Section 1.4
This section says "This document defines two additional capability URIs." but AFAICT it's only one i.e. urn:ietf:params:jmap:contacts

Section 2
Why does description property not have any restrictions unlike the name property?

In general, it's a bit confusing which properties are mandatory and which are optional: sometimes it's pretty obvious (id and name), and sometimes it's not (sortOrder). I would highly recommend explicitly labelling all properties as either mandatory (and then defining what the possible values are), or optional (similar, but also with a sensible default). 

Looks like Principal is missing a reference to https://datatracker.ietf.org/doc/html/draft-ietf-jmap-sharing-06.

mayDelete property in AddressBookRights is confusing, since I first thought it means the ability to delete ContactCards since that's what mayRead and mayWrite mention. 

Section 5
The Security Considerations section needs to address the fact that a user query which uses filtering/sorting is basically untrusted input and recommend how to sanitize and treat the input. It should at the very least point to RFC 8620 security guidance around parsing JSON input.