Production Protection

To prevent players from inspecting the game, modifying variables through the console, or viewing source code in production builds, the project includes an automatic "Production Protection" system.

Features

When the game is NOT running in "Test Play" mode (i.e., Utils.isOptionValid("test") is false), the following protections are active:

1. Right-Click Disabled: The browser context menu is disabled to prevent "Inspect Element".

2. Keyboard Shortcuts Blocked: Common DevTools shortcuts are intercepted and canceled:

   • F12

   • Ctrl+Shift+I / Cmd+Option+I

   • Ctrl+Shift+J / Cmd+Option+J

   • Ctrl+Shift+C / Cmd+Option+C

   • Ctrl+U (View Source)

Implementation Details

The protection logic is located in js/plugins/rpgreact/production_protection.js. During the packaging process (via build-package.ps1), this script is:

1. Bundled: Appended to the main RPGReact.js plugin.

2. Minified: Compressed along with the rest of the plugin code to make it harder to bypass.

3. Automatic: Only active in production builds. In the RMMZ editor's Test Play, all DevTools and right-click functionality remain available for debugging.

Development Plugins Removal

The build script also automatically removes development-only plugins from the production package. For example:

• js/plugins/DevToolsManage.js is excluded from the file copy.

• The entry for DevToolsManage is stripped from js/plugins.js in the output folder.

This ensures that development tools do not leak into the final game and prevents errors caused by missing development-only files.

Customizing Protection

If you need to add more protections or allow certain shortcuts, you can edit js/plugins/rpgreact/production_protection.js. Note that this file is only used during the build process to be bundled into the production version of the RPGReact plugin.