I guess we do scaled trunk development, if you want to call it that. We do allow direct commits, for trivial or safe stuff where reviews would be more noise and hindrance than value. (Code formatting etc.)
We only have one current release version though. (And at times a current test version that deviates from it.)
If there's a need to create a patch release for a tagged version when the trunk proceeded forward with something that shall not be included, I create only a temporary branch from the earlier tagged commit to tag (=create) that patch release.
What are the release branches supposed to be in your graphs? It says developers don't commit. Then who does?