[Controller] Preserve granular commissioning-failure context in CompletionStatus (#72228)

woody-apple · pre-commit-ci[bot] · woody-apple · commit 6c851405104f · 2026-05-30T01:12:21.000-07:00
* Preserve granular commissioning-failure context in CompletionStatus Today OnCommissioningFailure collapses several distinguishable failure modes into a single CHIP_ERROR, leaving controllers unable to disambiguate without parsing logs. This change threads structured failure context through the commissioning pipeline so consumers can branch on the device-reported cause. DevicePairingDelegate: - New OnCommissioningFailure(PeerId, const CompletionStatus &) overload whose default implementation forwards to the legacy 4-arg form. Existing subclasses keep working unchanged. CompletionStatus widened with optional structured fields: - commissioningError - GeneralCommissioning::CommissioningErrorEnum - networkCommissioningStatus + connectNetworkErrorValue - operationalCertStatus - NodeOperationalCertStatusEnum from NOCResponse - commissioningDebugText, networkCommissioningDebugText - owned std::string copies of device-supplied debug text Three report variants updated to carry the additional data: - CommissioningErrorInfo gains std::string debugText - NetworkCommissioningStatusInfo gains std::string debugText + Optional<int32_t> connectNetworkErrorValue - New OperationalCertErrorInfo carrying the cert-status enum AutoCommissioner::CommissioningStepFinished populates CompletionStatus from these report variants on the failure path. CHIPDeviceController response handlers populate the corresponding reports: OnArmFailSafe, OnSetRegulatoryConfigResponse, OnSetTCAcknowledgementsResponse, OnCommissioningCompleteResponse, OnOperationalCertificateAddResponse, OnConnectNetworkResponse, OnNetworkConfigResponse. PASESession: - OnFailureStatusReport maps kProtocolCodeNoSharedRoot to CHIP_ERROR_NO_SHARED_TRUSTED_ROOT (PASE has no shared-root semantics, so a peer sending this is misconfigured, but the mapping is more useful than CHIP_ERROR_INTERNAL). - OnFailureStatusReport maps kProtocolCodeBusy to CHIP_ERROR_BUSY (uncommon in PASE but not spec-forbidden). Backward compatibility: - New OnCommissioningFailure overload defaults to forwarding to the legacy 4-arg form. Existing subclasses keep compiling and running. - All new fields on CompletionStatus are Optional or std::string with empty as the absence marker. - No public API removed. * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
diff --git a/src/controller/AutoCommissioner.cpp b/src/controller/AutoCommissioner.cpp
@@ -800,13 +800,27 @@ CHIP_ERROR AutoCommissioner::CommissioningStepFinished(CHIP_ERROR err, Commissio
         }
         else if (report.Is<CommissioningErrorInfo>())
         {
-            completionStatus.commissioningError = MakeOptional(report.Get<CommissioningErrorInfo>().commissioningError);
+            const auto & commissioningInfo          = report.Get<CommissioningErrorInfo>();
+            completionStatus.commissioningError     = MakeOptional(commissioningInfo.commissioningError);
+            completionStatus.commissioningDebugText = commissioningInfo.debugText;
+        }
+        else if (report.Is<OperationalCertErrorInfo>())
+        {
+            // Preserve the NodeOperationalCertStatusEnum from the device's NOCResponse
+            // (kInvalidPublicKey, kInvalidNodeOpId, kInvalidNOC, kFabricConflict, kLabelConflict,
+            // kInvalidFabricIndex, etc.) so callers can distinguish without losing fidelity to a
+            // generic CHIP_ERROR.
+            completionStatus.operationalCertStatus = MakeOptional(report.Get<OperationalCertErrorInfo>().operationalCertStatus);
         }
         else if (report.Is<NetworkCommissioningStatusInfo>())
         {
             // This report type is used when an error happens in either NetworkConfig or ConnectNetwork commands
-            completionStatus.networkCommissioningStatus =
-                MakeOptional(report.Get<NetworkCommissioningStatusInfo>().networkCommissioningStatus);
+            const auto & networkInfo                    = report.Get<NetworkCommissioningStatusInfo>();
+            completionStatus.networkCommissioningStatus = MakeOptional(networkInfo.networkCommissioningStatus);
+            // Preserve the optional ConnectNetworkResponse.errorValue (driver-level detail
+            // distinct from the spec-level networkingStatus). Null for NetworkConfigResponse.
+            completionStatus.connectNetworkErrorValue      = networkInfo.connectNetworkErrorValue;
+            completionStatus.networkCommissioningDebugText = networkInfo.debugText;
 
