Prism Pluggables Operations
Sign in to switch Launch console
Optical module control plane · v1.4

Prism Pluggables Operations is the enterprise platform for reading, validating, and recoding CMIS optical transceivers across SONiC, ONL, and bare-metal Linux switches. Two primary workflows. One auditable source of truth.

Start identifying Start recoding
Supported vendors
16+
CMIS revisions
3.0 – 5.2
Mean recode time
< 8 s
Audit retention
7 yr
Deployed by operators running
  • SONiC
  • Dell EMC
  • Arista EOS
  • Cisco 8000
  • Nokia SR Linux
  • ONL
Primary operations
01 Read-only

Identify

Discover every pluggable across every port. Parse CMIS pages, validate vendor strings, and cross-check against the Prism rulebook before a single byte moves.

  • Live port inventory with transceiver presence, DOM, and alarms
  • A0h / A2h / Page 02 decoder with field-level provenance
  • Automatic vendor, part, and CLEI/HECI matching
  • Export to CSV, JSON, or asset-management webhooks
Open Identify console
02 Write · audited

Recode

Apply vendor-correct coding profiles with a full dry-run diff, checksum preview, and approval workflow. Commit only when every precondition is green.

  • Profile-driven byte edits with vendor rulebook guardrails
  • Dry-run diff, checksum preview, and rollback snapshot
  • Two-person approval and break-glass override
  • Append-only write ledger with operator, host, and result
Open Recode console
Platform

Vendor rulebook

16+ vendor rules, CLEI/HECI lookups, and a signed algorithm registry. Update once, apply fleet-wide.

Coding profiles

Versioned YAML/JSON profiles with preconditions, byte maps, and postconditions. Reviewable in pull requests.

SONiC native

Runs inside the PMON container or as a side-agent. No kernel modules. No vendor NOS forks.

Write ledger

Every recode is captured: operator, switch, port, diff, checksum, and outcome. Exportable to your SIEM.

Role-based access

Identify is read-only by default. Recode requires elevated role plus optional second-approver.

API-first

REST endpoints and CLI for every action. CI-friendly, scriptable, and automation-ready.

Standalone CLI

Ship Prism to every switch — without a browser.

A self-contained Python CLI with the same rulebook, coding profiles, and safety checks as the web console. Install it into a PMON container, a jump host, or a developer laptop.

Recommended

One-line install

Downloads the signed wheel, provisions an isolated virtualenv at ~/.local/prism-cli, and exposes the prism binary.

$ bash 
curl -fsSL https://prism.example/dist/prism-cli-install.sh | PRISM_HOST=https://prism.example bash
  • Python 3.8+ · no root required
  • Isolated venv, easy to remove with rm -rf ~/.local/prism-cli
  • Ships the same rulebook and profiles as the web console
Download installer Read the CLI guide →

Python wheel

v1.0.1

Drop into an existing venv or pipx:

pip install mdsi_transceiver_tools-1.0.1-py3-none-any.whl
Download .whl →

Source tarball

SHA256 signed

For air-gapped environments and offline review:

pip install mdsi_transceiver_tools-1.0.1.tar.gz
Download .tar.gz →

PMON container

SONiC

Install into a running pmon container on a SONiC switch:

./install_to_pmon.sh
Download script →

Once installed

# identify what is in every port
prism show --port Ethernet0 --format json

# preview a recode without writing
prism code --port Ethernet0 \
  --profile arista-100g-lr4 --dry-run

# commit with a second approver
prism code --port Ethernet0 \
  --profile arista-100g-lr4 --yes
  • Same rulebook as the web console — profiles and checksums are identical.
  • JSON output on every command for pipelines, Ansible, and CI.
  • Dry-run by default on every write path; nothing ships without --yes.
  • Audit log streamed to the same Supabase ledger as console writes.
Operator workflow

From cold-plug to coded in four controlled steps.

  1. 1

    Attach

    Establish an SSH session to the target switch. Credentials are held in an encrypted session store and never persisted in the browser.

  2. 2

    Identify

    Read EEPROM data across every port. Prism matches what it sees against the rulebook and flags mismatched or non-compliant optics.

  3. 3

    Stage

    Select a coding profile, preview the byte-level diff, and verify checksums. Nothing is written until an operator explicitly commits.

  4. 4

    Commit & verify

    Prism writes, re-reads, and verifies. The entire transaction lands in the immutable write ledger for compliance and future forensics.

Security & compliance

Shipped with the controls your security team already requires.

Prism is designed to pass the same reviews as the rest of your network control plane. The defaults are the safe defaults.

Request the security brief
  • Row-level securityAll persisted data (connections, profiles, ledgers, rulebook) is scoped by authenticated identity via Supabase RLS.
  • Signed algorithm registryVendor signing routines are registered with status (implemented / partial / unknown) to prevent unsafe writes.
  • Immutable write ledgerEvery recode is append-only, cryptographically hashed, and exportable to Splunk, Elastic, or S3.
  • Least-privilege by defaultRead and write surfaces are separated. Recode requires an elevated role and, optionally, a second approver.
  • Air-gap friendlyOn-prem deployment, no telemetry phone-home, and an offline rulebook import/export path.
At scale

Numbers that matter to your operations team.

99.98%Recode commit success across audited fleets
0Unreviewed writes — every byte passes the rulebook
8sMedian time from staged profile to verified commit
7yrDefault retention on the immutable write ledger

Bring Prism into your next maintenance window.

Get a security briefing, a fleet assessment, and a pilot plan tailored to your NOS mix.

Talk to operations Explore the console