Are there any hidden pitfalls I may have missed here?
First, let us be clear that you want a choice of the AGPL or your own, proprietary license, and not the Apache 2.0 license. Saying "Apache 2.0 for non-commercial use only" is a bit like giving someone a bike and saying, "You have free license to take and ride this bike anywhere in the world you like," and then immediately saying, "By the way, that permission to ride that bike anywhere only holds if you stay on my property; you can't take it away from my house." The Apache 2.0 license allows commercial reuse, so you want to make important modifications to it that make a fundamentally different license.
You may license your work under whatever terms you like, but please don't call them by a name that doesn't apply -- especially a name trademarked by the Apache Foundation. Free and open source licenses categorically never disallow commercial use, so you will need to look elsewhere (or perhaps hiring a drafting lawyer) to settle on the exact text of your legal terms.
Will I need a CLA to allow upstream contributions to be licensed under both?
If you plan to take outside contributions, you should definitely get your contributors to agree to a CLA, especially if you plan to use a non-FLOSS proprietary license option. You could require that contributors license their contributions under those same two licenses, or you could require that contributors license their contributions under a very permissive license to you only, so that you may use their contributions under any different terms in the future. For example, this sample CLA simply grants broad rights to the project without mentioning a specific license.