             // If we are configured to scan networks, then don't error out.
             // Instead, allow the app to try another network.
diff --git a/src/controller/CHIPDeviceController.cpp b/src/controller/CHIPDeviceController.cpp
@@ -1872,7 +1872,22 @@ void DeviceCommissioner::OnOperationalCertificateAddResponse(
     if (err != CHIP_NO_ERROR)
     {
         ChipLogProgress(Controller, "Add NOC failed with error: %" CHIP_ERROR_FORMAT, err.Format());
-        commissioner->CommissioningStageComplete(err);
+        // Preserve the device-reported NodeOperationalCertStatusEnum (kInvalidPublicKey,
+        // kInvalidNodeOpId, kInvalidNOC, kFabricConflict, kLabelConflict, kInvalidFabricIndex,
+        // kTableFull, etc.) in the report so OnCommissioningFailure consumers can distinguish
+        // these without losing fidelity to the generic CHIP_ERROR returned by
+        // ConvertFromOperationalCertStatus.
+        CommissioningDelegate::CommissioningReport report;
+        // ConvertFromOperationalCertStatus succeeds on kOk and returns a non-success CHIP_ERROR
+        // for any other value, but `err` at this point can also be a downstream local failure
+        // (e.g. from OnOperationalCredentialsProvisioningCompletion) while data.statusCode is
+        // still kOk. Guard so we never publish a "success enum" alongside a non-success err to
+        // OnCommissioningFailure consumers.
+        if (data.statusCode != OperationalCredentials::NodeOperationalCertStatusEnum::kOk)
+        {
+            report.Set<OperationalCertErrorInfo>(data.statusCode);
+        }
+        commissioner->CommissioningStageComplete(err, report);
     }
 }
 
@@ -2172,10 +2187,7 @@ void DeviceCommissioner::SendCommissioningCompleteCallbacks(NodeId nodeId, const
     }
     else
     {
-        // TODO: We should propogate detailed error information (commissioningError, networkCommissioningStatus) from
-        // completionStatus.
-        mPairingDelegate->OnCommissioningFailure(peerId, completionStatus.err, completionStatus.failedStage.ValueOr(kError),
-                                                 completionStatus.attestationResult);
+        mPairingDelegate->OnCommissioningFailure(peerId, completionStatus);
     }
 }
 
@@ -2975,7 +2987,9 @@ void DeviceCommissioner::OnArmFailSafe(void * context,
     if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)
     {
         err = CHIP_ERROR_INTERNAL;
-        report.Set<CommissioningErrorInfo>(data.errorCode);
+        // Preserve the device-supplied debugText so failure consumers can disambiguate
+        // ambiguous error codes (e.g. kBusyWithOtherAdmin specifics).
+        report.Set<CommissioningErrorInfo>(data.errorCode, data.debugText);
     }
 
