No offense intended, but it would be easier for you to Google “Type Enforcement” than for me to try and explain in a quick reply.

Full disclosure: I was on the Sidewinder team at Secure Computing way back when.

I knew what type enforcement meant, not allowing assignment of the wrong type to a variable in compiled code. I had no idea they (the security community) overloaded the meaning with something completely different.

Thus, you can see why I was mystified.

Trusted Solaris did. It was very complicated to use, so only organisations that really needed it were using it.

The product was discontinued in the late 90's and its core features such as RBAC was included in standard Solaris in later versions. However, the more advanced stuff like tagging of connections, etc, was never included and was dropped with the demise of Trusted Solaris. I think it says a lot that I worked at Sun at the time and I actually never used it.

object-capability security and type enforcement can go together - require programs to use some kind of hardened JVM/CLR-like typed runtime, then use the type system to model capabilities.

A bunch of research operating systems from the 90s and 00s were based on this kind of design. Microsoft had a largeish engineering team working on one for 9 years (with a notion that it might some day supplant Windows; it was even briefly used in production to run some services, before the project was shut down in 2015). If you're curious about how it worked and why, one of the designers wrote some fascinating posts:

http://joeduffyblog.com/2015/11/03/a-tale-of-three-safeties/ (on how type safety worked)

http://joeduffyblog.com/2015/11/10/objects-as-secure-capabil... (on how the type system was used to model capabilities)