It's transactional anyway so it's possible to make the file/dir structure as merge friendly as possible. In the simplest case just 1 file per operation with unique filenames.

Speaking of trusted parties, (multiple) of those could be set up using a chain of trust in every network segment that do as much cross-signing/-verification as deemed necessary. Once it goes online again, the performed operations could go on-chain.