     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
@@ -2992,7 +3006,7 @@ void DeviceCommissioner::OnSetRegulatoryConfigResponse(
     if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)
     {
         err = CHIP_ERROR_INTERNAL;
-        report.Set<CommissioningErrorInfo>(data.errorCode);
+        report.Set<CommissioningErrorInfo>(data.errorCode, data.debugText);
     }
     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
     commissioner->CommissioningStageComplete(err, report);
@@ -3008,6 +3022,7 @@ void DeviceCommissioner::OnSetTCAcknowledgementsResponse(
     if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)
     {
         err = CHIP_ERROR_INTERNAL;
+        // SetTCAcknowledgementsResponse has no debugText field per spec.
         report.Set<CommissioningErrorInfo>(data.errorCode);
     }
     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
@@ -3099,7 +3114,9 @@ void DeviceCommissioner::OnNetworkConfigResponse(void * context,
     if (data.networkingStatus != NetworkCommissioning::NetworkCommissioningStatusEnum::kSuccess)
     {
         err = CHIP_ERROR_INTERNAL;
-        report.Set<NetworkCommissioningStatusInfo>(data.networkingStatus);
+        // Preserve debugText alongside the status enum so callers can distinguish
+        // ambiguous statuses (e.g. kAuthFailure: "wrong password" vs "regulatory restriction").
+        report.Set<NetworkCommissioningStatusInfo>(data.networkingStatus, data.debugText.ValueOr(CharSpan{}));
     }
     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
     commissioner->CommissioningStageComplete(err, report);
@@ -3115,7 +3132,12 @@ void DeviceCommissioner::OnConnectNetworkResponse(
     if (data.networkingStatus != NetworkCommissioning::NetworkCommissioningStatusEnum::kSuccess)
     {
         err = CHIP_ERROR_INTERNAL;
-        report.Set<NetworkCommissioningStatusInfo>(data.networkingStatus);
+        // Preserve debugText alongside the status enum (see OnNetworkConfigResponse). Also
+        // surface the device-specific errorValue which carries driver-level failure detail
+        // (TX-power-limited / interference / association-failure code) distinct from the
+        // spec-level networkingStatus enum.
+        Optional<int32_t> errorValue = data.errorValue.IsNull() ? NullOptional : MakeOptional(data.errorValue.Value());
+        report.Set<NetworkCommissioningStatusInfo>(data.networkingStatus, data.debugText.ValueOr(CharSpan{}), errorValue);
     }
     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
     commissioner->CommissioningStageComplete(err, report);
@@ -3131,7 +3153,7 @@ void DeviceCommissioner::OnCommissioningCompleteResponse(
     if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)
     {
         err = CHIP_ERROR_INTERNAL;
-        report.Set<CommissioningErrorInfo>(data.errorCode);
+        report.Set<CommissioningErrorInfo>(data.errorCode, data.debugText);
     }
     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
     commissioner->CommissioningStageComplete(err, report);
diff --git a/src/controller/CommissioningDelegate.h b/src/controller/CommissioningDelegate.h
@@ -26,11 +26,14 @@
 #include <credentials/attestation_verifier/DeviceAttestationVerifier.h>
 #include <credentials/jcm/TrustVerification.h>
 #include <crypto/CHIPCryptoPAL.h>
+#include <lib/support/CharSpanToStdString.h>
 #include <lib/support/Span.h>
 #include <lib/support/Variant.h>
 #include <matter/tracing/build_config.h>
 #include <system/SystemClock.h>
 
+#include <string>
+
 namespace chip {
 namespace Controller {
 
@@ -137,11 +140,30 @@ struct NOCChainGenerationParameters
 struct CompletionStatus
 {
     CompletionStatus() : err(CHIP_NO_ERROR), failedStage(NullOptional), attestationResult(NullOptional) {}
+
     CHIP_ERROR err;
     Optional<CommissioningStage> failedStage;
     Optional<Credentials::AttestationVerificationResult> attestationResult;
     Optional<app::Clusters::GeneralCommissioning::CommissioningErrorEnum> commissioningError;
     Optional<app::Clusters::NetworkCommissioning::NetworkCommissioningStatusEnum> networkCommissioningStatus;
+    /// Optional device-reported low-level error from ConnectNetworkResponse.errorValue (e.g.
+    /// driver-specific TX-power-limited / interference / association-failure code), distinct
+    /// from the spec-level NetworkCommissioningStatusEnum already captured above.
+    Optional<int32_t> connectNetworkErrorValue;
+    /// Optional NodeOperationalCertStatusEnum from the device's NOCResponse during the
+    /// AddNOC / UpdateNOC / RemoveFabric flows. Lets callers distinguish kInvalidPublicKey
+    /// from kInvalidNodeOpId from kFabricConflict from kLabelConflict, etc., without losing
+    /// fidelity to a generic CHIP_ERROR.
+    Optional<app::Clusters::OperationalCredentials::NodeOperationalCertStatusEnum> operationalCertStatus;
+
+    /// Owned copy of the device-supplied GeneralCommissioning debugText from
+    /// ArmFailSafeResponse / SetRegulatoryConfigResponse / CommissioningCompleteResponse.
+    /// Empty if no debug text was provided.
+    std::string commissioningDebugText;
+
+    /// Owned copy of the device-supplied NetworkCommissioning debugText from
+    /// NetworkConfigResponse / ConnectNetworkResponse. Empty if no debug text was provided.
+    std::string networkCommissioningDebugText;
 };
 
