BPF tracepoint args and why they're different in different example code

Question

I've done a lot of searching for information about writing a BPF program for tracepoints and I seem to be missing an important nugget of information that I can't find a definitive answer for.

Let's take tracepoint/syscalls/sys_enter_open as an example.

In some code I see:

SEC("tracepoint/syscalls/sys_enter_open")
int tracepoint_sys_enter_open(struct trace_event_raw_sys_enter* ctx)

and in others they'll (apparently) use /sys/kernel/debug/tracing/events/syscalls/sys_enter_open/format to derive a local struct (say struct open_enter_ctx) and use that:

SEC("tracepoint/syscalls/sys_enter_open")
int tracepoint_sys_enter_open(struct open_enter_ctx* ctx)

perhaps it has something to do with the build environment/tools?

mozillazg's blog discusses using struct trace_event_raw_sys_enter but but doesn't mention the environment. https://mozillazg.com/2022/05/ebpf-libbpf-tracepoint-common-questions-en

opensnoop in BCC's libbpf-tools also uses struct trace_event_raw_sys_enter, but I've gotten this code to build and run w/o installing BCC (just libbfp and clang) https://github.com/iovisor/bcc/blob/master/libbpf-tools/opensnoop.bpf.c

other examples use a local struct, such as in this kernel source example: https://github.com/torvalds/linux/blob/5d0c230f1de8c7515b6567d9afba1f196fb4e2f4/samples/bpf/syscall_tp_kern.c

and this SO question: How to use bpf_probe_read() to copy large length data in EBPF program?

Any help sorting this out would be much appreciated.