diff --git a/changelog.md b/changelog.md
index 3260479..4283133 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,13 @@
 # Changelog
 
+## 2025-12-15 - 1.12.0 - feat(interfaces)
+Add JWT public-key and blocklist request interfaces, publish ordering files, and update dependencies
+
+- Introduce IReq_GetPublicKeyForValidation and IReq_PushPublicKeyForValidation with documentation in ts_interfaces/request/loint-reception.jwt.ts to support fetching and pushing JWT public keys for validation.
+- Clarify IReq_PushOrGetJwtIdBlocklist to describe both GET (client requests blocklist) and PUSH (server pushes revoked JWT IDs) directions and required client handlers.
+- Add tspublish.json ordering files for packaging: ts_interfaces (order: 1), ts (order: 2), ts_idpclient (order: 3), ts_web (order: 4).
+- Update package.json dependencies to include @git.zone/tspublish and additional @push.rocks packages (@push.rocks/smartcli, @push.rocks/smartfile, @push.rocks/smartinteract).
+
 ## 2025-12-14 - 1.11.0 - feat(idpcli)
 Add idp CLI (IdpCli) with commands, file-based credential storage, typed request APIs; bump deps and update config
 
diff --git a/package.json b/package.json
index 2d19505..1a3398f 100644
--- a/package.json
+++ b/package.json
@@ -24,11 +24,15 @@
     "@design.estate/dees-catalog": "^3.3.1",
     "@design.estate/dees-domtools": "^2.3.6",
     "@design.estate/dees-element": "^2.1.3",
+    "@git.zone/tspublish": "^1.10.3",
     "@push.rocks/lik": "^6.2.2",
     "@push.rocks/qenv": "^6.1.3",
+    "@push.rocks/smartcli": "^4.0.19",
     "@push.rocks/smartdata": "^7.0.15",
     "@push.rocks/smartdelay": "^3.0.5",
+    "@push.rocks/smartfile": "^13.1.0",
     "@push.rocks/smarthash": "^3.2.6",
+    "@push.rocks/smartinteract": "^2.0.6",
     "@push.rocks/smartjson": "^6.0.0",
     "@push.rocks/smartjwt": "^2.2.1",
     "@push.rocks/smartlog": "^3.1.10",
@@ -41,9 +45,6 @@
     "@push.rocks/smartunique": "^3.0.9",
     "@push.rocks/smarturl": "^3.1.0",
     "@push.rocks/taskbuffer": "^3.5.0",
-    "@push.rocks/smartcli": "^4.0.19",
-    "@push.rocks/smartfile": "^13.1.0",
-    "@push.rocks/smartinteract": "^2.0.6",
     "@push.rocks/webjwt": "^1.0.9",
     "@push.rocks/websetup": "^3.0.15",
     "@push.rocks/webstore": "^2.0.20",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 0a471c4..99b18be 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -32,6 +32,9 @@ importers:
       '@design.estate/dees-element':
         specifier: ^2.1.3
         version: 2.1.3
+      '@git.zone/tspublish':
+        specifier: ^1.10.3
+        version: 1.10.3
       '@push.rocks/lik':
         specifier: ^6.2.2
         version: 6.2.2
diff --git a/ts/00_commitinfo_data.ts b/ts/00_commitinfo_data.ts
index 0938a75..7a1a013 100644
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@idp.global/idp.global',
-  version: '1.11.0',
+  version: '1.12.0',
   description: 'An identity provider software managing user authentications, registrations, and sessions.'
 }
diff --git a/ts/tspublish.json b/ts/tspublish.json
new file mode 100644
index 0000000..18e67c6
--- /dev/null
+++ b/ts/tspublish.json
@@ -0,0 +1,3 @@
+{
+  "order": 2
+}
\ No newline at end of file
diff --git a/ts_idpclient/tspublish.json b/ts_idpclient/tspublish.json
new file mode 100644
index 0000000..0133f4d
--- /dev/null
+++ b/ts_idpclient/tspublish.json
@@ -0,0 +1,3 @@
+{
+  "order": 3
+}
\ No newline at end of file
diff --git a/ts_interfaces/request/loint-reception.jwt.ts b/ts_interfaces/request/loint-reception.jwt.ts
index ba5aeee..44df79c 100644
--- a/ts_interfaces/request/loint-reception.jwt.ts
+++ b/ts_interfaces/request/loint-reception.jwt.ts
@@ -1,6 +1,16 @@
 import * as data from '../data/index.js';
 import * as plugins from '../loint-reception.plugins.js';
 
