharded-slab",
diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml
index 0fc4d1e0..ec823dd7 100644
--- a/crates/cli/Cargo.toml
+++ b/crates/cli/Cargo.toml
@@ -37,7 +37,7 @@ dirs = "5.0.1"
 serde.workspace = true
 serde_json.workspace = true
 tracing.workspace = true
-tracing-subscriber = { workspace = true, features = ["env-filter"] }
+tracing-subscriber = { workspace = true, features = ["env-filter", "ansi"] }
 hex.workspace = true
 tokio = { workspace = true, features = ["process"] }
 tonic.workspace = true
diff --git a/crates/cli/src/cli.rs b/crates/cli/src/cli.rs
index bd7367e4..5f1fddea 100644
--- a/crates/cli/src/cli.rs
+++ b/crates/cli/src/cli.rs
@@ -273,6 +273,11 @@ pub struct EnclaveStartArgs {
     #[arg(long)]
     #[serde(skip_serializing_if = "Option::is_none")]
     pub bin_path: Option<PathBuf>,
+
+    /// Disable backup/restore; do not write sealed backup file
+    #[arg(long, default_value_t = false)]
+    #[serde(skip_serializing_if = "is_false")]
+    pub no_backup: bool,
 }
 
 #[derive(Debug, Parser, Clone, Serialize, Deserialize)]
@@ -306,10 +311,20 @@ pub struct DevArgs {
     #[serde(skip_serializing_if = "Option::is_none")]
     pub dcap_verifier_contract: Option<AccountId>,
 
+    /// PCCS URL
+    #[arg(long)]
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub pccs_url: Option<Url>,
+
     /// Path to the enclave executable (only used in mock-sgx mode)
     #[arg(long)]
     #[serde(skip_serializing_if = "Option::is_none")]
     pub bin_path: Option<PathBuf>,
+
+    /// Disable backup/restore; do not write sealed backup file
+    #[arg(long, default_value_t = false)]
+    #[serde(skip_serializing_if = "is_false")]
+    pub no_backup: bool,
 }
 
 #[serde_as]
diff --git a/crates/cli/src/handler/dev.rs b/crates/cli/src/handler/dev.rs
index 8257ca9b..3e11b842 100644
--- a/crates/cli/src/handler/dev.rs
+++ b/crates/cli/src/handler/dev.rs
@@ -183,9 +183,10 @@ fn spawn_enclave_start(args: &DevRequest, config: &Config) -> Result<bool> {
         unsafe_trust_latest: args.unsafe_trust_latest,
         bin_path: args.bin_path.clone(),
         fmspc: args.fmspc.clone(),
-        pccs_url: None,
+        pccs_url: args.pccs_url.clone(),
         tcbinfo_contract: args.tcbinfo_contract.clone(),
         dcap_verifier_contract: args.dcap_verifier_contract.clone(),
+        no_backup: args.no_backup,
     };
 
     let config_cpy = config.clone();
diff --git a/crates/cli/src/handler/enclave_start.rs b/crates/cli/src/handler/enclave_start.rs
index 735d2c91..25f854da 100644
--- a/crates/cli/src/handler/enclave_start.rs
+++ b/crates/cli/src/handler/enclave_start.rs
@@ -41,7 +41,7 @@ impl Handler for EnclaveStartRequest {
         write_cache_hash_height(trusted_height, trusted_hash, &config).await?;
 
         if config.mock_sgx {
-            let enclave_args: Vec<String> = vec![
+            let mut enclave_args: Vec<String> = vec![
                 "--chain-id".to_string(),
                 config.chain_id.to_string(),
                 "--trusted-height".to_string(),
@@ -58,6 +58,10 @@ impl Handler for EnclaveStartRequest {
                 config.tx_sender,
             ];
 
+            if self.no_backup {
+                enclave_args.push("--no-backup".to_string());
+            }
+
             // Run quartz enclave and block
             let enclave_child = create_mock_enclave_child(
                 config.app_dir.as_path(),
@@ -113,6 +117,7 @@ impl Handler for EnclaveStartRequest {
                 &config.node_url,
                 &config.ws_url,
                 &config.grpc_url,
+                self.no_backup,
             )
             .await?;
 