 inline constexpr uint16_t kDefaultFailsafeTimeout = 60;
@@ -842,15 +864,46 @@ struct AttestationErrorInfo
 struct CommissioningErrorInfo
 {
     CommissioningErrorInfo(app::Clusters::GeneralCommissioning::CommissioningErrorEnum result) : commissioningError(result) {}
+    CommissioningErrorInfo(app::Clusters::GeneralCommissioning::CommissioningErrorEnum result, CharSpan text) :
+        commissioningError(result), debugText(CharSpanToStdString(text))
+    {}
     app::Clusters::GeneralCommissioning::CommissioningErrorEnum commissioningError;
+    /// Owned copy of the device-supplied `debugText` from
+    /// ArmFailSafeResponse / SetRegulatoryConfigResponse / CommissioningCompleteResponse.
+    /// Empty when the device did not provide debug text.
+    std::string debugText;
+};
+
+struct OperationalCertErrorInfo
+{
+    OperationalCertErrorInfo(app::Clusters::OperationalCredentials::NodeOperationalCertStatusEnum result) :
+        operationalCertStatus(result)
+    {}
+    app::Clusters::OperationalCredentials::NodeOperationalCertStatusEnum operationalCertStatus;
 };
 
 struct NetworkCommissioningStatusInfo
 {
     NetworkCommissioningStatusInfo(app::Clusters::NetworkCommissioning::NetworkCommissioningStatusEnum result) :
         networkCommissioningStatus(result)
     {}
+    NetworkCommissioningStatusInfo(app::Clusters::NetworkCommissioning::NetworkCommissioningStatusEnum result, CharSpan text) :
+        networkCommissioningStatus(result), debugText(CharSpanToStdString(text))
+    {}
+    NetworkCommissioningStatusInfo(app::Clusters::NetworkCommissioning::NetworkCommissioningStatusEnum result, CharSpan text,
+                                   Optional<int32_t> errorValue) :
+        networkCommissioningStatus(result),
+        debugText(CharSpanToStdString(text)), connectNetworkErrorValue(errorValue)
+    {}
     app::Clusters::NetworkCommissioning::NetworkCommissioningStatusEnum networkCommissioningStatus;
+    /// Owned copy of the device-supplied `debugText` from
+    /// `NetworkConfigResponse` / `ConnectNetworkResponse`. Empty when the device did not
+    /// provide debug text.
+    std::string debugText;
+    /// Optional device-specific connect failure code from ConnectNetworkResponse.errorValue.
+    /// Only populated for ConnectNetwork failures; null for NetworkConfig failures (which
+    /// don't carry an errorValue field).
+    Optional<int32_t> connectNetworkErrorValue;
 };
 
 class CommissioningDelegate
@@ -874,7 +927,7 @@ class CommissioningDelegate
      * kSendOpCertSigningRequest: CSRResponse
      * kGenerateNOCChain: NocChain
      * kSendTrustedRootCert: None
-     * kSendNOC: None
+     * kSendNOC: OperationalCertErrorInfo if AddNOC returned a non-success NodeOperationalCertStatusEnum
      * kConfigureTrustedTimeSource: None
      * kWiFiNetworkSetup: NetworkCommissioningStatusInfo if there is an error
      * kThreadNetworkSetup: NetworkCommissioningStatusInfo if there is an error
@@ -889,8 +942,8 @@ class CommissioningDelegate
      */
     struct CommissioningReport
         : Variant<RequestedCertificate, AttestationResponse, CSRResponse, NocChain, OperationalNodeFoundData, ReadCommissioningInfo,
-                  AttestationErrorInfo, CommissioningErrorInfo, NetworkCommissioningStatusInfo, TimeZoneResponseInfo,
-                  Credentials::JCM::TrustVerificationError>
+                  AttestationErrorInfo, CommissioningErrorInfo, OperationalCertErrorInfo, NetworkCommissioningStatusInfo,
+                  TimeZoneResponseInfo, Credentials::JCM::TrustVerificationError>
     {
         CommissioningReport() : stageCompleted(CommissioningStage::kError) {}
         CommissioningStage stageCompleted;
diff --git a/src/controller/DevicePairingDelegate.h b/src/controller/DevicePairingDelegate.h
@@ -103,6 +103,33 @@ class DLL_EXPORT DevicePairingDelegate
                                         Optional<Credentials::AttestationVerificationResult> additionalErrorInfo)
     {}
 
