From da6f08fa35d854511f924cdfe3a2c0adb951461a Mon Sep 17 00:00:00 2001
From: adlee-was-taken <aaron.daniel.lee@gmail.com>
Date: Wed, 29 Apr 2026 23:33:52 -0400
Subject: [PATCH] test(ext/router): sender matrix for LastPass import messages

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .../router/__tests__/router.test.ts           | 44 +++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/extension/src/service-worker/router/__tests__/router.test.ts b/extension/src/service-worker/router/__tests__/router.test.ts
index bc07b33..af984d5 100644
--- a/extension/src/service-worker/router/__tests__/router.test.ts
+++ b/extension/src/service-worker/router/__tests__/router.test.ts
@@ -837,3 +837,47 @@ describe('export_backup / restore_backup sender check', () => {
     expect(result).toEqual({ ok: false, error: 'unauthorized_sender' });
   });
 });
+
+// --- parse_lastpass_csv / import_lastpass_commit sender check ---
+
+describe('parse_lastpass_csv / import_lastpass_commit sender check', () => {
+  it('accepts vault tab for parse_lastpass_csv', async () => {
+    const state = makeState();
+    const result = await route(
+      { type: 'parse_lastpass_csv', bytes: new ArrayBuffer(8) },
+      state,
+      makeVaultSender(),
+    );
+    expect(result).not.toEqual({ ok: false, error: 'unauthorized_sender' });
+  });
+
+  it('accepts popup for parse_lastpass_csv', async () => {
+    const state = makeState();
+    const result = await route(
+      { type: 'parse_lastpass_csv', bytes: new ArrayBuffer(8) },
+      state,
+      makePopupSender(),
+    );
+    expect(result).not.toEqual({ ok: false, error: 'unauthorized_sender' });
+  });
+
+  it('rejects setup tab for parse_lastpass_csv', async () => {
+    const state = makeState();
+    const result = await route(
+      { type: 'parse_lastpass_csv', bytes: new ArrayBuffer(8) },
+      state,
+      makeSetupSender(),
+    );
+    expect(result).toEqual({ ok: false, error: 'unauthorized_sender' });
+  });
+
+  it('rejects content top frame for import_lastpass_commit', async () => {
+    const state = makeState();
+    const result = await route(
+      { type: 'import_lastpass_commit', items: [] },
+      state,
+      makeContentSender('https://example.com'),
+    );
+    expect(result).toEqual({ ok: false, error: 'unauthorized_sender' });
+  });
+});