Each layer of Raven Anticheat - architecture, heartbeat, Lua executor detection, server-side event validation, and the Global Ban Database - explained the way we run it in production.
Raven runs client-side and server-side detection in parallel by default. Bypassing either layer leaves the other one watching - which is what stops most modern Fivem cheats from going undetected.
A heartbeat loop continuously reports client-side runtime state to the server. If the heartbeat stops, falls behind, or returns wrong values, the server treats the client as tampered and acts.
Lua executors inject arbitrary scripts into the running Fivem client. Raven detects them through signature matching, runtime integrity checks, and server-side validation of impossible Lua-driven actions.
Server-side event validation rejects events from disallowed sources, blocks event payloads outside plausible bounds, and pattern-matches event sequences against known exploits - even when every client check is bypassed.
A cheater banned on one Raven server is flagged on every other Raven server. Bans are evidenced (detection trace + screenshot) so other admins can verify before honoring them.
