My two cents. I use Z-wave extensively (although not exclusively).
If at all possible use mains-powered z-wave devices. Battery-powered are OK when there is no alternative BUT I find the “battery-level percentage” reporting to be highly suspect. Quality level seems to vary by device though – I have some devices reporting battery-level of 100 after 3 years of same battery. Others seem (at-least) reasonable depletion.
I pair my Aeon Gen 5 controller with a new zwave device and let OH discover it. This makes it a THING in OH-world. (You can write a manual THINGS file, but it is pretty arcane.) HOWEVER, I configure my ITEMS in text files. (You need the result of OH discovery to get the specific binding info for that text file, BUT I find it easier to maintain labels etc in text files, as well as referencing the text files when writing rules. e.g…
Switch SW_u_01_LIGHT_Bath1 "FX Master Bathroom Light" <light> ( gSwitch, gSwitch_u_01,gBath_u_01) { channel="zwave:device:8426aca6:node19:switch_binary" }
For a text-based items file you need the channel info in the code slice above – you get that from the Paper UI interface to the discovery process. BUT with a text-based items file, you can change the various labels easily in “your basic editor” without having to go thru Paper UI.
I think you know this, but for safety’s sake — zwave (mains-powered or NOT) is independent of both your Wi-Fi and non-mains-cabling situation.
I like HabPanel. Accessing it from outside your home (without using openHAB cloud-which does seem to have ongoing stability problems (nevermind the privacy aspects)) requires that you have a strongly-controlled VPN access to your home network. Definitely doable, but also falls into the realm of the “dark arts”. “First you crawl, then you walk, then you run–but don’t ever try to FLY”. Highly-dependent on your router and your ISP. Getting a stable VPN into your home network is one of the few things for which you might consider paying an expert.
As for your general “wish-list” — aside from external access, your main vulnerability is power-failure, either generally to the “mains” or to the OH server specifically. The latter could (and SHOULD) be addressed with a UPS. As for general power failure, you have to decide whether you want to be generally impervious to power-loss of length T – OR — have UPS support for your OH server AND some failure recovery logic for the situation when mains-powered devices go OFFLINE and then come back ONLINE after a period of time.