+    /**
+     * @brief
+     *   Called when commissioning fails, with the full structured CompletionStatus from the
+     *   commissioning state machine. Provides access to detailed status that the 4-arg overload
+     *   above drops on the floor.
+     *
+     *   Default implementation forwards to the legacy 4-arg overload above, so existing
+     *   delegates keep working unchanged. The legacy form only carries `err`, `failedStage`,
+     *   and `attestationResult` — the following CompletionStatus fields are silently dropped
+     *   when the default forwarder runs:
+     *
+     *     - commissioningError                (GeneralCommissioning cluster CommissioningErrorEnum)
+     *     - networkCommissioningStatus + connectNetworkErrorValue
+     *     - operationalCertStatus             (OperationalCredentials NOCResponse status)
+     *     - commissioningDebugText            (device-supplied text from ArmFailSafe /
+     *                                          SetRegulatoryConfig / CommissioningComplete)
+     *     - networkCommissioningDebugText     (device-supplied text from NetworkConfig /
+     *                                          ConnectNetwork)
+     *
+     *   Override this overload (instead of the 4-arg one) to receive those fields.
+     */
+    virtual void OnCommissioningFailure(PeerId peerId, const CompletionStatus & completionStatus)
+    {
+        OnCommissioningFailure(peerId, completionStatus.err, completionStatus.failedStage.ValueOr(CommissioningStage::kError),
+                               completionStatus.attestationResult);
+    }
+
     virtual void OnCommissioningStatusUpdate(PeerId peerId, CommissioningStage stageCompleted, CHIP_ERROR error) {}
 
     /**
diff --git a/src/controller/tests/TestCommissioningDelegate.cpp b/src/controller/tests/TestCommissioningDelegate.cpp
diff --git a/src/protocols/secure_channel/PASESession.cpp b/src/protocols/secure_channel/PASESession.cpp

