About the practice
A quiet, senior technology practice, built for the long run.
SPELL BOOK AND CANDLE LTD exists to do a specific kind of work: consequential software engineering, thoughtful cloud architecture, and disciplined security, delivered by small teams that stay with a system through its whole life.

Who we are, in one paragraph.
We are an independent technology company that builds and operates software and infrastructure for organisations whose day-to-day work depends on systems behaving correctly. We do not resell platforms, chase trends, or optimise for scale of headcount. Our structure is deliberate: small, senior teams, few concurrent engagements, and written accountability for every meaningful decision.
To make dependable systems ordinary.
Most organisations do not need heroic technology. They need software that behaves as expected, infrastructure that survives the ordinary shocks of operating a business, and a security posture that would withstand a fair review. Our mission is to make that state of affairs unremarkable — to bring engineering discipline to work that would otherwise absorb disproportionate time and attention.
Technology treated as infrastructure, not spectacle.
We work toward a future in which businesses can rely on their software the way they rely on electricity or telephony: present, predictable, and understood. That vision informs the choices we make about tooling, staffing, and communication. We prefer boring, well-understood components to novel ones, and we prefer clarity to cleverness.
Fewer engagements, more attention per engagement.
We keep a small book of concurrent clients on purpose. Each engagement is served by a constant team, with a named technical lead and a named delivery lead who remain in place across the work. Decisions are recorded in writing so anyone joining the project later — on either side — can understand why the system is the way it is.
This model is slower to expand than the typical consultancy shape, and that is the point. It is what allows us to remain useful to a client in the second and third year, when the questions become harder and the value of shared context is highest.
Boring on purpose, sharp where it counts.
Our default choices are mature, well-supported technologies: languages with stable ecosystems, databases that have earned their reputation, and deployment models that pager duty has already survived. We adopt newer tools when they meaningfully reduce risk or complexity — not because they are new — and we retire tools when they no longer earn their place.
We treat production as a first-class environment. Observability, cost control, and operational documentation are not deliverables we bolt on at the end; they are conditions of shipping in the first place.
How we work alongside your team.
Depending on the engagement, we operate as an external delivery team, as an embedded pod inside a client's engineering function, or as a long-term partner responsible for a specific platform. In every configuration we work in the open: shared repositories, shared project management, shared observability, and regular working sessions with the people who will use or operate the system.
We assume our clients have opinions and expertise of their own. Our contribution is to add engineering capacity and independent perspective where they are useful — not to displace the judgement of the people who understand the business.
A definition of done that survives contact with production.
A change is complete when it has been reviewed by another engineer, covered by tests proportionate to its risk, deployed through the standard pipeline, and observed to behave correctly in production. Documentation is updated in the same change. This standard applies from the smallest bug fix to the largest architectural revision.
Security as a property of the system.
We treat security as an engineering property, not a compliance exercise. That means threat modelling during design, hardened defaults, continuous review of dependencies, and controls aligned to recognised frameworks. Where personal data is involved, we apply the standards expected under GDPR and equivalent regimes as a baseline, regardless of whether a particular audit is imminent.
Responsibility does not end at delivery. We remain accountable for the operational health of the systems we build, and we document how they should be operated so that another team could carry them forward without us if that ever becomes the right choice.
Business relationships measured in years, not sprints.
We plan and price our engagements to be sustainable across the life of the system. The commercial arrangement is designed so that neither party is under pressure to cut corners at the point where quality matters most.
The result is a working relationship that is straightforward to renew, straightforward to hand back when appropriate, and grounded in visible outcomes rather than opaque retainers.

Six values, applied to real decisions.
- Value
Substance over performance
We would rather be quietly correct than loudly present. Meetings and status updates are optional; working software is not.
- Value
Written thought
If a decision matters, it is written down. Documents are shared before conclusions are drawn.
- Value
Independence
We are not aligned to any vendor's incentives. Recommendations reflect what suits the problem.
- Value
Operational realism
Systems are designed for the day after launch. Runbooks, cost, and evolution are part of the design.
- Value
Respect for existing work
We inherit systems as they are, and improve them without contempt for the people who built them.
- Value
Long-term ownership
We build with the assumption that someone — us, or our client's team — will still be maintaining this in five years.