| Aspect | Automations | Hooks | |
|---|---|---|---|
| Purpose | Purpose | When and what the agent runs | How the agent behaves during execution |
| Timing | Timing | Scheduled (cron, daily, weekly) | Fires at lifecycle events (PreToolUse, PostToolUse, etc.) |
| Context | Context | Can preserve thread context across runs | Synchronous, within a single session |
| Created by | Created by | User via sidebar or conversationally | Configuration files |
| Example use case | Example use case | "Every Monday, review open PRs and summarize" | "Before any file edit, run the linter" |
Why OS native sandboxing matters
Most AI coding tools protect your system through permission prompts: the agent asks before doing something potentially dangerous, and you approve or deny. This works but relies on the agent correctly identifying which actions need permission and on you paying attention to each prompt. OS native sandboxing adds a second layer: even if a permission check is missed or bypassed, the operating system itself blocks unauthorized file access and network calls. It is the difference between a lock that asks you to confirm each visitor and a physical barrier that prevents entry entirely.
Automation ideas to get started
Start with simple, low-risk automations: a daily scan of your codebase for TODO comments, a weekly dependency update check, or a Monday morning summary of open pull requests. Thread automations work well for multi-day tasks like tracking a migration, where Codex wakes up periodically to check progress and report status. As you build confidence, expand to automations that make changes in dedicated git worktrees for safe experimentation.