@@ -204,6 +209,7 @@ async fn gramine_manifest(
     node_url: &Url,
     ws_url: &Url,
     grpc_url: &Url,
+    no_backup: bool,
 ) -> Result<()> {
     let host = target_lexicon::HOST;
     let arch_libdir = format!(
@@ -235,6 +241,7 @@ async fn gramine_manifest(
             "-Ddcap_verifier_contract={}",
             dcap_verifier_contract
         ))
+        .arg(format!("-Dno_backup={}", no_backup))
         .arg("quartz.manifest.template")
         .arg("quartz.manifest")
         .current_dir(enclave_dir)
diff --git a/crates/cli/src/main.rs b/crates/cli/src/main.rs
index 3df25e7a..e4ff99ef 100644
--- a/crates/cli/src/main.rs
+++ b/crates/cli/src/main.rs
@@ -77,6 +77,7 @@ async fn main() -> Result<()> {
     tracing_subscriber::fmt()
         .with_target(false)
         .with_writer(std::io::stderr)
+        .with_ansi(true)
         .with_env_filter(env_filter)
         .finish()
         .init();
diff --git a/crates/cli/src/request.rs b/crates/cli/src/request.rs
index c087d268..4f9113ff 100644
--- a/crates/cli/src/request.rs
+++ b/crates/cli/src/request.rs
@@ -64,8 +64,10 @@ impl TryFrom<Command> for Request {
                     fmspc: args.fmspc,
                     tcbinfo_contract: args.tcbinfo_contract,
                     dcap_verifier_contract: args.dcap_verifier_contract,
+                    pccs_url: args.pccs_url,
                     wasm_bin_path: args.contract_deploy.wasm_bin_path,
                     bin_path: args.bin_path,
+                    no_backup: args.no_backup,
                 }
                 .into())
             }
@@ -129,6 +131,7 @@ impl TryFrom<EnclaveCommand> for Request {
                 pccs_url: args.pccs_url,
                 tcbinfo_contract: args.tcbinfo_contract,
                 dcap_verifier_contract: args.dcap_verifier_contract,
+                no_backup: args.no_backup,
             }
             .into()),
         }
diff --git a/crates/cli/src/request/dev.rs b/crates/cli/src/request/dev.rs
index d1bd37b2..9e775540 100644
--- a/crates/cli/src/request/dev.rs
+++ b/crates/cli/src/request/dev.rs
@@ -2,6 +2,7 @@ use std::path::PathBuf;
 
 use cosmrs::AccountId;
 use quartz_common::enclave::types::Fmspc;
+use reqwest::Url;
 
 use crate::request::Request;
 
@@ -18,8 +19,10 @@ pub struct DevRequest {
     pub fmspc: Option<Fmspc>,
     pub tcbinfo_contract: Option<AccountId>,
     pub dcap_verifier_contract: Option<AccountId>,
+    pub pccs_url: Option<Url>,
     pub wasm_bin_path: Option<PathBuf>,
     pub bin_path: Option<PathBuf>,
+    pub no_backup: bool,
 }
 
 impl From<DevRequest> for Request {
diff --git a/crates/cli/src/request/enclave_start.rs b/crates/cli/src/request/enclave_start.rs
index 5fe8db74..80642633 100644
--- a/crates/cli/src/request/enclave_start.rs
+++ b/crates/cli/src/request/enclave_start.rs
@@ -17,6 +17,7 @@ pub struct EnclaveStartRequest {
     pub pccs_url: Option<Url>,
     pub tcbinfo_contract: Option<AccountId>,
     pub dcap_verifier_contract: Option<AccountId>,
+    pub no_backup: bool,
 }
 
 impl From<EnclaveStartRequest> for Request {
diff --git a/crates/enclave/core/src/host.rs b/crates/enclave/core/src/host.rs
index c344ca1e..60a244fe 100644
--- a/crates/enclave/core/src/host.rs
+++ b/crates/enclave/core/src/host.rs
@@ -123,7 +123,7 @@ pub struct DefaultHost<R, EV, GF, E, C = DefaultChainClient> {
     enclave: E,
     chain_client: C,
     gas_fn: GF,
-    backup_path: PathBuf,
+    backup_path: Option<PathBuf>,
     notifier_rx: Receiver<Notification>,
     _phantom: PhantomData<(R, EV)>,
 }
@@ -137,7 +137,7 @@ where
         enclave: E,
         chain_client: C,
         gas_fn: GF,
-        backup_path: PathBuf,
+        backup_path: Option<PathBuf>,
         notifier_rx: Receiver<Notification>,
     ) -> Self {
         Self {
@@ -201,23 +201,29 @@ where
                 .await
         });
 
-        // try to restore from last backup
-        if self.enclave.has_backup(self.backup_path.clone()).await {
-            info!("found backup; attempting to restore after 30s...");
-            busy_wait_iters(3_000_000_000);
+        if let Some(ref backup_path) = self.backup_path {
+            // try to restore from last backup
+            if self.enclave.has_backup(backup_path.clone()).await {
+                info!("found backup; attempting to restore after 30s...");
+                busy_wait_iters(3_000_000_000);
 
-            let restore_res = self.enclave.try_restore(self.backup_path.clone()).await;
-            if let Err(e) = restore_res {
-                error!("failed to restore from backup: {e}");
-                // FIXME(hu55a1n1): exit?
+                let restore_res = self.enclave.try_restore(backup_path.clone()).await;
+                if let Err(e) = restore_res {
+                    error!("failed to restore from backup: {e}");
+                    // FIXME(hu55a1n1): exit?
+                }
+            } else {
+                info!("no backup found; waiting for handshake completion...");
             }
         } else {
-            info!("no backup found; waiting for handshake completion...");
+            info!("backup path not specified; skipping backup/restore operations");
         }
 