+/**
+ * Request to get the public key for JWT validation.
+ *
+ * **Direction:** Client → idp.global
+ * **Requester:** Backend services that need to verify JWTs
+ * **Handler:** idp.global
+ *
+ * Use this to fetch the current public key for verifying JWT signatures.
+ * The backend token authenticates the requesting service.
+ */
 export interface IReq_GetPublicKeyForValidation
   extends plugins.typedRequestInterfaces.implementsTR<
     plugins.typedRequestInterfaces.ITypedRequest,
@@ -15,6 +25,16 @@ export interface IReq_GetPublicKeyForValidation
   };
 }
 
+/**
+ * Push public key to connected backend services for JWT validation.
+ *
+ * **Direction:** idp.global → Client
+ * **Requester:** idp.global (pushes when the JWT signing key rotates)
+ * **Handler:** Backend services - must register a TypedHandler for this method
+ *
+ * Backend services should register a handler using `IdpClient.onPublicKeyPush()`
+ * to receive key rotation updates and update their local key cache.
+ */
 export interface IReq_PushPublicKeyForValidation
   extends plugins.typedRequestInterfaces.implementsTR<
     plugins.typedRequestInterfaces.ITypedRequest,
@@ -28,7 +48,21 @@ export interface IReq_PushPublicKeyForValidation
 }
 
 /**
- * allows getting or pushing a blocklist of jwt ids
+ * Push or get JWT ID blocklist for revoked tokens.
+ *
+ * **Bidirectional:**
+ * - **GET direction:** Client → idp.global - Client requests current blocklist
+ * - **PUSH direction:** idp.global → Client - Server pushes new blocklisted IDs
+ *
+ * **For GET (client fires):**
+ * - Fire with empty/undefined `blockedJwtIds` to request the full blocklist
+ * - Response contains the complete list of blocked JWT IDs
+ * - Use `IdpClient.requests.getJwtIdBlocklist` for this direction
+ *
+ * **For PUSH (idp.global fires):**
+ * - idp.global sends newly blocklisted JWT IDs to connected clients
+ * - Clients must register a handler using `IdpClient.onBlocklistPush()`
+ * - Store received IDs locally to reject revoked tokens
  */
 export interface IReq_PushOrGetJwtIdBlocklist
   extends plugins.typedRequestInterfaces.implementsTR<
diff --git a/ts_interfaces/tspublish.json b/ts_interfaces/tspublish.json
new file mode 100644
index 0000000..5a46852
--- /dev/null
+++ b/ts_interfaces/tspublish.json
@@ -0,0 +1,3 @@
+{
+  "order": 1
+}
\ No newline at end of file
diff --git a/ts_web/00_commitinfo_data.ts b/ts_web/00_commitinfo_data.ts
index 0938a75..7a1a013 100644
--- a/ts_web/00_commitinfo_data.ts
+++ b/ts_web/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@idp.global/idp.global',
-  version: '1.11.0',
+  version: '1.12.0',
   description: 'An identity provider software managing user authentications, registrations, and sessions.'
 }
diff --git a/ts_web/tspublish.json b/ts_web/tspublish.json
new file mode 100644
index 0000000..8f70b09
--- /dev/null
+++ b/ts_web/tspublish.json
@@ -0,0 +1,3 @@
+{
+  "order": 4
+}
\ No newline at end of file