Original file line number	Diff line number	Diff line change
`@@ -1872,7 +1872,22 @@ void DeviceCommissioner::OnOperationalCertificateAddResponse(`
`1872`	`1872`	`if (err != CHIP_NO_ERROR)`
`1873`	`1873`	`{`
`1874`	`1874`	`ChipLogProgress(Controller, "Add NOC failed with error: %" CHIP_ERROR_FORMAT, err.Format());`
`1875`		`- commissioner->CommissioningStageComplete(err);`
	`1875`	`+ // Preserve the device-reported NodeOperationalCertStatusEnum (kInvalidPublicKey,`
	`1876`	`+ // kInvalidNodeOpId, kInvalidNOC, kFabricConflict, kLabelConflict, kInvalidFabricIndex,`
	`1877`	`+ // kTableFull, etc.) in the report so OnCommissioningFailure consumers can distinguish`
	`1878`	`+ // these without losing fidelity to the generic CHIP_ERROR returned by`
	`1879`	`+ // ConvertFromOperationalCertStatus.`
	`1880`	`+ CommissioningDelegate::CommissioningReport report;`
	`1881`	`+ // ConvertFromOperationalCertStatus succeeds on kOk and returns a non-success CHIP_ERROR`
	`1882`	+ // for any other value, but `err` at this point can also be a downstream local failure
	`1883`	`+ // (e.g. from OnOperationalCredentialsProvisioningCompletion) while data.statusCode is`
	`1884`	`+ // still kOk. Guard so we never publish a "success enum" alongside a non-success err to`
	`1885`	`+ // OnCommissioningFailure consumers.`
	`1886`	`+ if (data.statusCode != OperationalCredentials::NodeOperationalCertStatusEnum::kOk)`
	`1887`	`+ {`
	`1888`	`+ report.Set<OperationalCertErrorInfo>(data.statusCode);`
	`1889`	`+ }`
	`1890`	`+ commissioner->CommissioningStageComplete(err, report);`
`1876`	`1891`	`}`
`1877`	`1892`	`}`
`1878`	`1893`
`@@ -2172,10 +2187,7 @@ void DeviceCommissioner::SendCommissioningCompleteCallbacks(NodeId nodeId, const`
`2172`	`2187`	`}`
`2173`	`2188`	`else`
`2174`	`2189`	`{`
`2175`		`- // TODO: We should propogate detailed error information (commissioningError, networkCommissioningStatus) from`
`2176`		`- // completionStatus.`
`2177`		`- mPairingDelegate->OnCommissioningFailure(peerId, completionStatus.err, completionStatus.failedStage.ValueOr(kError),`
`2178`		`- completionStatus.attestationResult);`
	`2190`	`+ mPairingDelegate->OnCommissioningFailure(peerId, completionStatus);`
`2179`	`2191`	`}`
`2180`	`2192`	`}`
`2181`	`2193`
`@@ -2975,7 +2987,9 @@ void DeviceCommissioner::OnArmFailSafe(void * context,`
`2975`	`2987`	`if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)`
`2976`	`2988`	`{`
`2977`	`2989`	`err = CHIP_ERROR_INTERNAL;`
`2978`		`- report.Set<CommissioningErrorInfo>(data.errorCode);`
	`2990`	`+ // Preserve the device-supplied debugText so failure consumers can disambiguate`
	`2991`	`+ // ambiguous error codes (e.g. kBusyWithOtherAdmin specifics).`
	`2992`	`+ report.Set<CommissioningErrorInfo>(data.errorCode, data.debugText);`
`2979`	`2993`	`}`
`2980`	`2994`
`2981`	`2995`	`DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);`
`@@ -2992,7 +3006,7 @@ void DeviceCommissioner::OnSetRegulatoryConfigResponse(`
`2992`	`3006`	`if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)`
`2993`	`3007`	`{`
`2994`	`3008`	`err = CHIP_ERROR_INTERNAL;`
`2995`		`- report.Set<CommissioningErrorInfo>(data.errorCode);`
	`3009`	`+ report.Set<CommissioningErrorInfo>(data.errorCode, data.debugText);`
`2996`	`3010`	`}`
`2997`	`3011`	`DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);`
`2998`	`3012`	`commissioner->CommissioningStageComplete(err, report);`
`@@ -3008,6 +3022,7 @@ void DeviceCommissioner::OnSetTCAcknowledgementsResponse(`
`3008`	`3022`	`if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)`
`3009`	`3023`	`{`
`3010`	`3024`	`err = CHIP_ERROR_INTERNAL;`
	`3025`	`+ // SetTCAcknowledgementsResponse has no debugText field per spec.`
`3011`	`3026`	`report.Set<CommissioningErrorInfo>(data.errorCode);`
`3012`	`3027`	`}`
`3013`	`3028`	`DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);`
`@@ -3099,7 +3114,9 @@ void DeviceCommissioner::OnNetworkConfigResponse(void * context,`
`3099`	`3114`	`if (data.networkingStatus != NetworkCommissioning::NetworkCommissioningStatusEnum::kSuccess)`
`3100`	`3115`	`{`
`3101`	`3116`	`err = CHIP_ERROR_INTERNAL;`
`3102`		`- report.Set<NetworkCommissioningStatusInfo>(data.networkingStatus);`
	`3117`	`+ // Preserve debugText alongside the status enum so callers can distinguish`
	`3118`	`+ // ambiguous statuses (e.g. kAuthFailure: "wrong password" vs "regulatory restriction").`
	`3119`	`+ report.Set<NetworkCommissioningStatusInfo>(data.networkingStatus, data.debugText.ValueOr(CharSpan{}));`
`3103`	`3120`	`}`
`3104`	`3121`	`DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);`
`3105`	`3122`	`commissioner->CommissioningStageComplete(err, report);`
`@@ -3115,7 +3132,12 @@ void DeviceCommissioner::OnConnectNetworkResponse(`
`3115`	`3132`	`if (data.networkingStatus != NetworkCommissioning::NetworkCommissioningStatusEnum::kSuccess)`
`3116`	`3133`	`{`
`3117`	`3134`	`err = CHIP_ERROR_INTERNAL;`
`3118`		`- report.Set<NetworkCommissioningStatusInfo>(data.networkingStatus);`
	`3135`	`+ // Preserve debugText alongside the status enum (see OnNetworkConfigResponse). Also`
	`3136`	`+ // surface the device-specific errorValue which carries driver-level failure detail`
	`3137`	`+ // (TX-power-limited / interference / association-failure code) distinct from the`
	`3138`	`+ // spec-level networkingStatus enum.`
	`3139`	`+ Optional<int32_t> errorValue = data.errorValue.IsNull() ? NullOptional : MakeOptional(data.errorValue.Value());`
	`3140`	`+ report.Set<NetworkCommissioningStatusInfo>(data.networkingStatus, data.debugText.ValueOr(CharSpan{}), errorValue);`
`3119`	`3141`	`}`
`3120`	`3142`	`DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);`
`3121`	`3143`	`commissioner->CommissioningStageComplete(err, report);`
`@@ -3131,7 +3153,7 @@ void DeviceCommissioner::OnCommissioningCompleteResponse(`
`3131`	`3153`	`if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)`
`3132`	`3154`	`{`
`3133`	`3155`	`err = CHIP_ERROR_INTERNAL;`
`3134`		`- report.Set<CommissioningErrorInfo>(data.errorCode);`
	`3156`	`+ report.Set<CommissioningErrorInfo>(data.errorCode, data.debugText);`
`3135`	`3157`	`}`
`3136`	`3158`	`DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);`
`3137`	`3159`	`commissioner->CommissioningStageComplete(err, report);`