         // wait for handshake
         if let Some(Notification::HandshakeComplete) = self.notifier_rx.recv().await {
-            self.enclave.backup(self.backup_path.clone()).await?;
+            if let Some(ref backup_path) = self.backup_path {
+                self.enclave.backup(backup_path.clone()).await?;
+            }
         }
 
         // connect to the websocket client
diff --git a/examples/pingpong/enclave/quartz.manifest.template b/examples/pingpong/enclave/quartz.manifest.template
index 328be920..c2c6e8e8 100644
--- a/examples/pingpong/enclave/quartz.manifest.template
+++ b/examples/pingpong/enclave/quartz.manifest.template
@@ -34,7 +34,8 @@ loader.argv = ["quartz-app-transfers-enclave",
                 "--grpc-url", "{{ grpc_url }}",
                 "--rpc-addr", "0.0.0.0:11090",
                 "--trusted-height", "{{ trusted_height }}",
-                "--trusted-hash", "{{ trusted_hash }}"]
+                "--trusted-hash", "{{ trusted_hash }}",
+                "--no-backup", "{{ no_backup }}"]
 
 fs.mounts = [
   { uri = "file:{{ gramine.runtimedir() }}", path = "/lib" },
diff --git a/examples/pingpong/enclave/src/cli.rs b/examples/pingpong/enclave/src/cli.rs
index 1d5b6971..00e5db7b 100644
--- a/examples/pingpong/enclave/src/cli.rs
+++ b/examples/pingpong/enclave/src/cli.rs
@@ -83,6 +83,9 @@ pub struct Cli {
 
     #[clap(long, default_value = "sealed/quartz.backup")]
     pub backup_path: PathBuf,
+
+    #[clap(long, default_value_t = false)]
+    pub no_backup: bool,
 }
 
 fn default_rpc_addr() -> SocketAddr {
diff --git a/examples/pingpong/enclave/src/main.rs b/examples/pingpong/enclave/src/main.rs
index adea9b06..fa9e8b36 100644
--- a/examples/pingpong/enclave/src/main.rs
+++ b/examples/pingpong/enclave/src/main.rs
@@ -40,7 +40,9 @@ use crate::{
 
 #[tokio::main(flavor = "current_thread")]
 async fn main() -> Result<(), Box<dyn std::error::Error>> {
-    env_logger::init();
+    env_logger::Builder::from_env(env_logger::Env::default().default_filter_or("info"))
+        .write_style(env_logger::WriteStyle::Always)
+        .init();
 
     let args = Cli::parse();
 
@@ -99,7 +101,11 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         enclave,
         chain_client,
         GasSimulator,
-        args.backup_path,
+        if !args.no_backup {
+            Some(args.backup_path)
+        } else {
+            None
+        },
         notifier_rx,
     );
 
diff --git a/examples/transfers/enclave/quartz.manifest.template b/examples/transfers/enclave/quartz.manifest.template
index a7c177ad..f51b4372 100644
--- a/examples/transfers/enclave/quartz.manifest.template
+++ b/examples/transfers/enclave/quartz.manifest.template
@@ -34,7 +34,8 @@ loader.argv = ["quartz-app-transfers-enclave",
                 "--grpc-url", "{{ grpc_url }}",
                 "--rpc-addr", "0.0.0.0:11090",
                 "--trusted-height", "{{ trusted_height }}",
-                "--trusted-hash", "{{ trusted_hash }}"]
+                "--trusted-hash", "{{ trusted_hash }}",
+                "--no-backup", "{{ no_backup }}"]
 
 fs.mounts = [
   { uri = "file:{{ gramine.runtimedir() }}", path = "/lib" },
diff --git a/examples/transfers/enclave/src/cli.rs b/examples/transfers/enclave/src/cli.rs
index 1d5b6971..00e5db7b 100644
--- a/examples/transfers/enclave/src/cli.rs
+++ b/examples/transfers/enclave/src/cli.rs
@@ -83,6 +83,9 @@ pub struct Cli {
 
     #[clap(long, default_value = "sealed/quartz.backup")]
     pub backup_path: PathBuf,
+
+    #[clap(long, default_value_t = false)]
+    pub no_backup: bool,
 }
 
 fn default_rpc_addr() -> SocketAddr {
diff --git a/examples/transfers/enclave/src/main.rs b/examples/transfers/enclave/src/main.rs
index 123bd28d..7f405162 100644
--- a/examples/transfers/enclave/src/main.rs
+++ b/examples/transfers/enclave/src/main.rs
@@ -42,7 +42,9 @@ use crate::{
 
 #[tokio::main(flavor = "current_thread")]
 async fn main() -> Result<(), Box<dyn std::error::Error>> {
-    env_logger::init();
+    env_logger::Builder::from_env(env_logger::Env::default().default_filter_or("info"))
+        .write_style(env_logger::WriteStyle::Always)
+        .init();
 
     let args = Cli::parse();
 
@@ -104,7 +106,11 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         enclave,
         chain_client,
         GasSimulator,
-        args.backup_path,
+        if !args.no_backup {
+            Some(args.backup_path)
+        } else {
+            None
+        },
         notifier_rx,
     );