diff --git a/extension/src/service-worker/router/__tests__/router.test.ts b/extension/src/service-worker/router/__tests__/router.test.ts
index bc07b33..af984d5 100644
--- a/extension/src/service-worker/router/__tests__/router.test.ts
+++ b/extension/src/service-worker/router/__tests__/router.test.ts
@@ -837,3 +837,47 @@ describe('export_backup / restore_backup sender check', () => {
     expect(result).toEqual({ ok: false, error: 'unauthorized_sender' });
   });
 });
+
+// --- parse_lastpass_csv / import_lastpass_commit sender check ---
+
+describe('parse_lastpass_csv / import_lastpass_commit sender check', () => {
+  it('accepts vault tab for parse_lastpass_csv', async () => {
+    const state = makeState();
+    const result = await route(
+      { type: 'parse_lastpass_csv', bytes: new ArrayBuffer(8) },
+      state,
+      makeVaultSender(),
+    );
+    expect(result).not.toEqual({ ok: false, error: 'unauthorized_sender' });
+  });
+
+  it('accepts popup for parse_lastpass_csv', async () => {
+    const state = makeState();
+    const result = await route(
+      { type: 'parse_lastpass_csv', bytes: new ArrayBuffer(8) },
+      state,
+      makePopupSender(),
+    );
+    expect(result).not.toEqual({ ok: false, error: 'unauthorized_sender' });
+  });
+
+  it('rejects setup tab for parse_lastpass_csv', async () => {
+    const state = makeState();
+    const result = await route(
+      { type: 'parse_lastpass_csv', bytes: new ArrayBuffer(8) },
+      state,
+      makeSetupSender(),
+    );
+    expect(result).toEqual({ ok: false, error: 'unauthorized_sender' });
+  });
+
+  it('rejects content top frame for import_lastpass_commit', async () => {
+    const state = makeState();
+    const result = await route(
+      { type: 'import_lastpass_commit', items: [] },
+      state,
+      makeContentSender('https://example.com'),
+    );
+    expect(result).toEqual({ ok: false, error: 'unauthorized_sender' });
+  });
+});